WizGidget

May 18, 2011

Wireless Security Revisited

Filed under: Belton Journal, Danger! Danger!, Tips & Tricks, Warnings — pmckinley @ 8:00 AM

Recently I worked with a local client who had a relatively new wireless router that had a “guest” network feature. It’s a bit like having two wireless routers in one, because it could offer two independent SSID’s (Service Set ID, the “name” of a particular wireless network). Why would you want to do this? Imagine having two rooms, an “inside” room with all your valuables in it, and an “outside” room that only has the bare minimums. You would probably only let trusted individuals like family and maybe close friends into the room with the valuables. Someone you don’t know well would be ushered into the “guest” room with only the bare essentials. That’s how the guest network works: it allows internet access, but keeps the guest separate from your important stuff.

It would be possible with this particular router to set the “inside” wireless network to use the normal WPA (Wireless Protected Access) security measures, while setting the “guest” network to be unsecured. This would certainly make it easy for guests in your home or business to access the internet — they could just connect without bothering to put in the WPA password.

Even though they’re kept separate from your “inside” network, it’s still not a good idea to run the “guest” network without security being set. The challenge, as I’ve written about in the past, is that you can have neighbors or drive-by hackers using your network to do nasty things on the internet using your resources, and looking to the authorities as if you’re the one doing it. There was an article recently (http://wifinetnews.com/archives/2011/04/false_kid_porno_raid_gets_media_play.html – click the link in the first paragraph which is a link to the original AP article) describing an arrest made by ICE (Immigration and Customs Enforcement) where the person they arrested was guilty only of leaving their wireless network unsecured. It isn’t a crime to leave your wireless unsecured, but it sure leaves you open to abuse by ICE, FBI, or other don’t-let-civil-rights-get-in-the-way-of-crime-fighting organizations. The person in question had gotten frustrated with setting the security on his new wireless router, and almost instantly became victim to his 20-something neighbor’s taste for child pornography.

My point of view isn’t so much that I want to avoid false arrest; I just don’t want to enable spammers, pornographers and other morally disabled people by giving them free access to the internet.

There was a time when wireless routers were unsecured out-of-the-box. It seems that the manufacturers have wised up to this being a problem, and many are now shipping wireless routers with security enabled, and in many cases with tools to make it easy to add new computers and other wireless devices.

Interestingly, when I was working with the aforementioned client with the “guest” network router, I had the toughest time understanding why his laptop couldn’t “see” his other computer on the network. I finally realized that he’d set his laptop to connect to the “guest” network instead of the “inside” network, effectively blocking network traffic between the two.

January 26, 2011

Surf Safe at Public Hotspots and at Home

Filed under: Belton Journal, Danger! Danger!, Warnings — pmckinley @ 8:00 AM

You may remember me harping on wireless (WiFi) security in the past.  A surprising number of people have wireless routers set up in their home without having the WPA security set.  I have an app that runs on my smartphone that allows me to drive down the street and find “open” wireless routers that I can connect to freely without having to know a password, and most streets have several.  Since most people are also running PC’s running some version of Windows, and Windows has all the security of a butterfly net without the net, this seems pretty risky.  Granted that we live in an area that doesn’t have that many techno-geeks running around, but all it takes is one.  It doesn’t have to be someone who is acting maliciously, it could just be your neighbor “borrowing” some of your network bandwidth.  Not only are your files at risk, and your computer is at risk of damage due to viruses and other exploits that may be introduced through unfettered access to your home network, but access to your online banking accounts, email, facebook, and anything else that would be better if only you had access.

Recently there was a lot of hoopla on the internet about a new Firefox plugin called “Firesheep”.  I’m not sure why the author chose to call it “sheep,” maybe it’s because it’s like a wolf in sheep’s clothing.  In technical terms the plugin allows the user to intercept session “cookies,” which then allows the user to take over an unsuspecting victim’s web session.  A “cookie” in this context is a packet of information that is used to maintain a session with a website such as Facebook.  When you log into Facebook, the server passes your web browser a “cookie”, which your browser then uses to maintain your login session with the server.

So, let’s say you’re teenager is spending their usual 8 hours a day on Facebook.  Somewhere within 1/4 mile is another teenager who is experimenting with what he can do with his computer and manages to get a connection on your wireless network.  They then run this cool new Firesheep tool (or a long list of other freely available hacking tools) to capture the Facebook session, which they later use to start posting things they shouldn’t using YOUR teenager’s facebook account.  You’d be hard pressed to figure out how it happened, and having unauthorized stuff posted to your teen’s facebook could have very serious consequences.

Public hotspots are another place where this could happen.  Many businesses now offer free WiFi hotspots, including Starbucks, McDonalds, and even many local mom-and-pop businesses around town.  Some of them require a password, but even that doesn’t guarantee security if the security method is the older WEP protocol.  If you’re using a public PC or even your own laptop from one of these places, you’re at risk.

Now that I’ve scared the bejabbers out of you, next week we’ll talk about how to keep yourself safe at public WiFi hotspots and at home.

