Wi-Fi question

  • Thread starter Thread starter Mike
  • Start date Start date
M

Mike

Hello,

When connected to a Wi-Fi network (which is not mine at home) without any
encryption (public network), is there any way someone can infiltrate my
laptop? I am running NAV 2002 on XP Pro SP2 with firewall turned-on.
 
How to Make Your 802.11b Wireless Home Network More Secure
http://support.microsoft.com/default.aspx?scid=kb;en-us;309369&Product=winxp

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect Your PC!
http://www.microsoft.com/athome/security/protect/default.aspx

----------------------------------------------------------------------------------------

:

| Hello,
|
| When connected to a Wi-Fi network (which is not mine at home) without any
| encryption (public network), is there any way someone can infiltrate my
| laptop? I am running NAV 2002 on XP Pro SP2 with firewall turned-on.
 
It is more likely that your identinty will get *stolen* before your laptop
is compromised - which may come later as a result.
Basically, when there is no encryption, someone sitting next to you or on
the opposite side of the room can VERY EASILY sniff any information
exchanged between the access point and your system - or any system
connecting to that same access point for that matter - including your
passwords, credit card numbers, etc....
 
If you re-read what I wrote carefully you'll notice that I said that it can
happen while the data is exchanged over the wireless network. Meaning, if
you go to a web site, or check your mail, or whatever, you're essentially
making a connection to some server and *SEND YOUR PASSWORD* to authenticate
at some point that password usually travels over that network in clear text
format. The firewall can't do anything about that.
 
I see. So how you protect yourself? Should I stay away from them altogether?
I suppose you don't use them yourself. I am in Manhattan and Verizon offers
its DSL customers free Wi-Fi access over the city. But I think it's the same
problem and so it is for T-Mobile Hotspots I suppose.
 
If you're just browsing the web then it's fine. I wouldn't use those places
with any services that require you to enter your password or credit card
number unless you're positive that the site is using SSL (Secure Socket
Layer/HTTPS). If it does, you usually see a little yellow podlock icon in
the bottom right corner of your IE window.
 
Right. So to sum up the threat comes from the fact that on a public Wi-Fi
access point (with no encryption), people can sniff data when being
transmitted between the laptop and the access point (and vice-versa
eventually) unless the data is going to/ coming from a HTTPS web site.

All the web sites on which I have to log in (with a password) use SSL. So
where is the danger for me then?
 
Do you use a mail client on the public Wi-Fi?

Mike said:
Right. So to sum up the threat comes from the fact that on a public Wi-Fi
access point (with no encryption), people can sniff data when being
transmitted between the laptop and the access point (and vice-versa
eventually) unless the data is going to/ coming from a HTTPS web site.

All the web sites on which I have to log in (with a password) use SSL. So
where is the danger for me then?
Click to expand...
 
Through Outlook 2002 only- I have 7 email addresses (mix of Pop 3 and
hotmail accounts).
Is that vulnerable?
 
Back
Top