Is your wireless a hackers’ playground?

I have found in life that many things we deal with are…mixed blessings. Such is the case with wireless technology. The very factors which make it so convenient (and thus popular) also make it less secure. A WAP is a radio station. It broadcasts its signal in all directions, for a limited distance; and it “listens” for signals as well. It (by default) sends out a constant “I’m here. I’m ready. I’m here. I’m ready…” When a passing device, a laptop or PDA say, gets within range it hears the WAP (Wireless Access Point) and can connect with it by sending a “I’m ready too. Let’s begin.” message.
So convenient. So easy. And no wires holding you to one spot. It’s a modern miracle!

It’s little wonder that nine out of ten networking devices sold in the US are “wireless”. They cost basically the same as wired, so why not get wireless too? My router is wireless (a WAP). Isn’t yours?

But I know about wardriving. Yes–”war+driving”. What’s that? It’s driving around with a laptop and a sensitive antenna (or a piece of coaxial cable stuck into the bottom of a Pringle’s can) and trying to “sniff” (detect) unprotected WAPs. It’s a game hackers play: who can detect the most unsecured WAPs in an hour? When they’re not doing it for kicks, they’re accessing a wardriven WAP and ‘creeping’. What’s that, you ask? “Creeping” is browsing around the data on the computers connected to the WAP. Most of the time they’re not interested in stealing your data (there’s no challenge there), they’re just snooping. They get some kind of kick out of it. (Sometimes they’ll leave behind a ‘calling card’ to let you know you’ve been ‘creeped’.) Most of the time these guys cause no harm…unless they see that you’re a total non-geek novice (no anti-virus, all your .docs are in one folder, you’ve never ‘defragged’, etc.) and they decide you’re “too stupid to own a computer” and they take it upon themselves to “punish” you by erasing your config.sys file (which will cause Windows to fail to load).
Sometimes they will simply “pile on” or “coast” a WAP and use it to surf the web for free–the main downside to the owner is reduced bandwidth (speed).

When a hacker runs across a WAP in his wardriving games that the owner has taken the precaution of encrypting, he usually passes on by, but sometimes they get bored with the super-easy creeping, and feel the need for a challenge (I’m sure, thinking, “what’s this guy hiding behind that encryption?”). This is when hackers become crackers. See, it’s terribly easy to turn on encryption–every WAP manufacturer builds it into the product–and use it. The trouble is most folks don’t know about it, much less use it…But for those who do, manufacturers included the ability to use WEP encryption (Wired Equivalent Privacy): a 128bit stream cipher key. So now the hacker is looking at gibberish and needs to find a way to “crack” the code to see the data being transmitted, and to talk/co-operate with the WAP–thus the ‘challenge’. Sadly, with the computing power of today’s personal computers and freely available tools a hacker can break into WEP protection in less than two minutes (much less).

Eventually, the hacker’s methods were discovered and WEP was quickly declared to be next-to-useless, and manufacturers switched to a new (2003) and improved methodology called WPA–Wi-Fi Protected Access. Now there’s WPA2. Have the hacker/crackers been thwarted? Well…um…no. However, WPA and the newer WPA2 are so time consuming to crack, the average hacker won’t bother. Why should he? There’s still plenty of folks broadcasting “Here I am. I’m free and easy. Here I am…” Seeemingly every house on the block an unwitting Internet café.
WPA2 is pretty good, and keeps out all but the determined (and sometimes even them).

The main points I want to make here are:
* You really do want to turn on the feature that scrambles your wireless transmissions. (To read my How-To article, How-to-secure-your-wireless-network, click here.)
* Securing your wireless by encrypting with WEP is next to useless; with WPA is so-so; and, WPA2 is the way to go at this time.
* Your network is only as capable as its weakest link, so if you have older devices that aren’t WPA-capable, your newer devices will default down to WEP (or no encryption) level to accomodate your old. I recommend replacing your older gear with newer, WPA2-capable devices.

Copyright 2007-8 © Tech Paul. All rights reserved. post to jaanix

Share this post :

June 17, 2008 Posted by techpaul | PC, Portable Computing, advice, computers, encrypting files, hardware, how to, networking, routers and WAPs, security, tech | coasting, creeping, Encryption, Internet safety, privacy, signals, wardriving, WEP, Wi-Fi, wireless, wireless routers, WPA, WPA2 | 1 Comment

Precautions for your Internet privacy*

I have posted several advice articles on your computing safety, and that of your child’s, in the past. It is my personal passion to thwart digital Evil Doers. I cannot emphasize enough that there are steps you can — and should — take to reduce your risks of Identity Theft and spyware infections. I have posted these steps for you to take advantage of (free), and I will continue to do so. I encourage you to use the Search box in the upper right to find and read past Tech–for Everyone security articles.

Tip of the day: Increase your security and privacy by removing your browsing tracks. All browsers record histories, store copies of the webpages you’ve visited, and to be helpful, store your log on User Names and Passwords, and the answers to forms you’ve filled out. Your machine is programmed to be as fast, efficient, and helpful as it can, and it takes steps you may not be aware of to do this.

