The New Dangers of Free, Open Wi-Fi

Free Wi-Fi in restaurants, coffee shops and hotels is convenient, but an unsecured network can open you up to more security issues than in the past.

Thanks to a program called Firesheep, it's much easier for hackers to take control of your computer. As we reported last fall, Firesheep is a program that allows a computer user to log onto a public network in an airport or coffee shop, and get a list of all the computers that happen to be connected to the network at that moment.

Simply by double-clicking on one of the names, the Firesheep user can access whatever that computer user is doing online. If the user is updating her Facebook account, the Firesheep user is also logged in.

New meaning of 'Show Me State'

Four Missouri legislators appear to be the latest victims. All four lawmakers, and one staff member, had their Facebook pages hacked, with embarrassing messages posted on the page. According to published reports, all the victims said they had been using the free Wi-Fi network in the Capitol, provided for visitors and journalists, in recent days.

In the case of the lawmakers, the hacker posted messages saying how much they "loved lobbyists," because of all the "free food." While Missouri state government security officials aren't sure Firesheep was involved in the bipartisan hacking (the victims included both Democrats and Republicans), it tops the list of suspects.

Security expert Graham Cluley, of Sophos Software, says Facebook recently allowed users to choose full SSL/HTTPS encryption throughout their session to stop accounts being compromised through unencrypted WiFi using tools like Firesheep. Taking advantage of that, he says, is one way to increase security on Facebook.

"Facebook hasn't rolled out that functionality to every user yet, but I would recommend that every user enable it as soon as possible," Cluley said.

Privacy options

Hackers target Facebook and other social networking sites to harvest information about you. Sophos recommends that you set your Facebook privacy options to protect against online identity theft.

At the very bottom of every page on Facebook, there's a link that reads "Privacy." The linked page is "A guide to privacy on Facebook," which contains the latest privacy functions and policies.

For example, with the latest changes in May 2010, Facebook discloses information that it sets as visible to everyone and that you cannot make private. This information includes sensitive information like your name, profile picture, gender and networks.

When in doubt, use the "Preview my profile" button on any privacy settings page to check how your information appears to others. Also, think carefully about who you allow to become your friend.

Once you have accepted someone as your friend he or she will be able to access any information about you -- including photographs -- that you have marked as viewable by your friends. You can remove friends at any time should you change your mind about someone.