There is one other person sat in this Starbucks with a laptop out, it looks like she is running a business as she is either on the phone or talking with someone who has just rushed in the door to see her. She is happily sat in the corner with her laptop on charge using the free Wireless Internet that is provided by Starbucks (as long as you have a Starbucks card). I on the other hand am not using their free WiFi, granted I am using their electric but not the unsecured wireless.  I will tell you why, and hopefully you will stop using it to.

WiFi without a pass-phrase is inherently dangerous as every bit of data that passes between your laptop (or iPhone, or PC, or what ever!) and the router zooms through the air unencrypted. As such anyone who knows how to do it can see what you are doing, and if they really feel like it they can steal your sessions and take control.  When I say “seal your sessions” what I mean is that they can piggy back onto your login with the many services that do not secure your connection with them. A few examples of these services are:

FireSheep for FireFox allows anyone to get access to your accounts online

• Twitter
• WordPress
• Facebook
• Evernote (non-premium)
• Many MSN products
• Many Google products

Once you were generally safe using free WiFi as only those in the know (and there are few of us in comparison to the number of free WiFi points) were able to do this sort of “packet sniffing”. Unfortunately for the rest of the world early last month a simple piece of software was released by a man named Eric Butler.  This basic Firefox add-on is named FireSheep and it sits there sucking in all the sessions that are flying around the network it is connected to, and all you need to do to hijack that unsuspecting person’s twitter/facebook is to double click on the item in FireSheep.

There are a few protections against this, such as checking the settings on your Google accounts and making sure that you have “https” enabled if it is offered. Doing this will protect you from “packet sniffing” attacks (what FireSheep does) but only for those services that show https in the address bar and only if they show it after you have logged in!

HTTPS means that your session is secure at your end, in the middle and at the other end!

I would like to suggest a solution to the world, but of course so few people will read this that it will never be taken up (so re-tweet me!!). If all the free WiFi points around the country turned on their pass-phrases and set them all to the phrase “FREE” then everyone could still use them but without the risk. So Starbucks, me thinks that you should set that up and then I won’t need to tether my laptop to my iPhone to get online whilst I drink your lovely Christmas Blend coffee!!

Oh any by the way, I made sure that the FireSheep session shown above could not pick up anyone else’s sessions, and I have never used packet sniffing maliciously (and never will).

Related posts:

1. Coffee, Blood and putting my feet up for 77 minutes
2. Hello sir I’m calling about your Windows