Be Cautious When Using Wi-Fi

/in , /by

The proliferation of mobile devices means that we can work or play online from almost anywhere, so it’s no surprise that public Wi-Fi networks have become more common. From hotels and coffee shops, to universities and city centers, Wi-Fi is widely available, but is connecting to these networks safe?

4WIf you were carrying on a highly sensitive conversation on a park bench with your closest friend, would you want everyone in the immediate area to gather around and eavesdrop?

That’s essentially what happens—or what could happen—when you communicate online using public Wi-Fi, such as at coffee houses, hotels and airports.

Non-secured public Wi-Fi makes it easy for hackers to read your email correspondence and the information you type to get into your critical accounts.

Of course, with a VPN, your online activities will be unintelligible to eavesdroppers. A virtual private network will encrypt everything you do so that hackers can’t make sense of it. A VPN is a service you can use when accessing public Wi-Fi. A VPN will also prevent exposing your IP address.

So, if you are going to connect to public Wi-Fi, make sure that you take some steps to keep your device and information safe.

Follow these tips to stay protected:

  • Turn off sharing—Keep others from accessing your computer and files by turning off sharing when you are on a public network. This can be accomplished by visiting your computer’s control panel (on Windows), or System Preferences (Mac OS X).
  • Use a “Virtual Private Network”—If you frequently use public Wi-Fi, it might be a good idea to use a Virtual Private Network (VPN). A VPN is like your own private network you can access from anywhere. You can subscribe to VPN services for a low monthly fee.
  • Avoid information-sensitive sites—When using public Wi-Fi, try to avoid logging in to banking and shopping sites where you share your personal and financial information. Only do these transactions from a trusted connection, such as your protected home network.
  • Use sites that start with “https”—Sites that begin with “https” instead of just “http” use encryption to protect the information you send. Look for this level of security on sites where you plan to enter login and other personal information.
  • Use multi-factor authentication – Find out which of your accounts offer two-factor authentication. This would make it next to impossible for a hacker, who has your username and password, to bust into your account—unless he had your phone in his hand—the phone that the two-factor is set up with.
  • Always log out – Don’t just click or close out the tab of the account when you’re done; log off first, then close the tab
  • Avoid automatically connecting to hotspots—Keep your computer or device from automatically connecting to available Wi-Fi hotspots to reduce the chances of connecting to a malicious hotspot set up to steal information. Make sure your device is set up so that it doesn’t automatically reconnect to that WiFi when within range. For example, your home WiFi may be called “Netgear” and will reconnect to “Netgear” anywhere, which might be a hackers connection who can snoop on your data traffic.

PC:
For Windows
Make sure no “Connect Automatically” boxes are checked.
Or, go to the control panel, then network sharing center, then click the network name
Hit wireless properties.
Uncheck “Connect automatically when this network is in range.

For Mac:
Go to system preferences, then network
Under the Wi-Fi section hit the advanced button.
Uncheck “Remember networks this computer has joined.”

Mobile:
For iOS:
Go to settings, select the Wi-Fi network, then hit forget this network.
For Android:
Get into your Wi-Fi network list, hit the network name and select forget network.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!

The High Performance Router for a Many-Device Home

/in /by

You will love the Tri-Band WiFi technology; it can connect all of your devices at the same time. The only router capable of this is the Netgear Nighthawk X6 AC3200 Tri-Band Wi-Fi Router (a.k.a. Netgear R8000).

NETGEARThis router provides three connections and has six wing-like antennas. Another feature is the ReadyShare USB. The user who’d really be interested in the Netgear R8000 is the one who has all sorts of electronics like a complete entertainment system, desktop PCs, a few laptops, game consoles, smartphones, etc.

But even if you have just five devices in your house, you may still wish to consider this high performance router to smooth out all of your connections and eliminate any hiccups. All of the gadgets can be connected, something that regular routers can’t do.

This high performing router has Broadcom’s Xstream platform, which can prioritize incoming traffic and prevents slow traffic from impeding fast traffic.

Some Key Specifications

  • Selects the fastest Internet connection for every device
  • Memory: 128 MB Flash and 256 MB RAM
  • WiFi Protected Access (WPA/WPA2—PSK)
  • WiFi Technology: 802.11ac Tri-Band Gigabit
  • WiFi Performance: AC3200 (600 + 1300 + 1300 Mbps)
  • The WiFi range works for very large households.
  • WiFi Band: Simultaneous Tri-Band WiFi – Tx/Rx 3×3 (2.4GHz) + 3×3 (5GHz) + 3×3 (5GHz)
  • Ethernet Ports: Five (5) 10/100/1000 (1 WAN and 4 LAN) Gigabit ethernet ports
  • VPN support for secure remote access
  • Denial-of-service (DoS) attack prevention
  • Double firewall protection (SPI and NAT)
  • System requirements: Microsoft Windows 7, 8, Vista, 2000, Mac OS, UNIX or Linux
    Microsoft Internet Explorer 5.0, Safari 1.4, Firefox 2.0 or Google Chrome 11.0 browsers or higher

Ready to set up the Netgear R8000?

  • Follow the instructions in the manual.
  • The instructions are not complicated.
  • After setting it up, go to routerlogin.net. The default password is “password” and the default username is “admin.” The setup wizard will get it installed for Internet access.
  • Once your connection is established, you can figure out what you’d like in your network.
  • The advanced menu will allow you to configure more features. Play around with the advanced menu to see what you might like.
  • Use the latest firmware.
  • Go to netgear.com/home/discover/apps/genie.aspx to download the Netgear Genie, an application that will monitor and control your new router and network. The Genie offers additional features like parental controls.

The manufacturer’s suggested retail price is $299, and that comes with a limited one-year warranty. But look around; you may find a sale price.

The Tri-Band feature really sets the Netgear R8000 apart from other routers. The one challenge with this router is its horizontal, rather than vertical, expansion. But that’s really just a minor little issue when you consider all that this router can do, like take on multiple connections simultaneously—without any glitches. Other outstanding features:

  • Will enable multiple use of electronics in the household without anyone experiencing compromised loading times or any other sluggishness; no congestion. So while one person watches YouTube, another downloads files and a third watches a show while also using a smartphone, nobody’s online experiences will be hampered.
  • Is ideal for a household with a lot of devices.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

Risks of Public WiFi

/in /by

Wired internet or wireless WiFi, the warnings are out there: Don’t visit any websites that you have important accounts with when using a public computer (hotel, airport, café, etc.).

3WVisiting even a more trivial account, such as an online community for cheese lovers, could sink you—in that a cyber thief might get your username and password—which are the same ones you have for your bank account, PayPal and Facebook.

Why is public Wi-Fi such a bad thing for shopping and banking and other such activities?

Snooperama

  • As already touched on, a roving hacker could glean your username and password, or credit card number and its three-digit security code when you do online shopping, because the cyber communications of public Wi-Fi are not encrypted. They are not protected or scrambled up. The cybersnoop can thus see what everyone’s passwords, usernames and account information is.
  • Hackers can also see what sites you’re visiting and what you’re typing on those sites.

If you plan on using public Wi-Fi, make sure your device has full protective software including a firewall (and you should always have these anyways).

When connecting to public Wi-Fi, always choose the “public” network rather than the “home” or “work” options when using Windows. This will prevent Windows from sharing files.

If you absolutely must conduct work or personal business while on public Wi-Fi, then use a VPN: virtual private network; it scrambles communication into gibberish by encrypting it.

Malicious Locations for the Wi-Fi

Don’t assume that a hacker is far away when he snoops for something to steal. For instance, the “hotspot” to connect online may have been set up by a thief like a spider in a web waiting for flies. Additional ways a hotspot could be malicious:

  • HTTP connections can be hijacked by software called sslstrip. This software generates copycat links—a domain name that looks just like the authentic one, but appearances are deceiving because these imposter domain names use different characters.
  • Hackers can use the Wi-Fi Pineapple to set up the attacks mentioned above. The Pineapple is on the lookout for when a laptop is trying to connect to a network it recalls, barges in and claims the summoning. Pineapple is now in a position to perform additional attacks.

