Remember the KRACK attack?
It was bug-of-the-week about a month ago.
KRACK documented a way that you could, in theory, snoop on wireless data – albeit typically only tiny amounts, and with quite a lot of difficulty – even on encrypted wireless connections.
The silver lining in the KRACK story was that it got people asking, “Just how safe is Wi-Fi in general, and what can I do to reduce my risk when I’m online?”
So, we asked Sophos security expert Luke Groves to talk us through the question, “Is Wi-Fi still safe to use?”
(Can’t see the video directly above this line? Watch on Facebook instead.)
(You don’t need a Facebook account to watch the video, and if you do have an account you don’t need to be logged in. If you can’t hear the sound, try clicking on the speaker icon in the bottom right corner of the video player to unmute.)
JK
It is true that the WiFi traffic may be unencrypted — but if you are browsing over https or using a vpn then it won’t matter because the traffic is encrypted anyway. And how much traffic that you care about is not being sent over https or a vpn?
Paul Ducklin
The answer is (as I hope we touched on obviously enough in the video) it depends.
With HTTPS, only browser traffic gets encrypted. With a VPN, you have to have complete faith in the VPN provider…
shane
Unavailable
This video can’t be embedded.
Click link… You must log in to continue.
Paul Ducklin
Could that be an artifact of some sort of security-based browser plugin you are using? Something to do with where you live?
I’ve never even seen the message “you must login” when using Facebook – neither via the app on my iPhone nor via the browser on my laptop. (I stay logged out of Facebook most of the time. It often tries to urge me to login but never insists upon it.)
Shane
Works with chrome browser.
Doesn’t like Internet Explorer.
Thanks
Paul Ducklin
Wow. Internet Explorer. I remember that. It used to be a browser, didn’t it?
Robert
Works in Chrome but not IE on the same PC.
Facebook message “You must log in to continue.” in IE.
Me
TL:DW could someone summarize for me? yay or nay? (I bet ‘it’s complicated’ is actually the answer)
Paul Ducklin
Yes. (But we’d love to you watch anyway :-)
The deal is that all network access adds some risk – it’s how you manage the risk that matters.
Mark Stockley
Correct, it’s complicated.
Apolonio Garcia
Great video Paul. Very valuable content. …and love Sophos’ approach with employees: “welcome to the security team”
Paul Ducklin
Thanks for your kind words. Your feedback is greatly appreciated.
Steve
It would be greatly appreciated if you folks would indicate the run time of these videos so that we don’t waste bandwidth finding out that we don’t have time to watch it at that time, or decide to skip it only to find out later that we could watched it earlier. It would be REALLY nice if you included the run time in bold text just below the video. Thanks for your consideration.
Paul Ducklin
Good suggestion – for the record, though, if you click to watch then the length appears *immediately* in the video window (actually, it’s a countdown of how long is left, which is equivalent to the length when the video starts).
The video is streamed, not downloaded in full, so the bandwidth you’ll consume to find out the length is probably no more than 200KBytes. (IIRC our Live videos take about 3MBytes a minute to watch. They’re typically 10’ to 30’ long.)
Steve
Thank you for considering this, and thanks for the info as well… good to know!