WiFi

Probably more noticeable in the marinas during the winter season here. At any given time, when the parking lots are empty, there will be a couple cars in the parking lots with a lone individual madly typing away on a laptop or tablet.

You have to ask yourself why would someone sit in a 30 degree car in January to use their laptop?? Various reason I suppose. One of our security people told me he confronted a woman who was sitting in her car downloading pirated movies. Her explanation, the Ports WiFi was much faster than her home internet. (Probably anonymous access as well!!)

In the summer time you will see non boater locals sitting at the picnic tables around the marina with their tablets and laptops as well.

ActiveCaptain said:

Today, if I wanted to hack into someone's accounts for the purpose of getting money, I'd definitely use marinas and airports. In both cases, they're filled with above-income people who are traveling away from home without the typical home access to alerts, phone calls, and computer access.

Click to expand...

They busted up a home burglary ring here, where people were breaking into cars in the airport long term parking, just to get the vehicle registration with the families home address. Knowing they would be gone more than a few days, they then cased and broke into their homes.

Edelweiss said:

The card companies will stand behind their product and no matter how safe you think you're being

Click to expand...

True, but they do it by law, not because they are good guys. By law, you are not responsible for fraudulent charges - the CC company is. Not true for debit cards, so be more careful with those.

This has been a very interesting discussion-I too am glad that AC thing is working out for Jeff, otherwise I would be more worried about my CC!

The only time we had a card (AMEX) compromised it turned out that a clerk at the Four Seasons Hotel in Chicago was stealing numbers, selling them to families of federal prisoners in Illinois. We got a call from AMEX one day asking if we had purchased $2,000 worth of stuff from Victoria's Secret and had it delivered in Miami! The FBI guy that interviewed us said they had had more than $500,000 of bad charges out the that prison!

THD said:

...it turned out that a clerk at the Four Seasons Hotel in Chicago was stealing numbers, selling them to families of federal prisoners in Illinois.

Click to expand...

In Illinois, they call those guys former Governors.

timjet said:

I've had my credit card comprised twice in the last year. I travel a lot and use hotel WiFi all the time but never to conduct banking transactions or make cc purchases. For those transactions I use my cellular MiFi unit.

After reading this thread I'm going to stop using public WiFi and stick to my MiFi unit. I'll have to upgrade the monthly allotment.

Intrestingly, after the most recent compromise, my cc company didn't seem interested in asking for my help in finding out how my cc was compromised. They did however caught it quickly but not until after the perp made 4 charges totalling over $2000 all on the internet in a matter of 15 minutes.

Click to expand...

Honesty it's posts like this that trouble me. Tim your MiFi isn't any more secure than WiFi. Why because it connects to your devices how? Via it's own WiFi (mini AP). There are far too many methods of stealing a persons identity or credit information than just WiFi. Look at the big hack that happened with Target, this wasn't attributed to WiFi.
I really dislike fear mongering and as others have stated the CC companies and your bank have intense security procedures and policies limiting your liability.
Bill

Billylll said:

Tim your MiFi isn't any more secure than WiFi. Why because it connects to your devices how? Via it's own WiFi (mini AP).

Click to expand...

I don't agree. We're not creating an impenetrable defense by NSA or someone who's incredibly knowledgeable. This is pure 98/2 - make it very difficult for 98% of the would-be bad-doers. You can't defend the 2% if you're willing to take part in the world.

The cellular part of MiFi is obviously pretty secure. No normal person has the equipment necessary to hack that.

The WiFi part of MiFi comes by default with WPA encryption. I have never seen a MiFi in any marina or anchorage that was open. Since the typical boater pays for bandwidth on their MiFi (and overcharges), they protect it so no one can steal their cellular plan gigabytes.

For cruising in your boat, there are 3 rules: 1. MiFi/cellular with WPA protection on the MiFi/cellular is all you need; 2. For WiFi, WPA protection is good enough; 3. For open WiFi, a VPN is a requirement. That's all there is.

There's one confusing point to this. Today, many boats have their own WiFi router onboard to create their own local area network. I've been writing a lot about that in our newsletters. It's often the case that you connect a long-range WiFi radio to the LAN router to distribute an internet connection among all WiFi devices onboard. Most people who have that configuration put a WPA password on their boat's router. But if they connect that outside, high-gain WiFi radio to an open WiFi internet connection (a marina, etc), then their traffic is completely in the open - you are not protected by your own boat's router even though it has WPA. You need to use a VPN any time there is open WiFi in the mix. This is a very confusing topic and really needs a picture to show why it's needed.

AC, so if you implement layer 2 isolation on the wireless are you saying you can still see someone else's traffic? I thought that was the whole point of properly setting up the WiFi LAN. I have been told by various manufacturers that if you have isolation on that the two devices can't see each other.

Jeff

What ActiveCaptain is saying is absolutely correct.

If you use a marinas wifi as the WAN side of your boats router, then you face the same risks as if you connected your laptop directly to the marinas wifi.

As far as whether public WIFI is dangerous to use, well yes it can be. There are techniques that you can use on a layer 2 network to view other peoples data.

