Here's why connecting to open WiFi networks is extremely risky, and what you can do about it! More Tech Discussions ▶ • Tech Discussions Subscribe Here ▶ goo.gl/1TuHyY My Twitter ▶ / thiojoe ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
actually in WPA2 data is encrypted using the password, a random number and the Mac address of each computer... even if someone knows the password for the wifi they still have different encryptions for each PC
I am angry that people are out there doing this crap, but I am VERY thankful for people like you that are trying to protect those who weren't born with the IT gene.
wifi at the gym is for online radio/music/podcast and perhaps a short whatsapp message. If you're using it for anything else you probably shouldn't be at the gym at all. GET OFF THE MACHINE, NERD!
Thio, the reality that some one would use a middle man type attack like that is very slim. I do it all the time at my local Starbucks and just display its faulty security. Even tho you are 100% correct in every way, I dont think the average user should be worried. None the less I hope people have the common sense not to use anything confidential or extremely personal to them in a public place...
Oh I did and have several times. Finding a usable free US based VPN service is pretty much impossible. Sites that list services that are free end up not being really free. It's either subscriptions, limited bandwidth, or you pay if you use it a lot. Very few are available that start and end in the USA. That's why I wanted YOU to name five as I couldn't find anything decent myself.
krmax44 The Chicago site hasn't been up for months. The Miami site is useless due to speed constraints. 0.74mb down and 2.16mb up. If I hit Miami directly without vpn I get 135.14mb down and 12.62mb pup. The other options are not in the USA. I would get better speeds on a Edge/3G phone. Tunnelbear's free option only allows 500mb of download a month. I can do gb's in an hour. Basically what it comes down to is there is NO free vpn out that that is useful. So your statement "there are plenty of free and fast VPN servers out there." doesn't seem to hold water, unless I'm missing something.
ThioJoe, first and foremost thank you so very much for this great educational video. I learned a lot from it, and I also want to thank you for letting everyone of us who watched this video know what VPN service you use when traveling. I am going to check it out for myself, and I am also going to tell others about it.I also want to personally and gratefully thank you for taking the time to make all the videos that you do. I know that you are taking time out of your very busy schedule to help and educate all of us not just on technology, but also on what it can or cannot do for us.Sincerely,DP
I'm really glad I landed on your channel! I don't know what are your resources or where you get all this relevant information from, but I'm really happy that you keep me updated with the technology field! Thumb up
As someone who subbed after watching the "fake tech videos" I feel like your new content has potential but it's kind of bland right now. Instead of just talking about it for 10 minutes, you should set up a lab even if its just a virtual one and demonstrate the different kinds of attacks. Your videos need to be more "hands on". Also you should make a video about password managers that save passwords in clear text (like firefox) Never save passwords in Firefox!!
Interesting topic. What do you think of the plug in HTTPS EVERYWHERE? Seems like a great idea, to try to connect to sites with HTTPS, though it isn't a guarantee. As for VPN's is there any reason to use one while you are home on a secure network? Will it give you extra security? My problem with VPN's is that they tend to be very slow, so I was wondering, is flashing your router with Tomato or some other open source stuff and putting the VPN on your Router, any faster? Or what about the few VPN or Tor devices that are just for that purpose, I think there was one called tiny vpn, but the latest thing I have seen is the anonabox, it's a bit pricy, but do you think that it would help with speed, or are just as good with the VPN that you put on your PC. I tried the VPN you mentioned and I really seemed to like that one. I want to try Nord, as I here good things about that. My problem is speed.
Absolutely agree. These days snoopers can attack from anywhere. This is the exact reason why I installed purevpn to keep myself safe as i have to travel alot in my job and sometimes i have no choice but to use public wifi
Each client gets a unique key when they handshake to the AP so it's not as simple as taking the passphrase and decrypting the traffic... It's true, however if you were connected to the network BEFORE the victim you can capture the handshake and therefore get the unique key for that client... If they were already connected, you can't just decrypt their traffic.
