Martell any ideas?

[Dustin DuBois]

It continually amazes me how many open wifi access points there are.....some people are just oblivious to the dangers.

It used to be a lot worse. A few short years ago, most wifi access points around me would be open with 2-3 in 10 being WEP/WPA secured. Now days, it's nigh impossible to find open residential wifi (Setup packages from ISPs make them set WPA2 keys by default in many cases now). I use open residential wifi when I'm out and about on foot (or hiking through in-town trails lol) and I think I've actually successfully connected to ONE residential access point in the last 3 years. Occasionally I still see insecured APs but they're "guest" connections which still have a password once you connect.

I actively track this sort of thing ;D.

[Koda]

I'm sure your bank uses SSL. Your email probably does, but might not. If your email is not over SSL (either webmail that uses https or a POP/IMAP account using SSL) then yes, someone could get your email password and/or read your email.

....As Martell said, if you are in a rural area, you are probably (probably that is) OK, but if you live in a more densely populated area, you really should get it changed to WPA2.

So while i'm off googleing how to change my wireless over to WPA2 .....

My bank, email, and all other personal log in sites use SSL (httpS), so what is the risk of staying with my WEP connection? If say my WEP password was hacked would the only risk be access to what is on my local drives?

[Dustin DuBois]

My bank, email, and all other personal log in sites use SSL (httpS), so what is the risk of staying with my WEP connection? If say my WEP password was hacked would the only risk be access to what is on my local drives?

Worst case scenario.. they get on your network, slip a key-logger onto your machine and/or collect all outgoing packet data - leaving you pretty much completely compromised. I really didn't think anybody still used WEP, it's probably worth it to upgrade. The average Joe won't be able to crack your WEP but it only takes one person and there are bound to be more than that in the Portland-Metro area.

I remember people used to drive around infiltrating networks for the hell of it, "wardriving". Er, so I've heard anyway.

--

If your router doesn't support it, here's a couple inexpensive routers that are decent.

http://amzn.to/MrOJ2R
http://amzn.to/LfHqcN
http://amzn.to/MfP8ZW

Any of them should have pretty easy set-up to make sure you are locked down and secure with WPA/WPA2.

These days it's pretty hard to find a router that doesn't almost force you to have security enabled. Which is definitely a good thing.

[retired jerry]

Can they get into my bank and transfer all my funds to themselves with no recourse for me to get it back?

[Koda]

Worst case scenario.. they get on your network, slip a key-logger onto your machine and/or collect all outgoing packet data - leaving you pretty much completely compromised.

so I gather its my local drive and operating system that's at risk.... is this possible without sudo privileges? all my home machines are Linux.

[Dustin DuBois]

Can they get into my bank and transfer all my funds to themselves with no recourse for me to get it back?

Not likely unless they can slip a keylogger onto your system without antivirus going off. Sniffing packet data of SSL transmissions would probably be pretty fruitless.

so I gather its my local drive and operating system that's at risk.... is this possible without sudo privileges? all my home machines are Linux.

Well, you're probably okay =D. If that's not a barrier to them then you probably couldn't do much anyway. Though I say that from only-limited Linux experience. --edit--- As long as you're banking/emailing/shopping over https connections, then yes it's just your OS and physical data that's at risk, not the network packets.

--

If you have good antivirus, running a pretty secure OS (ie: not Windows XP with no passwords, etc) and transmitting data over SSL (https) then you're -probably- okay. That's my assumption though, I could probably ask a couple of my friends and be proved wrong. It's still worth it to upgrade to WPA/WPA2 just to minimize that risk. If you make it too easy for them then you invite the trouble really. If you have the same higher security that most other WiFi connections have, then it's really highly unlikely that you would ever have any issue.

Not to mention, it's just better to keep other people off your WiFi so they don't hog your bandwidth! Especially if you have Comcast and are into HD streaming on Netflix and a big gamer, you can't spare much of that 250gb/month cap for strangers.

[Koda]

Can they get into my bank and transfer all my funds to themselves with no recourse for me to get it back?

Jerry if you can log onto your bank acct and transfer funds then they can too with your password stolen.

I don't know what recourse's you would have but I'd guess that is limited to the intelligence level of the hacker.... I don't think its something you'd want to go thru even with the dumbest of crooks.

[Dustin DuBois]

Can they get into my bank and transfer all my funds to themselves with no recourse for me to get it back?

Jerry if you can log onto your bank acct and transfer funds then they can too with your password stolen.

I don't know what recourse's you would have but I'd guess that is limited to the intelligence level of the hacker.... I don't think its something you'd want to go thru even with the dumbest of crooks.

Yeah. The person who makes it that far probably isn't the same person that would transfer it to their personal bank account. They'd probably transfer it to something like BitCoins and disappear.

Your money is insured against loss due to bank negligence/etc but I dunno about a policy regarding getting your computer hacked. If they discern that necessary precautions weren't taken, there may be no recourse. I'd dig through bank policy though - or just bump up security a bit.

--

I don't worry much but I have very secure passwords, a secure network, transmit secure data over secure connections and run MS Security Essentials AV.

[retired jerry]

"Your money is insured against loss due to bank negligence/etc but I dunno about a policy regarding getting your computer hacked. If they discern that necessary precautions weren't taken, there may be no recourse. I'd dig through bank policy though - or just bump up security a bit."

Maybe I'm okay with a FDIC insured bank, but they don't have good interest rates.

Mutual funds are a different story.

One fund said something like "I've never heard of anyone losing their money, you don't have to worry about it" or "Usually it's a family member that steals your money" but they won't commit to giving me my money back if it happens, even if it's a mutual fund employee or a hacker even though I do good security.

Kim Komando said to have two computers if you're a business. The one that accesses your money shouldn't be used for anything else like Internet browsing or email. But then someone could break into your house/business and access that computer.

Hmmm...

[Martell]

Kim Komando said to have two computers if you're a business. The one that accesses your money shouldn't be used for anything else like Internet browsing or email. But then someone could break into your house/business and access that computer.

For the 2nd computer, wipe the drive and flash with a fresh OS install after every use. If you need any persistent data store it to an encrypted USB that you hide under your floor boards, preferably with some sort of crossbow trap rigged up. Work on setting up a second "honeypot" house which you use when you need to fill out your address on forms. Don't live with anyone else or allow any friends/acquaintances to visit your house, and never reveal its location. Enjoy the safety and freedom of true security when logging into your bank.