(Updated to add some context of the hack the person used. See also, the note at the end of the post.)
Last night at a neighborhood sports bar, I learned personally a valuable lesson about using a public wifi hotspot–a lesson I already knew theoretically. The lesson is, “don’t use a public wifi hotspot.” However, since that’s a bit too hard for any of us to avoid, the lesson is: “Make sure you are logged out of any website that is not encrypted–or, put another way, that doesn’t have a little icon of a pad-lock in the address bar or that does’t have a web address that has an “s” behind the http.
Let me try explaining that again: While on any type of public wifi network, you want the address of any websites you are logged into to begin with https://, not merely http://.
Had the person who taught me the lesson not been such an asshole (sorry, there is no other word that works), I would probably be sharing with you the name of his company and praising his service. Unfortunately, the geek (and beer) in him took over any effective salesmanship skills he may possess and his approach was centered on gleefully humiliating me as a segue into telling me about the service his company provides (left unsaid, but clearly communicated was the end of the sentence) for idiots like me.
That may work with others, but all I could think was how quickly I could get away from this creepy guy.
Here’s what happened: A guy comes over to my table where I was eating by myself and bellows, “Hey Rex” acting as if we were old friends. Using knowledge he had gained from my LinkedIn account, he said something about my company and meeting me at an event.
After we established what he was doing, he showed me on his Android phone several open administrative accounts — like for this blog, for instance.
“I want to tell you about this, because I’m with an internet security company and we’re good guys,” he said as he showed me that his Android smartphone had a “sniffer” app he was able to use to access my LinkedIn account and a few other accounts–despite me not being able to recall the last time I used it.
I was wanting to say to the guy, “Wow, that’s amazing. Let me look at your phone and see that.” And then I was imagining him handing me the phone and me smashing it on the floor.
But, that’s not me. I just sat there thinking if I’d ever met such a jerk. But, being fascinated by his hack and his screwy approach.
The “security consultant” took great joy in telling me that the software he was using to access my LinkedIn account and others was nothing special. “It’s available for free on the Android Store.”
Despite his un-salemanship skills, he did have a good point to make.
Rather than attempt to explain what the security consultant was trying to pitch me, I suggest you visit the website the U.S. Justice Department has about protecting yourself while using public wifi. And here is a three-minute video they have that explains what you should do when using public wifi. I suggest watching it and following its recommendations.
Later: A couple people who know that I have one have asked why I wasn’t using my “mobile hotspot.” Good question. I have typically used it for travel, but now have a new appreciation for its benefits in-town, as well. Also, on Facebook, in a discussion about this post, use of the Chrome extension, HTTPS Everywhere was suggested. I can’t vouch for it, but have downloaded it and will try it out.