Page 1 of 2 12 LastLast
Results 1 to 15 of 22
  1. #1
    iNET Interactive
    Join Date
    Jan 2010
    Location
    Seattle, WA, USA
    Posts
    380
    Thanks
    1
    Thanked 29 Times in 24 Posts



    TOP STORY

    Cloak your connection to foil Firesheep snoopers


    By Woody Leonhard

    In his Oct. 28 In the Wild column, Robert Vamosi showed how easy it is to snoop a Wi-Fi connection using a clever Firefox add-in called Firesheep.

    If you're serious about protecting your surfing from prying eyes while on an unencrypted public Wi-Fi connection, the onus is on you to lock down your connections. Using virtual private networking (VPN) is one of the best ways I know to do that.

    The full text of this column is posted at WindowsSecrets.com/2010/11/04/01 (opens in a new window/tab).

    Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.
    Last edited by revia; 2011-01-19 at 13:44.

  2. #2
    New Lounger
    Join Date
    Dec 2009
    Location
    Old Bridge, NJ, 08857
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Just curious if a WiFi public hotspot secured with WPA2, where everyone knows the WPA2 password, is still more secure than an unencrypted WiFi hotspot? I assume knowing the WPA2 password allows you to unencrypt the data but wondered if it was still inherently more secure regardless or if it's a wash.

  3. #3
    New Lounger
    Join Date
    Dec 2009
    Location
    Florida
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I don't know much about the technical details of VPN so it is difficult for me to evaluate various VPN providers. I use a service called WiTopia which costs $69.99 per year and has servers in several locations throughout the world. This service was not mentioned in this article and is considerably cheaper than the one's mentioned. Does anyone know anything about this service and it's strengths/weaknesses compared to other providers? I am going to be traveling soon and really want to have secure communications.

  4. #4
    5 Star Lounger
    Join Date
    Dec 2009
    Location
    Milwaukee, WI
    Posts
    737
    Thanks
    23
    Thanked 64 Times in 52 Posts
    Is something going on today? The link for the news letter fails with "The page isn't redirecting properly". When I try to login to the site to read it directly, the site does not accept my e-mail & subscriber code. However, I can get in and see my preferences and expiration date.
    Chuck

  5. #5
    New Lounger
    Join Date
    Nov 2010
    Location
    Fairfax Virginia
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Guys,

    I'm a VPN user not a VPN expert...hence my lame question.

    If i'm getting the article right.

    When I install OPENVPN or any of the VPN services Woody mentions on the article and I have it running, the path that my connection will follow from my house to... lets say Amazon.com would be:

    From my house to Amazon.
    Encrypted data leaves from my PC ..............to my ISP (using my ISP's DNS? or OPENVPN's DNS ? ) ............to OpenVPN Gateway/server (where the encryption will be removed) then the unencrypted data will go.................................TO Amazon.com

    From Amazon to my House
    Amazon process my request and sends unencrypted data ................. Back to OpenVPN Gateway\server where the data from Amazon will my associated with my original transmission and encrypted.................Sent back to my ISP who will send it..........................to my PC???

    Again Im not an expert so please excuse my questions if it sounds stupid..So I guess I have two questions, one about the Path that the connection will follow, and the second is about what DNS server does my computer uses (does it use my ISP's DNS server or OpenVPN DNS server.

    Thanks
    RB

  6. #6
    New Lounger
    Join Date
    Dec 2009
    Location
    Chicago, IL
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Hi Woody,

    A good, matter-of-fact article on protecting your "public wi-fi" connection. Just wanted to let you know about a potentially lower cost hosted VPN option for the Road Warriors out there.

    I found WiTopia has an excellent service, "PersonalVPN" that uses both SSL/PPTP with a customized OpenVPN to tunnel through to their servers and on to the internet. The SSL/PPTP option runs $70/yr and they have servers available around the world, with plenty spread around the US where I do most of my traveling. The PPTP option also allows my iPhone to connect securely with the built-in VPN which is important for checking my IMAP email servers.

