Reports last week that foreign “hackers” had intercepted emails between Australian government officials and miners raised the issue of email security, just how private are our online messages?
When the media uses the word “hacking” it’s always worth taking a step back and finding out the facts. Often a security breach is the result of a simple setup mistake or the information and passwords have walked out the building with a disaffected, lovestruck or just plain dumb employee.
That’s not to say hackers aren’t a risk organisations should to be conscious of, it’s just that often the security risks are more mundane than we would expect. A good example is the simple matter of logging onto a wireless or hotel network.
We assume when we log into our networks that the data is secure though often the user names and passwords are exchanged in “clear text”, which anyone with access to the network can view your passwords with the use of a “packet sniffer” that reads each bundle of information sent across the internet.
Poor security isn’t just a feature of unprepared computer users, every year the world’s leading hackers and security experts gather at that Las Vegas DEFCON conference which since 2001 has featured the Wall of Sheep, an embarrassing display of user information captured off the convention’s network.
This is a surprisingly common security problem made more frequent with the rise of unencrypted wireless networks which can be sniffed by anyone who can be bothered logging on, this is a common problem when you’re connecting onto free wireless networks at the local coffee shop or fast food restaurant.
The answer to all of this is to use Secure Socket Layer encryption, which creates a secure link between your computer, mobile phone or iPad and the servers. For email use, your system administrator can set this up or if you use the popular web mail services it’s a matter of ticking the box.
A similar service works when you’re browsing the web, on visiting a secure site the address should start with https instead of the usual http, the “s” on the former stands for “secure”. A padlock symbol will also appear – in the bottom left hand corner of Firefox or beside the site address at the top of both Chrome and later versions of Internet Explorer.
Before logging onto any secure service, including social media platforms, both the https address and the padlock symbol should appear before you enter passwords or sensitive information like credit card or banking details.
Sadly, the secure websites are not always foolproof as sometimes the site will use a secure connection for your password details then once you’ve logged in, return to an unsecured version. This is how the Filesheep program that was released last year works by sniffing cookies and other stored information from unsecured websites.
It’s surprising how many tourists and backpackers get caught out while doing online banking, checking their email or using social media while on the road.
Without logging into a network securely, then logging out when finished and making sure their details haven’t been saved, it’s quite common to see travellers getting their details stolen.
Assuming you’re safe because the network belongs to a high priced hotel or resort doesn’t always work either; a few years ago passengers on a major cruise liner had their bank accounts compromised when one of the crew was stealing data passing through the ship’s Internet cafe.
You don’t need to be a mining executive in China or Julian Assange to fall prey to the Internet snoops, whole industries and criminal organisations are built around using your data so it’s a good idea to be making sure your information is secure while taking a little bit of caution and using some judgement before logging onto a network.