all your internets are belong to us [firesheep users]
November 16, 2010 3:31 PM Subscribe
How can I take advantage of free internet at a hotel and/or cafe during the post-firesheep apocalypse?
I'm going to be staying at a hotel next week that offers free wifi to guests. It's totally open, no password required, free-for-the-taking whether you're in a guestroom or in the parking lot. Surprisingly, they don't have a non-wireless way to get online (no way to plug in a wired ethernet cable).
I am aware of firesheep, (and its vigilante cousins blacksheep, and fireshepherd) as well as the inherent dangers of using any unsecured internet access. I called the company that provides the internet access (ibahn.com) and discovered their tech support guy has never heard of firesheep.
It's only for one week, so i'm not willing to subscribe to a private wifi access point (such as MiFi through Verizon). I know that there's such a thing as setting up a VPN through a home computer, but at home i have satellite internet access, and that has bandwidth limitations.
I've tested open WiFi security by installing firesheep on my computer and visiting a cafe with open wireless. SCARY. I was able to get other users' information and log in to their accounts, and I tried to see what I could access, with varying degrees of success. I also pitted my two laptops against each other: I used firefox extensions "forceTLS" and "HTTPS everywhere" on Laptop#1*, and used blacksheep on it too. I could still see everything on Laptop#2 using firesheep, (including blacksheep-generated false logins) and I was able to log in to the accounts I used on Laptop#1.
*yes, i know that not all communication goes through on the httpS:// protocol for facebook/twitter/gmail/etc.
Should I bother with trying to set up a VPN at home, using another computer (a g3 ibook) seeing as how it's using the satellite?
Does the askmefi hive mind have any other suggestions?
I'm going to be staying at a hotel next week that offers free wifi to guests. It's totally open, no password required, free-for-the-taking whether you're in a guestroom or in the parking lot. Surprisingly, they don't have a non-wireless way to get online (no way to plug in a wired ethernet cable).
I am aware of firesheep, (and its vigilante cousins blacksheep, and fireshepherd) as well as the inherent dangers of using any unsecured internet access. I called the company that provides the internet access (ibahn.com) and discovered their tech support guy has never heard of firesheep.
It's only for one week, so i'm not willing to subscribe to a private wifi access point (such as MiFi through Verizon). I know that there's such a thing as setting up a VPN through a home computer, but at home i have satellite internet access, and that has bandwidth limitations.
I've tested open WiFi security by installing firesheep on my computer and visiting a cafe with open wireless. SCARY. I was able to get other users' information and log in to their accounts, and I tried to see what I could access, with varying degrees of success. I also pitted my two laptops against each other: I used firefox extensions "forceTLS" and "HTTPS everywhere" on Laptop#1*, and used blacksheep on it too. I could still see everything on Laptop#2 using firesheep, (including blacksheep-generated false logins) and I was able to log in to the accounts I used on Laptop#1.
*yes, i know that not all communication goes through on the httpS:// protocol for facebook/twitter/gmail/etc.
Should I bother with trying to set up a VPN at home, using another computer (a g3 ibook) seeing as how it's using the satellite?
Does the askmefi hive mind have any other suggestions?
I always VPN to a wired machine at home. Always have. In fact, my Web browser won't do anything unless I'm connected to the VPN. Set it up once and you will never have to worry about it again.
posted by kindall at 3:49 PM on November 16, 2010
posted by kindall at 3:49 PM on November 16, 2010
If it's just one week, Hotspot Shield?
posted by sharkfu at 4:55 PM on November 16, 2010 [1 favorite]
posted by sharkfu at 4:55 PM on November 16, 2010 [1 favorite]
You may find this related AskMe from this past weekend to be of interest: Baa baa Firesheep, have you stolen my password?
posted by ericb at 5:10 PM on November 16, 2010
posted by ericb at 5:10 PM on November 16, 2010
Best answer: PublicVPN is $6.95/mo, one month at a time (and there are probably other similar ones). You just drop 7 bucks when you need it - cheap insurance.
posted by TruncatedTiller at 5:14 PM on November 16, 2010
posted by TruncatedTiller at 5:14 PM on November 16, 2010
Seconding Hotspot Shield. It's just what you need, it's easy to use, and it's free. I use it all the time for wifi internet access at no-password hot spots.
posted by exphysicist345 at 5:36 PM on November 16, 2010
posted by exphysicist345 at 5:36 PM on November 16, 2010
Of course, nothing has really changed remember. Firesheep just brought a little more awareness of the issue, the "vulnerability" it exploits has always been there. I mean, it's not even a hack: just awareness that if a site uses a cookie to identify you, and that cookie is passed around without encryption, anyone can grab it and be you.
All communication on gmail DOES go through https, by the way. This is not true for Facebook, Twitter, YouTube, etc.
posted by wildcrdj at 5:45 PM on November 16, 2010
All communication on gmail DOES go through https, by the way. This is not true for Facebook, Twitter, YouTube, etc.
posted by wildcrdj at 5:45 PM on November 16, 2010
Oh, and "wired" doesnt mean safer. Depending on the wired infrastructure people may be able to see your traffic. For example, plug 3 computers into a hub (which in turn is connected to a modem upstream), and all 3 computers can see each other's traffic. No WiFi required.
posted by wildcrdj at 5:47 PM on November 16, 2010
posted by wildcrdj at 5:47 PM on November 16, 2010
Here's a good FAQ on Firesheep stuff, BTW
(the wired bit is misleading there, but I saw a larger discussion involving this author and he left out parts on wired stuff since _most_ networks will be switched such that its not a big concern. my only point is that if you just plug into an outlet at a hotel or something, you don't know if that's hooked up to a switch or a hub, which makes a huge difference)
posted by wildcrdj at 5:59 PM on November 16, 2010
(the wired bit is misleading there, but I saw a larger discussion involving this author and he left out parts on wired stuff since _most_ networks will be switched such that its not a big concern. my only point is that if you just plug into an outlet at a hotel or something, you don't know if that's hooked up to a switch or a hub, which makes a huge difference)
posted by wildcrdj at 5:59 PM on November 16, 2010
If all you want to secure is web browsing, and you don't have a home server to tunnel to, you can use Amazon EC2 for very little money.
posted by flabdablet at 12:54 AM on November 17, 2010
posted by flabdablet at 12:54 AM on November 17, 2010
Doesn't everyone have a router these days where it takes 3 minutes to enable the OpenVPN server on it and another 2 minutes to sign up and configure the dynamic DNS?
posted by Brian Puccio at 2:22 AM on November 18, 2010
posted by Brian Puccio at 2:22 AM on November 18, 2010
« Older Similarities between two different things? | Is it dangerous to ingest a small amount of... Newer »
This thread is closed to new comments.
posted by jenkinsEar at 3:48 PM on November 16, 2010