Can I Safely Browse The Internet On An Unsecured Wireless Network?

Discussion in 'Mac Basics and Help' started by magentawave, Apr 21, 2010.

  1. magentawave macrumors regular

    Joined:
    Jun 8, 2009
    #1
    Is there any way I can safely browse the internet on my Mac using an unsecured wireless network? I know people do it all the time now and I'm wondering if there are any precautions I can take like when I'm paying bills for buying something online with my credit card?

    Thanks
    Steve
     
  2. miles01110 macrumors Core

    miles01110

    Joined:
    Jul 24, 2006
    Location:
    The Ivory Tower (I'm not coming down)
    #2
    Make sure the site you're passing your credentials through is https.

    It's generally not a good idea to do that over an unsecured connection, though.
     
  3. noah82 macrumors 6502a

    noah82

    Joined:
    Oct 16, 2008
    Location:
    San Diego, CA
    #3
    I would never enter a password into a site over an unencrypted network. Wait until you get home and do it there, but you are opening yourself up to unnecessary risk.
     
  4. Kingcodez macrumors 6502

    Kingcodez

    Joined:
    May 13, 2009
    Location:
    China
    #4
    The best way would be to get a SSL VPN, I use witopia here in China, where they block stuff liek CNN and Facebook/youtube.

    It creates a SSL Tunnel, from your machine, to one of their servers (witopia has like 30), and then to the interwebz.

    So A tunnel is made from My laptop in Beijing, over say, starbucks' internet connection, straight more or less to LA, and then to whatever server that particular website is hosted on (Lets also say LA).

    So you can browse with 256 bit AES encryption on that public wifi. No one can see what you are doing.

    I think one guy cracked 256, but its hard and takes a long time so yeah.
     
  5. magentawave thread starter macrumors regular

    Joined:
    Jun 8, 2009
    #5
    So if every site I'm entering credit card stuff into is a https then I am secure? What about using something like LastPass for entering my usernames and passwords automatically on http (with no 's') only sites?

    Thanks
    Steve


     
  6. noah82 macrumors 6502a

    noah82

    Joined:
    Oct 16, 2008
    Location:
    San Diego, CA
    #6
    NEVER enter a password on an unsecured network on an unencryped (http) site. Only use sites with SSL encryption.
     
  7. noah82 macrumors 6502a

    noah82

    Joined:
    Oct 16, 2008
    Location:
    San Diego, CA
    #7
    You are not 100% secure, but it is better than nothing. If you are really worried about privacy on an unsecured network, you can subscribe to an internet VPN which will encrypt all of your internet traffic even over an unsecured network.
     
  8. magentawave thread starter macrumors regular

    Joined:
    Jun 8, 2009
    #8
    Do you have any recommendations for a good VPN for a Mac and are there any disadvantages in using a VPN?

    Thanks again.
    Steve



     
  9. notjustjay macrumors 603

    notjustjay

    Joined:
    Sep 19, 2003
    Location:
    Canada, eh?
    #9
    Disadvantages? Your throughput will be slower since the data's going through that extra server and also being encrypted/decrypted.

    Also make sure you turn off file sharing and other Sharing services from System Preferences including iTunes. I once connected to a conference center network, and discovered someone else running iTunes sharing. I could access "Jane Doe's Music" right from my iTunes and browse her albums and playlists. Then I opened up a Finder window and saw Jane Doe's computer as a network share in my Sidebar. The share was password protected, at least, but still.

    The following day, I tracked down Jane Doe at the conference, introduced myself, and asked, "So how are you liking your new Mac?" She was blown away :eek:
     
  10. magentawave thread starter macrumors regular

    Joined:
    Jun 8, 2009
    #10
    If I'm getting download speeds of 15mbps and upload speeds of 5mbps, how much do you think a VPN might slow down my system? And do you have any recommendations for a VPN?

    Steve



     
  11. noah82 macrumors 6502a

    noah82

    Joined:
    Oct 16, 2008
    Location:
    San Diego, CA
    #11
    You are only limited by your VPN provider's upload/download speed. If their capacity is more than yours, it shouldn't be too much slower.
     
  12. QuantumLo0p macrumors 6502a

    QuantumLo0p

    Joined:
    Apr 28, 2006
    Location:
    U.S.A.
    #12
    Am I missing something? There seems to be a separate discussion going on about site encryption but the OP asked about using an unsecured wireless network. @ OP, they are two different subjects.

