Friday, October 29, 2010

Nothing is Private on Open Wi-Fi

It’s a familiar enough scene. You’re in a coffee house, at the airport, or in the library – places where everyone connects without thinking twice. But, if you’re using an unencrypted connection to check a client, read an email or do any Web activity that requires a login, you might as well have spotlights and a camera on you.

Well … you ask, what if I’m just surfing competitor sites? Nothing to lose, right? Wrong! Some simple wireless packet analyzer software nearby could glean competitive intelligence based solely on the sites that you visit and any instant messaging, along with personal e-mail. A stranger could be reading your messages before you are, and you may never know it.

Add to that, there is a new Firefox extension called Firesheep that claims you can highjack a persons Amazon, Facebook, Twitter or Windows Live account over an open Wi-Fi connection. The extension is also customizable, allowing a hacker to target other Websites not listed by Firesheep.

What’s a business to do?

It’s imperative that you keep your information safe. Try using a Virtual Private Network (VPN) client to create a secure means of communicating to your office. It will prevent Firesheep from stealing any data passing between your computer and the router since all communications will be encrypted.

A VPN is a secure method of accessing company resources (Intranet, e-mail, databases). The VPN connection is made between the mobile computer and the company’s office. This connection is encrypted not just over the wireless, but over the whole Internet. Some VPNs may seem slow, but security makes it worthwhile. Also, VPN bypasses Internet restrictions imposed by some countries – a boon to business travelers in China or Egypt.

Many websites will use encryption, similar to a VPN. When browsing the web you will sometimes see https (note the “s,” it stands for “secure”) in the website’s address -- this means that what you are seeing from the site, and sending to the site, is encrypted. This is done to prevent anyone that is listening in on your wireless or internet traffic from reading the data, and getting your information.

Call Brian at Dataccount (212.595.1044, x 105) to discuss VPN, or other methods of protecting your valuable information while working on the road.

For more information on Firesheep:

Labels: , , , , , , ,

posted by Dataccount Inc. @ 2:10 PM   16 Comments