Jump to content
Displayed prices are for multiple nights. Check the site for price per night. I see hostels starting at 200b/day and hotels from 500b/day on agoda.

Recommended Posts

I was just wondering about this issue and really dont have the technical nous.

 

How safe is it to use free wi fi in hotels and where have you?

 

Am at any greater or lesser risk of security breaches say than using an Internet cafe?

 

If there is an issue are there any remedies?

 

The reason that I ask is that in a recent hotel stay all that was required for free wi fi was to put you hotel room in followed by the name and this information was handed out at reception on pieces of paper.

Link to post
Share on other sites

It is safe if you use SSL connections or a VPN connection. Those offer practically speaking unbreakable connections.

 

They are using a secure connection with a RADIUS server if they require you to enter a room/name or password when you are connecting. You will see an intercept when you go to browse and you have to authenticate your ID to go on. This is the most common hotel scheme unless they just hand out a password and change it now and then, or never, (which means telling all users the new info) or they don't use security at all. Which is also pretty common.

 

Frankly RADIUS is probably enough (your computer can tell you if it is WPA which is very robust or WEP which is very weak- these are the encryption protocols that are available) because a lot of security issues are pretty theoretical. Yes you can break WEP (easily, in minutes) but are there raving gangs of internet sniffers outside your room or hotel? 99.99% odds against. The loads of drunk punters sharing the space are not doing this hacking in their spare time.

 

For banking you'll always be on an SSL connection and there are web VPN services but the reality is the risk is pretty low in reality vs. the science.

Edited by ricktoronto
Link to post
Share on other sites

I tend to prefer VPN to my home VPN server for anything important. That way I take the same risk I take at home, ie very low.

 

While https:// web connections and SSL/TLS connections for email etc are less risky, I prefer not to take the risk unless I have to.

 

I regard hotels and internet cafes as risky if you are using your laptop. Slightly less risky if the WiFi traffic is encrypted with WPA2 so you aren't boradcasting your data to everyone in the local area, but you are still exposed to the hotel/cafe operator who is also in a better position to attack you.

 

The buggest risk is internet cafes/bars where you use their computer. Your are subject to all the boave network risks, and also there could be viruses, trojans, keyloggers on the computer.

 

If you connect your laptop to a network, then any other computer on that network can directly attack your computer. Are you patches/antivirus up to date?

 

Specifically about getting a username/password on a piece of paper, while this at best is also used for the wifi encryption, I guess it is mostly about reducing the amount of bandwidth theft by random people near the location.

 

Unfortunately if you want a secure connection then hotels or cafes aren't good enopugh. You should use a VPN service of some kind, and you are probably also going to have to learn a few new things and pay attention. While the likelyhood of something bad happening is low, it is impossible to predict the possible impact, depends on what information is exposed, and how that information can be combined with other, possibly already public, information.

Link to post
Share on other sites

Just keep in mind the ACTUAL probability of someone actively sniffing a hotel wifi with authentication is still not very high. It is more work than benefit really. Since banking and such winds up as SSL on top of the authentication.

 

I have four wireless access points at home with WPA PSK using AES and MAC address filtering (worthless other than for the simplest attempts) and in many years the router logs show literally zero attempts from unrecognized MAC addresses. In a big city.

 

I do agree never use a Internet cafe computer for other than surfing sites that you don't use ID to access. Never due to key logging, caching who knows what they can capture.

Link to post
Share on other sites

Thanks for the comments guys. There is a bit of jargon here that has gone over my head but all in all it looks reasonably safe and worth taking a laptop rather than using an internet cafe. One more question. If I log onto a site, say my bank, is the site at risk only as long as I have the site open? In other words, if I log on, check, adjust or whatever and log off in the quickest possible time does this reduce my chances or being hacked even more?

Link to post
Share on other sites

The amount of time you spend is irrelevant. For someone to sniff a data stream and figure out and decode a live SSL connection would take tens of millions of computers working for thousands of years.

 

Bank account takeovers or fraud occur when you let someone see your ID and password, which happens mostly from phishing e-mail (fake e-mail that looks like it came from your bank and with a link that takes you to a "bank" website that is not actually theirs), and occasionally with an internet cafe where a device is on the computer that captures each keystroke which are then copied after you're gone.

 

Or foolishly trusting ANYONE with login information.

Edited by ricktoronto
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...