Mobile menu

Pages in topic:   [1 2] >
Internet Café Security (WARNING)
Thread poster: tectranslate ITS GmbH

tectranslate ITS GmbH
Local time: 11:08
German
+ ...
Jul 18, 2007

I just read in another topic here at ProZ that obviously, some translators like to use Internet cafés as a workplace because they provide an (often free) WLAN connection to the Internet.

Be advised that you might as well post your client documents, e-mail account passwords etc. on the walls of the café.

There's no authoritative info to be found anywhere whether Starbucks uses encryption, and if so, which type (WEP is obsolete and can be cracked in less than a minute). They did have a WLAN Security Statement on their web site at some point in time, frankly admitting that their WLANs are not safe, but this statement is gone from their site now...

The other day there was a feature on TV where they showed just how easy it is to get other users' account names and passwords in an Internet café. Just download a free program from the Internet, run it and voila - all and any data transferred by the others is flickering across the screen - including some extremely sensitive data. The people they talked to, telling them their account names and passwords to their face were somewhat astonished.

The guy who did the demonstration had an extra antenna for a few bucks, to improve reception. With this, he would have even had access from outside the café, e.g. from a parked car. The demonstration would have worked with a regular integrated antenna as well, though.

Conclusion: If you work with confidential data in an open WLAN, e.g. as a translator, you should acquaint yourself (urgently) with appropriate security measures such as encryption of e-mail logins and transfers, VPN and PGP. Otherwise you might get into big trouble if, for instance, somebody uses your account for fraudulous purposes or steals confidential client documents.

Best regards,
Benjamin

P.S.: A firewall does NOT constitute an effective countermeasure against this sort of attack in a WLAN!

P.P.S.: I am cross-posting this in the German and English forum sections to reach a larger audience. As an agency owner, this topic is very important to me because I have confidentiality agreements with many clients and all of my translators. The naive use of technology described above means that these agreements become factually useless.


Direct link Reply with quote
 

Yolanda Bello  Identity Verified
Mexico
Member (2006)
English to Spanish
+ ...
Thanks Jul 18, 2007

Thanks for posting this info. It is truly enlightening and horribly true.

Regards,

Y


Direct link Reply with quote
 
Renate Reinartz  Identity Verified
Germany
Local time: 11:08
English to German
https in web mail, and mail account passwords Jul 18, 2007

A good start is to ensure while using web mail that the url in the browser starts with https://, instead of http://. Check also your bookmark.

Another important point is:

Do not use your mail account password somewhere else.

Especially not in special interest forums. A lot of forums get hacked, and the passwords may be read from unauthorized persons which may come to the idea to use the password with your mail account.

Hope this helps
Renate


Direct link Reply with quote
 

Tracey Denby  Identity Verified
Local time: 10:08
French to English
+ ...
Internet security full stop Jul 18, 2007

Firstly I would like to say I am not a tech-savy translator and have some reservations that translators "work" at internet cafés.

The provider though whom I access the internet via hotspots/airports/Wi fi etc states: "Security is taken seriously by XX and protective measures are in place to make sure you receive a safe, reliable and robust service.
XX uses sophisticated 128-bit public key encryption during log-in to protect transfer of your data. Account traffic is encrypted and your account is password protected."

Does this means they are making a false statement and our data is not secure and that if, heaven forbid, any confidential documents were to get into the wrong hands then the provider could be held liable for making a false statement? Secondly, with WiFi being so "open" then any translators working from home through WiFi (Belkin etc.) and anyone using PDAs and smartphones are open to the same dangers. Pass the valium please!


Direct link Reply with quote
 

tectranslate ITS GmbH
Local time: 11:08
German
+ ...
TOPIC STARTER
Depends on the encryption method Jul 18, 2007

Tracey Denby wrote:

The provider though whom I access the internet via hotspots/airports/Wi fi etc states: "Security is taken seriously by XX and protective measures are in place to make sure you receive a safe, reliable and robust service.
XX uses sophisticated 128-bit public key encryption during log-in to protect transfer of your data. Account traffic is encrypted and your account is password protected."

The number of bits does not necessarily say anything about the quality of the encryption.
Generally speaking, the old (and widespread) WEP algorithm is not safe, no matter how many bits.
WPA (Wi-Fi Protected Access) and WPA2, on the other hand, seem to be pretty safe, as long as you use a PSK/passphrase that is hard to guess (ideally, a combination of letters, numbers and other characters).

If you are unsure which of these encryption methods you provider uses, you may want to ask them.

Unfortunately, many older wireless routers only support WEP, as do a lot of the older (1st-generation) WLAN cards. And even those that support WPA are often preconfigured for WEP, so anyone using those at home or elsewhere might want to check their settings.

HTH,
Benjamin


Direct link Reply with quote
 

tectranslate ITS GmbH
Local time: 11:08
German
+ ...
TOPIC STARTER
BT Openzone Jul 18, 2007

If you are using BT Openzone, you're probably not using any encryption at all.

