The Danger of Open Wifi Eavesdropping
The ProblemThe new Firesheep add-on to the Firefox browser makes it easy to eavesdrop on other people’s communication over open wifi networks, meaning that now anyone can access your accounts when you use an open wifi connection.
Reed Services Are SafeReed services are safe because they use end-to-end encryption, which protects your communication from your computer to Reed’s server. Even when you are on an open wifi network, eavesdroppers cannot gain access to your Reed accounts. However, other third-party web services may not be as secure.
How to Protect Yourself
1. Use end-to-end encryption. Before you visit a website on which you have an account, request to connect with end-to-end encryption by typing “https” instead of the un-secured “http”:
|Bad (using HTTP):|
|Good (using HTTPS):|
Not all websites offer HTTPS end-to-end encryption. If HTTPS is unavaible for a given website, consider carefully what information you submit to that website; a regular HTTP connection is easy to eavesdrop, especially if you are connecting via an open, unsecured wifi network.
2. Use different passwords for different web services -- NEVER use your Reed password for any other web service. If someone guesses one of your passwords, they can access all the accounts on which you use that same password. For suggestions of tools to help manage all your different passwords, see http://web.reed.edu/cis/help/passwordsafety.html.
3. Use the Reed1x wifi network on campus. Reed1x is encrypted using WPA2, which prevents the kind of eavesdropping used by Firesheep. Be wary of unprotected or unknown networks such as at cafes, in airports, and other public spaces, because they do not prevent eavesdropping. For instructions on connecting to Reed1x, see http://web.reed.edu/cis/help/wireless.html.
Questions? Contact us at firstname.lastname@example.org, or at x7525.