I dont care if the wifi is encrypted. You dont have to break the encryption.

Look up...

Mac address flooding
Arp spoofing
DHCP spoofing

These things are not hard to do and almost no layer 2 networks use the tools available to prevent them.

I can sit on my boat and have all of your traffic flow through my laptop. Capture every frame.

Jbear said:

AC, so if you implement layer 2 isolation on the wireless are you saying you can still see someone else's traffic?

Click to expand...

Give a specific example of devices and encryption setup. This stuff is too hard to give many generalizations because it's too easy to have one extra device in the mix ruining an otherwise secure network for you.

Coincidentally I got a call from the fraud department for one of my cards just a few minutes ago. Somebody's been using it in Bangladesh lately and they wanted to confirm I was traveling. Uh no, not in Bangladesh, and that's about #9,469 on my bucket list of places to visit in the world. I never use that card, it's strictly a back-up/emergency kind of thing. No recent use anywhere, in person or over the 'net -- so it just goes to show, hackers in Bangladesh (or wherever) can still steal my card info even if I never use that card in person or online, regardless of how much I fret about connection security.

kthoennes said:

so it just goes to show, hackers in Bangladesh (or wherever) can still steal my card info even if I never use that card in person or online, regardless of how much I fret about connection security.

Click to expand...

It would be fascinating to know if the bank that issued that card ever provides account statements over email to you. Today I wouldn't expect to see the actual statement in an email but most banks send an email letting you know your statement is available with a link to it. Clicking on that link gets to your account login which could be very easy to penetrate given hacking/sniffing of network transactions over WiFi even if you almost never log in to check it.

kthoennes said:

I never use that card, it's strictly a back-up/emergency kind of thing. No recent use anywhere, in person or over the 'net -- so it just goes to show, hackers in Bangladesh (or wherever) can still steal my card info even if I never use that card in person or online, regardless of how much I fret about connection security.

Click to expand...

That is kind of scary! And guess that it could be an argument for not having a card if it is not used (although I feel sure one could argue both sides very easily).

Billylll said:

Tim your MiFi isn't any more secure than WiFi. Why because it connects to your devices how? Via it's own WiFi (mini AP).
Bill

Click to expand...

ActiveCaptain, Ksanders and others have indicated that MiFi is secure or at least as AC said 98/2.
My MiFi unit is password protected. So presumably the connection from my MiFi unit to the internet is secure. However and I think this question has been asked before and I haven't seen the answer; is the connection between my computer and my MiFi unit secure also?

timjet said:

My MiFi unit is password protected. ... is the connection between my computer and my MiFi unit secure also?

Click to expand...

If you have a WPA password on your MiFi for connecting your computer, iPad, TV, etc., then you have what I call state-of-the-practical protection. It's about the best you can do in a reasonable way. It's all I do myself with my own MiFi.

The wifi at my marina is so slow all I use on my iPad is the AT&T 4G.

ActiveCaptain said:

If you have a WPA password on your MiFi for connecting your computer, iPad, TV, etc., then you have what I call state-of-the-practical protection. It's about the best you can do in a reasonable way. It's all I do myself with my own MiFi.

Click to expand...

That's what we do as well.

One thing that makes maripna wifi more at risk to attack is the relatively broad geographical area it reaches to, ie the whole marina, parking lots, etc...

The wifi on my boat reaches out about a hundred feet. So we are only
Vulnerable within that 100 foot radius.

River Cruiser said:

The wifi at my marina is so slow all I use on my iPad is the AT&T 4G.

Click to expand...

Let me guess the router and access point are in the main office on a shelf, not a directional panel with an outdoor commercial AP? Then again some people think DSL is enough speed for a commercial WiFi backhaul.
Bill

Guys I hate to tell you this but unless you set your MiFi to the lowest output power setting I can see them up to a 1/2 to 3/4 of a mile away with enough signal to interogate them.
Bill

ksanders said:

What ActiveCaptain is saying is absolutely correct.

If you use a marinas wifi as the WAN side of your boats router, then you face the same risks as if you connected your laptop directly to the marinas wifi.

As far as whether public WIFI is dangerous to use, well yes it can be. There are techniques that you can use on a layer 2 network to view other peoples data.

I dont care if the wifi is encrypted. You dont have to break the encryption.

Look up...

Mac address flooding
Arp spoofing
DHCP spoofing

These things are not hard to do and almost no layer 2 networks use the tools available to prevent them.

I can sit on my boat and have all of your traffic flow through my laptop. Capture every frame.

Click to expand...

All of the above can be done to a MiFi as well.
Bill

River Cruiser said:

The wifi at my marina is so slow all I use on my iPad is the AT&T 4G.

Click to expand...

Especially if you're on the east coast, have your marina contact us. We've been working with a company that has a great model and fantastic expertise in designing and installing marina WiFi systems - it's all they do. We believe that instead of a marina asking you to not stream video, they should invite you to use NetFlix, YouTube, Skype, and all of the streaming you'd like. We've been involved with a half-dozen marinas using these new capabilities and the results have been outstanding. And since we're pretty close to marina management and their business practices, we're also able to help them see how to fund it and actually save money by installing the right stuff.

