Return to the Computer Help Forum | Post a Follow-Up

 o
wireless

Posted by urlee (My Page) on
Wed, Sep 5, 12 at 17:20

If a person is in a public place where the wireless service is not secured, (I think that is what I mean) and you are on your laptop using Gmail to write and send mail, can a person near you with their computer access your gmail account to see your mail?
If so, can they save to their computer to be able to access your gmail ever after?


Follow-Up Postings:

 o
RE: wireless

In theory, yes. How often does that happen in practice, I don't know but it might be best to avoid access to any kind of financial accounts when using public WiFi hotspots.

Google allows you to add a second layer of security to your Gmail account by sending you a text message to a preregistered phone. By doing that, anyone who has your Gmail password still won't be able to access your account.


 o
RE: wireless

I'm not an internet security expert, I'm just an ordinary average guy (thanks Joe W), but my understanding is that the internet communication protocol HTTPS (the old familiar http with an "s" added) encrypts transmitted data. You can access gmail securely with a URL entry as follows:

https://www.gmail.com

Or even easier, you can set https as the default for your gmail account. There is the double sign-in that Mike describes, but I think most people would find that too slow and bulky to use. Also unnecessary in my view. If you're worried about your password being compromised, simply change it.

If you access an account of a regular financial institution (like a bank), the majority of such sites automatically send the session into an encrypted mode. You can check by going to the website of interest, and then look and see if the address starts with "https".

I think it's fair to assume that unless you're in China, North Korea or Kazakhstan, using an https protocol on an open network is probably not risky.

I would not access anything sensitive on a public PC, however, because it's a trivial matter to install software that records all key stokes, thus allowing the session to be replicated later.

When you're out in public, using your smart phone is considered a rather secure approach for most internet activities.


 o
RE: wireless

Think the non sophisticated hotspot crook watches closely for you to login to your non secured http forum or something .. and then tries your login/password on every bank in town and popular email services that he can think of.

The more sophisticated crook is running the hotspot server from his notebook. So called 'Man in the Middle' And reconstituting your packets into the bank login data string. He doesnt care if its encrypted or not.. he just knows how to send it .. just like you did.


 o
RE: wireless

Two questions for you, Mikie:

1) Might you know how many times either of these two techniques were known to have been maliciously used in the US in the past 12 months. (I think the answer is rather few if any, but I don't know for sure)

2) If someone were to gain access to your bank account in this manner, what is the risk to you? (This one I do know the answer to.)


 o
RE: wireless

anyone who has your Gmail password still won't be able to access your account.
Can they get your password while you are on Gmail?

The reason I am asking all this is cause I just bought an Acer netbook and went to the Library to DL Avast for the "fasterness" of Internet service (I am on dialup at home) and I went on Gmail to send a message (boy did that load FAST) and when I clicked on sign out, (I think I clicked twice) and a message popped up about can't sign out cause someone else is using it? Something like that. Was it cause I clicked twice or did the person near me get in to my gmail?


 o
RE: wireless

Snidely, I don't have a clue if it happens 100's of time each day in the usa or once a year. Perhaps you will bump into that data someday from a somewhat reputable source and let us all know. I've no reason to be going looking for it.

I saw exactly this done as a demo on a tv program with Apple or Linux softwares. ...
On my laptop recently, I did install and play with the freeware Connectify program, because a friend has a use for it to share his 21mb connection with neighbor. Turns your laptop wifi into a hotspot.
Doesnt take much imagination to think about how to accomplish the rest of it.

Probably there is a simple program package made just for this purpose.


 o
RE: wireless

Urlee, you have absolutely nothing to worry about. Use the connection at the library to your heart's content. I think it's unlikely that Eastern European malcontents have set up a listening post in the basement of your neighborhood library, with the evil intent of stealing brownie recipes.

It sounds like your gmail connection had a hiccup, don't give it another thought.


 o
RE: wireless

mikie, you said:

"Snidely, I don't have a clue..."

On that we agree. It's not helpful for you to translate misunderstood Googled information into out-of-context comments.

The readers of this forum, the ones who ask questions, strike me as very nice but mostly novice users. They don't need or understand theoretical recommendations. In the locations near home where they're most likely to be, I'll stick my neck out and say there's no risk at all of what you've described. Unless they live in Iran, in which case, I'd be careful.

The software you cite simply makes a PC act like a router. A better choice of hardware for the use you describe is ....a router, perhaps combined with high gain or outdoor antennae and a repeater in the remote (neighbor's) location.


 o
RE: wireless

I talked to my bank about online banking safety. Of course she said it was safe as you would expect to her to. Then she explained to me that I can't even take money out of my account unless I transfer it into an account at their bank that has my name on it. I am sure a sophisticated hacker could get in, but he wouldn't bother with my account when are a lot of fatter accounts there. The bank would have to restore that money to the account holder.

