Posts

3 Wi-Fi Myths That Put Your Data at Risk

The holidays are over, the Consumer Electronics Show has passed, and now you have all these new shiny wireless gadgets you’re just itching to play with. Now, before you go and connect to the internet, please understand that it’s all fun and games until someone gets hacked. And many times, this means when you are using wireless.

But it’s often the security lies that can get us in the most trouble, and today I’m exposing them.

Hiding your SSID is bunk. Your router’s Service Set Identifier (SSID) is its broadcasted signal, and by default it might be called “Linksys,” “Belkin,” “Netgear” and so on. Or some people customize the SSID and name it “My Neighbor Should Clean His Yard.” Lots of security articles will tell you that one way to secure your wireless is to hide it or turn off its broadcasting. But really, this doesn’t help. There are a plethora of tools that can detect your hidden wireless network, so this presents a false sense of security. Broadcast your signal, but encrypt it.

The idea that Wired Equivalent Privacy (WEP) is “good enough” is bunk. WEP is bad enough in that if you use it to encrypt your wireless network, you might have your neighbor (the one who should clean his yard) hacking into your network and placing spyware on your devices so he can frame you for crimes you didn’t commit so you can go to jail and find that his lawn hygiene is the least of your problems. WEP is a dinosaur that was extinct a long time ago. Use WPA2 encryption and live happily ever after.

Turning off file sharing when using public Wi-Fi is partly bunk. Yes, you should turn off shared files on your devices when you leave your home network and access a public network, but that’s not going to protect all of your files. If you are on a shared public network without any encryption—which is what makes it public—then the data you share over Wi-Fi is vulnerable. When using public Wi-Fi, download a free program called Hotspot Shield to encrypt all wireless communications on your Windows, Mac, iOS and Android.

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures

5 Ways To Protect Your Data On Public Wi-Fi

Wireless connections can cost hundreds of dollars annually, so it makes fiscal sense that many people seek out free connections when they are out and about. But free doesn’t necessarily mean secure.

By now you’ve heard all the warnings that publicly connected Wi-Fi, such as that found in coffee shops, airports and hotels, are vulnerable to sniffers. Sniffers read the wireless data as it is transmitted through the air and convert it into words, numbers and computer code so other devices and administrators (including those with poor intentions) can read it.

Public Wi-Fi usually means that access is free and not password protected—which often means the Wi-Fi is unsecured, unprotected, unencrypted and just plain open.

Here’s how you can protect your data when out on a public network.

#1. Turn on automatic Windows Updates. In older versions of the Windows XP operating system, updates were all manual. With Windows XP SP2, updates are automatic by default. Windows Vista, 7 and 8 all have auto updates on by default. Keep it that way—there’s a reason for that. The reason is that attackers use certain software programs to search out vulnerabilities from outdated, unpatched systems.

#2. Turn off file sharing. On an encrypted home network, it’s reasonable to share files and folders with everyone in your family or with all the devices you access from different locations of your home and office. However, when you are out and about and accessing unsecured Wi-Fi, your data will be vulnerable due to settings in your firewall. With new Windows versions, you can specify whether or not you are on a “home” network, as opposed to a “public” network. Choose wisely; Microsoft has all the information here. At the most basic level, it is best to turn off all file sharing when heading out. Depending on your operating system, use these instructions from Carnegie Mellon to find out more.

#3. Don’t automatically connect to Wi-Fi networks. When initially connecting to a wireless network, we are often faced with a checkbox or option to “automatically connect” to the network in the future. Uncheck this and always manually connect. If your home network is “Netgear” and you are somewhere and your device sees another network named “Netgear,” your device will connect to its namesake—which may not necessarily be as safe, potentially leaving your device vulnerable to anyone monitoring that new network.

#4. Confirm the network you are connecting to. Granted, this is easier said than done. There are rogue networks called “evil twins” that criminals set up; they are designed to lure you into connecting by spoofing the name of a legitimate network. For example, you may use what you see as “Starbucks Wi-Fi” to connect while you’re sipping your latte, but you may also see a listing for “FREE Starbucks Wi-Fi.” Which one—if either—is for real? Such setups are designed to lure you in—and once connected, your data might get filtered through a criminal’s device.

#5. Use a freeVPN for Wi-Fi security like Hotspot Shield. Hotspot Shield creates a virtual private network (VPN) between your laptop or iPhone and our Internetgateway. This impenetrable tunnel prevents snoopers, hackers and ISPs from viewing your web browsing activities, instant messages, downloads, credit card information or anything else you send over the network.

Robert Siciliano is an Identity Theft expert consultant to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning AmericaDisclosures.

Should I Give Them My Data?

We’ve heard lots and lots about data breaches in the last decade. And with the term “cloud” becoming more prevalent (which, incidentally, just refers to a computer server connected to the internet), people are asking how secure their data is on the various websites they agree to host it.

For example, online banking, online backup, social media, email and the various free services you may subscribe to are cloud-based and house lots of personal information. But are they secure? The answer is, “It depends.”

For example, BillGuard utilizes bank-level 256-bit AES encryption (the same level of encryption approved by the National Security Agency for storing top-secret data) for all communications and data processing; it also is performed on servers isolated from direct access to the Internet. (That additional level of security is also very important.) BillGuard’s systems are monitored by its own security staff 24/7 and audited daily by VeriSign and McAfee Secure, and a company called Security Art performs regular penetration testing to preemptively ward off data intrusion.

Furthermore, BillGuard does not store your credit/debit card account login credentials or ask for any personally identifiable information beyond an email address (for alerts) and your zip code. Not storing your data is good too.

Chances are, your bank uses the same level of security too. Deciding if you should give up your data depends on the potential risk and return. Do you give your credit card number to a waitress for a burger? You probably shouldn’t, but you do. Do you give your Social Security number to an insurance agent for identification on your policy? We pretty much have to hand over our data for services, and if you want to protect the data, we really should hand it over to companies that are in the business of protecting it—as long as they are responsible with it.

So when deciding to “give it up,” I say you should see what security measures these parties have in place and then decide. I’m sure your waitress has it all covered, anyway.J

Robert Siciliano is a personal security expert & adviser to BillGuard and is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video. Disclosures.