Rick Hurst Web Developer in Bristol, UK


security on public wifi

web bug

After attending the excellent recent Skillswap on security by Oliver Humpage at the Watershed in Bristol, I am feeling more paranoid than ever about security on public wifi. We are all being encouraged to use wifi and work from wherever you want, but little advice is given about how to avoid transmitting your unencrypted usernames and passwords over the network.

By default the average user will not be using any encryption – virtually everyone using ordinary email (i.e. using a desktop mail client) transmits their username and password when they check their mail. During the presentation Oliver demonstrated how applications such as dsniff can be used to sit and gather unencrypted data on a wifi network – this is not difficult to do.

Being already paranoid, I tend to use a web proxy over ssh to surf on public wifi, but I have a whole load of other applications running -IM, skype etc that I suspect also transmit unencrypted data that needs securing, which may or may not be tricky to do over ssh. Apparently a VPN is the way to go.