This is why I don't spend a lot of time worrying about hackers at campgrounds. Why get a handful of card numbers when you can get millions hacking into servers?
Joe and Dakota, the wacko cat
2006 Dodge 3500 QC CTD SRW Jacobs Exhaust brake
2006 Heartland Bighorn 3600RL, MorRyde suspension, TrailAir pinbox http://happykayakers.com/blogger/
Since all financial transactions are now conducted with smoke and mirrors--international smoke and mirrors, at that--there seems no clear answer to the problem. I guess we could all go back to using cash.
2000 Born Free 24RB Class C
6.8L Ford V-10 Engine, E450 Chassis
2002 Honda CR-V toad
Roadmaster Sterling A/T towbar
VIP braking system
Eddyline Merlin kayak
hmmmm.......I'm not sure if I understand this topic..
Surely, you are not suggesting that you would or do on-line bill paying, or on-line use of your credit card on unsecured campground servers, are you? I would not think of doing such a thing...we pay our bills, and do buy using our credit cards at times, but never on campground servers...........sure, it seem any system can be hacked, and so on......but, I would not make it available to people on a platter..
We use a special link with Verizon on our cell phone that provides our IP for secure transactions..it could be vulnerable as well...but, at least we have not made it easy for the casual hacker..
Campground servers are as safe as any servers for banking. Your session is encrypted on you PC so the campground can't read it. "Secured wifi" has nothing to do with banking or credit card protection. BTW I hope you aren't paying extra for the "special link" as your data and voice are already encrypted - twice if doing banking!
This does however explain why Bank of America issued me a new card recently.
Surely, you are not suggesting that you would or do on-line bill paying, or on-line use of your credit card on unsecured campground servers, are you? I would not think of doing such a thing...
then it's best if you don't.
We go through this debate every few weeks, and nobody can prove anything either way. Bottom line, no internet connection is 100% secure, so do what you feel comfortable with.
* This post was
edited 03/30/12 04:30pm by 2oldman *
The problem with wifi is "man in the middle". I can put a wifi access point, and a proxy server (with VERY special software). You connect ot my wifi, and go to yourbank.com, My server connects to your bank (this is what proxy servers normally do), and makes a second website, just for you, with all the information that yourbank.com sends to my server. - complete with login fields. You have a ssl (encrypted) connection to my server, I have a ssl connection to yourbank.com. All the data that goes from you to your bank passes through my server, and it is not encrypted while I pass it from one ssl to the other. From your end it looks fine, from your banks it looks fine. I have clear text of your password, username, account number, balance, etc. I can log back into your bank as soon as you log off and transfer money from account to account, and (if you bank allows it from the internet) wire money offshore.
magicbus wrote: Campground servers are as safe as any servers for banking. Your session is encrypted on you PC so the campground can't read it. "Secured wifi" has nothing to do with banking or credit card protection. BTW I hope you aren't paying extra for the "special link" as your data and voice are already encrypted - twice if doing banking!
This does however explain why Bank of America issued me a new card recently.
Dave
Dave is correct.
point of admin here. CG do not provide servers. CG do provide wireless access to their internet connection. The reason these CG networks are considered unsecure is that anyone on them might gain access to your computer, NOT your transmissions, and therefore get your personal info from files or databases on your computer.
There are ways to prevent folks from getting onto your computer. First, change the name of your admin account and password protect all access accounts. Disable the guest account. Do not setup automatic log in. If you have files that have personal information, pasword protect them. Do not use the same password on everything and do not use personal info in your passwords.
There are more elaborate ways to protect yourself but you would want to be familiar with virtualization and repeaters for some of them.
May God bless your travels
Me, The Wonderful Wife
and two Spastic Border Collies U.S. Army Retired 2004 Coachmen Aurora, 3480DS 2007 Saturn Outlook, FROG
christopherglenn wrote: The problem with wifi is "man in the middle". I can put a wifi access point, and a proxy server (with VERY special software). You connect ot my wifi, and go to yourbank.com, My server connects to your bank (this is what proxy servers normally do), and makes a second website, just for you, with all the information that yourbank.com sends to my server. - complete with login fields. You have a ssl (encrypted) connection to my server, I have a ssl connection to yourbank.com. All the data that goes from you to your bank passes through my server, and it is not encrypted while I pass it from one ssl to the other. From your end it looks fine, from your banks it looks fine. I have clear text of your password, username, account number, balance, etc. I can log back into your bank as soon as you log off and transfer money from account to account, and (if you bank allows it from the internet) wire money offshore.
Generally, your MITM attack has a problem in that you won't be able to authenticate yourself as the bank. You may intercept the bank's public key, but if you send that to me, you won't be able to decrypt messages because you don't have the bank's private key. If instead you swap your public key for the bank's, then I will receive a warning that the digital certificate is not valid.
It doesn't matter. A smart hacker would simply store your info from the fake site login and give you a generic "We are doing maintenance" message after they snag your log in. No reason to push you through to a real site what so ever. Subsequent log in from the same mac address can push you to the real site to avoid any suspicion. Worst is you'll be coming from a different IP so you'll have to enter security questions all over again. Everything you need to get access to their account.
Checking accounts are easy to clone. Account numbers are usually listed for most banks on statements, digital check copies or even online. Routing numbers are public. Print yourself some checks with the information and have a field day. Credit cards are harder to fake without the 3 digit code from the back and most credit card statements don't include the account numbers.
In addition, free wifi places are easy to clone a SSID and have this running. Does it happen enough to be worried? Probably not. I don't use free wifi regardless I'll hot spot my Android device for wifi on another before use the camp grounds.
* This post was
edited 03/30/12 05:14pm by Aridon *
Offline
