by Rebecca Moonen - iiNet's Compliance Manager
When you're on the run, there's nothing handier than access to all things
Internet. It's a common scenario - you're at a cafe, hotel, airport or
other venue offering free Wi-Fi. You whip out your laptop (or smartphone)
and begin going about your business, logging into various accounts and
social networks. While this seems harmless enough, your session could be
intercepted by hackers wanting to access the personal information you hold
near and dear.
Let's take a look at a few ways your information could be compromised
without you realising:
Don't click the dodgy link
This is probably the easiest type of WiFi hijacking to avoid. "Those"
emails from your bank, Facebook, or even iiNet requesting that you follow
their link to "check your details" or "view a friend's comment on your
photo" are sometimes used to allow hackers to set what's known as a
session ID' to your computer. Hackers will use this session ID
to spy on what you're up to online. If you'd like a refresher on avoiding
these types of 'phishing' emails, head to
previous articleon the topic.
Beware of non-password secured WiFi
Unsecured Wi-Fi hotspots are the biggest risk to having your session
hijacked. If the WiFi you're using doesn't require you to login with a
password, there is a chance someone could be snooping. The methods hackers
use to do this were highlighted recently with the release of
Firesheepplug in (for Firefox), highlighting how a third party
can gain access to your password protected applications (and even log in
and impersonate you during a session.)
Thankfully there are ways you can avoid being a victim of this, the easiest
being to not use a free WiFi network unless it is protected by a password
(the company providing the WiFi connection will usually give the password
to you). If you need to use a public Wi-Fi network that isn't password
protected, be mindful of the sensitive information that you might be
transmitting (unless the site itself is secured - look for a URL beginning
with 'https'). Alternatively, log in via
VPN(Virtual Private Network).
Make sure it's a real public WiFi service
There have been plenty of cases where bogus companies or individuals set up
free Wi-Fi networks specifically for the purpose of illegally accessing
user information. When you come across a free WiFi service, check that it's
attached to a reputable source like a Starbucks or McDonalds (but not a
Dodgy Joe's Internet Shack).
So next time you stumble across an area promising free Wi-Fi, spare a
thought for the security of your personal information. The difference
between staying safe and leaving yourself open to an attacker gaining
access to your Facebook, email, Paypal or banking passwords could be a
matter of a few precautionary measures. For more information on staying
safe online, head to the
Online Safety Series webpage.