For instance, your browser will store a “temp” copy of this Webpage in one of many “temporary” folders, and make a note of the time. This is done so that should you return to this page, your machine can load it from local memory; which is much faster than downloading HTML instructions, text, and graphics and building the page. It uses the timestamps to determine if there’s been changes to the “source” page, and if there has been, it will download the newer page. This helps to give you the illusion of a “fast Internet”.
Other automatic conveniences that record your personal information are Autocomplete, Autofill, and AutoLogon. This is usually accomplished through the use of cookies. (In spite of what you may have heard, all “cookies” are not “bad”.) Hackers know where to look for all this stored information, and they know how to exploit it. Today I am going to show you how to counteract, and change some of this automatic behavior and help you keep your privacy, well, private.

Start by opening IE and clicking on the down-arrow to the right of the Tools menu and selecting Internet Options. (Loyal readers of this blog will already be familiar with this window.)

In the “Browsing History” area, click on the “Delete” button. Now a menu window will open…
Here you are presented with your choices of what to erase (or to “delete all”) and what not. I recommend getting into the habit of regularly clicking on the first, third, and fourth delete buttons — Temp files, History, and Form data. [Form data is particularly important to erase if you have made an online payment, and/or entered your credit card number. Even if you did so on a Secured site.] Sadly, there is no method to set IE to do this automatically for you (you would need a 3rd party utility for that…see today’s free link) and you must remember to this manually.

You can, however, set IE to erase the “temp” files automatically. Click on the Advanced tab of Internet Options, and scroll down to the Security list of settings. Place a check (select) in the checkbox next to “Empty Temporary Internet files when browser is closed”, as shown below. Then click “Apply”, and “OK”.

Today’s free link: the tool I use to erase the digital breadcrumbs on my machines is Absolute Shield Internet Eraser. From site: “AbsoluteShield Internet Eraser protects your privacy by cleaning up all the tracks of your Internet and computer activities. The tool is integrated with IE and it can erase the browser cache, history, cookies, typed URLs, autocomplete list and so on in one click. You can also set the tool to automatically erase those tracks when you quit IE or quit Windows.”

* Original posting: IE 7 and your privacy, 7/8/07.

Copyright 2007-8 © Tech Paul. All rights reserved.

post to jaanix

Share this post :

June 10, 2008 Posted by techpaul | IE 7, Internet, PC, Windows, advice, computers, cyber crime, how to, kids and the Internet, privacy, security, tech | Settings, Internet safety, privacy, browsing history, Internet Explorer, delete, IE, 7, autocomplete, autofill, autologon | No Comments

Top 10 things you should do to your computer–updated

Today is “one of those days” and I simply have too much happening this morning to write an fresh article. So today I am reposting an article which aggregates the most important computer security steps into a single checklist…a “Top 10″ list. Click on the blue links to get more instructions on the topic.

There are several things a PC owner should do to have a healthy computer and be safe(r) from online cyber criminals when they browse the Internet. Not surprisingly, I have covered these topics/items over the course of writing this six-days-a-week series of articles.
I have noticed (from my stats) that not too many folks are looking through past (archived) articles, nor are they using the Search tool to find this previously posted advice and help. So I thought I would put the more important ones into a single list — a “Top 10 List” — and provide direct links (blue text) to the articles which cover the How To steps of making these things happen… and provide you with a simple way to find out what you need to do, compared to what you’ve done already. In case you missed one, or two.

Tip of the day: Run down this list, and ask yourself, “have I done that?” to each one.

1) Install an antivirus, and keep it up-to-date (with the latest “definitions”).
To read my articles on malware, click here. To see a list of links to free antivirus programs, click here. To read my article on how to configure your antivirus for maximum protection, click here.

2) Install two anti-spyware apps, with one having “active” shielding.
To read all my articles which discuss spyware, click here. To see a list of links to free anti-spyware programs, click here.

3) Install a 3rd Party firewall OR turn on the Widows Firewall.
* If you have a home router or Wireless AP, make sure its firewall is enabled (NAT).

4) Enable Automatic Updates from Microsoft (and either set it to automatically install [for the non-geeky] or to prompt for install [for the hands-on type]) and set your programs to “automatically check for updates”.
And then actually click on the “Install” button when told there are updates available.. and please not tell them to “go away, you’re busy.”

5) Password protect your User Accounts.

6) Make a (monthly) system backup.. or at least a “files and settings” backup.. and store a copy — on two different types of media — someplace other than your hard drive.
To read all my articles on backups, click here.

7) Upgrade to IE 7 and/or an “alternative” Web browser (like Firefox, Opera, or Avant). Click here to read my articles on browsers and browsing.

8: Use strong (and complex) passwords. Everywhere. And change them every so often.

9) Rename the Administrator account.

10) Tell Windows to show file extensions.

* (Windows XP/older) Use the NTFS file system, and disable Simple File Sharing.

* (Laptops) Encrypt your hard drive.

