Traps from wireless internet access points

You go to a shop - a wireless internet access point to enjoy coffee and online with your laptop. You connect to the wireless network and start making transactions through the bank or buying something online .

As an end user, you feel safe when you see the lock icon below Internet Explorer web browser. Your information, including username, password, account information, credit card . is encoded in 128 bit mode.

In fact, is this transaction really safe?

For banking transactions or online purchases it is generally quite safe, especially when it is done through SSL (Secure Sockets Layer). Secure Sockets Layer is a protocol developed by Netscape to help transmit private documents through the internet. SSL uses an encryption system with two keys to encrypt data: a public key for everyone to know and a private key - also known as a secret key - that only the recipient of the information knows about. . Both Netscape Navigator and Internet Explorer support SSL, many websites use this protocol to receive confidential information from users such as account numbers and credit cards . By convention, URLs need a delivery Safe translation will start with https: to replace http:.

However, you may not realize that a hacker can steal information when you make bank transactions or information on your credit card. This happens when you do not deal directly with the necessary object (like a bank) but deal with another intermediary (hacker), also known as Man-in-the-middle .

How does stealing work?

The thief will go to the same cafe and connect to the Wi-Fi network with you. He will run a series of programs to connect data from the victim's computer to his computer. He continues to run a series of other programs to sniff the data, it acts as an SSL Certificate Server and becomes a Man-in-the-middle transaction between the victim and the assignee. translation they need. Figure 1 can help you better understand.

An important concept that traders should know is that certificates (certificates) are used to establish a secure transaction. A good authentication means connecting directly to the place where you need to trade safely. Then all the data you need to trade will be encrypted using the web browser you are using, then it will be sent directly to the place where the transaction is needed, then it will be decrypted for use. When done this way, even if the hacker has information about your data, he can hardly decipher it.

However, it would be bad if the victim received a fake certificate sent from the hacker, when the victim did not connect to the bank that needed the transaction and connected to the hacker computer. In this case the information will be transmitted from the victim's web browser to the hacker computer and he will grab that information. Because the fake certificate is created by a hacker, he will easily encrypt it to retrieve the information that the victim sent.

Prevent

When hackers give fake testimonials to replace the correct credentials, most users "nod". The following are examples given by the Security Alert center that the user can receive. Most non-knowledgeable people will choose "Yes" . when the window appears as shown in Figure 2 and then they make themselves difficult:

By clicking "Yes", you put yourself in the hacker trap. However, if you click on the "View Certificate" button then you can see the problem. The following is an example of fake testimonials and true testimonials for you to compare:

Therefore, in order to avoid theft of credit card account information, you should note some of the following:

* Please visit the Security Alert website to read the necessary instructions on how to prevent theft of information on credit cards.

* It is recommended to use passwords only once, then change them to avoid password theft.

* When using SSL VNP, it is recommended to use advanced functions.

* Firewall should be used when using wireless internet in public places.