WiFi safety on a Mac?

Discussion in 'Mac Basics and Help' started by nocturnal dark, Sep 3, 2007.

  1. nocturnal dark macrumors member

    Joined:
    Jul 28, 2007
    Location:
    Northern Ohio Valley
    #1
    Ok, is it safe to use my Mac at WiFi locations like coffee shops, libraries, etc?

    Right now, I can pick up an signal from my apartment that the network is called ''home''. I am not sure who it is.

    I do live above a insurance company, across the street from a bank, about 2 blocks from a Embarq building...It's a small all brick building with no windows and just one door. Once awhile there's like 2- 3 cars or service vans there.

    Also across the street is a gas station and a hardware store, along with a Post Office, Lawyer Office, Doctor Offices, a Church and other homes/apartments.

    Also at work, I can pick up a signal. Sometimes I check my email on break time or after work before leaving the parking lot.


    I am I safe using that '' home'' connection at my apartment? Or any other connections else where?


    I do know Macs are more secure then Windoze PCs, but I was want to be safe
     
  2. Eidorian macrumors Penryn

    Eidorian

    Joined:
    Mar 23, 2005
    Location:
    Indianapolis
    #2
    Your traffic could be monitored on the network you're connecting too. Either VPN tunnel your connection or only use a secure one you trust.

    Any page with an SSL certificate would be secure though.
     
  3. Sherman Homan macrumors 6502

    Joined:
    Oct 27, 2006
    #3
    You are absolutely not safe using an unencrypted wireless point! Encryption does two things, it keeps strangers off of a wireless point and most important for you, encrypts your traffic from your Mac to the wireless point. Without WPA (or even WEP) all of your traffic is plain text, so when you log on to get your email, your email account and password are broadcast for anyone to intercept. Ordering on line? Well, you just shouted out your name, credit card number, expiration date, security code, etc. etc!
     
  4. Eidorian macrumors Penryn

    Eidorian

    Joined:
    Mar 23, 2005
    Location:
    Indianapolis
    #4
    If you're not logging in using an SSL tunnel then yes that would be true. Then again that'd be true of a wired connection as well.
     
  5. Sherman Homan macrumors 6502

    Joined:
    Oct 27, 2006
    #5
    Not exactly. A WPA connection is encrypted from the laptop to the router. No one can hack that. Then, from the router to the rest of the internet you might have a point, but who is going to intercept his wired connection?
     
  6. Eidorian macrumors Penryn

    Eidorian

    Joined:
    Mar 23, 2005
    Location:
    Indianapolis
    #6
    I believe that the original situation was on an open wireless access point. You are correct for WPA though.

    I don't send my personal information via an unsecured form, do you?
     
  7. Nugget macrumors 65816

    Nugget

    Joined:
    Nov 24, 2002
    Location:
    Houston Texas USA
    #7
    Sherman seems to be a good case study in "a little information can be a dangerous thing"

    Any plaintext network connection is risky, whether it's on a wire or over the air, and especially so if it's going through a network you don't control. Relying on WPA (or worse, WEP) encryption to protect your traffic is not a good plan. Avoiding an unencrypted wireless access point to protect your sessions is a bit misguided.

    I guess it's probably valuable to be a little more clear what we mean when we say "safe" because the word is dangerously vague.

    Using any wireless network, even one that's unsecured, without permissions can be legally risky. There's no shortage of news stories of people getting arrested or harassed for using a stranger's wireless access without permission. Personally, I think it ought to be considered an attractive nuisance, but the law is very fuzzy in this area and there are risks of overzealous law enforcement making your life miserable for what is fundamentally an innocent activity. I'd be hesitant to use a neighbor's wireless access without asking first for this non-technical reason alone.

    That said, it's a small risk and I've certainly tapped into a "linksys" or "default" access point if I was out and needed internet access in a pinch. Just be aware of the situation.

    From a technical perspective, using someone else's network does bring with it a loss of privacy. It's always wise to use secure and encrypted protocols. Make sure your email application is using imap/ssl or pop3/ssl. If that's not possible, make sure at least you're using encrypted authentication (like PAP/CHAP). You want to avoid sending your login credentials unencrypted. As Eidorian rightly points out, this should be a concern even if you're on a wired connection that you control. The fact of the matter is, your Internet traffic passes through all sorts of shady hosts on its way to the target server and you should always be paranoid about what you're emitting and whether or not it's encrypted. There is no telling who might be listening, and that's not just paranoia.

    Even an encrypted wireless network puts you at risk from the person running that network and any other machine that's connected to the network at the same time as you.

    Make sure your traffic is encrypted where possible. Look for https:// and the little lock icon on web sites before you send a password or any personal data. Make sure the little "Use SSL" checkboxes are checked in Mail.app or other applications you use. It's just smart.

    It's also wise to visit the "Sharing" tab in System Preferences and make sure your Mac is only sharing things you intend. If you don't use Windows file sharing then by all means don't have that turned on. Same goes for ftp, or web sharing. Apple does a pretty darn good job of keeping those services secure, so as long as you're up to date with software updates there's no reason to be terribly concerned, but it's still good practices to shut off what you're not using.

    Fundamentally, you're using OS X which is considerably less prone to exploits and viruses that some other operating systems you might be using. Just be aware of what you're doing and think twice about anything unusual that pops up and you will almost certainly be fine.
     
  8. Nugget macrumors 65816

    Nugget

    Joined:
    Nov 24, 2002
    Location:
    Houston Texas USA
    #8
    This is inaccurate. WPA is encrypted from the laptop to the access point. The router may or may not be the same device as the access point.

    And WPA can be hacked.

    And even if it's not hacked, your traffic is exposed to other users who are connected to that network. The legitimate users of the access point and other users who are on that same network may have access to your traffic as well.
     
