

Coffee shop WiFi for dummies - gphil
http://www.securityfocus.com/columnists/385

======
shiftpgdn
"If your company provides you with VPN access on your laptop, use it. That's a
sure fire way to ensure that everything you send and receive is encrypted, and
it makes your surfing much safer."

This should have been the first, and most important line of the entire
article. Wireless encryption, IM client, and internet browser simply don't
matter as someone who is out to grab your information is going to be doing so
by viewing the packets sent between your computer and router.

~~~
nlawalker
It should have been the _only_ line in the entire article. The only way that
proper precautions such as this will be taken up by people who really don't
care is if they are simple and succinct.

------
trotsky
2006-02-09

Amusing to see a blog on security focus implying that a WEP key when given to
everyone was somehow better than nothing, even if it was from 5 years ago.

------
gphil
This is a little bit out of date, but it is a good reminder to be careful.

------
10smom
I like to think of myself as a newbie traveling entrepreneur. I have a travel
trailer that I used to travel the south west this fall I did a lot of non camp
ground camping in the big cities and took advantage of all the coffee shops I
could find to take care of business. It was a blast and a great way to do
business while traveling. I am investing in a small motorhome to travel to
tech conference throughout the year. I plan on spending lots of time in coffee
shops if not staying camp grounds. I like the idea of having a "traveling
home" that I can just jump into in a parking lot of a major event etc...

    
    
      I also got to the local shop  in beautiful Park City utah, just to get out of the house  and have change of atmosphere while working.

------
valverde
This brings up a more interesting question: how would you provide encrypted
free Internet access in a coffee shop?

Giving out passwords to customers is the most common approach, but there must
be a way to provide encrypted access without a shared key.

~~~
jschuur
I don't really know enough about this stuff, but couldn't you just generate
some kind of temporary encryption credentials upon the initial wifi connection
handshake and use that for the duration of the session?

I've always assumed that the reason it's not done is that the CPU resources
needed to handle decryption of a reasonably strength was too much for a bunch
of simultaneous connections on affordable hardware.

~~~
jschuur
@cma: you mean I couldn't verify the identity of the router upfront and might
handshake with someone pretending to be it? I figured you could tell by the
SSID of who you're connected too if it's the right one, assuming the official
one isn't offline.

See, I knew that I didn't know enough about this to lead a decent conversation
;)

------
ankimal
Gmail dint use https by default for the longest time. I remember getting an
email from our department while at school about this too. Its default now and
can be toggled from Settings -> Browser Connection.

------
alanh
[2006]

