Daily Archives: July 18, 2012

If You Can, Steer Clear Of Free Wi-Fi Hotspots

imageWi-Fi hotspots and I don’t get along. It’s not that I’m not appreciative of the free service – I am.  But, I’m far from convinced that free Wi-Fi hotspots are appropriate for most Internet users. Hotspots are a hacker’s dream come true.

Free hotspots, in many instances, are unsecured – a semi-skilled hacker, using a selection of readily available tools (often available as a free download on the Internet), can easily penetrate such a network.

Here’s the first example of what I mean:

Earlier this year, while visiting my local Library, I logged on to it’s hotspot only to have my Browser warn me of a possible fraudulent certificate – symptomatic of a “man-in-the-middle” attack. Typically, a man-in-the-middle attack is designed to eavesdrop on the traffic between a user and a website.

Since most users are unaware of the importance of certificates, it’s fair to assume that a typical user, on seeing this warning, would simply click “ignore”. In this case, that had to be so – when I approached the Library’s chief Tech, shockingly, he had no idea what I was talking about. Certificate? Huh? Which led me to believe, that no other user had brought this issue to the Tech department’s attention.

In other words, possibly thousands of users were unaware of the very real risk to their privacy and confidential data, as they happily surfed the Internet from this location.

Given, that one purpose of a certificate is to confirm that the web site being visited is indeed what the user thinks it is – effectively, whether the site can be trusted or not – I continue to be surprised at the typical user’s scant knowledge in this area.

Here’s a challenge for you – query your self described “tech savvy” friends on the current certificates installed in their Browser. Wait for the surprises – or, maybe not.

Pictured below, as an example, are the Certificate installed in my current version of Firefox.

Authorities – These are the Root Certificates that Firefox trusts.

image

Servers – These are the certificates that have been installed manually from a website.

image

The second example:

At an Art class I joined earlier this year, I happened to notice a questionable type of person sitting (on the ground) outside the building (freezing his butt off, since it was Winter), surfing on his Laptop. I knew there were no open Wi-Fi networks within range, so it was apparent that this fellow was surfing through the Art Institute’s password protected Wi-Fi.

On speaking with Institute staff, it became clear that this was a common occurrence with this fellow. The long and the short of it is (it would take an entire article to tell this tale), a series of Wi-Fi hacking tools were being used to “play” with the owner’s site. Since few of the students used the Wi-Fi hotspot, no damage had been done. But, it easily could have.

If you do use Wi-Fi Hotspots, here are some recommendations for safer surfing:

Assume your Wi-Fi connection is open to penetration.

Be certain that your security applications are up to date.

Don’t enter sensitive financial data. Online banking while connect to a hotspot is, to put it mildly – crazy.

To be sure that you don’t leave a trail of “breadcrumbs” – history, cookies, passwords – set your Browser to private browsing mode.

Log out of each logged-in site you visit – particularly, web based email sites; Facebook, Twitter, and the like.

Pay particular attention to one of the craziest default setups ever – “Remember my password”. It’s imperative that you uncheck this.

If you’re comfortable with anonymous surfing then, consider installing a VPN application. One such application worth considering is Hotspot Shield – reviewed here, a number of times.

Finally, you should consider avoiding Wi-Fi Hotspots entirely. An alternative is creating a “personal hotspot” if your smartphone is capable. Check your phone manufacturers web site for information on how to do this.

Advertisements

8 Comments

Filed under Don't Get Hacked, Interconnectivity, Safe Surfing, Smart Phone, Wi-Fi

Tech Thoughts Daily Net News – July 18, 2012

Five must-have open source productivity tools – Takeaway: You don’t have to turn to proprietary software to get your work done. Here are five feature-rich open source alternatives.

Google Nexus 7 Tablets Selling on eBay With Premiums Added to Their Prices – The Google tablets on eBay sell for more than they do in the GooglePlay store, but they may arrive faster. A recent search of the auction site revealed new 8GB Nexus 7 tablets for sale with prices starting at around $255. For the 16GB models, the prices start at $329.99.

Google goes private in new Firefox – The release of Firefox 14 will make sure no one can spy on your Google searches. Meanwhile, the location bar just got a tad easier to use.

Gain greater control of your firewall in Windows 7 and Vista – Microsoft Security Essentials for Windows 7 and Vista is a great, free security package that is almost perfectly transparent. If you want to use it with an added layer of control, TinyWall is a terrific add-on.

Tech Thoughts Daily Tech News 2

10 Online Reputation Management Tips for Job Seekers – Don’t let questionable Facebook photos or Tweets, a bare-bones LinkedIn profile or negative posts beyond your control derail an otherwise smooth job interview process. Use these 10 tips to improve your personal Google search results and help land the job you want.

Reset Windows passwords with the help of Linux – One cost-effective and reliable way to reset a Windows password is to keep a copy of Linux with you and use the chntpw application.

Why the Linux desktop doesn’t shine in business: A perspective – Jack Wallen has drawn a fairly simple conclusion as to why Linux isn’t making any headway on the business desktop front. Read on and sound off whether you agree or disagree.

Extra protection for Windows PCs with EMET – It’s becoming increasingly common to hear about vulnerabilities that are being actively exploited without a patch available for the affected product. At the same time, there are organizations that for a myriad of reasons (compatibility, budget, support or numerous other issues) have to rely on software that cannot be upgraded/patched, does not follow secure coding practices, or does not apply security features. To protect Windows PCs in these scenarios, Microsoft developed the free Enhanced Mitigation Experience Toolkit (EMET).

How to Build a PC for Photographers – The ideal PC for digital photography minimizes workflow hassles while maximizing performance and capacity. Here’s what to look for.

Create Beautiful Star-Trail Photos With Almost Any Camera – You have a lot of ways to capture the beauty of the night sky with a camera, but shooting star trails is among the easiest, mainly because you can do it with almost any camera. There’s something magical about these kinds of photos, because they reveal the mathematical precision of the cosmos generally hidden from the naked eye–it’s easy to see that the earth spins under a blanket of stationary stars.

How to boot into safe mode in Windows 8 – Whenever you get a blue screen of death on your PC, the first port of call is always the trusty safe mode. Unfortunately, when I had to use it shortly after installing the latest Windows 8 Release Preview, I had no idea how to actually get to it as the old F8 shortcut has changed. The good news is that you can still access safe mode through a shortcut, but it’s now Shift+F8. The alternative solution is to create a second safe mode instance of your machine that you can boot from, although it’s a little more involved. Here’s how to do it.

Current Version of the Google Update plugin: How to remove – The Google Update plugin is one of those mysterious plugins that you may find listed in the plugins listing of the Firefox web browser without really knowing what it does or how it got there. This article tries to shed some light on how it gets installed, what it is used for, how you can update it to the current version, and how you can get rid of it again either by disabling or uninstalling completely. (recommended by Michael F.)

Security:

Malware spread as Facebook photo tag notification – Be wary of emails claiming to be from Facebook, and saying that you have been tagged in a photograph. Malicious hackers are once again using the Blackhole exploit kit to infect the computers of unsuspecting internet users.

Skype Admits Bug Sends Messages to Wrong Contacts – Skype says it isn’t sure how many users are affected, but it estimates that the number is small. The company is working on a fix.

How PDFs can infect your computer via Adobe Reader vulnerabilities [VIDEO] – Adobe PDF vulnerability exploitation caught on camera. Sophos security expert Chet WIsniewski demonstrates how malicious PDFs can infect your computer.

Android’s Jelly Bean aims to be hard to hack – Google’s latest Android mobile OS comes with features to divert hackers from installing malware that leads to information leakage, buffer overflows, and memory vulnerabilities.

Google will block Chrome add-ons from third-party sites – Google has instituted a new rule that should keep Chrome users safe from malicious add-ons: starting with version 21.0.1180.41 (currently in beta), the browser will block all third-party extensions, apps, and user scripts that are not hosted on the Chrome Web Store. The move is aimed at preventing the all-too-popular attacks mounted through booby-trapped websites that automatically trigger the installation of malicious extensions. These extensions often keep tabs on what pages the user is visiting.

Dropbox users get spammed via personal e-mail accounts – Some European users of the online file storage service are receiving junk e-mail from online casinos — this may be due to a Dropbox address leak or some type of malware.

IPv6 and click fraud – The good news: To accommodate the ever-increasing demand for IP Addresses around the world, every network will eventually transition to IPv6 from IPv4. The bad news: Spammers are already spoofing IPv6 addresses because it is easy for them to bypass mail spam filters and launch phishing attacks on a new protocol.

Cyber espionage campaign in the Middle East – Kaspersky Lab researchers announced the results of a joint-investigation with Seculert regarding Madi, an active cyber-espionage campaign targeting victims in the Middle East. Madi is a computer network infiltration campaign that involves a malicious Trojan which is delivered via social engineering schemes to carefully selected targets.

Company News:

Motorola Says Smartphones Will Be Available in US Despite Ban – Motorola Mobility said Tuesday that it has taken “proactive measures” to ensure that its smartphones remain available to consumers in the U.S., despite a U.S. International Trade Commission ban on its phones that comes into effect on Wednesday.

Facebook stock drops on news of decline in user base – The social network’s stock goes down 3.9 percent after investment firm Capstone reported a decline in users over the last six months.

Yahoo Reports Lackluster Sales as Mayer Takes Reins – Marissa Mayer has her work cut out for her at Yahoo. The fading Internet star reported its second-quarter financial results Tuesday, in which revenue and profit both dipped slightly from a year earlier.

Google discontinues old version of Google Analytics – Web giant supported old version of the statistic service after releasing a version that focused on real-time results. That support will end tomorrow.

Lots of Windows 8 touch-screen ultrabooks coming, says Intel – The era of the touch-screen laptop is upon us, according to Intel’s CEO. The Metro-based Windows 8 interface is driving this mini explosion of touch-enabled products.

PayPal buys Card.io, maker of mobile credit card scanning tech – Acquisition of San Francisco-based startup is an apparent move to bolster its mobile-payment position against upstart Square.

Webopedia Daily:

Nvidia Kepler – A graphical processing unit that holds the distinction of being the first GPU designed for the cloud. Graphics cards powered by Nvidia Kepler processors are tuned to efficiently serve virtualized desktops, providing auto-scaling to the necessary performance level. Nvidia Kepler processors are the latest in an enterprise move towards virtualization, joining servers, network components and more.

Off Topic (Sort of):

Lifehacker: Is Everything I Do Actually Killing Me? – It seems that nowadays there’s a study saying that everything I do is slowly killing me. I can’t sit down, I can’t eat the foods I like, and I’ll have an early heart attack if I live in a big city. If so many things are bad for me, how can I change my life without giving up so much that I lose my mind?

Tech skills: The problem’s not the staff, it’s the bozos in charge – Evidence is mounting that technologically illiterate managers are causing more damage to corporate productivity than a shortage of IT skills among staff.

Musical glove could improve mobility after spinal cord injury – The wireless device is helping tetraplegic study participants learn songs on a keyboard while improving sensation in their hands.

Nexus 7: Finally, validation for the smaller tablet – The Nexus 7 by Google is not the first small tablet, but so many are seeing it for the first time that you’d think there had never been such a beast. For those of us who have been enjoying small tablets for a while, the Nexus 7 may finally validate the smaller form factor.

Techies: Overfed, overworked and overtired – Techies are eating too much, working into the night and not getting enough sleep, according to a recent survey. Is a job in IT incompatible with a healthly lifestyle?

Moore’s Law: the end is near-ish! – Every year manufacturers put out a new line of more powerful products – twice as powerful, in fact, every 18 months. And, if we can believe Michio Kaku, in his book the Physics of the Future, this is about to come to an end.

Today’s Quote:

“I once said cynically of a politician, ‘He’ll doublecross that bridge when he comes to it.’ ”

–    Oscar Levant

Today’s Free Downloads:

Foobar2000 1.1.14 – Foobar2000 is an advanced audio player for the Windows platform. Some of the basic features include ReplayGain support, low memory footprint and native support for several popular audio formats.

Advanced SystemCare 6 Beta – Advanced SystemCare Free is a comprehensive PC care utility that takes an one-click approach to help protect, repair and optimize your computer. Advanced SystemCare is a very useful system tweak application. This is the last beta before final release.

1 Comment

Filed under cybercrime, Internet Security Alerts, Tech Net News