Thursday, October 28, 2010

Oh Sheep, Drop the WiFi

Thanks to Jill Geer on my Facebook page for the heads up to a Peter Shankman rant about the dangers of "Free" public WiFi. Shankman is relating his personal experience with a new plug in for Firefox called Firesheep. It basically allows the user to see anything non-encrypted floating across a public WiFi.

Must read as he describes how easy it is for anyone to steal your passwords and begin to create massive amounts of trouble.

Firesheep is not some wanton script-kiddie black-hat shot at the man. It's a pretty serious move by a programmer named Eric Butler who became concerned about the privacy issue. He made the plug in to reveal the weakness.

I'll confess to having used public WiFi in the past for a quick check in. Not any more. Ever.

Seriously -- read the Shankman story right now.


Peter said...

Thanks, Doc. I made a differential between "coffee shop" wifi and "corporate" wifi in the comments on my blog. Posted them here as well:

We have 500 million + people on Facebook.

I’ll give you a shiny penny for each one you teach to correctly look for an SSL login, an SSL encrypted Wi-Fi device, and a “safe” way of surfing.

Ready? Quit your job, and GO!

It’s not going to happen. You can’t change the masses immediately, and you won’t. The best defense until WEBSITES DO THIS AUTOMATICALLY, (which is a Looooong time coming, because there’s no money in it for them to SSL Grandma’s Facebook connection) is to teach people how to avoid the most COMMON problems.

The COMMON problem is logging on to a free Wi-Fi line and assuming you’re OK.

You’re NOT.

How’s that teaching coming? Explain to a hundred people yet what to do?

I have no connection to any wireless company. I’ve consulted for Sprint in the past, but they don’t pay me to say anything for or against. My blog has always been my own.

The problem as I see it, is that if I’m hacking for fun, (or even to cause trouble,) I’ll start at the LCD. (Lowest Common Denominator.) For most, that’s the free coffee shop wireless network they’re on. If you can avoid that, chances are, you’re a ton safer, because you’re letting the other idiots get hit first.

There’s nothing to make anything 100% safe. Get the strongest safe in the world. With enough time and resources, I can get to what’s inside when I’m not supposed to. But wouldn’t you prefer to have that safe, as opposed to a cardboard box with no door?

Chris Syme said...

Recently faced the wi-fi issue when setting up a new office. Internet provider told me not to use wi-fi, even a secure one, as they all can be hacked. Great news. Needless to say, I hardwired my internet to my desktop.