Fri
Aug 24 2007
Secure Connection to Free Wi-Fi
Posted by Ricki Steigerwald under Computer Setup
How secure is your Internet connection at your local free Wi-Fi hotspot? Not very.
Pogue’s Posts blog posting, “How Secure is Your Wi-Fi Connection?” (read the great comments with this posting), explains how a person can intercept your transmissions between your computer and the Internet. A person involved in this activity is called a sniffer.
Note: Cell phone transmissions can be captured as well.
That’s right. A person at a public Wi-Fi hotspot is most likely not breaking into your computer. They are capturing the emails you send and receive and information and pictures from the websites you visit.
It is important to note that if you are on a secure website (https, little lock appears at bottom of browser) such as a bank site or using VPN, all information you send such as your id and password and receive such as your bank balance is encrypted. A person watching your transmission would see garbage because it is encrypted.
About home networks (wired or not)
It is important to be careful with Internet connections on your home network as well - whether they are wireless or not. Everyone in the neighborhood is using the same cable or DSL line to connect to high-speed Internet.
Can a sniffer capture my id and password?
If the login page of the site you are visiting is secure (look for the little yellow lock), the id and password you type in are encrypted and, therefore, cannot be seen. A secure webpage has “https://” in front of the address.
If the login page is not secure, then your id and password are not encrypted.
Suggestions
- In public areas, be aware someone could be eavesdropping on you. Not only can they hear conversations you have on the phone or with someone, but they may be able to see what you do on your computer.
- Don’t use one common password for all sites, or even for just your financial sites. Not every company or bank has secured their login page - just think of all those online communities run by individuals or small businesses.
- Don’t assume that because the login page was secure, that the rest of webpages on that site are secure as well. This especially holds true for web-based mail systems such as Yahoo, Hotmail, and , possibly, your own email provider. Many times the login page is secure, but the rest is not.
- Check with your host provider to see if you can access your web-based mail through a secure connection.
- Log into Google mail using “https://mail.google.com” and you can read and write email securely. If you don’t access mail with the URL above, only the login page is secure. Reading and writing email is not.
- Don’t forget about your address book, calendar, to-do and notes. If you have confidential client and family information in a web-based address book, don’t view it unless you have a secure connection (that little yellow lock again).
- If you conduct a lot of business involving sensitive information, you can purchase a consumer VPN that encrypts all transmissions to and from the Internet. See Comment #13 from Pogue’s Post for vendors.
