Surfing Naked At Starbucks - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Government // Mobile & Wireless
Commentary
9/28/2011
11:43 AM
Larry Seltzer
Larry Seltzer
Commentary
Connect Directly
Twitter
Facebook
Google+
LinkedIn
RSS
E-Mail
50%
50%

Surfing Naked At Starbucks

Think public Wi-fi is private? Think again--unless you arm yourself with an encrypting proxy server, anyone can see everything you're doing.

Do you ever use public Wi-fi services, like the AT&T Wi-fi at Starbucks and elsewhere? You might get the impression that the login or checkbox screen you have to go though is an indication of security. You couldn't be more mistaken.

Public Wi-fi services are almost all completely insecure. All the local wireless LAN traffic is unencrypted, at least at the LAN level. The person next to you, or the person sitting in his car outside, can sniff all your traffic and see everything you're doing. Worse, he can co-opt your HTTP session and interact with the site as if he were you. And if you're doing company work, it's your company that's compromised.

But there are things you can do to protect yourself and your organization. One of them, which I have used for some time now, is a public VPN service. All your traffic will be encrypted through to a proxy server out somewhere else and routed to its destination from there.


HMA! Pro proxies all your communications through your choice of a large number of servers around the world and encrypts all the traffic.

This is, in fact, an extremely old issue. Open Wi-fi has always been known to be insecure and vulnerable to attackers who can use any number of high-quality and free network sniffers such as Wireshark.

But the issue hit the headlines late last year with the release of Firesheep, a Firefox plugin which made this form of hacking really easy, accessible to any user with a copy of Firefox and a deficient set of morals.

If you are communicating with an SSL site then there's no problem, and Firesheep goaded some major sites, including Twitter and Facebook, into accelerating back-burner plans to implement SSL. But you can't count on all sites--and important protocols, such as SMTP, are unencrypted as well.

So I use HMA! Pro, the paid version of Hide My Ass!, an encrypting proxy server, also known as a VPN. Not only does it encrypt your Web traffic, but it gives you a choice of a large number of proxy servers around the world to connect with. Don't want the site to know you're in Houston? Use Hide My Ass! and, as far as they know, you're coming from Rotterdam.

This has other applications. Some sites, such as Major League Baseball's MLB.TV, use IP location services to determine your location and enforce local blackouts. You could use a proxy like HMA to bypass these. It would be wrong, of course--but you could do it.

HMA! and many other programs work on Macs, but if you're working on a smartphone or tablet your options are somewhat constrained. There are browser-based proxies--HMA! has one--which should work on anything, but they aren't as automatic or as simple to use.

And don't assume that you can use these services to commit real crimes. Consider the case of Cody Kretsinger, a 23-year-old from Phoenix, Arizona, who was recently busted by the Feds as one of the Lulzsec hackers who attacked Sony.

Kretsinger used Hide My Ass! as one of his protections for his attacks, but Hide My Ass! ratted him out. They are a British company and obligated, under British law, to log all connections and surrender logs to the authorities who, in this case, turned them over to the FBI.

So encrypted proxy surfing is not your route to the perfect crime, but it is your route to safe surfing in the unprotected waters of public Wi-fi.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
Reflections on Tech in 2019
James M. Connolly, Editorial Director, InformationWeek and Network Computing,  12/9/2019
Slideshows
What Digital Transformation Is (And Isn't)
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/4/2019
Commentary
Watch Out for New Barriers to Faster Software Development
Lisa Morgan, Freelance Writer,  12/3/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
Slideshows
Flash Poll