The Danger of Starbucks

Nope -- not the burnt coffee, nor even their business practices. This time, it's those public hotspots that I'm talking about. You know, the ones that let you wirelessly log into your mail on your laptop from any Starbucks or Panera? Well, this article (rather technical, but you can get the gist) demonstrates the danger of those things. Suffice it to say, if you log normally into your Gmail account via a public hotspot, it is getting *quite* easy for a hacker to steal your credentials and impersonate you on all of the Google services.

Basically, if you're using any personal services through a public hotspot, you need to pay closer attention than normal. It's reasonable to assume that any URL that starts with "http:" may be snooped -- and that means, if you log into a personal site that way, they may be able to steal your passwords and your data. If the URL starts with "https:", it's much more likely to be fully secure against snooping, and you can often simply substitute the one for the other. (I just proved that I can hack my Google Toolbar to default to "https:".)

When browsing publically, it's a good idea to watch out. The Web is never 100% secure, but it's much, much easier for someone to grab your identity through these public hotspots than under normal circumstances...

The Danger of Starbucks

Nope -- not the burnt coffee, nor even their business practices. This time, it's those public hotspots that I'm talking about. You know, the ones that let you wirelessly log into your mail on your laptop from any Starbucks or Panera? Well, this article (rather technical, but you can get the gist) demonstrates the danger of those things. Suffice it to say, if you log normally into your Gmail account via a public hotspot, it is getting *quite* easy for a hacker to steal your credentials and impersonate you on all of the Google services.

Basically, if you're using any personal services through a public hotspot, you need to pay closer attention than normal. It's reasonable to assume that any URL that starts with "http:" may be snooped -- and that means, if you log into a personal site that way, they may be able to steal your passwords and your data. If the URL starts with "https:", it's much more likely to be fully secure against snooping, and you can often simply substitute the one for the other. (I just proved that I can hack my Google Toolbar to default to "https:".)

When browsing publically, it's a good idea to watch out. The Web is never 100% secure, but it's much, much easier for someone to grab your identity through these public hotspots than under normal circumstances...