Fire Sheep, a Firefox add-on, demonstrates that it is simple for others to hijack your session if you are using unencrypted open wi-fi. There are two solutions
1) Use a browser add-on like HTTPS Everywhere. It automatically routes you to an encrypted https connection rather than http for sites like Twitter, Facebook, Google, and many more.
2) Use a VPN (Virtual Private Network). It provides security when using open wi-fi. Prices start at about $5 a month.
HTTPS Everywhere is from EFF and thus totally trustworthy, but is for Firefox only. Please post any plugins you know of for other browsers. Ditto for any VPNs that you use.
On this front, I’ve heard good things about Hot Spot Shield. Are you familiar with it? Pros? Cons?
http://hotspotshield.com/
I know little about VPNs and am looking for reviews from a reliable site like CNet or PCMag.
It’s a little tricky, but anyone who already has a home broadband connection could save themselves the $5/mo. service fee. Run an ssh server at home, connect to it when in public, and tunnel all your web traffic (or any other traffic you want) through it.
(I used to do this all the time, only now I use my hosted server instead of my home computer.)
Interesting. Does that work with non-fixed IP addressees like with DSL?
Well… technically yes, but no, not in the sense you probably mean.
You would have to know what your IP address was. It will typically only change when your modem reboots, which shouldn’t happen often; I’ve gone months and months with the same dynamic IP. But if you can’t be bothered to note it down before you leave and take it with you, what I’ve seen done is to program the computer to txt you the IP whenever the link comes up.
Hmm, I’m at the end of the DSL line here in Cedar, and generally unplug every few days to reset the modem for better speed. Haven’t checked, but I’m guessing that’ll reset the IP.
BTW, I’m finding that strongvpn.com gets consistently rated as one of the best VPN providers.
I also spend a fair amount of time in San Jose, and the net connection there is solid and hugely fast.
For myself and my clients, I set them up to MAC address’ only. Locks it down tight.
How do you set up MAC address on open wi-fi?
Did you know that one of the first things your computer sends to the wireless access point is their MAC address. Any wireless protocol analyzer will pick this up real quick. Then all it takes is a little MAC address spoofing and you’re hacked! Not broadcasting the SSID is not safe either. Configure your Wireless System with WPA or WPA2 using a strong 8-10 character (numbers and special characters too) pass-phrase and that should lock it down. Listen to Steve Gibson’s “Security Now!” and get schooled!!
RFA has a list of tools
http://www.rfa.org/english/about/help/web_access.html
I use Freegate http://www.dit-inc.us/freegate and HotSpot Shield http://hotspotshield.com/