# Unsecured WiFi at Hotel



## Timeshare Von (Mar 18, 2012)

You know, you're always forewarned about the unsecured WiFi at hotels and other places.  I rarely have worried about it, but have learned my lesson the hard way.

While staying in Montana, I did use the free WiFi at my hotel.  It appears that my activity was logged by a hack who then accessed by AOL account, along with my IgoUgo.com and Trip Advisor accounts.

First thing they did was change my AOL password and some settings which caused me to lose all of my saved emails regarding several recent & future trips.  This was my first signal this morning that something was UP.

Then I got an email from one of my IgoUgo editors indicating that my photo and profile had been changed and they subsequently deleted it all.  They asked that I repost accordingly, and suggested I change my password.

Finally, I went to TripAdvisor's Montana forum this morning in order to update a forum thread I was contributing to . . . only to find that my Thursday evening post had been deleted on Saturday at 3:47am (I was on the train and had not had access to the internet since approximately Friday at 6:30a!)  I also checked my profile there only to learn the hacker changed my password and email contact info to some bogus .gmail account.

I've been able to fix the AOL password issues but lost all of the content deleted.  I was also able to fix the issues with IgoUgo.com.  Unfortunately, because TripAdvisor requires your current password to change to a new one, and I don't know what this yutz changed it to, I cannot change it easily.  Additionally, in trying to change it an email to their email address was generated advising that "someone" is trying to change "their" password.

I have an email into TripAdvisor regarding the issue but no response yet.  What a nightmare!

I'm just thankful I did not access any banking info from on the road via this unsecured WiFi connection.  Word to the wise . . .


----------



## linsj (Mar 18, 2012)

This is why I pay $40/year for Witopia, a personal VPN that encrypts my Internet traffic both ways. I have to do more than email and Web browsing, including online bill paying, while out of town, so it's worth the expense to me.


----------



## Timeshare Von (Mar 18, 2012)

linsj said:


> This is why I pay $40/year for Witopia, a personal VPN that encrypts my Internet traffic both ways. I have to do more than email and Web browsing, including online bill paying, while out of town, so it's worth the expense to me.



Good to know . . . I'll pass this on to my hubby who handles our home IT needs   Thanks!!!


----------



## dioxide45 (Mar 18, 2012)

What did they have to gain? Other than to cause havoc?


----------



## SOS8260456 (Mar 18, 2012)

dioxide45 said:


> What did they have to gain? Other than to cause havoc?



Sometimes I think that is all they want to do.  It takes all kinds in this crazy world we live in.

Sorry for the trouble you are dealing with and hope you can get it all straightened out.

I hope alot of bad karma goes to the hacker,


----------



## pjrose (Mar 18, 2012)

I suppose they could gain the login to your bank account and credit cards if you're doing any of that on vacation.  

What can we do to prevent this?


----------



## dioxide45 (Mar 18, 2012)

pjrose said:


> I suppose they could gain the login to your bank account and credit cards if you're doing any of that on vacation.
> 
> What can we do to prevent this?



That information is usually transmitted over a 128 bit encryption. I am thinking that the AOL and TripAdvisor stuff wasn't.


----------



## Nickfromct (Mar 18, 2012)

pjrose said:


> I suppose they could gain the login to your bank account and credit cards if you're doing any of that on vacation.
> 
> What can we do to prevent this?



If there is a choice between wired and wireless internet. I always use the wired. If we need wireless for some reason, like multiple devices in the room I bring my own travel router which is password protected.


----------



## BoaterMike (Mar 18, 2012)

pjrose said:


> What can we do to prevent this?



Either use a secure personal travel router like Nickfromct says or a personal vpn like linsj mentioned.   I use the personal vpn myself when I travel.  It runs about $50 per year and is worth it for the peace of mind.  



dioxide45 said:


> That information is usually transmitted over a 128 bit encryption. I am thinking that the AOL and TripAdvisor stuff wasn't.



True, if the gateway or router was security enabled.  If not, a novice hacker could easily access the computer on an unsecure network even though the web page was secure.   

Reasonable caution is always a good thing.  

Mike


----------



## Timeshare Von (Mar 18, 2012)

dioxide45 said:


> What did they have to gain? Other than to cause havoc?



