How do you keep your stuff private on WiFi networks?

Can anyone recommend an easy-to-use SSH setup for Linux? I’ve got a Mandriva Linux running on a secondary box (I do very little or nothing with it most of the time) and wouldn’t mind at all setting it up to run SSH. I did set my main windows box up to run SSH and I set up a tunnel that way, but I never got it working on Linux. I think one of my problems was figuring out how to configure users for Linux SSH, but a full-on, easy-to-use SSH server setup guide for Linux would be super-helpful (and one for Mandriva extra-helpful). So far I haven’t been able to find one.

Yeah, it’s called Open SSH (sshd).

do any of you run a browser appliance in vmwareplayer ?

http://www.vmware.com/vmtn/appliances/directory/browserapp.html

“I was talking with a geek who’ll remain unnamed and he was telling me how easy it is for someone to sit at a Starbucks, slurp off the local WiFi, and recreate almost everything you do”

You mean, like Wireshark, tcpdump/tcpreplay, dsniff, ettercap, Cain and Abel, kismet, and ngrep? What about vulnerability scanners, like Nessus, Retina, and Sara? What about netcat, Hping2, nmap, and Metasploit?

I really love how Scoble thinks he knows something we don’t. Really, Scoble? You can be attacked at a PUBLIC WIFI spot? You don’t say!

Seriously, you’re a joke, Scoble. Go back to your Web 2.0.

I took a brief look at Browzar, and it is incomplete in it’s promises.

Rousingly good stuff here. I’m think that I’m beginning to get the post-MS blog strategy…blog about whatever is at the top of TechMeme in order to boost pagerank.

Seems like it anyway

Booger

Scott Hanselman posted an article on Browzar. Looks like it didn’t work quite as intended.

http://www.hanselman.com/blog/ANewPrivateBrowserIMeanBrowzarDoesNotWorkAsAdvertised.aspx

And if you read the comments there, you’ll find some caveats to Browzar and a few alternatives.

Thanks Scoble,

Having someone with a lot of blog traffic post a how-do-we-do-this type question is helpful. There’s lots of HOWTOs out there on securing wifi, and most of the good ones have steps like “setup an SSH sever” with the assumption that you’ll already know how to do that. This kind of post tends to attract more user-level advice.

Oh, and all you haters? L33t dudes, if you think only the ubergeeks read scoble, you are wrong. Does everybody know that wifi isn’t that secure? Yeah, but we don’t all fully understand by how much.

Remember this: a good part of his reading audience is what used to be called “power users” back in the day. You know, people who figured out how do do stuff with command line DOS when their bosses were terrified of computers. People who hacked wacky excel macros to manipulate data because there were NO free-as-in-beer software environments with pretty highlighting.

Power users aren’t dumb, they are just _not experts_. Why the *&%# should they be?

Reality check here:
Most users, even most power users don’t have a good mental model of how security across a network works. Why?

1. Because of the craptastic OS that most of us use hides what really goes on.
2. Because the explanations commonly used are oversimplified and inaccurate.
3. Because the people who do know usually can’t be bothered to explain in a human-readable way.
4. Because 60% of what we learn is secure this year is cracked the next.
5. Vendors.

Oh, you want me to talk about vendors? Heh. I mean, we’ve been sending plaintext email for 30 years, and when have you seen a webmail provider or a mail client that had pgp enabled by default? I’m not talking about hushmail, I’m asking what about _Yahoo_? What about Outlook Express? Vendors suck at this stuff. Not because they don’t have the engineering chops, but because they are…

…er… I don’t know why, actually. Ethically challenged?
Okay, here’s a moral challenge, all you Web 2.0 ers – what have you done today to give your _customers_ more security?

-r.

LayZ:

“You seem flip flop between condescending and clueless.”

As opposed to LayZ, who seems consistent at both!!

Might want to check out Hamachi. It’s a program that allows you to arrange multiple computers into their own secure network just as if they were connected by a physical network cable.
http://www.hamachi.cc/
Versions for Windows, Mac and Linux.

People interested in security may want to listen to Security Now! podcast
http://www.grc.com/securitynow.htm

Hamachi is great for gamers and for connecting multiple computers in a WAN as if they were on the same LAN. Very neat stuff but it’s not a good choice for wifi security. The two companies mentioned previously, http://www.witopia.net and http://www.hotspotvpn.com, specialize in this and are both good choices. witopia is a lot cheaper for their open vpn-based SSL vpn, which is the same technology hotspotvpn uses for their hsvpn 2, but hotspotvpn offers monthly plans while you have to pay for a year of service with witopia. hsvpn offers a PPTP solution too (which I personally wouldn’t recommend as it’s much weaker security)for a lower price though. witopia also offers a hosted radius solution for protecting your wlan with 802.1x/wpa-enterprise as does boxedwireless.com. wpa-enterprise is much stronger than other means of wifi security but mostly used by businesses. might be overkill for a home user unless you’re quite serious(paranoid?) about security.

IM is, by nature, open. Basically, there are no foolproof tricks to make IM private, unless the product is designed for that from the ground up. But then it’s not open to all, only authenticated users. IBM makes a product called sametime that does IM and more, securely – It’s used by several branches of the military. We use that in house at IBM.

I can secure IM with 256-bit AES encryption…using SSH Dynamic Port Fowarding. It’s not that difficult. Plus, you can still use your favorite client, like Gaim.

Cody..you have skills and what you’re saying is correct, but many people don’t have your technical prowess or desire/time to set that up. Or, if you were jsut responding to Brian from IBM..I agree. Brian, if you have the miltary believing that, I need to buy some IBM stock.

With a “VPN service” (where they’ve already setup the servers, bandwidth, ordering method, and support) anyone can protect their data and identity over any network (hotspot, office, hotel) as well as have secure IM and secure file-sharing. If you want it secured end to end, you just need to both be using the same VPN service and initiate a direct connection if your IM provider isn’t peer to peer. On AIM, it’s an option called direct connect.

The other advantage with hotspotvpn is that it can be used with a pda e.g. my Axim x51v

I would also recommend the security podcasts at http://www.grc.com/securitynow.htm.

Regards from Cornwall

Phil

This free VPN client looks really compelling. Its based on OpenVPN and the server seems to have reasonable bandwidth. It would be helpful if someone more technical could review it.

http://www.anchorfree.com/hotspot-shield/

Jay

Yah, the folks commenting about VPN being a secure way to safeguard your wifi connection are right. Site’s like http://nationwidevpn.com might be helpful when you want to secure your own network.

T1 Buyer’s Guide

I’am using vpn account from another personal vpn service called VPN Privacy (http://vpnprivacy.com) to protect myself when work at public wi-fi zones. It’s more fast reliable then hotspotvpn for me.