Sen. Schumer calls for increased public WiFi security

NEW YORK Sun Feb 27, 2011 3:53pm EST

Related Topics

NEW YORK (Reuters) - Sen. Charles Schumer on Sunday called on major U.S. web site operators such as Amazon and Twitter to switch to a more secure protocol to prevent identify theft and other security breaches in places like coffee shops.

The New York Democrat told a news conference held at a Manhattan coffee shop that growing WiFi access at such shops, restaurants and other businesses was helping hackers gain user information like credit card numbers and account passwords.

"The number of people who use WiFi to access the Internet in coffee shops, bookstores and beyond is growing by leaps and bounds," Schumer said.

Unsuspecting patrons using their computers in such public venues had made them easy prey for hackers and identity thieves, he said.

"The quickest and easiest way to shut down this one-stop shop for identity theft is for major Web sites to switch to secure HTTPS web addresses instead of the less secure HTTP protocol," Schumer said.

He called the HTTP protocol "a welcome mat for would-be hackers."

Schumer said simple programs such as Firesheep had made accessing someone else's computer and private information through the unsecured HTTP extension relatively easy.

Schumer said many major Web site operators have been slow to address the HTTP security flaw, which he said has been well recognized since at least 2007.

He also released a letter to major Web site operators, none of which he said use HTTPS protocol as the default, asking them make the change.

(Reporting by Chris Michaud. Editing by Peter Bohan)

FILED UNDER:
We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/
Comments (2)
Mobility is the future and this issue will only get worse. The information here is just sound bites and not completely accurate, however the risk for people who use public internet WiFi is real.

Many content providers use HTTPS for the login, but then switch to HTTP for setting cookies. This exposes you to having your session be hijacked.

There are ways for users to protect themselves using proxies, but as Sen. Schumer states, the website providers are in the best position to easily mitigate this.

Feb 27, 2011 10:25pm EST  --  Report as abuse
5tudentT wrote:
Yet another liberal pushing a socialist agenda.

Protection from identity theft is a good thing, but why should I be forced to pay for someone else’s security? You should only pay for what you use, and if someone doesn’t want to pay they shouldn’t be forced. And if someone can’t pay, they shouldn’t have it.

It’s unconstitutional.

Feb 28, 2011 9:40am EST  --  Report as abuse
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.