STOCK QUOTES     More market data...

Small office / Home office
Snoops sniffing Wi-Fi data

By GLENN FLEISHMAN
Special to The Seattle Times

E-mail this article Print this article Search archive Most read articles Most e-mailed articles

When you're at public Wi-Fi hotspots, it's easier to keep your laptop than your data from being stolen. If you didn't already know that, welcome to the paranoid club.

The risk isn't that someone will target you individually, but rather that freely available tools let casual snoopers sniff all passing wireless data at a hotspot and sift for e-mail account information and passwords that are typically sent without any scrambling or encryption. (All reliable bank and e-commerce Web sites encrypt your browsing sessions, incidentally.)

The cracker doesn't have to be sitting next to you, either. They could be across the street, in an apartment or in the next room at a hotel. Wi-Fi signals pass — at least weakly — for some distance.

Fortunately, it's not hard to protect your e-mail password and messages from prying eyes. It's a little more difficult to secure all of your data. This first of two parts focuses on securing e-mail; part two next week covers securing an entire network connection at a hotspot.

Protected Web mail. Most hotspot users check e-mail first, and most e-mail passwords and the text of messages are sent in the clear with no protection.

A secured Web mail host can combine simplicity with full data obscurity. With a Web-mail provider that offers a secure browsing option called SSL (Secure Sockets Layer), you can be sure that no one can intercept text or passwords as you read and send e-mail.

Some Internet service providers and Web-mail providers offer a secure login, but then revert to clear transmission for browsing, which can expose tokens used to log in. Check whether, after a secure login, the Web address starts with https:// instead of just and that a lock icon is at the bottom of your Web browser; that extra "s" stands for "secure" and the lock indicates an encrypted session.

Australian e-mail operator Fastmail.fm (fastmail.fm) includes secured Web-mail access with all accounts, including a free, advertising-supported option. About 90 percent of its customers are in the U.S.; nearly half employ secured e-mail. "Security is not something we consider optional," said company founder and Chief Executive Jeremy Howard.

Fastmail.fm and other providers let you retrieve e-mail from mailboxes at other ISPs or your place of work if they use the common POP (Post Office Protocol) or IMAP (Internet Message Access Protocol).
 

Protected e-mail sessions. Another method of protecting e-mail works from within modern e-mail software. The e-mail program is set to retrieve and send messages over a secured connection that also uses SSL, but in a different form.

Some ISPs offer this service to their clients, and Fastmail.fm provides it as part of its $19.95 per year and higher accounts.

Turning on SSL in an e-mail program varies quite a lot among major software applications, but can be straightforward. "Depending on the client, it's just a case of checking the little box that says secure connection," Howard said.

SSL e-mail often works hand in hand with authenticated e-mail, which allows you to send e-mail from any location, not just from your service provider's own network.

Next week: Protecting an entire wireless session.

Glenn Fleishman, a Seattle freelancer, writes the Practical Mac column in Personal Technology.