I still don't do online banking.


 o
RE: wireless

Don't have a pony to ride in this rodeo, but I do have a thought.

If bad guys don't go to open free wi-fi hot spots, then where do they go? They all can't be after-hour mall parking lot rovers. It would seem to me that these spots might be an easy target area, particularly in a tourist area or commuting area.

Of course, if you only surf and do not do anything confidential or critical what are they going to discover? Maybe your password to GW? Or Facebook? Or Twitter?

DA


 o
RE: wireless

THANK you all for your replies.
I did get frightened and wondered if I had to change my password (It's a beauty) right away when I got home.
I did not hookup my external dialup modem for Internet use at home through my server thinking it safer not to when using the wireless at the Library in case? Just a thought to make me feel more at ease when I go.
Oh I LOVE that little thing to tote around.
More time on battery than my $$ one.
Only thing nice about dialup, you can take it anywhere and get on the Internet from any place that has a phone jack.


 o
RE: wireless

From Dictionary.com
snidely -- an adverb
the noun form -- snide -- is defined as derogatory -- in a nasty insinuating manner.
Also, the word ignore -- to refrain from noticing or recognizing: to ignore insulting remarks.


 o
RE: wireless

Fruit jar,

Look in Wikipedia instead of dictonary.com

There you'll find my two favorite cartoon characters, Dudley Do-Right and Snidely Whiplash. Of these four words, I chose Snidely, as being the most suitable for use as an internet name. It's got its baggage but I thought Do-Right, Whiplash or Dudley were worse.

Also in my email name.

Sorry if you didn't find my comments helpful. Many regular visitors here seem to have become terrorized by the thoughts of facing evil-doers whenever they turn on their PCs. I try to offer sensible alternative views to reduce their anxiety and paranoia


 o
RE: wireless

If you are not familiar with tools like sniffer and firesheep which are simple firefox add ons and many more such tools then it might be a good idea to hit google and learn about them. You might say well such and such has been removed but the truth is that they are making new ones to replace the ones removed faster than they can be discovered. They are out there they are used OFTEN at hotspots so be aware of the situation you are in when you access anything at any public wifi.
If you have never been to a security convention and watched a brute force take over of a pc in mere seconds you are missing something because it brings you face to face with reality. The tools to do these kinds of things are not pro tools you can google how to do it and find all the instructions you need.
Never take the head in the sand approach, that it can not happen to you, who would want your stuff, well it may not be so much they want your stuff, they want your pc, to take over and be able to use to do what they need it to do, whether that is to spread spam, porn, or other illegal activities, and the bad part about that is if it is ever busted it is your pc, in your home, and you have to prove it was not you doing it.This exact thing has happened several times in real court cases.
Not to be terrified either, but keep an open mind, educate yourself as to what is out there and how easy it is to accomplish. What simple things you can do to protect your self if you do have to use a public wifi.
For example I never use any public wifi with out putting my portable router between me and that access, and that puts a wpa2 layer on just like my router at home does. It is small portable and not expensive, if I go on the road it goes with me.
If I am using any pc including mine anyplace that may be suspect I use a linux live cd to access any sites that I may be concerned about including those with passwords and any financial transactions.

If you care to learn about using a proxy that is another option to put in place. you can google that too. Here is some reading material for those truly interested in this.
Using tools like https everywhere can also help.

Firesheep
Firesheepwiki
Firesheep Sniffs Out Facebook and Other User Credentials on Wi-Fi Hotspots
Encrypt the Web with the HTTPS Everywhere Firefox Extension : Electronic Frontier Foundation
How to protect against Firesheep attacks

Firesheep Exploit here you can watch it happen on youtube

Mozilla Sniffer Firefox Add-On Steals Passwords
Mozilla yanks password-stealing Firefox add-on

lots more like those out there.

this is what I use
Mobile Wireless Router
or an air card

educating yourself is important.


 o
RE: wireless

awesome,

Thanks for all that....

Joe


 o
RE: wireless

Hey Joe good to see you friend! and you are very welcome!


 o Post a Follow-Up

Please Note: Only registered members are able to post messages to this forum.

    If you are a member, please log in.

    If you aren't yet a member, join now!


Return to the Computer Help Forum

Information about Posting

  • You must be logged in to post a message. Once you are logged in, a posting window will appear at the bottom of the messages. If you are not a member, please register for an account.
  • Posting is a two-step process. Once you have composed your message, you will be taken to the preview page. You will then have a chance to review your post, make changes and upload photos.
  • After posting your message, you may need to refresh the forum page in order to see it.
  • Before posting copyrighted material, please read about Copyright and Fair Use.
  • We have a strict no-advertising policy!
  • If you would like to practice posting or uploading photos, please visit our Test forum.
  • If you need assistance, please Contact Us and we will be happy to help.


Learn more about in-text links on this page here