If you use wireless Internet access in public places like Starbucks or the airport, you should take some simple precautions to make sure you're not broadcasting your passwords and other personal info to others in the vicinity...
Article in it's entirely from
HEREA few months ago I met with a group of Internet professionals, all of us sporting laptops with wireless connections to the hotel's access point. On the second day of the conference, one of the attendees put up a slide on the overhead showing logins and passwords from a dozen of the attendees. Needless to say, many jaws dropped open.
He was running a "sniffer" program that anyone can download to spy on the internet traffic floating around in the air. Fortunately, he was a trusted colleague, and was nice enough to tell us that we were caught with our virtual pants down.
Wifi Safety Tips
First, be aware that (almost) ANYTHING that you type or any info that appears on your screen while you're using a wireless connection can be seen by others nearby.
If you are accessing a page that requires a login and password, or if you are entering ANY personal data (credit card, SSN, etc) make sure that you are on a secure site. That's easy enough -- just check that the web address begins with https instead of the usual http -- and your information will be safely encrypted before transmission. As long as you're on a page with an address that begins with https, the data you send and receive is protected from sniffers and snoopers.
But be on your guard, some web-based email providers have a secure login page, but after you're logged in the access reverts to normal non-encrypted mode. So any email you send or receive while on a wireless connection is out in the clear. Google's GMail and Yahoo Mail are examples of webmail services that work this way. Until recently Hotmail didn't even offer a secure login option. So look for the link or checkbox for the secure login when accessing your web-based email. If your service doesn't offer one, consider switching or decide to live with the security exposure.
Oh, and there are the "shoulder surfers" to watch out for. Just like when you're entering your PIN code at an ATM, you need to keep an eye open for anyone who might be glancing over your shoulder while you hunt and peck in the airport or coffeeshop. I always use two fingers when entering my pin or password... one presses the correct key and other is a decoy. So even if someone was watching from across the street with binoculars, it's almost impossible to steal a password.
And beware of the Evil Twins! Aunty Spam's Net Patrol warns of a scam where a hacker may put up a bogus copy of the wi-fi hotspot's login page. Learn how to stay safe from this attack by reading this helpful article:
Does your favourite wifi hotspot have an evil twin? How would you know an evil twin wi-fi hotspot if you saw one? Just what is a wifi hotspot evil twin, anyways?You’re sitting at your favourite wi-fi hotspot cafe, sipping and surfing. Your computer finds the wifi hotspot for you, and brings up the log-in page. It may be a T-Mobile page, if you are sitting at a Starbucks or Borders, or it may be some other page, and you log in. Or there may be no log-in page at all - your computer may just connect to the “hotspot”, if that’s how that cafe is set up.
Only, the “hotspot” to which you have connected isn’t actually the cafe’s wi-fi hotspot at all. It’s some hacker who is in the area, quite possibly sitting next to you sipping his Evil Twin Mochachino with extra Hack, who has his laptop with him and set up to work as an access point - a machine through which you can connect to the Internet.
You, oblivious to the fact that your connection has been hijacked by the evil twin, sit there sucking down the caffeine while his computer sits there sucking down your personal information, anything you transmit from your computer to the Internet, reading your email - you name it, he’s capturing it.
First and foremost, check your wi-fi settings on your computer! (”Well, duh,” you say, to which I say “duh indeed!”) Is your computer set to search out and lock on to the nearest wifi hotspot? If so, the next hotspot may be an evil twin hotspot. Change that setting.
Second, think very carefully before you send any sensitive data when using a public wi-fi hotspot. Ask yourself this question: “Which is more important? That I perform this transaction right now? Or that this data not fall into the hands of the wrong person?”
Third, know your sites. If you have to conduct sensitive business on the Internet, from a wifi hotspot, take extra care to really scrutinize the page you are on before sending any sensitive information. These guys are good. They can recreate, fake and serve up a lot of commonly used pages. Make sure that the page really is a secure page (look for the little key at the bottom of your browser or whatever your browser uses to indicate “secure”).
Also, if you must conduct financial transactions on the Internet, from public hotspots, instead of using a credit card consider using a debit card which is not tied to any other of your accounts, and keep only a limited amount of funds in the account. That way if your account is compromised, you can fairly easily contain the damages to just the amount in the account, and close the account.