  9. Sherman Homan macrumors 6502

    Joined:
    Oct 27, 2006
    #9
    Eidorian, totally right there! If the OP connects to a secure site (SSL) then the entire transaction is encrypted from start to finish and back again. The WPA encryption protects from the laptop to the router; then, from the router to the rest of web he is on his own. SSL is the only safety net after the router.
    My understanding of his original post is he was trying to use an open, unsecured wireless point. In that case the initiation of an SSL page may, in some cases, happen with clear text. Probably safe with on line banking, but not safe with most email carriers and many web sites with ecommerce do not have SSL from start to finish. So you could send you name and password in clear text to initiate the connection.
     
  10. Sherman Homan macrumors 6502

    Joined:
    Oct 27, 2006
    #10
    By whom? Who has the computing power to hack a WPA connection?
     
  11. Nugget macrumors 65816

    Nugget

    Joined:
    Nov 24, 2002
    Location:
    Houston Texas USA
  12. Eidorian macrumors Penryn

    Eidorian

    Joined:
    Mar 23, 2005
    Location:
    Indianapolis
    #12
    I'd like you to prove a reasonable WPA hack then.
     
  13. Nugget macrumors 65816

    Nugget

    Joined:
    Nov 24, 2002
    Location:
    Houston Texas USA
    #13
    Respectfully, this statement would appear to demonstrate a fundamental misunderstanding about how https:// web traffic actually works. If I had to guess (and I sort of do, because your use of imprecise terms like "initiate the connection" and "email carriers" leaves some doubt about what you actually mean) I'd figure that you are misunderstanding the impact of a username/password login box being present on a page which was sent using unencrypted http.

    There is no loss in security by having the username/password input boxes present on an unencrypted page. All that matters is the security of the web page that actually processes the result of that login. There is no real concept of "initiate the connection" in a web context, since web is stateless. As long as the target of that input form is on an https ssl encrypted URL the entire login process is just as safe as it would have been with an https login page.

    Did I guess right? Is that what you meant?

    I would agree that most users are not safely using encrypted logins with their email clients. This is not due to any "email carrier" limitation, though, and is mostly just because mail reader applications rarely try ssl first and usually hide the ssl options behind an "Advanced" configuration tab which most users will never explore. It's quite a shame, really.
     
  14. nocturnal dark thread starter macrumors member

    Joined:
    Jul 28, 2007
    Location:
    Northern Ohio Valley
    #14
    So, how can I tell where the signal I am picking up is coming from?
     
  15. Eidorian macrumors Penryn

    Eidorian

    Joined:
    Mar 23, 2005
    Location:
    Indianapolis
    #15
    Triangulation? :D
     
  16. Sunnzy macrumors regular

    Joined:
    Jan 30, 2007
    #16
    I don't know about actually decrypting WPA traffic, but WPA Keys can be recovered under an hour last time I checked...
     
  17. itickings macrumors 6502a

    itickings

    Joined:
    Apr 14, 2007
    #17
    A link to back up such a general claim would be nice.
     
  18. thewhitehart macrumors 6502a

    thewhitehart

    Joined:
    Jul 9, 2005
    Location:
    The town without George Bailey
    #18
    If you're using a mac, and just using the open network for casual browsing, it's not that big a deal. Macs are immune to the spyware and crap floating around on an open windows network, but they're not immune to eavesdroppers catching your private info. Like everyone else said, make sure the SSL boxes in Mail are checked, and only send personal information through a secure "https://" page (with the little lock in the upper right corner of Safari).

    Better yet, just don't use it for sending and receiving private info. So this rules out insecure email, and a bunch of other useful things we do on the internet. From not only an ethical point of view, try to get your own internet connection. It will give you peace of mind.
     
  19. Sunnzy macrumors regular

    Joined:
    Jan 30, 2007
  20. itickings macrumors 6502a

    itickings

    Joined:
    Apr 14, 2007
    #20
    Whaaat? Weak passphrases can easily be defeated with dictionary attacks? :eek:

    Seriously, that's kind of what I meant with "such a general claim". The claim was that WPA keys could be recovered in under one hour, not "some" WPA keys, so the link doesn't really apply. OK, I guess I'm to blame for not being more clear about the general claim-part in my last post.

    Thanks for the link anyway. If you find any research papers or other solid information that WPA (or WPA2) is broken, or rainbow tables hurting full-length passphrases, please let us know. I try to keep myself updated, but one can always miss things due to the huge amount of information out there. :)
     
  21. Sunnzy macrumors regular

    Joined:
    Jan 30, 2007
    #21
    I guess you can say the weakest link of any security is a weak password.

    No rainbow tables does not work as far as I know of, since the WPA auth hashes is salted with SSID.

    I guess I post more links later when they show up.
     
  22. Eidorian macrumors Penryn

    Eidorian

    Joined:
    Mar 23, 2005
    Location:
    Indianapolis
    #22
    I'm surprised you two came back to this thread.
     
  23. WildPalms macrumors 6502a

    WildPalms

    Joined:
    Jan 4, 2006
    Location:
    Honolulu, HI
    #23
    Hehehe, good call ;)
     
  24. itickings macrumors 6502a

    itickings

    Joined:
    Apr 14, 2007
    #24
    Not more suprised than I am. I certainly hadn't expected Sunnzy to return with a link this late, and don't have a habit of digging upp old stuff myself.

    ...and this one must be my most worthless post (so far). Damn. No more posting for me today. :eek:
     
  25. yg17 macrumors G5

    yg17

    Joined:
    Aug 1, 2004
    Location:
    St. Louis, MO
    #25
    That's WEP. The only way to "hack" WPA is to brute force the password, which is why you choose a good, long password with random characters, mixed cases, numbers, and symbols
     

Share This Page