Do you have "SSL Always" turned on in Gmail?
I run an open wireless network—not necessarily out of the good of my soul, more because I’m lazy and I believe in being responsible for application-level security myself.
My network was running slowly last night, so I figured somebody was leeching my connection. I fired up nmap and wireshark and found a few people. One of them was generating activity, so I started a packet capture—to my surprise, they were using Gmail, in plaintext, on my unencrypted wireless network. They were quite literally broadcasting their contacts, security cookies, etc., into the block or so surrounding my home.
At this point, I thought most people had gotten the message that SENDING THINGS IN PLAINTEXT IS LIKE CC:ING THE WHOLE WORLD. Maybe not.
Do you guys run Gmail in SSL (preferences -> bottom -> “Browser connection”?) Did you know about the risks of not using SSL? Do you give a damn?
Observing members:
0
Composing members:
0
8 Answers
I know all of my neighbors and i trust them. We use each others connections all the time.
Yes, yes, and yes, but I’m an IT guy. My guess is that most people probably don’t notice.
@wilhel1812: do you live in a rural area? Your neighbors might not be sniffing you, but what about the guy walking down the street, or that happens to be within 100 feet of your router?
I’m not trying to be a lecturer, I’m actually wondering what kind of thought most people put into this.
I echo aaron’s sentiment—it’s important to remember that if you’re on an open wireless network and you’re sending unencrypted data, anyone nearby can see it (if they have the know-how).
The guys walking down the street is most probably using hsi iphone or something, not interrested in hacking my mac. i know it would be possible, but i cant seem see it happen.
I once intercepted someones nude pics when they were trying to leach my internets. They were not attractive.
I don’t know what that means. I’m very probably “CCing the whole world” at this very moment, without realizing it.
@pete:
When your computer “talks” to a website, it does so in plain text, the same way you might talk to someone across a room from yourself. If you’re on an open wireless network, these words get thrown through the air, where anyone in the room (or, on the network) can listen if they speak the same language.
Connecting with a https:// instead of a http:// at the beginning of the URL encrypts the data, so that you're speaking in a secret code to the website -- only you and the website know what you're saying to each other.
Answer this question
This question is in the General Section. Responses must be helpful and on-topic.