Free Wi-Fi seems to be just about everywhere these days and most of us know that these free public Wi-Fi hotspots are not secure and certainly NOT the place to do things like online banking. This fact was re-emphasized recently by a new add-on called Firesheep for Firefox users that allows anyone to easily view the connections of other users on the network and with a simple click of a button, assume that user’s identity and login credentials from any unsecured website they were logged into. Facebook, Amazon, Dropbox, Google, Windows Live, Twitter, WordPress, and any web-based email sites are just some examples.
Technically, the issue isn’t the unsecured Wi-Fi networks so much as it is with websites not utilizing SSL (HTTPS) encrypted pages. And don’t be fooled by sites that simply use SSL for logins – unless the whole website is using SSL, it’s still possible for someone using a tool such as Firesheep to take over your account once you’ve logged in.
While this issue and the techniques utilized to do this aren’t new, what’s truly frightening is the availability and ease of use of the Firesheep tool which enables anyone with little or no technical skill to perform these types of hacks. This is a VERY big deal – and VERY DANGEROUS.
So, how do you protect yourself against such hijacks when using public hotspots? Ideally, utilizing a VPN is your best bet as it will encrypt your entire network connection. If you don’t have access to a VPN, try to only use sites that use HTTPS for their entire site. Outside of that, I would recommend not using such sites at all until you’re using a network you trust.
I suspect that we’ll start to see a number of sites such as Hotmail, Facebook, etc. start to implement full HTTPS security across their entire sites in the future, but until then it’s best to exercise appropriate caution when utilizing unsecured Wi-Fi hotspots.
If you’d like a VPN for your small business, we’d be happy to assist you – it’s not nearly as expensive or complex as you may think – contact us today.