Reply
 
Thread Tools Display Modes
 
Old 05-09-2014, 10:04 AM   #41
Guru
 
twistedtree's Avatar
 
City: Gloucester, MA
Country: USA
Join Date: Jan 2013
Posts: 3,187
Quote:
Originally Posted by ActiveCaptain View Post
I kinda agree with it. There is one major exception. Web developers use much more advanced techniques to comminicate between a web page and a server today. JavaScript, jquery, and other Ajax techniques are common in almost all complex websites nowadays. eBoatCards is entirely jquery/Ajax based and uses them all. What that means is that other software is communicating with servers, sending and receiving network traffic, without your knowledge of the mechanisms of encryption visible on the browser URL at the top. It's why a VPN is really the only solution for local protection.

You're more current than I am on some of these technologies. I've been out of the game for going on 7 years now.

But wouldn't you agree that a well implemented web site would ensure that your login and password and other vital data passes through an SSL protected channel? Of course that doesn't mean everybody does, which I guess is your point.
__________________
Advertisement

__________________
www.MVTanglewood.com
twistedtree is offline   Reply With Quote
Old 05-09-2014, 10:39 AM   #42
Guru


 
City: Full-time onboard
Country: USA
Vessel Model: Trawler
Join Date: Oct 2007
Posts: 937
Definitely - a well developed site will protect sensitive info. But so few managers understand the difference between a simple change in API parameter and its affect on security. The problem today is that if you're experienced enough to develop the stuff, you won't be in the management side because you're too valuable where you are.
__________________

Jeffrey S is offline   Reply With Quote
Old 05-09-2014, 12:25 PM   #43
TF Site Team
 
FlyWright's Avatar
 
City: California Delta and SF Bay
Country: Sacramento, CA, USA (boat in Vallejo)
Vessel Name: FlyWright
Vessel Model: Marshall Californian 34 LRC
Join Date: Apr 2008
Posts: 10,175
Great information here guys. Let's keep it going without the barbs and jabs. We can disagree without being disagreeable.

Thanks for all contributing to this area that many of us 'underlings' don't understand. I'm trying to take this all in, but for the uninitiated, it's a lot like drinking from a fire hose. Twistedtree's explanation really helped me understand my own boat's vulnerabilities which I often wondered about.

What about cellular data used onboard via a cellphone or tablet hotspot. I have AT&T cellular data and can provide a hotspot from my Android Note 8. I frequently use it onboard when no other wifi is available. Is that secure?
__________________
Al

Custom Google Trawler Forum Search
FlyWright is offline   Reply With Quote
Old 05-09-2014, 01:57 PM   #44
Guru


 
City: Full-time onboard
Country: USA
Vessel Model: Trawler
Join Date: Oct 2007
Posts: 937
Quote:
Originally Posted by FlyWright View Post
What about cellular data used onboard via a cellphone or tablet hotspot. I have AT&T cellular data and can provide a hotspot from my Android Note 8. I frequently use it onboard when no other wifi is available. Is that secure?
Yes, provided the mechanism for connecting to cellular is secure - putting a WPA password on it to connect your devices if you're using it as a local hotspot. There are ways around that too but that's in the 99/1 area where it's not worthwhile protecting against it.
Jeffrey S is offline   Reply With Quote
Old 05-10-2014, 09:58 AM   #45
Guru
 
City: Tuckerton, NJ
Country: USA
Vessel Name: WIRELESS ONE
Vessel Model: 36 Gulstar MarkII
Join Date: Mar 2011
Posts: 937
Jeff AC is a fantastic service and product. I in no way want to defame anyone for their opinion on using open WiFi. I can crack a WEP or WPA site in as little as 2 to 5 minutes. It's not if protections can be hacked it's how or if the data is ever used for nefarious reasons.
Best,
Bill
Billylll is offline   Reply With Quote
Old 05-10-2014, 10:37 PM   #46
Senior Member
 
MC Escher's Avatar
 
City: Central Ohio
Country: USA
Join Date: Sep 2013
Posts: 151
Just wanted to say two things:

1) Active Captain is putting out some good information. I'm not sure how much good it does with an audience that for the most part doesn't even seem to know the difference between authentication and encryption, but that's how it usually is whenever anyone is speaking on any highly technical subject. None of that should be taken as an attempt to denigrate anyone here. Were he to be discussing the finer points of brain surgery most of us would be just as lost. People tend to know things that are relevant to their lives and not too much about things that aren't.

