While serious hackers have been able to take advantage of people using open wifi networks for almost as long as they’ve existed, a new tool was released this week that makes it so almost anyone with a modicum of computer savy can not only snoop, but actually gain full access and PRETEND TO BE YOU if you log in to sites such as Facebook, Twitter, and HUNDREDS of other sites not using the most serious encryption.
This is not just getting your username or email address. As far as the site’s concerned, they are literally you, and have full access.
“Open” wifi networks are any networks that do not require you to enter a password to gain access to the network. (Like most Starbucks)
I urge you to be EXTREMELY CAUTIOUS when connecting to an unsecured wifi network, and not log in to any username/password type sites until people start to figure this out and fix their sites.
If you have not secured your home network, I strongly recommend you do so.
If you have a local coffee shop you frequent, I also urge you to tell them to secure their network. Even making the password “JoesCoffeeShop” and putting a large sign up that tells everyone the password prevents this tool from working.
I do not know how hotels’ sites handle this issue, as it’s just come to my attention. Their networks are technically open, but then have the paid firewall you need to get through. I don’t know enough about the tool to be able to answer that question yet.
This tool does not, to my knowledge, work on “hard line”, wired connections.
Feel free to forward this on to whomever you wish.
Here’s a nice writeup on the tool, and some (mostly impractical) suggestions on how to protect yourself from it:
UPDATE: As of 2:16pm Thursday, the tool has been downloaded 392,850 times and is being downloaded at about once every three seconds.