Wednesday, December 12, 2007


The source for the following is from an article by Dan Fost in USA TODAY.
To see the full original article go to


• Don't do anything you don't want anyone else observing.

• If you are trying to ensure privacy, make sure the website starts with "https" in the address bar, instead of the standard "http." The "s" means the site is most likely more secure.

• Use your company's virtual private network, or VPN. VPNs create secure "tunnels," in which all online communication is encrypted at both ends.

• Never use a public computer, like those in libraries or cafes, for e-mail or financial transactions. There's no telling what kind of software another user has installed on that machine. If someone snags your e-mail address and password, they can use that to hack into many other sites that you use.

• Use a computer and a browser that are less susceptible to attacks. Because the Windows operating system and Microsoft's Internet Explorer browser are the most common programs in modern computing, they also get attacked the most. Many security experts prefer to use Apple computers and the Firefox browser. But as these grow in popularity, they're also "getting more and more attacks," says Zulfikar Ramzan, a senior principal researcher at Symantec in Cupertino, Calif.

Unfortunately, few things expose your work to greater security risks than using a public Wi-Fi service. Most people don't realize the risks, and even fewer have the ability to perform the geeky tasks that would fix it.

Computer criminals can "sniff" the traffic in a cafe, or set up a fake hot spot that you might innocently log into. When that happens, watch out: Everything you type goes directly to the criminals computer. In that scenario, as soon as you get into your online bank account, the criminals computer is ready to grab the password.

The best advice for avoiding those situations is to tap only into wireless connections that you trust. Be wary of connections with names such as "free public wifi." Ask at the cafe for the name of its network. Even then, be aware that someone sitting next to you could have set up a network with the same name, such as "Starbucks," that you could tap into unwittingly.
Most security-savvy travelers assume the worst and don't do anything that could cause trouble if it fell into the wrong hands.

"Every packet that goes out over the Internet is observable" by a tech-savvy hacker, says Brett Levine of San Francisco.

Nonetheless, Levine, a vice president at Internet video start-up Dovetail, remains a dedicated cafe worker. He spoke from Hong Kong, at the end of a business trip in which he communicated with "nothing but my laptop. The only connections I've had were in hotel lobbies or cafes.
He just makes sure that every e-mail he sends is encrypted. And if he's doing anything sensitive online, he makes sure the site is secure.
For instance, if a website starts with "https" in the address bar instead of the standard "http," the site is most likely more secure. "Https" is the standard that banks and online trading firms use.

"If you're on a wireless network, assume it's public," says Alex Stamos, vice president of professional services at iSec Partners, a software security consulting firm in San Francisco and Seattle. "If you're trading stocks, you should be very careful and make sure you're going over the 'https' link."
Once you're over "https," you generally are safe,
though there are caveats, says Zulfikar Ramzan, a senior principal researcher at Symantec (SYMC) in Cupertino, Calif. "What 'https' guarantees to you is that whoever is receiving your traffic is receiving it encrypted. But that doesn't guarantee that it goes to the right person."
Take care in small cafes

Dave Zaytsev, a co-owner of Goliath Security in Chicago who works as a consultant for identity-theft protection company LifeLock, warns that the risks are greater in small, local coffee shops than in chains such as Panera Bread, which advertise their secure networks.
"The corporate places are locked down pretty decent," Zaytsev says. "The mom-and-pop places that are just trying to compete, like Joe's Coffee, they don't have consultants. They just go to Best Buy, buy a Linksys router and have a friend set it up."
Zaytsev has tested some cafes for local television stations' consumer news segments and has often been able to see files stored on individuals' laptops. He's also done "man in the middle" attacks, in which he scans the traffic in a cafe, then steals people's usernames and passwords. (The people in his tests were all willing dupes, he says, usually interns at the TV station.)
If you can use your company's "virtual private network," or VPN, you can feel fairly safe. VPNs create secure "tunnels," in which all online communication is encrypted at both ends. But simply using a top security suite from Symantec, McAfee (MFE), Trend Micro or others won't protect you in a cafe situation. The companies say that while those programs will protect you from viruses and even phishing scams, they can't save you from traffic that you've sent over the open Internet.

"A security suite will protect you if you did end up at a bad site that tried to install malicious software on your machine, but not if you give your credit card to someone else," says Symantec's Ramzan

No comments: