Sen. Schumer calls for increased public WiFi security

NEW YORK Mon Feb 28, 2011 1:23pm EST

An attendee at a conference uses a laptop in a file photo. REUTERS/Thomas Peter

An attendee at a conference uses a laptop in a file photo.

Credit: Reuters/Thomas Peter

Related Topics

NEW YORK (Reuters) - Sen. Charles Schumer on Sunday called on major U.S. web site operators such as Amazon and Twitter to switch to a more secure protocol to prevent identify theft and other security breaches in places like coffee shops.

The New York Democrat told a news conference held at a Manhattan coffee shop that growing WiFi access at such shops, restaurants and other businesses was helping hackers gain user information like credit card numbers and account passwords.

"The number of people who use WiFi to access the Internet in coffee shops, bookstores and beyond is growing by leaps and bounds," Schumer said.

Unsuspecting patrons using their computers in such public venues had made them easy prey for hackers and identity thieves, he said.

"The quickest and easiest way to shut down this one-stop shop for identity theft is for major Web sites to switch to secure HTTPS web addresses instead of the less secure HTTP protocol," Schumer said.

He called the HTTP protocol "a welcome mat for would-be hackers."

Schumer said simple programs such as Firesheep had made accessing someone else's computer and private information through the unsecured HTTP extension relatively easy.

Schumer said many major Web site operators have been slow to address the HTTP security flaw, which he said has been well recognized since at least 2007.

He also released a letter to major Web site operators, none of which he said use HTTPS protocol as the default, asking them make the change.

(Reporting by Chris Michaud. Editing by Peter Bohan)

FILED UNDER:
We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/
Comments (3)
ThePup wrote:
I wish Schumer would keep his scary butt at home. If he ran the world you would not be able to do anything that might frighten him. These people who don’t realize what might happen are called victims. It is part of a process called natural selection. The problem is we have been saving these stupid people and they have been breeding. Now they are everywhere. It’s Schumer’s fault.

Feb 28, 2011 4:09pm EST  --  Report as abuse
BurtAnderson wrote:
The good Senator needs to stick to what he knows. He does not know IT. He knows precious little about security protocols, as evidenced by his demands on this issue. To those of us in IT, he looks like a buffoon almost on the scale of the late Ted “It’s a Network of Tubes” Stevens.

A little information is a dangerous thing, and that is all the Senator has… a teeny bit of information. Incomplete. And he uses that incomplete speck of information to draw sweeping conclusions… well, that may be something the Senator DOES know about. Sweeping conclusions based on zero data.

Amazon.com and most websites DO use the HTTPS protocol when accepting login credentials or payment information. When they aren’t, they don’t. It’s real easy to spot: in the address bar, it will say “HTTPS://” followed by the web address. On most browsers, a lock icon will appear, letting you know it is secure. No lock? Not secure.

If there is an issue with passwords being stolen from Wi-Fi networks, the issue lies with those networks. Some are NOT secure, and the security of the Wi-Fi network is readily available to those logging in. If they choose to enter credit card information on an unsecured Wi-Fi network, they have only themselves to blame.

Rule of thumb: if usage of the network doesn’t require a password, it isn’t secure. If it does; you’re generally okay.

Be more concerned about the hackers that steal your account information directly from the banks that issue it. They nab hundreds of thousands at a time, more often than the banks like to admit. Sometimes the data are held for ransom, sometimes they’re sold to organized criminal outfits. And there’s NOTHING the consumer can do about it, short of canceling all credit cards.

And for God’s sake, people, LOG OUT of your accounts when on a public computer! Just closing the browser isn’t enough – LOG. OUT.

Feb 28, 2011 8:45pm EST  --  Report as abuse
SilverTongue wrote:
I am extremely glad that steps are being put forward for increased protection of WiFi access of the internet. I have recently had several instances where my email, facebook & myspace accounts have been tampered with while using WiFi.

Feb 28, 2011 11:51pm EST  --  Report as abuse
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.