Sunday, November 07, 2010

be extra careful at public wifi hot spots




public service announcement

last week, a new software tool was released to the public that allows anyone at a "public" wifi to hijack your facebook or other app if you use it in a public access area. so be careful.  yes, you were always subject to this "token hijacking" scheme, but the general public did not have ready access to the tools to pull it off. now, they do. the authors claim to have made the code public to help bring awareness to the problem. i will reserve judgement.

be sure to look for the "https" in URLs to know your session is secure. gmail added this feature to protect people. but most apps are not protected. in other words, be careful. you should also notice the padlock in your browser [see image above] is "locked" to indicate an encrypted session.

of course i assume that everyone running wifi at home has set up the encryption mode and disabled SSID broadcasting... but i digress.

got questions? ask. --ski

P.S. i have not mentioned the tool in question in an attempt to help prevent it's spread until more developers take corrective action...

blog comments powered by Disqus