As you should hopefully know by now, you should always be extremely careful with data you access over an unsecure wireless network.

You may have seen recent tech press being given to a Firefox add-on called Firesheep which allows people to hijack valid login sessions:

The extension uses a packet sniffer to intercept unencrypted cookies from certain websites (such as Facebook and Twitter) as the cookies are transmitted over networks, exploiting session hijacking vulnerabilities. It shows the discovered identities on a sidebar displayed in the browser, and allows the user to instantly take on the log-in credentials of the user by double-clicking on their name.

The extension was created as a proof of concept that many web sites only encrypt the login process and not the cookie created from it, and only posing a security risk that is exploited by the extension.

Alternate to this, someone can easily snatch your user name and password information to sites which use unsecured login pages (HTTP instead of HTTPS) using freely available tools as outlined here:

When a wireless network card enters into a ‘Monitor Mode’, it listens to specific channel that you choose and captures all the packets that are sent by wireless networks on your area in the specific channel that you selected.  If the wireless network that sent the packet is unsecured,   SmartSniff and SniffPass [free tools] will be able to show you the packets data.

Needless to say, these are certainly things to be aware of.

While every banking site and just about every email provider uses HTTPS (for logins at least), stuff like this just goes to show you that when you work on unsecured network you are opening yourself up to risk. The moral of this story is, again, just be careful what you access on a public network as you don’t know who could be running tools like this from the corner.

Read More:  Free Online PDF Converter