Smashing Security podcast: Using public Wi-Fi

Graham Cluley

Smashing Security podcast: Using public Wi-Fi

Smashing Security podcast: Using public Wi-Fi

Vanja Svajcer, Carole Theriault and I have made another special “splinter” episode of the “Smashing Security” podcast – tackling the tricky problem of public Wi-Fi hotspots.

Oh, and this episode is a tiny bit rude. So maybe young ears shouldn’t listen.

Listen on Apple Podcasts | Google Podcasts | Other... | RSS
More episodes...

Show notes:

Hope you enjoy the show, and tell us what you think! You can follow the Smashing Security team at @SmashinSecurity on Twitter.

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

One Reply to “Smashing Security podcast: Using public Wi-Fi”

  1. The absence of HSTS, HPKP and DNSSEC means that on public WiFi you can't be certain that the site is delivering you genuine or secure content… SSL/TLS does not guarantee security where the site is operated by a rogue actor. Similarly connecting over WPA(2) doesn't guarantee authenticity of a site nor does it mean that other people on the open network (i.e. password freely available) cannot intercept your traffic.

    Even a normal VPN can be compromised by early interception of the traffic. There are technical ways using PKI to ensure integrity of the connection but most VPNs do not implement this.

    Obviously non of what I've said should detract people from seeking WPA(2) protected networks and only transmitting data to sites over SSL but I'd strongly recommend that NOBODY use public WiFi for the reasons I've already given. So:

    * Use 4G (or 3G) in preference to public WiFi
    * Use your VPN over 4G/3G for optimal security
    * Don't connect to public WiFi – it's insecure, potentially dangerous, slow and intrusive

    @Graham, you talked about mobile app insecurity but you didn't touch upon a very positive development by Apple – TL;DR: it was due to become a requirement for all iOS and OS X apps in its store to use App Transport Security by December 31st 2016

    They've now extended the deadline past 31/12/16 but this is the way things are going:

    https://developer.apple.com/news/?id=12212016b

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Never miss a thing. Sign up for the free GCHQ newsletter from Graham Cluley.
GET EMAIL UPDATES