cancel
Showing results for 
Search instead for 
Did you mean: 

Tonight's BBC Watchdog on wifi spot hijacking of e mail a/c

Gel
Seasoned Pro
Posts: 1,424
Thanks: 144
Fixes: 12
Registered: 02-08-2007

Tonight's BBC Watchdog on wifi spot hijacking of e mail a/c

This programme was worrying; I have a VPN as recommended for company use, but that excludes access to webmail.
Will plus net be thinking of providing vpn type security for users accessing their +Net e mails?Huh
http://www.bbc.co.uk/blogs/watchdog/2009/10/wifi_hot_spots_not_secure.html
Angry
19 REPLIES
MrC
Grafter
Posts: 523
Thanks: 2
Registered: 17-07-2008

Re: Tonight's BBC Watchdog on wifi spot hijacking of e mail a/c

Quote from: Gel
Will plus net be thinking of providing vpn type security for users accessing their +Net e mails?Huh

Plusnet's webmail (SquirrelMail) is accessed via SSL so wouldn't be prone to network sniffing.
However, I don't think their POP3 and IMAP4 access is accessible (yet!) via secure means (TLS or SSL) so if you need to access PN's email systems over any network link you don't trust then use SquirrelMail. Or use something like Gmail which supports encryption for all access.
I didn't see the programme myself but it strikes me as a tiny bit naive trusting any public WiFi as you never know exactly what you are connecting to.
Gel
Seasoned Pro
Posts: 1,424
Thanks: 144
Fixes: 12
Registered: 02-08-2007

Re: Tonight's BBC Watchdog on wifi spot hijacking of e mail a/c

pierre_pierre
Grafter
Posts: 19,757
Registered: 30-07-2007

Re: Tonight's BBC Watchdog on wifi spot hijacking of e mail a/c

the subject of the program tonight was the link between your PC and public WiFi hot spots, cafes, railway stations, hotels etc.  the snooper was sitting very close to the person with the laptop, they suggested on the progran that you should use a VPN link.  I have been using Thunderbird and IMAP, makes you wonder Embarrassed
scootie
Grafter
Posts: 4,799
Registered: 03-11-2007

Re: Tonight's BBC Watchdog on wifi spot hijacking of e mail a/c

dosent take much to sniff wi fi, a passavie mode wi fi card, version of a linux distro which has the tools of trade setup all ready, and wireshark as well.wireshark is what that hacker was using when he hacked into read the crimewatch coppers emails
MrC
Grafter
Posts: 523
Thanks: 2
Registered: 17-07-2008

Re: Tonight's BBC Watchdog on wifi spot hijacking of e mail a/c

Quote from: pierre_pierre
they suggested on the progran that you should use a VPN link.

TBH using a VPN (assuming someone on the programme didn't get their terminology wrong) is only really relevant when accessing corporate resources for any number of reasons (support nightmare for one). There's enough secure options around for accessing sensitive email and web pages already without throwing VPNs into the mix Smiley
Lurker
Grafter
Posts: 1,867
Registered: 23-10-2008

Re: Tonight's BBC Watchdog on wifi spot hijacking of e mail a/c

Quote from: MrC
Or use something like Gmail which supports encryption for all access.

The example account they accessed was a Gmail one. Wink
As said subsequently, the attack is on the WiFi network and the way it handles IP packets, rather than an issue with any particular mail provider.
VPN does provide a solution, but you have to assume that you have created the VPN without giving away sufficient info for a malicious user to create a similar connection. (A different attack to that demonstrated, but an issue nonetheless)
Ever wondered why places with WiFi hotspots put them into a different network to their production machines, preventing access to the corporate network from the hotspot...
Community Veteran
Posts: 767
Registered: 29-10-2008

Re: Tonight's BBC Watchdog on wifi spot hijacking of e mail a/c

Quote from: MrC
TBH using a VPN (assuming someone on the programme didn't get their terminology wrong) is only really relevant when

Didn't see the prog, but wonder if they meant ssh tunneling. Full vpn seems ott.
Gabe
James
Grafter
Posts: 21,036
Registered: 04-04-2007

