Wifi

[Guest pelmetman]

Not technicaly a motorhome question :D

 

I know its not wise to access your online bank through the camp site wifi, but as my dongle dont seem to work here, I have been able to connect through my mobile....................is this secure enough (?)

[Robinhood]

pelmetman - 2011-01-03 12:31 PM Not technicaly a motorhome question :D I know its not wise to access your online bank through the camp site wifi, but as my dongle dont seem to work here, I have been able to connect through my mobile....................is this secure enough (?)

AFAIU, if you are connecting throughout a transaction via a dialogue secured by SSL (Secure Sockets Layer), generally identified by an HTTPS site and the padlock in your browser, then the data transmitted is secured by encryption that is in place between your PC and the server to which you are connected (end-to-end).

WIFI with encryption of course, (without the use of SSL), only encrypts your data between the PC and the WIFI access point, anything beyond that (on the wired network) will be in the clear.

SSL is implemented such that data is not in the clear anywhere on the network. Hence most (if not all) banks use SSL to protect banking transactions.

As a result, banking transactions over WIFI should be secure anyway - though you should check whether all of your banking transaction is SSL protected (HTTPS in the URL for each page, and the padlock sign). For banking, I would be very surprised if it weren't. (essentially, the data is encrypted before any transmission over WIFI, and therefore the use of WIFI, with encryption or not, is irrelevant).

Note, however, that some types of transactions only protect certain steps in the process. For instance, my login to the webmail interface of my email protects the password dialogue with SSL via an HTTPS URL, but once this is completed, it drops back to clear for the actual email transactions. I understand this is common for webmail interfaces, but not for banking.

As far as mobile is concerned, whether it is or isn't secure will depend on how are you connecting. 

[Klyne]

I have used campsite WiFi for years to access bank and credit card accounts online. As well as what has already been mentioned it would be wise to make sure you have a good internet security program as well.

 

David

[Mel B]

Don't forget if you are in France still you'll probably be charged international roaming rates/broadband usage for your mobile too!!! 8-)

[Brian Kirby]

pelmetman - 2011-01-03 12:31 PM Not technicaly a motorhome question :D I know its not wise to access your online bank through the camp site wifi, but as my dongle dont seem to work here, I have been able to connect through my mobile....................is this secure enough (?)

Irrespective of the security issue, unless your mobile phone contract includes data use, you will be likely to find the cost of doing as you are very high.  It will also be rather slow. 

How secure WiFi connections are depends on the level of sophistication of a potential eavesdropper.  My untutored feeling is that you are unlikely to encounter highly sophisticated eavesdroppers on campsites, or at random locations such as this, or that, Starbucks of McD.  Places where many folk gather, possibly with financial or other "interesting" transactions to make, would be a better place to deploy your sophisticated gear in the hope of getting lucky, than would the average campsite or wherever out in the sticks.  Unless, of course, the operator of the WiFi network has himself installed eavesdropping software to listen in to all visitor traffic.  Still seems a very remote possibility to me though, so I wouldn't think the risk of intercept particularly great just from WiFi use.

[Robinhood]

Brian Kirby - 2011-01-03 1:31 PM

Unless, of course, the operator of the WiFi network has himself installed eavesdropping software to listen in to all visitor traffic.  Still seems a very remote possibility to me though, so I wouldn't think the risk of intercept particularly great just from WiFi use.

...but as I've posted above, even if this were to happen, all that would be 'sniffed' for most (all?) banking transactions would be a data stream already encrypted end-to-end with SSL technology which cannot be cracked without the bank's 128 bit encryption key. (which is, of course, not available).   ;-)

(Essentially, the technology in use is there to ensure that the data cannot be captured even by 'jumping' the wired network somewhere in 'the cloud'. Most transmitted data does not use SSL, and is in 'clear', and readily capturable within the cloud)

[Guest pelmetman]

Thanks people :-D I knew the forum would be the font of all knowledge.

