News | Video | Industry Announcements | About Us | Contact

Blog Home page ›› Your Public WiFi Connection is Not Secure

Your Public WiFi Connection is Not Secure

Do you regard your Facebook personal messages as private?  Did you know that other members of your office or coffee shop can easily monitor your communication and gain access to your personal accounts of several common social media platforms? Banks and more secure applications have always coded additional hurdles in to avoid this kind of attack but social media platforms tend not to have bothered. This includes Facebook, Twitter and others.

Wireless communication, though convenient, has the disadvantage of being more easily eves dropped on due its broadcast nature.

Encryption can be used to make the broadcast information less easily monitored but WiFi hotspots in many locations use no encryption or operate with a key that is known to everybody in the location. As a result all those connected to the network are able to monitor it. A similar situation also exists with wired networks. This is particularly problematic if the data should be private not just form other companies but also from other members of the physical network. Your Facebook data is genuinely personal so you may not want to be using the site while on your office network.

  1. Why are mainstream media outlets not covering this story?
  2. Why are companies who's sites encourage use, either as free or paid services not protecting their customers by advising them of the risks?
  3. Why are WiFi hotposts not advising their customers of the risk?

    It took less then five minutes for everyone on-line to appear in the FireSheep side bar application.

Normally your laptop, or other device, receives all the messages for anybody on the network and discards those which were not intended for it. Many chip sets and operating systems also have a promiscuous mode, designed for diagnosis, which allows you to monitor all traffic on the network. Firesheep, a recently released Firefox sidebar, illustrates how this promiscuous mode can be used to monitor the traffic of a network and in this case captures the cookies which your browser sends to identify you whenever you direct the browser to a URL. If the connection is a http connection the browser immediately sends the cookies in plain text and the ID numbers revealed in these cookies can be used to allow the evesdropper to gain access to your account in the same way as you do when you return to the site without logging in.

The only way to reliably protect yourself is to make sure that you logout of the insecure site prior to connecting via a shared network or to guarantee that you are connected through a VPN tunnel prior to opening your browser. A VPN tunnel provides a personal encrypted connection between you and a server on a better protected network. It would also reduce the risk if Facebook and twitter, like the GMail service or your bank, implemented timeouts and required logins for sensitive parts of their site whenever the session connects from a different network. Like many security steps this is inconvenient which is an additional reason why frequently used social media
platforms haven't implemented this.

There are network technologies which can use shared keys to provide individually encrypted channels. A technically similar solution to setting up your own VPN software. These are provided on many routers but additionally tax the CPU of a laptop and in many cases can not be used reliably while on battery power.

A sophisticated and resourced individual can break even these encryption techniques by fooling your laptop into connecting with them or by using extreme effort to analyze the communication. It is the simplicity of tools like Firesheep which change the game and make it far more likely that the person on the other side of
the cafe is reading your personal Facebook messages or adding comments to your photo album.


   

NOTE:
While other people's site or name information were visible, only as part of the Firesheep sidebar (as part of the software's normal operation) no manual or automated entry was made to any website or personal information other then my own.  All reasonable and technical efforts were made to conceal other person's identities in the making of this video...

Other Articles:
Schneier on Security

Tech Crunch
How To Protect Your Login Information From Firesheep

Posted by iptve on December 24, 2010 6:17 AM

| Email to a friend Email to a friend | Printer friendly version Printer friendly version

Technorati Add to Delicious! Add to Digg! Add to Furl! Add to Spurl! Newsvine Reddit blogmarks YahooMyWeb

TrackBack

TrackBack URL for this entry:
http://www.iptvevangelist.com/mt/mt-tb.cgi/683.

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Follow iptvevangelist on Twitter

Sponsors

UltralightStartups

publicknowledge

The iMagazine

Bloggers' Rights at EFF

Streamer Reviews

video_cloud

Search

Email Subscription




Archives

Recent Posts

Subscribe to this blog's feed
[What is this?]

RSS Feed v2.0 Atom Feed v1.0

Add this feed to Google

Add this feed to My Yahoo!

BlogRovR: read my blog anywhere!

Add this feed to Bloglines

Add this feed to Pluck

Add this feed to feedlounge

Add this feed to newsgator

Add this feed to netvibes

http://www.wikio.com

CONTACT:

Contact/Email us at IPTVe

Creative Commons License
This weblog is licensed under a Creative Commons License.

Content Distribution Policy & Site Disclaimer

Privacy Statement  

Programming and Hosting by PRO IT Service

Powered by
Movable Type 4.34-en