Last week we talked about TCP/IP and how when data travels across the Internet, that it “hops” from node to node in little pieces called packets.
Be aware! When you do things on the Internet, if the method of transport is insecure (for example, if you are looking at a web page using http instead of https, or if you are sending email to an address that is outside of your local network), the packets that are sent may be intercepted along the route by a hacker. Your email, web page, or, perhaps more importantly, web cookie (complete with your credentials intact) may get intercepted by a maleficent user!
Special computer programs, known as Packet Sniffers or Packet Analyzers, are used to do just that. As the data flows across the network, the sniffer tool captures each packet and decodes the packet’s raw data, showing the values of various fields in the packet.
You’re particularly vulnerable to having your data intercepted if you use a wireless device over an unsecured wireless network. WiFi networks have a range of about 100 yards; anyone within a football field of your wireless device could be reading your email or log into your Facebook, Yahoo! Mail, or other account by stealing the unencrypted cookie with your login credentials.
So, what can you do?
- Always use https any time you log into an account.
- Don’t use a service that uses https during the login part but then switches back to http after logging you in. By default, Facebook and Yahoo! Mail do this. With Facebook, you can change your settings so it will always use https (Account>Account Settings>Account Security>Secure Browsing). With Yahoo! Mail, your username and password are protected, but once you log in, it switches you back to http. Anyone with sniffer software installed could read your email as it’s being sent.
- Be careful when using unsecured wireless networks. Don’t log into accounts that only use http. Don’t send important emails. When using one of the free wireless hotspots at a fast food restaurant, hotel, coffee shop, airport, or school (including Stanford), most likely it will be on an insecure wireless network. Anyone within a football field running a packet sniffer could easily steal your credentials and access your account.