Clients Should Be Informed By Companies of Data Breaches
Judge Hands Identity Thief The Maximum Sentence

More About Sidejacking

After I wrote my first post about sidejacking, I did some more online research. A post at The Consuming Experience blog offered information about sidejacking:

"You're at risk from sidejacking when you use the internet via a free, or even paid-for, unsecured public wi-fi or WLAN (wireless networking) hotspot. That could include just accessing your Hotmail or other webmail, or your Facebook or MySpace or other social networking account, your Amazon account, etc. An attacker on the same wifi network could "sniff", steal and use login details and info of users of that open WLAN - such as "AIM buddy list, their DNS requests, alternate e-mail addresses they use, and so forth."

Since many web sites do not encrypt every site page, identity thieves can:

"... intercept the unencrypted information, particularly the "cookie" files saved with your browser and sent between it and the site - and which are often used to log you in."

And there are other ways your laptop can disclose your personal data:

"... all sorts of other unencrypted info can be intercepted and copied, and used to deduce details about you or your accounts which can then be used by the thief... when you power-on your computer. It will broadcast to the world the list of WiFi access-points you've got cached on your computer, the previous IP address you used (requested by DHCP), your NetBIOS name, your login ID, and a list of servers (via NetBIOS request) you want connections to."

What's a person to do to keep your personal information safe?

"Before you login to a website, at least make sure that the page where you enter your details, the one with the boxes for your login info before you hit Submit or OK, is a secure page - i.e. starts with "https". But that's not enough, it has to be SSL all the way."

The post at The Consuming Experience blog post offers more tips and solutions, for people who are technology-savvy and for those that aren't. There are also some solutions in my prior post about sidejacking.

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

The comments to this entry are closed.