My computer occasionally tells me that you are about to leave a secure
internet connection. It would be possible for others to view information you
send. What does this mean.
Most of the time it’s an informational message that you can safely ignore.
However there are times that it’s critically important to know what it means,
and whether or not you should be doing something differently.
The issue?
Someone could be eavesdropping.
Become a Patron of Ask Leo! and go ad-free!
Depending on your network and how you’re connected to the internet, all
computers “close to” each other can actually “see” the network traffic of all
the others. For example you could be doing some on-line banking using one
computer in your home, but all the data traveling between your computer and
your bank could be viewed by another computer in your home. Other
computers typically don’t listen in, because it’s clear that the data
is destined for your computer and not another, but software exists that can
ignore that.
“Sniffing” software can monitor the data going to and from other computers
on the network. This kind of sniffing is particularly easy in WiFi hotspots.
When network traffic is wireless, any computer within range of the signal can
listen in.
It’s kind of like being in a restaurant and listening to the conversation at
the table next to you. It’s not meant for you, but it’s very easy to eavesdrop
and listen in.
to the conversation at the table next to you.”
A “secure” internet connection is one where the data being sent back and
forth is encrypted. Only the machine it’s destined for knows how to decrypt and
read the information.
This is kind of like being back in that same restaurant and listening in,
only this time you can’t understand a word of what’s being said because they’re
speaking a completely different language. You can listen all you want, it just
won’t do you any good. Only the two people speaking to each other understand
their own language.
“https” connections are encrypted, secure internet connections. “http”
connections are not. “http” connections can be sniffed and understood; “https”
connections can also be sniffed but the data visible is unintelligible.
In some cases when you’re on a page that you visited using an “https”
connection, and you click a link that is going to go to a “http” connection,
your browser will warn you, and that’s the message you’re seeing. The issue is
that you’re leaving a secure connection (https) for an insecure one (http). If
the browser didn’t warn you it might be easy to miss the fact that this had
happened and think that you were browsing securely when you weren’t.
It’s not at all uncommon to transition from websites accessed by “https” to
those accessed with plain “http”. “https” is actually a tad slower, and not all
information needs to be transmitted securely. There’s no reason, for example,
to encrypt the contents of this page, and so there’s no
“https://ask-leo.com”. However sites that require security,
such as banking or other sensitive services, may be available only via
“https”.
Linking from one to another is common. The warning is simply that, a
warning, so that you know just how secure you are.
Okay, so I understand that networked traffic can be listened to by others on the network if it isn’t encrypted. I presume you’re talking about a LAN. But what about the WAN (if I understand the term correctly). I have just subscribed to a wireless ISP – not a WiFi – but the kind where the ISP gave me a wireless modem that connects to the nearby cell tower. Is this kind of connection safe? The person in the next office uses a ISP/wireless modem with an internet phone. Are his conversations secure? When we talk about “out there” (on the internet) versus “in here” (on the LAN), is the trsnsition at my modem or at the cell tower? Or where?
The question of using an internet phone with a wireless modem is a big deal, because it is the means that some phone companies are using to provide local phone service which bypasses the land lines yet acts like a landline service. So if there are any doubts about its security this will be a major concern.
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
GREAT question.
The short answer is that for now I believe you’re safe on cellular and WiMax
type of networks. I *believe* that the data is encrypted, but even if not
sniffing equipment is not nearly as prevelant as it is with WiFi. Any laptop
can sniff Wifi. I know I happily use my cellular connection without the same
encrypting safeguards that I do when I use WiFi. (Though I keep my firewall up,
since it is a direct internet connection.)
I honestly don’t know about internet phones. I know that *some* are encrypted,
but which I do not know. I’d check with the providers.
Leo
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.7 (MingW32)
iD8DBQFHAYbuCMEe9B/8oqERAioRAJ4/3YRgMYeYaMEbScZSFRGlQvcHOwCfQa01
E94/P/uKryVhZZptHTnnIvc=
=etkk
—–END PGP SIGNATURE—–
I had an interesting, suspicious incident I’d like to ask your Comment on: I found a Free Sportsbook, advertised out of Cyprus. Signing up, without divulging personal info, I was assigned a personal Username and Password, via e-mail. However, when I proceeded to Login, a Popup informed me that Login is only possible through a “Nonsecure connection”. Am I correct to be suspicious? Thank you.
24-Oct-2010
Hi Leo,
I have a question that might be silly but say I use my cellphone as a hotspot for my PC and access my email or bank account. Can the sniffers/hackers get direct access to the page I’m viewing or my account or is it like they’re just watching me navigate??
Thank you in advance,
Kev