We are all now well aware of the threats facing computers, such as DDos attacks against servers, what exactly a zombie computer is and some hacks which have hit the newspapers like the story of a man in Tampa Bay who was caught “stealing” someone else’s broadband connection. The individual hacked into a wireless internet network. While this may seem innocent enough consider that the person who gains entry into the network could be using your connection to surf for porn or worse it could be child porn, with the trail leading to your connection.

While the law is catching up and some experts in the police and other law enforcement agencies have the skills to determine whether you actually did the downloading of illegal material or if your computer and connection was unwittingly compromised not everyone has these skills and it’s far easier (and less costly) to prosecute than to do the investigation required to clear the individual.

In fact you may need to have your own experts helping you prove your innocence!

Another similar story of broadband/wireless signal theft from out of the UK, where several individuals have been charged using someone else’s broadband connection.

While the fines have been hefty, it is a clear indication that while the justice system is working towards protecting individuals they are in uncharted territory.

WIFI theft is becoming an national and international issue, there have been warnings issued in Canada. In an extreme case in 2003, Toronto Police stopped a man who was naked from the waist down. He had a laptop computer in his car and was driving down a residential neighborhoods downloading child pornography.

Want to see how EASY it can be to crack even a secure connection?

This video was found on YouTube, along with dozens of others showing you step-by-step how to crack WEP (secure wireless connection). Scary.

So while your connection can be hacked, you should still secure your connection.  Should someone use it and implicate you, you can still show the authorities that your connection was secure but it was hacked.

7 Things You Must Consider To Secure Your Wireless Connection

1. Secure your wireless router or access point administration interface.
2. Don’t broadcast your SSID.
3. Enable WPA encryption instead of WEP.
4. Remember that WEP is better than nothing.
5. Use MAC filtering for access control.
6. Reduce your WLAN transmitter power.
7. Disable remote administration.

On my wireless home network I do not broadcast my SSID, and I have enabled and configured WPA with a fairly “random” key.  I also use MAC filtering to control who can come into the network even if I’ve given them the key and I have disabled remote administration.

Another story of a Michigan man who in 2007 used a coffee shops unsecured internet connection to download and check his e-mail. Luckily he was not charged, otherwise he could have spent up to 5 years in jail. Piggybacking or using someone else’s WIFI connection without their permission is a felony. In the end the individual paid only a $400 fine and will do 40 hours of community service. However if he had gone into the coffee shop, it would have been fine.

If you have ever borrowed someone else’s wireless connection – you should think twice. If the letter of the law is followed, you could end up with serious fines, jail time and worse, a record that will follow you for life.

If you have a wireless internet connection in your home, or office – secure it! Not only are you protecting yourself, your business and its assets but you could be preventing someone from launching devastating attacks against commercial systems, or allowing terrorists from using open systems to communicate with others and even stopping the flow of child pornography.

Forget about what could be done using your wireless connection – consider that many of us store our entire lives on our computers: digital images, movies, banking information, and even e-bills. If someone gets unauthorized access to your computer, you risk having your identity stolen. You need to ensure your computers are sufficiently secured to prevent unauthorized access to its contents.

The onus is on you to ensure you are protecting yourself. If you do not know how to secure your systems, there are many companies that will come to your home and help you secure your computer and wireless connections from unauthorized use.

Technorati Tags: hacking, hacking wireless networks, how to hack a wireless network, securing wireless networks

There are many vulnerabilities out there, hackers, phishers – you name it.  It certainly doesn’t help that browsers are the key to get at your data.  But there are simple steps you can take NOW to protect yourself.

Step #1 – Stop Phishing

Keep passwords private – don’t reveal them!  Not even to family or close friends. Of course you trust your family and friends but once revealed you can never be sure that they will not unwittingly reveal your password to someone else. There may be occasions, due to sickness or accident for example, when you have to allow family or close friends to access some on-line accounts. Following such occasions you should change your passwords as soon as practically possible.

Step #2 – Stop Phishing

Use secure passwords. Never use a password such as your middle name, your pet’s name, your birthday etc. These may be easy to guess. Nor should you use any word that exists in the dictionary. A good password uses a combination of letters and numbers and symbols. It’s possible to create such passwords in an easy to remember format. For example, the password A$4A10c looks quite random but may be remembered as “A dollar for a dime”.

Step #3 – Stop Phishing

Use good security software (anti-virus, anti-spyware, anti-spam, firewall) and don’t forget to keep it updated.

Step #4 – Stop Phishing

Alway, always, ALWAYS use the most current versions of Internet browsers. Most of the current versions contain their own anti-phishing filters and blacklists to help keep you safe.

Step #5  – Stop Phishing

Never click a link in an email that looks suspicious. This is a classic phishing trick. They name the link to their phishing website with a real one so the link looks like one for your bank or credit card company. Instead of clicking open your Internet browser and type in the website address shown in the email.

Credit card companies, YOUR BANK, banks you’ve never dealt with will NEVER, EVER send you a personal e-mail asking for information.  Check with your financial institutions e-mail policy, but most are quite standard in the banking industry.

