The Danger of Starbucks
Aug. 16th, 2007 12:28 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
jducoeurNope -- not the burnt coffee, nor even their business practices. This time, it's those public hotspots that I'm talking about. You know, the ones that let you wirelessly log into your mail on your laptop from any Starbucks or Panera? Well, this article (rather technical, but you can get the gist) demonstrates the danger of those things. Suffice it to say, if you log normally into your Gmail account via a public hotspot, it is getting *quite* easy for a hacker to steal your credentials and impersonate you on all of the Google services.
Basically, if you're using any personal services through a public hotspot, you need to pay closer attention than normal. It's reasonable to assume that any URL that starts with "http:" may be snooped -- and that means, if you log into a personal site that way, they may be able to steal your passwords and your data. If the URL starts with "https:", it's much more likely to be fully secure against snooping, and you can often simply substitute the one for the other. (I just proved that I can hack my Google Toolbar to default to "https:".)
When browsing publically, it's a good idea to watch out. The Web is never 100% secure, but it's much, much easier for someone to grab your identity through these public hotspots than under normal circumstances...
Basically, if you're using any personal services through a public hotspot, you need to pay closer attention than normal. It's reasonable to assume that any URL that starts with "http:" may be snooped -- and that means, if you log into a personal site that way, they may be able to steal your passwords and your data. If the URL starts with "https:", it's much more likely to be fully secure against snooping, and you can often simply substitute the one for the other. (I just proved that I can hack my Google Toolbar to default to "https:".)
When browsing publically, it's a good idea to watch out. The Web is never 100% secure, but it's much, much easier for someone to grab your identity through these public hotspots than under normal circumstances...
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
(no subject)
Date: 2007-08-16 04:48 pm (UTC)It has a bunch of other useful features, too.
(no subject)
Date: 2007-08-16 10:13 pm (UTC)And Windows the default with that shared folder? Do people really know they share such things?
Thanks for the https suggestion. Making that a default makes a whole lot of sense.
(no subject)
Date: 2007-08-17 01:15 pm (UTC)There are security vulnerabilities to using multimedia plug-ins with Tor, but that's only if you're trying to be anonymous (hide the "caller ID" of your IP origin from anyone along the path). But if you're just using it to make sure that first hop is encrypted, you don't need to worry about that.
Shava
Development Director
The Tor Project
(no subject)
Date: 2007-08-17 05:07 pm (UTC)But the main point is that, in the public-access-point scenario, you probably want to do *something*, or at least be aware of the fact that the danger is greatly elevated over what it normally is when using your home computer. The odds of getting hacked probably rise from something like one in a million to something like one in a thousand. (Maybe even one in a hundred, but I suspect that's excessively paranoid at the moment...)