Be Secure...LOG OUT!
You know why it is important to log into your account on your various secure destinations. First, you can’t access your info unless you do! But more importantly no one else can access the info unless he or she can get your user name and password. So your account is safe right?
Wrong, there are devious ways of getting your user name and password. One easy way is through packet sniffing. I am convinced that packet sniffing is a routine operation around hotels, restaurants, etc. I have had my servers broken into TWICE while I was on vacation. Both times it was after I logged into an FTP account. Malware was installed both times and it was alot of work to get things straightened out, not to mention the fact that all that time spent trying to fix the problem put a damper on my vacations.
Well, there is no better learned lessons than those acquired in the school of hard knocks. I put my servers on SSH. That was just the start. I reviewed all php code and forms on the site. I created software to monitor changes to vulnerable pages and severely limited access to website code. Any suspicious onsite changes are logged and I am notified by email. That was two or three years ago, and I have been unassaulted since. However, without taking further precautions, I could still have been vulnerable to attack. In fact we are always vulnerable to attack, even with seemingly secure accounts especially if we go about getting into accounts while using publicly provided internet. Because through packet sniffing (someone watching the flow of traffic on a particular hub) doesn’t always need a password and a user name. They can simply piggy-back their way into your account by mimmicking your authentication process and headers. As long as your account is open a hacker could theoretically operate inside your account. The way to preclude or at least foreshorten this possibility is to LOG OUT!
I presume you are already savy enough to know that you must log out of accounts and close the browser on public computers so the next user can’t access your account.
For the user taking advantage of a “hotspot”, the best policy, especially in a public place is to make sure to have a secure connection (look for the green bar on the Url at the top of the page), know what you want to do when you log into your account, get your business done, and don’t forget to log out.