Hack Prevention

  • Avoid online activity using public Wi-Fi with important accounts. If their site has HTTPS with the padlock icon there is a degree of security here, however, the rule still stands: no public Wi-Fi for important accounts. The only exception to this hard rule is if you have the VPN.
  • Using a VPN will encrypt all of your online activities, freeing you to use public Wi-Fi for anything. Hotspot Shield is a VPN provider that’s compatible with iOS, Android, PC and Mac. It runs quietly in the background.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Things You should and shouldn’t do on Public Wi-Fi

/in /by

Public Wi-Fi is the location where you can get online: airport, airplane, coffee house, hotel, motel and more. Many people don’t give this a second thought, unaware of how risky this really is.

4WPublic Wi-Fi is very non-secure, a goldmine for hackers who want to steal your identity and commit fraud, destroy your website, you name it. They can do this many ways, including intercepting your activity with an imposter website where you input login details—that the hacker then obtains.

But public Wi-Fi will always be risky as long as its proprietors, such as the coffee house, find that enabling security features hampers ease of use for patrons.

So even if you don’t do banking and shopping online, the wrong person can still see, word-for-word, your e-mail correspondence.

Do’s at a Public Wi-Fi

  • Make sure your devices are installed with antivirus, antimalware and a firewall, all updated.
  • Prior to when you anticipate using public Wi-Fi, consider the nature and amount of sensitive data on your device, maybe remove it (and back it up).
  • Make sure the hotspot is legitimate; speak to the proprietor. Cybercriminals could set up hotspots as “evil twins”.
  • Sit against a wall so that nobody can spy what’s on your screen.
  • If sitting against a wall is not possible, be aware of who’s around you. Cover your hand when typing in login information.
  • Use a privacy screen; this makes it impossible for a “shoulder surfer” to see what’s on your screen while they peak over your shoulder or from the side.
  • Use a VPN: virtual private network. It will encrypt all of your online transactions, making them impossible to decipher by cyber criminals, whether it’s login information, usernames, passwords or e-mail correspondence. Even your IP address will be concealed. Hotspot Shield is a VPN provider, and it’s compatible with Mac, PC, iOS and Android, quietly running in the background after it’s installed.

Don’t’s at a Public Wi-Fi

  • Don’t let your device connect with the first network that “takes.” Instead, select it.
  • Do not keep your wireless card on if you’re not using it.
  • Do not keep your file sharing on.
  • Can you not wait till you’re in a secure location to do banking and other business transactions? No matter how bored you are waiting at the airport or wherever, do not do banking and other sensitive activities.
  • Don’t engage in any serious or sensitive e-mail communications.
  • Never leave your devices unattended for a single second. Not only can someone walk off with them, but a thief can insert a keylogger that records keystrokes.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Beware of scary WiFi Virus

/in /by

It’s called Chameleon—a computer virus—but maybe it should be called FrankenVirus. You wouldn’t believe what it can do: literally move through the air, as in airborne—like a biological pathogen.

2WAnd like some Franken-creation, it came from a laboratory, cultivated at the University of Liverpool’s School of Computer Science and Electrical Engineering and Electronics.

Chameleon leaps from one WiFi access point to another. And the more access points that are concentrated in a given area (think of them almost like receptor sites), the more this virus gets to hop around and spread infection.

The scientists behind this creation have discovered that the more dense a population, the more relevant is the connectivity between devices, as opposed to how easy it was for the virus to get into access points.

Access points are inherently vulnerable, and Chameleon had no problem locating weak visible access points from wherever it was at, and it also avoided detection.