2) This discussion amounts to over-thinking and over-worrying. For the most part. If you're doing anything that involves important data, such as online banking; do yourself a favor and do it via a secure internet connection via a cellular network, NOT over Wi-Fi. It's less critical in your home but the environment around a marina is more "hostile" in criminal terms. That fact that you own a "yacht" makes you a more attractive target. For everyday internet use, just make sure you are connecting to an access point that supports WPA or WPA2. There is no meaningful difference between the two. WPA was just what is sometimes called a "draft" version and WPA2 is "post-standards". And if you're setting up your own WAP, don't bother hiding your SSID. It's not really hidden and you only draw attention to yourself by doing so. Just use a good password.
__________________
If God didn't want me to walk on the grass, he wouldn't have left it on the ground.
MC Escher is offline   Reply With Quote
Old 05-11-2014, 08:32 AM   #47
Guru
 
City: Tuckerton, NJ
Country: USA
Vessel Name: WIRELESS ONE
Vessel Model: 36 Gulstar MarkII
Join Date: Mar 2011
Posts: 937
The above post sums up my feelings.
As I mention and will yell it from the top of my vocal range AC is a fantastic product & service to the marine industry. Jeff and I don't agree on much WiFi wise though.
Comcast Xfinity have hundreds of thousands of so called open access points they use a special 1X authentication service. Anyone can even try it for free for up to 3 periods. In the Northeast many boaters enjoy the somewhat free service provided by Cable Vision, Cox Communications and Comcast Xfinity. If you want a secure end to end link use a VPN client from your device to your company VPN. A WiFi air link is not the only place the Internet can be hacked from. Most of the serious hacks don't originate from an open WiFi access point.
I still have an open challenge or question will one boater tell me their passwords were hacked via open WiFi and then were the passwords used nefariously?
I'm still waiting and the silence is killing me......
Bill
Billylll is offline   Reply With Quote
Old 05-11-2014, 09:23 AM   #48
Guru


 
City: Full-time onboard
Country: USA
Vessel Model: Trawler
Join Date: Oct 2007
Posts: 937
Quote:
Originally Posted by Billylll View Post
I still have an open challenge or question will one boater tell me their passwords were hacked via open WiFi and then were the passwords used nefariously?
I'm still waiting and the silence is killing me......
Bill
My challenge exists too. I'm sure everyone reading this has had a credit card compromised and replaced in the last few years. Can you prove that the stealing didn't happen over open WiFi?

The reality is that you can't know where data capture happens. All you can do is protect yourself just like you lock your boat when you leave it. Are there people who have never locked their boat and never had a single thing taken? Sure. Does that make it a good defense? Of course not.

Open WiFi also allows almost anyone with very little hacking skills and free software to view each of the websites you're visiting. There is also free software that allows someone else to take over your identity on different social media sites. This whole topic started back with something called Firesheep:
http://en.wikipedia.org/wiki/Firesheep

Take 90 seconds and read that page. Those identical techniques have been extended to many other websites making it trivial to grab cookies, session variables, and other items that you have no idea are being captured for your identity. I just looked - trawlerforum itself keeps 14 cookies about my identity. All websites do that kind of thing today. Some of the information sitting there and open would shock you.
Jeffrey S is offline   Reply With Quote
Old 05-11-2014, 09:36 AM   #49
Guru
 
Northern Spy's Avatar
 
City: Powell River, BC
Country: Canada
Vessel Name: Northern Spy
Vessel Model: Nordic Tug 26
Join Date: Feb 2012
Posts: 2,666
Quote:
Originally Posted by ActiveCaptain View Post

My challenge exists too. I'm sure everyone reading this has had a credit card compromised and replaced in the last few years.
A quick office survey (yes, I know, it is early Sunday morning, but I am indeed at work) indicated that only one person out of twelve asked has had a credit card compromised in the last two years.

