Warning

 

Close

Confirm Action

Are you sure you wish to do this?

Confirm Cancel
Member Login

Posted: 10/29/2013 8:30:29 AM EST
Like, if you go to Starbucks or McDonalds and log in to ARFCOM or email or whatever, do you then change your password for security reasons once you're back on a trusted network?
Link Posted: 10/29/2013 8:31:46 AM EST
Why would you connect to public Wi-Fi? Do you also fuck prostitutes?
Link Posted: 10/29/2013 8:32:01 AM EST
Do you even SSL, bro?
Link Posted: 10/29/2013 8:43:05 AM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By Undefined:
Do you even SSL VPN, bro?
View Quote


FIFY
Link Posted: 10/29/2013 8:45:47 AM EST
I change my passwords after I use my home wi-fi network. You can't be too careful.
Link Posted: 10/29/2013 9:02:17 AM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By Fat_McNasty:


FIFY
View Quote View All Quotes
View All Quotes
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By Fat_McNasty:
Originally Posted By Undefined:
Do you even SSL VPN, reverse SSH tunnel + squid proxy bro?


FIFY

FIFY
Link Posted: 10/29/2013 9:03:22 AM EST
just buy a new computer after every time
Link Posted: 10/29/2013 9:04:12 AM EST
I don't log into anything important over a public connection without a VPN established.
Link Posted: 10/29/2013 9:04:46 AM EST
I usually just rub a USB cord along my taint and tell myself it will all be ok
Link Posted: 10/29/2013 9:07:26 AM EST
I just tether to my phone.
Link Posted: 10/29/2013 9:14:59 AM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By peekay:
I don't log into anything important over a public connection without a VPN established.
View Quote


What about the password for the VPN?
Link Posted: 10/29/2013 10:59:03 AM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By LuckyDucky:


What about the password for the VPN?
View Quote View All Quotes
View All Quotes
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By LuckyDucky:
Originally Posted By peekay:
I don't log into anything important over a public connection without a VPN established.


What about the password for the VPN?


If they got that just from me logging onto their hotspot, I got far bigger problems than individual site passwords.
Link Posted: 10/29/2013 5:37:44 PM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By peekay:
I don't log into anything important over a public connection without a VPN established.
View Quote



what do you consider non-important....?
Link Posted: 10/29/2013 5:39:09 PM EST
I don't connect to public wifi.
Link Posted: 10/29/2013 5:42:03 PM EST
I don't ever use the internet.
Link Posted: 10/29/2013 5:43:11 PM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By Andr0id:


If they got that just from me logging onto their hotspot, I got far bigger problems than individual site passwords.
View Quote View All Quotes
View All Quotes
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By Andr0id:
Originally Posted By LuckyDucky:
Originally Posted By peekay:
I don't log into anything important over a public connection without a VPN established.


What about the password for the VPN?


If they got that just from me logging onto their hotspot, I got far bigger problems than individual site passwords.

+ 1

I VPN whenever I am away from home. Is it possible to snatch my VPN info? Maybe, but it is an acceptable risk to ensure I can browse freely. My VPN connects to nothing but internet. By default it can't see anything else on my network. Of course this is because when I am away from home there isn't anything else on my network
Link Posted: 10/29/2013 5:45:21 PM EST
What is everyone using for a VPN?
Link Posted: 10/29/2013 5:45:39 PM EST
What's VPN?
Link Posted: 10/29/2013 5:50:18 PM EST
[Last Edit: 10/29/2013 5:50:28 PM EST by LuckyDucky]
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By aquaman67:
What's VPN?
View Quote


Virtual Private Network
Link Posted: 10/29/2013 5:54:28 PM EST
I don't use public wifi.
Link Posted: 10/29/2013 6:11:16 PM EST
what is Wi-Fi?
Link Posted: 10/29/2013 6:27:01 PM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By nobodyg17:
What is everyone using for a VPN?
View Quote


I use one of these:



Asus RT-N66U with dd-wrt on it.
A little configuring, and it's a perfect VPN server. Actually, the default Asus firmware supports hosting a VPN, but dd-wrt gives a lot more flexibility elsewhere.
Link Posted: 10/29/2013 6:28:51 PM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By LuckyDucky:

What about the password for the VPN?
View Quote View All Quotes
View All Quotes
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By LuckyDucky:
Originally Posted By peekay:
I don't log into anything important over a public connection without a VPN established.