    Speed-wise in my testing, there was little speed reduction using the WiTopia VPN through their servers. Though I've just started using them in the last few months, they've been around for at least 5 years or so. The link to their site is www.witopia.net.

    With WiTopia for secure connections (even on the hotel's hard-wired connections) and a fully encrypted hard drive using TrueCrypt, I feel a little more secure traveling.

  7. #7
    3 Star Lounger Woody's Avatar
    Join Date
    Jan 2001
    Location
    Nashville, Tennessee
    Posts
    358
    Thanks
    1
    Thanked 645 Times in 4 Posts
    Quote Originally Posted by Bob Mulholland View Post
    Just curious if a WiFi public hotspot secured with WPA2, where everyone knows the WPA2 password, is still more secure than an unencrypted WiFi hotspot? I assume knowing the WPA2 password allows you to unencrypt the data but wondered if it was still inherently more secure regardless or if it's a wash.
    @Bob -

    Yep, it's inherently more secure because each connection is encrypted separately. But I'm NOT sure if anyone's been able to figure out how to sidejack over a WPA2 connection with a publicly-known key. I can't find anyone who's actually done it, but...
    Woody

    For Dummies book author, Senior Contributing Editor for InfoWorld, and long-suffering Windows victim. Check out the latest at AskWoody.com.

  8. #8
    3 Star Lounger Woody's Avatar
    Join Date
    Jan 2001
    Location
    Nashville, Tennessee
    Posts
    358
    Thanks
    1
    Thanked 645 Times in 4 Posts
    Quote Originally Posted by rbacca View Post
    Guys,

    From my house to Amazon....

    Again Im not an expert so please excuse my questions if it sounds stupid..So I guess I have two questions, one about the Path that the connection will follow, and the second is about what DNS server does my computer uses (does it use my ISP's DNS server or OpenVPN DNS server.

    Thanks
    RB
    Not a stupid question at all! Amazon encrypts its pages - everything you do is over an https connection - so you don't have to worry about getting sidejacked. But to answer your question in general, yes, those are the stages the communication goes through. It's in the clear between the VPN's server and the web site, then back to the VPN server.

    The DNS server is the VPN's DNS server.Your VPN connection doesn't interact with your ISP at all.
    Woody

    For Dummies book author, Senior Contributing Editor for InfoWorld, and long-suffering Windows victim. Check out the latest at AskWoody.com.

  9. #9
    3 Star Lounger Woody's Avatar
    Join Date
    Jan 2001
    Location
    Nashville, Tennessee
    Posts
    358
    Thanks
    1
    Thanked 645 Times in 4 Posts
    Quote Originally Posted by Charles Hanskat View Post
    Speed-wise in my testing, there was little speed reduction using the WiTopia VPN through their servers. Though I've just started using them in the last few months, they've been around for at least 5 years or so. The link to their site is www.witopia.net.

    With WiTopia for secure connections (even on the hotel's hard-wired connections) and a fully encrypted hard drive using TrueCrypt, I feel a little more secure traveling.
    @Charles @Virgil -

    Sounds like a winner to me. There are many VPN services out there these days. The tough part is that all of the free ones I've found are really slow...
    Woody

    For Dummies book author, Senior Contributing Editor for InfoWorld, and long-suffering Windows victim. Check out the latest at AskWoody.com.

  10. #10
    New Lounger
    Join Date
    Dec 2009
    Location
    London, UK
    Posts
    12
    Thanks
    0
    Thanked 0 Times in 0 Posts
    It's been one of "those" days. I'm tired right now so if this is a idiot question please bear with me.

    I like Firefox add-ons but I've never heard of the Force TL addon nor can I find it on the web.

    Any idea where it is and how I get it?

    Thanks.

