

Why you should avoid hotel Wi-Fi like the plague - walterbell
http://www.techradar.com/us/news/networking/wi-fi/why-you-should-avoid-hotel-wi-fi-like-the-plague-1292555

======
rotoole
My 2 cents:

Even w/ WPA encryption enabled, a malicious user merely needs to get the
network password/access to sit on the network and sniff packets as they fly
by. This could be achieved thru various network sniffing tools, or some
surreptitious people hacking. So relying on encryption alone does not solve
anything.

If your guest WiFi is un-encrypted, i.e. no password/WPA, there is still
transport layer encryption like HTTPS, that will secure the connection between
the client and server, i.e. your web browser and your bank website. HTTPS
assumes that you are on an insecure connection, that's what it was designed
for!

Finally, many guest networks implement client isolation, which prevents
clients on the LAN from communicating directly with each other or to other
private LAN's connected to the guest network. Often network admins setup
wholly separate network infrastructure for guest access, totally isolating
their private back office LAN from the guest LAN.

Anyways, this stuff is hard, and probably beyond the comprehension of your
average business that needs to implement guest WiFi.

------
kagamine
Every hotel I have stayed in lately has asked for a unique code from an SMS to
join after providing the (universal) user and pass. I haven't encountered open
wi-fi outside of an airport anywhere for years that I can remember. I would
discard that level of scaremongering from the article, but of course once you
have joined you had better have a think about what you sharing on the network
with other 'legitimate' users.