There are some marinas that won't be able to support this newer level of WiFi experience because the backend internet access just isn't there - although that's becoming rare too. But the time is about to end on accepting 500 kbps connectivity that comes and goes when you're at a marina. You'll see...

Jeff I didn't know commercial advertising was allowed I'm in the business as well have been for decades.
I assume you are deploying 802.11AC like we are. We still install the 2.4GHz components for those few devices that still require it.
We use iBWave Pro for designs and porp as well as the BVS Yellow Jacket for actual testing and reports.
Bill

Billylll said:

Jeff I didn't know commercial advertising was allowed I'm in the business as well have been for decades.

Click to expand...

Now you're just being a smart ass. We're not providing any services, equipment, systems, or anything. We're showing marinas how to create the next generation WiFi systems for their facilities. They pay us nothing - we do it because we want better WiFi for boaters. We've been writing about it in our marina newsletter for months.

I'm done responding to you, Bill. You have a need to find fault and make sideways responses like this at every turn. I hope you get to install better WiFi at marinas too if that's what your business is.

ActiveCaptain said:

Now you're just being a smart ass. We're not providing any services, equipment, systems, or anything. We're showing marinas how to create the next generation WiFi systems for their facilities. They pay us nothing - we do it because we want better WiFi for boaters. We've been writing about it in our marina newsletter for months.

I'm done responding to you, Bill. You have a need to find fault and make sideways responses like this at every turn. I hope you get to install better WiFi at marinas too if that's what your business is.

Click to expand...

You know me how Jeff? I think your comment should be retracted I do accept apologies...
I have done nothing but praise AC.
Bill Lentz

Billylll said:

All of the above can be done to a MiFi as well.
Bill

Click to expand...

OK Bill

So, you're telling me that you can do that to my MIFI.

Unless you gain access to my layer 2 network its going to be pretty tough to do.


AND even if you can get in through the WPA, you are on in a million, so I'm not worried.


SO, just how are you going to do it again?????

ksanders said:

OK Bill

So, you're telling me that you can do that to my MIFI.

Unless you gain access to my layer 2 network its going to be pretty tough to do.


AND even if you can get in through the WPA, you are on in a million, so I'm not worried.


SO, just how are you going to do it again?????

Click to expand...

I'm not the person you need to worry about, that's my entire point about all this wireless fear mongering started by others. I'm just saying a MiFi can be seen at quite a distance over water with the proper equipment.
You actually have nothing to worry about neither do people that use public WiFi provided by AT&T, VZW, Comcast, Cable Vision and Cox there are plenty of other providers as well.
Bill

Billylll said:

I'm not the person you need to worry about, that's my entire point about all this wireless fear mongering started by others. I'm just saying a MiFi can be seen at quite a distance over water with the proper equipment.
You actually have nothing to worry about neither do people that use public WiFi provided by AT&T, VZW, Comcast, Cable Vision and Cox there are plenty of other providers as well.
Bill

Click to expand...

Bill, actually I do have something to worry about using marina wifi, and so does everybody else.

All I need to do is to set up a rogue dhcp server on my lap top and give out addresses that point to it as the default gateway.

Then all I have to do is find out the WPA key, which is as easy as buying a burger at the marinas little cafe and asking for it. I can sit at a table, eating a burger, and be in business.

Then after mr boater associates with the marinas WAP and requests a DHCP address from the local router I let my laptop answer the request. Sometimes I'll beat the marinas router to the punch, and sometimes I wont. I can force the issue by using up the dhcp address pool so thats not a problem either.

Then mr boater thinks he is safe and secure, while all along he is sending his traffic through my laptop.

Thats not fear mongering.

Thats the reality of life when you choose to connect your equipment to networks that were not engineered with security in mind.

You can do that knowing full well you would be in violation of the law.
I know the head of the FCC office in Philadelphia Dave Dumbrowski he would be on you like white on Rice. You would go to jail if you did this.
Bill

Wow ksanders. After reading that, I sure am glad my marina doesn't sell burgers.

Billylll said:

You can do that knowing full well you would be in violation of the law.
I know the head of the FCC office in Philadelphia Dave Dumbrowski he would be on you like white on Rice. You would go to jail if you did this.
Bill

Click to expand...

Bill, do you really think the criminals worry that its against the law. Really! I can hear then quaking in their boots now.

I am not a hacker. I work on the good guy side of the fence.

Northern Spy said:

Wow ksanders. After reading that, I sure am glad my marina doesn't sell burgers.

Click to expand...

Kevin of coarse you're a good guy so is Jeff. I'm RUCKUS and Lucent LTE certified as well as numerous certs on the RF side of the house. I think the fear in using public wireless needs to be toned down a few notches.
Life's too short, there are many security measures in place in the banking and credit industries limiting potential abuses. They also limit your liability to almost -0-$$$'s.
Take care,
Bill