There's AP isolation, which is a setting to prevent clients from connecting directly to one another (which breaks LAN games) but still it isn't encrypted and can be snooped. As for VPNs you can create your own with a DD-Wrt powered router and/or a server instead of paying, so that it goes through your home connection which is helpful/useful for people with "TV-to-go" services and such, as it appears you're actually connected to your home internet/network; you can also interact with connected devices in your home as if you were there and still is secure.
Thio, you forgot one. Even on a strictly wired connection, someone can connect, see what MAC addresses are in use, spoof their MAC to anyone else's who's connected, and use Wireshark to see all connection activities. That's the simple answer anyway
is still posible to make man in the middle attack.. the router used by the hacker has to take the https response from the website and make it like its own https response with a home made ssl certificate.. the vicitim will see the @not secure site@.. a lot of poeple will still enter the site..
If they were spying on you while on a secure connection, and smart about it, they would most likely have a passive wifi card and running a linux like OS (Kali Linux would be best, it used to be called BackTrack), and they would kick you off a couple times, randomly, so that when you computer goes to reconnect, they can grab your key so they can get onto the network. As for the free hotspot, I believe Thio under sold it. Almost 10 years ago, at a DefCon (hackers convention usually hosted in vegas), a couple of the Hackers were going over one of the fun new toys they had built. Now, obviously, they were not using it for illegal reasons, mainly because they would have been easily caught AFTER they released their findings (more explained on that later) and because, for them, they were just playing around to see what they could do and had no malicious intentions. There new toy was a HEAVILY modified old army surplus drone. They put a light, linux based, computer onboard with a mobile data connection, a Hamradio which one of them had license for (and why they would have been tracked down so easily after they released what they did if they did do anything malicious) and several different wifi connections. With this, they were able to fly over a starbucks and redirect ALL network traffic through the drone. This means that when you would go to connect to the router, you would actually connect to the drone, and then send the data to the drone - like an extra router. Because of this, if they wanted, they could have done ANYTHING to ANY machine connected to the network. They could have modified the login screen to include a script to force you to pay, making you think you would have been paying starbucks for internet when in reality you just gave money to a hacker, along with all the personal information that they would need to use the card you used. So yea, public wifi is a really bad idea.
My router is always protected by a complicated pwd that I change monthly (and I don't give it out). I also filter by MAC address and the house was wrapped when built so the wifi signal doesn't penetrate the outside walls. I feel pretty safe. :)
also, here's a fun one. If someone is using super old computers for any reason that does not have shielding built into any of the wires, there's good ole van Eck phreaking
The router password isn't the decryption key. Every new connection generates a new set of keys, even if that device previously connected to that WAP that session gets new keys.
I would suggest building your own VPN server on a reputable cloud hosting company like Amazon or DigitalOcean if you can. Much more expensive, but actually a bit more secure as you can rotate the keys as you like.
This was the biggest opportunity to partner up with Tunnel Bear or something and he wasted it... But props for not being a sellout. Now, rewatching with adblock disabled.
I been using PIA for a few years now...connects quickly with good speed & I've used it in the US as well as Russia with no problem. $40 a year, and I can attest 100% without a doubt they do not log traffic.
love your vids ^_^ I can't seem to remember your upload schedule, but I have the bell clicked so I receive notifications as soon as a new one is released.
I've found two browsers for Android with integrated VPN. One is Tenta Private, its VPN is activated even while the browser is not being used. The other one is Aloha; its VPN is activated only while using the browser.
My former landlord didn't mind having an insecure wifi, even when he knew the next door neighbor sat against the wall of the house and piggybacked off of ours. He later saw the need for password security, & it sure made me feel more secure!
3:18 - Wrong. MITM is impossible on TLS/SSL because the certificate has to be valid and issued to the domain that you own. And even if you try to redirect them to an HTTP website via DNS spoofing, there's HSTS for that.
I have been using Private Internet Access VPN for years. All Wifi connections are encrypted by 256 AES. At $39.95 a year, it is great. I use it on my iPhones iPads Desktops, etc. No logs, fast, never a worry. Best security money I ever spent.
