How safe actually are you when using a free Wi-Fi such as those available at hotels, shopping complexes, airports, and even inside airplanes to surf the internet, and then logging into your blog or VPN for all your online banking stuffs?
Well the typical answer is: Quite on the “very low” to almost “none at all”.
Internet has become a gold mine for those air hack pirates. Sometimes when you have access to the internet via hotel complimentary Wi-Fi connections, think twice about logging into anything sensitive; an “evil twin site”, sometimes referred to as WI-phishing, is a potential security threat to users of Wi-Fi, predominantly in public hotspots. A hacker sets up what is called a “rogue access point” which impersonates the characteristics of the network to which users expect to connect. Users unknowingly connect to the rogue access point and the hacker’s network instead of the intended network and all your passwords would be harvested.
This “evil twin” is a potential security threat to users of Wi-Fi (it does not matter WEP or WPA key-shakes), and predominantly in public hotspots. An accomplished hacker would set up a “rogue access point” which is a convincing carbon copy in the fullest available characteristics of the network to which users expect to connect. Users unknowingly connect to the rogue access point and the hacker’s network instead of the intended network. The “evil twin” hijacks data, such as passwords, account information, credit card information, etc., and then connects the user to the Internet as intended and the users (by now the victims) would know nothing of the security breached which had just transpired.
It’s relatively easy to intercept session-IDs, cookies or random strings in the session URL from nearly all popular web applications, such as Gmail, Bloggers, Facebook, You Tube, Word Press, Hotmail, AOL and Yahoo Mail, when you're using Wi-Fi. Interception works even if you're using Secure Sockets Layer (SSL).
Using certain software’s and a basic notebook, a hacker may crack a 6 character password in roughly 5.15 minutes, 4 characters password could be done in less than 50 seconds and for 3 characters (no longer allowed by providers) it’s just in mere 0.05 seconds. So use a 14 characters password instead because even with the best software it would still take around 2,046 millennia to crack and that’s a very polite way of saying “till hell freezes over”.
Combine your passwords in alphabets and numbers and for none less than the maximum allowable 14 characters for a “Strong” password. Just adhere to all suggestions made by your service providers for safe surfing and you should be okay. If you suspect that you have just recently become a WI-phishing victims, immediately notify all your internet bankers by voice phone calls (they have 24 hours global connection hotlines) and freeze your internet banking accounts until you could pay them a visit and change the numbers over the counter the next day.
Yes true, it does not have to be just through a “free” hotel Wi-Fi for them to do the hacking act. WI-phishing could be done from anywhere and just about on any access point you may be entering the www connections from. But complimentary hotel Wi-Fi is a lot more dangerous for the very reason that they already have your credit card numbers and most of your privy details upon check-in…
And if you are using your mobile phone’s Wi-Fi to surf along free Wi-Fi spots and you also happen to be on a “Pre-Paid” system for your mobile telecommunication service, well they could easily clean out your credits the next time you try to surf on a “free” Wi-Fi. If possible, go “Off-Line” first with the phones before establishing a W-LAN connection off line. Truth is nothing is really free anymore these days.
My final advice for now is, to never ever disclose any credit card numbers on the emails, never list down phone numbers in close succession on the emails (if you must send out numbers do it like this 012-12 3 45 6 7 instead of the standard format of 012-123 4567. The hacker bots would miss this most likely. But absolutely NO credit cards numbers and if you are using free Wi-Fi; make it a habit to change your password in every 24-hours cycle and use only “Strong” password set ups. I change my passwords every 2 weeks (and do write them down in your safe data storage).
Well, thanks for coming by, and safe surfing to everyone.
Deliah’s Deli says a big: “Thank You” to the IT faculty for helping me out overnight with this cyber episode ;)