Pretty good sample too, as we live and travel frequently all over the world.

I'm not discounting the need for both awareness and security. I just don't believe the fraudulent usage is as widespread as it was a few years ago. Mainly due to better awareness and security.
Northern Spy is offline   Reply With Quote
Old 05-11-2014, 09:45 AM   #50
TF Site Team
 
ksanders's Avatar
 
City: SEWARD ALASKA
Country: USA
Vessel Name: LISAS WAY
Vessel Model: BAYLINER 4788
Join Date: Feb 2011
Posts: 3,953
Quote:
Originally Posted by ActiveCaptain View Post
My challenge exists too. I'm sure everyone reading this has had a credit card compromised and replaced in the last few years. Can you prove that the stealing didn't happen over open WiFi?

The reality is that you can't know where data capture happens. All you can do is protect yourself just like you lock your boat when you leave it. Are there people who have never locked their boat and never had a single thing taken? Sure. Does that make it a good defense? Of course not.

Open WiFi also allows almost anyone with very little hacking skills and free software to view each of the websites you're visiting. There is also free software that allows someone else to take over your identity on different social media sites. This whole topic started back with something called Firesheep:
Firesheep - Wikipedia, the free encyclopedia

Take 90 seconds and read that page. Those identical techniques have been extended to many other websites making it trivial to grab cookies, session variables, and other items that you have no idea are being captured for your identity. I just looked - trawlerforum itself keeps 14 cookies about my identity. All websites do that kind of thing today. Some of the information sitting there and open would shock you.
I agree with you concerning the risks of open networks.

I use a VPN connection when in the rare case I have to use open wifi, which is almost never. I use Cellular for several reasons. One being its less hassle.

As far as the information available about us online, it is as you indicated truly shocking. In just a few moments I can generally find out more about people than they realize. Your only privacy is in the fact that with so much information available, you are lost in the masses. There is no privacy anymore from someone that really wants to research you. You can slow people down a little, but a determined, savy person can dig up many details about a person.

As far as credit card fraud, In my opinion you are more likely to have your credit card stolen by the minimum wage waitress at the cafe you visited than online. I've had my CC information compromised twice. Once by a worker at a car rental place, and once by an employee at a Kona coffee company I did business with.

That said, for online purchases I try to use merchants that do not require me to type in my lifes history just to make a purchase. I search out merchants that use Paypal because I know that the merchant never sees my credit card data.

As I've indicated earlier I believe that public Wifi is or will soon be a dead product offering. With fast cellular data speeds and the buildout of the cellular networks it is something we will not need for long.
__________________
Kevin Sanders
Bayliner 4788
Seward, Alaska
www.mvlisasway.com
ksanders is offline   Reply With Quote
Old 05-11-2014, 09:45 AM   #51
Guru
 
twistedtree's Avatar
 
City: Gloucester, MA
Country: USA
Join Date: Jan 2013
Posts: 3,187
Quote:
Originally Posted by ActiveCaptain View Post
My challenge exists too. I'm sure everyone reading this has had a credit card compromised and replaced in the last few years. Can you prove that the stealing didn't happen over open WiFi?

.

Of course that can't be proven unless you can otherwise identify how the infiltration occurred. But by the same logic, i can't prove my wallet wasn't pick pocketed, the card removed and copied, returned to my wallet, and the wallet replaced in my pocket. By that logic, I should always chain my wallet to my belt.

