Skip to main content

Slashdot: Public Wi-Fi is a Lot Safer Than You Think

Public Wi-Fi is a Lot Safer Than You Think
Published on January 31, 2020 at 10:53PM
Jacob Hoffman-Andrews, writing for EFF: If you follow security on the Internet, you may have seen articles warning you to "beware of public Wi-Fi networks" in cafes, airports, hotels, and other public places. But now, due to the widespread deployment of HTTPS encryption on most popular websites, advice to avoid public Wi-Fi is mostly out of date and applicable to a lot fewer people than it once was. The advice stems from the early days of the Internet, when most communication was not encrypted. At that time, if someone could snoop on your network communications -- for instance by sniffing packets from unencrypted Wi-Fi or by being the NSA -- they could read your email. Starting in 2010 that all changed. Eric Butler released Firesheep, an easy-to-use demonstration of "sniffing" insecure HTTP to take over people's accounts. Site owners started to take note and realized they needed to implement HTTPS (the more secure, encrypted version of HTTP) for every page on their site. The timing was good: earlier that year, Google had turned on HTTPS by default for all Gmail users and reported that the costs to do so were quite low. Hardware and software had advanced to the point where encrypting web browsing was easy and cheap. However, practical deployment of HTTPS across the whole web took a long time. One big obstacle was the difficulty for webmasters and site administrators of buying and installing a certificate (a small file required in order to set up HTTPS). EFF helped launch Let's Encrypt, which makes certificates available for free, and we wrote Certbot, the easiest way to get a free certificate from Let's Encrypt and install it. Meanwhile, lots of site owners were changing their software and HTML in order to make the switch to HTTPS. There's been tremendous progress, and now 92% of web page loads from the United States use HTTPS. In other countries the percentage is somewhat lower -- 80% in India, for example -- but HTTPS still protects the large majority of pages visited. [...] What about the risk of governments scooping up signals from "open" public Wi-Fi that has no password? Governments that surveill people on the Internet often do it by listening in on upstream data, at the core routers of broadband providers and mobile phone companies. If that's the case, it means the same information is commonly visible to the government whether they sniff it from the air or from the wires.

Read more of this story at Slashdot.

Comments

Popular posts from this blog

Slashdot: AT&T Says Leaked Data of 70 Million People Is Not From Its Systems

AT&T Says Leaked Data of 70 Million People Is Not From Its Systems Published on March 20, 2024 at 02:15AM An anonymous reader quotes a report from BleepingComputer: AT&T says a massive trove of data impacting 71 million people did not originate from its systems after a hacker leaked it on a cybercrime forum and claimed it was stolen in a 2021 breach of the company. While BleepingComputer has not been able to confirm the legitimacy of all the data in the database, we have confirmed some of the entries are accurate, including those whose data is not publicly accessible for scraping. The data is from an alleged 2021 AT&T data breach that a threat actor known as ShinyHunters attempted to sell on the RaidForums data theft forum for a starting price of $200,000 and incremental offers of $30,000. The hacker stated they would sell it immediately for $1 million. AT&T told BleepingComputer then that the data did not originate from them and that its systems were not breached. ...

Slashdot: US Plans $825 Million Investment For New York Semiconductor R&D Facility

US Plans $825 Million Investment For New York Semiconductor R&D Facility Published on November 02, 2024 at 03:00AM The Biden administration is investing $825 million in a new semiconductor research and development facility in Albany, New York. Reuters reports: The New York facility will be expected to drive innovation in EUV technology, a complex process necessary to make semiconductors, the U.S. Department of Commerce and Natcast, operator of the National Semiconductor Technology Center (NTSC) said. The launch of the facility "represents a key milestone in ensuring the United States remains a global leader in innovation and semiconductor research and development," Commerce Secretary Gina Raimondo said. From the U.S. Department of Commerce press release: EUV Lithography is essential for manufacturing smaller, faster, and more efficient microchips. As the semiconductor industry pushes the limits of Moore's Law, EUV lithography has emerged as a critical technology to ...

Slashdot: AT&T, T-Mobile Prep First RedCap 5G IoT Devices

AT&T, T-Mobile Prep First RedCap 5G IoT Devices Published on October 15, 2024 at 03:20AM The first 5G Internet of Things (IoT) devices are launching soon. According to Fierce Wireless, T-Mobile plans to launch its first RedCap devices by the end of the year, while AT&T's devices are expected sometime in 2025. From the report: All of this should pave the way for higher performance 5G gadgets to make an impact in the world of IoT. RedCap, which stands for reduced capabilities, was introduced as part of the 3GPP's Release 17 5G standard, which was completed -- or frozen in 3GPP terms -- in mid-2022. The specification, which is also called NR-Light, is the first 5G-specific spec for IoT. RedCap promises to offer data transfer speeds of between 30 Mbps to 80 Mbps. The RedCap spec greatly reduces the bandwidth needed for 5G, allowing the signal to run in a 20 MHz channel rather than the 100 MHz channel required for full scale 5G communications. Read more of this story at...