How To Protect Yourself From Hacking
MICHELE NORRIS, host:
Having a strong password is essential, but there are still all sorts of ways your computer can get hacked. We talked last week about phone hacking with Christopher Soghoian, and he's back now to talk about computer security.
Soghoian is a graduate fellow at the Center for Applied Cybersecurity Research at Indiana University. And he's here with me in the studio. Glad you're back with us again.
Mr. CHRISTOPHER SOGHOIAN (Center for Applied Cybersecurity Research): Thanks for bringing me back.
NORRIS: Christopher, it seems like there is a hacking story in the news every day, and we're hoping that you can help people wade through this and figure out how to protect themselves.
Where are people most vulnerable? Is it through their Wi-Fi network service? Is it through the online purchases that they make? Is it through email?
Mr. SOGHOIAN: Many of the vulnerabilities that consumers face are due to the services that they're using. So for example, many of the services like Facebook, Twitter, Yahoo don't use strong encryption when you're logging in. And so what that means is that if you're logging in from your home connection and there's a password on your Wi-Fi network, you're fine.
But if you're at Starbucks, or you're at school or a library and there's an open Wi-Fi network, anyone sitting nearby you who's using the right software on their laptop can actually pick out your information as it goes over the air.
Now, they're not going to get your password, but they're going to get something similar that will let them log in to your Facebook account, to your Yahoo or Hotmail account as you look through your old messages, send new messages, this kind of thing.
NORRIS: So they're not necessarily in your email but they're grabbing the information as it's en route?
Mr. SOGHOIAN: They're not only getting the messages as they go by, but they're actually getting access to your account. So two hours after you've left the coffee shop, they can log in, still as you, peruse old messages and send new ones. It's a really big problem.
NORRIS: How do you protect yourself from that?
Mr. SOGHOIAN: You need to use services that have decided to put your security first. So for example, Google has opted to use this encryption by default. So if you're a Google user and you're logging into your gmail account, you can log in from wherever you want and you're safe. Unfortunately, Yahoo and Microsoft have not chosen security by default. Microsoft at least offers an option that you can seek out, but it's a little bit obscure.
Likewise, Facebook and Twitter have what's called an SSL option that you can enable in your settings. But you have to sort of be a little bit of a geek to even know that it exists in the first place.
NORRIS: And maybe I'm a little - I'm not a little bit of a geek 'cause when you said SSL, it went right by me. What's that mean?
Mr. SOGHOIAN: That's the term for the lock icon that you see in your browser. What it means is that everything that's transmitted between your browser and the remote website is encrypted. If you don't see the lock icon, it means that your information is being transmitted in the clear, and anyone with the right tool can just pick it out from the air.
NORRIS: If you're trying to protect yourself from spyware or malware, or if you have some sort of virus protection system, are they all created equally or are some much better than others?
Mr. SOGHOIAN: There are many different tools that you can use to protect yourself from spyware and malware. Many are made by the operating system vendors themselves, and so you're probably getting something for free. The important thing is that you should be updating on a regular basis. If the software tells you it's out of date, let it go and get the update. If you put it off for too long, you're going to be vulnerable and exposed to potentially malicious software on the Internet.
NORRIS: If someone is listening to this right now and fairly spooked by this conversation, and there are three things that they can do when they go home tonight, what would those three things be?
Mr. SOGHOIAN: Install all your security updates. Make sure your browser is up-to-date. Install some online backup software, and take a deep breath.
NORRIS: Thank you very much.
Mr. SOGHOIAN: Thank you very much.
NORRIS: Good to talk to you again, Chris. That's Christopher Soghoian. He's a graduate fellow at the Center for Applied Cybersecurity Research at Indiana University. He's based here in Washington, D.C.
NPR transcripts are created on a rush deadline by a contractor for NPR, and accuracy and availability may vary. This text may not be in its final form and may be updated or revised in the future. Please be aware that the authoritative record of NPR's programming is the audio.