Anyway, I get you point about not knowing where an infiltration occurred, but only some sort of probability/fear assessment will determine which of the zillion possible theft points you are going to protect against and to what degree.
__________________
www.MVTanglewood.com
twistedtree is offline   Reply With Quote
Old 05-11-2014, 10:16 AM   #52
Veteran Member
 
jstauffer's Avatar
 
City: Poulsbo, WA
Country: USA
Vessel Name: Serenus
Vessel Model: Tollycraft 44
Join Date: Mar 2011
Posts: 74
When on the boat, I use an AT&T mifi card to access the internet. From reading this thread, I assume the mifi to Internet is pretty secure, but the connection between my wireless computer, or wireless router, is not nearly as secure?
__________________
Jerry & Mona Stauffer
Serenus
Liberty Bay Marina
Poulsbo, WA
jstauffer is offline   Reply With Quote
Old 05-11-2014, 10:17 AM   #53
QB
Senior Member
 
QB's Avatar
 
City: San Diego and Gabriola
Country: USA and Canada
Vessel Name: Skookum Maru
Vessel Model: Ed Monk design #1924
Join Date: Dec 2011
Posts: 215
Quote:
Originally Posted by ksanders View Post
OK, finally a response that is technically correct!
Well, this part is not technically correct:

Quote:
Originally Posted by twistedtree View Post
One is the wifi radio connection, and Jeff is correct that only WPA and WPA2 encrypt the whole data stream. WEP just does and access check to let you on or not, but once you are on all data is clear and unencrypted.
WEP, like WPA/WPA2, does encrypt each data frame.

The problem is that WEP keys are short and relatively easy to crack, and so you're probably better off treating it as unencrypted for things you really care about.
QB is offline   Reply With Quote
Old 05-11-2014, 10:37 AM   #54
Guru


 
City: Full-time onboard
Country: USA
Vessel Model: Trawler
Join Date: Oct 2007
Posts: 937
Quote:
Originally Posted by jstauffer View Post
I assume the mifi to Internet is pretty secure, but the connection between my wireless computer, or wireless router, is not nearly as secure?
Cellular is quite secure. As long as your MiFi has a WPA password associated to gain access, you're doing about as much as you need to do. We don't use a VPN over our MiFi.
Jeffrey S is offline   Reply With Quote
Old 05-11-2014, 11:02 AM   #55
Guru
 
timjet's Avatar
 
Join Date: Apr 2009
Posts: 1,905
I've had my credit card comprised twice in the last year. I travel a lot and use hotel WiFi all the time but never to conduct banking transactions or make cc purchases. For those transactions I use my cellular MiFi unit.

After reading this thread I'm going to stop using public WiFi and stick to my MiFi unit. I'll have to upgrade the monthly allotment.

Intrestingly, after the most recent compromise, my cc company didn't seem interested in asking for my help in finding out how my cc was compromised. They did however caught it quickly but not until after the perp made 4 charges totalling over $2000 all on the internet in a matter of 15 minutes.
__________________
Tim
Tampa Bay
Carver 355 ACMY Twin Cummins Diesels Sold
timjet is offline   Reply With Quote
Old 05-11-2014, 11:56 AM   #56
Guru
 
twistedtree's Avatar
 
City: Gloucester, MA
Country: USA
Join Date: Jan 2013
Posts: 3,187
Keep in mind that there are lots of ways for people to get your credit card info other than snooping a wifi connection. Most criminals a dopes, and I expect use much more dope-like means. Like wait staff in restaurants, gas station attendants, or anyone else to whom you give your card for processing a charge. The last time one of my cards was compromised, I'm pretty sure it was buying gas because that was the only place I used that particular card in quite a while.