Since the only content that was messed with was my positive comment on TripAdvisor regarding my experience at the Best Western Rocky Mountain Lodge, it could have been a disgruntled employee or perhaps a competitor hotel in the area.  It's easy enough to access an unsecured WiFi (BW didn't even have a "user ID" code for guests to log-in with), that someone could sit in the parking lot or within a block or so to log into their system.

The hacker also went into my IgoUgo account and changed my photo and posted some rather lewd info into my profile . . . perhaps making it personal.

Who knows other than maybe idle hands and stupid minds!


----------



## Timeshare Von (Mar 18, 2012)

dioxide45 said:


> That information is usually transmitted over a 128 bit encryption. I am thinking that the AOL and TripAdvisor stuff wasn't.



My DH said there is software out that that hackers can use to actually access people who are online via an unsecured connection, that allows them (the hacker) to see everything on their screen that I would have been seeing and doing online.

The only password ID connections I accessed from the hotel were my T/SVon AOL account and the two travel sites (IgoUgo & TripAdvisor).


----------



## Timeshare Von (Mar 18, 2012)

BoaterMike said:


> Either use a secure personal travel router like Nickfromct says or a personal vpn like linsj mentioned.   I use the personal vpn myself when I travel.  It runs about $50 per year and is worth it for the peace of mind.
> 
> 
> 
> ...



I will obviously need to have my home IT guy (DH) figure out a game plan so that we do not incur in the future.  I suppose I've been fortunate given the amount of travel I do to, and the amount of unsecure WiFi use I've had in the past.  I feel rather stupid to have fallen victim this time but am glad to have not conducted any business via the internet over the unsecured access.


----------



## Sandi Bo (Mar 18, 2012)

Oh geez, sorry for you troubles.  Thank you for posting as it a good reminder to be cautious.


----------



## Passepartout (Mar 18, 2012)

We can only hope the perp didn't load some malware on your computer that would allow further tricks. With our travels, we are careful not to access any financial sites unless we have a secure connection. Sometimes I wonder how 'secure' secure is, but so far we have been lucky.

New rule henceforth: No accessing any passworded sites from public networks.

Thanks Von, for bringing this necessary warning to us in a way that gets our undivided attention.

Jim


----------



## dioxide45 (Mar 18, 2012)

Timeshare Von said:


> My DH said there is software out that that hackers can use to actually access people who are online via an unsecured connection, that allows them (the hacker) to see everything on their screen that I would have been seeing and doing online.
> 
> The only password ID connections I accessed from the hotel were my T/SVon AOL account and the two travel sites (IgoUgo & TripAdvisor).



My guess is however that these user IDs and passwords were being transmitted without any encryption and they were able to capture them form their movement over the network rather than seeing what was on your screen. They would have to have been able to install something on your system to capture key strokes. The fact that they were able to easily capture would make me think that they were just monitoring the data traffic over the networkn and captured it that way rather than hacking directly in to your system.


----------



## Timeshare Von (Mar 18, 2012)

Passepartout said:


> We can only hope the perp didn't load some malware on your computer that would allow further tricks. With our travels, we are careful not to access any financial sites unless we have a secure connection. Sometimes I wonder how 'secure' secure is, but so far we have been lucky.
> 
> New rule henceforth: No accessing any passworded sites from public networks.
> 
> ...



Happy to share ALL of my travel adventures . . . the bad with the good 

My DH has gone through my netbook and there was nothing there in terms of malware, viruses, etc. so that was good news.


----------



## pjrose (Mar 18, 2012)

How do we know if it's a secure vs not secure connection?

Would an Airport qualify as a router?  It'd be password protected, but once the info leaves the Airport or other router and gets into the wider wireless system, isn't it fair game for hackers at that point?


----------



## riverdees05 (Mar 19, 2012)

BoaterMike,

Which personal vpn do you use?


----------



## zinger1457 (Mar 19, 2012)

pjrose said:


> How do we know if it's a secure vs not secure connection?
> 
> Would an Airport qualify as a router?  It'd be password protected, but once the info leaves the Airport or other router and gets into the wider wireless system, isn't it fair game for hackers at that point?



The only way the wireless connection would be secure is if they use some type of encryption like WPA2 which is extremely rare for a public hot spot.  Just requiring a passcode means little, it does not provide encryption, just limits who can access it.  Once your connection hits the airport wireless router it should at that point travel the Internet over wired connections.

A good app to use for web browsers is a password manager like LastPass.  It won't protect you in all cases but will help if a keyboard logger is being used on your system.


----------



## Timeshare Von (Mar 19, 2012)

Based on our reconstruction of the issue, it appears the hacker was using a Firefox add-on called "FireSheep" that allows shadowing of users on an open WiFi network.  It does not monitor or collect key strokes.


----------



## BoaterMike (Mar 19, 2012)

riverdees05 said:


> BoaterMike,
> 
> Which personal vpn do you use?



I had been using cyberghost but switched to HMA (hide my ass).   I changed to  HMA at the time because of the combination of ease of use and value.   There may be others equal or better, as I have not made a comparison since last Fall.   

I may be making a change again this year if there is a reliable  vpn that has both Windows and Android versions for one fee.  

Mike


----------



## eakhat (Mar 19, 2012)

It's a good reminder of what can happen.  Thanks for sharing your experience.

We also had something happen to us when we were using our laptop at a timeshare resort in Orlando.  Someone hacked in and took over our computer.  I think they wanted us to buy the software to get ride of "the virus."  We checked with a local place on the cost to have it professionally taken care of.  It was very expensive, and they said we could probably lose information stored on the computer.  My son, who is a computer techie, recommended we download free software from MalwareBytes, and that did the trick.  We are much more cautious when we use our computer when we travel.  After reading this blog, we'll spend the money for an encription software.


----------



## hypnotiq (Mar 19, 2012)

Its simple. Don't do anything important on unsecure wireless. There are so many ways to capture user data, its not even funny, not to mention accessing the file system of any machine that is on that unsecured wireless.

"Free" internet comes at a price. :ignore:


----------



## SmithOp (Mar 19, 2012)

dioxide45 said:


> What did they have to gain? Other than to cause havoc?



You might be surprised at how many people the the same password on many sites, and also keep copies of the registration emails. 

Down


----------



## Timeshare Von (Mar 19, 2012)

hypnotiq said:


> Its simple. Don't do anything important on unsecure wireless. There are so many ways to capture user data, its not even funny, not to mention accessing the file system of any machine that is on that unsecured wireless.
> 
> "Free" internet comes at a price. :ignore:



Understood.  Unfortunately nothing I was doing was "important".  But the hassle it created has been frustrating never-the-less.

I have regained control of my TripAdvisor account thanks to their tech folks . . . and I believe everything has been restored back to pre-hack status.


----------



## funtime (Mar 19, 2012)

Of course searching aol for password might have also brought a treasure trove of information.  Thanks for the alert.  Funtime


----------



## Passepartout (Mar 19, 2012)

Timeshare Von said:


> I have regained control of my TripAdvisor account thanks to their tech folks . . . and I believe everything has been restored back to pre-hack status.



That's great! I don't suppose that the cops back in EastPhart Montana have any care to hunt down an internet mischief doer there- unless it was another traveler staying at the hotel. If you offer to fill out a report on what you found out, they may or may not hear another report of someone having security issues linked to a stay at that place. 

Glad you got it straightened out. Now to find some portable encription solution to travel with. Honest to Pete, it's gonna come down to packing your electronics in a suitcase and your clothes in a shaving kit!

Jim


----------



## Timeshare Von (Mar 19, 2012)

Passepartout said:


> That's great! I don't suppose that the cops back in EastPhart Montana have any care to hunt down an internet mischief doer there- unless it was another traveler staying at the hotel. If you offer to fill out a report on what you found out, they may or may not hear another report of someone having security issues linked to a stay at that place.



Well I do have a call into the hotel manager. I'm sure he'll give me the standard "there is a notice/warning that it is unsecured" but it's worth giving him a head's up if for no other reason than to encourage them to add a level of internal security with a user ID they can give to their guests.

Sure it's not foolproof especially if he has an employee doing this stuff in the middle of the night (all of my activity was!) . . . but it would prevent someone in the neighborhood scabbing their WiFi or just sitting out in the parking lot using it.

I doubt I'll bother with a police report.  But who knows?  It may be worth a call, after I speak to the hotel manager.


----------



## riverdees05 (Mar 19, 2012)

*HMA Question*

Can you download HMA to more than one computer you use it on more than one computer at the same time?


----------



## BoaterMike (Mar 19, 2012)

riverdees05 said:


> Can you download HMA to more than one computer you use it on more than one computer at the same time?



I've not tried.  I'm sure that they intend for one license on one computer.  I'll let you know later.  

Update:  Yes, I tried reaching two different server locations and was successful.   

Mike


----------



## Jaybee (Mar 19, 2012)

Yvonne... I'd like to thank you, too, for sharing your miserable hacking experience.  We've never given one single thought to using caution with free wifi service.  

I routinely visit our banking, investment, and CC sites when we travel.  I'm quite sure they're all using secured connections, but not thinking about it isn't a very smart thing, is it?

We're going to look into an encryption program. I need to look, first, to see how much protection our AVG Security is giving us. 

Practice safe eating, too.  Always use condiments.


----------



## Timeshare Von (Mar 20, 2012)

*End of Story . . . I think*

TripAdvisor has restored everything back to before the hacker accessed my account there.  It took a while, but it's done!

I spoke with the hotel manager who was appropriately concerned.  They said that they never gave much thought to having an internal password for guests but after this, they will be discussing with their IT vendor so as to add at least some level of security to their guests using their free WiFi service.

I won't be bothering with a police report as it doesn't seem of any value especially since the hotel said to the best of their knowledge this was the first/only instance of such misuse of their WiFi.

I'm glad out of this came some learning for others.  As I said, I know about the risks and never gave it much thought.  Who would think someone would have the time to go messing around on internet travel sites?  I would expect it if they had something to gain, even if it is illegal to do so.  But to just screw up someone's day because "they can" seems so juvenile and stupid.

My husband is making a project out of the experience, reverse engineering the hack software (FireSheep) to see what we can do to avoid its future use on us while traveling.  He's a bit of a geek that way.


----------



## hypnotiq (Mar 20, 2012)

There's no excuse for places that offer free wifi to not secure it. 

It's easy to do and easy enough to give guests the information while they're staying there.


----------



## Timeshare Von (Mar 20, 2012)

hypnotiq said:


> There's no excuse for places that offer free wifi to not secure it.
> 
> It's easy to do and easy enough to give guests the information while they're staying there.



Agreed . . . the only thing is it will not prevent a guest or employee of the hotel from playing games.  But any little bit helps


----------



## zcrider (Mar 20, 2012)

*lots of info in most peoples e-mail accounts!*

If you think about it, most people have tons of info in their e-mail accounts.  What is to stop them from seeing an e-mail from a bank, going there and clicking the forgot password option and having it resent to them before you find out and reclaim your e-mail account?  
   Not sure I understand how did you get your e-mail account back once the password was changed?


----------



## Kal (Mar 20, 2012)

BoaterMike said:


> I had been using cyberghost but switched to HMA (hide my ass). I changed to HMA at the time because of the combination of ease of use and value. There may be others equal or better, as I have not made a comparison since last Fall...


 
What are the comparison criteria you will use?  Have you found any technical problems in using a VPN while away from home?  Does it provide sufficient security for you to log onto a financial account thru the internet?


----------



## Timeshare Von (Mar 20, 2012)

zcrider said:


> If you think about it, most people have tons of info in their e-mail accounts.  What is to stop them from seeing an e-mail from a bank, going there and clicking the forgot password option and having it resent to them before you find out and reclaim your e-mail account?
> Not sure I understand how did you get your e-mail account back once the password was changed?



I can't explain it for other email providers.  With AOL all I had to do was go back into my primary account (screen name) with the answer to my "secret question" from which I could change passwords for any/all of my sub-accounts with AOL (I have 5 screen names for various professional and social purposes).

Because all of my AOL email addresses used the same password, I changed all to something new.


----------



## BoaterMike (Mar 20, 2012)

Kal said:


> What are the comparison criteria you will use?


