| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 80473 | 2007-06-24 13:47:00 | General wireless network security question | chuckee (5499) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 562472 | 2007-06-24 13:47:00 | Hi there, I was wondering - if you connect to an unsecured wireless network (say, in a hotel), and you purchase something online using your credit card, can other people grab your credit card info out of the air? (e.g. using Ethereal) How about if the website you purchase from is using HTTPS - would anybody be able to see your credit card information go over the unsecured wireless network? - or will it all be encrypted anyway so it wouldn't matter? Cheers! Charlie |
chuckee (5499) | ||
| 562473 | 2007-06-24 22:27:00 | I am not sure about the second part of your question but I am pretty sure that a person "wardriving" on unsecured wireless networks could easily see your credit card details if they were used to make an online transaction especially if they were tech savy enough to be war driving in the first place. You may be ok using the second option. What browser are you using? | winmacguy (3367) | ||
| 562474 | 2007-06-24 22:42:00 | My understanding is that since HTTPS is a secure encrypted connection, it'll be encrypted regardless of whether your wireless network is or not. When you connect to a corporate network using UTP cable, the data sent across it generally isn't encrypted as such, and HTTPS is still secure over those types of networks. | somebody (208) | ||
| 562475 | 2007-06-24 23:57:00 | As somebody has pointed out, https is the normal http protocol layered with the SSL protocol (which is a secure protocol using encryption.) Thus your information is encrypted regardless of whether the wireless network you're using is encrypted or not. Cheers |
chiefnz (545) | ||
| 562476 | 2007-06-25 00:04:00 | That's good news. I guess as long as you make sure that the website you are using is secure, then using an unsecured wireless network is not too risky. | chuckee (5499) | ||
| 562477 | 2007-06-25 03:58:00 | Couldn't you employ a packet sniffer to get the details and then decrypt that information? I mean if people can break into the DOD and the Pentagon, they should be able to do this. | beeswax34 (63) | ||
| 562478 | 2007-06-25 04:24:00 | Couldn't you employ a packet sniffer to get the details and then decrypt that information? I mean if people can break into the DOD and the Pentagon, they should be able to do this. Quite possibly, either that or the guys who hacked into the Pentagon has earlier deposited a couple of password stealing Trojans on some of the PCs in the building... |
winmacguy (3367) | ||
| 562479 | 2007-06-25 05:08:00 | Couldn't you employ a packet sniffer to get the details and then decrypt that information? I mean if people can break into the DOD and the Pentagon, they should be able to do this. Well thats true, in a sense I guess but still even if they did get what they needed, they'd have to use brute forcing methods to try get anything useful. As for those people who are able to break into the DoD and the Pentagon, I think they have better things to do and better places to be than war drive random places hoping to get lucky. |
Deathwish (143) | ||
| 1 | |||||