to be safe, I wouldn't do anything sensitive on any open network, and even
if you don't get hacked that way, a packet sniffer could be installed on the
machine of another user on the same network, which will capture your
passwords in the clear. A secure network usually shows up as being secure
when you search for it, and it'll tell you what type of encryption it uses.
If your the one running the access point, log into its web innterface and
it'll tell you under wireless security. This is found in slightly different
places depending on the make and model of the router or access point.
Aiden
----- Original Message -----
From: "Eleni Vamvakari" <magkis...@gmail.com>
To: <blind-computing@jaws-users.com>
Sent: Thursday, November 04, 2010 6:17 PM
Subject: Re: [Blind-Computing] daily term
So how do you check to insure that your network is using incription?
And what if you're away and wish to use a freely available network?
For example, I use one e-mail for almost all things but another for
financial/legal matters. If I use my regular e-mail and stay away
from shopping sites and ones that use my legal name, is it safe for me
to browse the net via an unsecured network or can they actually hack
into my computer itself?
Thanks,
Eleni
On 11/4/10, David Ferrin <ow...@jaws-users.com> wrote:
This is true folks.
David Ferrin
ow...@jaws-users.com
I believe that tomorrow is another day, and I'll probably screw that one
up
too.
----- Original Message -----
From: "Aiden Gardiner" <aiden.gardiner....@googlemail.com>
To: <blind-computing@jaws-users.com>
Sent: Thursday, November 04, 2010 1:05 PM
Subject: Re: [Blind-Computing] daily term
this is what the firesheep firefox extention does. It was designed to
demonstrate how much of a risk this attack poses. now a user who has the
extention can go to any open wireless hotspot, such as in a cafe, see
exactly who is on the network with them, and their profile picture if
they
are logged onto a website the extention supports and by simply
double-clicking on the person's name, they hijack that individual's
account.
the only fix is for hotspot admins to employ WPA encryption at the very
least, or for websites to force SSL for the entire session, which
unfortunately not many do. I say this as a warning to everyone, whether
you
run your own wireless network or not, make sure the network your
connecting
to uses at least WPA encryption, wep encryption simply is not enough any
more because it's now so easy to brake into those networks.
Aiden
----- Original Message -----
From: "David Ferrin" <d...@jaws-users.com>
To: <blind-computing@jaws-users.com>
Sent: Thursday, November 04, 2010 12:15 PM
Subject: [Blind-Computing] daily term
sidejacking
"When logging into a Web site you usually start by submitting your
username and password. The server then checks to see if an account
matching this information exists and if so, replies back to you with a
'cookie,' which is used by your browser for all subsequent requests."
Most Web sites protect your username and password with a secure HTTPS
connection. Unfortunately, many immediately drop back into insecure HTTP
once a visitor is signed in - and the site sends its cookie back over a
now-insecure connection. Anybody snooping on your conversation can make
a
copy of the cookie and use it to interact with the Web site in precisely
the same way you do.
David Ferrin
Most people don't know what they're doing and a lot of them are really
good at it.
For answers to frequently asked questions about this list visit:
http://www.jaws-users.com/help/
For answers to frequently asked questions about this list visit:
http://www.jaws-users.com/help/
For answers to frequently asked questions about this list visit:
http://www.jaws-users.com/help/
For answers to frequently asked questions about this list visit:
http://www.jaws-users.com/help/
For answers to frequently asked questions about this list visit:
http://www.jaws-users.com/help/