Just my own personal assessment of available services at the time.  It's not a highly technical or complex comparison.  Just what I liked at the time for # of servers, reputation, etc.   I generally start with comparisons on Lifehacker.com, TechCrunch  and other resources and go from there.  There certainly may be other services out there equal or better.  I would encourage all to do some research, as I will do when my term comes up for renewal.  



Kal said:


> Have you found any technical problems in using a VPN while away from home?


Not at all.  I really don't need it at home.  It's more for when I travel.  Matter of fact, right now I am sitting in a hotel room in southern Illinois, but the cyberworld actually thinks I am entering it from a point in Colorado.  



Kal said:


> Does it provide sufficient security for you to log onto a financial account thru the internet?


Yes, it's a secure tunnel to sites that are https.  

Bottom line is that if you are using wifi, make sure that your network has adequate security.   And, if you travel make sure that the network you are connecting to is secure or you supply your own protection whether it be personal vpn or personal travel router.  

Mike


----------



## Ridewithme38 (Mar 20, 2012)

BoaterMike said:


> I had been using cyberghost but switched to HMA (hide my ass).   I changed to  HMA at the time because of the combination of ease of use and value.   There may be others equal or better, as I have not made a comparison since last Fall.
> 
> I may be making a change again this year if there is a reliable  vpn that has both Windows and Android versions for one fee.
> 
> Mike



I like HMA Pro, i've used it in the past for several different reasons and it's always been reliable and dependable...i have it setup so my browser(Well my Chrome Incognito browser) won't start up unless HMA Pro is running and that is the only browser i use while traveling

HMA pro is also good if you get 'banned' from a forum, but still want to read it...just sayin


----------



## BoaterMike (Mar 20, 2012)

Ridewithme38 said:


> HMA pro is also good if you get 'banned' from a forum, but still want to read it...just sayin



There are certainly a few reasons to remain anonymous at times.


----------



## Kal (Mar 21, 2012)

How about a "travel router" which would protect your data and privacy.  A wireless broadband router can encode all wireless transmissions with WEP or extra-strength WPA personal encryption.  It would appear the device would provide an equivalent encryption afforded by the VPN software.  It also would provide a Wi-Fi hot spot for multiple computers/users.  

The major difference would be cost over time.  The router would be a single payment of maybe $50 (Newegg.com) while the VPN subscription would be a continuing cost of maybe $70 per year.

Am I missing something here?


----------



## Ken555 (Mar 21, 2012)

Kal said:


> How about a "travel router" which would protect your data and privacy.  A wireless broadband router can encode all wireless transmissions with WEP or extra-strength WPA personal encryption.  It would appear the device would provide an equivalent encryption afforded by the VPN software.  It also would provide a Wi-Fi hot spot for multiple computers/users.
> 
> The major difference would be cost over time.  The router would be a single payment of maybe $50 (Newegg.com) while the VPN subscription would be a continuing cost of maybe $70 per year.
> 
> Am I missing something here?



Not all timeshares/hotels offer a wired connection option. A travel router also only protects the wireless portion of the communication (definitely do not use WEP as that was hacked years ago), it is possible for another hotel guest on the same network to still grab your data so a VPN is always the best, even with a router as it encrypts the communication from you to the destination, not just from you to your router (which is also in your room).

It always surprises me how many people on a hotel network share their computer. I often can see computer name, iTunes library, etc... You should disable your computer sharing, enable the software firewall, and make certain you have a good backup before you leave home if you won't be using your own router.


----------



## zinger1457 (Mar 21, 2012)

Ken555 said:


> A travel router also only protects the wireless portion of the communication (definitely do not use WEP as that was hacked years ago), it is possible for another hotel guest on the same network to still grab your data so a VPN is always the best, even with a router as it encrypts the communication from you to the destination, not just from you to your router (which is also in your room).



I agree a personal VPN is the way to go when using a public wireless connection but it only creates a tunnel and encrypts from your computer to the 'hopefully' secure VPN server, not to your final destination.  Need to make sure when selecting a VPN service that it is not only secure but also that it has servers in multiple locations so it doesn't make your already slow hotel Internet connection even slower.


----------



## riverdees05 (Mar 21, 2012)

So what is the best personal VPN service for us timesharers that travel all over the USA and other countries?


----------



## Kal (Mar 21, 2012)

It sounds like the router in the hotel room will provide a secure connection in the room, but once it passes the router, not so good.

For a VPN, the secure connection continues to their server, but I would have to find out if the VPN provider has a server located anywhere near my land's end destination.

Then there's the question of using a https web site.


----------



## linsj (Mar 21, 2012)

riverdees05 said:


> So what is the best personal VPN service for us timesharers that travel all over the USA and other countries?



I don't think you can come up with a best. I've had Witopia for several years and have been happy with it. And I travel the world.


----------



## theo (Mar 21, 2012)

*Clueless, seeking clues...*



BoaterMike said:


> I had been using cyberghost but switched to HMA (hide my ass).   I changed to  HMA at the time because of the combination of ease of use and value.   There may be others equal or better, as I have not made a comparison since last Fall.
> 
> I may be making a change again this year if there is a reliable  vpn that has both Windows and Android versions for one fee.
> 
> Mike



While somewhat reluctant to admit my boundless technological ignorance, I would certainly like to learn more about this "personal vpn" --- specifically for use on my laptop while in travel status.  I am aware of the security risks of using unsecured wireless access, but often have no real choice.

Any suggestions or direction to point me in to how / where I might better educate my technology-challenged self on acquiring / adopting "HMA" and the like?


----------



## BoaterMike (Mar 21, 2012)

Kal said:


> For a VPN, the secure connection continues to their server, but I would have to find out if the VPN provider has a server located anywhere near my land's end destination.



It doesn't really matter that much.  Granted, distance may have a slight impact on speed.   



Kal said:


> Then there's the question of using a https web site.



Not sure about the question.  That's what you want to connect to when you do banking or secure transactions, email, etc. 



theo said:


> Any suggestions or direction to point me in to how / where I might better educate my technology-challenged self on acquiring / adopting "HMA" and the like?



While I am using HMA, there are many reputable services out there.  Witopia, suggested by linsj, gets very good reviews from users.  It's certainly worth a look.  Also, check with your antivirus software vendor.   I use Avast, and they are supposedly adding this service in 2012.

Here are a couple of tech articles that can get you started.   They are from 2011 but will help with some info and recommendations.  

www.computerworld.com/s/article/9205401/

http://lifehacker.com/5759186/five-best-vpn-service-providers

Mike


----------



## TravelSFO (Mar 28, 2012)

*Unsecure TUG login*

Do you value your TUG login credentials?  If not, don't worry about what I'm going to say.  

If you do, be aware that TUBbbs, unfortunately, does not provide https login.  This means that your TUG credentials are sent in the clear and can be seen/sniffed over unsecured networks.  

Most good Banking sites (not all!) will have full encryption from the point of login to logout.  Depending on which browser you are using, an indication that you're connecting via SSL encryption is the https://... URL or a padlock icon showing locked, not unlocked state.

Still unsure?  Just make sure you add the https:// in front of any URL you use.  If it loads, you have SSL encryption.  If it doesn't -- then you don't.

I just posted a request to the TUG Admins in the TUG section of the forums.  Its not difficult to implement so I'm baffled as to why the response is .. just don't use any credentials you care about.


----------



## Timeshare Von (Mar 28, 2012)

TravelSFO said:


> Do you value your TUG login credentials?  If not, don't worry about what I'm going to say.



Maybe I should be but I'm not.  To the best of my knowledge, there is little to nothing here of real value or at risk should my user ID here get hacked or abused.


----------



## Ridewithme38 (Mar 28, 2012)

TravelSFO said:


> Do you value your TUG login credentials?  If not, don't worry about what I'm going to say.
> 
> If you do, be aware that TUBbbs, unfortunately, does not provide https login.  This means that your TUG credentials are sent in the clear and can be seen/sniffed over unsecured networks.
> 
> ...



Most BBS Software doesn't use HTTPS for logging in...Now, i'm not going to comment on if that is safe or smart, just kinda the way it is, he may have to completely pull down the site to implement it


----------



## BoaterMike (Mar 28, 2012)

TravelSFO said:


> If you do, be aware that TUBbbs, unfortunately, does not provide https login.  This means that your TUG credentials are sent in the clear and can be seen/sniffed over unsecured networks.



While not a bad idea, It's not really that uncommon that encryption is lacking for message forums.    As previously mentioned, you're at risk for your ID and password for the forum and that's it.  Banking and financial sites is a different matter.


----------



## Ken555 (Mar 28, 2012)

This isn't a secure site. There's no need for ssl.


----------



## Talent312 (Mar 28, 2012)

I seriously doubt that anyone has any interest in my TUG credentials.
Except perhaps an "enemy" who'd try to spoof one my posts.

However, I do not use my "public" ID+Pwd for more sensitive sites.


----------



## Ridewithme38 (Mar 28, 2012)

I don't get why we are calling a forum user name "Credentials"...its a username not a social security number, bank ID,  drivers license ID....i know when someone asks me for my credentials, i don't give them my Forum ID


----------



## mike130 (Mar 28, 2012)

*Private Tunnel*

I use a service called Private Tunnel  https://www.privatetunnel.com/  If you don't use a VPN too often this is a good choice. No monthly fee.  You buy a block of bandwidth 50gb, 100gb, 500gb for Data Transfers.  It's good until you use it.  It doesn't expire.


----------



## Kal (Mar 28, 2012)

BoaterMike said:


> ...While I am using HMA, there are many reputable services out there. Witopia, suggested by linsj, gets very good reviews from users. It's certainly worth a look. Also, check with your antivirus software vendor. I use Avast, and they are supposedly adding this service in 2012.
> 
> Here are a couple of tech articles that can get you started. They are from 2011 but will help with some info and recommendations.
> 
> ...


 
FYI, I tried to get into the HMA site but my anti-virus software finds it as a "dangerous site" and blocks me from getting into it.  I wonder why?  Maybe it's as simple as the name.


----------



## BoaterMike (Mar 28, 2012)

Kal said:


> FYI, I tried to get into the HMA site but my anti-virus software finds it as a "dangerous site" and blocks me from getting into it.  I wonder why?  Maybe it's as simple as the name.



I guess it could happen, Kal.  I don't know what software you are running, but that's pretty strict control.  Does that happen often?  It's a Canadian site. I use a browser extension that scores trust worthiness and HMA is up there, almost as high as TUG or Google. 

But, don't do something that makes you feel uncomfortable.  Try one of the other ones suggested like Witopa, Cyberghost, etc.    

Mike


----------



## TravelSFO (Mar 28, 2012)

Timeshare Von said:


> Maybe I should be but I'm not.  To the best of my knowledge, there is little to nothing here of real value or at risk should my user ID here get hacked or abused.



If you don't recycle your username and password there is probably very little to be concerned about.  The only thing someone might find is your email address, perhaps a city and state if you added that, your name.  Once a hacker has your email address, of course, the first thing they would try is to access it using the credentials that they have just obtained over the wire because it was sent in the clear.  

But I'm sure no one here would use the same password for their tug account as s/he would for the email account.


----------



## TravelSFO (Mar 28, 2012)

BoaterMike said:


> While not a bad idea, It's not really that uncommon that encryption is lacking for message forums.    As previously mentioned, you're at risk for your ID and password for the forum and that's it.  Banking and financial sites is a different matter.



Don't kid yourself that the credentials on a BBS site are any less valuable.  With access to your TUG credentials, the hacker has access to an email address and perhaps more, a mailing address, perhaps birthdate.   

Providing https login is not the same as encrypting the site.  Https login would just be the login page where you enter a username and password.  With https login, when you submit, your credentials are encrypted.

Also https is "cheap".  Enough in fees here are collected and there are enough members that I am very surprised this has not happened.


----------



## BoaterMike (Mar 28, 2012)

TravelSFO said:


> Don't kid yourself that the credentials on a BBS site are any less valuable.  With access to your TUG credentials, the hacker has access to an email address and perhaps more, a mailing address, perhaps birthdate.



Could happen.  Just what I've observed on other forums.


----------



## riverdees05 (Apr 9, 2012)

What do folks use with their iPads, etc.?


----------

