How to Protect Your Laptop in Public Places
A laptop is designed to be portable, but the take-it-everywhere philosophy comes with risks both to the device itself and the data it contains.
Public Wi-Fi networks are notorious for their lack of security. Just last weekend at a hacker conference in San Diego, Eric Butler, a Seattle software developer, released an alarming piece of software that makes it possible for a non-technical person to easily "sidejack" a nearby Wi-Fi user's Facebook, Twitter or other unsecured account session.
The free downloadable Firefox add-on Firesheep was created by Butler to show Website developers how easy it is to hack into sites without SSL encryption and to scare users into taking safety precautions.
"It's extremely common for Websites to protect your password by encrypting the initial login, but surprisingly uncommon for Websites to encrypt everything else," Butler said in his blog post about Firesheep. "This leaves the cookie (and the user) vulnerable." Cookies are small packets of information stored in browsers that identifies users each time they return to a specific site.
Firesheep is dead easy to use. The tool pops up a window on an amateur hacker's laptop, he or she clicks the "Start Capturing" button, and the program finds and displays user accounts currently on unsecured Websites connected to the Wi-Fi network.
"User name and photo will be displayed. Double-click on someone, and you're instantly logged in as them," Butler said. "Websites have a responsibility to protect the people who depend on their services. They've been ignoring this responsibility for too long, and it's time for everyone to demand a more secure Web. My hope is that Firesheep will help the users win."
The best way to protect your accounts from attack is to avoid sites without SSL-encryption when using your laptop in a public place. If you don't see a lock in front of the site address or the designation "https" ― where the "s" indicates the site is secure― in the address bar, the site is unprotected and so are you.
Some sites do offer an encrypted version. Twitter has an SSL site option, but it is not the default. Mozilla Firefox browser offers a free add-on called Force-TLS, which should automatically direct users to an SSL version of the site if it is available.
Protect your laptop
Laptop computers are attractive targets to thieves for the hardware itself and for the information it may contain. Take some simple steps to protect your laptop while traveling:
- Don't use a computer bag that advertises you're carrying a valuable piece of equipment. Instead, use a laptop sleeve for protection and carry it in a tote, traditional briefcase or other bag .
- Don't check your laptop with an airline, keep it with you. If traveling by car, make sure the laptop is out of sight or locked in the trunk before leaving the vehicle. If you do carry it along and want to set it down, rest it against your leg. Just like a purse, it's easy to get up from the table and leave your laptop on the floor or an empty chair.
- Similar to a bike lock, a laptop security cable can attach your laptop to a desk or other heavy piece of furniture in the event you want to leave it behind in a hotel room or office.
Protect your data
Also, set up your computer so that a password is required to access its contents. The few seconds it takes to type in your password each time you use your laptop will be worth the trouble if the computer is stolen. If you want a written copy of your password in case of an emergency, don't keep the note with your computer. Doing so is akin to leaving an extra key under the door mat.
If you store important data on your computer such as sensitive financial records, encrypt the files. Microsoft offers easy to follow directions for Windows XP, Windows Vista and Windows 7 users at Microsoft.com. Encrypted files can only be read by a user who has logged on with a designated password. If you leave the computer for a specified amount of time, Windows will log you off and you'll have to retype the password to resume your work. A thief would only be able to access encrypted files if the laptop was stolen while you were logged on and your session had not timed out.
Another accessory may prove useful in public situations: a laptop screen guard. The guard slides over the screen, so that you can see the display while directly in front of the computer, but passersby see only a dark, blank screen.
- Twitter 'Idiocy' Reveals Dangers of Public Wi-Fi
- Escape the Man Bag
- Wi-Fi Basics: All About Wireless Networking Technology