To me, it looks as though they are trying to shroud this in semi-technical mumbo-jumbo on their website and that basically what they're saying is that the only thing that's encrypted is your BT Openzone account name, password and voucher code or whatever authentication you use to get access to the hotspot's "zone". Once you're authenticated, all remaining data you transfer over their hotspot isn't even WEP encrypted (because it's so insecure - duh, and what about WPA?).

Again, that's how it looks to me and you'll have to ask them to get definite information. But they're even telling you to ignore the Windows message that clearly informs you that this network is not secure.

What people need to understand is that with wireless access, every station connected to the network shares the medium - normally a cable but in this case, the radio waves in the air - with all other stations.

This allows everyone to just capture (record) any raw data that is buzzing through the air, and with the common Internet protocols for Web surfing, e-mail etc., most protocol data is easy to understand even by a regular person without elaborate decoding software, for example:

USER translations2k
PASS secretpw


(Can you guess this person's user name and password?)

Encryption scrambles the data so that it doesn't make sense to any station but the one it is intended for, like:
ÇS9ež¿ŸHŸŽfŽVD<ŽˆÈÁ¿¸“
(How about guessing now? Not a chance without the proper encryption key and some software.)

Since capturing is a passive process - the capturing station doesn't have to send any data, it just "listens" and records - it is impossible to detect and impossible to prevent by any security means other than encryption, such as a firewall.

I hope this lengthier explanation is helpful.

To all tech buffs here: please excuse any slight simplifications I made to make the matter more understandable to non-geeks.

Best regards,
Benjamin


Direct link Reply with quote
 

Tracey Denby  Identity Verified
Local time: 10:08
French to English
+ ...
Non-Geek Jul 18, 2007

Thanks Benjamin. It would be interesting indeed if anyone took one of these service providers to court as you give the impression that most telecoms providers offer little/no security.

I have on several occasions received PDA/Blackberry messages from both fellow translators and a translation agency owner and assume therefore any professionals (bankers, lawyers e.g. your clients) that use these devices are also open to the same risk and confidentiality issues.

It's good to know though - I'll make sure I'm not available to agencies when not strapped to my desk....


Direct link Reply with quote
 

tectranslate ITS GmbH
Local time: 11:08
German
+ ...
TOPIC STARTER
Fine print Jul 18, 2007

Tracey Denby wrote:

Thanks Benjamin. It would be interesting indeed if anyone took one of these service providers to court as you give the impression that most telecoms providers offer little/no security.
Ah, but you see, that is what fine print is for. I'm pretty sure if you took them to court, you'd find out "it said so in the contract" somewhere.

There are steps that users can take to ensure their traffic is encrypted even if the hotspot doesn't provide this function by and of itself. These include setting up VPNs (encrypted "tunnels" through the Internet, which require a lot of expertise to configure, but are very safe) and/or using PGP (an encryption tool for e-mail and files). Turning on SSL for e-mail transmission is also a good idea and easy to set up if the server supports it.

B


Direct link Reply with quote
 

Tracey Denby  Identity Verified
Local time: 10:08
French to English
+ ...
Fine Print Jul 18, 2007

I'll check the fine print and if in doubt become "unavailable". Interestingly I found the following:

BT Openzone, which operates a vast proportion of public hotspots in the UK, told the BBC News website that it made every effort to make its wi-fi secure.

"Naturally, people may have security concerns," said Chris Clark, chief executive for BT's wireless broadband.

"But wi-fi networks are no more or less vulnerable than any other means of accessing the internet, like broadband or dial-up."

Sorry, if I seem naive; however, sometimes people seem to be either a) deliberately combative or b) want to rain on the party (and there's far too much of that in England anyway). I'd be interested in knowing the stats regarding how many instances have occurred regarding the loss of confidential files from translation agencies now and in 5 years time. The probability of one sitting in Starbucks and replying to an email (not downloading any files) taking 15 seconds, and this resulting in confidential information being stolen, must be ....

In short, a very interesting topic and in future I'll think twice about replying to agency emails when not at my desk.

Thanks again. Tracey.


Direct link Reply with quote
 

Hilde Granlund  Identity Verified
Norway
Local time: 11:08
English to Norwegian
+ ...
interesting topic Jul 19, 2007

- and for non-geeks a troublesome one. How do I know what level of security is "good enough"?
An obvious and easy measure to take is to turn off the wireless network card when working on board a plane, in a cafe or other public place, use encrypted emails and only turn the network on when necessary.
I agree with the poster who said that anything being stolen in the 15 seconds this takes is unlikely.

At home, I have only got as far as WEP. Up until recently, I did not even use that because I live in a rural area, and if I stray too far into the garden with the laptop on a nice summer day, I lose net access.
Neither do I think any of my neighbours are hackers...

