Thursday, November 25, 2010

Surfing Without a Condom

A good friend of mine doesn't go online in public spaces, like coffee shops and such. Her husband told her it's like having sex without a condom. And he should know, because he's in the business. Not in the business of hacking - though I have no doubt he could if he put his energies in that direction, he's a smart guy - but in the business of technology programs and security.

Sometimes I do go online when I'm out and about. Okay - I do it a lot. For example, this month I used Google Docs for my NaNoNovel. It's the easiest way for me to make sure I have the latest version with me and didn't download the wrong one or forgot to download the edits or new chapter or whatever. But I do have security on my computers and just upgraded to a supposedly bigger, better, stronger system - or, to continue the condom analysis, a thicker, less permeable program. I do worry about it somewhat and am not making light of it, but it's also one of those things that, if someone wants to get in, they will. So I install protection and do my best and there are some things I don't do out in public places and there are some types of software I don't have on my laptop. For security reasons. Which does not make me immune - I know.

This has sometimes been a joke between me and my friend - as well as acceptance that we have slightly different views, or behaviors, on this one thing.

Then today I saw a news headline that caught my attention because it's related to this topic, so I read the article. The head line is,
'Firesheep' developer: Facebook is ignoring huge security problem
Here are a few outtakes from the article, click the link above to see the whole thing:
A user's initial log in to Facebook is encrypted and not vulnerable to hijacking. But every subsequent exchange between a Facebook user and Facebook's servers in what's called a "session" is unencrypted, and it's these exchanges Firesheep is catching.

Think of an unsecured network like a crowded airport lobby. When you shout to someone across the lobby, there's no expectation of privacy for what you're yelling. Being on an unsecured Wi-Fi network, like the kind you'll find at many coffee houses and internet cafes, is the electronic version of being in a crowded airport lobby.
Butler cautions everyone who thinks that simply putting a password on a Wi-Fi network will offer complete protection. He says it doesn't.

If the Firesheep user is using a common or shared user name or password to gain access to a network, anyone else using the same user name and password could be subjected to hijacking.

Read the article. I'm not quite a subscriber to the  idea that logging on in public is like having sex without a condom, but I "get" the comparison - and I think precautions are in order.
One other thing that really helps is using Common Sense.

Good luck. And be safe out there.