Security Pipeline’s Wayne Rash’s latest column, “Securing Your Starbucks Experience”, discusses the things you should look for when using a public wireless access point. Much of this is (or at least should be) common sense for users of public wireless connections, regardless of what the connection is being used for.

While the overall content is solid, he makes a comment at the end that I disagree with. He says:

You have a lot more exposure from people physically looking at your laptop screen than you do from a wireless sniffer, simply because the wireless sniffer requires more skill to run.

I don’t think this is true at all. NetStumbler, for example, could hardly be any easier to use. Ethereal is also trivial for anyone willing to put a moment or two of thinking into. Play around with them on your home network and you’ll quickly see what kind of things are available over the air. The odds of someone actually running one of these programs the same time you’re visiting you’re local Starbucks may be slim, but I wouldn’t take that chance.

Also, one topic Rash doesn’t cover is Instant Messaging. If you’re going to be discussing anything at all sensitive or transferring important documents, I highly recommend you use an IM client that supports encryption, such as Trillian, and require the folks on the other side to use it as well. Employers using IM for company business would do well to install their own encrypted servers, such as a Jabber server or a proprietary encryption appliance.

With wireless, my general policy is if you can encrypt it, do it. No sense taking chances with your data, especially if it’s critical to your business or your personal life.