Unsecure Wireless

Corndogg69

Distinguished
Jan 21, 2009
2
0
18,510
I have a friend who wants to day trade. He wants to bring his laptop to school and check the stock market and make trades online. Problem is our wifi at school is not secure. Even if it was secure dozens of students would know the WEP key and be online at the same time.

He is worried that someone could monitor his activities and learn his account numbers and balances.
Does he have a reason to be worried?
Is that anything he can do on his laptop to eliminate the danger of someone looking around or intercepting his data?

Thanks
 

gstefanick

Distinguished
Nov 12, 2005
63
0
18,630
Your biggest concern is your unsecure wireless connection. Anyone can sniff your traffic and gain his logon and pw if he is using standard HTTP.

Make sure his connection to the site he is using is HTTPS... Which im sure it is...

He will be ok...
 

gstefanick

Distinguished
Nov 12, 2005
63
0
18,630



Most enterprises are leading with 802.1x WPA2/AES w/ PEAP vaild. server side certs.
 

JustAGuy51

Distinguished
Oct 1, 2008
180
0
18,690


Old thread, people already answered and they are valid. I like to add this for the sake of future. Just read in Yahoo about 1 trilion dollar loss due to compromised records.

The attacks and preventions people described here are primarily focus on networks. Nowadays, you also have to worry about application level threats. Read this story:

http://www.gnucitizen.org/blog/google-gmail-e-mail-hijack-technique/

These are Javascript based attacks. Javascript is a language being executed by your browser. In a simple scenario, the way it works is like this:

You have a browser opened with multiple tabs. One tab contains your trading account, another tab your yahoo email, and so on. Say one of the tab contains a website that you click through a link. Say that web site is a malicious site or a good site being broken into and has a parasite attached (parasite in this case is a malicious Javascript file). Now since all of your tabs are being managed under one browser application and Javascript is being executed by that SAME broswer app, that malicious script can steal stuffs from your trading page, email page and so on.

Prevention:
1) Develop a discipline like this: open all sensitive web pages STRICTLY with one browser, say MS IE or Opera (preferred). Open the rest of sites with Firefox. You may ask why not Firefox for sensitive pages? Because those pages are trustworthy pages and you need the least protection.

2) In Firefox, download an add-on called NoScript. Think of NoScript as firewall at the browser level. Unless you explicitly allow Javascripts from sites you visit to run, NoScript will block them by default. Thus, blocking attacks based on XSS, XSRF, Flash based attacks, etc.

Nowadays, you just can't rely on the vendors anymore; you also need to grow your brain to a degree.