N.Y. Sen. Charles Schumer wants popular web sites to default to a more secure protocol – primarily to stiff-arm cyber criminals who hang out at public Wi-Fi places like coffee shops and pubs.
At a speech last week at a coffee shop near Madison Square garden, one of Schumer’s staffers demonstrated how easy it is to hack a social networking account at a public place. Using a laptop at the event, the staffer “stole” another colleague’s personal data from a laptop only a few feet away. Both computers were logged onto the coffee shop’s free Wi-Fi network.
“What many people don’t know … is that hackers can use wireless hot spots like this one as a gateway to your most private information,” Schumer told a crowd gathered at Birch Coffee in Manhattan.
[Related article: Encryption for Everyman]
“The bottom line is, if we let this proliferate, everyone is going to pay the price,” he added. “It could become the leading cause of identity theft.”
Schumer says that major sites like Facebook, Yahoo and Twitter have a responsibility to toughen security standards, particularly when so many users log into both sites from public WiFi hot spots.
“The quickest and easiest way to shut down this one-stop shop for identity theft is for major websites to switch to secure HTTPS web addresses instead of the less secure HTTP protocol, which has become a welcome mat for would be hackers,” Schumer said.
Schumer also told the crowd that “easy-to-use” hacking programs, such as Firesheep, have made it way too easy for cyber-criminals to steal your personal data, including credit card and Social Security numbers.
[Identity Theft: Free Identity Risk Score and profile from Credit.com]
In a statement from Schumer’s office, the Senator noted that none of the websites Schumer mentioned in his Manhattan speech use HTTPS as its security protocol (although Twitter actually does offer HTTPS as an option for users).
“This security problem has been known for quite some time and hackers are getting better at creating programs that allow even the most inexperienced users the ability to hack into someone else’s computer,” added Schumer. “With the privilege of serving millions of U.S. citizens, providers of major websites have a responsibility to protect individuals who use their sites and submit private information. It’s my hope that the major sites will immediately put in place secure HTTPS web addresses.”
Image: Lauren Michell Rabaino, via Flickr.com