On Monday, USA Today columnist Steven Petrow wrote a post about a stranger on an airplane who claimed to have hacked into his account. This person described an email Petrow had sent on the flight to him verbatim. But people can gain access to your sensitive data without “hacking” you, simply by looking over your shoulder, or sniffing traffic you send in cleartext. If you’d like to take precautions to avoid this fate, here are a few steps you can take.
Step 1: Get a privacy screen.
The easiest way for someone to figure out what you’re working on is to look over your shoulder, and that’s true whether you’re online at all or are just typing away in Microsoft Word. You can buy a privacy filter for your specific laptop or tablet for as little as $10 (or as much as $80) to keep your information safe from prying eyes on the plane, or at a hotel lobby or crowded café. The screens will let you (or anyone right in front of the monitor) see what’s on your box while those next to you will only see a dark screen. The only down side is that it can cause glare or decrease clarity, so you may want to just slip it on manually rather than attaching it permanently.
Step 2: Be aware that there are other people on the network.
If you ever forget that you’re not the only person on the plane using the Wi-Fi, F-Secure security advisor Sean Sullivan has an easy way of quantifying this. “There’s a simple app called Fing. It’s free, and what it does is shows you all the other devices that are on the network with you,” he said. You can get Fing for iOS or Android. Here’s an image of Sullivan doing this on a flight on Norwegian Air, MAC addresses intentionally obscured.
Step 3: Switch to a secure email account.
Petrow, unfortunately, was using an EarthLink account. As Rob Graham at Errata Security wrote, “Such early providers (AOL, Network Solutions, etc.) haven’t kept up with the times. If that’s still your email, there’s pretty much no way to secure it.” And it gets worse. “With these old email protocols not only do we get emails sent in the clear, in plain text, they also transmit passwords to accounts in the clear,” says Sullivan. So if you are still using EarthLink or something like it, consider switching to Gmail. Sullivan further points out that email from providers like EarthLink can be funneled through another vendor’s app. “If you have other accounts you’d like to maintain, you can go to one of these other services and put in the POP credentials there and they can fetch the mail and surface it since it aggregates everything,” he explained. If that’s too much of a hassle, just use Gmail or an equally secure equivalent.
On Monday, USA Today columnist Steven Petrow wrote a post about a stranger on an airplane who claimed to have hacked into his account. This person described an email Petrow had sent on the flight to him verbatim. But people can gain access to your sensitive data without “hacking” you, simply by looking over your shoulder, or sniffing traffic you send in cleartext. If you’d like to take precautions to avoid this fate, here are a few steps you can take.
Step 1: Get a privacy screen.
The easiest way for someone to figure out what you’re working on is to look over your shoulder, and that’s true whether you’re online at all or are just typing away in MicrosoftMSFT +1.44% Word. You can buy a privacy filter for your specific laptop or tablet for as little as $10 (or as much as $80) to keep your information safe from prying eyes on the plane, or at a hotel lobby or crowded café. The screens will let you (or anyone right in front of the monitor) see what’s on your box while those next to you will only see a dark screen. The only down side is that it can cause glare or decrease clarity, so you may want to just slip it on manually rather than attaching it permanently.
Step 2: Be aware that there are other people on the network.
If you ever forget that you’re not the only person on the plane using the Wi-Fi, F-Securesecurity advisor Sean Sullivan has an easy way of quantifying this. “There’s a simple app called Fing. It’s free, and what it does is shows you all the other devices that are on the network with you,” he said. You can get Fing for iOS or Android. Here’s an image of Sullivan doing this on a flight on Norwegian Air, MAC addresses intentionally obscured.
Step 3: Switch to a secure email account.
Petrow, unfortunately, was using an EarthLink account. As Rob Graham at Errata Security wrote, “Such early providers (AOL AOL +%, Network Solutions, etc.) haven’t kept up with the times. If that’s still your email, there’s pretty much no way to secure it.” And it gets worse. “With these old email protocols not only do we get emails sent in the clear, in plain text, they also transmit passwords to accounts in the clear,” says Sullivan. So if you are still using EarthLink or something like it, consider switching to Gmail. Sullivan further points out that email from providers like EarthLink can be funneled through another vendor’s app. “If you have other accounts you’d like to maintain, you can go to one of these other services and put in the POP credentials there and they can fetch the mail and surface it since it aggregates everything,” he explained. If that’s too much of a hassle, just use Gmail or an equally secure equivalent.
Step 4: Use a VPN, Tor, and/or HTTPS Everywhere.
If you want to make it harder for strangers to sniff your traffic, a VPN, or virtual private network (like Freedome or Cloak) will encrypt your HTTP traffic, which is otherwise easily sniffed by tools like WireShark. Just make sure to use a real VPN and not just a proxy service.
