Secrets from the Data Cave: December 2013

Posted on December 20, 2013 | in Uncategorized | by CRC

by Sarah McCruden

Welcome to CRCs monthly series of articles on all things techie: Secrets from the Data Cave! (For those who dont know, the title references our room – fondly referred to as the bat cave— where data staff can geek out in an isolated setting.) Here we’ll be offering you a fascinating sneak peek into the cave, with the latest updates & tips on what were implementing here at CRC!

December 2013: Working while traveling this holiday? Read this first!

Its the holiday season, which means that lots of people are traveling to be with family and friends. Maybe youll have a long layover in an airport, be staying in a hotel, or maybe youll try to escape to a local caf when it comes time for your crazy family to force everyone to sing the 12 days of Christmas (oh wait, that may just be _my _crazy family).

Photo by slambo_42 on Flickr Photo by slambo_42 on Flickr

But no matter what you have planned for the holidays, you may be tempted to use an unsecured Wi-Fi hotspot that youll find in hotels, rest stops, airports and coffee shops all across the nation. And if you deal in sensitive data (or want any privacy on your email or social networking sites), you should know that public wireless networks come with significant security risks. There are, however, a few things you can do to protect yourself while using a public Wi-Fi connection, which all boil down to one key thing: making sure your browser is secured at every juncture.

If a web address begins with https instead of just http, it means its http secured, and employs Secure Socket Layers/Transport Layer Security (SSL/TLS). SSL/TLS uses public key cryptography to encrypt the data communicated between client and server so that hackers cant intercept the information (read about public key cryptography here, where I explain public/private key encryption). So you should always check your web address bar at the top of your browser to make sure youre in a secured browsing session.

Keep in mind, though, that while some websites will redirect you to a https page if you only enter part of the web address, the redirect is a juncture at which a hacker can intercept your information.Facebook is one such siteif you type in facebook.com, youre typing in an (abbreviated) http address, which is then redirected to https, and your login information could be compromised at that point.1 You can see how a hacker would sniff out such information in this great article from the Grey Hats Speaks blog.

So how do you protect against this? Aside from bookmarking the https version of every webpage and/or typing in the full web address for sites with the https in front, you can get the HTTPS Everywhere add-on if youre using Firefox, Google Chrome or Opera web browsers. This will at least help to activate security features on sites that are compatible with the encryption technology, but it doesnt mean youre safe on every site on the web. You can also find other tips for protecting yourself in this PC Mag slideshow on Ten Tips for Public Wi-Fi Hotspot Security.

But my advice? Stick to private WiFi unless its an emergency. And by that I mean a data emergency. Being forced to sing the 12 Days of Christmas does not count as a data emergency.

Happy holidays, and see you in the New Year!

Source: https://www.greyhatspeaks.com/2013/10/mitm-against-https-sites.html