Forum Question: Unsecured Wireless Network

Hi Gary,

At my friend’s house they have a wireless network but it isn’t secured. When browsing the internet on a insecure network, is it good enough to Turn on the Built-in Firewall and set it to block all incoming connections and to have any type of sharing turned off? I also make sure that I use ‘https’ instead of http whenever I can.

In the near-future, I’ll help him set up a secured network, though.


PS: I think you’ve made a video on this topic before, but I cannot seem to find the right video…

— Tommy

Comments: 9 Responses to “Unsecured Wireless Network”

    7/24/10 @ 8:09 am

    Firewall won’t do much.
    Using https instead of http where you can does help, yes.
    The problem is that an open wifi network is sending your data unencrypted between your Mac and the base station. It is easy for someone else to “listen in” on those transmissions and steal any login passwords on non-https sites, your email accounts, etc. It sounds complex, but there are problems that anyone can get that do all the work — they listen in and spit out a list of passwords and account IDs. Very scary.
    No excuse to not make the network secure right now. All he needs to do is set a wpa2 password on the base station. Takes a few seconds.
    See episode 360:

    7/24/10 @ 9:05 am

    Thanks Gary.

    He doesn’t have an airport base station or a Mac. But we’ll figure it out. Thanks.

    7/24/10 @ 9:24 am

    Also, now that I went on their “open” network and logged into Twitter, Facebook and Gmail, it’s probably for the best if I change the password of each of the accounts I accessed, right?

    7/24/10 @ 9:28 am

    Should I do anything else after I’ve accessed an “Open” network.

    Sorry if I sound a bit paranoid… but I am. lol

      7/24/10 @ 10:47 am

      No, it is good to think about such things. I would change your email passwords, if you have any email outside of gmail. Once someone has your email password it is easy for them to go to sites like Amazon or eBay and simply hit the “I forgot my password” button and then intercept the email that comes to your email account.
      If you want to be really paranoid, also change your “secret questions” for accounts. For instance, if someone got access to account X and changed your “Street where I grew up on” or “Mother’s maiden name” to something, and then you change your password, they can still come back months from now and request a new password using that secret question answer as the basis for owning the account.

    7/24/10 @ 11:10 am

    Thanks again, Gary.

    I have already changed the passwords of the accounts that I logged into when I was on my friend’s unsecure network with my MacBook Pro.

    I have many gmail accounts that I use for different purposes. All of them have different passwords that are a series of random characters. I also only do online shopping by booting off a Linux Live-CD.

    Almost forgot about that “secret” question thing.. Thanks for reminding me.

    Also, do I have to make any changes to my Mac? Since I only used the Camino webbrowser to log into my gmail account, twitter and facebook account. Or should I remove the Keychain Certificate the CaminoWebbrowser created (Camino asks whether or not I would like it to remember my passwords).

    One last thing (to make sure I completely understand).
    So if I’m on an open network, and I enter in a password I should always have SSL enabled. But it’s best to avoid entering valuable information such as credit card number etc.
    And when I have logged into an account on an open network, I have to change the password as soon as possible for security reasons.


    Again, thanks.

      7/24/10 @ 11:16 am

      I don’t think you need to remove the Keychain certificate — that shouldn’t be affected by an open wifi network. As long as you are on a Web site connected with SSL, then your data transferred is encrypted. So you should be able to do anything. But a secure wifi connection will prevent you from accidentally sending data when not on a secure site.
      I would saw it is far better to always use a secure network than to simply change passwords immediately after accessing an open one. I never use open networks unless it is an emergency or something.

    7/24/10 @ 11:41 am

    Ok. Thank you very much! I understand all of this so much better now.

Comments Closed.