Dangers on unencrypted public wifi for my computer setup?
December 7, 2010 7:54 AM
When I connect to open, public, unencrypted wifi's at places like Starbucks, and Barnes and Noble, etc, what kind of danger does my computer setup leave me open to?
( I have been a Windows desktop and light networking support tech for 7 years, but I don't claim to be an expert on wireless or security, so I'll ask for help from people who are.)
First, my setup
-Windows 7 Home Premium
-use the built-in firewall
-UAC on max
-in Windows' wireless network settings for public networks, besides the default settings, I have 1)set to block all media streaming, and 2)turned off public file sharing. When I connect to a free wifi, I always set Windows to classify it as a "Public Network".
-fully patched Windows, Office, Firefox, Flash Player, Java, etc, etc....everything
-Whenever I log into a site where I have personal info, I always log in using https. All of my email accounts (gmail) use https. I'm not going to worry if someone captures my inconsequential websurfing such as forum login credentials, google searches, etc. I am aware of sophisticated phishing attempts and that usernames/passwords can be stolen, so I am always on the lookout for signs of either thing happening. I never share my real info with any website or organization when it's not absolutely necessary.
------------2 questions----------------
First, regardless of whether or not my AV would detect and stop malware that actually did make it onto my computer, let me ask
1) could malware get onto my computer from the lan/wifi? If so, how do I prevent it from getting on my computer? (not asking about malware coming from email, websites, flash drives, etc. Only asking about the possibility that someone could plant something from the public lan/wifi)
2) Assuming no malware is on my computer, could anyone read or steal data on my computer?
To help me, please don't quote generic Windows or wifi security issues but instead tell me what makes my setup vulnerable.
Please let answer be about real world ("in the wild") dangers that I might be exposed to at any random free unencrypted wifi like Starbuck's etc, but please filter out answers that are effectively theoretical or that require skills or equipment that are "very extremely unlikely" to be encountered in the environment I'm asking about.
I am aware of both Evil Twin wifi and zero-day attacks, so don't feel the need to warn me about those types of threats. But if you know of a way to detect or defend against Evil Twin wifi's, please share.
btw, I know there are further steps I could take for better security than the ones I mentioned above, however, for now, I need to get an accurate, but not overly paranoid, picture of where I stand with my current set up. I'm hopeful there are people here that can give me perspective.
Thanks.
( I have been a Windows desktop and light networking support tech for 7 years, but I don't claim to be an expert on wireless or security, so I'll ask for help from people who are.)
First, my setup
-Windows 7 Home Premium
-use the built-in firewall
-UAC on max
-in Windows' wireless network settings for public networks, besides the default settings, I have 1)set to block all media streaming, and 2)turned off public file sharing. When I connect to a free wifi, I always set Windows to classify it as a "Public Network".
-fully patched Windows, Office, Firefox, Flash Player, Java, etc, etc....everything
-Whenever I log into a site where I have personal info, I always log in using https. All of my email accounts (gmail) use https. I'm not going to worry if someone captures my inconsequential websurfing such as forum login credentials, google searches, etc. I am aware of sophisticated phishing attempts and that usernames/passwords can be stolen, so I am always on the lookout for signs of either thing happening. I never share my real info with any website or organization when it's not absolutely necessary.
------------2 questions----------------
First, regardless of whether or not my AV would detect and stop malware that actually did make it onto my computer, let me ask
1) could malware get onto my computer from the lan/wifi? If so, how do I prevent it from getting on my computer? (not asking about malware coming from email, websites, flash drives, etc. Only asking about the possibility that someone could plant something from the public lan/wifi)
2) Assuming no malware is on my computer, could anyone read or steal data on my computer?
To help me, please don't quote generic Windows or wifi security issues but instead tell me what makes my setup vulnerable.
Please let answer be about real world ("in the wild") dangers that I might be exposed to at any random free unencrypted wifi like Starbuck's etc, but please filter out answers that are effectively theoretical or that require skills or equipment that are "very extremely unlikely" to be encountered in the environment I'm asking about.
