Sorry about the apocalyptic headline but I think this one is important for us Motorhomers more than anyone else.
(simplified so not technically complete)
SSL is the secure bit of the HTTP protocol, its the bit that encrypts your connection between your browser and the website you are visiting such as your bank.
There is currently a flaw in both the client side and the server side but this flaw requires a man in the middle attack which is normally very hard to do.
However us motorhomers would be more likely to come across this situation than most.
Open Wifi Points which are normally safe when using SSL are no longer so.
A hacker can set up a fake WiFi point at say McDonalds. When you connect to the wifi point he will redirect your traffic to the authentic wifi point and you won't know he is sitting in the middle of your traffic. This is trivial to do and anyone with a modicum of tech knowledge can do it.
Prior to this SSL bug that man in the middle could not view your data as it was encrypted. However this bug means that it is now possible for them to decrypt your traffic.
Here is the technical details.
https://www.openssl.org/news/secadv_20140605.txt
My recommendation.. Don't use open wifi points for any sensitive communications until this has been patched. Stick to 3G service for those things that need security. The Open SSL creators have released a patch and it is just waiting for downstream providers to patch their version and release. You then need to wait for the server owners to patch their installation. Banks should be pretty fast on this so I don't expect them to be vulnerable for long. However other sites may not be as fast to upgrade so be aware.
PLEASE NOTE. This only applies to open access points. Your home access point should be fine as you have control over that and it is unlikely that a hacker would attempt to trick you into connecting to a fake one. However in high traffic areas such as restaurants, coffee shops and airports etc it is a target rich environment for them.
If you are not sure if you can trust an access point for the moment don't.
If you have any questions fire away.
(simplified so not technically complete)
SSL is the secure bit of the HTTP protocol, its the bit that encrypts your connection between your browser and the website you are visiting such as your bank.
There is currently a flaw in both the client side and the server side but this flaw requires a man in the middle attack which is normally very hard to do.
However us motorhomers would be more likely to come across this situation than most.
Open Wifi Points which are normally safe when using SSL are no longer so.
A hacker can set up a fake WiFi point at say McDonalds. When you connect to the wifi point he will redirect your traffic to the authentic wifi point and you won't know he is sitting in the middle of your traffic. This is trivial to do and anyone with a modicum of tech knowledge can do it.
Prior to this SSL bug that man in the middle could not view your data as it was encrypted. However this bug means that it is now possible for them to decrypt your traffic.
Here is the technical details.
https://www.openssl.org/news/secadv_20140605.txt
My recommendation.. Don't use open wifi points for any sensitive communications until this has been patched. Stick to 3G service for those things that need security. The Open SSL creators have released a patch and it is just waiting for downstream providers to patch their version and release. You then need to wait for the server owners to patch their installation. Banks should be pretty fast on this so I don't expect them to be vulnerable for long. However other sites may not be as fast to upgrade so be aware.
PLEASE NOTE. This only applies to open access points. Your home access point should be fine as you have control over that and it is unlikely that a hacker would attempt to trick you into connecting to a fake one. However in high traffic areas such as restaurants, coffee shops and airports etc it is a target rich environment for them.
If you are not sure if you can trust an access point for the moment don't.
If you have any questions fire away.
Last edited: