Paranoid about security. I have a few quick, easy questions.

[RMerlin]

And for what it is worth - the clients will disclose the SSID's they're searching for - hidden or not, and with smartphones/tablets/laptops, it's every SSID they've ever attached to, along with the MAC address of the AP...

So, someone sitting in a coffee shop, with the right tools, they'll know where you've been, based on what your WiFi client is asking for - hidden or not...

sfx

And once they know what SSID you want to connect to, it's trivial to blindly accept you, and then start capturing your POP3 passwords as your email client tries to connect to the server (and a vast majority of users do not use SSL/TLS on their POP3 accounts).

That's one big reason why I recommend people NOT to hide their SSID, as they will then turn their client into a security liability. I know Microsoft fixed something related to that after WinXP, but how torough their fix is, I don't know...

 

[stevech]

gmail requires SSL - and it's a large percentage of all email.

 

[sfx2000]

And if super paranoid and running VPN's/TOR etc... There's still a fair amount of information leakage when you attach to a public AP, just associating, current Desktop and Mobile SW leaks out quite a bit...

And we'll not go down the path of commercial VPN providers - and the trust issues there.

If one is really paranoid that is..

 

[RMerlin]

gmail requires SSL - and it's a large percentage of all email.

A large portion of GMail users use their web browser however, not a mail client like Outlook/Thunderbird/Windows Mail, which is typically used with ISP-provided email addresses. I'm mostly talking about the latter.

 

[stevech]

A non-browser email client on gmail would have to use an encrypted connection, I presume. It's Google's policy: No pop3 email permitted, as I understand.

In prior years, I ran Outlook to an Exchange server via SSL/TLS across the Internet AND on the company LAN.
It's an option in Outlook.

Yeah, ISPs like Verizon DSL - my relatives use Outlook on that. I can't convince them to go to gmail or yahoo so they're not on an ISP's email domain. They don't what to change what works. When they move their residence... they'll see why.

 

[Chrysalis]

what does "Protected Management Frames" do security wise?

 

[htismaqe]

Yeah, ISPs like Verizon DSL - my relatives use Outlook on that. I can't convince them to go to gmail or yahoo so they're not on an ISP's email domain. They don't what to change what works. When they move their residence... they'll see why.

That's one of the biggest reasons people do change. The first time you change ISPs and realize your email has to move, it prompts a move towards some kind of ISP-agnostic email service.

 

[sfx2000]

A non-browser email client on gmail would have to use an encrypted connection, I presume. It's Google's policy: No pop3 email permitted, as I understand.

In prior years, I ran Outlook to an Exchange server via SSL/TLS across the Internet AND on the company LAN.
It's an option in Outlook.

Yeah, ISPs like Verizon DSL - my relatives use Outlook on that. I can't convince them to go to gmail or yahoo so they're not on an ISP's email domain. They don't what to change what works. When they move their residence... they'll see why.

Google still allows POP3, but they do it over the TLS port, same as SMTP and IMAP

Outlook as kind of nice using SSL/TLS (and OWA for WebMail) - I used this for years to access an Exchange server - OWA and Active Sync on handhelds - recent internal policy changes, I'm now forced to use a VPN connection first, then then back to Exchange, which just means more overhead and less convenient access to the Exchange stuff..

And completely agree about Email provided by Operators - becomes a really big deal if one has to move, and that operator may have broadband in the new location... I'm not the biggest fan of Gmail, but it works for many, also outlook.com is getting better... moving into the realm of paid email, fastmail has good reviews there.

 

[sfx2000]

what does "Protected Management Frames" do security wise?

From WiFi Alliance

What are Protected Management Frames?
Wi-Fi CERTIFIED WPA2 with Protected Management Frames provides a WPA2-level of protection for unicast and multicast management action frames. Unicast management actions frames are protected from both eavesdropping and forging, and multicast management action frames are protected from forging. WPA2 with Protected Management Frames augments WPA2 privacy protections already in place for data frames with mechanisms to improve the resiliency of mission-critical networks.​

It's a great idea, but the challenge here is that all clients that associate with an AP that enables this feature - they must support it, so in the Home/Small office grade gear, it's not used - even in enterprise space, it's rarely used.

 

[htismaqe]

I use Yahoo. It isn't the most reliable but their customer service (if you can find them) is pretty good and they don't spend a lot of time trying to upsell you (most of the time without your knowledge) on their other social networking services. I have long since stopped using Microsoft due to their draconian account policies (they don't allow you to remove an unused account without selling your firstborn) and I refuse to use Gmail since it comes with so many (some hidden) Google strings attached.

 

[Chrysalis]

protected management frames.

on my android 4.4 phone does nothing.
on my android 5.1 phone it changes this
WPA2-PSK-CCMP
to this
WPA2-PSK+PSK-SHA256-CCMP