My dear reader,
this post is simply a wish for you to have the best possible holidays! I am very humbled by all the greetings I receive from you, and the questions about the low number of posts on my blog at the moment.
Rest assured, I have only taken a little longer vacation than normal, and I will be back strong again when we enter 2009! You will be reading more about Facebook and the social media security challenges, you will be seeing more on privacy, technology and rants on airport security. I will keep it up, I promise!
In the meanwhile, I wish you the happiest holidays with this link! Do what it says, and come back next year!
And again, thank you so much for reading, disagreeing and sharing your views! It makes it all worth while!
Kai
December, 2008
Happy holidays to all my readers!
Submitted by Kai on Wed, 2008-12-24 09:15.
10 golden rules of using public WIFI
Submitted by Kai on Wed, 2008-12-17 11:34.
In this article
David Hobson from Global Secure Systems, looks at the top 10 golden rules that
you should adhere to in order to stay safe on line when using a public WiFi
connection. Thank you David!
Access to the Internet via public “hotspots” is growing and will continue to grow as more and more hotspots are made available. We have McDonalds offering free Internet access and even Boris Johnson proposing that London becomes a WiFi city, with free WiFi, following the likes of Norwich!
This free bandwidth does come with an element of risk. Once you are associated to an access point, you are on the same network as others connected to the same access point, in the same way as plugging into the same network segment. A simple network discovery will show who else is connected....and from there an unscrupulous user could try and access your machine. This may not be deliberate - a Trojan may automatically be scanning in the background for, and trying to infect other machines. In addition to the possibility of direct attack, your data is probably going to be “clear text” – not encrypted.
So what are issues we face when using public ‘hotspots’?
1) Clear text data – by its very nature a hotspot will not have any encryption or security on it. It is there to enable as many people as possible to connect, as easily as possible. To offer a pre-shared security key is impractical, and the more people have a key, the less valuable a key is.
What does this mean? Well if you are sending email, someone on that network will be able to see, and read that data. It is a bit like handing a postcard over a post office counter. Everyone in the post office can read it. So you really would not write anything confidential on it. To say “Hi, having a wonderful time, wish you were here” is not exactly top secret. You may not want to put all your credit card information on it!
2) Most web traffic is, by its very nature clear text. Most web sites will switch to secure, encrypted HTTPS traffic when doing commercial transactions. Web mail is normally in the clear...How can you tell if you have changed? Look for the little padlock in your browser!
3) If you are using business email, we strongly recommend using a VPN (Virtual Private Network) between you and the business mail server. This should be provided by the business. This normally is a security overlay on your traffic. This will encrypt data and ensure no eaves droppers read it.
4) Your PC needs to have a personal firewall installed, and switched on. A basic firewall is provided within Windows now. Use it! This stops unauthorised access on to the PC.
5) Many businesses will add an additional personal firewall. The clever ones will actually change the policy based upon your location, which will control the flow of data in and out of your PC in accordance with your policy.
6) Ensure your anti-virus software is installed, up-to-date and working! This will defend against known virus or Trojan attacks.
7) Turn off ad-hoc networking – WiFi has two methods of working – ad hoc and infrastructure. Infrastructure is when your PC connects to an Access Point, and then on to a wired network. Ad-hoc is when two PC’s communicate to each other directly without an Access Point. You really should ensure no one can network directly, unless there is a specific reason!
8) Shoulder surfing. Always be aware who is watching you. Don’t sit with your back to a crowd or window inviting unwanted snoopers to see you type your password or read your documents.
9) Think about the length of time you are connected. As a precaution, prepare messages off line and only connect to send and receive. This will reduce the window of opportunity for someone to capture your data.
10) Lastly, when accessing a hot spot be aware of hot spot high jacking. This is when a fake access point is used to fool you into connecting to it. It will record all traffic from your system. This type of attack is mainly used in internet cafes since access is open. Always try and make sure you connect to genuine access points.
For more information on security and WiFi visit www.gss.co.uk
Access to the Internet via public “hotspots” is growing and will continue to grow as more and more hotspots are made available. We have McDonalds offering free Internet access and even Boris Johnson proposing that London becomes a WiFi city, with free WiFi, following the likes of Norwich!
This free bandwidth does come with an element of risk. Once you are associated to an access point, you are on the same network as others connected to the same access point, in the same way as plugging into the same network segment. A simple network discovery will show who else is connected....and from there an unscrupulous user could try and access your machine. This may not be deliberate - a Trojan may automatically be scanning in the background for, and trying to infect other machines. In addition to the possibility of direct attack, your data is probably going to be “clear text” – not encrypted.
So what are issues we face when using public ‘hotspots’?
1) Clear text data – by its very nature a hotspot will not have any encryption or security on it. It is there to enable as many people as possible to connect, as easily as possible. To offer a pre-shared security key is impractical, and the more people have a key, the less valuable a key is.
What does this mean? Well if you are sending email, someone on that network will be able to see, and read that data. It is a bit like handing a postcard over a post office counter. Everyone in the post office can read it. So you really would not write anything confidential on it. To say “Hi, having a wonderful time, wish you were here” is not exactly top secret. You may not want to put all your credit card information on it!
2) Most web traffic is, by its very nature clear text. Most web sites will switch to secure, encrypted HTTPS traffic when doing commercial transactions. Web mail is normally in the clear...How can you tell if you have changed? Look for the little padlock in your browser!
3) If you are using business email, we strongly recommend using a VPN (Virtual Private Network) between you and the business mail server. This should be provided by the business. This normally is a security overlay on your traffic. This will encrypt data and ensure no eaves droppers read it.
4) Your PC needs to have a personal firewall installed, and switched on. A basic firewall is provided within Windows now. Use it! This stops unauthorised access on to the PC.
5) Many businesses will add an additional personal firewall. The clever ones will actually change the policy based upon your location, which will control the flow of data in and out of your PC in accordance with your policy.
6) Ensure your anti-virus software is installed, up-to-date and working! This will defend against known virus or Trojan attacks.
7) Turn off ad-hoc networking – WiFi has two methods of working – ad hoc and infrastructure. Infrastructure is when your PC connects to an Access Point, and then on to a wired network. Ad-hoc is when two PC’s communicate to each other directly without an Access Point. You really should ensure no one can network directly, unless there is a specific reason!
8) Shoulder surfing. Always be aware who is watching you. Don’t sit with your back to a crowd or window inviting unwanted snoopers to see you type your password or read your documents.
9) Think about the length of time you are connected. As a precaution, prepare messages off line and only connect to send and receive. This will reduce the window of opportunity for someone to capture your data.
10) Lastly, when accessing a hot spot be aware of hot spot high jacking. This is when a fake access point is used to fool you into connecting to it. It will record all traffic from your system. This type of attack is mainly used in internet cafes since access is open. Always try and make sure you connect to genuine access points.
For more information on security and WiFi visit www.gss.co.uk
Dodging virtural snowballs on Facebook
Submitted by Kai on Mon, 2008-12-08 09:15.
I use Facebook. Primarily to promote my blogs and myself (shameless, yes, I am...). And of course I enjoy being a bit of a critic too.
Especially when it comes to the huge amount of Facebook apps, I am worried. Not about the applications themselves, but by the way people uses them without any criticism and understanding of how they give away information about themselves and their network.
Of course it is fun that friends decides to throw virtual snowballs at you, vote you the most hansom in their network, want to add your birthday to their calendar and so forth. And what is even nicer is that the fact that your friends does this to you means that you have a certain popularity. And being popular is always nice, and as result, you will lower your guard. And by lowering your guards, you become an easy target - not a target of those friends trying to hit you with a snowball, but a target of those creating applications only to harvest information about
Sometimes I tell my contacts that I block most applications on Facebook. Other times I do not. I just click the "Block this application". And yes, I accept that by doing so, I risk to be received as a boring old man. And I am, when it comes to my privacy. As long as I do not know who is getting my information, how they use it, for how long they will keep it and whether or not I can trust them, I keep the information to my self.
And when it comes to the applications on Facebook, they may have been developed by a fanatic hacker who is out to cash in on selling your information to the highest bidder. They may also be developed by the order of a foreign (or allied) state, harvesting intelligence about their own people, or people in a target state.
Most of us have read the 1984 by George Orwell. And most of us have some idea of what was going on during the cold war (and most other wars) - governments collected information about everyone, because everyone could be a terrorist, could be working for the enemy, could have ideas and views opposing the "accepted values".
And this still goes on in the war on terrorists - it is extremely easy to show up on the "radar", but to clear your name may turn out to be very hard - as opposed to the publicly accepted principles of justice, when it comes to war, you no longer need to be proven guilty. It is more than enough to be suspected.
Using the Internet to gather this type of information is so easy that former surveillance officers are wetting their pants. And the ease which they are lullying all of us into the safety of surveillance is alarming. Hiding surveillance as nice-to-have tools - like video surveillance to stop thiefes lifting your pocket on the street (who believes that the camera really stops someone picking you pocket anyway???), GPS devices on phones to help you find your way (giving away your exact position and target to Google and who know how many others...), fraud detection systems in the banks (following your every movement and the shops you visit - in real time).
