What are potential security risks when using an insecure wireless connection?

but if I rely on HTTPS (assuming a valid certificate) for all sensitive browsing, (banking, social media, e-mail, etc.) then is there still an issue?

Yes and no. It has been demonstrated that HTTPS can be circumvented, giving the user almost no clue that this happened. You can read more about this here: SSLSTRIP

On the same site you can read about a vulnerability that IE had which made HTTPS not secure (IE Basic Constraints vulnerability. Even if this vulnerability has ever since been patched, this shows that even if HTTPS is secure in itselft, one of its implementations can be broken and therefore make you vulnerable to an attack.

Finally, this article explains five ways in which you could break HTTPS.

This doesn't mean of course that HTTPS is not secure or that it's useless, far from it, but you shouldn't feel 100% safe when you are using it.

Also, I know that it is as well trivial to obtain a user's MAC address, but I am not aware of any dangers associated with this. If I understand correctly, a MAC address is no different from a physical address, and poses no harm in the wrong hands.

It can indeed be a problem. There is one type of attack, called ARP spoofing, which allows an attacker to impersonate another computer on the LAN, thereby receiving all the packets originally addressed to the legitimate user.

This is a little different from the scenario you are picturing (obtaining another user's MAC address), because here the attacker tries to associate its own MAC address to the IP address of the victim, but it's just to show you that MAC addresses can be used to attack.

Open ports are dangerous, is this why? In my specific case, I use things like MAMP, could this be a vulnerability if I were to use it while connected?

The answer in the link you posted is very good. Yes, you are more vulnerable than you would be without leaving that port open, because it's simply another way through which a malicious user could attack you.

But more and more I am starting to think that with the proper counter-measures, using an open network can be no different to using a WPA/WPA2 encrypted network.

It is different, because if you encrypt your network, an attacker would first need to enter your network. If the network is properly encrypted, this could mean a huge work for the attacker, who could then simply decide that it's not worth it :)

Assuming that I don't care about others mooching off of my internet, what are the downfalls?

As Lucas pointed out, you are responsible for your network. Suppose that some kind of illegal activities take place on your private home network, you are the one who will be held responsible (it already happened). It would be difficult, at this point, to prove that you were not involved.


An attacker sharing the wireless network can definitely pose a threat even when you are apparently communicating securely.

There is a great commercial wireless penetration test tool titled Silica that can do much of what you alluded to (i.e. Passively hijack web application sessions for email, social networking and Intranet sites.).

enter image description here

Regarding Facebook or other mobile phone applications, it depends on the applications being properly configured to communicate securely over the network.

Facebook's Help Center states:

Facebook always posts to a secure page when users are logging in and employs industry standard encryption. This may not always be apparent from the URL (web address), but rest assured our logins are secure.

But that doesn't mean your active sessions are safe - you could also become a victim by accepting a rogue SSL certificate by any number of clever means, again, allowing an attacker full visibility.

Michal Zalewski has a great blog entry titled Unencrypted public wifi should die that reveals a number of additional risks.

The best advice is still to use a VPN connection anytime you are using public wifi.


  1. No probably not unless they do SSL spoofing after rerouting some of the traffic to them. But then the users will still get SSL mismatches. So no they will be okay.
  2. I don't think so. Except maybe using the MAC to do an attack. (pretend to be him)
  3. That's why you should put those computers on a different subnet.
  4. That's true, but don't forget you are still responsible for your network. Make sure you have a policy people need to accept. If someone carries out attacks on other people through your network, they might come knocking on your door.

Make sure you block everything that's not necessary. You don't want Torrents. Implement a form of bandwidth shaping so no single user can monopolize the network.