What about the password for the VPN?

smarter people than you devised a scheme so even the password during VPN session setup is not transmitted in the clear.

google CHAP, for example.

ar-jedi


Link Posted: 10/29/2013 6:29:08 PM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By nobodyg17:
What is everyone using for a VPN?
View Quote

http://www.ar15.com/forums/t_1_124/1522299_Personal_VPN.html&page=2#i42350304

ar-jedi
Link Posted: 10/29/2013 6:30:27 PM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By ar-jedi:

smarter people than you devised a scheme so even the password during VPN session setup is not transmitted in the clear.

google CHAP, for example.

ar-jedi


View Quote View All Quotes
View All Quotes
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By ar-jedi:
Originally Posted By LuckyDucky:
Originally Posted By peekay:
I don't log into anything important over a public connection without a VPN established.

What about the password for the VPN?

smarter people than you devised a scheme so even the password during VPN session setup is not transmitted in the clear.

google CHAP, for example.

ar-jedi




There are some people dumb enough to set up their vpn authorization in the clear
Link Posted: 10/29/2013 6:30:36 PM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By Zack3g:


I use one of these:

http://img.photobucket.com/albums/v632/zack3gpics/d6c8d977.jpg

Asus RT-N66U with dd-wrt on it.
A little configuring, and it's a perfect VPN server. Actually, the default Asus firmware supports hosting a VPN, but dd-wrt gives a lot more flexibility elsewhere.
View Quote View All Quotes
View All Quotes
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By Zack3g:
Originally Posted By nobodyg17:
What is everyone using for a VPN?


I use one of these:

http://img.photobucket.com/albums/v632/zack3gpics/d6c8d977.jpg

Asus RT-N66U with dd-wrt on it.
A little configuring, and it's a perfect VPN server. Actually, the default Asus firmware supports hosting a VPN, but dd-wrt gives a lot more flexibility elsewhere.


Thanks. That looks like a nice router. That lets you VPN through your home router from any internet connection? I thought most people were using a VPN server somewhere offsite in order to hide info on their browsing habits.
Link Posted: 10/29/2013 6:31:36 PM EST
[Last Edit: 10/29/2013 6:33:17 PM EST by ar-jedi]
Originally Posted By leafinthewind:
Like, if you go to Starbucks or McDonalds and log in to ARFCOM or email or whatever, do you then change your password for security reasons once you're back on a trusted network?
View Quote

no. enable VPN, per above. thereafter all WiFi traffic to/from my iPhone is encrypted.

ar-jedi
Link Posted: 10/29/2013 6:32:30 PM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By Zack3g:

There are some people dumb enough to set up their vpn authorization in the clear
View Quote View All Quotes
View All Quotes
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By Zack3g:
Originally Posted By ar-jedi:
Originally Posted By LuckyDucky:
Originally Posted By peekay:
I don't log into anything important over a public connection without a VPN established.

What about the password for the VPN?

smarter people than you devised a scheme so even the password during VPN session setup is not transmitted in the clear.
google CHAP, for example.
ar-jedi

There are some people dumb enough to set up their vpn authorization in the clear

i think that you have to work hard to end up with such a configuration.

ar-jedi
Link Posted: 10/29/2013 6:33:16 PM EST
Discussion ForumsJump to Quoted PostQuote History
View Quote View All Quotes
View All Quotes
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By ar-jedi:
Originally Posted By nobodyg17:
What is everyone using for a VPN?

http://www.ar15.com/forums/t_1_124/1522299_Personal_VPN.html&page=2#i42350304

ar-jedi


Thanks. I found the information I was looking for in a post there.
Link Posted: 10/29/2013 6:34:59 PM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By nobodyg17:


Thanks. That looks like a nice router. That lets you VPN through your home router from any internet connection? I thought most people were using a VPN server somewhere offsite in order to hide info on their browsing habits.
View Quote View All Quotes
View All Quotes
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By nobodyg17:
Originally Posted By Zack3g:
Originally Posted By nobodyg17:
What is everyone using for a VPN?


