WiFi is widespread today and makes the life of the modern web worker much easier. Conferences are a typical place where nearly everyone is connected to the internet using the same wireless network. But very few people realize how vulnerable they are while using the shared network.

Tools like dsniff make it dead simple to passively sniff passwords from any unencrypted connection.

Example? Despite previous warnings the organizers of re:publica saw up to 5 passwords per minute going in clear text over their network!

So when using the internet over an insecure network, you should always use the following precautions:

1. Don't run any unnecessary services on your machine (apache, mysql, …) or secure them by a firewall
2. Use SSL whenever possible
3. Tunnel unsecured connections through a VPN or SSH

I wrote about securing your mail services by SSL before. Unfortunately SSL is not always available when using third party websites.

The easiest way to secure all your web connections is using SSH as SOCKS proxy. All you need is SSH access to a trusted machine. This could be your root server or a machine at your company.

To open the proxy just use the following line:

$> ssh -D 8000 -N you@your.server.net

Where you is your username and your.server.net is the trusted machine of course.

All you need now is to make Firefox using the proxy, by adding it as SOCKS proxy under Edit → Preferences → Advanced → Network → Settings… (see screenshot).

Now all your Firefox web traffic will be tunneled through SSH and your passwords are safe from the sniffer in the chair next to you.

Similar posts:

• DNS Tunneling made easy
• Connecting a Split AC to WiFi/Tuya
• Network Trouble