“A quarter of the world’s Wi-Fi networks are so insecure that the only thing stopping hackers from abusing them is their own lack of will,” Sead Fadilpašić writes for BetaNews. “This is according to a new, extensive research by security experts at Kaspersky Lab, which have analyzed more than 31 million public Wi-Fi hotspots all over the world.”
“Basically, 25 percent aren’t using any type of encryption or password protection, meaning the information going through these networks is wide open for everyone to see,” Fadilpašić writes. “Another three percent are using WEP, which is a protocol that can be cracked ‘within minutes, using tools that are freely available on the internet.'”
“Kaspersky Lab advises everyone to stay vigilant and not do sensitive things on these networks, like banking transactions, shopping or logging into different sites,” Fadilpašić writes. “‘We strongly recommend using additional measures to protect traffic, such as VPN (Virtual Private Network) technology,’ explains Denis Legezo, antivirus expert at Kaspersky Lab.”
Read more in the full article here.
MacDailyNews Take: Give that old Mac something good to do – turn it into an inexpensive personal VPN!
SEE ALSO:
This home VPN router setup protects your data wherever you are – April 7, 2016
Why you should avoid free VPNs – January 29, 2016
How to easily turn that old Mac into an inexpensive personal VPN – November 19, 2015
How and why you should use a VPN to protect your data’s final mile – January 16, 2015
Well, aren’t most free public WiFi spots open by definition, so that users wouldn’t need the key in order to connect?
Yes, and that’s part of the problem, but even if a “key” is used, everyone has it in a public setting. That’s why you should not connect to one with a VPN. There are plenty out there, some free, so there’s no excuse not to use one.
cozmot, I think you’re attempting to help. But your grammar is confusing. Let me attempt to make this clearer while adding on some details:
1) The word ‘key’ is actually the PASSWORD for a correctly protected WiFi hotspot. The fact that the password is posted in that public setting is of no detriment at all. Instead, everyone connecting to that particular WiFi hotspot is FORCED to log in, resulting in a fully encrypted transaction with the Internet. Having to log into a WiFi hotspot is an EXCELLENT thing.
2) Those WiFi hotspots that don’t force you to log in are dangerous, without encryption, that are easily surveilled. Anyone also connected to that WiFi hotspot can grab all the data you send back and forth over the Internet, including IDs and passwords you use to log into any website. Damn, your identity was just stolen for that site, etc.
3) A VPN in and of itself forces encryption as well. Once you’re logged into your VPN, not-a-soul can surveil what you’re doing at that WiFi hotspot. All they see is encrypted data that looks like nothing but random noise.
4) The single danger with some VPNs is that there is that brief moment when you’re on connected to the dangerous, unencrypted WiFi hotspot and you’re logging into your VPN. Your ID and password for some VPNs are passed ‘in the clear’ over the hotspot LAN (local area network) to the Internet before you’re logged in. Therefore, verify that your VPN is using encryption when you connect to it for login. If it’s not, it’s possible for a hacker to grab that ID and password, stealing your VPN account.
Be safe out there kids. The Internet has a long way to go before it’s actually secure for average users. For those of us who understand Internet security, it pays to learn the security tools and use them.
Errm, but banks use SSL which means it is end to end encrypted no matter the quality of the intervening connection or who is snooping on it. Does this idiot not understand anything?
SSL is no longer recommended because of a succession of security flaws. It’s successor TLS (Transport Layer Security) is all you should be using with HTTPS. Even then, you should be using the latest version of TLS. Websites that force TLS are still NOT the norm.
And of course, websites that only allow HTTPS are NOT the norm either. At this point, there are very few reasons a website should allow HTTP, vs HTTPS. And yet, HTTPS remains the minority protocol. (0_o)
Of course you best bet is Kaspersky’s internet protection module (according to Kaspersky).
This whole article is a load of BS. Any site to which I am sending sensitive information is going be encrypted by an SSL certificate which is going to provide much stronger encryption than any WPA security.
Let’s try to scare everyone to sell more software.
One correction of the article:
WEP encryption can be cracked with freely available tools in LESS than one minute. WEP is worthless. If you have an old router that only allows WEP: Just throw it away. It provides no security.
You cannot change stupid.
Educating does