Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Public WIFI Network Privacy Questions


  • Please log in to reply
3 replies to this topic

#1 verb sandwich

verb sandwich

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 04 January 2013 - 09:38 PM

Hi,

I am not the most tech-savvy knowledgeable person when it comes to WiFi network security and am hoping someone might be able to answer a couple of questions pertaining to my situation. I live in an apartment complex in which free WiFi is included in the rent. Based on my understanding, the apartment complex has a WLAN that is owned by Airwave Networks (http://www.airwave-networks.com/index.php/about-us.html). In order to use the network, you are brought to a page where you are asked to create an account the first time you connect (the page looks like this: http://login.airwavenetwork.com/login/resident/?site=DE-SGRE). You are then asked to login with your username (which is linked to personally identifiable info such as your name etc) to use the network. Basically, my concern relates to privacy, and I have two questions. First, in this scenario, is it the local network administrator (property manager or whoever has access to the router), or the ISP itself (Airwave) who can see what websites etc. that I visit and link them with that username? (I canít tell whether that login page means the ISP itself or the administrator of the wireless LAN can link my traffic with my username). Secondly, if I use the Hotspot Shield VPN program (http://www.hotspotshield.com/en) while connected to the network, does that hide what websites etc. that I visit from the local network admin as well as the ISP? I know that in theory it is supposed to but I am not sure as to whether or not that applies to this situation where I have to actually login with a username and password linked to personal info to use the wireless network. Any info would be appreciated. Thanks!

BC AdBot (Login to Remove)

 


#2 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:19 AM

Posted 08 January 2013 - 07:48 AM

I was surprised to see that the login form is HTTP, and not HTTPS.

How is the WLAN secured?

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#3 verb sandwich

verb sandwich
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 12 January 2013 - 08:02 PM

It is an unsecured wireless network.

#4 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:19 AM

Posted 13 January 2013 - 03:13 PM

It is an unsecured wireless network.


That's a big problem. Anybody with a laptop can sniff the wireless traffic and inspect all your HTTP traffic.
And since the initial login is HTTP, they can also steal your credentials.
Together with your credentials on all sites that don't use HTTPS to login.

I would only use such a network with a VPN connection, provided the initial login is HTTPS.
Otherwise I would not use it.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users