Posts

5 Ways to Protect Yourself from Hackers on Airline WiFi

When getting on a flight many business professionals connect online. It’s common these days to see a number of people on an airplane busy at their laptops—business-looking people dressed in suits, eyes pasted to spreadsheets, charts, graphs and other grinding tasks.

4WHow many know that their company’s data can be snatched out of thin air, literally?

Here’s the thing: If you are connecting to WiFi on a plane and have all these company secrets on your device and all this client data, there is a solid chance you are risking information. Savvy business travelers may not be savvy about security—or, specifically, the lack thereof in airplane WiFi.

When logging onto an airplane WiFi, there isn’t any encryption preventing other users from seeing your data. The majority of the security in airplane WiFi is built into the payment system to protect your credit card. Beyond that, you’re pretty much left to the dogs.

The plane’s WiFi service comes in cheap (something like $12.95), but with a cost: no protection. Other people can see your or your company’s trade secrets and other private information. If the airline boasts there IS security, they mean for your credit card. Not much more.

Another thing travelers usually don’t know is that when they boot up their device, they may be tricked into selecting a particular connection (wireless network), without knowing that this network has been set in place by a hacker, they call this an “evil twin”. If you connect to it, your data is his to see.

GoGo is an in-flight WiFi service that a researcher says was using phony Google SSL certificates that interfered with passengers’ ability to get video streaming services but more alarming it was reported it also allowed data leakage. In short, GoGo made it look like this was coming from Google.

GoGo was called on this. In a report on theregister.co.uk, GoGo’s chief technology officer explains that the company’s feature did not snatch data from passengers, and that it only served the purpose of blocking streaming services. They said that GoGo simply wanted to upgrade network capacity for air travel passengers, and that they don’t support video streaming. Still, not cool.

How can airline passengers protect their data?

  • When you’re not using WiFi, when it’s time to nap or read some nonsense about the Kardashians in a print magazine, go to your wireless manager and disable the WiFi connection with a right-click. Your laptop may also have a keyboard key to do this.
  • If you must absolutely use public Wi-Fi for activities involving highly sensitive information, make sure that the Wi-Fi network is secure and trusted.
  • Before you get onto any website, check the URL field to make sure that there is an “https” (not “http”) AND a padlock icon; these indicate the site is secure. Also check the security certificate.
  • Make sure that every device that you own has full protection such as antivirus and a firewall.
  • You can also use encryption. Encryption scrambles your data so that it appears to be gibberish to any hackers or snoops wanting to get ahold of it. Encryption comes in the form of a virtual private network, such as that offered by Hotspot Shield. It’s free and will scramble (encrypt) all of your online activity such as things you download, purchases, etc. This provides an impenetrable shield that guards your online actions.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

How to see and boot off Someone using your WiFi

You were taught to share your toys as a young child, but this doesn’t apply to letting others use your Wi-Fi. The difference between sharing the plastic shovel and sharing the wireless connection is that with the latter, who’s to say that the “thief” won’t eventually crash in on your private information? And don’t forget that not only will this sharing possibly slow down your connection, but there could be legal repercussions if this moocher uses your connection for bad deeds.

2WHow can you spot a moocher?

  • Log into your computer’s router’s administrative console: Type its IP address straight into the browser address bar. Don’t know the router’s default address? Go to (Start > Run/Search for cmd) and then enter ipconfig.
  • The address you want will be next to Default Gateway, under Local Area Connection.
  • Mac users can locate the address by going to System Preferences, then beneath that, Network. If you’re using Ethernet it’ll be next to “Router:” and if you’re using Wi-Fi, click on “Advanced…” and go to “TCP/IP.”
  • Point browser to the address; enter your login details. If you’ve never changed the default settings, the login should be a combination of “password” and “admin” or blank fields.
  • Locate a section for wireless status or connected devices. Here you’ll find a table with details including the IP and MAC address of all devices currently connected to the router.
  • To find moochers, check that list against your gear.
  • To find the MAC/IP address of your computer, go to the Command Prompt and enter ipconfig /all. The MAC address will show as the physical address.

How to Help Prevent Mooching

  • Implement a strong password; use WPA2 or WPA, not WEP.
  • Turn off the SSID broadcast.
  • An alternative to the prior point is to set a filter up for blocked or allowed devices by MAC address.
  • Whenever on free public WiFi use Hotspot Shield to mask and encrypt all your data as it fly’s through the air.

If you want to find out just who is getting a free ride on your wireless, use MoocherHunter. This tool will locate the source within two meters of accuracy. Tracking down the culprit will prove handy if the moocher has been getting you in trouble by using your network for illegal activities.

On the other hand, if the lectures about sharing your toys still ring loud in your head, why not make lemonade out of this lemon by using a third-party firmware alternative to run a public hotspot? You can then offer for-pay Internet access points that come from your consumer router. Another option is to get a Fonera router. If you share some of your home WiFi, the Fonera router will grant you free roaming at Fon Spots all over the world.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Big ISP free Wi-Fi hazardous to your Data Health

Beware of “Free Wi-Fi” or “Totally Free Internet,” as this probably IS too good to be true. These are likely set up by thieves to trick you into getting on a malicious website.

3WAT&T and Xfinity have provided many free hotspots for travelers to get free Wi-Fi: all over the country. Sounds great, right? However, these services make it a piece of cake for thieves to gain access to your online activities and snatch private information.

AT&T sets mobile devices to automatically connect to “attwifi” hotspots. The iPhone can switch this feature off. However, some Androids lack this option.

Cyber thugs can set up fake hotspots called “evil twins”, which they can call “attwifi,” that your smartphone may automatically connect to.

For Xfinity’s wireless hotspot, you log into their web page and input your account ID and password. Once you’ve connected to a particular hotspot, it will remember you if you want to connect again later in that day, at any “xfinitywifi” hotspot and automatically get you back on.

If someone creates a phony WiFi hotspot and calls it “xfinitywifi,” smartphones that have previously connected to the real Xfinity network could connect automatically to the phony hotspot—without the user knowing, without requiring a password.

None of this means that security is absent or weak with AT&T’s and Xfinity’s networks. There’s no intrinsic flaw. It’s just that they’re so common that they’ve become vehicles for crooks.

Smartphones and Wi-Fi generate probe requests. Turn on the device’s WiFi adapter. It will search for any network that you’ve ever been connected to—as long as you never “told” your device to disregard it. The hacker can set the attack access point to respond to every probe request.

Your device will then try to connect to every single WiFi network it was ever connected to, at least for that year. This raises privacy concerns because the SSIDs that are tied with these probe requests can be used to track the user’s movements.

An assault like this can occur at any public WiFi network. These attacks can force the user to lose their connection from their existing Wi-Fi and then get connected to the attacker’s network.

Two ways to protect yourself:

#1 Turn off “Automatically connect to WiFi” in your mobile device, if you have that option.

#2 the best way to protect and encrypt all your data in your laptop, tablet, or mobiule is via Hotspot Shields software to encrypt all your data even if you automatically connect to a free WiFi.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

WiFi world wide a Big Security Issue

Do you access your various financial or social media accounts, or other private accounts such as e-mails with your doctor, at public computer stations? At the coffee house or hotel, for instance? Boy, are you ever setting yourself up for cybercrime including identity theft.

3WWhat usually happens is that the criminals establish Wi-Fi hotspots that trick people into thinking they are legitimate public Wi-Fi locations—people take the bait and log on. The crooks can then watch your communications through their Wi-Fi access points, and steal your personal information like passwords and credit card numbers.

A computerweekly.com report warns that anything you send via a public Wi-Fi may potentially fall into the hands of fraudsters.

One of the scams is that a criminal will get in the middle of a transaction between a user and a website, then intercept in tricky ways to steal the user’s data.

A Few Experiments

  • The security firm, First Base Technologies, did an experiment in November 2013. The public participants had no idea that thieves could set up rogue wireless points of access that fake out users as being valid connection points.
  • The participants were also shocked to learn that their exchanged information was not encrypted.
  • FBT did another experiment using its private wireless network and numerous mobile applications. FBT was easily able to use the apps to invade other smartphones on the same network.
  • One of these apps was a setup to get the participants to use the “attacking” smartphone as their portal to the Internet. This meant that the attacking device siphoned all the traffic and was able, in many instances, to remove encryption from supposedly secure connections.

This weakness in knowledge in the user, and in the security of public Wi-Fi, needs to be addressed by—obviously—the user and the providers of public Wi-Fis, plus business organizations that rely on public Wi-Fis.

Another survey in the same article found that 34 percent of PC users said that they do not take special precautions to safeguard their online interactions when using public Wi-Fi. Just 13 percent do take the time to inspect encryption prior to making a connection to a particular point.

So how can you protect yourself when using public Wi-Fi?

  • If you must absolutely use public Wi-Fi for activities involving highly sensitive information, make sure that the Wi-Fi network is secure and trusted.
  • Before you get onto any website, check the URL field to make sure that there is an “https” (not “http”) AND a padlock icon; these indicate the site is secure. Also check the security certificate.
  • Make sure that every device that you own has full protection such as antivirus and a firewall.
  • Use a reputable virtual private network such as Hotspot Shield to secure your device for public Wi-Fi use.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Leaky WiFi leaks App data

Recently a settlement was obtained between 2 companies with the FTC. The charge was that these organizations failed to secure their mobile apps, which put consumer’s private data at risk.

5WThe FTC says that these companies disabled the SSL certificate validation. This default process confirms that an application’s communications are secure.

