Hacker News new | comments | ask | show | jobs | submit login

I guess my question would be: What additional threat do you thing public wifi poses, as opposed to any other internet access? IMHO, you have to assume that any unencrypted traffic over the internet could be sniffed, etc.

The only additional threats I can see would be threats against your PC directly, rather than your traffic.

Am I wrong?

As I understand it unsecured public WiFi is significantly more threatening when compared to standard hard-wired Ethernet as all your traffic is visible to any other user connected to the same network with a packet sniffer.

It's much, much harder (but not impossible) to do this on a hard-wired connection - there's a useful discussion as to why here: http://news.ycombinator.com/item?id=1828201

Your personal machine isn't going to be connected through "modern enterprise-grade switches like you would find in a data center," so ARP spoofing is a totally legitimate attack.

Much of that discussion is crap. They're wasting effort bikeshedding about local network sniffing. You have to assume that anything of value sent over the internet might be sniffed or at least could be sniffed by a well placed attacker. The last hop connection between your PC and the AP is hardly the only point at which your data is vulnerable. To assume otherwise is foolhardy.

That's why I said that the only additional risks I can see of an public Wifi is local attacks directly against your machine such as someone port scanning your laptop to look for vulnerable service or open fileshares, etc.

It's much more unlikely that there is a sniffer between your ISP's routers and the target servers for interesting traffic than an attacker listening to your AP traffic. Your ISPs have a vested, primary business interest in keeping their network and peer traffic secure. The coffee shop could care less if people hack each other's Twitter over their AP.

Think about it, say you want to grab somebody's credentials for a popular website. Do you a) hack into their ISP or b) follow them to a coffeeshop and open up Firesheep. What's the easiest angle you are going to take? Local network sniffing isn't the trivial example of sniffing, it's the most vulnerable and probably most exploited target. (Just ask Google.)

You're over-simplifying a bit. Public WiFi is a bit more risky, though, because the barrier to entry for sniffing last-mile infrastructure is so low that anyone can do it.

At my home and office you have to contend with WPA2-Enterprise (it's easy to set up at home, so I did). You'd need to get hard-wired access to my home, and pull some ARP trickery to sniff my last-mile infrastructure. We have 802.1x on the Ethernet ports at the office, so no dice there.

You're right, to a point. And the effective response is to make sure you're always protected as well as you can, instead of going into a "shields up!" situation only when your perceived risk is higher.

It's much easier for an attacker with few resources to go fishing for passwords, etc. over an open WiFi connection than it is for that person to somehow gain physical access to an ISP and install a packet sniffer.

So, the number of people who could conceivably be eavesdropping goes from a few (unscrupulous IT workers and law enforcement) to very many (everyone who can figure out a WiFi packet sniffer).

Small number of eavesdroppers, but also more sophisticated and dangerous ones. :-)

Yes. For an active attack, see airpwn - http://www.evilscheme.org/defcon/ If you think that's rather benign, consider the ssl cert checking flaw (http://hackaday.com/2009/07/29/black-hat-2009-breaking-ssl-w...). Put the two together, with a bit of paranoia, and the result is I never surf unsecured wifi without some sort of protection.

I guess I don't so much disagree with the idea of being careful on an unsecure public wifi, as I am concerned that so many people seem to think they only have to concerned about the unsecured wifi, not all the other hops on their connection. You know what I mean?

Oh absolutely. And heres why: http://www.wired.com/threatlevel/2008/08/revealed-the-in/ . In short, the researchers demonstrated that they could poison the upstream provider for Defcon's internet, such that all Defcon traffic went first through their server, before reaching the internet at large.

I don't think people here are suggesting that this is the only vector of attack against your system, rather that given the proliferation of unsecured WiFi networks it's just one of the more common.

When someone brings out the "ARP poisoning" add-on for Firefox maybe it will fuel debate on other types of attack :)

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact