N900 security when using public wifi
 

Hi All,

There's nothing better than surfing full webpages on the go with the N900 but it's costing me a fortune on the 3G. I really want to take advantage of McDonald's free wifi, but am scared of sending my passwords over a public wifi network.

Currently my contact list uses google talk, skype, facebook (via jabber), msn (using msn-pecan) and yahoo (using pidgin protocols for conversations and contacts 0.7). I also have an imap email account set up using the "secure authentication: login" option, whatever that means!

Can anyone advise which of these I should disable before connecting to a public network? And is there a quick way to stop the e-mail account from trying to connect?

Thanks!

Re: N900 security when using public wifi
 

There are two main risks, I think:

1. Somebody loging into you N900 - if you install telnetd or OpenSSH-Server you should change the passwords. Of course, this can happen even if you are on cellular. You just have to be on the Internet for somebody to try to break into your computer.
2. Traffic sniffing. This is what you were asking about. Yes, you should be very wary of any public wi-fi, but it is manageable.

About #2, you should avoid anything that sends clear text passwords.

The last time I looked (about a few years ago), MSN used clear text passwords.

Skype encrypts all the communication. When using the browser to login into Facebook, Yahoo or Gmail, you are safe because the login data is encrypted. By using the plugins I'm not so sure, but my guess is that they wouldn't leave that open, right?

I'm not sure about jabber either.

If you use secure authentication for IMAP or POP3 there is no problem, generally.

Just watch out for anything suspicious. For example, if a unknown certificate is presented by the software when you are trying to connect to a known service it might mean that there is someone trying to play the man-in-the-middle attack on you.

Re: N900 security when using public wifi
 

Yep, don't use anything with clear text passwords. But that doesn't apply only to wi-fi networks, it applies _anywhere_. Even at home. Not only does your password travel over maybe continents of different networks, if your're connected to certain types of cable networks even your unsophisticated neighbour can sniff your cleartext.

And I would also log in to e.g. gmail with https://mail.google.com, and not http://www.gmail.com/, because the former will run the whole session (reading / writing your mails) encrypted, and not only the login session. (But you can also enable a gmail option in settings, which will enable encryption all-the-time as default. That's a good idea too.)

Re: N900 security when using public wifi
 

Well, you could use an SSH tunnel for your surfing via proxy. This way you never have to worry. Just a bit inconvenient to set up.

x

Re: N900 security when using public wifi
 

May I ask why a firewall has not been implemented for the n900?

Re: N900 security when using public wifi
 

The Linux kernel has a very good firewall built-in. However the N900 standard kernel doesn't come with the module. But there's another thread around which talks about building fiasco-compatible kernels, with iptables enabled.

Re: N900 security when using public wifi
 

If you want to check which apps are using clear text passwords you can try the following:

1/ Install Wireshark (might be in extras-dev, so read about he dangers of installing software from there)

2/ Log on to your home wireless network

3/ Set Wireshark up to monitor the traffic over your wireless adapter

4/ Login to all your email accounts and IM accounts in turn

5/ Look through the Wireshark packet capture info and you will see any clear text passwords that are transmitted.

Once you've worked out whats going on you can then decide what to use over public wireless etc. It won't protect you from someone sniffing stuff but it will make thing harder for them to gain access to your accounts. I did this and found out one of my e-mail accounts was inadvertantly sending a clear text password - it's not now!

Re: N900 security when using public wifi
 

Just tested with tcpdump, the GTalk plugins use TLS all the way (not just login), I see the starttls commands in plaintext and then it's all garbage.

Re: N900 security when using public wifi
 

AFAIRecall the base iptables module is in the stock kernel but the binary to manipulate is not in the basic install (it's in extras-devel at least).

Anyways unless you have specifically installed telnet or ssh you have no services running and attacking the linux TCP/IP stack itself with just SYNs is kind of hard...

Edit "no services" is to mean no services accessible on any of the real interfaces, loopback is a different beast.

Re: N900 security when using public wifi
 

maybe a silly question, 3G packet data link is connected to Access Point of each operator, how secure this link is?