There is more you can do to optimize your PC (of course) and the odds are good that I have told you the steps in a prior article, as I’ve written well over a 250 of them– so far, and I invite you type the word “optimize” into my Search box and see what comes up. Also, my Tag Cloud can help you find topics that can help– click on a word in the “cloud” and see the articles I have “tagged” as being relevant.
I hope this find-it-in-one-spot review has been helpful to you.

Today’s free link: By clicking the links above, you will see all the previously posted downloads, of which there are many. And also, there are links to more free links in no’s 1 and 2 above.

Copyright 2007-8 © Tech Paul. All rights reserved.

Share this post :

April 5, 2008 Posted by techpaul | Backups, PC, Vista, Windows, XP, advice, anti-spyware, antivirus, computers, converting to NTFS, encrypting files, how to, passwords, privacy, security, tech | hardening Windows, Internet safety, make Windows more secure, secure your PC, security checklist, steps for safer browsing | 1 Comment

Don’t plug in that new computer until…

For those of you lucky folks who will receive a shiny new computer for the holidays, I want to remind you of two things: first, your machine, out-of-the-box, is not properly protected from the dangers of the Internet; and second, an unprotected machine connected to the Web will be infected within minutes of being connected. These infections may be keyloggers, that will steal your login ID’s, passwords and credit card numbers– or they may be tools that turn your machine into a zombie under the control of some distant hacker… or both… or… more.

Because of these two facts, it is very important that you take a few “action steps” before (repeat: BEFORE) you connect it to the Internet. Tell Windows “Validation” to wait. I simply cannot emphasize enough that these steps must be your first priority. Give your PC some protection before exposing it to the Internet.

Tip of the day: Take these 3 steps to protect your new PC.
As I mentioned in yesterday’s article, most new machines will come with Vista, and so the steps and screenshots will be Vista-oriented. If you do get a new machine that has XP, the steps are nearly identical.. but you can access them in the Protection Center or Network Connections as well.

1) Make sure the firewall is turned on.
A firewall is a very vital layer of protection against Internet dangers, and it acts much like a security guard at a doorway — only allowing authorized people to come and go. A firewall also “cloaks” (hides) you from a hacker’s scanning tools.
Vista’s built-in firewall is better than XP’s, but you may still want to install a 3rd-party firewall (or use the one in a Security “Suite”) at a later date. But, for now, the built-in firewall is much better than no firewall. To make sure it is “enabled” (on), click Start >Control Panel. (You are going to do this for Action Step #2 as well, so don’t ‘red-X’ it right away.)

Now click on the green “Network and Internet” link…

…and then, in the lower-left, click on “Windows Firewall”.

The window that opens should have a green coloring and look like this. If it doesn’t, and is red-colored, click on the “Change settings” link (Vista likes to use hyperlinks and not buttons) and turn it on.

2) Get Windows patched.
Now you will need to connect to the Internet, so go ahead and plug in your Ethernet cord or establish a wireless connection, and then go immediately to Windows Update: either by clicking the blue “Check for updates” (under “Security”) in Control Panel (the skinnier arrow in the first screenshot), or click Start >Programs >Windows Update.
You will be asked to “validate” your copy of Windows, and then it will scan your computer for any missing security patches, “hotfixes”, and updates and install them for you. [Note: if you chose the optional Update method, and "scan for optional updates", Windows Update will look for newer (Microsoft approved) device drivers as well. This is a good thing to explore.]
This process will protect your machine from specific hacker exploit attacks, and close vulnerabilities in the software.

3) Open the antivirus program and update it.
Most, if not all, new computers come with at least a “trial” antivirus program installed.. usually as part of a trial “security suite” which lasts 30-90 days or so, and for it to be effective it needs to have the latest virus “definitions” added to its database.
Double-click on the Desktop icon (or right-click on the icon in the System Tray) and open the program’s Control panel and click on the “Update” option [Note: this is different than the "upgrade" option, which is asking you to buy.] Quite a few of these programs will detect that the database is empty, and will immediately prompt you to “update now”– do so. I repeat, your antivirus is useless until you do this step.
[If your particular shiny new PC does NOT come with antivirus, download and install one immediately! (Yes. Exclamation point.) I have written the steps for downloading and configuring AVG Free Edition and included the download link, to review it, click here.]

Great! Now you check your e-mail and surf the web over to my list of free anti-spyware apps, download a trialware remover, download the proper security suite remover, install a real security suite, install your applications, choose a Desktop background… Sigh. I’m jealous.

* Some folks may argue with me that Step 3 can and should be done before step 2; that I have those out of order, and that’s fine. The firewall as number one I stand fast by.
Now that your firewall is on, visit my Top 10 Things You Should do to Your Computer article.

Today’s free link: Get more out of your new digital devices by visiting C/Net’s Tips ‘n Tricks department. Sign up for online classes, ask experts, and watch tutorial on Vista, Word, setting up a Home Theater, and more…

Copyright 2007 © Tech Paul. All rights reserved.

Share this post :

December 20, 2007 Posted by techpaul | PC, Windows, advice, computers, firewall, how to, tech | Internet safety, new computer, protect a new PC | No Comments