A technology blog for The Economist Group IT team

Thursday, January 20, 2005

When I'm up in Manchester and need to work I have to find an Internet connection so that I can get on the VPN. Usually, I go to Starbucks, where they have T-Mobile hotspots that cost £5 for an hour.

As I'm running Windows Firewall and my connection, once I'm on the VPN, is stronger than 128 bit encryption, I never really worried about security, and I hadn't heard of any hotspot scams. But reports are coming out about people using packet sniffing tools like dsniff to intercept unencrypted data.

Someone far too creative to be writing about technology coined the term "hotspot vampires" to describe hackers who sit around in cafés trying to read other people's information.

In retrospect, I shouldn't be surprised. For the types of people who steal credit card details from ATM's, open wireless networks are irresistably juicy targets. So the next time you bring your laptop, mobile or PDA to your favorite hotspot, make sure you don't send any sensitive data to unencrypted sites.
Jerem makes a good point here illustrating the dangers of using open wireless hotspots. Just to make hesitant hotpot users even more uncertain, yesterday I read a report about another new term 'Evil Twins' guaranteed to strike fear into the hearts of hotspot users everywhere.

Putting my "Group IT Security 'Expert'" hat on, I should point out that when you are connected to our VPN, only traffic that is destined for our internal network is actually encrypted by the VPN client, general browsing traffic is not encrypted and may be vulnerable to Dracula and his friends.

There are a number of solutions to keep your hotspot web browsing safe from vampires - most rely on setting up an SSL connection to one website and then proxying your browsing from that site. Anonymizer is the one of the most well known.

Cloves of garlic can also help if you're still worried!
It's actually much easier for hackers than these two exploits suggest. At a tech. conference some time ago (can't remember when) free hotspots were set up by a team who wanted to know whether a tech-savvy crowd would balk at using an untrusted hotspot. Guess what their results were?
Post a Comment

This page is powered by Blogger. Isn't yours?