By SUSAN STELLIN
August 22, 2006
Any business traveler who has logged on to a wireless network at the
airport, printed a document at a hotel business center or checked e-mail
messages at a public terminal has probably wondered, at least
fleetingly, "Is this safe?"
Although obsessing about computer security is a bit like worrying about
a toddler potential hazards lurk everywhere and you can drive yourself
crazy trying to avoid them the fact is, business travelers take certain
risks with the things they do on most trips.
"If you go into the average hotel and sit down in the business center
and have a look at their computer, I'm sure you'll find some interesting
things that people shouldnt have left behind," said Paul Stamp, a
security analyst with Forrester Research.
"The first step companies need to do is to educate people about how
valuable the data is and also how small the circles are in which they
travel," he said, noting how loudly many people discuss business on
cellphones, without a thought for who may be nearby.
Or what may be in the air. Robert Vamosi, a senior editor with the
online technology publisher CNET, said wireless networks at airports -
or for that matter, hotels or cafes - are not as secure as most people
"Someone may have some software on their computer that allows them to
look at all the wireless transactions going on around them and capture
packets that are floating between the laptop and the wireless access
point," he said.
These software programs are called packet sniffers and many can be
downloaded free online. They are typically set up to capture passwords,
credit card numbers and bank account information - which is why Mr.
Vamosi says shopping on the Web is not a great way to kill time during a
"Where I'd draw the line is putting in your bank account information or
credit card number," he said, adding that checking e-mail messages
probably is not that risky, but if you want to be cautious, change your
password once you are on a secure connection again.
That said, if you gain access to your corporate network through a
V.P.N., or virtual private network, you are safer using public hot
spots, because your data is encrypted as it travels between Gate 17 and
your offices server, where it is decoded before going to its
In other words, your communications are automatically encoded by
software on your computer so the data looks like gibberish to anyone
trying to intercept it. If your company does not offer a V.P.N. for
employees working away from the office, there are services you can
subscribe to for about $10 a month that do the same thing.
Michael Sellitto, a graduate student studying international security at
Harvard, said that even though he encrypted any sensitive data on his
laptop, he planned to sign up for a service like HotSpotVPN to add
another level of security when he is traveling, especially when using
poorly protected networks at cafes and hotels.
"The problem is, the really good people have written sniffer programs so
that the less-sophisticated people have access to the same technology,"
Mr. Sellitto said. "Say a Microsoft Word document gets transmitted. The
sniffer program will collect that and someone could open it up on their
While it is hard to say how likely it is that someone is lurking on a
public network, many public networks do not have adequate security.
Last fall, InfoWorld magazine published an article about a security
researcher who managed to collect more than 100 passwords, per stay, at
hotels with lax security (about half the hotels she tested).
Gathering reliable statistics about security breaches is notoriously
difficult, since companies are reluctant to reveal this information.
Still, the most recent computer crime and security survey, conducted
annually by the Computer Security Institute with the Federal Bureau of
Investigation, found that the average loss from computer security
incidents in 2005 was $167,713 per respondent (based on 313 companies
and organizations that answered the question).
As Jim Louderback, editor of PC Magazine, noted, the statistics may not
matter given the problems one data breach can cause.
"Even if its 1 or 2 percent," he said. "You dont want to run that risk."
Using a public computer can also mean courting trouble, because data
viewed while surfing the Web, printing a document or opening an e-mail
attachment is generally stored on the computer - meaning it could be
accessible to the next person who sits down. (To remove traces of your
work, delete any documents you have viewed, clear the browser cache and
the history file and empty the trash before you walk away.)
"You also run the risk that somebody has loaded a program on there that
can capture your log-ins and passwords," Mr. Louderback said, recalling
an incident a few years ago when a Queens resident was caught installing
this type of "key logger" software on computers at several Kinkos
locations in New York.
One way to foil these programs, which record what you type and can send
the transcript to a hacker, is to use a password manager like RoboForm.
This $30 software encrypts all your user names and passwords for various
Web sites, then enters the data at the click of a mouse when you are
prompted to log in.
There is a mobile version that can be stored on a flash drive that plugs
into a U.S.B. port - making your passwords secure and portable.
There are also simple measures you can take to protect your hardware,
like using a cable lock to secure your laptop in a hotel room or even a
cafe (in case you leave the table for any reason), and making sure you
lock your computer bag in the trunk rather than leaving it on the back
For travelers who do carry around sensitive data, it is worth looking
into programs like Absolute Softwares LoJack for Laptops, which can help
recover a missing computer. The software reports its location when
connected to the Internet and some versions can even be programmed to
destroy data if a computer is reported lost or stolen.
But perhaps the most common snoop that business travelers encounter is
someone nearby "shoulder surfing" to see what is on a laptop, out of
curiosity or mere boredom.
To foil prying eyes, 3M sells a Notebook Privacy Filter, a plastic film
that makes it impossible to view a laptop screen from an angle.
Trevor Stromquist, a sales analyst for a manufacturing company in
Minneapolis, has been using one for the last two years to dissuade nosy
neighbors on the road, but he has noticed an added benefit back at the
"To be honest, its kind of a nice thing when youre sitting in one of
those long drawn-out meetings," he said. "You can do what you need to do
and no one will notice."
Copyright 2006 The New York Times Company
HITBSecConf2006 - Malaysia
The largest network security event in Asia
32 internationally renowned speakers
7 tracks of hands-on technical training sessions.
Register now: http://conference.hitb.org/hitbsecconf2006kl/