I am aware of both Evil Twin wifi and zero-day attacks, so don't feel the need to warn me about those types of threats. But if you know of a way to detect or defend against Evil Twin wifi's, please share.
btw, I know there are further steps I could take for better security than the ones I mentioned above, however, for now, I need to get an accurate, but not overly paranoid, picture of where I stand with my current set up. I'm hopeful there are people here that can give me perspective.
Thanks.
It sounds to me like you are taking all the appropriate steps and surfing pretty safely.
I wouldn't be too worried about #1, though I suppose it's possible. Keep your OS and other software up to date and you should be OK on this front.
#2 is definitely a concern, though, especially with the introduction of some new very easy to use tools (the article posted above by johnnybeggs is a good overview). When you're on an open network, you should connect to any sensitive sites using https if you can. Re-reading your question now I can see you have this covered.
As far as getting data off your hard drive, I don't think it's likely unless you configured your shared folders to be open to guests. Again, keep your software up to date. If you are connecting to a lot of open networks, you could consider using TrueCrypt or something to be extra safe with important data, which will have a bonus effect of securing data if your laptop is ever stolen.
posted by aganders3 at 8:17 AM on December 7, 2010
I wouldn't be too worried about #1, though I suppose it's possible. Keep your OS and other software up to date and you should be OK on this front.
#2 is definitely a concern, though, especially with the introduction of some new very easy to use tools (the article posted above by johnnybeggs is a good overview). When you're on an open network, you should connect to any sensitive sites using https if you can. Re-reading your question now I can see you have this covered.
As far as getting data off your hard drive, I don't think it's likely unless you configured your shared folders to be open to guests. Again, keep your software up to date. If you are connecting to a lot of open networks, you could consider using TrueCrypt or something to be extra safe with important data, which will have a bonus effect of securing data if your laptop is ever stolen.
posted by aganders3 at 8:17 AM on December 7, 2010
could malware get onto my computer from the lan/wifi?
I am not aware of any current vulnerabilities which would make this possible. However, Windows contains a lot of code ... it's entirely possible that someone could find a way to exploit some aspect of the Windows WiFi scanning, logon or authentication code (e.g. the WPA supplicant), which would be quite serious. I'm not aware of any attacks or vulnerabilities here and I think it would be big news if they existed in the wild.
Assuming you are just a regular Joe User, and not an Iranian nuclear scientist or someone else interesting enough that a well-funded adversary might waste a zero-day exploit targeting you specifically, I think you're within the realm of acceptable risk as long as you keep automatic updates turned on (and actually accept/install them when they become available) and stay reasonably well-informed about any unpatched exploits that might require you to modify your behavior.
Assuming no malware is on my computer, could anyone read or steal data on my computer?
Probably not, given your setup. You have file sharing turned off, and you're using the firewall ... assuming that there aren't any gaping flaws in the Windows firewall that the script kiddies know about but the public doesn't, you are probably safe.
The things I would worry about, if I were you (and my situation approximately mirrors yours) are things like password reuse, and data security if your laptop is lost or stolen. You have no guarantee that the websites you're logging into are storing your password securely on their databases, or that those databases won't be compromised or auctioned off to the Russian Mafia tomorrow. Those sort of attacks can happy today, and don't require any zero-day exploits, and I suspect they actually happen all the time.
The single best thing that most users can do to improve their IT security, IMO, once they've installed the latest OS patches, is get some sort of encrypted password-management program (I like Password Safe), pick one very good password for the database (which isn't used anywhere else) and then generate new passwords for all their web sites that require logins. (Also, "social" sites like Facebook that are connected to your real identity should be considered high-security since they can be used to scam your friends. They should have good, dictionary-attack-resistant passwords just like online banking.)
If you have multiple computers, I'd suggest storing the encrypted password database on Dropbox so that it replicates automatically. (This probably sacrifices some security, but you did choose a good password for the database, right...?)
posted by Kadin2048 at 8:48 AM on December 7, 2010
I am not aware of any current vulnerabilities which would make this possible. However, Windows contains a lot of code ... it's entirely possible that someone could find a way to exploit some aspect of the Windows WiFi scanning, logon or authentication code (e.g. the WPA supplicant), which would be quite serious. I'm not aware of any attacks or vulnerabilities here and I think it would be big news if they existed in the wild.
