Hi :) Thanks :) I think that is over complicating it for most users. It is useful to learn such things if you really are doing on-line banking from outside of your home or work networks or sometimes even inside them but for the most part i think we can hope that most people have a reasonably secure machine and a good enough place to use it that they don't have to worry too much about this sort of thing.
I think my main point was that people so seriously undermine their own security through bad passwords and such simple stuff that it makes their existing security useless. Even changing to a better password suddenly makes their own existing security plenty strong enough for most usages. Regards from Tom :) ________________________________ From: James B. Byrne <[email protected]> To: [email protected] Sent: Tuesday, 1 October 2013, 14:42 Subject: [libreoffice-users] [OT] Re: WiiFi networks On Tue, October 1, 2013 06:03, Tom Davies wrote: > Hi :) > Ok, so this is off-topic but it's another security issue. > > It's fairly easy for nefarious people to set-up unsecured wiifi networks. > I've been caught out by this myself but was quite lucky because i was > watching out for it and hadn't done any on-line banking through their > connection. > > Typically you have a computer or device that connects to the internet without > needing a cable so you see a list of connections all with a padlock symbol and > 1 or 2 with no padlock. Clicking on one of those gives you instant connection > to the internet for free!! WoooHoo!?? However everything you do on the > internet gets logged by the kind or stupid person that gave you the free > access. They can fairly easily sniff through that to find passwords or login > details of legitimate networks or even better grab your bank account details. > To establish a secure http (and any other tcp based) connection via a public wifi network do this (requires an ssh client on your mobile device): HOST=yoursshdhost.yourdomain.tld PORT=3000 USER=youruserid ssh -Y -L $PORT:$HOST:$PORT -o ServerAliveInterval=30 -o ServerAliveCountMax=10 $USER@$HOST Given Firefox for example you then do this: Firefox -> Preferences -> Advanced -> Network -> Settings -> Manual -> SOCKS v5 -> SOCKS Host = localhost -> Port = 3000 Now all your http traffic goes out over the air and through the public internet via an encrypted tunnel to a known point for further dissemination. Note that while I do this from my MacBook Pro all the time I do not have that device to hand at the moment so I am reproducing this from memory. There may very well be some error or omission in the example but this is close to what works if it is not exact. Note also that you may first need to 'register' your mac address with the wifi hot point provider using a regularly configured web browser session before you can establish the ssh link. But once that is done and the ssh link established then nobody between you and there is able to read your traffic. And you know for certain who you are talking to at the other end of the link. Alternatively get the Tor Browser and configure a secure and anonymous connection using it: https://www.torproject.org/projects/torbrowser.html.en Regards, -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:[email protected] Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 -- To unsubscribe e-mail to: [email protected] Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.libreoffice.org/global/users/ All messages sent to this list will be publicly archived and cannot be deleted -- To unsubscribe e-mail to: [email protected] Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.libreoffice.org/global/users/ All messages sent to this list will be publicly archived and cannot be deleted
