News   Dec 20, 2024
UrbanToronto Year-End Poll: Vote on the Best Buildings of 2024, presented by Sapphire Balconies
 3.2K     11 
News   Dec 20, 2024
UrbanToronto's Social Media Presence Skyrocketed in 2024
 1.1K     3 
News   Dec 20, 2024
Mattamy Homes Records A Year of Accomplishments
 2K     0 

GO Transit: Service thread (including extensions)

Caught the WiFi car on the Stouffville Line today

20180524_170947_HDR.jpg
20180524_170814_HDR.jpg
 

Attachments

  • 20180524_170947_HDR.jpg
    20180524_170947_HDR.jpg
    222.5 KB · Views: 862
  • 20180524_170814_HDR.jpg
    20180524_170814_HDR.jpg
    196.2 KB · Views: 839
^
Your PRESTO card is your unique access number to connect to free Wi-Fi during the field trial.Your PRESTO number identifies you as a customer and you won’t have to log in again as the system will recognize your device. No PRESTO information is used aside from the number and it will be deleted after it is validated.
Click to expand...
Uh oh...I'm not a computer tech, or a digital communication tech, but I am a technologist in other areas of electronics, and I'm savvy enough to worry about security aspects of using that number.

I'll watch for any stories showing on that.

1. How do I connect to the free Wi-Fi services?

Connect to free Icomera Wi-Fi:

1. Choose “Move_Free_Wi-Fi”

2. Once redirected to MoveFreeWi-Fi.com, log in using your email address and the last 11 digits of your PRESTO card.
[...]
4. Why do I need to give my PRESTO card number to connect to free Wi-Fi? Is my personal information being shared if I enter my number?

Your PRESTO card is your unique access number to connect to free Wi-Fi during the field trial. Your PRESTO number identifies you as a customer and you won’t have to log in again as the system will recognize your device. No PRESTO information is used aside from the number and it will be deleted after it is validated.
Click to expand...
And someone sitting a few seats away phishing for those numbers and personal email addresses?
 
Last edited:
TORONTO: May 25, 2018 – Canadian Pacific Rail labour unions are again in a legal strike position as of noon on Monday, May 28, 2018, which could impact some GO Transit rail services. While we are hopeful that an agreement can be reached, we have plans in place to ensure customers can continue to travel safely and as easily as possible if a strike occurs.

Our plans have been adjusted since our last communication to customers in April and no train services need to be cancelled. In the event of a CP labour disruption, we are now able operate trains into Hamilton GO Centre.

However, the potential for delays on CP-owned track increases during a labour disruption, so we recommend customers plan ahead and keep updated.

Why would a CP strike impact my GO train service?

While GO Transit owns a majority of the rail network over which it operates, some sections are owned by other rail companies, including CP. Specifically, CP owns and maintains the Milton rail corridor, as well as an intersecting portion of the Barrie corridor and the spur serving the Hamilton GO Centre.

If there is a labour disruption, there will be fewer CP staff members available to address any signal or switch issues, meaning potentially longer delays for train customers in Hamilton, and along the Milton and Barrie lines.

Keep informed
Safety continues to be Metrolinx’s top priority and customers can be assured that GO Transit remains the safest way to travel. Please check the GO website for updates and sign-up for On The GO alerts to keep in the know.
 
2. Once redirected to MoveFreeWi-Fi.com, log in using your email address and the last 11 digits of your PRESTO card.
Click to expand...

steveintoronto said:
And someone sitting a few seats away phishing for those numbers and personal email addresses?
Click to expand...

It depends how that data is being sent from the user device to the authorization system. Is it transmitted in the clear, or is the MoveFreeWi-Fi.com login page secured with https? If secured, then as long as the connection between MoveFreeWi-Fi's system and GO for the authorization request is similarly secured (and this would be on the satellite backhaul and probably invisible to the guy a few seats away) then there's not a concern. It sounds like your device' MAC address is added to a white-list for future login-free use, and yes an eavesdropping hacker a few seats away could clone that to get onto the system in the future without an address and Presto number of their own, but that wouldn't give away any of your personal data. The way they describe it ("No PRESTO information is used aside from the number and it will be deleted after it is validated."), the white-listed MAC address does not remain associated to your account.
 
KevinT said:
It depends how that data is being sent from the user device to the authorization system. Is it transmitted in the clear, or is the MoveFreeWi-Fi.com login page secured with https? If secured, then as long as the connection between MoveFreeWi-Fi's system and GO for the authorization request is similarly secured (and this would be on the satellite backhaul and probably invisible to the guy a few seats away) then there's not a concern. It sounds like your device' MAC address is added to a white-list for future login-free use, and yes an eavesdropping hacker a few seats away could clone that to get onto the system in the future without an address and Presto number of their own, but that wouldn't give away any of your personal data. The way they describe it ("No PRESTO information is used aside from the number and it will be deleted after it is validated."), the white-listed MAC address does not remain associated to your account.
Click to expand...
Excellent post. I didn't want to conjecture too far without having the terms and processes understood, but it appears that there might be some reverse leakage for the eml addies, and with that, the ability to put a personal identity to the number. This may not in itself seem that great a security concern, but as we've seen with the 'mining' of layers of info from other sources, and Facebook is a classic, much of that info can be vertically stacked to discern behaviours that are arguably private data.

I'll dig further on this later, as your point on http v https is an important one, even on this very site! I found myself being logged in here in http some time back, had to force it to be https. I'm not fully aware of the degree of exposure, but do know that some browsers wouldn't allow it without an alert being posted.

I look forward to further discussion with you on this. If there is an exposure, there may be a way to mitigate it....not that a lot of people care....ended up having a huge discussion with some friends on Apple SSO (Single Sign On) and their wondering why sending links to everyone wasn't necessarily working.

Like many users, they were completely unaware of how licensing from Apple, MS and others allows a 'seamless experience'....but at the cost of security by using an SSO.

And that's what folks will be looking for with their 'wi-fi on GO'. I have to wonder why it can't be openly available for all to use on the car, without even having to sign-in at all....download and rate limits can be applied to all users if need be. That may be my limitation of not knowing the latest security protocols however.
 
You must log in or register to post here.

Back
Top