Free Wi-Fi can hide security dangers
After someone sniffed out his password at a free Wi-Fi hotspot and successfully hacked his computer, Igor Mello stays home for the majority of his web use.
"I trust my network more than anyone else's," said Mello, of Plantation, Fla., who had several social media sites compromised in the break-in.
Whether at home on their private networks or at a local coffee shop or library, Internet users should always protect themselves and their computers while surfing on Wi-Fi networks, experts say.
"It's like putting a lock on your door of your house. That's not going to stop a determined bad guy, but it's going to keep the wandering neighbor from making use of your Internet connection without your knowledge," said Eric Johnson, a computer security expert at Florida International University.
To protect themselves at home, users can utilize security measures available in their Wi-Fi routers and access points such as Wi-Fi Protected Access versions 1 and 2, according to Johnson, who is systems and networking manager for FIU's School of Computing and Information Sciences.
WPA and WPA 2 encryption is built in to any hardware that is branded "Wi-Fi Certified," a seal given to products authorized by the Wi-Fi Alliance, a nonprofit consortium of technology companies.
This type of security protects home networks by securing data between the access point and the computer with government grade encryption, according to the organization's website. WPA 2 will also randomly generate a secure password for the network and can be activated in the router or access point's settings.
Mello secures his home network using WPA 2 encryption and even then limits access to important sites like online banking to his cellular phone application, which transmits data over his mobile carrier's network, something that is much harder to penetrate.
Earlier this year, Google Street View vehicles unintentionally captured small bits of payload data, or information that is transmitted over Wi-Fi network such as website information or even passwords from open Wi-Fi access points, as they drove through cities and neighborhoods taking pictures for the street-level view feature of Google Maps.
"We will typically have collected only fragments of payload data because our cars are on the move; someone would need to be using the network as a car passed by," said Google in their company blog. "In addition, we did not collect information traveling over secure, password-protected Wi-Fi networks."
This seizure of information has sparked investigations of the matter by governing bodies world-wide, including Germany and the United States. Recently, Connecticut's attorney general launched an investigation of the incident and has drawn up the support of 37 other states.
Leaving the default security settings switched on in a home wireless router is never a good idea.
Elias Montoya, technology director for Abadin Cook, a Miami-based law firm, said users should make sure to stick to a strong password, such as the WPA 2-generated password, which mixes characters, numbers and letters rather than choosing something predictable like their home phone number or leaving the default password.
"The (Wi-Fi) user should be in the mindset that nothing is 100 percent secure. ... If someone is intent on hacking you, they will," Montoya said.
Wi-Fi use in public places, such as coffee shops, is becoming increasingly popular, but these networks are typically wide open, said Johnson.
"You should always treat any Internet activity you do at these locations as if it's being monitored," he said.
Johnson added that people should stay away from doing anything that they would not want to be seen, such as online banking.
Many coffee shops offer free Wi-Fi to customers, such as Java Boys in Wilton Manors, Fla.
Co-owner Nicki Rose said that the free Wi-Fi is a big draw to the shop. Many patrons use it as a "home away from home" or even come to drink coffee and run their business from the large couches and plush arm chairs.
Java Boys regulates its Wi-Fi network by giving customers a password to access at the front counter. The password is changed frequently to ensure that only customers that day have access to the network.
Johnson suggests that users stick to sites with a secure connection, typically denoted by a lock somewhere on the browser window and should be aware of any error messages that suggest the site is insecure.
Fort Lauderdale resident Sootie Oophe comes to Java Boys almost every day. He uses the internet for a range of different things, from paying bills to online gaming, and relies on software allows him to adjust his computer's security settings depending on whether he is home or away with just a few clicks.
"I am still very aware and careful in what I do online," he said.
___
HOW TO BROWSE SAFELY:
Looking to set-up a Wi-Fi network at home or enjoy browsing the Internet in public? Florida International University network manager Eric Johnson offers this advice.
• Protect your network with a WPA/WPA2 encryption and allow it to generate a password for you, rather than choosing something predictable like your last name or birthday.
• Use common sense when connecting to a Wi-Fi network outside of your home. If you notice more than one network, ask someone at your location, be it a coffee shop or an airport, which network is the correct one.
• Don't do things in public you don't want to be seen. Most public Wi-Fi hotspots are not secured; always assume someone can see what you are surfing on in these places.
• Use different passwords for different services. Sites like social networking sites don't always default to a secure connection. Bad guys will try to use a password they collect from those sites
• Be careful about signing on to social networking sites and forums. These sites don't always use a secure https:// protocol and require login/password to get in. If your social network password is the same as the one for your bank account, hackers will use them.
(c) 2010, Sun Sentinel.
Distributed by McClatchy-Tribune Information Services.
