The modern world is all about working on the move and the rise in WiFi hotspots has encouraged a coffee-shop culture of meetings and working ‘out of the office’. Yet, while the hotspots may offer the chance for you to connect online, it may also offer ‘others’ the chance to connect to your machine, without you knowing.
Many hotspot providers do not encrypt their wireless connections. This means that anyone within range of the hotspot can capture data coming from and going to your PC. The potential risk has been increased recently, following the release of a plugin (Firesheep) for Firefox which makes it even easier to listen in at wireless hotspots. The plug-in allows anybody – even those who don’t really understand networks or hacking tools – to listen in to a lot of the web traffic going to and from PCs near them.
How to keep safe:
- Apply common sense. This risk has always been present at unencrypted hot spots, but there is now a widely available tool to exploit it.
- Use SSL encryption. Data sent over SSL is safe, so look for the padlock and you are more secure. Remember however that often only certain pages of a site you are visiting will be SSL encrypted, your other session browsing details may be accessible to potential eavesdroppers.
- If you are accessing company systems, use the company VPN if it exists. This might be more time-consuming but in the long-run it is much safer – even for systems which are normally public facing.
- Avoid sites which place cookies on your machine – that includes social media sites like Myspace and Facebook. Any cookies not sent over ssl can be intercepted. At present Facebook does not send cookies over SSL so they are vulnerable but are quoted to be “urgently reviewing their security”.
Play it safe. The key to remember is that if you aren’t certain a site is safe to use on a public hotspot then don’t use it – the risks are too great. Accessing a public WiFi could be the equivalent of broadcasting your laptop / mobile display on the giant screens at a stadium concert.
If you wouldn’t want that sort of ‘sharing’ of your browsing habits or personal details, think about your public WiFi use. If you must use public WiFi hotspots consider installing software that can detect Firesheep in your locality such as WireShark, Scapy or the new Firefox plug-in BlackSheep.