Enter almost any coffee shop, fast food restaurant or library, walk through any airport, hotel lobby or many other public spaces and you will find people using free Wi-Fi to connect their notebook computers, tablets or smartphones to the Internet. After school, many of these establishments are packed with connected students. The "free Wi-Fi" is a draw to buy your coffee or burger and linger while you connect. But you and your kids should be aware there are some real dangers if you connect to the Internet in a public place.
Most people connecting in a public place using a supplied Wi-Fi connection are using an unprotected HTTP connection to access it. This is almost a given. Also a given is that the open Wi-Fi network being used in the coffeehouses and fast food restaurants, libraries, etc. are also unsecured. Users typically access public Wi-Fi networks by connecting to the local network, then authenticating for full Internet access on a Web page served by a local router. Computer security experts say this combination is, to them, downright frightening.
Welcome the Wi-Fi attack tool of choice: Firesheep.
Firesheep is a computer program that allows an attacker connected to a local network to monitor the Web sessions of other users on that network. The attacker can then also commandeer the sessions of others, acting in their user context.
Without going into too much detail as to how the program works, Firesheep — being used by a hacker connected to the same network you are — watches your connection and steals cookies being sent by popular websites (such as Facebook and Twitter). Once you are logged in to many of these popular sites, they use an unsecured connection with a simple cookie check to verify you. Many times, only the login is encrypted, so anyone from the IP address (the Wi-Fi hotspot everyone is using) with that cookie can be identified as being you.
Some providers of Wi-Fi hotspots advertise their networks are secure and give out passwords you must use in order to connect. But in most cases the same password is given to everyone, so once the hacker is on the network, everyone else on that network is still vulnerable.
There are ways that providers of Wi-Fi hotspots can protect users. They can install on their systems easy-to-use protection called WPA2 (Wi-Fi Protected Access version 2). This offers individual users isolation and prevents Firesheep from decrypting cookies sent over the network, even if the Firesheep user has logged into the network using the same password.
There are also ways you can protect yourself. If you are using the Firefox browser — which is a good idea while connecting to the Internet from a shared public Wi-Fi site — you can install HTTPS Everywhere 2.0. Released by the Electronic Frontier Foundation (EFF), HTTPS Everywhere helps keeps you safe on the Web by encrypting connections to more than 1,400 websites.
To download (or update) HTTPS Everywhere, go to: https://www.eff.org/https-everywhere. For more information see: https://www.eff.org/press/releases/new-https-everywhere-version-warns-users-about-web-security-holes. A version is also available for the Chrome browser.
The bottom line here is to be aware that when you settle in for some coffee or a burger and some browsing on the free Wi-Fi network, you are potentially exposed unless you have taken these kinds of precautions.