My firm sent this out to us all today.
Security Awareness Alert:
Privacy when using public Wi-Fi
December 1st, 2010
We would like to remind all personnel that when using public Wi-Fi hotspots, like those found at Starbucks, you should avoid sending or receiving sensitive information unless you are using either Citrix or VPN for connectivity. Otherwise, you should assume that anyone connected to the hotspot can access the information you see or send.
A recent, freely available tool named Firesheep is making it easy for attackers to intercept your sessions with popular social networking sites. By simply browsing to a site that is susceptible, like Facebook.com, you open yourself to the possibility of having someone gain full access to your account with the click of a button.
This vulnerability has gained publicity in the past few weeks due to the simplicity behind the attack. In a blog posting by The Wall Street Journal, they note “the novelty of the program is how easy it makes for most anyone to take advantage of them (the vulnerabilities).”
What You Need To Know
• Affected sites include, but are not limited to, Amazon, Twitter, Facebook, Yahoo, and NY Times.
• Sites that use HTTPS for the entire session are not affected (e.g., Gmail).
• Wi-Fi hotspots that use encryption are not affected.
here is a link to the blog post: