Secrets from the Data Cave: December 2013 - Inciter
post-template-default,single,single-post,postid-1004,single-format-standard,ajax_fade,page_not_loaded,,select-child-theme-ver-1.0.8,select-theme-ver-1.7.1,smooth_scroll,wpb-js-composer js-comp-ver-6.3.0,vc_responsive

Secrets from the Data Cave: December 2013

by Sarah McCruden

Welcome to CRC’s monthly series of articles on all things techie: Secrets from the Data Cave! (For those who don’t know, the title references our room — fondly referred to as “the bat cave”— where data staff can geek out in an isolated setting.) Here we’ll be offering you a fascinating sneak peek into the cave, with the latest updates & tips on what we’re implementing here at CRC!

December 2013: Working while traveling this holiday? Read this first!

It’s the holiday season, which means that lots of people are traveling to be with family and friends. Maybe you’ll have a long layover in an airport, be staying in a hotel, or maybe you’ll try to escape to a local café when it comes time for your crazy family to force everyone to sing the 12 days of Christmas (oh wait, that may just be my crazy family).

Photo by slambo_42 on Flickr

Photo by slambo_42 on Flickr

But no matter what you have planned for the holidays, you may be tempted to use an unsecured Wi-Fi “hotspot” that you’ll find in hotels, rest stops, airports and coffee shops all across the nation. And if you deal in sensitive data (or want any privacy on your email or social networking sites), you should know that public wireless networks come with significant security risks. There are, however, a few things you can do to protect yourself while using a public Wi-Fi connection, which all boil down to one key thing: making sure your browser is secured at every juncture.

If a web address begins with “https” instead of just “http,” it means it’s http secured, and employs Secure Socket Layers/Transport Layer Security (SSL/TLS). SSL/TLS uses public key cryptography to encrypt the data communicated between client and server so that hackers can’t intercept the information (read about public key cryptography here, where I explain public/private key encryption). So you should always check your web address bar at the top of your browser to make sure you’re in a secured browsing session.

Keep in mind, though, that while some websites will redirect you to a https page if you only enter part of the web address, the redirect is a juncture at which a hacker can intercept your information.Facebook is one such site—if you type in “facebook.com,” you’re typing in an (abbreviated) http address, which is then redirected to https, and your login information could be compromised at that point.1 You can see how a hacker would “sniff” out such information in this great article from the Grey Hats Speaks blog.

So how do you protect against this? Aside from bookmarking the “https” version of every webpage and/or typing in the full web address for sites with the “https” in front, you can get the HTTPS Everywhere add-on if you’re using Firefox, Google Chrome or Opera web browsers. This will at least help to activate security features on sites that are compatible with the encryption technology, but it doesn’t mean you’re safe on every site on the web. You can also find other tips for protecting yourself in this PC Mag slideshow on Ten Tips for Public Wi-Fi Hotspot Security.

But my advice? Stick to private WiFi unless it’s an emergency. And by that I mean a data emergency. Being forced to sing the 12 Days of Christmas does not count as a data emergency.

Happy holidays, and see you in the New Year!

Source:  http://www.greyhatspeaks.com/2013/10/mitm-against-https-sites.html

No Comments

Sorry, the comment form is closed at this time.