  11. #11
    New Lounger
    Join Date
    Dec 2009
    Location
    Florida, USA
    Posts
    16
    Thanks
    5
    Thanked 0 Times in 0 Posts
    Woody,

    Thanks for this article as it is very timely for me. I have been looking around for VPN software to put on my recently purchased netbook. In searching thru the various applications offered, I have concerns about the security of the provider and whether they are potential providers of my personal information to 3rd parties. Not all have easy to decipher privacy policies.

    Since I am just starting out with this and have limited knowledge of setting up VPN, a free easy to use was also a major consideration. I did look at OpenVPN and ItsHidden, but I didn't quite understand how the client needed to be set up. I also didn't like the fact that a user had to sign in.

    I finally installed SecurityKISS (it is based on OpenVPN), which offers both free and paid services and was simple to install. It also does not require any sign in. While the free version is limited to 300MB per day, it is more than provided by most free VPN providers.

    Do any of you knowledgeable readers have any advvice for me regarding VPN software and providers?

    Thanks to all for the info above

    To oddjob,

    In Firefox go to Tools/Add-ons/ Get Add-ons and type in "Force-TLS"

  12. #12
    Lounger walkerpbus's Avatar
    Join Date
    Feb 2010
    Location
    Duncanville, Texas, USA
    Posts
    32
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Smile

    It was not the Force-TL add-on. Search of add-ons failed to find it in Mozilla. Real name was Force TLS. See chrome://forcetls/content/upgrade.html.
    Use 1 XP & 1 Win 7 machines in Christian non-profit where I am a retired volunteer; Windows 7 on home machine.

  13. #13
    New Lounger
    Join Date
    Jan 2010
    Location
    Newcastle, NSW, Australia
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I also use Witopia and find it to be very reliable, fast and multiple access points all round the world (including alternate ports for many if required):

    AMERICAS

    UNITED STATES
    Atlanta
    Chicago
    Dallas
    Los Angeles
    New York City Metro
    San Francisco
    Seattle
    Washington, DC Metro

    ARGENTINA
    Buenos Aires

    BRAZIL
    Sao Paulo

    CANADA
    Toronto
    Vancouver

    MEXICO
    Mexico City

    PANAMA
    Panama City

    ASIA and AUSTRALIA

    AUSTRALIA
    Sydney

    CHINA
    Hong Kong

    INDIA
    New Delhi

    JAPAN
    Tokyo (coming soon)

    MALAYSIA
    Kuala Lumpur

    SINGAPORE
    Singapore

    SOUTH KOREA
    Seoul (coming soon)

    EUROPE/MIDDLE EAST/AFRICA

    BELGIUM
    Brussels

    CZECH REPUBLIC
    Prague

    EGYPT
    Cairo

    FINLAND
    Helsinki

    FRANCE
    Paris

    GERMANY
    Frankfurt

    IRELAND
    Dublin

    ITALY
    Milan

    LATVIA
    Riga

    NETHERLANDS
    Amsterdam

    POLAND
    Warsaw

    PORTUGAL
    Lisbon

    RUSSIA
    Moscow

    SPAIN
    Madrid

    UNITED KINGDOM
    London
    Manchester

    Ian

  14. #14
    3 Star Lounger Woody's Avatar
    Join Date
    Jan 2001
    Location
    Nashville, Tennessee
    Posts
    358
    Thanks
    1
    Thanked 645 Times in 4 Posts
    Quote Originally Posted by Paul Walker View Post
    It was not the Force-TL add-on. Search of add-ons failed to find it in Mozilla. Real name was Force TLS. See chrome://forcetls/content/upgrade.html.
    @Paul -

    You're absolutely right, and my apologies! There should've been a link...
    Woody

    For Dummies book author, Senior Contributing Editor for InfoWorld, and long-suffering Windows victim. Check out the latest at AskWoody.com.

  15. #15
    iNET Interactive
    Join Date
    Jan 2010
    Location
    Seattle, WA, USA
    Posts
    380
    Thanks
    1
    Thanked 29 Times in 24 Posts
    You can find it on the Firefox Force-TLS add-on download page.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •