Quote:In you're scenario, they've cracked the password, so they have the actuall password to your network.  I've never in any way said your data was safe under this scenario.  WIFI security has already failed at this point.  If they had the encryption key they wouldn't even need to connect to your network.  We're just talking about two ways to do the same thing.  If they have the password, of course it's not secure.  

<div> 
 
 

That's what I've been saying.  WIFI encryption is only about safely transmitting data between the router to the device.  That is the only possible vulnerability that makes it different from a wired connection.  And WIFI encryption is not just designed to prevent network access, it HAS to encrypt the actual signal.  If it didn't do this, it wouldn't matter if they had access to your hotspot.  

 

 

 

I personally worry about privacy way more than security, and companies like Acxiom who try to secretly keep track of everything you do "for marketing purposes".

 

</div>

 

Regarding your first point, that's what I have been trying to say.  It's not about "intercepting" or "gathering" anything over the air (Wifi) it's about the network.  Once you get inside an "internal network" the possibilities are pretty much unlimited.

 

I have both seen and experienced this myself (disclaimer, I have only done this with permission from the owners of breached systems).

 

Bottom line though, the average person needs to worry more about people taking control of their machines to do other things.  A hacker isn't going to go after someone to do identity theft or something like that.  They only want to take control of the machine.

 

What aids in preventing something like this?  My first suggestion is to not use Windows or Internet Explorer.  It's not because I personally loath both, but the fact that both are primary attack vectors.  If a person does use these products, I recommend updating them as often as possible.

 

Next I would advise people to be very careful about what you click on and where you go on the web.  You get so many warnings regarding not clicking on links that you get in email (good advice) but people don't realize that simply going to a website can infect their computer (mainly Windows users).

 

The next best thing to do is use your computer with non-administrative privileges (this is something that I would guess 98% of Windows users don't do).  Most Windows users use their computer with administrative privileges, and if somebody does in fact hack you, they have the same rights on your machine.  That means that they pretty much have control of the machine.  Linux users and MAC users are somewhat protected from this, though the trend is to give a "default" user "sudo" privileges that makes them just as vulnerable.

 

Once again, I've seen attacks on all operating systems, but the Windows systems are the easiest.  It doesn't really matter if they are connected via Wifi or if the have a "hard wire" connection.  It's all about getting on the network.

---