Secure https over open wifi?

[corbywan]

This might be a stupid question but I'm on vacation and can't thing straight.

My hotel has open wifi. Not WEP, no WPA. If I want to connect to my bank or order something online via a secure website, is my info secure or is it wide open to snooping because of the open wifi?

Mahalo!

 

[mkelly]

Secure HTTPS over wifi

My hotel has open wifi. Not WEP, no WPA. If I want to connect to my bank or order something online via a secure website, is my info secure or is it wide open to snooping because of the open wifi?

As long as you're connecting to your bank over an SSL-encrypted secure HTTPS connection, then your data is protected. Even over wired network connection, you are open to the possibility of somebody sniffing your traffic (upstream at the ISP for instance). HTTPS is designed to mitigate that possibility.

Of course, you'll want to *make sure* that you are in fact connecting via HTTPS before you send anything personal/confidential - WiFi makes it *very* easy for somebody to sniff a non-encrypted, regular HTTP connection.

 

[corbywan]

OK, that's what I was thinking too. I just wanted to make sure.

Does anyone else want to verify that opinion before I make myself a victim of identity theft?

 

[belvdr]

Completely accurate.

 

[cdcastillo]

OK, that's what I was thinking too. I just wanted to make sure.

Does anyone else want to verify that opinion before I make myself a victim of identity theft?

Download and use the free HotSpot Shield to make a VPN connection (even more secure than https alone) to your bank.

 

[belvdr]

Download and use the free HotSpot Shield to make a VPN connection (even more secure than https alone) to your bank.

Yeah, and redirect all your traffic through them? You create a VPN to them, and then your traffic still goes over the remaining Internet using HTTPS. You're NOT creating a VPN to your bank. Not a real smart move, in my opinion.

 

[cdcastillo]

Yeah, and redirect all your traffic through them? You create a VPN to them, and then your traffic still goes over the remaining Internet using HTTPS. You're NOT creating a VPN to your bank. Not a real smart move, in my opinion.

Of course is not a VPN to your bank, wrong choice of words, Which bank let's their customers access trough a VPN? None that I know about.

The problem with https is that between your computer and the router someone could still sniff the info, hence the usefulness for a VPN (to secure the data only between the computer and the public router.

 

[belvdr]

Of course is not a VPN to your bank, wrong choice of words, Which bank let's their customers access trough a VPN? None that I know about.

The problem with https is that between your computer and the router someone could still sniff the info, hence the usefulness for a VPN (to secure the data only between the computer and the public router.

But still, someone could always sniff your traffic anywhere else on the Internet if they have access to the routers/switches along the way.

The problem with that service is you are forcing your traffic through them. I'm not sure I'd trust doing that.

 

[spatry]

Of course is not a VPN to your bank, wrong choice of words, Which bank let's their customers access trough a VPN? None that I know about.

The problem with https is that between your computer and the router someone could still sniff the info, hence the usefulness for a VPN (to secure the data only between the computer and the public router.

... but they would sniff encrypted data anyway. https uses diffie hellman for key exchange with your bank to allow complete privacy... then you get a private key after the handshake and every packet everywhere are encrypted. No worry of somebody sniffing between computer and router