Reply
Thread Tools
Posts: 1 | Thanked: 3 times | Joined on Feb 2010
#1
Hi All,

There's nothing better than surfing full webpages on the go with the N900 but it's costing me a fortune on the 3G. I really want to take advantage of McDonald's free wifi, but am scared of sending my passwords over a public wifi network.

Currently my contact list uses google talk, skype, facebook (via jabber), msn (using msn-pecan) and yahoo (using pidgin protocols for conversations and contacts 0.7). I also have an imap email account set up using the "secure authentication: login" option, whatever that means!

Can anyone advise which of these I should disable before connecting to a public network? And is there a quick way to stop the e-mail account from trying to connect?

Thanks!
 

The Following 3 Users Say Thank You to donny For This Useful Post:
Posts: 292 | Thanked: 131 times | Joined on Dec 2009
#2
Originally Posted by donny View Post
Hi All,

There's nothing better than surfing full webpages on the go with the N900 but it's costing me a fortune on the 3G. I really want to take advantage of McDonald's free wifi, but am scared of sending my passwords over a public wifi network.

Currently my contact list uses google talk, skype, facebook (via jabber), msn (using msn-pecan) and yahoo (using pidgin protocols for conversations and contacts 0.7). I also have an imap email account set up using the "secure authentication: login" option, whatever that means!

Can anyone advise which of these I should disable before connecting to a public network? And is there a quick way to stop the e-mail account from trying to connect?

Thanks!
There are two main risks, I think:
  1. Somebody loging into you N900 - if you install telnetd or OpenSSH-Server you should change the passwords. Of course, this can happen even if you are on cellular. You just have to be on the Internet for somebody to try to break into your computer.
  2. Traffic sniffing. This is what you were asking about. Yes, you should be very wary of any public wi-fi, but it is manageable.

About #2, you should avoid anything that sends clear text passwords.

The last time I looked (about a few years ago), MSN used clear text passwords.

Skype encrypts all the communication. When using the browser to login into Facebook, Yahoo or Gmail, you are safe because the login data is encrypted. By using the plugins I'm not so sure, but my guess is that they wouldn't leave that open, right?

I'm not sure about jabber either.

If you use secure authentication for IMAP or POP3 there is no problem, generally.

Just watch out for anything suspicious. For example, if a unknown certificate is presented by the software when you are trying to connect to a known service it might mean that there is someone trying to play the man-in-the-middle attack on you.
 

The Following 6 Users Say Thank You to soeiro For This Useful Post:
Posts: 3,841 | Thanked: 1,079 times | Joined on Nov 2006
#3
Yep, don't use anything with clear text passwords. But that doesn't apply only to wi-fi networks, it applies _anywhere_. Even at home. Not only does your password travel over maybe continents of different networks, if your're connected to certain types of cable networks even your unsophisticated neighbour can sniff your cleartext.

And I would also log in to e.g. gmail with https://mail.google.com, and not http://www.gmail.com/, because the former will run the whole session (reading / writing your mails) encrypted, and not only the login session. (But you can also enable a gmail option in settings, which will enable encryption all-the-time as default. That's a good idea too.)
__________________
N800/OS2007|N900/Maemo5
-- Metalayer-crawler delenda est.
-- Current state: Fed up with everything MeeGo.
 
Posts: 562 | Thanked: 1,732 times | Joined on Jan 2010 @ NYC
#4
Well, you could use an SSH tunnel for your surfing via proxy. This way you never have to worry. Just a bit inconvenient to set up.

x

Last edited by xman; 2010-03-09 at 17:51.
 
Posts: 275 | Thanked: 46 times | Joined on Feb 2010
#5
May I ask why a firewall has not been implemented for the n900?
 
Posts: 3,841 | Thanked: 1,079 times | Joined on Nov 2006
#6
The Linux kernel has a very good firewall built-in. However the N900 standard kernel doesn't come with the module. But there's another thread around which talks about building fiasco-compatible kernels, with iptables enabled.
__________________
N800/OS2007|N900/Maemo5
-- Metalayer-crawler delenda est.
-- Current state: Fed up with everything MeeGo.
 
zail's Avatar
Posts: 171 | Thanked: 59 times | Joined on Feb 2010 @ Bristol, uk
#7
If you want to check which apps are using clear text passwords you can try the following:

1/ Install Wireshark (might be in extras-dev, so read about he dangers of installing software from there)

2/ Log on to your home wireless network

3/ Set Wireshark up to monitor the traffic over your wireless adapter

4/ Login to all your email accounts and IM accounts in turn

5/ Look through the Wireshark packet capture info and you will see any clear text passwords that are transmitted.

Once you've worked out whats going on you can then decide what to use over public wireless etc. It won't protect you from someone sniffing stuff but it will make thing harder for them to gain access to your accounts. I did this and found out one of my e-mail accounts was inadvertantly sending a clear text password - it's not now!
 

The Following User Says Thank You to zail For This Useful Post:
Posts: 540 | Thanked: 288 times | Joined on Sep 2009
#8
Just tested with tcpdump, the GTalk plugins use TLS all the way (not just login), I see the starttls commands in plaintext and then it's all garbage.
 

The Following User Says Thank You to rambo For This Useful Post:
Posts: 540 | Thanked: 288 times | Joined on Sep 2009
#9
Originally Posted by TA-t3 View Post
The Linux kernel has a very good firewall built-in. However the N900 standard kernel doesn't come with the module. But there's another thread around which talks about building fiasco-compatible kernels, with iptables enabled.
AFAIRecall the base iptables module is in the stock kernel but the binary to manipulate is not in the basic install (it's in extras-devel at least).

Anyways unless you have specifically installed telnet or ssh you have no services running and attacking the linux TCP/IP stack itself with just SYNs is kind of hard...

Edit "no services" is to mean no services accessible on any of the real interfaces, loopback is a different beast.
 
Posts: 145 | Thanked: 4 times | Joined on Feb 2010
#10
maybe a silly question, 3G packet data link is connected to Access Point of each operator, how secure this link is?
 
Reply

Thread Tools

 
Forum Jump


All times are GMT. The time now is 07:32.