What’s secure and what’s not, and how to make sure your devices don’t get hacked the next time you step out of the house. From coffee shops to planes, trains, and cruise ships, we've become accustomed to having ready access to the Internet just about anywhere. The problem is, it's easy to forget how vulnerable that makes us to security threats.
I learned this the hard way recently when traveling from San Jose to Tampa, passing through four cities along the way. Even though I'm well aware of the potential for others to hack into my devices, I'd never had any problems previously. Unfortunately, there's always a first time: When I got back home, Facebook alerted me to some suspicious activity. I had been "Firesheep'd"!
Apparently someone in Chicago (using Firefox and a Windows PC) had logged into my Facebook account via Firesheep, a Firefox extension that can intercept unencrypted cookies from certain Websites on any open Wi-Fi network, making it possible to steal login credentials for sites like Facebook and Twitter, or even access your e-mail.
Think it can't happen to you? Think again. Fortunately, a combination of plain old common sense and some technology can protect your devices--quickly and fairly easily.
Whether you're traveling with a laptop, netbook, smartphone, iPad, or all of the above, the risks and defenses against them are basically the same, according to Joe Nocera, an information security expert and a principal with PricewaterhouseCoopers. "Many of the security concerns that people think about when they think about their personal computers are applicable in the mobile world." As mobile devices become more sophisticated, they lend themselves to the same types of access to e-mail, passwords, and other secure information that PCs have done in the past.
Because today's devices are so much more powerful and can hold so much more information than ever before, the risks are increasing, says Martin Hack, information security expert and executive vice president of NCP Engineering, a software company that helps businesses with their secure remote access systems. Add to that our tendency to carry both personal and business information around with us on the same device, and our mobile devices have never looked so appealing to hackers, he says.
As specific mobile devices become more popular, they become more of a target for hackers. "Five years ago, the vulnerabilities were Microsoft-based and targeting PCs. Apple tended not to be targeted so often," says Nocera. "But, in the last year and a half or so, we're seeing a shift. More and more often we're seeing either Android- or iPhone-based vulnerabilities being targeted. We predict that by 2014 you'll see those types of vulnerabilities being the most targeted as more and more users go to those mobile devices."
The good news is it's not difficult or even expensive to protect your devices and the information on them. The fixes are simple. The problem, stated quite eloquently in an old Pogo comic strip, is: "We have met the enemy and he is us."
1. Make sure your software is up-to-date. The first line of defense, says Nocera, is making sure that all your software is up-to-date.
2. Employ strong passwords. "Be sure to use some combination of letters, numbers and/or special characters of 8 characters or more," says Jeremy Miller, director of operations for Kroll Fraud Solutions.
3. Don't mess with the security settings. Nocera notes that most of the default browser settings in Android, iPhone, and Blackberry phones are fairly secure out of the box. "I recommend not going in to change browser security settings--they're pretty good already," he says.
4. Avoid unencrypted public wireless networks. Such Wi-Fi networks require no authentication or password to log into, so anyone can access them--including the bad guys.
5. Paying to access a Wi-Fi network doesn't mean it's secure. Access fees do not equal security. Just because you pay a fee to access a Wi-Fi network doesn't mean that the network is secure.
6. URLs beginning with 'https:' are safer (but not foolproof). Whenever you're accessing a site where you'll be sharing personal or confidential information--your bank's site, for example--you want to make sure that you're doing so securely. The s in https means that you're connected to the site via the Secure Socket Layer (SSL). In layman's terms, this means that all data transmitted to that particular Website over the Internet is encrypted.
7. Use VPN. If you have access to a VPN (virtual private network), use it. A VPN provides secure access to an organization's network and allows you to get online behind a secure layer that protects your information.
8. Turn off cookies and autofill. If your mobile device automatically enters passwords and login information into Websites you visit frequently, turn that feature off. It's convenient, but it can also be a privacy threat.
9. Watch your apps! Apps are great, and many are free, so it can be tempting to download with abandon. But, Nocera cautions, you should be selective about the apps you download.
Visit PCworld for complete details on keeping your mobile device secure.
Biz Tip Source: PCworld
Author: Logan Kulger