TipYou are using unsafe HTTP protocol. Your activity may be tracked. We recommend you using HTTPS version.
Login:
Password:
  
Feedback
Send fast feedback messages and bug reports.
VPN service support
  • support@secretsline.biz
  • secretsline@ymail.com
  • secretsline@hotmail.com
  • 767-943, 768-301
Opinions
good service, faster and cool. Thx A+++
block is under construction
SeacretsLine Easy VPN
Dear clients, we are glad to present you our new VPN software - Easy VPN Client, for more information please read details. Details→

Wireless security. How to safely use free WiFi.

Why Do I need to read this article?

This material was prepared for those who need to stay online, for those who value their own safety and safety of the private data. Too much information just gets lost in the huge flow of new data today. Privacy policy - one of those issues. We recommend you to read this article if you don't want to find out a zero balance on your bank account at a one fine day, or create a new social network account instead of the old one stolen by somebody.

About Wireless Technology

Wi-Fi ( Wireless Fidelity ) — is a wireless technology originally developed by the NCR Corporation/AT&T in 1991. Initially created for cash service systems and provides limit bandwidth up to 2 Mbit/s. Today Wi-Fi is a widespread technology commonly used in a public places ( like airports, hotels, fast-food restaurants etc ) or home ( no wires make it more convinient ).

Benefits:
  • no wires;
  • presence of a large number of a free Wi-Fi hotspots;
  • wide support by a hardware;
Disadvantages:
  • high energy consumption;
  • easy to crack ( unencrypted connection or WEP / WPA encryption );
  • small access radius;

Wi-Fi Security

Active Wi-Fi user could face several risks. This is due the fact that the attacker can connect to the wireless network without any problems and intercept your internet traffic. In normal situation such opportunities are available for Wi-Fi administrators, skilled 3rd party persons or even for a network worm. How to protect yourself?

Traffic interception

Free hotspots are scattered on modern city almost denser than dustbins. If you'll try to search the network in any modern city, you'll probably find at least a pair of an open wireless networks. Some access points are open on ignorance administrators, some are open on purpose, for example in a cafe, where Wi-Fi is a nice addition to service. But you always have a risk to loose your private data ( like a social networks accounts, ICQ, MSN, internet banking accounts ), because your internet data is visible for a network administrator.

Untile recently it was able to use safe internet protocols, for example HTTPS. HTTPS protocol is widely used by internet banking systems, in a private parts of the sites ( like GMail ) and for any other security reasons. However, at the end of 2008 proved the possibility of the HTTPS break-in:

Our main result is that we are in possession of a “rogue” Certification Authority (CA) certificate. This certificate will be accepted as valid and trusted by many browsers, as it appears to be based on one of the “root CA certificates” present in the so called “trust list” of the browser. In turn, web site certificates issued by us and based on our rogue CA certificate will be validated and trusted as well. Browsers will display these web sites as “secure”, using common security indicators such as a closed padlock in the browser’s window frame, the web address starting with “https://” instead of “http://”, and displaying reassuring phrases such as “This certificate is OK ” when the user clicks on security related menu items, buttons or links.

Link:http://events.ccc.de/congress/2008/Fahrplan/track/Hacking/3023.en.html
Safe use of HTTPS was questioned. In the end of 2009 was also found a critical bug in the SSL / TLS protocol underlying the HTTPS protocol, which allows to attacker to perform any actions on a protected site by the user name.
A major vulnerability in SSL authentication was discovered in August of 2009 by security analysts at PhoneFactor. The resulting authentication gap allows an attacker to inject himself into the authenticated SSL communications path in a standard man-in-the-middle attack. Most websites that use SSL are potentially affected. Affected scenarios include web surfers doing online banking, back-office systems using web services-based protocols, and non-HTTP applications such as some mail servers, database servers, and so on. The vulnerability partially invalidates the SSL lock, which users rely on to verify that their communications with a website are secure. Websites using client certificates (including many smart card deployments) are affected. All SSL libraries will need to be patched. Software vendors will have to update their software to support the library revisions, and users will have to update any SSL-protected software as patches become available.

The vulnerability results from a weakness in the SSL protocol standard (formally known as Transport Layer Security, or TLS). As such, most SSL implementations are vulnerable in one way or another. Affected scenarios include web surfers doing online banking, back-office systems using web services-based protocols, and non-HTTP applications such as some mail servers, database servers, and so on.

Link:http://www.phonefactor.com/sslgap/
According to this article even if you are using encrypted wireless network, it is able to intercept your activity.

Wi-Fi Crack

Another danger of public Wi-Fi networks, it is easy to break and listen to the traffic directly from the radio channel. If the network does not use any encryption (which is quite common), all hacking procedure is reduced only to start special software. When wireless network use WEP encryption algorithm the attacker needs about ten minutes longer (this is a time to collect traffic and breaking the algorithm). In August 2009 the University of Hiroshima employees broke another commonly used encryption protocol Wi-Fi - WPA.
In 2008, Beck and Tews have proposed a practical attack on WPA. Their attack (called the Beck-Tews attack) can recover plaintext from an encrypted short packet, and can falsify it. The execution time of the Beck-Tews attack is about 12-15 minutes. However, the attack has the limitation, namely, the targets are only WPA implementations those support IEEE802.11e QoS features. In this paper, we propose a practical message falsification attack on any WPA implementation. In order to ease targets of limitation of wireless LAN products, we apply the Beck-Tews attack to the man-in-the-middle attack. In the man-in-the-middle attack, the user’s communication is intercepted by an attacker until the attack ends. It means that the users may detect our attack when the execution time of the attack is large. Therefore, we give methods for reducing the execution time of the attack. As a result, the execution time of our attack becomes about one minute in the best case.

Link: http://www.ieice.org/ken/paper/20090925faPH/eng/

If you want to protect yourself from "bad guys" the best variant is to use WPA-2 encrypted wireless networks, but unfortunately it are not so widespread.

How to make Wi-Fi secure

Despite the WEP / WPA protocols insecurity they are still widespread. Some access point doesn't use any encryption. So if you want to protect your private data you need to use VPN connection. VPN software doesn't depend on your network connection settings. We recommend to use VPN connection together with unsafe Wi-Fi connection ( most of free wi-fi access points ). For your convenience we provide small time subscribes ( 3 hours ). This is a best choice for the wireless networks in a public places.

External links:

 SecretsLine.biz 2007-2010