[ghporter]

Anyone using a free WiFi hotspot and that doesn't use encryption in connecting to the sites they surf could be at risk for being tracked by a third party also using that hotspot. It seems there's an extension for Firefox called "Firesheep" that can capture cookies from other people's sessions-cookies that can help the third party track and perhaps intrude on those sessions. So far the only countermeasure I've heard about is another Firefox extension called "Blacksheep." Blacksheep detects Firesheep activity and provides the third party with a bogus cookie, while notifying the Firefox user that he's being intruded on.

Sigh. In the past it was really a challenge to go to the trouble to learn how to make use of a malicious sniffer program (almost all written exclusively for Windows) to do Bad Things at unsecured hotspots. Now, anyone who can use Firefox can be the bad guy. I'm saddened.

For the most part, the surfing I do in public is to unsecured, non-shopping/financial sites, so I've never even looked into secure browsing via encryption. I don't even know what options are available for this. I'm afraid that this is a Very Bad Thing for online security. And only the first step of many toward increasing the need for technical security measures in all online activities.

Ideas? Work-arounds? Portable "anti sniffer death ray" plans?

[lpkmckenna]

I'm not saddened at all. Maybe social networks will finally do something about security.

[starman]

MiFi

[turtle777]

Set up Slink on your home computer, it now supports Foxy Proxy.

You basically create a VPN to your home and surf through your home computer's internet connection. Downside, Slink is $15, but well worth it. More about Slink in my VPN networking thread here.

A free solution would be to use HotSpotShield. But you have to trust them, so it's not everybody's cup of tea.

-t

[Person Man]

Originally Posted by turtle777 

Set up Slink on your home computer, it now supports Foxy Proxy.

You basically create a VPN to your home and surf through your home computer's internet connection. Downside, Slink is $15, but well worth it. More about Slink in my VPN networking thread here.

A free solution would be to use HotSpotShield. But you have to trust them, so it's not everybody's cup of tea.

-t

And if you use Safari?

I suppose you could use Screen Sharing to connect to your home mac and use Safari on it if you wanted to.

[SpaceMonkey]

So is this something to worry about if I'm at a hotspot and connecting to, say, Gmail (https)?

[turtle777]

Originally Posted by Person Man 

And if you use Safari?

I suppose you could use Screen Sharing to connect to your home mac and use Safari on it if you wanted to.

There might be a way to manually set up your networking to do that. Foxy Proxy is supposed to be simple plug&play with Slink.

I haven't tested it yet.

-t

[Cold Warrior]

Originally Posted by SpaceMonkey 

So is this something to worry about if I'm at a hotspot and connecting to, say, Gmail (https)?

No, as long as you don't click 'continue' or 'accept' to any certificate warning messages. These sort of messages indicate an untrusted certificate authority.

[mduell]

tl;dr

Why are you using insecure services?

Don't flame the guy who pointed out your left your car unlocked with the keys in the ignition.