Every wireless-network user should know the perils of signing into a Web service over an unencrypted connection. Elinor Mills explains the perils of using open Wi-Fi networks in her InSecurity Complex blog.
The safest approach is to enter user IDs and passwords only when the page's address begins with "https://" and it has a lock icon at the top or bottom of the browser window. Otherwise a network snoop could monitor your actions without your knowledge. Note that the lock icon may have an exclamation mark even though the page address begins with "https:". This indicates that some of the current page's content could not be authenticated.
Facebook, Twitter, WordPress, and other popular Web services still don't encrypt their sign-in pages. The recent release of the Firesheep add-on for Firefox makes capturing user sign-in data easier than ever. Firesheep's author Eric Butler claims he was motivated to release the malware by the failure of Web services to safeguard user sign-in data. Evelyn Rusli looks deeper into the matter on TechCrunch.
Blacksheep turns Firesheep against itself
Last August, I described Zscaler's Search Engine Security (SES) Firefox add-on designed to protect against malware-bearing search results. The company has responded to the security threat posed by Firesheep by creating a Firefox add-on that uses much of Firesheep's own code to alert users to the presence of the malware when they sign into an unencrypted network.
I haven't tested Blacksheep, but the add-on has been criticized for defending against only Firesheep and not other so-called sidejacking attempts. HTTPS Everywhere, which EFF developed in conjunction with the Tor Project, attempts to encrypt all communication with the site, although some content delivered by the site will likely remain unencrypted.
Secure unencrypted network connections with VPN
The best way to avoid having your private data siphoned from an unencrypted wireless network is not to use such networks. Your second-best bet is to use a virtual private network (VPN) connection, which you can establish by using a product such as LogMeIn Hamachi. The program is free for noncommercial use and $33 a month or $199 a year for a business license.
VPNs will likely slow your connection, but a little longer wait for page loads is a small price to pay for the added security VPNs provide. For more information on creating and using a VPN, see Jolie O'Dell's instructions on Mashable. Other popular encryption products include the free, open-source TrueCrypt and the free but not open-source UltraVPN.