Are you *still* naked in a coffee shop?
Chris Pirillo’s Lockergnome email newsletter had a link to this article Travelers Who Use Laptop Computers: Beware and it made me realize that there are now even more people accessing Wifi hotspots than ever before and most of you are naked.
Back in January of 2005 I wrote “Are you naked?” as a post that had this paragraph in it:
Security is an issue other than just at home…but it’s an underreported problem in internet cafes or public places that leave their networks wide open so it’s easy to get on them. Without a company Virtual Private Network (VPN) for your personal laptop, or some way to create a Secure Shell (SSH) to another computer for a secure tunnel, you’re vulnerable to prying eyes (email passwords go in the clear, etc.).
The latest discussions about the iPhone “hack” (which I posted about a couple of days ago here) is bringing more attention to the inherent insecurity of Wifi hotspots. While I know exactly what to do to ensure I and my loved ones have secure access when in a public hotspot, literally everyone else I know is completely clueless.
Case in point: while at the Web 2.0 Summit last October, I mentioned to several conference organizers that there were a significant number of ad hoc wireless networks setup (where a person sets up their laptop to act like a wireless access point) with names like “Free Wifi” or “Summit Wireless Access” placing attendees in jeopardy of nakedly exposing their data. One conference leader who shall remain unnamed said, “Steve, of any group of people this one especially shouldn’t be stupid enough to connect to an ad hoc network.” You know what? In my informal poll of 20 people while there, every one of them had attempted to connect to one of these ad hoc networks since the main conference access point was either slow or they couldn’t get connected to it.
The good news? There are specific things you can do to make certain you’re secure when accessing a public hotspot.
1) Make certain you’re using a ‘real’ wireless access point.
2) Turn on your firewall.
3) Turn off filesharing.
4) If you normally don’t pay attention to security notices for your operating system or applications, then turn on the automatic update feature in your operating system (both Windows and Mac OS X offer this capability) and set it to run a minimum of once per week. If you’re using Windows, buy anti-virus software and the update feature and use it!
5) If you don’t protect yourself in a public Wifi hotspot with a VPN or SSH solution, at least access your email with an https vs. an http (the former sets up a secure socket layer) which most webmail providers allow you to do. Then your email username and password aren’t flying through the air in the clear. Don’t use File Transfer Protocol (FTP) unless it’s a Secure FTP access (the former allows your username and password to go in the clear and the former secures them).
6) Consider encrypting your files (Zip, PDF, Word’s .doc, Excel’s .xls and other file formats incorporate methods which allow you to use a username and password to secure them.
SOLUTIONS: There are several solutions you should consider that make this brain-dead simple:
b) Several third party solutions are available. Here are a few: Airtight; AnchorFree (free solution); HotSpotVPN (which, by the way, also secures your iPhone); iPig; McAfee’s Wireless; Network Magic; PublicVPN; WiTopia; and many more.
The point is to be aware. Don’t just wander around blindly popping open your laptop and connecting while thinking, “Nothing will happen. Everyone in this coffee shop looks, ahh, pretty nice and normal.” Well, I look pretty nice, like a “suit” (and fortunately am someone who wouldn’t dream of hacking someone’s laptop and even I know exactly how to do it! THAT is what scares me about this problem).
Look…if I know how do it with my non-programmer, only modest geekiness credentials, imagine how many people are out there sniffing Wifi packets in a coffee shop flying through the air like you are enjoying the fragrant aroma of freshly brewed coffee. They’re waiting to capture your usernames, passwords and any sensitive data you’re nakedly exposing…