Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I did something stupid over public wifi


  • Please log in to reply
11 replies to this topic

#1 daveb576

daveb576

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:19 AM

Posted 01 February 2017 - 11:23 AM

For starters, I know how incredibly stupid I was for doing this, but the other day I used a public wireless connection at a local coffee shop chain to access banking info and to make a payment on a credit card. I've never done that before, and I decided to take a chance because I was pressed for time. I'm paranoid now that someone may have access to all of my sensitive personal info, including my bank account #, passwords, secret questions and credit card numbers. 

 

I changed my online bank account password already, and signed up for a fraud alert with the credit bureaus. I also downloaded a free VPN and turned off network discovery in public. This may seem elementary to most of you, but I'm not the most tech savvy person around. 

 

Are there any other steps I should take at this point and how likely is it that someone has accessed my information? Would you typically know pretty quickly if you've been hacked or your information has been compromised? 

 

Your feedback is appreciated (and please don't scold me. I know it was stupid). 

 

Thanks



BC AdBot (Login to Remove)

 


#2 DeimosChaos

DeimosChaos

  • BC Advisor
  • 1,420 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States, Delaware
  • Local time:08:19 AM

Posted 01 February 2017 - 12:08 PM

You seem to already have taken the best steps, reset passwords, watch for credit activity, etc. I would also change your credit card login info, if you haven't done so already.

 

One thing I also suggest is to use a password manager. Allows you to create super secure passwords that can't be broken easily. You just want to make sure you have a strong password for your master password, since it is the keys to the kingdom, so to speak.

 

My opinion though, you are probably fine. Its pretty unlikely that someone happened to be sniffing that coffee shops network at the time you were there. It definitely can happen, so you do want to take those steps, but you are most likely fine. Just keep an eye out for suspicious activity for the next few weeks.


Edited by DeimosChaos, 01 February 2017 - 12:09 PM.

OS - Ubuntu 14.04/16.04 & Windows 10
Custom Desktop PC / Lenovo Y580 / Sager NP8258 / Dell XPS 13 (9350)
_____________________________________________________
Bachelor of Science in Computing Security from Drexel University
Security +


#3 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:19 PM

Posted 01 February 2017 - 01:45 PM

What device did you use?

 

Was it with a browser or an app?


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#4 daveb576

daveb576
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:19 AM

Posted 01 February 2017 - 01:49 PM

You seem to already have taken the best steps, reset passwords, watch for credit activity, etc. I would also change your credit card login info, if you haven't done so already.

 

One thing I also suggest is to use a password manager. Allows you to create super secure passwords that can't be broken easily. You just want to make sure you have a strong password for your master password, since it is the keys to the kingdom, so to speak.

 

My opinion though, you are probably fine. Its pretty unlikely that someone happened to be sniffing that coffee shops network at the time you were there. It definitely can happen, so you do want to take those steps, but you are most likely fine. Just keep an eye out for suspicious activity for the next few weeks.

Thanks for the feedback and advice. That makes me feel a little better. I'll definitely be more careful in the future and look into the password manager. 


What device did you use?

 

Was it with a browser or an app?

It was a browser. I was on my laptop. 



#5 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:19 PM

Posted 01 February 2017 - 03:00 PM

Have you paid attention that you were always using HTTPS when visiting the banking and payment websites?

 

And if you did, did you get any certificate errors?


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#6 DeimosChaos

DeimosChaos

  • BC Advisor
  • 1,420 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States, Delaware
  • Local time:08:19 AM

Posted 01 February 2017 - 03:11 PM

Excellent point, Didier.

 

Even when on a home network you should always make sure you are using HTTPS and have a valid certificate for banking sites (or any site that requires authentication from you of some kind).


OS - Ubuntu 14.04/16.04 & Windows 10
Custom Desktop PC / Lenovo Y580 / Sager NP8258 / Dell XPS 13 (9350)
_____________________________________________________
Bachelor of Science in Computing Security from Drexel University
Security +


#7 Kikobrian55

Kikobrian55

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 05 February 2017 - 05:51 AM

Did you use the default browser of your phone?



#8 TechGirl504

TechGirl504

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:19 AM

Posted 06 February 2017 - 11:44 AM

While you should never use public Wi-Fi for transactions like this, I think you have taken the best steps to protect yourself. Changing your passwords was the #1 best thing you could have done. Just a few other suggestions though. I would stay away from free VPNs because you get what you pay for and you may not get the best protection there. I would suggest one such as the ones listed at https://securethoughts.com/vpn-review/. Also, I would be sure to delete your browsing history and log out of and change passwords to anything you may keep logged into all the time just to be safe. Also, double check to ensure that your firewall and other security software is up to date and active. If you can, do a quick scan of your computer to remove any viruses as well. 



#9 Faslow

Faslow

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 08 February 2017 - 07:08 AM

You’ve did all right. I agree with the previous comment and advice to subscribe for a paid VPN. I’ve already mentioned this point, seeing the fact that free services do not deserve absolute trust and prone to leak customers’ info.
In addition to all said tips, I propose to install ads blocker to your device because any ads banner can jeopardize your privacy being stealth virus. 



#10 downloaderfan

downloaderfan

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 28 February 2017 - 06:59 AM

Have you paid attention that you were always using HTTPS when visiting the banking and payment websites?

 

And if you did, did you get any certificate errors?

 

I have 2 questions related to this:

1) Does using a VPN break all possibilities of man in the middle attack which were previously possible with just https without VPN?

2) Does using a compression proxy like Data saver for chrome provide sufficient protection from session hijacking on http websites? I know proxies only redirect browser traffic, but since that's where all my login data is stored, I don't see anything valuable that hackers could steal from other applications.

 

Since VPN normally reduce browsing speeds & have to be turned On manually when connected to an open network,(I know some VPNs do have an option to auto turn On when connected to a specific network, but the one I use, which is Private Internet Access sadly doesn't have that feature) I was wondering if proxies were good enough to keep our browser data secure.



#11 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:19 PM

Posted 01 March 2017 - 09:20 AM

1) No, when you use a VPN subscription, your traffic is only protected by the VPN tunnel between your machine and the VPN server. Between the VPN server and the web server you visit, the HTTPS traffic is not inside a VPN tunnel.

2) I don't know, not familiar with data saver.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#12 techghost

techghost

  • Members
  • 191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:19 PM

Posted 01 March 2017 - 12:29 PM

 

Since VPN normally reduce browsing speeds & have to be turned On manually when connected to an open network,(I know some VPNs do have an option to auto turn On when connected to a specific network, but the one I use, which is Private Internet Access sadly doesn't have that feature) I was wondering if proxies were good enough to keep our browser data secure.

 

Not all VPNs reduce speed. And while PIA might not have the auto-connect option, many other VPNs do have.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users