Or specifically the application/OS on an Ipod touch?
I use my Ipod Touch on open wifi hotspots sometimes. I’ve yet to check my mail, login to the sdmb, etc. because I’m guessing that traffic is sent out on cleartext and could be taken by anyone with a wifi packet sniffer. Is that the case?
If so, how difficult would it be to set up an encrypted VPN to my home computer in order to securely use hotspots?
There is no encryption on open wifi hotspots. Anybody with a laptop nearby could sniff the traffic.
It will be very difficult to setup a VPN to your home computer.
Wireless encryption only protects you from snooping on the local network. Your packets still traverse the public internet, and anyone who happens between you and the destination could sniff the contents if they want to. The moral to the story is that you should be using end-to-end encryption like HTTPS, SFTP, etc. for anything that you really want to keep private.
The SDMB does not seem to support HTTPS connections. That said, the SDMB at least uses password hashes rather than transmitting plaintext passwords. In particular, they appear to be using unsalted MD5 hashes. While it could be worse, this isn’t the most secure thing in the world, either. A stolen password hash can be used to bruteforce your password offline, maybe with the help of rainbow tables or a good MD5 hash database. If your password is longer than about 8-9 characters, and/or contains at least 1 non-alphanumeric character (ex.: %), then you probably don’t need to worry about bruteforcing or rainbow tables. That still leaves the online databases, which might cover something more complex if you password happens to be something that someone, somewhere might possibly conceive of. When in doubt, calculate the MD5 hash of your password and submit it to the database to see if you get any hits. 
YMMV for other sites. I wouldn’t rely on the security of hashes for anything of critical importance, like banking, but it’s probably acceptable for something like the SDMB.
Be careful when it comes to underestimating rainbow tables. Going off of the first google hit for “md5 rainbow tables” makes it look like they’ve got everything calculated for 7 or less characters including non-alphanumerics in the mix (first set of tables here). They’ve also got passwords without symbols calculated out to 10 characters as long as it starts with letters and ends with a few numbers, so they could even crack something like “dsfhbgj238”.
The iPod Touch does support PPTP and IPSec VPNs. Your best bet would be to use a router at home that supports these VPN protocols - or use a modified firmware like DD-WRT or OpenWRT that also supports PPTP.
It would not be easy, but it is not too hard (given that there is now a specific open router from Linksys available for these firmware installations).
Si
Nope. That’s why they’re called “open.”
Unless you’re extra-paranoid, you can do your banking on one, so long as you’ve got an https connection to the bank’s site. Realistically, the larger challenge may be whatever flavor of web browser you have.
Even today, some banks only support Internet Explorer, and it’s a happy accident if any other browser works. Bank of America, for example, plans to support Firefox 2.2 soon, but they do support Netscape 6.2 or higher, Safari 1.0 or higher, and Internet Explorer 5.0 and higher. Wells Fargo supports IE 6.0 or higher, Firefox 2.0.0.8 or higher, Safari 1.0 or higher, but no mention of Netscape. Interestingly, they also specify that beta versions are not supported.
For checking email, either use a secure browser (https) for web-based email, or see if your provider can support SSL (Secure Sockets Layer) if you’re using an IMAP or POP3 application such as Outlook or Apple Mail. It’s usually painless to engage - for my ISP, it’s just a matter of checking the “Use SSL” box in the account setup in my email program.
(ETA: bolding added)
Me so dumb; please explain in small words.
I have a BOA account (credit card), and I normally log in using http:// in Firefox 3. Just for shits and giggles, just now I tried connecting to https:/ /www.bankofamerica.com (deliberately broken link) and got to what looks like the page I always see. Is that all there is to using https:// – just add the “s”, and if they have a secure connection available, you’re connected to it?
I’m also curious about the talk of setting up stuff with the home router, as most of the time (yes?) you’d be using an iPod Touch away from home (at least I would if I had one). Or does that apply only if you’re using it on a home wireless network with the possibility of neighbors hacking in? (I’m in the boonies, so that’s not really a concern for me.)
I do use an https connection for e-mail on my laptop using public Wi-Fi, but I did that only after triple-checking with my ISP.
Yep. They’re actually turning it on for you - just to see what happens with them, I aimed my browser at www.bofa.com, and it automatically came up as https:\bankofamerica.com
Using a secure browser connection is only one of several requirements for online banking - we’re bound by Federal guidelines to require secure browsers, plus all of these other new identification things like “Is this your picture?” or “We don’t recognize this computer. Please enter the last four digits of your ATM card number.”
As for setting up a connection to home - why do you want to do this? Depending on things like whether you want to access files on the home PC or run applications on it, and if it’s a PC or a Mac, there are different applications to pick from and you may also need a new broadband router at home in order to set up what’s generically known as a VPN or Virtual Private Network.
I don’t want to; I see it discussed upthread (OP and posts #2 and #5) and am wondering what the heck your home network has to do with surfing via Wi-Fi at the library or wherever. Unless these people are surfing with their iPod Touch at home for some reason.
If you set up a VPN to your home network, the traffic between your mobile device and your home network will be encrypted. From there, your home network will grab the data from the internet and return it to you over that VPN. It’d be as secure as accessing the internet from home.
Part of the problem is that the Iphone/touch has their own apps for stuff like e-mail and even Bank of America has an iphone app for online banking. Do they use security built into the app itself? I have no idea.
So (theoretically, as I have no plans to do this), I could sit at the coffeeshop 20 miles away and connect to the Internet through my home network (assuming devices are on, etc.)?
Man, Arthur C. Clarke had it right.
Sure, you could do it from 2000 miles away.