The list goes on forever. And we accept it. It is so easy to accept. It has become a habit. Something we just do. Just like when Facebook shows us their privacy policy and user agreements. No need to read it through, just click "I accept this" - whatever it says. And that is what most of us do. Just accept it.
We choose to trust this application with our most personal information - including pictures from parties, our current moods, our social life, interests. You name it, and you will find it.
I do not enjoy virtual snowballs. I prefer the real thing. Then you know what hits you. And when. You can wipe your neck, and move on. With the virtual snowballs you have no control, and you have no idea what will hit you and when. All you know is that having fun with your friends comes with a price, and that price is sharing your privacy information. To someone else but your friend. Someone is using your friend to trick you to give away valuable information that may make of break your future.
I have nothing against snowball wars amongst friends. I'll take your challenge any day. As long as we use real snow!
On a side note - enjoy this lovestory!
Especially when it comes to the huge amount of Facebook apps, I am worried. Not about the applications themselves, but by the way people uses them without any criticism and understanding of how they give away information about themselves and their network.
Of course it is fun that friends decides to throw virtual snowballs at you, vote you the most hansom in their network, want to add your birthday to their calendar and so forth. And what is even nicer is that the fact that your friends does this to you means that you have a certain popularity. And being popular is always nice, and as result, you will lower your guard. And by lowering your guards, you become an easy target - not a target of those friends trying to hit you with a snowball, but a target of those creating applications only to harvest information about
- you, your networks,
- your whereabouts,
- interests,
- religion,
- political views,
- who you know,
- who you communicate with most,
- how you communicate,
- what you say
- to whom you say it
- and so forth...
Sometimes I tell my contacts that I block most applications on Facebook. Other times I do not. I just click the "Block this application". And yes, I accept that by doing so, I risk to be received as a boring old man. And I am, when it comes to my privacy. As long as I do not know who is getting my information, how they use it, for how long they will keep it and whether or not I can trust them, I keep the information to my self.
And when it comes to the applications on Facebook, they may have been developed by a fanatic hacker who is out to cash in on selling your information to the highest bidder. They may also be developed by the order of a foreign (or allied) state, harvesting intelligence about their own people, or people in a target state.
Most of us have read the 1984 by George Orwell. And most of us have some idea of what was going on during the cold war (and most other wars) - governments collected information about everyone, because everyone could be a terrorist, could be working for the enemy, could have ideas and views opposing the "accepted values".
And this still goes on in the war on terrorists - it is extremely easy to show up on the "radar", but to clear your name may turn out to be very hard - as opposed to the publicly accepted principles of justice, when it comes to war, you no longer need to be proven guilty. It is more than enough to be suspected.
Using the Internet to gather this type of information is so easy that former surveillance officers are wetting their pants. And the ease which they are lullying all of us into the safety of surveillance is alarming. Hiding surveillance as nice-to-have tools - like video surveillance to stop thiefes lifting your pocket on the street (who believes that the camera really stops someone picking you pocket anyway???), GPS devices on phones to help you find your way (giving away your exact position and target to Google and who know how many others...), fraud detection systems in the banks (following your every movement and the shops you visit - in real time).
The list goes on forever. And we accept it. It is so easy to accept. It has become a habit. Something we just do. Just like when Facebook shows us their privacy policy and user agreements. No need to read it through, just click "I accept this" - whatever it says. And that is what most of us do. Just accept it.
We choose to trust this application with our most personal information - including pictures from parties, our current moods, our social life, interests. You name it, and you will find it.
I do not enjoy virtual snowballs. I prefer the real thing. Then you know what hits you. And when. You can wipe your neck, and move on. With the virtual snowballs you have no control, and you have no idea what will hit you and when. All you know is that having fun with your friends comes with a price, and that price is sharing your privacy information. To someone else but your friend. Someone is using your friend to trick you to give away valuable information that may make of break your future.
I have nothing against snowball wars amongst friends. I'll take your challenge any day. As long as we use real snow!
On a side note - enjoy this lovestory!
How to become a Hacker
Submitted by Kai on Wed, 2008-12-03 17:32.
An increasing number of visitors from search engines seems to come to my blog to look for hacking techniques and how to become a hacker.
Here you go! Now you can go directly to one great source about how to become a hacker yourself. The source is regularly maintained.
Here you go! Now you can go directly to one great source about how to become a hacker yourself. The source is regularly maintained.
- Kai's blog
- Login to post comments
Recent comments
14 weeks 16 hours ago
14 weeks 1 day ago
14 weeks 2 days ago
14 weeks 2 days ago
14 weeks 3 days ago
14 weeks 3 days ago
17 weeks 4 days ago
18 weeks 6 days ago
21 weeks 1 day ago
21 weeks 3 days ago