Accidently used credit card on hotel wifi - Worry?

Toggle sidebar Toggle sidebar
W

WhiteKnight

Platinum Member
May 21, 2001
2,952
0
0
So I'm currently on a business trip and I'm connected to the hotel wifi. I thought that I was running through hamachi to my home VPN and thus my connection was secure. However, I just realized that I forgot to change my proxy settings over and thus I was connected directly through the hotel's unsecured wifi.

The problem is that I just made two online purchases and used my credit card as well as my home address. Should I be worried?
 
T

tasmanian

Diamond Member
Dec 22, 2006
3,811
1
0
YES! Quick call all of your credit card companies and cancel them.




Seriously though, call up the credit card company and be like if there are any large purchases dont allow it untill x day. If your worried, personaly i wouldnt be.
 
theeedude

theeedude

Lifer
Feb 5, 2006
35,787
6,197
126
If it was on an https://* site, it was encrypted anyways. Being on VPN would only protect your data till it got to the vpn gateway anyways.
You would still need a https connection to the website.
 
Deeko

Deeko

Lifer
Jun 16, 2000
30,213
12
81
Have you heard of "SSL"?

Is it theoretically possible you're in trouble? Sure....but extremely unlikely. Don't worry about it.
 
Z

zoiks

Lifer
Jan 13, 2000
11,787
3
81
My yahoo account was stolen when I used a hotel's computer. The guy who stole the account took over my ebay account, changed passwords at all my credit card sites etc. I could see him reading my mail when viewing my.yahoo.com. It was a nightmare having yahoo reset my password. I hope I never relive that again. I cancelled all my cards, called ebay and had them reset the password and changed the email add.
 
SagaLore

SagaLore

Elite Member
Dec 18, 2001
24,036
21
81
Originally posted by: Deeko
Have you heard of "SSL"?

Is it theoretically possible you're in trouble? Sure....but extremely unlikely. Don't worry about it.
Click to expand...

Well, its easier than you might think. Before the SSL/TLS is established, there is an ssl handshake. If someone recorded the entire wireless session, they could start with the client hello to the server, grab the cert and public key, grab the private key that was encrypted with the public key, decrypt it, and decode the rest of the session.

Intercepting wireless is exponentially easier than intercepting wired without anybody knowing. All the tools for handling it are already written.

BUT - that being said, I wouldn't worry about it. If you find any weird purchases, dispute them, then change your card.
 
halik

halik

Lifer
Oct 10, 2000
25,696
1
0
Originally posted by: WhiteKnight
So I'm currently on a business trip and I'm connected to the hotel wifi. I thought that I was running through hamachi to my home VPN and thus my connection was secure. However, I just realized that I forgot to change my proxy settings over and thus I was connected directly through the hotel's unsecured wifi.

The problem is that I just made two online purchases and used my credit card as well as my home address. Should I be worried?
Click to expand...

YES!!! Burn down your house, sear your finerprints and knock all your teeth out! They're AFTER YOU!! :roll:
 
S

spidey07

No Lifer
Aug 4, 2000
65,469
5
76
Originally posted by: SagaLore
Originally posted by: Deeko
Have you heard of "SSL"?

Is it theoretically possible you're in trouble? Sure....but extremely unlikely. Don't worry about it.
Click to expand...

Well, its easier than you might think. Before the SSL/TLS is established, there is an ssl handshake. If someone recorded the entire wireless session, they could start with the client hello to the server, grab the cert and public key, grab the private key that was encrypted with the public key, decrypt it, and decode the rest of the session.

Intercepting wireless is exponentially easier than intercepting wired without anybody knowing. All the tools for handling it are already written.

BUT - that being said, I wouldn't worry about it. If you find any weird purchases, dispute them, then change your card.
Click to expand...

Let me know when you've broken RSA 1024/2048. I know you work in security, so you should know better. I'll gladly handshake with you in the clear with SSL/TLS at layer5. Good luck replaying that session at L5, let alone L4.

OP:

1) If you used SSL you're fine
2) It's just your credit card, you're not liable for any charges you didn't approve.
3) If somebody has the public and private key for your session and is able to decrypt these then you're screwed and all intarweb is hosed

 
Legendary

Legendary

Diamond Member
Jan 22, 2002
7,019
1
0
Originally posted by: spidey07
Originally posted by: SagaLore
Originally posted by: Deeko
Have you heard of "SSL"?

Is it theoretically possible you're in trouble? Sure....but extremely unlikely. Don't worry about it.
Click to expand...

Well, its easier than you might think. Before the SSL/TLS is established, there is an ssl handshake. If someone recorded the entire wireless session, they could start with the client hello to the server, grab the cert and public key, grab the private key that was encrypted with the public key, decrypt it, and decode the rest of the session.

Intercepting wireless is exponentially easier than intercepting wired without anybody knowing. All the tools for handling it are already written.

BUT - that being said, I wouldn't worry about it. If you find any weird purchases, dispute them, then change your card.
Click to expand...

Let me know when you've broken RSA 1024/2048. I know you work in security, so you should know better. I'll gladly handshake with you in the clear with SSL/TLS at layer5. Good luck replaying that session at L5, let alone L4.

OP:

1) If you used SSL you're fine
2) It's just your credit card, you're not liable for any charges you didn't approve.
3) If somebody has the public and private key for your session and is able to decrypt these then you're screwed and all intarweb is hosed
Click to expand...

/thread
 
kranky

kranky

Elite Member
Oct 9, 1999
21,019
156
106
I wouldn't worry about it, OP.

Originally posted by: zoiks
My yahoo account was stolen when I used a hotel's computer. The guy who stole the account took over my ebay account, changed passwords at all my credit card sites etc. I could see him reading my mail when viewing my.yahoo.com. It was a nightmare having yahoo reset my password. I hope I never relive that again. I cancelled all my cards, called ebay and had them reset the password and changed the email add.
Click to expand...

Yeah, not a good idea to use the hotel's computer for sites you have to log in to. You have no idea what might be running on them.
 
Throckmorton

Throckmorton

Lifer
Aug 23, 2007
16,829
3
0
LOL you are paranoid. You think someone is sitting around sniffing your packets or something? Even if they were, you know you can just cancel the card right? Why do people still not realize, in the year fvcking 2008, that they aren't liable for unauthorized use of their cards???
 
I

imported_Baloo

Golden Member
Feb 2, 2006
1,782
0
0
Sonds like your connections over the wifi was just as secure asit would have been going thru your home VPN. It still would have gone over the wifi first.

Wifi is encryted, in case you did not know that.
 
E

Eli

Super Moderator | Elite Member
Oct 9, 1999
50,419
8
81
uh, no.

Originally posted by: Baloo
Sonds like your connections over the wifi was just as secure asit would have been going thru your home VPN. It still would have gone over the wifi first.

Wifi is encryted, in case you did not know that.
Click to expand...


Not unless you turn it on.

 
Alyx

Alyx

Golden Member
Apr 28, 2007
1,181
0
0
Does it happen? yes.
Is it common? Hell no.

I wouldn't worry at all.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom