Wide-open Wi-Fi worrisome, U of S students say

Students at the University of Saskatchewan are being warned about the potential hazards of free wireless internet.

Like many universities across Canada, the university lets people log onto the net for no charge. But two student journalists say people should be aware of the risks of Wi-Fi — "session hijacking" in particular.

To make the point, Ishmael Daro and Kevin Menz recently hacked into the computers of their fellow students by downloading a free, easily obtained plugin to their web browser. They set up at the university's library and what they found might give some websurfers pause.

"As soon as we turned my computer on, with this software running on it, we started to see people logging into their email accounts," Daro said.

"You could … double-click on their name, get back into their email, get back into their Facebook."

The two recently wrote in the campus newspaper, the Sheaf, that Hotmail and other Windows Live services seemed to crack open easily. Other sites they could get into included Amazon.com, Tumblr and Flickr.

Gmail accounts, on the other hand, were safe.

According to Glenn Hollinger, a spokesman for the university's information technology services, there are two main ways to log into the university's Wi-Fi network — one secure and one unsecured.

"We prefer people use the secure version, for obvious reasons," he said.

The catch, according to Daro and Menz, is that some students may not know that choosing the unsecured access opens the door for electronic eavesdroppers.

It's also may be tougher for people with older computers to log on to the secure network, they said.

The university says it plans to eventually phase out the unsecure network.