Wi-Fi networks less private than ever

November 11, 2010 By Liz F. Kay

The local java joint or airport terminal might seem like the perfect location to log onto Facebook or troll Amazon for a deal. But for anyone who has accepted the convenience of unsecured Internet access, here's another reminder to be cautious about what information you share online.

When you use a wireless network - or even many wired ones - your communications are sent to every other computer on the network, said Seth Schoen, senior staff technologist at the Electronic Frontier Foundation, a nonprofit group that defends civil rights in the digital world.

For years, there have been readily available programs known as "packet sniffers" that intercept those communications. Schoen said he's given demonstrations where he's shown intercepted and as well as Google search terms. Until recently, it required a little bit of Internet know-how.

But now a programmer has released a browser modification called Firesheep that makes spying on certain information much, much easier - causing quite a stir in the computer world.

Some sites such as Facebook encrypt your information when you're entering your password to log on - denoted by the padlock at the bottom of the browser. But afterward, it saves a credential on your computer that indicates you're currently logged on and reverts to its unencrypted version.

A nefarious user could then intercept and copy that credential into another browser to impersonate you on that site, Schoen said.

Some sites, such as Amazon, encrypt payment and shipping steps, but not clicks through pages of books or other products. Financial sites usually encrypt your entire session, he said.

Schoen said he believes many popular sites such as Twitter also should be encrypted. "Other things that people do online are also very sensitive and private, and can and ought to be protected in the same way," Schoen said.

Encrypted sites are denoted by the "https" in the URL line of your Web browser. To protect yourself, you could bookmark https links to your favorite websites on your computer and smart phone.

If you use the Firefox browser, you could also install the "HTTPS Everywhere" extension developed by the Electronic Frontier Foundation and the Tor Project, dedicated to improving Web privacy. That automatically directs you to the encrypted version of every site that offers one.

But there are limitations. It doesn't block sites that don't support encryption, but it does disable functions such as Chat and Instant search findings.

Even some areas of sites that support encryption may be vulnerable, he said, but he believes the situation will improve in the long term. "Some of these sites have more engineering work that they have to do in order to protect users," Schoen said.

Mike O'Leary, director of the Center for Applied Information Technology at Towson University, also said consumers should be wary of free Wi-Fi hotspots they don't have a reason to trust.

Those who use Wi-Fi may have noticed at times a network called "Free Public WiFi." This isn't actually a network at all, O'Leary warned. When a computer running Windows XP that hasn't had certain upgrades can't find a network, it offers itself up. It wouldn't give you Internet access, but it could give another user access to your computer.

"If an evildoer wanted to get access to your credentials, an incredibly easy way is for them to put an access point somewhere," O'Leary said.

As this operating system is phased out, consumers will likely see this glitch less and less frequently, he said. But criminals may try to set up rogue access points.

"Regardless of how you're connecting to the Internet, you have to trust all of the intermediary nodes along that path," O'Leary said. "You're placing trust in these organizations."

Explore further: They're watching you: Methods to block nosy Web advertisers


Related Stories

They're watching you: Methods to block nosy Web advertisers

October 29, 2010

Virtually everything you do online is scrutinized by search engines and advertising networks that evaluate you as a potential customer based on what you search for, the sites you visit and the ads you see -- whether you click ...

Free Wi-Fi can hide security dangers

August 27, 2010

After someone sniffed out his password at a free Wi-Fi hotspot and successfully hacked his computer, Igor Mello stays home for the majority of his web use.

Verizon gives free Wi-Fi to Internet customers

July 27, 2009

(AP) -- Verizon is giving some of its home broadband customers free access to thousands of Wi-Fi hotspots in airports and other public places, taking a page from competitors that already offer wireless Internet access.

Network flaw causes scary Web error

January 15, 2010

(AP) -- A Georgia mother and her two daughters logged onto Facebook from mobile phones last weekend and wound up in a startling place: strangers' accounts with full access to troves of private information.

Google Chrome 4.0 stable version released for Windows

January 27, 2010

(PhysOrg.com) -- All PC users running Windows can now have access to Google Chrome's new extension gallery, with the release earlier this week of a stable version of the Chrome 4.0 browser for Windows.

Recommended for you

What do you get when you cross an airplane with a submarine?

February 15, 2018

Researchers from North Carolina State University have developed the first unmanned, fixed-wing aircraft that is capable of traveling both through the air and under the water – transitioning repeatedly between sky and sea. ...


Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.