Smashing Security podcast: Using public Wi-Fi

Three security industry veterans, chatting about computer security and online privacy.

Graham Cluley
Graham Cluley
@

 @grahamcluley.com
 @[email protected]

Smashing Security podcast: Using public Wi-Fi

Vanja Svajcer, Carole Theriault and I have made another special “splinter” episode of the “Smashing Security” podcast – tackling the tricky problem of public Wi-Fi hotspots.

Oh, and this episode is a tiny bit rude. So maybe young ears shouldn’t listen.

Smashing Security: 'Using public Wi-Fi'

Listen on Apple Podcasts | Spotify | Pocket Casts | Other... | RSS
More episodes...

Show notes:

Hope you enjoy the show, and tell us what you think! You can follow the Smashing Security team on Bluesky.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky, Mastodon, and Threads, or drop him an email.

One comment on “Smashing Security podcast: Using public Wi-Fi”

  1. Bob

    The absence of HSTS, HPKP and DNSSEC means that on public WiFi you can't be certain that the site is delivering you genuine or secure content… SSL/TLS does not guarantee security where the site is operated by a rogue actor. Similarly connecting over WPA(2) doesn't guarantee authenticity of a site nor does it mean that other people on the open network (i.e. password freely available) cannot intercept your traffic.

    Even a normal VPN can be compromised by early interception of the traffic. There are technical ways using PKI to ensure integrity of the connection but most VPNs do not implement this.

    Obviously non of what I've said should detract people from seeking WPA(2) protected networks and only transmitting data to sites over SSL but I'd strongly recommend that NOBODY use public WiFi for the reasons I've already given. So:

    * Use 4G (or 3G) in preference to public WiFi
    * Use your VPN over 4G/3G for optimal security
    * Don't connect to public WiFi – it's insecure, potentially dangerous, slow and intrusive

    @Graham, you talked about mobile app insecurity but you didn't touch upon a very positive development by Apple – TL;DR: it was due to become a requirement for all iOS and OS X apps in its store to use App Transport Security by December 31st 2016

    They've now extended the deadline past 31/12/16 but this is the way things are going:

    https://developer.apple.com/news/?id=12212016b

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.