Because the SSL was disabled, the apps were made prone to cyber attacks, in which crooks could steal data like SSNs, home addresses and credit card information.

These attacks are the man-in-the-middle type and are a particular threat to unprotected public Wi-Fi (hotels, coffee houses, etc.).

If you use your mobile on an unguarded network, a crook can get in between you and the site you want to visit, and pose as you and communicate with the intended site. Posing as you, he can then manipulate your data. The scoundrel can also make your mobile visit a fraudulent site that you think is legitimate and lure you into entering personal information.

A website is secure if the site address begins with “https.” However, the smartphone’s small browser discourages users from checking this. And crooks know this.

Of particular interest to criminals is texting between banks and companies that utilize a one-time password. The crook can intercept this transaction and gain access to sensitive data. He can actually redirect an intended wire transfer to his account.

All of this can be avoided by avoiding online financial transactions with a mobile device on public Wi-Fi. Don’t even visit your bank’s site. Also don’t send personal information via e-mail on public Wi-Fi. If you must conduct mobile transactions in public, buy a Wi-Fi device, get a VPN like Hotspot Shield or use your carrier’s 3G or 4G network.

Finally, install anti-malware programs on your mobile, especially if it’s an Android. Don’t just sit back and assume that the app makers, app sellers and other businesses are going to take care of all of this for you.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

How to safely and securely recycles Devices

Don’t just throw out your old devices; take measures to protect your personal information.

13DBack Up

Before ridding your device, back up everything on it—everything. Use an automated PC service and/or a flash drive. For the iOS and Android, activate Apple’s iCloud or the Google Auto Backup service.

Wipe

Wiping refers to removing all your data. Simply hitting “delete” or reformatting the hard drive won’t do. I purchased 30 used computers off Craigslist, scoured their hard drives with a forensics expert, and discovered that half of the devices—that had been reformatted—still had personal information.

To wipe Windows PCs, you can use Active KillDisk. For Macs, use the OS X Disk Utility or WipeDrive. “A factory reset should be enough to secure most recent smartphones, provided that you remove any SIM cards that could contain personal info. To be super safe, use Blancco Mobile to wipe the iOS or Android.

Destroy

If you can’t wipe the device, destroy it if you don’t plan on donating or reselling. For example, I recently recycled a laptop that was missing its power supply, so there was no way to turn it on and wipe the disc. Instead I removed the hard drive with a screwdriver, and then took a sledgehammer to it. (Aside from protecting my personal data, it was also a lot of fun.)

Recycle
Ask the recycling company just who does the downstream recycling so that your e-waste doesn’t find its way into a foreign landfill. Make sure the company is part of R2 (Responsible Recycling) or e-Stewards certification programs.

Keep Records

Make sure you document donations with a receipt so that the IRS can give you a little return.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

7 Lies You tell Yourself about Your Wifi

…think again, even if most of your wireless network activities revolve around your personal and family life. There are seven lies about wireless protection; have you fallen prey to any of them?

1W#1 “I’m protected with my password.”

Even an amateur hacker can get past a password. Don’t think that WEP (wired equivalent privacy) can keep out hackers. It’s outdated. Its encryption abilities are flawed. Avoid WEP. Use WPA or WPA2. If you are on a free Wifi get Hotspot Shield VPN which protects your entire wireless session.

#2 “My ISP set up my wireless network, so it must be safe.”

Do you really think that big stupid cable company that’s can’t get a simple customer service call right really has your back? Many ISPs and equipment makers often use WEP as default protection—even big ISPs. Technicians who install your service usually do not automatically install a stronger encryption technology, and you end up getting hacked.

Nevertheless, ISPs and equipment manufacturers are slowly coming around to realizing this problem. More recent wireless gateways and also routers are using WPA for the default. If you have WEP, you may need to change it manually. Don’t assume you automatically have WPA. Find out if you have WEP or WPA. If your router is old, you may need to buy a new one to get WPA.

#3 “Breaking into my wireless is too expensive and difficult.”

Not anymore. A determined hacker can use a plain ‘ol laptop to crack long passwords. Tools are available for free or just a few bucks to do all the dirty work. All Mr Hacker needs to get going is to download free tools to carry out the deed.

#4 “Nobody wants to bother hassling around trying to break into my wireless; it’s not worth it.”

It may seem complicated to you, but not to an experienced hacker. Give him just 5-10 minutes and your wireless network could be in his hands. Even a beginner hacker could crack through your network in under an hour, courtesy of online tutorials. You need superb protection, not just good.

#5 “My credits no good, I’m small potatoes. Nobody is paying attention to me. I’m safe.”

A bored hacker who wants some fun doesn’t care if your data is highly sensitive government information or your kid’s soccer team standings. Just knowing he busted into your private life is enough to thrill him.

