Your “account” at StreamingRadioGuide has very little worth “stealing” (mainly just your list of favorites if you use them and your preferences and your poll answers), but I feel a need to alert you that there is a “tool” out there now being used by “script kiddies” to “hijack” people’s accounts if they use open wifi hotspots like at Starbucks.
The reason that tool works is one of those unpleasant technical problems that people don’t discuss and hope will just go away. If you have your own WiFi router, you (or the technician) went through a process where each device was given the public encryption key to access the router. This enables the conversation between the device you are using (your laptop, iPad, etc…) to not be readable by other people in range of the hotspot. There are varying levels of strength of that encryption – WEP is the oldest and weakest – tools exist to break the encryption key in seconds. WPA and WPA2 are stronger, but every device using the hotspot has to have the same capability – if the hotspot uses WPA2 and your device is older and doesn’t suport the newer methods, you wouldn’t be able to access the hotspot.
Even if the hotspot had encryption turned on, that would require every person to be given the key to configure access by hand. That’s okay when it is your public library, but not so good for Starbucks or McDonald’s. Every outlet in the entire country would have to share the same encryption key, or you would be forced to get a new key at each different store and enter the key. If you’ve tried to enter an encryption key by hand, you know it can take a very long time to get it correct, since it is a long string of random characters.
So most public WiFi hotspots use no encryption at all. You still may have to pass through an authentication scheme that limits access to people who have paid a subscription fee, but what you are doing “over the air” after you are authenticated is completely visible to anyone in range of the hotspot (generally a couple hundred feet, but with special “tools” they can be heard for much further).
If you are using encryption (like using an https:// web server or a VPN to access work), a bad guy can’t see what you’re doing, but a poorly designed web site may still be tricked into allowing someone else to “hijack” your session. You and the bad guy are sharing the same IP address.
So the bottom line is – until someone comes up with a better answer, you should assume that someone sitting in the parking lot across the street has the ability to watch everything you are doing and capture it for later use. Open WiFi is fine to search Wikipedia, not so fine for doing financial transactions.
