Seems like CyberSecurity Malaysia found it apt to post a security warning to free wi-fi users.
Here are some excerpts:
Cybersecurity Malaysia has advised mobile device users against using public Wi-fi to conduct their e-banking, online shopping or important company or personal transactions to avoid courting danger.
“Cyber criminals can easily sniff out important information such as credit card numbers, e-banking username and password via public Wi-fi,” said Cybersecurity CEO Lt-Col (R) Prof Datuk Husin Jazri.
According to Cybersecurity, Malaysia recorded RM2.75bil in losses due to cyber crimes between 2005 and 2010 with the financial sector being the worst hit.
“For consumers, one way to stay safe is to avoid insecure environment for important transactions. If you can’t find a secure environment, save important transmissions until you can connect to a secure environment,” he said.
Although the use of HTTPS websites does give you good protection in theory, it depends on how well the website implements HTTPS. For example, the problem stems from the fact that after you are logged in using HTTPS, many social networking, e-mail sites sthen go back to http://, which means your data is not encrypted anymore. This means that if you are reading your email, another person on the network can read it as well, but it does get worse. Once you log on to a website, it puts a cookie on your computer and that cookie is repeatedly sent back and forth with your data so the website knows you are logged on. The cookie is not encrypted and if someone else gets that cookie they can access your account as if it was you logged in. They can send email, tweets or messages to your contacts and friends. They can change your profile and the email address that confirmations or notifications are sent to.
Since if you’re reading this you’re probably already a BolehVPN subscriber, just turn on the VPN (preferably the Fully-Routed ones) while you’re at public wi-fi hotspots for added security when surfing (with the exception of Paypal which does not like you changing your location and may temporarily freeze your account for your protection until you manually verify with them).