#6 “I have firewalls and my computer is patched.”

A “man-in-the-middle” attack can gain a hacker invasion of your communications. This type of attack is stealthy and slick, bypassing the victim’s human radar.

#7 “I’ll see a hacker in front of my house and stop him.”

No, you won’t. Your wireless boundaries don’t stop at your front door; they can extend to neighboring space, meaning that your signal “bleeds” out—horizontally and even vertically. Savvy users know they can stretch the bleed into a few blocks’ distance via cheap antennas. So down your street your attacker may be sitting inconspicuously in his car.

Hopefully your awareness of these lies you tell yourself has prompted you to take measures to upgrade your wireless network’s security with the right design and implementation.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

WiFi Security Truths and Falsehoods

Security truths evolve—meaning, they change, and you must keep up with this, particularly with wireless security. Advice for wireless security can quickly become outdated. There are actually three big wireless security myths swirling around.

3W#1. Limit the IP address pool to restrict number of devices that can connect.

Even if your cable company tech recommends this, it’s no good. The unfounded idea is that when the range of allowable IP addresses is limited, this makes it hard for hackers to connect. However, the size of the pool doesn’t matter because hackers can just determine which IP addresses are open and use those.

#2. Hide your network’s SSID to conceal it from hackers.

Nope, this won’t work either. Wireless routers broadcast their service set identifiers (SSIDs); your device shows these so you can see which Wi-Fi options are in range. The idea is to hide your network’s SSID to prevent hackers passing by from using them.

However, most devices today see networks even if the SSID is concealed. An apparently unavailable SSID won’t stop a hacker. If you think there’s no harm in blocking the SSID nevertheless, think again: Hiding it may make your network more appealing to the criminal, kind of like hiding the cookie jar—something must be pretty rewarding in there.

#3. Enable MAC address filtering to select who can connect.

Sounds like a plan, but it isn’t: Using router settings to enter the MAC (media access control) address of every device that connects to your network; entering the MAC address will permit only users with these addresses to gain access to your router, thereby keeping hackers off-limits.

But forget this hassle because all a hacker need do is analyze a network, identify allowable MAC addresses, and he’s in.

Security that actually works

  • Go for encryption—and the best, at that—for your router. The best currently is WPA2. Coupled with a strong password, this is a winning security plan. A strong password has at least 12 characters combining letters (upper and lower case), numbers and symbols. Get new hardware if your router doesn’t support WPA2.
  • VPN—a virtual private network such as Hotspot Shield VPN provides private communication over a public network. Transmissions of sensitive data will be private, such as between you (at home) and your employer.
  • VPN again, but this time, one you can use for when you’re using your device in unprotected public realms such as an airport or coffee shop. Using your device in public makes your data vulnerable to hijacking. This type of VPN protects you from hackers and other voyeurs from peeping in on your web surfing activities, credit card information, messages, etc.

Protect all your web surfing activities with a VPN, which secures your connection not only at home but in public (wired and wireless). Your identity is protected with a free proxy by providing HTTPS to secure all of your online transactions.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Small Business Protect Your Wifi

With Wi-Fi, your data is literally in the air, up for grabs by anyone with the right tools. It needs protection from nearby users who may want to freeload off you (which can slow you down) or…hijack your accounts. You need encryption.

1WEspecially when you’re connected in airports, hotels, coffee shops, etc., almost always the connection is not secure.

Wi-Fi Security Options

Varying security levels are provided by WEP, WPA and WPA2. WEP is not secure. WPA provides moderate protection. WPA2 is the best. But you can use both WPA and WPA2. Use the “personal mode” (for one or two users) of WPA/WPA2 with a long, non-dictionary word passphrase.

For more than a few users, the “enterprise mode” is suitable, but requires a server. It has stronger security than personal, and each Wi-Fi user has his or her own password and username. Enterprise prevents snooping and hijacking among your organization’s employees.

Personal: To enable personal mode WPA2 on a wireless router, create a passphrase on access points or the wireless router. Type the IP address of each AP or router into a web browser to log into the control panel of each AP or router. Then enable WPA2-Personal with encryption/cypher type by finding the wireless security settings. Create a non-dictionary-word long passphrase—which is required to connect to the Wi-Fi.

Enterprise: You need a RADIUS server to get WPA/WPA2-Enterprise going. A hosted service will set up the server if you can’t. Some APs have built-in RADIUS servers. After the RADIUS server is all set up, input a password (shared secret), etc., for each AP or router. Input usernames and PWs for your organization’s Wi-Fi users into the RADIUS server.

Configure each AP or router with authentication and security settings. Log into the control panel of each AP or router by typing its IP address. Find the wireless security settings; enable the enterprise WPA2 (“WPA2”). Enter the IP address; input the password (shared secret). Users can now connect.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.