How to stay safe
To prevent cookie sidejacking while using public Wi-Fi, experts say users can do a number of things to protect themselves. For example:
- Users should use mail websites that encrypt data. Sobrier uses Gmail, which has encrypted its mail program since January 2010. A user can tell a website is encrypted if a small padlock icon appears to the right of the site's address in the address bar of a Web browser.
- Mobile device users should make sure they have downloaded all the security updates for their operating systems.
- Use VPNs -- virtual private networks -- which encrypt all the information that a user transfers online and make communication more private. Many employers are creating their own VPNs, but Khasawneh said individual users can use open-source VPNs, such as the one offered by OpenVPN.
- Use paid Wi-Fi. "They (VPNs) certainly have value, and they certainly are a layer of protection, but they don't solve all the problems. And they can lead to a false sense of security," Siciliano said. "If you are functioning in a wireless environment on a regular basis, you are better off spending the money on a wireless card that you get through AT&T or Sprint rather than going through a free VPN or a $5- to $6-a-month one. This way, you have your own relatively secured wireless connection as a constant."
Protecting smart phones
Smart-phone owners should also be aware that their devices can become victims of the same sidejacking attacks when the device switches from a 3G carrier to a wireless hot spot.
"The more likely dynamic is that 3G becomes overloaded and, because of that load, it slows down and customers start to look for alternatives. And the easiest alternative is Wi-Fi," said Kevin Murray, the vice president of product marketing at iPass, a Redwood Shores, Calif., wireless connection company.
Murray said that to protect from data sniffers users can encrypt their cellphones.
"You can go into the settings and you can actually turn on encryption in the settings of the phone," Murray said.
Dangerous, even when wired
While cookie sidejacking is possible and protecting yourself from the people you share a network with is a good idea, other security experts say users have more to fear from cybercriminals across the globe than from the anyone sitting on the other side of a cafe.
To connect to and surf the Web safely, users should always be wary about what they are doing on the Internet, says Mark Bower, a vice president of Voltage Security, a company in Cupertino, Calif., that specializes in data security.
"Really make sure that you are careful about your Internet habits," Bower said. "Don't just email your credit card information, even if a hotel or merchant is asking you to do that."
And, Bower says, be careful about which links you click, because some can download and launch malicious programs onto your computer.
"Those are the simple techniques that attackers use to deliver viruses and Trojans, which can then be used to steal your logins to bank accounts and so on," Bower said.
If users suspect a malicious attack, Siciliano suggests they back up important files, then reinstall their operating systems and start fresh.
"Once you start fresh, you can begin at the beginning," Siciliano said. "That's not even an option for us as human beings when we get sick, but that is an option for us as PC users."
VIDEO ON MSN MONEY
Copyright © 2014 Microsoft. All rights reserved.
Fundamental company data and historical chart data provided by Morningstar Inc. Real-time index quotes and delayed quotes supplied by Morningstar Inc. Quotes delayed by up to 15 minutes, except where indicated otherwise. Fund summary, fund performance and dividend data provided by Morningstar Inc. Analyst recommendations provided by Zacks Investment Research. StockScouter data provided by Verus Analytics. IPO data provided by Hoover's Inc. Index membership data provided by Morningstar Inc.
RECENT ARTICLES ON IDENTITY THEFT
A Fidelity study found that adult kids and their folks aren't on the same page when it comes to discussing finances.