The Checkout

A Witty Warning About Wireless

It sure seems cozy to sit down at a Starbucks, sip a latte and surf the Internet or catch up on e-mail, using the shop's wireless network. But the Federal Trade Commission is warning consumers that while these public "hot spots" are convenient, they are not necessarily secure, and your computer could be accessed by hackers. You should ask the proprietor what security measures are in place. Unless you can verify that there is effective security, you should probably assume that other people can access any information you see or send. So act accordingly!

The FTC has lots of other tips for wireless users in its online game, The Invasion of the Wireless Hackers, one of several it has launched recently to teach consumers about online security in an entertaining way. (It's rare that a government agency has a sense of humor so let's give those FTC folks a big round of grins!)

Here's some of the agency's advice:

* Use encryption, anti-virus and anti-spyware software and a firewall.

* Turn off identifier broadcasting if your wireless router allows it.

* Change the identifier on your router from the default, which is probably a standard default ID. The same rule
applies for your router's pre-set password for administration.

* Allow only specific computers to access your wireless network.

* Turn off your wireless network when you know you won't use it.

You'll probably have more fun learning these tips--and more--on the FTC's online-security Web site. Watch out for those cute little hacker monsters!

By  |  May 19, 2006; 6:45 AM ET Consumer Tips
Previous: Credit-Card Firms Key in Fight Against ID Theft | Next: Making Everyday Life A Complicated Situation


Please email us to report offensive comments.

I would like to add/clarify a few things there.

First, when you go to a secure website, the information is encrypted between the site and your computer. This is true whether or not you are wireless or wired. If you on an unsecured wireless network, somebody can NOT see the information on your encrypted webpage (i.e. bank, credit card, etc.) If it were unencrypted, you would be at risk - just as you are at risk when on the internet in a wired fashion. Remember, email is like sending a postcard. It can be intercepted and read at any point on the trip.

If you are connecting wireless, install software on your laptop which recognizes when you are not connected to your home network. This software will strictly limit the movement of things INTO your computer (hackers, pirates, etc.) Without this, any open port is like opening your door to the criminals.

Posted by: Non debtor | May 19, 2006 7:42 AM

"This is true whether or not you are wireless or wired"

... Yes, true that encrypted data is encrypted. However, all encryption is capable of being hacked. When you are on a wired network, you are limitting the number of places where the information can be stolen, and hence the probability of it being hacked. When you are on a wireless network, you are broadcast this info out for all to see - granted, it's encrypted, but remember... given the right technology anything can be hacked. By ensuring that you are on an encrypted network, there are now two layers of encryption and the probability of your data being hacked IF it is stolen is much much lower... Personally, I would not transmit sensitive data over ANY network that wasn't my own. Largely because there is NO other way of securing that encryption key. Even if starbucks encrypts their wireless hot spots, that encryption relies on the secrecy of that encryption key - and if they have to give it out to their customers for them to use their network, well, then they've just given it out to whomever wants to steal your information. I am of the belief that as much security as doesn't greatly impede your productivity is as much as you want. If not checking your bank account at starbucks will bring your day to a grinding hault, then by all means... your banks website is probably encrypted and you can get by with ONE layer of encryption - that's just a judgement call between your financial integrity and your latte that you're going to have to make yourself.

Posted by: PJB | May 19, 2006 12:22 PM

As one who hasn't used wireless anything in Starbucks (for that matter as someone who doesn't go to Starbucks...), it's not different than if you're using the a wireless in Borders, the local library, Panerra, or anywhere else in public. It's hard to believe that people will do their extremely personal business in public and expect total privacy and security.

Using a wireless and expecting such privacy and security is no different than their leaving their laptop monitors and notes exposed to all walking by, or their actually getting up to get a refill of coffee, wait in line for food, go to the bathroom, or search the store. They all expect that store security is in place and if something happens, the criminal will be exposed, not the idiot who left the equipment and the material exposed.

Common sense says that you can't expect total security in public places, just as you can't expect people not to listen to your part of the phone conversation when you're yelling into your phone in the check-out lines, on the Metro, etc.

Minimum security takes a little common sense. At least a little.

Posted by: Jeff | May 19, 2006 1:19 PM

I have been getting free internet for months now. I sure hope people don't read this blog.

Posted by: Thanks | May 19, 2006 2:02 PM

If you are using 128-Bit encryption is capable of being hacked but it is not occuring now. The greater threat is people who have their windows boxes set to allow sharing of files.

Posted by: Jason | May 19, 2006 2:10 PM

"The greater threat is people who have their windows boxes set to allow sharing of files."

Exactly. I use "Network Magic" on my computers at home. It allows for easy file sharing at home but when I'm connected to another network, it shuts all ports which can be hacked. Further, if a computer connects to my network (say, my brother-in-law), he can't access the other computers unless I install Network Magic on his computer and then unlock it with the same 24 character code on my computers. Otherwise, the home network allows him to share internet and printer access but nothing else.

Posted by: Non debtor | May 19, 2006 2:45 PM

how about you leave the computer help for The Fix and stick with things you and your readers comprehend.

Posted by: rick | May 19, 2006 3:20 PM

All of the FTC's suggestions are great for the home user, however, they make no sense for Starbucks.

Your router is at home, when you go to Starbucks, you are using their router and they are not going to limit connectivity, they want all to use it, that is why it is there. And the only reason they would use encryption is to limit others from connecting. However, if they turn encryption on, then give out the WEP key to allow patrons to connect, then all can still see the data. So, the security used on the router doesn't actually protect any of the users at all. It's like putting a lock on your locker and giving everyone the KEY.

It looks like the FTC wasn't paying attention when they issued their suggestions, or the writer of the column doesn't understand the way wireless access points work at all. There is a disconnect between the article and the suggestions, they are for people who have their own networks in their home and do not want anyone accessing their networks. The point of the Starbucks (And other PUBLIC networks) is that they are PUBLIC and access isn't restricted.

Posted by: Ethan | May 19, 2006 4:35 PM

"However, if they turn encryption on, then give out the WEP key to allow patrons to connect, then all can still see the data."

No, this is incorrect. Each patron's stream of data is encrypted from computer to router. Patrons (or hackers) cannot read each others' streams of data. The encryption guards against someone doing exactly that. It's not like a locker that everyone has a key to, it's more like a series of individual hallways with locked doors at each end.

If however the place you're in doesn't require a key (some small shops that just allow you to "jump on" without going through a signup or access page for example), then a hacker could be able to select your data stream and do something with it.

Posted by: phil | May 21, 2006 12:42 PM

These tips are for people who have wireless routers of their own, at home, not for people who use coffee shop wireless connections.

Posted by: Huh? | May 22, 2006 5:48 PM

The comments to this entry are closed.


© 2010 The Washington Post Company