Wi Fi security
Hi folks If when using a campgrounds pass protected Wi Fi and doing something like bill paying, how secure is my information?
Forum Discussion
RayPayne wrote:OhhWell wrote:
If the router is compromised, you are still screwed; right after you put your login info into what you thought was your bank's website.
Even if the router is compromised, the SSL would still not validate properly. Your computer has the root trusts for who can issue an SSL, so even if they compromise the router and redirect you to a site with the exact same name as the banking site, you will get the SSL error. As long as you make sure you have https: and the name of the site correct, gaining control of the router is irrelevant. Your data to your banking site from home will always go across many routers that other people own. SSL is end to end, no matter who is in the middle.
The higher risk is in the user typing in a bad URL or clicking on a link with a URL that looks similar to the bank site, but isn't.
That is my point. SSL wouldn't matter because you would not be on your bank's actual website even though it looked like it. Most banks use 2 way validation with a picture and word that the member chooses to combat this.
Look up compromised router pharming. Here is an exceprt from Wikipedia:
More worrisome than host-file attacks is the compromise of a local network router.[1] Since most routers specify a trusted DNS to clients as they join the network, misinformation here will spoil lookups for the entire LAN. Unlike host-file rewrites, local-router compromise is difficult to detect. Routers can pass bad DNS information in two ways: malconfiguration of existing settings or wholesale rewrite of embedded software (aka firmware). Many routers allow the administrator to specify a particular, trusted DNS in place of the one suggested by an upstream node (e.g., the ISP). An attacker could specify a DNS server under his control instead of a legitimate one. All subsequent resolutions would go through the bad server. A scenario involving malicious JavaScript that changes the router's DNS server is called drive-by pharming and demonstrated by Stamm, Ramzan and Jakobsson in a December 2006 technical report.[2]
It would be VERY easy to do in most small campgrounds that use simple consumer routers. Some don't even put a password on their admin account for the router even though they put a password on wireless access.
