Word on the street is Starbucks dumped T-Mobile like a bad habit. AT&T is waiting in the wings, offering two hours of free access a day. Sounds great, doesn’t it? Well, it’s not. I mean free is for me, but accessing Wi-Fi anywhere can be dangerous.
I have a couple of uber-security-geek friends that have been chatting about this for a few months. After listening to the Wall Street Journal podcast “Reacting to the slower economy” bring up this issue, I thought it was time to throw it out there. There’s a blurb 5 minutes into the cast about the insecurity of Wi-Fi.
The premise is public hot spots can be compromised. Basically, a hacker can “intercept” all your data bound for the internet. The websites you are accessing, instant messaging, and email are all vulnerable. If you have to use public Wi-Fi, make sure your email connection is encrypted, and only access SSL (https://) pages.
I use a mobile broadband card from Sprint when I’m out and about. It uses the cell phone towers to serve up internet access. Most of the major providers have them, usually referred to as EVDO. It costs about $60.00 a month for unlimited usage.
As far as your business, don’t use Wi-Fi. If you have to, make sure it’s locked down by a security professional. It’s really not worth doing it yourself. I’ll address that in another post, but for now just say no!
May all your communications be secure…
Stephen
DS Technologies, Inc.
As a geek, I would even point out that using SSL web sites is not even enough, unless you educate your users thoroughly about watching for certificate issues. It’s not that hard to become a man-in-the-middle even with SSL. Now that will throw a certificate warning to the user, as the attacker may not use a valid certificate, but many users will merrily click through the warning.
The prevailing best practice would be to use an encrypted VPN connection whenever using a non-trusted network. Prior to doing any other work, open a VPN back to the office, and route all traffic over the VPN. In that way, the traffic is encrypted before it leaves your system, greatly reducing the chance of interception.
Excellent points.
Thanks,
Stephen
Actually, due to its relationship with Apple’s iTunes, Starbucks will be using AT&T branded connectivity. T-Mobile is NOT being kicked out. It will co-exist or code-share the wi-fi. The 2 free hours is available to current AT&T business broadband customers. [one of many sources: http://www.dailywireless.org/2008/02/11/starbucks-att-wi-fi-everywhere/.
And AT&T has had a roaming wi-fi package (for $2 to $10) for a while.
FYI, both Starbucks (http://www.starbucks.com/retail/wireless.asp) and T-Mobile webistes still list each other.
What about JWire and similar Wi-Fi security software?
Peter,
Thanks for clearing up the co-existing of AT&T and T-Mobile.
As far as JWire, they are a similar architecture as what Charles described above. You connect to their VPN servers, and all your data is encrypted between your connection and their VPN.
If you company does not provide VPN access, and you HAD to use Wi-Fi, Jwire, or other public VPN services would definitely be a good idea.