Q: Now that the weather’s finally turned decent, I’ve been surfing the Net outdoors whenever possible—at Bryant Park, outside coffee shops, on my fire escape, wherever. The Wi-Fi’ing was going great until I read how my e-mails can be intercepted by any half-wit hacker. Is that really the case, and if so, how can I fend off the snoopers?
Wi-Fi security still ain’t ready for prime time, despite the technology’s Britney-like popularity among the digerati. Once you send data zinging through the air, it’s relatively easy to pick off, especially if you fail to use even the most basic encryption methods. Things are slated to get better by year’s end, when the next generation of Wi-Fi security debuts. For this summer, though, caution has to be your watchword.
Of all the locales you mention, it should be easiest to protect yourself while laptopping on the fire escape. Mr. Roboto is assuming here that you’re being a good boy or girl and accessing the Internet through your own connection, rather than covertly leeching off a neighbor’s access point. If that’s the case, make sure you’ve switched on your Wi-Fi network’s Wired Equivalent Privacy (WEP), a built-in encrypter. True, WEP’s easy to crack, but let’s be realistic—unless someone’s really out to ruin your life, you should sleep well if WEP’s running.
The big problem with WEP isn’t its frailty but the fact that hardware manufacturers rarely turn it on by default. So when you first hook up your access point and router, make sure that turning on the encryption is part of the process. (The user manual will have the skinny on this.) Also, it’s imperative that you change the system identifier (SSID), or network name, which often comes installed as an easy-to-guess factory default like, well, “default.” Some networks will grant access to anyone who can type in the SSID, which means some very bad dudes could commandeer your machine as you obliviously soak up the rays.
When you start logging on through public “hot spots,” however, the security question gets a whole lot dicier. You mention Bryant Park, which was Wi-Fi’ed up by the good—nay, great—folks at NYCwireless (nycwireless.net). In a situation like this, where the network accepts all comers, WEP simply can’t be used, since each user would need to know a specific “key” to get access. To their credit, the NYCwireless pooh-bahs make this pretty clear: “Is it secure?” they write. “No! Wireless Ethernet is insecure by default. Any user on the Wireless Local Area Network (WLAN) can spy on unencrypted traffic from other wireless users.”
OK, don’t panic, and certainly don’t feel like you can no longer surf beneath the sun. There are still some safety measures worth taking, like sending personal information only through secure connections. If you’re buying something online, for instance, make sure the bar at the bottom of the page is showing a padlock, the sign of its being encrypted. Internet Explorer users should check to see that the SSL 3.0 box is checked under the “Advanced” tab of “Internet Options.” More accomplished users should download the latest Secure Sockets Layer tool kit from openssl.org. Whew.
The best way to defend your precious data is to get some Virtual Private Network (VPN) software, which’ll scramble your communiqués beyond all recognition. Unfortunately, VPN tends to be pretty complicated, the sort of protocol that’s best left to the pros. At a Boston Wi-Fi convention earlier this month, a security company called AirDefense monitored all the attendees’ Wi-Fi sessions and concluded that only 12 percent bothered with VPN. Considering that these were the crème de la crème of geekdom, you get the inkling that VPN ain’t a joyride. If you’re a paranoid neophyte, your best bet might be to sign up with a commercial Wi-Fi service like Boingo (boingo.com), whose service offers built-in, no-fuss VPN.
The good news is that the Wi-Fi industry’s about to mothball WEP in favor of Wi-Fi Protected Access (WPA), which’ll supposedly be simpatico with public hot spots, too. The hardware’s supposed to start hitting store shelves in the fall, so expect a safer, saner 2004. At least from a Wi-Fi standpoint.
Input questions at firstname.lastname@example.org.