“When Chameleon attacked an AP it didn’t affect how it worked, but was able to collect and report the credentials of all other WiFi users who connected to it,” explains Professor Alan Marshall in an article on Forbes.com. He added that this malware pursued other WiFi APs to connect to and infiltrate.

The scientists made this virus subsist only on the network—a realm where anti-virus and anti-malware systems typically do not scavenge for invaders. Protective software seeks out viruses on your device or online. Thus, Chameleon earns its name.

Think of this virus like the burglar who goes from house to house overnight, jiggling doorknobs to see which one is unlocked. WiFi connections are like unlocked doors, or locked doors with rudimentary locks.

Chameleon’s creators have come up with a virus that can attack WiFi networks and spread its evil fast. The researchers now want to come up with a way to tell when a network is at imminent risk.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

College bound kids: protect your identity

/in , /by

The good old days were when today’s college kids’ parents lugged their typewriters into their dorm room, and they communicated to people via the phone on their room’s wall. Their biggest worry was someone stealing their popcorn maker. Nowadays, college kids need to beware of remote invasions by thieves.

http://www.dreamstime.com/stock-photos-identity-theft-red-words-binary-code-computer-monitor-image39907813Major educational institutions have reported numerous data breaches; they come from criminals but also result from professors being careless with laptops and students on open WiFi.

Why are colleges hotspots for hackers? There’s all sorts of users on insecure networks, not to mention a wealth of data. So it’s no longer just warning your kids not to walk the campus alone at night or to stay away from drugs and alcohol.

Students can have a tendency to reuse the same password—anything to make college life less hectic. All accounts should have a different password. And don’t use a password like GoSpartans. Make it nonsensical and full of different characters.

Social engineering. College kids can be easily tricked into making the wrong clicks. A malicious e-mail can pose, for instance, as something from the university. The student gets suckered into clicking on a link that then downloads the computer with malware. A student may be tricked into clicking on a “video link” to view something hot, only to instead download a virus.

Students should look for signs of a scam like bad grammar and spelling in the “official notice” and other suspicious things. Though it’s of utmost importance to have antivirus and antimalware, these won’t stop a thief from using the student’s credit card number after the student is tricked into giving it on a phony website.

College kids also have a tendency to go nuts on social media, posting continuous updates of their day-to-day actions. If the student’s Facebook page is chockfull of personal information, a crook who has the student’s e-mail address could use this information to figure out the student’s answer to security questions and then gain entry to their accounts. This is why two-factor authentication is so important. The thief can’t possibly bust into an account if they need a special one time PIN code with the password usually delivered via a text on their mobile.

Unprotected Wi-Fi. Not all campuses provide secure Wi-Fi, and the presence of antivirus, antiphishing, antispyware and firewalls don’t guarantee all levels of protection. To play it safe, students should never visit bank account sites, insurance carrier sites and other such sites while using public Wi-Fi. Better yet install Hotspot Shield to lock down and encrypt any unsecured WiFi.

Connection salad. Campuses are full of all sorts of connected devices, from phones and tablets to nutrition trackers and other gadgets. Everyone has a device, creating a hodgepodge of connections that puts students and everyone else on campus at risk for a data breach. These Internet of Things devices need their latest software updates and firmware updates. Keep them safe from physical theft too. Shut them off when not in use.

Password protect devices: We lose stuff and stuff gets stolen. While it is certainly more convenient to not password protect a mobile, laptop or tablet, it is also an identity waiting to be stolen. Everything needs a password and don’t share that password with anyone but parents. Because when you are sleeping some night, a drunk college dormate will come log in and start posing as you on social posting disparaging stuff that will last forever.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

How to see and boot off Someone using your WiFi

/in , /by

You were taught to share your toys as a young child, but this doesn’t apply to letting others use your Wi-Fi. The difference between sharing the plastic shovel and sharing the wireless connection is that with the latter, who’s to say that the “thief” won’t eventually crash in on your private information? And don’t forget that not only will this sharing possibly slow down your connection, but there could be legal repercussions if this moocher uses your connection for bad deeds.

2WHow can you spot a moocher?

  • Log into your computer’s router’s administrative console: Type its IP address straight into the browser address bar. Don’t know the router’s default address? Go to (Start > Run/Search for cmd) and then enter ipconfig.
  • The address you want will be next to Default Gateway, under Local Area Connection.
  • Mac users can locate the address by going to System Preferences, then beneath that, Network. If you’re using Ethernet it’ll be next to “Router:” and if you’re using Wi-Fi, click on “Advanced…” and go to “TCP/IP.”
  • Point browser to the address; enter your login details. If you’ve never changed the default settings, the login should be a combination of “password” and “admin” or blank fields.
  • Locate a section for wireless status or connected devices. Here you’ll find a table with details including the IP and MAC address of all devices currently connected to the router.
  • To find moochers, check that list against your gear.
  • To find the MAC/IP address of your computer, go to the Command Prompt and enter ipconfig /all. The MAC address will show as the physical address.

How to Help Prevent Mooching

  • Implement a strong password; use WPA2 or WPA, not WEP.
  • Turn off the SSID broadcast.
  • An alternative to the prior point is to set a filter up for blocked or allowed devices by MAC address.
  • Whenever on free public WiFi use Hotspot Shield to mask and encrypt all your data as it fly’s through the air.

If you want to find out just who is getting a free ride on your wireless, use MoocherHunter. This tool will locate the source within two meters of accuracy. Tracking down the culprit will prove handy if the moocher has been getting you in trouble by using your network for illegal activities.

On the other hand, if the lectures about sharing your toys still ring loud in your head, why not make lemonade out of this lemon by using a third-party firmware alternative to run a public hotspot? You can then offer for-pay Internet access points that come from your consumer router. Another option is to get a Fonera router. If you share some of your home WiFi, the Fonera router will grant you free roaming at Fon Spots all over the world.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Big ISP free Wi-Fi hazardous to your Data Health

/in , /by

Beware of “Free Wi-Fi” or “Totally Free Internet,” as this probably IS too good to be true. These are likely set up by thieves to trick you into getting on a malicious website.

3WAT&T and Xfinity have provided many free hotspots for travelers to get free Wi-Fi: all over the country. Sounds great, right? However, these services make it a piece of cake for thieves to gain access to your online activities and snatch private information.

AT&T sets mobile devices to automatically connect to “attwifi” hotspots. The iPhone can switch this feature off. However, some Androids lack this option.

Cyber thugs can set up fake hotspots called “evil twins”, which they can call “attwifi,” that your smartphone may automatically connect to.

For Xfinity’s wireless hotspot, you log into their web page and input your account ID and password. Once you’ve connected to a particular hotspot, it will remember you if you want to connect again later in that day, at any “xfinitywifi” hotspot and automatically get you back on.

If someone creates a phony WiFi hotspot and calls it “xfinitywifi,” smartphones that have previously connected to the real Xfinity network could connect automatically to the phony hotspot—without the user knowing, without requiring a password.

None of this means that security is absent or weak with AT&T’s and Xfinity’s networks. There’s no intrinsic flaw. It’s just that they’re so common that they’ve become vehicles for crooks.

Smartphones and Wi-Fi generate probe requests. Turn on the device’s WiFi adapter. It will search for any network that you’ve ever been connected to—as long as you never “told” your device to disregard it. The hacker can set the attack access point to respond to every probe request.

Your device will then try to connect to every single WiFi network it was ever connected to, at least for that year. This raises privacy concerns because the SSIDs that are tied with these probe requests can be used to track the user’s movements.

An assault like this can occur at any public WiFi network. These attacks can force the user to lose their connection from their existing Wi-Fi and then get connected to the attacker’s network.

Two ways to protect yourself:

#1 Turn off “Automatically connect to WiFi” in your mobile device, if you have that option.

