FlyerTalk Forums - View Single Post - Internet security at Hilton
Thread: Internet security at Hilton
View Single Post
Old Aug 24, 2009 | 8:50 pm
  #4  
StayingHomeIsBetter
FlyerTalk Evangelist
10 Countries Visited
20 Countries Visited
30 Countries Visited
15 Years on Site
 
Join Date: Jun 2008
Programs: Lifetime Hilton Diamond, Lifetime Marriott Titanium, "Lifetime" DL DM (subject to DL CEO whims)
Posts: 12,799
Originally Posted by wr_schwab
I'm just trying to figure out exactly what you mean by an insecure Internet service, since sending traffic over the Internet without encryption is insecure.

Are you referring to the "login" page that usually comes up when you first connect via a Wifi and may have to enter in a username & password, or credit card number before you can get on the Internet? If you are, when you say insecure, are you getting in Internet Explorer:

There is a problem with this website's security certificate.


The security certificate presented by this website was not issued by a trusted certificate authority.
The security certificate presented by this website has expired or is not yet valid.

Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.
We recommend that you close this webpage and do not continue to this website.

If you are getting that, it does not necessarily mean that your connection to the Internet is insecure (part of it depends on how they have everything else setup). It could just mean that the website is using a self-signed certificate, instead of a certificate signed by a certificate authority such as Verisign or that your traffic going to that particular website could be compromised and someone else is sitting in the middle sniffing all of the traffic. In either case, I would not do anything on that website.

(As an IT professional, I don't believe there is any excuse for using a self-signed certificate on a server that the public can access. Exspecially since a Verisign certificate is around $400/year and if you want to do it on the cheap, Go Daddy has them for $30/year.)

Even if the site came back secure, that does not mean that your connection to the Internet is secure. It is very easy with the right tools to hijack all of the traffic on a network and read anything that is not encrypted. It takes a skilled hacker maybe 6 seconds to do that.
Thanks, as an IT professional, you have expressed the situation far better than I. And you are describing precisely what I am experiencing.

I am getting a message indicating that the security certificate has expired, or is not valid... I'd have to log off my AirCard and try the hotel system again to get the exact wording.

Bottom line, the tech support guy claims that his service is not going to renew the certificate since, in his claim, they would have to pay MS $3000 per year per hotel to do so.

And yes, I recognize that no connection is really secure... that is why I said "or, probably more accurately, an even more insecure than normal."

Perhaps, as the IT professional, you can comment on the analogy. But I perceive these security certificates to be like the lock on your front door... they only keep out the slightly larcenous. But better than nothing.

Thanks for the advice. I'll avoid the site until Hilton decides whether it is going to do the right thing and provide internet service via a site that has a proper certificate.
StayingHomeIsBetter is offline  
Reply