Traveling Safely With Your Tech
So let's talk about travel. How many of you have taken your laptops on the road? Your mobile phones when you go overseas? We all do that; we're a highly, highly mobile society and we bring our tech wherever we go. We bring our digital lives wherever we go, and that has profound impact for security because if you're on vacation in Hawaii and you're getting drunk and surfing you really don't wanna think about https everywhere. You don't wanna think about encryption. You just wanna have a good time, and criminals know that, and they try to take advantage of you whenever you're out of your home, out of your home area and on vacation, so a few things to keep in mind. Public computers: we've seen lots of different places that have computers available in public and we're seeing more and more of that. You see them in the airport lounges, you're seeing them in certain stores and restaurants, and you're now starting to see in airports, more and more, these tablets. These things are riddled with ...
malware. There's nobody in the airport lounge that is watching what's going on there. All it takes is one customer to stick in a thumb drive and infect the device, and it's not just criminals that are doing it. If you're traveling to certain nations that have less freedoms, if you will, the government services are monitoring everything that you do on those sites so if you happen to be in China using a computer in the Air China Lounge, you can absolutely bet everything you do is being monitored. Therefore, I tell people, if you're using a public computer, never log on to anything. Don't log into your bank account, don't log into your Facebook, don't log into any service that you wouldn't wanna publicly publish your password on because there's malware on there, there's spyware on there, and there's keystroke loggers. If you're sitting in the airport, you're bored, you wanna look at CNN or the New York Times, L.A. Times, San Francisco Chronicle, no big deal. But do not log in to any of these public computers, it's a big risk. Now, the much more common way that many of us are accessing data on the road today is we are using public Wi-Fi. So let's chat about some of those risks and what it looks like. We've all been to the Starbucks or the coffee shop, hey, free Wi-Fi, looks great, and you commonly see it at airports too and there's tons of attacks going on against public Wi-Fi at airports. Just because you think you're connecting to the airport Wi-Fi doesn't mean that you do. Another place that we see lots of attacks against the Wi-Fi network, and what I mean, attack against the Wi-Fi network, I'll explain. When you're on a public Wi-Fi network, you're sharing connections with everybody else on the network. They can see and do what you are doing on your computer because your computer is connected to their computer via the same Wi-Fi hotspot, and if you're at a convention center or at a conference, particularly people wanna do competitive intelligence, they wanna get information on your business, they wanna see what you're up to, so you need to beware of that, and even hotels are doing this. More and more hotels you see free Wi-Fi, and public Wi-Fi sharing, as I mentioned, means that you're on the same network as everybody else and I've had this experience numerous times, I travel quite a bit for work, and I'm in a hotel, I boot up my computer, turn on the iTunes, and what do I see? The playlists of 600 other guests at the hotel and it's great that you love Vanilla Ice and MC Hammer, but I really don't need to see that on my playlist, for example, so if you are using a particular type of tool that I'm about to explain, you could avoid these problems. To let you understand how high the risk is, I wanna tell you about a tool called Firesheep. This is a few years old, but Firesheep was one of those automated hacking tools that required no technological knowledge. If I downloaded Firesheep, it was the plug in for hackers that would work on a Firefox browser, and I was sitting in Starbucks, and there were ten other people in Starbucks on Facebook, I could see each of their names, I could see each of their accounts, I would steal the session cookie, and not only could I read everything that you posted on Facebook, but I could post as you on Facebook because we were on the same public Wi-Fi network. So, just because you're on public Wi-Fi, you're gonna need to take special precautions. Now, when you go ahead and boot up your phone, and you see, ooh, these are the available networks, Starbucks, JFK-Airport, or FBI Surveillance Van, here's something you need to know about naming Wi-Fi hotspots. You can name them whatever you want. If you have a home Wi-Fi router, when you set it up, it may come as Comcast or AT&T or Time Warner out of the box but I can change it to any one of those and criminals do that all the time, trying to trick you to connect to their network because if you connect to the bad guys' fake Wi-Fi network anything you do on their network, they can see. Your credit card numbers, all of that data, so you have to be careful, and don't believe what you see here. I wanna show you a quick video about how this could impact each one of you. (dramatic music)
Now, we've driven over to Brooklyn and on the way, we've been offering up our various hotspots. So far, we've managed to snare 768 users into connecting. But one of the hotspots in particular is extremely concerning. This particular hotspot requires credit card details in order to get online. Now, we're charging about two dollars for 24 hours access. Of course, in this case, we're not actually taking the money. But 109 users happily handed their credit card details over to a complete stranger, a company they've no idea about. In this case, me.
