There is no such thing as a free lunch

March 2, 2007 at 8:39 am | Posted in Technical | Leave a comment

While it is very convenient to hop on the free wifi offered at most airports*, coffee shops, restaurants, and hotels, there is a bit of a risk associated with this activity.

Here’s the way it plays out. I climb into a cozy  booth, sip my tall sugar-free non-fat chai latte, and fire up my laptop. My laptop enthusiastically starts its usual boot sequence. It sends out a wireless signal looking for all the wireless sites I’ve visited before. It also tries to connect with all of my network drives and printers from the DCC home office.  When it does this, it broadcasts destination information in as wide an area as it possibly can, so that it can hit any wireless access point in range.

In the booth next to me sits a 15-year-old geek with a packet sniffer. He’s just browsing around for fun, to see what he can do with his computer. He looks at my IP information, all the data I send back and forth while I’m logging in, and chortles in his joy. He doesn’t really know what to do with this information, but it’s fun to catch it.

In the booth next to him sits a career criminal, who can use this information to compromise my network, and/or steal money from my bank account.

In the booth next to him sits a tech girl from a competing business who is looking for industrial secrets, and somehow manages to overlook the ethical problems with what she is doing.

Perched on a stool at the high-top table is an intelligence officer from China who knows we have performed some work for the DoD in the past and wants to compromise our network so he can access our company’s records and find out about our customer.

Granted, the odds of any of these people showing up at my particular coffee shop are somewhat slim. The trouble is, there’s no easy way to spot them, and how would I know if they were there? Assuming they find my coffee shop, all four of these people  have a pretty fair chance of gaining some information from my laptop unless I utilize some caution.  I must realize that connecting via public wifi is not the same as plugging into the Cat5 jack at my desk, or the private wireless network at home, and adjust my practices accordingly.  

A good rule of thumb for public wireless use is that you shouldn’t send information that you wouldn’t want to say out loud right there at the table.  Hackers have found it fairly easy to circumvent Wired Equivalent Privacy (WEP) security systems, and while Wi-Fi Protected Access (WPA) is considered better, it’s only a matter of time before that is compromised, too.  I must assume that anyone with a packet sniffer can capture my broadcast.

This means I should really not conduct internet banking activities over that particular connection. If I’m going to connect with my office, I should definitely use a VPN client. I should also think twice before using any online service that requires a password. Essentially, the golden days of productive work time in a coffee shop are over. When I’m on public wifi I should limit my Internet use to browsing the news, reading some blogs, and playing World of Warcraft.

Robert Graham of Errata Security agrees with me.  “The best solution is to be aware of the danger,” Graham said. “Everyone doesn’t need to work from a coffee shop.”

*This asterisk is a grumble at Detroit Metro, which charges people for wireless. Grrrumble.

Advertisements

TrackBack URI

Create a free website or blog at WordPress.com.
Entries and comments feeds.

%d bloggers like this: