Here’s a short demo of sniffing.
They [TM] can possibly do this to you at that nice free public wifi spot you’re using.
They need to be on your network. This is geographically limited, by which I mean that if you’re in Kansas and visiting a server in Kansas, someone in England or Japan can’t see this stuff unless:
- They’ve compromised something on your network,
- They’ve compromised something between you and the site you’re visiting, or
- They’ve compromised something near the host you’re talking to.
However, that shady person at the coffee shop’s free wifi could see this stuff just fine. These attacks typically occur somewhere near you.
They cannot see anything going over SSL, like web pages using https, unless they’re man-in-the-middling you, which is a whole different thing. Er. That’s more than I wanted to get into, but… it’s unlikely, unless the free wifi itself is messing with you.
Anyway. You can fire up Wireshark right now and possibly see your housemates’ passwords if they’re using insecure connections. (I once showed my ex his passwords over Wireshark. Heh.)
What I’m getting at is:
- Use SSL (https, secure connections on your email client, etc.) wherever you can.
- Public wifi is super, super insecure. You probably want to use a VPN on public wifi.