[Edited at 2007-07-19 11:27]


Direct link Reply with quote
 

tectranslate ITS GmbH
Local time: 11:08
German
+ ...
TOPIC STARTER
Some replies to specific points Jul 19, 2007

Hilde Granlund wrote:

- and for non-geeks a troublesome one. How do I know what leve of security is "good enough"?
An obvious and easy measure to take is to turn off the wireless network card when working on board a plane, in a cafe or other public place, use encrypted emails and only turn the network on when necessary.

That sounds prudent.

I agree with the poster who said that anything being stolen in the 15 seconds this takes is unlikely.

Actually, how long it takes is irrelevant. If somebody has set up a "listening post" as described above, they have all the time in the world to sift through the data they've recorded. They don't have to frantically search the data in real time.

Neither do I think any of my neighbours are hackers...

Your neighbors may not be, but other people are.

Here's some more info addressing the security concerns connected with hotspots.


Direct link Reply with quote
 

Hilde Granlund  Identity Verified
Norway
Local time: 11:08
English to Norwegian
+ ...
It is feasible - but does it actually happen? Jul 19, 2007

tectranslate wrote:

Actually, how long it takes is irrelevant. If somebody has set up a "listening post" as described above, they have all the time in the world to sift through the data they've recorded. They don't have to frantically search the data in real time.

Neither do I think any of my neighbours are hackers...

Your neighbors may not be, but other people are.

Here's some more info addressing the security concerns connected with hotspots.


I still wonder how widespread this is.
Strange people sitting in a car with computers and listening devices would not pass unnoticed in my neighbourhood.
While I can understand hackers trying to get into government networks and such - but setting up a listening post outside a random internet cafe just in case someone interesting drops in and is careless with his/her interesting files seems like a total waste of time?
What is the likelihood of discovering anything interesting in such a place?
Is there any documentation that this is actually happening so often that it is worth worrying about?


Direct link Reply with quote
 

tectranslate ITS GmbH
Local time: 11:08
German
+ ...
TOPIC STARTER
Free Internet is always interesting Jul 19, 2007

I guess most wardrivers are doing it for fun. Some like the thought of getting free Internet access at an unsecured access point and some are just curious.

If people searching for open WLANs weren't a reality, I don't think the ELFA company would try to sell a device like this. Other manufacturers such as Kensington make similar devices. With this, you don't even have to lug a bulky laptop around to detect an insufficiently secured WLAN - how convenient.


Direct link Reply with quote
 

Tracey Denby  Identity Verified
Local time: 10:08
French to English
+ ...
From A Translator Agency Perspective Jul 19, 2007

I think to calm your fears perhaps you could introduce a clause in your confidentiality agreement, then freelancers would be free to take it or leave it. Similarly in the scenario that your confidential information was stolen and passed on to the wrong hands a) do you think the perpetrator would let their source be known and b) would your client be able to prove you were at fault?

You say you are a translator and have been told in a forum that translators go to internet cafés to work for free. Perhaps we should get some reliable data and do a poll and find out how many translators do actually "work" in internet cafes. Also can you verify whether data via blackberries/PDAs/smartphones and the like is safe, whether hotel wi-fi and dial-up is safe, whether working on planes will be safe, whether the sharp increase in the number of hotspots and the like will mean the dilutive effect will actually mean there is less chance these "hackers" are going to target our internet cafe (that is if translators go there to work).

As for people selling things we don't really need....well that's another topic.

On a lighter note, thank you for posting the information: I'll download it, copy it into a word document and read it next time I'm in Starbucks.


Direct link Reply with quote
 

Hilde Granlund  Identity Verified
Norway
Local time: 11:08
English to Norwegian
+ ...
paper is not safe either Jul 20, 2007

At least whenever there is a news story of information getting to the wrong hands in this country, it is usually about someone coming across medical files, legal files, accounts or whatever that was accidentally dumped in the thrash and not properly destroyed.
That someone is looking around for free internet access is fairly common - and does not necessarily mean that the same person is out to steal your files.


Direct link Reply with quote
 
Pages in topic:   [1 2] >


To report site rules violations or get help, contact a site moderator:


You can also contact site staff by submitting a support request »

Internet Café Security (WARNING)

Advanced search






Anycount & Translation Office 3000
Translation Office 3000

Translation Office 3000 is an advanced accounting tool for freelance translators and small agencies. TO3000 easily and seamlessly integrates with the business life of professional freelance translators.

More info »
TM-Town
Manage your TMs and Terms ... and boost your translation business

Are you ready for something fresh in the industry? TM-Town is a unique new site for you -- the freelance translator -- to store, manage and share translation memories (TMs) and glossaries...and potentially meet new clients on the basis of your prior work.

More info »



All of ProZ.com
  • All of ProZ.com
  • Term search
  • Jobs