Public BroadBand??

DirtyOilBurner

Im in a hotel using my laptop connected to the hotels broadband, can other people see my emails or what im doing on the internet? There is no password on the broadband?

Thanks in Advance.....

cpu-dude

DirtyOilBurner wrote: »

Im in a hotel using my laptop connected to the hotels broadband, can other people see my emails or what im doing on the internet? There is no password on the broadband?

Thanks in Advance.....

No, it's simply wireless broadband without an encrption key so anybody can connect easily - very common in hotels.

watty

That is the correct short answer.

The longer answer, is in fact that all traffic, even HTTPS can be snooped.

The clear traffic by anyone in range. An "evil" WiFi operator can do a "Man in middle" attack on HTTPS passing through the data but reading it all clear.

It's recommended that you use VPN if you are using a public WiFi spot. Then all the traffice between you and the VPN server is encrypted.

We set one up at home, so that when away and using Public WiFi/Ethernet, we/I connect via VPN and then effectivly to the Internet it looks like we are at home. That way SMTP works too.

Gmail unfortunately doesn't use HTTPS for Web mail once you connect, which means anyone on same WiFi can snoop.

azzeretti

watty wrote: »

That is the correct short answer.


The clear traffic by anyone in range. An "evil" WiFi operator can do a "Man in middle" attack on HTTPS passing through the data but reading it all clear.

Let's not too carried away here. It is very possible for MITM attacks but the reality is that there are still an awful lot of checks in place to avoid this sort of thing.
The chances of this type of an attack taking place on a public AP is rare but technically possible.

I would tend to trust HTTPS when using CA Authorities to certify the PKI setup.

BTW, VPN's, whatever type, can also be comprimised, off-loading the data to be decrypted being the simpilest, but longest way. Comprimising the start or end point of the tunnel will also provide you with clear traffic.
In my opinion, this is just as likely as MITM attacks!

bushy...

watty wrote: »

Gmail unfortunately doesn't use HTTPS for Web mail once you connect, which means anyone on same WiFi can snoop.

Look under "settings" , tickbox there for "Always use https" - new feature maybe ?

hth

watty

Should be on by default. You and I know ...

http://www.theregister.co.uk/2009/06/16/google_and_https/


I did say the Short Answer is correct. Mostly. But some people might like to use a VPN and the SMTP they use from home or office for additional piece of mind.

Non-HTTPS traffic only needs another laptop, not a MITM attack, that's only needed to compromise HTTPS
http://www.theregister.co.uk/2009/02/19/ssl_busting_demo/

VPN security - if you want it, come and get it
Attention WiFi hotspotters: You want it
By Dan Goodin • Monday 1 Sep 2008 16:02

If you value your privacy and use Wi-Fi hotspots or other public networks, there is no tool more indispensable than a virtual private network. Yes, technologies such as secure sockets layer (denoted by an "https" in a web address) will prevent information transmitted between a PC and a web or email server from being intercepted …