Free WiFi is awesome. It lets you easily connect to the internet and check your email or Facebook or whatever when you are away from your normal network. All of us at DonBurnside.com are big fans of awesome. We are also big fans of free and, at the same time, computer security.
Which brings me to my point. Free WiFi is less than secure. I’m sure you could have guessed this, but now even more so with the advent of a brand new Firefox plug-in called Firesheep. From Techcrunch.
>As Butler explains in his post, “As soon as anyone on the network visits an insecure website known to Firesheep, their name and photo will be displayed” in the window. All you have to do is double click on their name and open sesame, you will be able to log into that user’s site with their credentials.
What this means is that anyone using Firesheep on a free WiFi network will have the ability to access your Facebook, Twitter or webmail (unless you are using Gmail). This is just not cool.
This happens because websites do not always encrypt your login. Also because free WiFi, typically, isn’t encrypted either. Is there a fix? Sure there is, but you won’t like it.
The easiest way to stay safe is to not use any open WiFi connections. Anymore, most of us have cell phones that handle that for us anyway so this is fairly simple. If you really need to use a laptop at Starbucks, however, it’s gets tougher to be secure.
You can set up a VPN. Lots of work and specialized gear required. You can also use a free Logmein.com or GoToMyPC account to connect to your home or work PC over the open WiFi network, but that experience is less than ideal for long sessions. You can also get a cellular modem from your provider (or use the hotspot capability on your phone if you have that), but that’s an extra cost.
If you are a business owner and want to offer free WiFi to your customers, turn on WPA and set the key to the SSID and hang a sign in your shop to let customers know. While you might think that by telling everyone the password is the same as having Firesheep, it’s not. With WPA, every connection is encrypted.
The take away here is that if you don’t see https in the address bar and are using an open WiFi hotspot, assume that **everyone** within 50′ has access to almost all of your logins.
Comments are open if you have any questions or tips for the rest of the readers!