I don't think I'll tell you exactly which hotspot I stopped by on the way home last night so as not to give the more nefariously minded among you any ideas. Anyway, just before closing up shop and heading for the parking lot I paused as I was about to turn off my MacBook Pro's radio and gave in to a long-held curiosity as to whether I could really connect to a Wi-Fi-enabled Hewlett Packard printer if its owner had inadvertently left its default peer-to-peer network named "hpsetup" running.
In a word, yes.
OS X quickly identified the printer-an OfficeJet model; I don't remember exactly which one-and installed the driver for it. Now if I'd wanted to be mean and nasty, I could have found an embarrassing image or some such and...oh, I just couldn't! Guess I really don't have that sort of thing in me when it comes right down to it.
So why mention this at all, you ask? Simple-as a warning to anyone reading this who owns a wireless-capable printer or multifunction device that you need to make sure its Wi-Fi is either disabled or secured lest someone not as resistant to temptation as yours truly happen to come within range. Flip Wilson may be gone, but Geraldine lives.
And if you're not old enough to remember Flip Wilson...well, that's why they invented Google, isn't it?
Saturday, April 24, 2010
Saturday, April 17, 2010
Oops, he did it again.
Back in September I took financial guru and radio/TV host Clark Howard to task for spreading the half-truth that activities which pose an identity-theft risk such as online banking and shopping are intrinsically more dangerous when done over an open Wi-Fi link. Well...it's apparent he heard about that, because today when a caller asked him outright about the issue, he demurred a bit before breaking down and suggesting (drum roll followed by a rimshot, please) that she purchase a pay-as-you-go cellular aircard for her upcoming trip!
And now, once again, a brief pause for the facts.
Yes, it's true that someone sitting with a Wi-Fi capable device and the appropriate software within range of an open router can capture the data passing between your device and that router-just as it's true that someone tapping any network cable or monitoring any server between you and any remote host you're connected to can do the same thing. It's this last point that continues to escape the Wi-Fi naysayers. Locking down the access point will only protect you from someone sitting within sight of you (remember, they have to be within range of the access point same as you). It will, in other words protect you only between your device and the router; it will do absolutely nothing for you beyond that-which is where, of course, a sinister interception is most likely to happen.
The only thing that can protect you there is third-party encryption that starts at the remote site and ends at your device and will, therefore, render any intercepted traffic unreadable, regardless of where the interception occurs. Either a website protected by Secure Sockets Layer encryption (and in the case of banking online it needs to be the whole website, not just the login page) or a properly configured virtual private network will accomplish this. What Howard and Co. need to be telling their listeners is that they need to ensure they're on an SSL-protected page with current, valid certificates (in other words, a good lock icon showing in their browser and no error messages) or have their VPN up and running BEFORE they send or receive anything sensitive-and they need to do it no matter how they're connected (yes, Clark, your caller will need to do it even if she buys that overpriced aircard and access).
And since I'd lay odds that no bank or retailer in America that offers online access still does so without SSL or with only partial protection instead of encrypting every page on their site that shows or receives sensitive information, we can probably lay this fear to rest once and for all.
And now, once again, a brief pause for the facts.
Yes, it's true that someone sitting with a Wi-Fi capable device and the appropriate software within range of an open router can capture the data passing between your device and that router-just as it's true that someone tapping any network cable or monitoring any server between you and any remote host you're connected to can do the same thing. It's this last point that continues to escape the Wi-Fi naysayers. Locking down the access point will only protect you from someone sitting within sight of you (remember, they have to be within range of the access point same as you). It will, in other words protect you only between your device and the router; it will do absolutely nothing for you beyond that-which is where, of course, a sinister interception is most likely to happen.
The only thing that can protect you there is third-party encryption that starts at the remote site and ends at your device and will, therefore, render any intercepted traffic unreadable, regardless of where the interception occurs. Either a website protected by Secure Sockets Layer encryption (and in the case of banking online it needs to be the whole website, not just the login page) or a properly configured virtual private network will accomplish this. What Howard and Co. need to be telling their listeners is that they need to ensure they're on an SSL-protected page with current, valid certificates (in other words, a good lock icon showing in their browser and no error messages) or have their VPN up and running BEFORE they send or receive anything sensitive-and they need to do it no matter how they're connected (yes, Clark, your caller will need to do it even if she buys that overpriced aircard and access).
And since I'd lay odds that no bank or retailer in America that offers online access still does so without SSL or with only partial protection instead of encrypting every page on their site that shows or receives sensitive information, we can probably lay this fear to rest once and for all.
Subscribe to:
Posts (Atom)