Step #6 -  – Stop Phishing

Regularly check your on-line accounts. Log on to your account and investigate any action that you don’t recognize. It may just be that the details of a retailer transaction are not easily recognizable so investigate before you take action.

This is VERY important.  You should be checking your accounts regularly.  Credit card companies do a one up on this, they have very sophisticated software that tracks purchases and can almost assign a “biometric fingerprint” to how you make your purchases.

For example, recently I filled my car with gas and used a credit card to pay for the purchase.  I realized I needed something else, so went into the store and the clerk cancelled the gas purchase so I could make the addition purchase.  He then recharged my card, but immediately my credit card company put my card on hold.  Within 1 hour of the incident they called me on my cell phone to confirm whether it was me that made the purchase and if I was aware of the subsequent credit and re-purchase.  They’re good.  Damn good!

Technorati Tags: hacking, identity theft, phishing, protecting your identity

The browser wars are all but over, and though there may be a blurry winner one thing is for certain — many of the older browser versions contained bugs.  Lots of bugs.  Especially important are the security bugs.  You know the ones, they can allow hackers to gain access to your PC or other nefarious things.  So what’s a guy to do?  Simple.  Upgrade.  You should always be running the latest versions of your favourite browser PLUS ensure that you’ve got all the security fixes and patches.

There are dozens upon dozens of browser vulnerabilities.  I did a quick google search on vulnerabilities by browser and found a few resources.  This is by no means exhaustive, but useful.  What I was really searching for was a table that would show me the different versions of Microsoft Internet Explorer, FireFox and all the other browsers out there along with the version number(s) of the browsers, counts of browser vulnerabilities  and worst type of browser vulnerability.  Couldn’t find something exactly like that…

• http://blogs.technet.com/security/attachment/2594822.ashx
• http://www.sans.org/top20/

Sans.org had this to say about client side browser vulnerabilities:

Client-side Browser Vulnerabilities in:

C1. Web Browsers

C1.1 Description

Microsoft Internet Explorer is the world’s most popular web browser and is installed by default on every Microsoft Windows system. Unpatched or older versions of Internet Explorer contain multiple vulnerabilities that can lead to memory corruption, spoofing and execution of arbitrary scripts or code. The most critical issues are the ones that lead to remote code execution without any user interaction when a user visits a malicious web page or reads a malicious email. Exploit code for many of these critical Internet Explorer flaws is publicly available. In addition, Internet Explorer has been leveraged to exploit vulnerabilities in other core Windows components such as HTML Help and the Graphics Rendering Engine. During the past year, hundreds of vulnerabilities in ActiveX controls installed by Microsoft and other software vendors have been discovered. These are also being exploited via Internet Explorer.

Mozilla Firefox is the second most popular web browser after Internet Explorer. It also has a fair share of vulnerabilities. In 2007, it has released several updates to address publicly disclosed vulnerabilities. Similarly to Internet Explorer, unpatched or older versions of Firefox contain multiple vulnerabilities that can lead to memory corruption, spoofing and execution of arbitrary scripts or code. The web sites exploiting the browser vulnerabilities typically host a several exploits, and even launch the appropriate exploit(s) based on which browser the potential victim is using.

With the explosion of rich content in web sites, a parallel increase has been seen in the number of Browser Helper Object and third-party plug-ins used to access various MIME file types such as multimedia and documents. These plug-ins often support client-side web scripting languages such as Macromedia Flash or Shockwave. Many of these plug-ins are installed (semi-)transparently by a website. Users may thus not be aware that an at-risk helper object or plug-in is installed on his/her system. These additional plug-ins introduce more avenues for hackers to exploit to compromise computers of users visiting malicious web sites.

In October 2007, for example, systems running Windows XP and Windows Server 2003 with Windows Internet Explorer 7 were found not to handle specially crafted Uniform Resource Identifiers (URIs) properly. By creating a specially crafted URI in a PDF document attackers were able to execute arbitrary commands on vulnerable systems.

So how does this impact you?  Well, if I need to tell you this then you’re loooong gone. 

Seriously though, now PayPal is getting into the fray.  They’ve recently announced that they will cease support for older browsers and Safari – meaning that they will block access to PayPal for users that still use these browsers.

Under PayPal’s plan, Apple Inc.’s Safari would be banned completely, while only older versions of its rivals Microsoft Corp.’s Internet Explorer and Mozilla Corp.’s Firefox would be barred.

…

PayPal did not specify a timetable when it would switch on its browser blocking, and did not reply to request for one on Friday. Apple also did not respond to an e-mail asking for comment.

Most recently I’ve read that, now instead of using the word “blocks” they are now saying that are “considering blocking” — a big change.

I was expecting to see something on their blog, but alas nothing was posted there – but there was a post by their CIO – http://www.thepaypalblog.com/weblog/2008/04/a-practical-app.html.

The announcement was made in a PDF paper for the RSA Conference.

Enjoy the read!

Mohamed

Technorati Tags: browser vulnerability, hacking, internet explorer, paypal, phishing, safari