Wait, if you connect to a "Starbacks" instead of the Starbucks. Meaning, there is a fake hotspot set up. Then you open the VPN, wouldn't the owner of the hotspot also have access to whatever you send to the VPN before it is encripted? or wouldn't he have the key that the VPN sends to you?
Whenever I can I use public WLAN together with a SSL-VPN over my own internet connection at home (although it's slow at times). Unfortunately more and more public WLANs disable a lot of ports, so the hack is to use VPN over HTTP ports (80, 443).
This is why I pre-download what I plan to watch/listen to/read for offline use the day or two before I leave and keep the device in Airplane Mode. (Also, the coffee shop options around here are extremely limited.)
But how about that brief moment between, when you connected to the wi-fi, and the VPN is established? That brief moment is not secure. Whatb should be done?
thats why alot of open wifi spots wont be secured but you have to either agree to terms before you access which probably has some sort of snooping allowed on you. or you have to downright register which is highly draconian and will never do. only use open free wifi for places like youtube, or drudge, or reddit. in other words dont do work on free wifi
If you are technically inclined, you can setup a VPN server at home. Personal VPN server would be free and you know for sure that no one is looking at the data going through it.
I NEVER do any banking or shopping from public WiFi spots. Unless there's a hard line Ethernet connection in the hotel, I play it safe and do do anything important.
ThioJoe, I have a question. How do you get your body in focus and the background out of focus in your videos? Is it a function on your camera or do you do it in post editing? Please let me know, thanks.
Aloha ThioJoe, Appreciate the info... just wondering if the same applies when I sit in a parking lot or otherwise and connect to my [example] banking website without connecting to a Wi-Fi connection from my phone. Am I still vulnerable to hackers in the same way?
If you have a spare computer and upload speed is good enough from your internet provider you can run OpenVPN from that at your own house and connect to that from public wifi, that is if you really must connect to public wifi
The thing is, you cannot fake a website URL that is protected by SSL. If you connect to a malicious WIFI and try to spoof an URL your browser would say that the SSL certificate for that URL is not signed by an official Certificate Authority. Now if you ignore that warning then yes, you're screwed. Ignoring Certificate warnings is what makes you vulnerable to man in the middle attacks. What is much more dangerous than Hotel WIFI, is Company WIFI, because admins usually have access to your computers certificate store. Admins can install any root certificate they want on your work computer via active directory, group policies etc. That means your company admin can create fake websites that your browser and work computer would trust, no questions asked, because he added the required trust certificates to your computers certificate store.
I wrote a small java program that creates a VPN server on Amazon AWS EC2 on the press of a button. Every time I need a VPN, I just launch that program and have a fresh VPN server that is hosted by Amazon and most importantly controlled by me.
Public computers that are wired to public routers by Category/Ethernet cables can still potentially be at risks; like academies, libraries, and other public institutes.
Nice info vid theo I think I learnt something I think u do great vids love ur ☺and ur passion and the way u simplify things. can I ask how do u find a vpn this stuff can be a little complicated but I'm getting there. keep up the grt wrk. -x-
I know you won't believe me, and it sounds really weird, but back in March, I'll sum it up for you, a guy through steam hacked into my internet connection timing timing it out and turning my wi first off on and on off.
The login phase to the VPN. is that over an SSL connection? Or could your VPN username/password be potentially leaked if you connect to it over open WiFi? I'm assuming it is. But I'm not 100% sure if that it is.
I just love making hotspots with names based on things you see out on streets and make my friends connect to them... They keep falling for it, every time.
I too use PIA VPN, I even use it at home. I think you can use up to 5 devices so run it on my desktop, laptop, phone, and tablet. Configured to connect all the time at startup.
I use Private Internet Access for my VPN too, its $40 a year... But, even if I DID connect to a 'honey pot', isn't all the data going through still encrypted? They're only going to be able to see my VPN connection with encrypted traffic, right??
What if an infected phone had access to a wifi network that has other devices connected to it. Would it infect all the other devices connected to the wifi or would it be limited to the ones sharing files?
the tor project has an web browser called TorBrowser that allows you to an free vpn since it's open score and because it's open score you know if back doors are their.