I was at the Cafe this morning having my coffee on the patio fix when someone asked me a question about connecting to the wireless access point. I helped her get connected and then she asked me a question....
"Is it safe to access my online banking here?"
(Alot of people I know can stop reading here...y'all better know this or I will laugh at you.)
For those of you who know me you know I am not going to give the simple answer. Online banking? Provided you use going to your bank....Yes. That is no problem. You know what I wouldnt use? Any online email (Yahoo, Google, Hotmail, etc.) I also wouldnt log into your blog (depending on what you are using for blogging.) There are many things I wouldnt do. Me? I basically wouldnt do anything.
Basically if you dont see https to start the address I can read it. It is (for the most part) that simple.
Me? Eh....not exactly. There are a couple of ways that I secure my traffic from outside my house. I used to have a SSL VPN and piped all of the traffic through that. I am working on that box at the moment so I pipe all of my browser traffic through an SSH tunnel to a squid proxy at my house. Not the cleanest but it works.
What is the above gobbledygook? Basically I like my security. I dont want anyone to be able to see what I am doing on my laptop when I am out roaming the world.
Here are a couple of things to look at:
Go to gmail and access your account. The password is encrypted (note the https) as soon as you are authenticated everything in is the clear. If I set up my box to read what people are doing.....you read something, I can read it. You send something...I can read it. And so on and so on....
Wordpress? It may be an "upgrade" or whatever but on the simple one I started up a while ago (that I never have time to update) when I log in as admin my PASSWORD is sent in the clear.
Now here is the thing....some people know about this. I would think it would be more people...but it isnt. Here is the big thing that most people dont think about or dont know: You may be even more vulnerable at work.
If you were at work and I was paid to spy on you I could tell many things that you are doing, especially if you are a non-techie person. There are so many ways I can go about it...just a few: install a keylogger on your machine, put a tap on your network port, pipe all of your traffic to my machine....many ways.
Are you scared about someone seeing what you are doing? Do you think you are secure? It is a scary world we live in these days...
gmail https
Note that in the Settings/General tab of Gmail you can set your browser connection to "Always use https". By default it is not set, but it probably should be. This would allay some of your concerns, right?
Er, You're Paranoid.
And rightfully so. I agree with you completely (though I think "dadshouse" has, by far, the better approach).
Even SSL is crackable with enough session information. For most things I think it's safe. I check my Mail (all SSH tunneled, 4096 key biatch, hell on my servers though), and my blog is safe enough (SSL, and if it's compromised, well, I have daily backups. Not everyone runs a proxy at home (in fact, I can think of five, and you and I are on that list).
At any rate, Love the blog so far. It sort of reminds me of what I would write (only from the SysAdmin's perspective).
I'm all good. :) I would
I'm all good. :) I would use the SSL VPN as well before doing anything other than reading the newspaper online. Then again, I understand how to do stuff. ;) Sorta. Sometimes.
thoughts on going online at a cafe
Great technical advice! Good job. But... as a single dad who would love to meet a single woman in a cafe, and who sees way too many people interacting with their computers rather than flirting with the customer at the next table, I'd prefer the story went like this next time:
I was at the Cafe this morning having my coffee on the patio when someone asked me .... "Is it safe to access my online banking here?"
To which you reply: "Absolutely not. Your safest bet is to simply enjoy the beautiful morning. Is that a latte you're drinking?"
(I dream, I dream)