|
Aurigus, I agree with you on security.
"Best practices" state that you shouldn't use WiFi for sending unencrypted information. But we must put things into perspective here.
Using a WiFi network for logging into your bank account, internet banking, Paypal, etc etc IS NO DIFFERENT from doing so at home (from a session encryption point of view).
Sure, someone could conceivably see you head to a particular web-site (just like they could if they sniffed your home network, or monitored your home cable internet access), but once you create an SSL session, with a reputable site that has a server-side certificate with a recognized CA, then *boom*, they can't see diddly shit.
WiFi can be very secure. WPA (with a long enough key-phrase) is currently unbroken. 802.11i (which uses AES as a replacement for the fundamentally flawed WEP) has been ratified and you will begine to see compliant devices very soon. Of course, AES/802.11i/WPA2 (all the same thing) is rather CPU intensive, so you'll see Access Points first, followed by newer and more powerful cards later. Some vendors will likely support AES in software, but that will have a 30% to 40% performance hit on the card.
Anyway, WiFi security is not the issue here. Higher-level, session specific security is. SSL (and especially SSLv3, which most browsers and servers now use) is ENTIRELY SAFE. As long as your browser has an encrypted session, then your data is secure.
Just don't go around sending sensitive information via AIM or Yahoo Chat, or enter details into an unencrypted form on a web-page. :-)
Oh, and remember, internet email is ENTIRELY UNENCRYPTED. It's based upon SMTP and uses clear text. Anyone who sends confidential information via email is not securing their data. You can encrypt via PGP etc, but just be aware.
If anyone wants more info, just ping me or post a question.
Mr Mephisto
|