    Using an unsecured wireless network, such as at a local coffee shop, is like letting the bad guys plug their computers into your wired network; they ARE at the doorstep of your computer and only your computer's software firewall is between you and them. There is no hardware layer, a router, between you and the rest of the world. Also, many people think they are safe when they use an encrypted wireless network they are not. Typical encrypted WEP and WAP wireless can be defeated by an eight year old with free software in a few minutes. This has been proven.

    As for using encrypted web sites, there seems to have been some decent opinions on that already.
     
  13. magentawave thread starter macrumors regular

    Joined:
    Jun 8, 2009
    #13
    Yes I asked if there was a safe way to use an unsecured wireless network (pay bills, visit other websites and have my usernames and passwords automatically entered using LastPass, etc.) and someone mentioned that I could do that safely with a VPN. I am assuming a VPN is a "virtual private network" but have no idea if that is what I need. What do you suggest?

    Thanks
    Steve



     
  14. QuantumLo0p macrumors 6502a

    QuantumLo0p

    Joined:
    Apr 28, 2006
    Location:
    U.S.A.
    #14
    VPN's are usually used for secure connections such as accessing a company network when you might need to access your files or apps but it has to set up for it. Typical consumer websites do not use that. Just use your computer to access the sites directly but you should make sure everything is up to date on your end before you do anything that is ID sensitive. Make sure your OS, anti-virus, anti-malware, firewall, EVERYTHING is current and up to date. Make sure you do a full computer scan to check for anything bad and do scans on a regular basis, too. If you suspect, even a little, that your computer has a virus, or any malware, you have to make sure it is totally addressed before you do any secure transactions. If your computer is used to surf questionable sites, I would not use it for secure transactions either.

    When you log into your bank or whatever merchant's site you should see a little lock or indicator on your browser that signifies the data going back and forth is encrypted. If not, do not proceed and call the company's customer service. If you get a message when you try to log in that says the security certificate is expired or cannot be verified then do not proceed and contact the company's customer service. The latter could mean the site you are looking at is a fake and your info would most likely be collected and sold on the market.

    Even though wireless networking can be hacked easily, your data should be okay if you are using a site that has encryption and your computer is up to date. Personally, I don't use wireless for any secure transactions but that's just me. I know there are many people who do. All in all it can be somewhat scary when you consider the potential issues but if you follow the basic rules it isn't that big a deal. Your data may be more at risk from your bank or merchant's network getting hacked than your own computer getting hacked. As always, what you do on your computer is your responsibility and you are taking the risks. Most business online agreements release or limit their liabilities because of all the variables.

    Anyone else want to chime in here? I am not an expert, just a fellow consumer doing the same things on the internet.
     
  15. magentawave thread starter macrumors regular

    Joined:
    Jun 8, 2009
    #15
    Thanks for your feedback but who uses anti-virus programs and anti-malware for Macs, and besides, how can using that stuff protect your usernames and passwords from being lifted on an unsecure network?



     
  16. QuantumLo0p macrumors 6502a

    QuantumLo0p

    Joined:
    Apr 28, 2006
    Location:
    U.S.A.
    #16
    I apologize, I did get off on a bit of a tangent. By the way, there is a fair amount of mac users who do use av software and there are a few, I believe, mac trojans out there.

    Making sure your computer is rock solid is all that will be standing between you and getting your info lifted on an unsecure network. A simple example would be to use your Mac with the OS-X firewall turned off. On an unsecure network a hacker would be able to get into your computer without much effort.

    Theoretically you should be able to use an unsecure network when the transactions are encrypted and your computer is rock solid in regards to security updates, firewall set up properly, etc. It would be like driving your car through a bad neighborhood but your doors are locked and the windows are rolled up.

    If you can avoid using an unsecured wireless network, I would do so. What convenience you lose could end up saving your personal info.
     
  17. Kingcodez macrumors 6502

    Kingcodez

    Joined:
    May 13, 2009
    Location:
    China
    #17
    Did you even see my post?
    Buy Witopia.
    Nuff' said.
     
  18. magentawave thread starter macrumors regular

    Joined:
    Jun 8, 2009
    #18
    Yes I did and I'm glad you responded again. Since I'm not familiar with this stuff, I got side-tracked from your suggestion and confused when someone else said a VPN wouldn't be the solution. Is this the service that you are using http://www.witopia.net/welcome.php and would they be the solution for me to be able to safely enter my usernames, passwords and credit card numbers online over an unsecured network?

    Steve



     

Share This Page