Smashing Security podcast: Using public Wi-Fi

Three security industry veterans, chatting about computer security and online privacy.

Smashing Security podcast: Using public Wi-Fi

Vanja Svajcer, Carole Theriault and I have made another special “splinter” episode of the “Smashing Security” podcast - tackling the tricky problem of public Wi-Fi hotspots.

Oh, and this episode is a tiny bit rude. So maybe young ears shouldn’t listen.

Listen on Apple Podcasts | Google Podcasts | Other… | RSS

Show notes:

Hope you enjoy the show, and tell us what you think! You can follow the Smashing Security team at @SmashinSecurity on Twitter.

Tags: , , ,

Share this article:

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

, , ,

One Response

  1. Bob

    February 15, 2017 at 11:23 am #

    The absence of HSTS, HPKP and DNSSEC means that on public WiFi you can’t be certain that the site is delivering you genuine or secure content… SSL/TLS does not guarantee security where the site is operated by a rogue actor. Similarly connecting over WPA(2) doesn’t guarantee authenticity of a site nor does it mean that other people on the open network (i.e. password freely available) cannot intercept your traffic.

    Even a normal VPN can be compromised by early interception of the traffic. There are technical ways using PKI to ensure integrity of the connection but most VPNs do not implement this.

    Obviously non of what I’ve said should detract people from seeking WPA(2) protected networks and only transmitting data to sites over SSL but I’d strongly recommend that NOBODY use public WiFi for the reasons I’ve already given. So:

    * Use 4G (or 3G) in preference to public WiFi
    * Use your VPN over 4G/3G for optimal security
    * Don’t connect to public WiFi - it’s insecure, potentially dangerous, slow and intrusive

    @Graham, you talked about mobile app insecurity but you didn’t touch upon a very positive development by Apple - TL;DR: it was due to become a requirement for all iOS and OS X apps in its store to use App Transport Security by December 31st 2016

    They’ve now extended the deadline past 31/12/16 but this is the way things are going:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.