Re: Tonight's BBC Watchdog on wifi spot hijacking of e mail a/c

We now have lots of customer calling us asking us to check if their router is secure Smiley
I haven't seen the programme myself, but it sounds a bit like scaremongering.
Lurker
Grafter
Posts: 1,867
Registered: 23-10-2008

Re: Tonight's BBC Watchdog on wifi spot hijacking of e mail a/c

It was fairly typical BBC reporting of technical stuff... Tongue
Its an issue that should have been publicised (everybody should know about the risks, and I'm certain nobody could disagree)
In fairness to the Beeb though, I'm not certain of what platform, or delivery method would have made people less scared at the thought of it, other than perhaps some clarification as to when its /likely/ to be safer to use WiFi for these things. (Of course reinforcing the message that WiFi can never truly be secure, but it can be made hard enough that its not worth people bothering you in most cases)
James
Grafter
Posts: 21,036
Registered: 04-04-2007

Re: Tonight's BBC Watchdog on wifi spot hijacking of e mail a/c

Yep, it's a sensible message.
Also gives us a good opportunity to review our own support pages and ensure that our customers are aware of the information that is available on our website to help them secure their wireless connections.
LittleReggie
Grafter
Posts: 54
Registered: 20-11-2008

Re: Tonight's BBC Watchdog on wifi spot hijacking of e mail a/c

ive just had a quick look at the plusnet guide to (home) wireless security. it doesnt mention setting up a wireless station access list. can hackers get round these? unfortunately, i have a device on my network  that only supports wep encryption. is wep + access list on my router enough to stop me getting hacked?
Lurker
Grafter
Posts: 1,867
Registered: 23-10-2008

Re: Tonight's BBC Watchdog on wifi spot hijacking of e mail a/c

Any level of encryption you could choose to use can be hacked by somebody with the correct tools and skills.
Always remember that, and start from that point. (Its not as scary as it sounds)
On the basis that a hacker could get into any network they choose to, you have to join the arms race and make it easier for the hacker to move on to a different network.
One of the issues underpinning a lot of the security issues with a WiFi access point is that it has to communicate with any device that tries to communicate with it - if only to establish the identity of that device, and to ascertain whether it is authorised to connect fully, or not.
Disabling the broadcast of wireless network name for example does not do what you would expect. It merely adds an instruction to devices to ignore the fact that it is broadcasting the network name (because it still needs to broadcast it so that authorised devices can locate it an connect to it)
So, always expect that it is insecure, but remember that by doing everything you can, you are reducing the chances of you being hacked significantly. (Remember, its not just yours that is insecure, its every single one in the country/world - so just make sure yours doesn't stand out as worth bothering with - this will also put off people without all of the required skills from having a go.)
Main thing, don't worry too much. Wink
pierre_pierre
Grafter
Posts: 19,757
Registered: 30-07-2007

Re: Tonight's BBC Watchdog on wifi spot hijacking of e mail a/c

WEP unfortunately is easily cracked in less than a minute, can that lone device  use ethernet and the rest WPA which is more secure
glocal
Grafter
Posts: 86
Thanks: 2
Registered: 11-09-2007

Re: Tonight's BBC Watchdog on wifi spot hijacking of e mail a/c

Over the last two years I asked this question here but never received a satisfactory answer: why doesn't PN offer SSL protection to its POP3/IMAP/SMTP by default? Webmail may be protected but many people will simply run their mail client installed on their laptop/smartphone either because they don't know better or because it's more useful to them. Tunneling protection to the ISP would be even better protecting all types of traffic. I understand that encryption slows things down and increases the workload for ISP servers (which is probably why ISP choose to keep quiet), but it's a trade off. I remember wondering why more people didn't appear to be concerned -- now they may be. Personally, I use 3G anyway.
As for home wifi routers, it would be nice if the router supplied by PN had a wifi on/off switch, like many laptops/smartphones.
Of course the sniffer could be located in a flat across the street which makes things more interesting. He/she can sit there every day and monitor traffic routinely in their pyjamas.