Sign up to our newsletter
The latest security news direct to your inbox
So, this is the first blog entry I have ever written and posted from an airplane. Until the end of July, Alaska airlines has free wi-fi on some of their flights. Not all of the planes are wi-fi enabled.
The provider is called GoGo. One of the first things I noticed is that even though the announcement said “free”, it appears to be charging $12.99 to connect. The next thing I notice is that when you are required to choose a password, special characters are not allowed. Ahhhh, but now comes the sleazy part. Once you choose a username and uncheck the pre-checked box granting permission to spam you, if your selected username is already taken then you have to choose a new one, re-enter your password and UNCHECK the spam box again. Hmmm, really? Someone already choose rabrams as their username on GoGo? Maybe… it could happen. It also could happen that when you opt out the programming logic is to say the username is taken to give GoGo another chance to spam you. Call m a cynic, but when I saw the (min 6, no special characters) for the password rules I was getting more skeptical than I already was then the flight announcement said “free” and the web page said “pay”.
Do you notice near the bottom of the picture where is says “see sample” on the opt out text? I checked it out. It is a sample coupon that says to enter “flywifitest” through August 2009 for free access… hmmm…
Back to the username… RandyAbrams was also taken, but ESETNOD32 was not! Now for the passcode… flywifitest didn’t work, but under the billing information was a link to chat live with GoGo. The support representative quickly provided me the code I needed, rather than, a GoGo dance around :) The next screen was truly amusing.
Why is “Activate Service” so BIG and “Visually impaired?” so small? I guess they assume if you have any visual impairment you are using screen reading software.
So, the real point is not a review of GoGo’s in-flight internet service. The password requirements are probably not a big deal, although I did not pay attention to whether or not the credentials were encrypted. I didn't care. I didn't use a password I use anywhere else and I have nothing to lose. If GoGo doesn't care enough to mandate a longer password and allow special characters, it really isn't important to them either. Although a minimum of 6 characters is a low number, stating what the maximum is would help. The real point is that you have to watch out for how companies try to spam you or even steal from you. For example, according to one customer, Priceline was pre-checking the travel insurance box. Perhaps the customer had a mouse problem and inadvertently check the box, perhaps at that time Priceline did precheck it, or maybe there is a bug in their software that sometimes pre-checks it. In a recent taxi ride where I was paying with a credit card, the driver was telling me what buttons to presson the credit card processing machine in the back seat. One of his instructions was to press the button that added a 20% tip. He simply said press F1, hit enter, press F2, hit enter… he didn’t say was F2 was for, but the screen did.
Always read the screen carefully, yes, even at 34,000 feet!
And yes, I am praying that in-flight internet will not be an approved expense!!!
Director of Technical Education
Author ESET Research, ESET