Tags:

all your internets are belong to us [firesheep users]
November 16, 2010 3:31 PM   Subscribe

How can I take advantage of free internet at a hotel and/or cafe during the post-firesheep apocalypse?

I'm going to be staying at a hotel next week that offers free wifi to guests. It's totally open, no password required, free-for-the-taking whether you're in a guestroom or in the parking lot. Surprisingly, they don't have a non-wireless way to get online (no way to plug in a wired ethernet cable).

I am aware of firesheep, (and its vigilante cousins blacksheep, and fireshepherd) as well as the inherent dangers of using any unsecured internet access. I called the company that provides the internet access (ibahn.com) and discovered their tech support guy has never heard of firesheep.

It's only for one week, so i'm not willing to subscribe to a private wifi access point (such as MiFi through Verizon). I know that there's such a thing as setting up a VPN through a home computer, but at home i have satellite internet access, and that has bandwidth limitations.

I've tested open WiFi security by installing firesheep on my computer and visiting a cafe with open wireless. SCARY. I was able to get other users' information and log in to their accounts, and I tried to see what I could access, with varying degrees of success. I also pitted my two laptops against each other: I used firefox extensions "forceTLS" and "HTTPS everywhere" on Laptop#1*, and used blacksheep on it too. I could still see everything on Laptop#2 using firesheep, (including blacksheep-generated false logins) and I was able to log in to the accounts I used on Laptop#1.

*yes, i know that not all communication goes through on the httpS:// protocol for facebook/twitter/gmail/etc.

Should I bother with trying to set up a VPN at home, using another computer (a g3 ibook) seeing as how it's using the satellite?

Does the askmefi hive mind have any other suggestions?
posted by ChefJoAnna to computers & internet (11 answers total) 15 users marked this as a favorite
 
I've had good results from StrongVPN (StrongVPN.com) - Not only do I get a secure connection (at least to the end of their netblock), but I can also terminate it in pretty much any country in Europe- useful if you're in the US and want to watch UK stuff from the BBC (or if you're overseas and want to watch hulu). I'm dropping something like $20 / month, which seems a small price to pay for not spending a bunch of time screwing around with my router.
posted by jenkinsEar at 3:48 PM on November 16, 2010


I always VPN to a wired machine at home. Always have. In fact, my Web browser won't do anything unless I'm connected to the VPN. Set it up once and you will never have to worry about it again.
posted by kindall at 3:49 PM on November 16, 2010


If it's just one week, Hotspot Shield?
posted by sharkfu at 4:55 PM on November 16, 2010 [1 favorite]


You may find this related AskMe from this past weekend to be of interest: Baa baa Firesheep, have you stolen my password?
posted by ericb at 5:10 PM on November 16, 2010


PublicVPN is $6.95/mo, one month at a time (and there are probably other similar ones). You just drop 7 bucks when you need it - cheap insurance.
posted by TruncatedTiller at 5:14 PM on November 16, 2010


Seconding Hotspot Shield. It's just what you need, it's easy to use, and it's free. I use it all the time for wifi internet access at no-password hot spots.
posted by exphysicist345 at 5:36 PM on November 16, 2010


Of course, nothing has really changed remember. Firesheep just brought a little more awareness of the issue, the "vulnerability" it exploits has always been there. I mean, it's not even a hack: just awareness that if a site uses a cookie to identify you, and that cookie is passed around without encryption, anyone can grab it and be you.

All communication on gmail DOES go through https, by the way. This is not true for Facebook, Twitter, YouTube, etc.
posted by wildcrdj at 5:45 PM on November 16, 2010


Oh, and "wired" doesnt mean safer. Depending on the wired infrastructure people may be able to see your traffic. For example, plug 3 computers into a hub (which in turn is connected to a modem upstream), and all 3 computers can see each other's traffic. No WiFi required.
posted by wildcrdj at 5:47 PM on November 16, 2010


Here's a good FAQ on Firesheep stuff, BTW

(the wired bit is misleading there, but I saw a larger discussion involving this author and he left out parts on wired stuff since _most_ networks will be switched such that its not a big concern. my only point is that if you just plug into an outlet at a hotel or something, you don't know if that's hooked up to a switch or a hub, which makes a huge difference)
posted by wildcrdj at 5:59 PM on November 16, 2010


If all you want to secure is web browsing, and you don't have a home server to tunnel to, you can use Amazon EC2 for very little money.
posted by flabdablet at 12:54 AM on November 17, 2010 [1 favorite]


Doesn't everyone have a router these days where it takes 3 minutes to enable the OpenVPN server on it and another 2 minutes to sign up and configure the dynamic DNS?
posted by Brian Puccio at 2:22 AM on November 18, 2010


« Older Give me an idea of two very di...   |  Is it dangerous to ingest a sm... Newer »
This thread is closed to new comments.