 

Had to come back in the camper as my bald patch is burning, and er in doors forgot to pack my hat 8-) looks like knotted hankie time (lol)

 

PS. I've got norton 360 which was recommended to me as we take credit cards for the business :D

[Brian Kirby]

Robinhood - 2011-01-03 1:52 PM

Brian Kirby - 2011-01-03 1:31 PM

Unless, of course, the operator of the WiFi network has himself installed eavesdropping software to listen in to all visitor traffic.  Still seems a very remote possibility to me though, so I wouldn't think the risk of intercept particularly great just from WiFi use.

...but as I've posted above, even if this were to happen, all that would be 'sniffed' for most (all?) banking transactions would be a data stream already encrypted end-to-end with SSL technology which cannot be cracked without the bank's 128 bit encryption key. (which is, of course, not available).   ;-)

.............

All I can say is that a web search on "SSL vulnerability" suggests the imperatives may be a bit misplaced.  I profess no particular encryption or technological knowledge, so cannot argue the point on those grounds.  However, if data, such as internet banking passwords, is potentially valuable, there will be people around who wish to obtain it, and there will be others who look for ways to supply them.

My simple web search suggests that SSL is not quite the last word in security the banks wish us to believe (there apparently being at least two superior encryption methods), that vulnerabilities have been found in the past and plugged, and that SSL is no longer regarded as quite a "bomb proof" as it was initially.

Simply stated, this is a kind of warfare where each side - the "good guys" and the "bad guys" - are engaged in a struggle for supremacy, and where, from time to time, the lead changes sides.  So, while one's chances of being eavesdropped by a "man-in-the-middle" while using WiFi from a campsite must be judged extremely remote, they are not quite zero, nor can they ever be.  What one man can invent, another can crack.  'Twas ever thus.

Someone, somewhere, is working on it at this very minute.  Do as little internet banking as possible.  Be afraid, be very afraid!  :-D

[Robinhood]

Brian Kirby - 2011-01-03 4:47 PM

All I can say is that a web search on "SSL vulnerability" suggests the imperatives may be a bit misplaced.  I profess no particular encryption or technological knowledge, so cannot argue the point on those grounds.  However, if data, such as internet banking passwords, is potentially valuable, there will be people around who wish to obtain it, and there will be others who look for ways to supply them.

In the not so recent past I implemented a certificate authority using PKI capabilites to provide security in this area, so I do have some background and a fundamental understanding - but I certainly do not consider myself a security expert.  :-)  (The ones I worked with I considered as being somewhat over the line of being mad).

There certainly are vulnerabilities in using banking transactions, and implementation of SSL alone certainly won't remove those vulnerabilities. (For instance, trojans or key-loggers on your PC, or rogue sites spoofing bank home pages - there have been some interesting browser hijack vulnerabilites in this area as of late).

All encryption methods carry some risk of ultimately being cracked, or from exploits in the code used to implement them, but banking transactions using SSL are mostly at risk from the types of sideways attacks set out above, or poor implementation of the technology at the server end. The banks are (as you would expect), usually pretty careful in this area.

The use of technology brings its own problems, the point I was making, however, was that people are generally less worried about accessing bank sites via a wired (or secured personal wireless) network than they are via an unsecured public wireless network.

The basic level of security in question here is effectively defined by 128 bit SSL encryption, and this is in place (in general) for banking transactions over all such networks, including the unsecured wireless network.

Hence the inherent risk of running banking transactions over (even unsecured) wifi is very little more (if any) than doing this from home.

Since it is simple to 'sniff' an unsecured wireless network, other (non-SSL protected) data transmitted over such a network is much more at risk, and I certainly would be careful about any personal data transmitted in such a manner.

(It would also relatively easy for a professional hacker to 'sniff' a wired network, hence the use of SSL by banks etc. to ensure the data is encrypted at all points in the cloud between your PC and their server) 

[Brian Kirby]

Which, far better explained than I could have managed, is all that I was seeking to say.  It is good, but not reliably perfect, and should be used with due caution.  The chance of being "cracked" is very slight, but it should be accepted that it is not impossible for something of the sort to happen, so one should be a bit selective about where, and when, one accesses the internet via WiFi for anything sensitive.