Smashing Security podcast: Using public Wi-Fi

Three security industry veterans, chatting about computer security and online privacy.

Smashing Security podcast: Using public Wi-Fi

Vanja Svajcer, Carole Theriault and I have made another special "splinter" episode of the "Smashing Security" podcast - tackling the tricky problem of public Wi-Fi hotspots.

Oh, and this episode is a tiny bit rude. So maybe young ears shouldn't listen.

Audio podcast: iTunes | Google Play | Stitcher | RSS for you nerds.

Show notes:

Hope you enjoy the show, and tell us what you think! You can follow the Smashing Security team at @SmashinSecurity on Twitter.

Tags: , , ,

Smashing Security audio podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Vanja Svajcer, and Carole Theriault.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

Listen now

Subscribe to the free GCHQ newsletter

, , ,

Leave a reply

1 Comment on "Smashing Security podcast: Using public Wi-Fi"

Notify of
avatar
Sort by:   newest | oldest | most voted
Bob
Visitor
Bob

The absence of HSTS, HPKP and DNSSEC means that on public WiFi you can't be certain that the site is delivering you genuine or secure content… SSL/TLS does not guarantee security where the site is operated by a rogue actor. Similarly connecting over WPA(2) doesn't guarantee authenticity of a site nor does it mean that other people on the open network (i.e. password freely available) cannot intercept your traffic.

Even a normal VPN can be compromised by early interception of the traffic. There are technical ways using PKI to ensure integrity of the connection but most VPNs do not implement this.

Obviously non of what I've said should detract people from seeking WPA(2) protected networks and only transmitting data to sites over SSL but I'd strongly recommend that NOBODY use public WiFi for the reasons I've already given. So:

* Use 4G (or 3G) in preference to public WiFi
* Use your VPN over 4G/3G for optimal security
* Don't connect to public WiFi – it's insecure, potentially dangerous, slow and intrusive

@Graham, you talked about mobile app insecurity but you didn't touch upon a very positive development by Apple – TL;DR: it was due to become a requirement for all iOS and OS X apps in its store to use App Transport Security by December 31st 2016

They've now extended the deadline past 31/12/16 but this is the way things are going:

https://developer.apple.com/news/?id=12212016b

wpDiscuz