Posted by: Dave Bateman
Hot spot, Public Internet, Security, Wi-Fi
We all know (or at least we should) that it isn’t safe to connect to an unknown WiFi signal. That’s why most of us play it safe and only connect to well-known hot spots like Starbucks and ATT. That way, we know we are safe, right? Not exactly. We still need to be careful, especially since a programmer named Eric Butler released a Firefox extension called, “Firesheep.” This extension exploits a security flaw of open WiFi. The extension was developed and released to try to bring attention to this flaw.
The security flaw is not new, but the Firesheep extension allows anyone to exploit it. Basically, it allows unencrypted communications to be intercepted. This extension only looks for information being sent to 26 websites including Facebook, Amazon, Google, and Ebay. When you are on the wireless network and attempt to log in to one of these sites, the extension intercepts the cookies that are sent. While cookies typically do not include passwords, the interceptor can theoretically access your account.
While the intention of this extension is well meaning, there are many people lacking good intentions that will choose to use it for less honorable actions. The net result is that, while the extension does raise the attention, it also greatly increases the chances of how often this flaw will be exploited. Over a half a million copies of it have already been downloaded.
So, what can you do to protect yourself? It is really quite simple - don’t use public hot spots. Now, of course, that is easier said than done. If you have to use a public hot spot, there are steps you can take to protect yourself. These include things like staying away from sites like banking, shopping, and email. Again, easier said than done. There is also a service that may help. It is called Hot Spot Shield. It is a free service that provides a secure HTTPS connection. It also provides privacy and allows you to bypass firewalls. It works on both Macs and PCs. I just started to use it and it seems to work fairly well.
When using a device like an iPhone or iPad, I use Logmein or Teamviewer. These apps allow me to remote control my system at home. I then use the home system to surf and check email. Since the apps provide a secure connection to my home PC, I am actually accessing the website from my home, and I don’t have to worry about that traffic being intercepted. If you don’t use apps like this, Hot Spot Shield also provides an iPhone solution.
As the saying goes, to be forewarned is to be forearmed. You’ve been warned, now go get armed.