http://www.shoemoney.com/2006/08/06/defcon-to-ses-some-security-issues/ If you read the part about unencrypted stuff (I personally liked the Wall of Sheep), here is a preview: Now how do you send encrypted information over a free wireless network at an airport or hotel or any other free hotspot?
There are a few software based programs out there (like Jiwire Hotspot helper) you can do it with. Or you can connect to a VPN server to encrypt your connection if you have a server or your company operates a VPN server you can connect with. On one of my servers I setup VPN server software so that when I'm away from home I can encrypt all of my connections. Once I connect (unencrypted) to the hotspot I initiate the VPN connection to my server. This creates an encrypted connection to my server and all traffic is routed from my computer, through the hotspot, to my server, and <i>then</i> to the Internet rather than going directly from the hotspot to the internet.
But that download only allows 30 minutes (free version) sadly..Do you know of any other service which is similar to that but with a longer time?
Passwords are still usually sent free-text. The best way to ensure protection is change your password regularly.
If the log on is through the https portion of the site, then the user name and password will be send encrypted. The web client encrypts the data before sending it. The server decrypts it before using it. Wireless networks can also be set up to use encryption. It should be set up this way by default. But sometimes it is not. The sniffers used at DefCon make a point about security. In essense, if you have something worth protecting, do not trust yourself to blind luck to keep it private -- encrypt it. You just never know if someone is listening. It is unfortunate that users need to figure out how to implement security. That should be programmed by default into systems. It will not prevent breaches. But, it will make breaching systems hard work.
But we are talking about wireless hotspots you find in McDonalds, StarBucks or the library..You can't make them secure the channel, instead you need to use a client, any idea what I can use?
I do not believe it is possible to secure a connection via a public hot spot. On my wireless router a shared key is needed for encryption. On a public hotspot, it is not easy and may not be possible to give out a shared key. No coffee shop or restaurant or hotel is going to invest in tech support for people taking advantage of "free" internet access. Most of the time this is not an issue. But, it makes it clear that you should not be visit sites where user names and passwords are passed as clear text. This means that you need to take steps to ensure mail, etc, is moving via encrypted channels -- https pages == or otherwise encrypted. You can quickly see how visiting sites where user names and password are stored in cookies can be a real issue -- unless that site takes steps to encrypt that data before placing it in the cookie. I do not know if we, as webmasters, are properly addressing this issue.
sixty6, this one looks free (registration required), hotspot shield but I haven't tried it so I don't know how well it works.
I guess you can't shield somebody's hotspot. As your laptop is merely a node not the wireless router. The router sets the public key, so you have to hand over data encrypted with that key in order to talk with the router. That means everybody in the network can sniff all your packets. All you need is SSL encryption. That is https instead of http. SSH instead of Telnet. sftp instead of ftp. And, email sent with SSL certificate instead of one sent without certificae. They can sniff all packets but they will never decode them with computing power nowadays.
But can't you shield the information you send out? Otherwise what does this software do: http://anchorfree.com/hotspot-shield/