Don't fall victim to the 'Free Wi-Fi' scam. Those wireless connections could be a trap

Here is a detailed "how-to" article with figures. Download the entire story for specifics.

How to protect yourself at wireless hot spots

Thanks for posting that link!

thanks

How about if the city offers free wi-fi?

Bump to that. Not everybody can be computer whizzes.

Its all over Atlanta not just in airports.

Aren't you opening yourself up to potential problems like child pornography? If one of the guys in the boat does anything illegal with your connection, it will be traced back to you.

In a lot of instances like this, you are guilty even if you can prove your innocence.

_HG

All routers are different, but somewhere in your setup authentication type can be selected. If Shared Key is selected, the Access Point will not be seen on the wireless network except to the wireless clients that share the same WEP key with MAC Addresses "allowed access" as specified in a "Filter List" you determine. In other words you can tell your router specifically what MAC addresses are allowed on your network and even then they still have to have your WEP key to connect. If Open System is chosen, only the wireless clients with the same WEP key will be able to communicate on the wireless network, but the Access Point will be visible to all devices on the network. As far as I know most routers ship in Open System mode, which is still very secure.

This article isn't about the security of your network, it's about how people will freely broadcast their personal information over some one else's router where your information can be captured. Of course we all broadcast over thousands of routers all of the time, but there is a certain feeling of security when it's AT&T, Sprint, Time Warner, Comcast, Charter etc. owning these routers. There are security issues surrounding the giants too, but that's another issue.

Securing you home network is really the most imperative goal. If your network is secured, then someone connecting to your router isn't that big of a deal. Keep in mind that having a secured router doesn't stop outside vermin from infecting your machine.

I can't explain this nearly as well as Steve Gibson: Below is the most typical security hole in computers shipping today and frankly for the last 12+ years. Gibson has a tutorial and directions for securing your computers/network at. http://www.grc.com this information is more specifically at http://www.grc.com/su-bondage.htm

Understanding Adapter, Protocol, and Service Binding

The key to taming your computer's network configuration is understanding what is meant by "binding". For example, we say that a network adapter is bound to TCP/IP or that NetBEUI is bound to File and Printer sharing.

The clearest way of visualizing these "binding" relationships is to organize the various network components into three layers:

The Network Services Layer
contains client and server
services which are used by
the local machine's software:

Client for
Microsoft
Networks

File and Printer
Sharing for
Microsoft Netwk

Microsoft
Family
Logon

The Transport Protocol Layer
contains protocol drivers that
implement various network
communication protocols:

TCP/IP

NetBEUI

IPX/SPX

The Hardware Adapter Layer
contains the actual peripheral
adapters which connect the
system to the external world:

Dial-Up
Adapter

Cable/DSL
Interface

Local Network
Interface

As you can see from this layered perspective, the components in each network layer are isolated and insulated from the components in other layers.

The process known as "binding" bridges the layer
boundaries to interconnect pairs of individual
components residing in adjacent layers.

Faithful to Microsoft's typical philosophy of "we're going to turn everything on so you won't ask us how to", the default bindings for a system with the components shown above would look like this mess:

In other words ... By default EVERYTHING on each layer is BOUND to EVERYTHING on the adjacent layer!

Each red line above represents one "binding" between two network components on adjacent layers. This "binding" allows the two "bound" network components to communicate with each other. The diagram above shows a system with eighteen network bindings.

You don't need to be a rocket scientist to easily see why this is unsafe: The insecure Microsoft networking components — the Client for Microsoft Networks and File and Printer Sharing — are bound to the Internet's worldwide routable TCP/IP protocol, and the TCP/IP protocol is bound to ALL of the system adapters! Thus, anytime this system has any contact with the Internet, the machine's guts are spilling out for the whole world to access!

By comparison, the following binding diagram shows a deliberately minimal binding configuration that provides all the communication required by most Internet users and no more! (Note that this "ultra-minimal" binding is not recommended due to a bug in all versions of Windows 9x ... but more about that on the next page.)

As you might imagine, this configuration is much more secure. And what's amazing is that it still does everything that's needed — but nothing more. As you can see, there's NO WAY for the unsafe Microsoft services to touch the Internet!

To provide for safe Internet communication, the system's TCP/IP protocol is bound to the interfaces that have contact with the Internet. Since the various Internet-using clients like web browsers, eMail and FTP clients, and so forth, do not use or need the Microsoft Networking services, there is absolutely no need to bind those Microsoft services to the Internet's world-wide routable TCP/IP protocol. (They should never have been!)

And what about that stranded IPX/SPX protocol component that's no longer hooked up? Since it's no longer connected to anything it will disappear all by itself after a reboot.

Duh...

_hg

Aren't you opening yourself up to potential problems like child pornography?

No. I'm just one hop in a series of many hops from the point of origin to a floating laptop. I have no more liability than any other node. While it is something I did inquire seriously about, you can ask yourself these simple questions and come up with a common sense answer: Do Starbucks and Denver International Airport have these same potential problems? Do you imagine they had an opinion from their counsel? And finally why would my liability be any more severe than theirs?

You are guilty even if you can prove your innocence. I just had dinner with a rather scholarly judge this evening and I bounced your question off of her thinking that maybe something had changed in the law over the last few years. She responded, and I quote: "Your reasoning is correct [HG], but tell me, where in this country is a man guilty even though his innocence can be proven?"

As a humorous anecdote I just directed a fellow freeper in this very thread to this site: http://www.grc.com/su-bondage.htm It's not what it sounds like, trust me.

Use a WEPA-encrypted secure connection AND never give out your home network password to anyone. And keep your hardware firewall turned on and you should be safe from hackers and the nasties.