What are the real security risks?
To make a sound choice, its important to understand what's really at stake when using public wireless networks. Can eavesdroppers see your banking details? E-mails? Usernames and passwords? The answer is it depends.
Any data transferred between a user and a Website using an HTTPS address (note the s at the end of http) and SSL encryption, such as online banking sites, is just as secure on a hotspot as it would be on a private secured network. Wi-Fi hackers or eavesdroppers sitting around the hotspot cannot capture a users login credentials or see any information from these secured sites.
However, eavesdroppers can capture Web traffic on other sites that use the unsecured HTTP address. For most people this isn't a problem. If youre just passively viewing sites--checking the news or sports scores, for instanceyoure fine. Your risks increase, however, if you must login to sites that arent secured. Even if the site isn't all that sensitive, such as a discussion forum, eavesdroppers can capture your login credentials, which they may also use for other more important sites. Thats why its important to use unique usernames and passwords for every site.
Since e-mail is the thing we are most often inclined to check from our Wi-Fi-enabled devices, its important to realize that Web-based e-mail providers, such as Google and Yahoo, do not use HTTPS/SSL encryption for e-mail access by default (although Google recently announced plans to do so). This means that Wi-Fi eavesdroppers can potentially capture your log in details, as well as see your e-mail messages.
In addition to Web browsing, other services including POP3 or IMAP e-mail and FTP file transfers are vulnerable to Wi-Fi eavesdroppers. Services like these transfer their data in clear-text, including the login credentials. Most of these services can be secured with SSL encryption, which would mean they were protected from Wi-Fi snooping; however, most users do not secure their data, which leaves the login credentials and messages vulnerable to eavesdroppers when accessed via a POP3/IMAP e-mail client, such as Microsoft Outlook, over an unsecured network.
In addition to eavesdroppers being able to capture the traffic transferred over the airwaves, they could also potentially connect to a users laptop or other Wi-Fi device. Windows XP users, for instance, are vulnerable if they have configured their system to share any folders because those folders will also be shared on public networks, where other hotspot users can access them if they aren't password-protected.
How can hotspot owners help?
To protect the Internet traffic of users on hotspots, hotspot owners could implement encryption on their public Wi-Fi network. Though the Personal or Pre-Shared Key (PSK) mode of Wi-Fi Protected Access (WPA/WPA2) encryption typically used in home networks isn't feasible for hotspots, the Enterprise mode can be.
Read the rest at eSecurity Planet.