Anyway, I think there is lots more low-tech crime to worry about than high tech crime.
__________________
www.MVTanglewood.com
twistedtree is offline   Reply With Quote
Old 05-11-2014, 01:26 PM   #57
Guru
 
Edelweiss's Avatar
 
City: PNW
Country: USA
Vessel Model: 1976 Californian Tricabin LRC
Join Date: May 2011
Posts: 1,834
Quote:
Originally Posted by twistedtree View Post
Keep in mind that there are lots of ways for people to get your credit card info other than snooping a wifi connection.
Very true!!
Last year my son opened an investment account with a top rated investment firm and along with the account they also issued him a credit card, which he placed in his office desk at home and never used.

About a month ago the security department for the card issuer called him and notified him they suspected the card had been fraudulently used to purchase over $600 dollars in Starbucks gift cards. The credit card is still in his desk with the label on it, never used??

I guess the point is, be reasonably responsible for your personal financial security, but don't overly worry about it. The card companies will stand behind their product and no matter how safe you think you're being. . . . . If there is a will . . . . there is always a way.
__________________
Larry B
Careful . . .I Have a Generator and I'm not afraid to use it !
Edelweiss is offline   Reply With Quote
Old 05-11-2014, 01:32 PM   #58
TF Site Team
 
FlyWright's Avatar
 
City: California Delta and SF Bay
Country: Sacramento, CA, USA (boat in Vallejo)
Vessel Name: FlyWright
Vessel Model: Marshall Californian 34 LRC
Join Date: Apr 2008
Posts: 10,175
I've had my credit cards compromised several times in the past 10 years. One was theft, one was a suspected in-person purchase and another was unknown source.

My daughter was conducting banking when in college on the school's free wifi at the student union. Her login data was stolen, the thief made a transfer of $3000 to Paypal and almost got away with it. Quick action on her part stopped the transaction before it cleared. She got all her money back.
__________________
Al

Custom Google Trawler Forum Search
FlyWright is offline   Reply With Quote
Old 05-11-2014, 02:25 PM   #59
Guru
 
kthoennes's Avatar
 
City: Sioux Falls, South Dakota
Country: USA
Vessel Name: Xanadu
Vessel Model: Mainship 37 Motor Yacht
Join Date: Oct 2013
Posts: 857
That's a very good point. I'd be far more worried and cautious about 'net security on a college campus than a marina. A marina isn't usually packed with computer majors and whizzes who are living on college budgets and have hours and hours of free time on their hands.
kthoennes is online now   Reply With Quote
Old 05-11-2014, 02:40 PM   #60
Guru


 
City: Full-time onboard
Country: USA
Vessel Model: Trawler
Join Date: Oct 2007
Posts: 937
Quote:
Originally Posted by kthoennes View Post
A marina isn't usually packed with computer majors and whizzes who are living on college budgets and have hours and hours of free time on their hands.
I guess it depends on the college. I did all of my hacking when I was a teenager. By the time I got into college, I was way too busy to mess around with anything like that.

Today, if I wanted to hack into someone's accounts for the purpose of getting money, I'd definitely use marinas and airports. In both cases, they're filled with above-income people who are traveling away from home without the typical home access to alerts, phone calls, and computer access. Marinas especially are filled with people who are away from home for months at a time making purchases in many different places. Trawlers, sport fish, and megayachts are wonderful targets that way because their credit cards would be punctuated by large fuel purchases, each one in a different location. Another dozen larger purchases spread out over a dozen boats would hardly get noticed by the credit card company.

Boat owners often have larger assets sitting in a financial account somewhere. Setting up a wire transfer moves the money in a day and it's totally gone. I'm sure there are limits that wouldn't raise too many delays or concerns too.

None of that would be a good use of time at a college campus.

It's a good thing this ActiveCaptain thing is working out or else I would have time to mess around with some of that!
__________________

Jeffrey S is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off





All times are GMT -5. The time now is 08:23 AM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Optimization by vBSEO 3.6.0
Copyright 2006 - 2012