#2 the best way to protect and encrypt all your data in your laptop, tablet, or mobiule is via Hotspot Shields software to encrypt all your data even if you automatically connect to a free WiFi.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

WiFi world wide a Big Security Issue

/in /by

Do you access your various financial or social media accounts, or other private accounts such as e-mails with your doctor, at public computer stations? At the coffee house or hotel, for instance? Boy, are you ever setting yourself up for cybercrime including identity theft.

3WWhat usually happens is that the criminals establish Wi-Fi hotspots that trick people into thinking they are legitimate public Wi-Fi locations—people take the bait and log on. The crooks can then watch your communications through their Wi-Fi access points, and steal your personal information like passwords and credit card numbers.

A computerweekly.com report warns that anything you send via a public Wi-Fi may potentially fall into the hands of fraudsters.

One of the scams is that a criminal will get in the middle of a transaction between a user and a website, then intercept in tricky ways to steal the user’s data.

A Few Experiments

  • The security firm, First Base Technologies, did an experiment in November 2013. The public participants had no idea that thieves could set up rogue wireless points of access that fake out users as being valid connection points.
  • The participants were also shocked to learn that their exchanged information was not encrypted.
  • FBT did another experiment using its private wireless network and numerous mobile applications. FBT was easily able to use the apps to invade other smartphones on the same network.
  • One of these apps was a setup to get the participants to use the “attacking” smartphone as their portal to the Internet. This meant that the attacking device siphoned all the traffic and was able, in many instances, to remove encryption from supposedly secure connections.

This weakness in knowledge in the user, and in the security of public Wi-Fi, needs to be addressed by—obviously—the user and the providers of public Wi-Fis, plus business organizations that rely on public Wi-Fis.

Another survey in the same article found that 34 percent of PC users said that they do not take special precautions to safeguard their online interactions when using public Wi-Fi. Just 13 percent do take the time to inspect encryption prior to making a connection to a particular point.

So how can you protect yourself when using public Wi-Fi?

  • If you must absolutely use public Wi-Fi for activities involving highly sensitive information, make sure that the Wi-Fi network is secure and trusted.
  • Before you get onto any website, check the URL field to make sure that there is an “https” (not “http”) AND a padlock icon; these indicate the site is secure. Also check the security certificate.
  • Make sure that every device that you own has full protection such as antivirus and a firewall.
  • Use a reputable virtual private network such as Hotspot Shield to secure your device for public Wi-Fi use.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Leaky WiFi leaks App data

/in , /by

Recently a settlement was obtained between 2 companies with the FTC. The charge was that these organizations failed to secure their mobile apps, which put consumer’s private data at risk.

5WThe FTC says that these companies disabled the SSL certificate validation. This default process confirms that an application’s communications are secure.

Because the SSL was disabled, the apps were made prone to cyber attacks, in which crooks could steal data like SSNs, home addresses and credit card information.

These attacks are the man-in-the-middle type and are a particular threat to unprotected public Wi-Fi (hotels, coffee houses, etc.).

If you use your mobile on an unguarded network, a crook can get in between you and the site you want to visit, and pose as you and communicate with the intended site. Posing as you, he can then manipulate your data. The scoundrel can also make your mobile visit a fraudulent site that you think is legitimate and lure you into entering personal information.

A website is secure if the site address begins with “https.” However, the smartphone’s small browser discourages users from checking this. And crooks know this.

Of particular interest to criminals is texting between banks and companies that utilize a one-time password. The crook can intercept this transaction and gain access to sensitive data. He can actually redirect an intended wire transfer to his account.

All of this can be avoided by avoiding online financial transactions with a mobile device on public Wi-Fi. Don’t even visit your bank’s site. Also don’t send personal information via e-mail on public Wi-Fi. If you must conduct mobile transactions in public, buy a Wi-Fi device, get a VPN like Hotspot Shield or use your carrier’s 3G or 4G network.

Finally, install anti-malware programs on your mobile, especially if it’s an Android. Don’t just sit back and assume that the app makers, app sellers and other businesses are going to take care of all of this for you.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.