Starting today, Starbucks is offering free wifi
in all of their US and Canadian stores. This has computer security folks a little edgy, since it could allow hackers and computer miscreants new opportunities to steal the data of unsuspecting computer users, and prompted Steve Gibson
, computer security guru
, to advise people to "just be afraid. Be very afraid." This applies to people who use laptops, wifi enabled cellphones and pdas. But there are ways to protect yourself.
The biggest threat comes from packet sniffers. This is a program that hackers can use to analyze all of the traffic on the Starbucks store's (or any open wifi) network. They just sit and wait for people to connect up to email, amazon, or financial institutions and hope they send their passwords over a non-encrypted connection. They can also set up something called a "man in the middle" attack
, where they sit and wait for you to try to connect to a server, and they intercept the communication, recording everything, and then passing it onto the legitimate destination without you being the wiser.
One of the more popular activities you'll probably want to do on the open wifi is checking your email. By default, the iPhone uses a secure connection to hook you up with a normal email server (POP, IMAP, and SMTP). On your PC or Mac notebook, you will probably need to specifically tell it to connect using a secure connection. And regardless of the device you use, if you use an online service for your mail, chances are, your password may be sent in a secure manner, but once you're past that, the messages you read will be sent in the open from services like Yahoo, AOL, .MAC, or Gmail (though you can force gmail to work securely by connecting to https://gmail.com
as opposed to http://gmail.com
. There's also a setting in your preferences that force it to work securely.) One other option is to use a service called HushMail
), and have all your email sources forward to your hushmail account, which is always encrypted.
One way you can keep everything you do secure is to set up a virtual private network
(or 'vpn') tunnel between you and a secure computer elsewhere on the net (like your home or office). That way, all of your communication is encrypted, no matter what the status of your connection to your website. Open VPN
is a good example of the software you could use, and it's free and open source, but it can be tricky to set up. There are other programs you could use that are easier to install, but they usually cost money (examples: gotomypc
which requires you to set up a remote pc with a program to monitor and receive your connection; hidemyass
which let you use one of their computers which they set up and control (called a proxy)).
Short of that, there are Firefox add-ons that can help protect you. SSLPasswdWarning
provides a warning if you click on a password input field that will transmit insecurely over a non-HTTPS connection. Facebook Secure
forces Facebook to use a secure connection.
And while you're thinking about computer security, you should probably make sure your browser plug ins are all up to date. Mozilla has a web page
that will check all of your plugins, regardless of the browser you're using.