Wednesday, August 23, 2006

Public Web Surfing

The New York Times has an article on safely using public networks (e.g. Wi-Fi hotspots) or public computers (e.g. at an internet cafe or airport). The author points out that most users leave too many traces behind them after using their computer in a public network or using a public computer. These traces may be from browser cookies to passwords and work documents.

It is true that most people are just computer users meaning they don't know and don't care about technical issues, including security. So someone is on the move, wants to check his/her e-mail or contact a friend, connects to a hot spot or visits an Internet cafe. In any case, malicious people could "snif" what he/she does and steal almost anything this user sends or receives.

Of course there are many things one can do to protect him/her self. Everything has to do with attitude: First of all more and more people have laptops so using a public computer is rare. Yet, if you ever need one, keep in mind that it's like talking on a public phone in the middle of a square. Would you yell your ATM PIN over the phone or your e-mail password? No! Hell, No! The same rule applies here. When typing in passwords *always* make sure you are using SSL. If not, just quit. The problem is someone could plant a keylogger in that public PC and collect tons of information. For that reason these PCs are restarted between different users and any specific user-specific programs or data are wipped out. But you can never be too safe so consider public PCs the last possible solution. When using your own laptop you are at least safe from malicious programs. Eavesdroppers do exist though. Check here too for SSL and don't even think about logging in otherwise.

Go ahead, check the article. The author tries to ring the bell to those who are totally unsuspected of the potential dangers but may end up scaring them into ineffective techniques which only offer the illusion of safety. Another point I disagree with is the listing of "security tips" like encryption software and VPN. As I've just said users who don't know how to deal with this stuff are likely to a) lock themselves out of important files b) use a VPN in such way that no protection is provided c) get tricked too easily.

To sum up, public web surfing is certainly a great service allowing you to talk, work, have fun while on the move but, as any public means of communication, should not carry sensitive information. If that is absolutely necessary, there are ways to ensure privacy. The thing is that Security Policies and Techniques for "Private Public Web Surfing" should be applied by trained professionals and not layed upon the hands of ignorant users.

P.S.: To read the article you'll be prompted for a username and a password. Since registration is free I don't see any point in this. I mean they restrict access to registered users but then again, anyone can register! So why not leave the access totally public? Anyway, use goaway147:goaway as username:password (thanks to bugmenot.com).

No comments: