Tonight's BBC Watchdog on wifi spot hijacking of e mail a/c
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- Re: Tonight's BBC Watchdog on wifi spot hijacking ...
Tonight's BBC Watchdog on wifi spot hijacking of e mail a/c
29-10-2009 9:40 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Will plus net be thinking of providing vpn type security for users accessing their +Net e mails?
http://www.bbc.co.uk/blogs/watchdog/2009/10/wifi_hot_spots_not_secure.html
Re: Tonight's BBC Watchdog on wifi spot hijacking of e mail a/c
29-10-2009 10:03 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: Gel Will plus net be thinking of providing vpn type security for users accessing their +Net e mails?
Plusnet's webmail (SquirrelMail) is accessed via SSL so wouldn't be prone to network sniffing.
However, I don't think their POP3 and IMAP4 access is accessible (yet!) via secure means (TLS or SSL) so if you need to access PN's email systems over any network link you don't trust then use SquirrelMail. Or use something like Gmail which supports encryption for all access.
I didn't see the programme myself but it strikes me as a tiny bit naive trusting any public WiFi as you never know exactly what you are connecting to.
Re: Tonight's BBC Watchdog on wifi spot hijacking of e mail a/c
29-10-2009 10:06 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Tonight's BBC Watchdog on wifi spot hijacking of e mail a/c
29-10-2009 10:10 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Tonight's BBC Watchdog on wifi spot hijacking of e mail a/c
29-10-2009 10:16 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Tonight's BBC Watchdog on wifi spot hijacking of e mail a/c
29-10-2009 10:17 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: pierre_pierre they suggested on the progran that you should use a VPN link.
TBH using a VPN (assuming someone on the programme didn't get their terminology wrong) is only really relevant when accessing corporate resources for any number of reasons (support nightmare for one). There's enough secure options around for accessing sensitive email and web pages already without throwing VPNs into the mix
Re: Tonight's BBC Watchdog on wifi spot hijacking of e mail a/c
30-10-2009 7:58 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: MrC Or use something like Gmail which supports encryption for all access.
The example account they accessed was a Gmail one.
As said subsequently, the attack is on the WiFi network and the way it handles IP packets, rather than an issue with any particular mail provider.
VPN does provide a solution, but you have to assume that you have created the VPN without giving away sufficient info for a malicious user to create a similar connection. (A different attack to that demonstrated, but an issue nonetheless)
Ever wondered why places with WiFi hotspots put them into a different network to their production machines, preventing access to the corporate network from the hotspot...
Re: Tonight's BBC Watchdog on wifi spot hijacking of e mail a/c
30-10-2009 9:02 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: MrC TBH using a VPN (assuming someone on the programme didn't get their terminology wrong) is only really relevant when
Didn't see the prog, but wonder if they meant ssh tunneling. Full vpn seems ott.
Gabe
Re: Tonight's BBC Watchdog on wifi spot hijacking of e mail a/c
30-10-2009 9:09 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I haven't seen the programme myself, but it sounds a bit like scaremongering.
Re: Tonight's BBC Watchdog on wifi spot hijacking of e mail a/c
30-10-2009 9:22 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Its an issue that should have been publicised (everybody should know about the risks, and I'm certain nobody could disagree)
In fairness to the Beeb though, I'm not certain of what platform, or delivery method would have made people less scared at the thought of it, other than perhaps some clarification as to when its /likely/ to be safer to use WiFi for these things. (Of course reinforcing the message that WiFi can never truly be secure, but it can be made hard enough that its not worth people bothering you in most cases)
Re: Tonight's BBC Watchdog on wifi spot hijacking of e mail a/c
30-10-2009 9:24 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Also gives us a good opportunity to review our own support pages and ensure that our customers are aware of the information that is available on our website to help them secure their wireless connections.
Re: Tonight's BBC Watchdog on wifi spot hijacking of e mail a/c
30-10-2009 10:05 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Tonight's BBC Watchdog on wifi spot hijacking of e mail a/c
30-10-2009 10:45 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Always remember that, and start from that point. (Its not as scary as it sounds)
On the basis that a hacker could get into any network they choose to, you have to join the arms race and make it easier for the hacker to move on to a different network.
One of the issues underpinning a lot of the security issues with a WiFi access point is that it has to communicate with any device that tries to communicate with it - if only to establish the identity of that device, and to ascertain whether it is authorised to connect fully, or not.
Disabling the broadcast of wireless network name for example does not do what you would expect. It merely adds an instruction to devices to ignore the fact that it is broadcasting the network name (because it still needs to broadcast it so that authorised devices can locate it an connect to it)
So, always expect that it is insecure, but remember that by doing everything you can, you are reducing the chances of you being hacked significantly. (Remember, its not just yours that is insecure, its every single one in the country/world - so just make sure yours doesn't stand out as worth bothering with - this will also put off people without all of the required skills from having a go.)
Main thing, don't worry too much.
Re: Tonight's BBC Watchdog on wifi spot hijacking of e mail a/c
30-10-2009 1:26 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Tonight's BBC Watchdog on wifi spot hijacking of e mail a/c
30-10-2009 1:41 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
As for home wifi routers, it would be nice if the router supplied by PN had a wifi on/off switch, like many laptops/smartphones.
Of course the sniffer could be located in a flat across the street which makes things more interesting. He/she can sit there every day and monitor traffic routinely in their pyjamas.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- Re: Tonight's BBC Watchdog on wifi spot hijacking ...