Eric Butler, a Seattle developer, released last week a small application that lets anyone to sit in any unsecured wireless hotspot (most free hotspots are left unsecured, for simplicity), and steal the account credentials of anyone using facebook or twitter or... most web applications. All extremely easily, in just a couple of clicks.
It's really just a matter of sitting down at the table, opening the laptop, waiting for someone nearby to start tapping into their smartphone et... voila! Account is wide open.
Without going too much in details on how this is done - it's actually very simple - what is important is to understand that this vulnerability affects any web application accessed via open wi-fi - be it from smartphone or laptop or tablet.
The only real protection from this? From Eric himself: the application must use SSL encryption for the entire duration of the session - not just during login.
How do you know if the application you use is protected?
Just check for the padlock icon in the address bar (or at the bottom) of your browser. If it is present, and it is not marked "open" or "red" or "broken", then you are safe. If not... run to the hills (or to Bookeo)!
Here's what the padlock looks like in Internet Explorer
Facebook and Twitter are currently not protected.
Not surprisingly, banks always use full encryption for internet banking, so they're not affected by this problem.
What about Bookeo? We are paranoid about data security, and for this reason we chose since day one to use SSL encryption everywhere in the application. Manager interface, customers booking page - anywhere.
So, sit down and enjoy your coffee while using Bookeo, because you are protected from these risks. And then you can actually smile while reading these news.