I use one of these:

http://img.photobucket.com/albums/v632/zack3gpics/d6c8d977.jpg

Asus RT-N66U with dd-wrt on it.
A little configuring, and it's a perfect VPN server. Actually, the default Asus firmware supports hosting a VPN, but dd-wrt gives a lot more flexibility elsewhere.


Thanks. That looks like a nice router. That lets you VPN through your home router from any internet connection? I thought most people were using a VPN server somewhere offsite in order to hide info on their browsing habits.


Right. I use it when I'm on public wifi to A) prevent, or seriously hinder snooping attempts, and B) get around internet filtering.
Link Posted: 10/29/2013 6:37:56 PM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By Zack3g:


I use one of these:

http://img.photobucket.com/albums/v632/zack3gpics/d6c8d977.jpg

Asus RT-N66U with dd-wrt on it.
A little configuring, and it's a perfect VPN server. Actually, the default Asus firmware supports hosting a VPN, but dd-wrt gives a lot more flexibility elsewhere.
View Quote View All Quotes
View All Quotes
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By Zack3g:
Originally Posted By nobodyg17:
What is everyone using for a VPN?


I use one of these:

http://img.photobucket.com/albums/v632/zack3gpics/d6c8d977.jpg

Asus RT-N66U with dd-wrt on it.
A little configuring, and it's a perfect VPN server. Actually, the default Asus firmware supports hosting a VPN, but dd-wrt gives a lot more flexibility elsewhere.

Nice. Have you checked out the RTAC68U?
Link Posted: 10/29/2013 6:39:59 PM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By AlamTX:

Nice. Have you checked out the RTAC68U?
View Quote View All Quotes
View All Quotes
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By AlamTX:
Originally Posted By Zack3g:
Originally Posted By nobodyg17:
What is everyone using for a VPN?


I use one of these:

http://img.photobucket.com/albums/v632/zack3gpics/d6c8d977.jpg

Asus RT-N66U with dd-wrt on it.
A little configuring, and it's a perfect VPN server. Actually, the default Asus firmware supports hosting a VPN, but dd-wrt gives a lot more flexibility elsewhere.

Nice. Have you checked out the RTAC68U?


Just looked up the specs. That thing is insane.
Link Posted: 10/29/2013 6:44:14 PM EST
[Last Edit: 10/29/2013 6:52:37 PM EST by CsHoSi]
Originally Posted By Fat_McNasty:
Originally Posted By Undefined:
Do you even SSL VPN, bro?
View Quote


FIFY
View Quote


VPN FTW.

But I voted only generic sites as I don't log into any accounts outside trusted sources.

I have my router/firewall locked down to SSH/VPN by source IP dynamically, and today I had a bad day as I forgot a DNS account password to update a dynamic remote IP from location I haven't used in months. Finally figured it out and updated to new IP, my router resolves every 15 minutes, GTG.

PuTTY and dynamic tunnel/socks5 if you don't want to setup VPN. Make sure to enable network.proxy.socks_remote_dns (in FireFox, at least) as well.

Also, I ran dd-wrt on a consumer fancy-gear appliance for quite awhile; it works, but sucks. Different layout then most Linux OS. Iptables sucks anyways. OpenBSD PF please.

ETA: Biggest problem with dd-wrt and most consumer NAT routers in the past has been NAT port-forwarding bug. Get enough ports forwarding and it starts sending outside ports to the wrong inside ports. They have kept trying to fix it, but it keeps coming back. Even if they have it fixed solid now, I have no use for their inferior OS.
Link Posted: 10/29/2013 6:44:40 PM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By ar-jedi:

no. enable VPN, per above. thereafter all WiFi traffic to/from my iPhone is encrypted.

ar-jedi
View Quote View All Quotes
View All Quotes
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By ar-jedi:
Originally Posted By leafinthewind:
Like, if you go to Starbucks or McDonalds and log in to ARFCOM or email or whatever, do you then change your password for security reasons once you're back on a trusted network?

no. enable VPN, per above. thereafter all WiFi traffic to/from my iPhone is encrypted.

ar-jedi



OK, but if I understand this system as you describe it, there is a smartphone involved to "dial up" your home network...right?..What if I'm using a laptop...would I have to get some kind of 3G card or something?
Link Posted: 10/29/2013 6:49:02 PM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By leafinthewind:



OK, but if I understand this system as you describe it, there is a smartphone involved to "dial up" your home network...right?..What if I'm using a laptop...would I have to get some kind of 3G card or something?
View Quote View All Quotes
View All Quotes
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By leafinthewind:
Originally Posted By ar-jedi:
Originally Posted By leafinthewind:
Like, if you go to Starbucks or McDonalds and log in to ARFCOM or email or whatever, do you then change your password for security reasons once you're back on a trusted network?

no. enable VPN, per above. thereafter all WiFi traffic to/from my iPhone is encrypted.

ar-jedi



OK, but if I understand this system as you describe it, there is a smartphone involved to "dial up" your home network...right?..What if I'm using a laptop...would I have to get some kind of 3G card or something?


Your laptop should be able to connect to a VPN.

Google this:

Set up VPN (insert your operating system here)
Link Posted: 10/29/2013 6:49:32 PM EST
Can someone give a serious answer to a non-computer professional?

Is it very bad to use passwords on a public wifi?

I travel all the time, and I've been doing it for more than a decade. Do I need to quit cold turkey.

Can someone on a public wifi steal all your info, or just the passwords you type in?
Link Posted: 10/29/2013 6:52:47 PM EST
[Last Edit: 10/29/2013 6:58:16 PM EST by ar-jedi]
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By BillofRights:
Can someone on a public wifi steal all your info, or just the passwords you type in?
View Quote

all traffic to/from your WiFi-connected smartphone or laptop can be sniffed for personal data, passwords, etc.

note that information transferred within an SSL session, e.g. Gmail using https://, can not be recovered.

the whole idea of using a VPN is to encrypt EVERYTHING coming/going from your client endpoint.
the other end of the VPN (aka the server) is either (a) a home router set up by you to do this, or (b) a service that provides this for a monthly fee.

in the case of (a), your endpoint traffic is encrypted on your smartphone/laptop, transmitted to your home, decrypted by the VPN server function running on a router supporting this, and then transmitted to the internet. for all intents and purposes it works as if you were surfing from home, not the coffee shop.

in the case of (b), it's similar but the VPN server function is done by a commercial company, and you are using their internet connection for traffic.

ar-jedi
Link Posted: 10/29/2013 6:58:37 PM EST
I only use public wifi with an Ipad so it shouldn't affect me, right?
Link Posted: 10/29/2013 7:00:49 PM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By ContrarianIndicator:
I only use public wifi with an Ipad so it shouldn't affect me, right?
View Quote


That depends on how much you value your information.

Anything sent on a public wireless connection can be intercepted by anyone else connected to it.

Or by a router set up as a repeater and doing the whole man in the middle thing.
Link Posted: 10/29/2013 7:01:24 PM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By Windustsearch:
I don't ever use the internet.
View Quote

Link Posted: 10/29/2013 7:01:39 PM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By ContrarianIndicator:
I only use public wifi with an Ipad so it shouldn't affect me, right?
View Quote

why do you think this?


ar-jedi
Link Posted: 10/29/2013 7:06:11 PM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By ar-jedi:

all traffic to/from your WiFi-connected smartphone or laptop can be sniffed for personal data, passwords, etc.

note that information transferred within an SSL session, e.g. Gmail using https://, can not be recovered.