Don't fall for that. Don't let that happen to you, all right? There are better ways of doing this. Number one, some of you may have seen these old hotspot devices. This is basically a cellphone device that you can carry with you, and it turns this device into a public Wi-Fi hotspot so you could bypass the public Wi-Fi and use this to connect directly through your cellphone company. This is more secure than public Wi-Fi. There's also built into iPhones and Android phones on most services, something called a personal hotspot. Have any of you used that? So if you happen to be out and about and you need to connect your laptop to the internet, turn on the personal hotspot, and again, now, you're avoiding the Starbucks Wi-Fi, and you're using your cellular network which is a better option than using open Wi-Fi, one that I recommend. But actually, there's an even better tool, an even better tool that you can use to protect yourself and this is called a virtual private network, or VPN. Have you guys heard of VPNs? Awesome: so what a VPN is, for those of you who may not have heard of it, in an encrypted tunnel. Basically, what it does is, it scrambles all of your data. Think of the pipe that's coming off of your laptop and translating all that data over the internet. What a VPN does is, it encrypts all of that data as it leaves your computer and goes through your ultimate provider or website that you want to visit, so all of your data is encrypted in that tunnel and protected, and you should definitely use one. You should use one because it'll protect you on public networks but there's another reason why you might want to use it. Just in the past few months, it turns out that the FCC here in the United States has changed the law, and it is now allowing your internet service provider to sell all of your browser history, so if you're Googling stuff that oh, I'm short on money, I need to earn money, now you're gonna start seeing ads for Payday loans, or if you are looking for medical marijuana, now you're gonna start seeing ads targeted for that and it's completely legal for your internet service provider now in the United States to entirely monetize your search history, and sell that to everybody from your employer to your healthcare insurance company and if you don't think they would do it, 80% of employers Google a candidate before they hire them, and they're not just Googling you. There are actually third party firms out there that will go ahead and provide prospective employers a social media background check, so if you've ever said anything racist or sexist or posted that picture of you at the bong one too many times all of that data gets compiled into a report. You won't be offered the job, and you'll never know why, so if employers are monitoring what you post on social media, they're monitoring your own Google history or the stuff that you put out about yourself on the internet, you can bet your butt that employers, prospective universities, insurance companies, are going to use this data. The internet service providers paid Congress a boatload of money to pass this law that is clearly against consumer interests, to help them and to enrich both the congresspeople who voted for this, as well as the internet service providers. I think this is really, really bad news, and it'll have a really bad impact on your privacy but as always, Mark does not just talk about the problems. We're here to talk about the solutions. And the solution, the answer to all of this, is a virtual private network: if you're on a VPN, then all of your traffic will be encrypted and protected, so it's a good way to keep your private data private. Which company should you go to? I'm going to mention three; again, I'm mentioning specific names, because criminals have created their own virtual private networks trying to trick you to download the software. There's NordVPN, TUnnelBear, and IPVanish. All very good reputable companies. As I said, watch out for ones that you don't heard of, seem good, don't seem good. I looked at these, there have been numerous, numerous studies by really big publications from the Wall Street Journal, the New York Times, Gizmodo, Boy Genius Report, that reported on these, and so I've done that research for you, and links to every single one of these VPN services will be in the resource guide and the infographic so that's what you can do with encryption. That's what you can do when you travel.