Sen. Schumer calls for increased public WiFi security

By Reuters
Monday, February 28, 2011 12:39 EDT
google plus icon
  • Print Friendly and PDF
  • Email this page

NEW YORK (Reuters) – Sen. Charles Schumer on Sunday called on major U.S. web site operators such as Amazon and Twitter to switch to a more secure protocol to prevent identify theft and other security breaches in places like coffee shops.

The New York Democrat told a news conference held at a Manhattan coffee shop that growing WiFi access at such shops, restaurants and other businesses was helping hackers gain user information like credit card numbers and account passwords.

“The number of people who use WiFi to access the Internet in coffee shops, bookstores and beyond is growing by leaps and bounds,” Schumer said.

Unsuspecting patrons using their computers in such public venues had made them easy prey for hackers and identity thieves, he said.

“The quickest and easiest way to shut down this one-stop shop for identity theft is for major Web sites to switch to secure HTTPS web addresses instead of the less secure HTTP protocol,” Schumer said.

He called the HTTP protocol “a welcome mat for would-be hackers.”

Schumer said simple programs such as Firesheep had made accessing someone else’s computer and private information through the unsecured HTTP extension relatively easy.

Schumer said many major Web site operators have been slow to address the HTTP security flaw, which he said has been well recognized since at least 2007.

He also released a letter to major Web site operators, none of which he said use HTTPS protocol as the default, asking them make the change.

(Reporting by Chris Michaud. Editing by Peter Bohan)

Reuters.com brings you the latest news from around the world, covering breaking news in business, politics, technology, and more.
By commenting, you agree to our terms of service
and to abide by our commenting policy.
  • http://pulse.yahoo.com/_QMPOO3PZFN7XV2XZKCGSXXR3WM Joe Somebody

    Um, there is no reason to encrypt ALL traffic to and from a website. You only need to secure sensitive information. I’m pretty sure (99.99%) Amazon, for example, switches to SSL (secure socket layer protocols) once you head into an area that asks for credit card information and the like. As long as the “login page” starts the SSL path, you aren’t going to have much to worry about.

    And there is a hardware overhead for SSL.. passing tons of pictures through SSL takes a lot more CPU than just using plain HTTP. There’s no point in using those extra hardware resources for people that are simply browsing the site.

    You’d do better to insist that all WiFi have secure connections.. that prevents people from snooping on the entire network connection and you can use [dedicated] hardware encryption on the packet level. It’s the unsecured network connection at the WiFi location that’s more of a problem, not unencrypted pages from Amazon in browsing mode.

    I’m guessing a significant portion of the problem is also unsecured devices, not the actual network connection or website traffic. Most people’s understanding of their computer is the equivalent of leaving all the doors open on a running car while you go shopping in the mall. Of course anyone that knows how to drive (download software off the internet) can hop in and drive away.. that’s why you’re supposed to turn off the car and lock the doors when you leave it. If everyone knew how to secure their computers (firewalls, port blocking, turning off file/resource sharing, etc. etc.) we’d have a lot fewer problems to begin with.

    Monkeys with guns.. that’s your average “consumer”.

  • Anonymous

    I’m really baffled as to what Schumer’s motivation is in taking on this issue. As you point out, companies like Amazon have both the motivation and the expertise to deal with the issue themselves. I can’t see what this can be other than fear mongering.

  • http://pulse.yahoo.com/_UJ4XRIA3A3E6MYGK755EGWLN4Q Dani A

    well, at the very least this may put the public’s mind on internet security. A few idiots might learn something? maybe? I’m not going to hold my breath though.

    and I’m sure some one did the fact checking for him, to make sure the sites he had alerted, actually failed to use HTTPS. Amazon doesnt for most of it, and that can cause problems.
    Personally I think just about everything should be encrypted, no one needs to see what I’m browsing.

  • Robert Shaftoe

    The reason he’s uncomfortale with public wifi is it is one of the last ways for people to communicate widely, ANONYMOUSly.

    Watch them (fruitlessly) try to finally rid us of that ‘pesky anonymity’ some of us can still manage on the Internet.

  • http://pulse.yahoo.com/_UJ4XRIA3A3E6MYGK755EGWLN4Q Dani A

    You aint none too bright, are ya boy.
    for starters HTTPS creates a fare more anonymous conversation.
    second, hes not trying to take out wifi in the least, hes trying to make it more secure so americans arnt at risk. Admitedly hes not going about it right. Should be making it law to require public wireless access points to use WEP2 or such after initial handshake.