the whole idea of using a VPN is to encrypt EVERYTHING coming/going from your client endpoint.
the other end of the VPN (aka the server) is either (a) a home router set up by you to do this, or (b) a service that provides this for a monthly fee.

in the case of (a), your endpoint traffic is encrypted on your smartphone/laptop, transmitted to your home, decrypted by the VPN server function running on a router supporting this, and then transmitted to the internet. for all intents and purposes it works as if you were surfing from home, not the coffee shop.

in the case of (b), it's similar but the VPN server function is done by a commercial company, and you are using their internet connection for traffic.

ar-jedi
View Quote View All Quotes
View All Quotes
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By ar-jedi:
Originally Posted By BillofRights:
Can someone on a public wifi steal all your info, or just the passwords you type in?

all traffic to/from your WiFi-connected smartphone or laptop can be sniffed for personal data, passwords, etc.

note that information transferred within an SSL session, e.g. Gmail using https://, can not be recovered.

the whole idea of using a VPN is to encrypt EVERYTHING coming/going from your client endpoint.
the other end of the VPN (aka the server) is either (a) a home router set up by you to do this, or (b) a service that provides this for a monthly fee.

in the case of (a), your endpoint traffic is encrypted on your smartphone/laptop, transmitted to your home, decrypted by the VPN server function running on a router supporting this, and then transmitted to the internet. for all intents and purposes it works as if you were surfing from home, not the coffee shop.

in the case of (b), it's similar but the VPN server function is done by a commercial company, and you are using their internet connection for traffic.

ar-jedi



OK, so if I sign into Amazon, it's using their HTTPS log on, so I should be safe...right?
Link Posted: 10/29/2013 7:06:25 PM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By nobodyg17:
What is everyone using for a VPN?
View Quote

OpenVPN here.
Link Posted: 10/29/2013 7:12:11 PM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By leafinthewind:
OK, so if I sign into Amazon, it's using their HTTPS log on, so I should be safe...right?
View Quote

that's the general idea, yes. only pages, and page elements, using https are encrypted end-to-end and ideally not recoverable by someone sniffing in the middle.

note that there are firewall/security products that can sniff SSL-protected sessions (https://...), but these are usually out of the budget range of your typical Starbucks. these sorts of https gateways are typically employed by corporations to keep their employees in check, prevent intellectual property leaks, and "other".

ar-jedi
Link Posted: 10/29/2013 7:46:18 PM EST
Originally Posted By leafinthewind:
Originally Posted By ar-jedi:
Originally Posted By BillofRights:
Can someone on a public wifi steal all your info, or just the passwords you type in?
View Quote

all traffic to/from your WiFi-connected smartphone or laptop can be sniffed for personal data, passwords, etc.

note that information transferred within an SSL session, e.g. Gmail using https://, can not be recovered.

the whole idea of using a VPN is to encrypt EVERYTHING coming/going from your client endpoint.
the other end of the VPN (aka the server) is either (a) a home router set up by you to do this, or (b) a service that provides this for a monthly fee.

in the case of (a), your endpoint traffic is encrypted on your smartphone/laptop, transmitted to your home, decrypted by the VPN server function running on a router supporting this, and then transmitted to the internet. for all intents and purposes it works as if you were surfing from home, not the coffee shop.

in the case of (b), it's similar but the VPN server function is done by a commercial company, and you are using their internet connection for traffic.

ar-jedi
View Quote



OK, so if I sign into Amazon, it's using their HTTPS log on, so I should be safe...right?
View Quote


I'm too drunk/tired to cite right now, but the tech is out there to Man-in-the-middle attack encryption schemes in transparent proxy devices. Mostly service providers (NSA) or employers and not random hackers. You have to be able to trust your Internet providers. It would be safer to encrypt any message before transmission, and exchange keys in person. Dammit, I tried briefly and can't find anything, censored or drunk?

Anyways, it's secure enough for most uses. If any nefarious use becomes of your secure Internet ordering, like my first BCG at WMD , it's most likely because someone hacked their server and caught everything after it was decrypted. Not likely at Amazon.
Top Top