July 21, 2010

Gone Phishing

Filed under: Belton Journal, Danger! Danger!, Tips & Tricks, Warnings — pmckinley @ 12:00 AM

Phishing (pronounced “fishing”) is one of the more insidious cybercrimes going on today.  Phishing is the process of fraudulently acquiring sensitive information such as account passwords, credit card information and the like by masquerading as your bank or other trusted organization, usually by email but also by instant message, phone or other means. Phishing attempts are usually “socially engineered” to get you to do what they’re wanting.  They try to create fear in the victim, which leads them to take hasty action without closely examining the email.  Phishing goes hand-in-hand with spam, because most of the phishing attempts are done through email, and they have to get your address from somewhere.  The phishing attempts are often very well crafted, using graphics they’ve “borrowed” from legitimate websites or emails.  People who fall victim to phishing attempts are then subject to identity theft, having their bank accounts drained or fraudulent credit card charges, or even having their accounts like AOL or Facebook used to perpetrate other crimes.

Fortunately it’s fairly easy to spot phishing attempts, especially in emails.  The first clue is that often something looks fishy (pardon the pun) about the email.  Words may be misspelled or the grammar may be poor — the people who are crafting the messages are often natives of foreign countries like Poland, Romania, Russia or China.  Sometimes the name in the To: field may not be your name, or the To: field may be blank.  Another clue is that there’s something wrong with the link in the message — it doesn’t match the text or the domain name isn’t quite right.  Outlook users can check this by hovering the mouse pointer over the link in the message.  Outlook will pop up a window that shows the actual location for the link.  If the actual location doesn’t match, it’s a good bet that email is a phishing attempt.  For example, the email might show www.wizgidget.com/articles, but the actual link that the popup window will show is www.wizgidget.com.abxrt.com.pl/articles — see the difference in the domain? The “.pl” in the domain name means it’s from Poland although there’s nothing keeping them from using .com domains.  Sometimes the link will show text like “click here”, but the actual link in the popup will be an “IP” address like “http://173.201.16.100″.  Don’t be fooled by domain names that have the legitimate name imbedded, like www.paypal.com.gotcha.pl!

You may remember the discussion of using “throwaway” email addresses in both the “Can the Spam” and “Free Email” series.  This is another technique that is helpful in detecting phishing email.  If I get an email that looks like it’s coming from Paypal, but it’s to an address that I used for an online electronics vendor, I know it’s not legit.

You can find more information online about phishing.  Paypal has a lot of good information, go to www.paypal.com and look for the “Security Center” link at the top of the page.  Also see the Wikipedia.org page on phishing.  As always, this article is available online at wizgidget.com

March 10, 2010

Browser Pop-up Antivirus Scam

Filed under: Belton Journal, Danger! Danger! — pmckinley @ 1:34 PM

I’ve seen this several times — you go to a website, probably from a link that turns up from a google or whatever search, maybe even a popular site like The New York Times or Radio Times.  You get a pop-up dialog box that says your computer is infected with a virus and offers to scan it or prompts you to purchase virus software.  This is a scam, geared to get your credit card information!  This scam has several versions: Personal Antivirus, Virus Protector Analysis, Antivirus PC 2009, Desktop Security 2010, and others.

If you try to click the cancel button, nothing happens, and in fact I believe clicking the cancel button installs the malware just the same.  In one case, I was not able to kill the browser window through normal means.  According to malwarehelp.org, only 5% of antivirus packages detect this scam , although there are manual methods to detect and remove the virus.

My recommendation is this:

  1. DON’T click either the OK or the Cancel button — I suspect both buttons are crafted to install the malware so either way is bad.
  2. DON’T reboot your PC until you’ve verified that the virus has not installed.
  3. Unplug the computer from the network, at least until you’ve determined that the virus has not had a chance to install itself.
  4. Kill the browser through some other means besides clicking on the browser window.  For Windows users: open a taskmanager window and kill the browser from there.  To open a taskmanager, right-click in blank space in the taskbar (the taskbar is the bar, usually at the bottom of the screen, with the start menu and program icons), and pick taskmanager.  Then click the Processes tab, find your browser (firefox.exe, iexplore.exe or whatever), right click it, and click “end process”.
  5. At least for current Firefox users, on restart Firefox may give you the “This is embarrassing” dialog box — make sure you uncheck the site that produced the pop-up, or select “start a new session” otherwise as soon as you restart you’ll get the same issue again.
  6. If you happen to remember what site or link produced the pop-up, send us the link or how to navigate to it using the comment form at wizgidget.com and we’ll check it out.

February 8, 2010

Browser add-on security

Filed under: Danger! Danger!, News, Warnings — admin @ 4:27 PM

According to the Mozilla add-ons blog there were two Mozilla addons recently that contained trojans.  The Sothink Web Video Downloader version 4.0 and all version of Master Filer were affected.

The trojans are directed at Windows users.

The takeaway from this is that there is no substitute for having good antivirus-antispyware installed on all of your computers.  Having good, up-to-date antivirus software installed would probably have prevented either of the trojans from being installed.

The other thing is to be wary of anything you are going to install on your computer, including add-ons for browsers and such.

Powered by WordPress

Bad Behavior has blocked 34 access attempts in the last 7 days.