Assuming you are just a regular Joe User, and not an Iranian nuclear scientist or someone else interesting enough that a well-funded adversary might waste a zero-day exploit targeting you specifically, I think you're within the realm of acceptable risk as long as you keep automatic updates turned on (and actually accept/install them when they become available) and stay reasonably well-informed about any unpatched exploits that might require you to modify your behavior.
Assuming no malware is on my computer, could anyone read or steal data on my computer?
Probably not, given your setup. You have file sharing turned off, and you're using the firewall ... assuming that there aren't any gaping flaws in the Windows firewall that the script kiddies know about but the public doesn't, you are probably safe.
The things I would worry about, if I were you (and my situation approximately mirrors yours) are things like password reuse, and data security if your laptop is lost or stolen. You have no guarantee that the websites you're logging into are storing your password securely on their databases, or that those databases won't be compromised or auctioned off to the Russian Mafia tomorrow. Those sort of attacks can happy today, and don't require any zero-day exploits, and I suspect they actually happen all the time.
The single best thing that most users can do to improve their IT security, IMO, once they've installed the latest OS patches, is get some sort of encrypted password-management program (I like Password Safe), pick one very good password for the database (which isn't used anywhere else) and then generate new passwords for all their web sites that require logins. (Also, "social" sites like Facebook that are connected to your real identity should be considered high-security since they can be used to scam your friends. They should have good, dictionary-attack-resistant passwords just like online banking.)
If you have multiple computers, I'd suggest storing the encrypted password database on Dropbox so that it replicates automatically. (This probably sacrifices some security, but you did choose a good password for the database, right...?)
posted by Kadin2048 at 8:48 AM on December 7, 2010
My solution may be unwieldly but it works for me. I run a setup of XP within Vista via VMWare that is setup only for browsing and checking files I don't trust in the wild. (It's handy because I also run an install of OSX for some work project within VMware.) My bookmarks are synced via Xmarks (soon switching to Firefox Home) which syncs to the XP installation.
When I'm surfing somewhere public where I worry about "picking" something up that's nasty or if I'm traveling and don't want my main firefox profile and cookies hanging out in the wind I use the VMware XP installation.
Essentially, what I did was this. Installed VMware. Installed XP within it. Installed Firefox along with all the requisite plugins (xmarks, greasemonkey, etc) and protective addons. I then setup the sync with Xmarks. Then I snapshot my installation in it's virgin state.
Everytime I worry that I've downloaded somethink icky or if I'm going somewhere where I don't like having my cookies spread around, I open the snapshot ... wait the 15 seconds for xmarks to resync and voila, clean surfing. Then when I'm done, I power down without saving the state of the VMware machine. That way, every time I turn on my XP install to surf, it's a clean empty slate.
posted by damiano99 at 8:52 AM on December 7, 2010
When I'm surfing somewhere public where I worry about "picking" something up that's nasty or if I'm traveling and don't want my main firefox profile and cookies hanging out in the wind I use the VMware XP installation.
Essentially, what I did was this. Installed VMware. Installed XP within it. Installed Firefox along with all the requisite plugins (xmarks, greasemonkey, etc) and protective addons. I then setup the sync with Xmarks. Then I snapshot my installation in it's virgin state.
Everytime I worry that I've downloaded somethink icky or if I'm going somewhere where I don't like having my cookies spread around, I open the snapshot ... wait the 15 seconds for xmarks to resync and voila, clean surfing. Then when I'm done, I power down without saving the state of the VMware machine. That way, every time I turn on my XP install to surf, it's a clean empty slate.
posted by damiano99 at 8:52 AM on December 7, 2010
It is important to note, that not only should your login be over https, but all browsing of that site needs to be over https.
posted by thewalledcity at 8:54 AM on December 7, 2010
posted by thewalledcity at 8:54 AM on December 7, 2010
« Older How to edit out keyboard sound in GarageBand? | How to approach neighbors with newborn? Newer »
This thread is closed to new comments.
posted by johnnybeggs at 8:14 AM on December 7, 2010