Posts

Risks of Public WiFi

Wired internet or wireless WiFi, the warnings are out there: Don’t visit any websites that you have important accounts with when using a public computer (hotel, airport, café, etc.).

3WVisiting even a more trivial account, such as an online community for cheese lovers, could sink you—in that a cyber thief might get your username and password—which are the same ones you have for your bank account, PayPal and Facebook.

Why is public Wi-Fi such a bad thing for shopping and banking and other such activities?

Snooperama

  • As already touched on, a roving hacker could glean your username and password, or credit card number and its three-digit security code when you do online shopping, because the cyber communications of public Wi-Fi are not encrypted. They are not protected or scrambled up. The cybersnoop can thus see what everyone’s passwords, usernames and account information is.
  • Hackers can also see what sites you’re visiting and what you’re typing on those sites.

If you plan on using public Wi-Fi, make sure your device has full protective software including a firewall (and you should always have these anyways).

When connecting to public Wi-Fi, always choose the “public” network rather than the “home” or “work” options when using Windows. This will prevent Windows from sharing files.

If you absolutely must conduct work or personal business while on public Wi-Fi, then use a VPN: virtual private network; it scrambles communication into gibberish by encrypting it.

Malicious Locations for the Wi-Fi

Don’t assume that a hacker is far away when he snoops for something to steal. For instance, the “hotspot” to connect online may have been set up by a thief like a spider in a web waiting for flies. Additional ways a hotspot could be malicious:

  • HTTP connections can be hijacked by software called sslstrip. This software generates copycat links—a domain name that looks just like the authentic one, but appearances are deceiving because these imposter domain names use different characters.
  • Hackers can use the Wi-Fi Pineapple to set up the attacks mentioned above. The Pineapple is on the lookout for when a laptop is trying to connect to a network it recalls, barges in and claims the summoning. Pineapple is now in a position to perform additional attacks.

Hack Prevention

  • Avoid online activity using public Wi-Fi with important accounts. If their site has HTTPS with the padlock icon there is a degree of security here, however, the rule still stands: no public Wi-Fi for important accounts. The only exception to this hard rule is if you have the VPN.
  • Using a VPN will encrypt all of your online activities, freeing you to use public Wi-Fi for anything. Hotspot Shield is a VPN provider that’s compatible with iOS, Android, PC and Mac. It runs quietly in the background.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Things You should and shouldn’t do on Public Wi-Fi

Public Wi-Fi is the location where you can get online: airport, airplane, coffee house, hotel, motel and more. Many people don’t give this a second thought, unaware of how risky this really is.

4WPublic Wi-Fi is very non-secure, a goldmine for hackers who want to steal your identity and commit fraud, destroy your website, you name it. They can do this many ways, including intercepting your activity with an imposter website where you input login details—that the hacker then obtains.

But public Wi-Fi will always be risky as long as its proprietors, such as the coffee house, find that enabling security features hampers ease of use for patrons.

So even if you don’t do banking and shopping online, the wrong person can still see, word-for-word, your e-mail correspondence.

Do’s at a Public Wi-Fi

  • Make sure your devices are installed with antivirus, antimalware and a firewall, all updated.
  • Prior to when you anticipate using public Wi-Fi, consider the nature and amount of sensitive data on your device, maybe remove it (and back it up).
  • Make sure the hotspot is legitimate; speak to the proprietor. Cybercriminals could set up hotspots as “evil twins”.
  • Sit against a wall so that nobody can spy what’s on your screen.
  • If sitting against a wall is not possible, be aware of who’s around you. Cover your hand when typing in login information.
  • Use a privacy screen; this makes it impossible for a “shoulder surfer” to see what’s on your screen while they peak over your shoulder or from the side.
  • Use a VPN: virtual private network. It will encrypt all of your online transactions, making them impossible to decipher by cyber criminals, whether it’s login information, usernames, passwords or e-mail correspondence. Even your IP address will be concealed. Hotspot Shield is a VPN provider, and it’s compatible with Mac, PC, iOS and Android, quietly running in the background after it’s installed.

Don’t’s at a Public Wi-Fi

  • Don’t let your device connect with the first network that “takes.” Instead, select it.
  • Do not keep your wireless card on if you’re not using it.
  • Do not keep your file sharing on.
  • Can you not wait till you’re in a secure location to do banking and other business transactions? No matter how bored you are waiting at the airport or wherever, do not do banking and other sensitive activities.
  • Don’t engage in any serious or sensitive e-mail communications.
  • Never leave your devices unattended for a single second. Not only can someone walk off with them, but a thief can insert a keylogger that records keystrokes.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Beware of scary WiFi Virus

It’s called Chameleon—a computer virus—but maybe it should be called FrankenVirus. You wouldn’t believe what it can do: literally move through the air, as in airborne—like a biological pathogen.

2WAnd like some Franken-creation, it came from a laboratory, cultivated at the University of Liverpool’s School of Computer Science and Electrical Engineering and Electronics.

Chameleon leaps from one WiFi access point to another. And the more access points that are concentrated in a given area (think of them almost like receptor sites), the more this virus gets to hop around and spread infection.

The scientists behind this creation have discovered that the more dense a population, the more relevant is the connectivity between devices, as opposed to how easy it was for the virus to get into access points.

Access points are inherently vulnerable, and Chameleon had no problem locating weak visible access points from wherever it was at, and it also avoided detection.

“When Chameleon attacked an AP it didn’t affect how it worked, but was able to collect and report the credentials of all other WiFi users who connected to it,” explains Professor Alan Marshall in an article on Forbes.com. He added that this malware pursued other WiFi APs to connect to and infiltrate.

The scientists made this virus subsist only on the network—a realm where anti-virus and anti-malware systems typically do not scavenge for invaders. Protective software seeks out viruses on your device or online. Thus, Chameleon earns its name.

Think of this virus like the burglar who goes from house to house overnight, jiggling doorknobs to see which one is unlocked. WiFi connections are like unlocked doors, or locked doors with rudimentary locks.

Chameleon’s creators have come up with a virus that can attack WiFi networks and spread its evil fast. The researchers now want to come up with a way to tell when a network is at imminent risk.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

5 Ways to prevent Airline WiFi from Hackers

When getting on a flight many business professionals connect online. It’s common these days to see a number of people on an airplane busy at their laptops—business-looking people dressed in suits, eyes pasted to spreadsheets, charts, graphs and other grinding tasks.

4WHow many know that their company’s data can be snatched out of thin air, literally?

Here’s the thing: If you are connecting to WiFi on a plane and have all these company secrets on your device and all this client data, there is a solid chance you are risking information. Savvy business travelers may not be savvy about security—or, specifically, the lack thereof in airplane WiFi.

When logging onto an airplane WiFi, there isn’t any encryption preventing other users from seeing your data. The majority of the security in airplane WiFi is built into the payment system to protect your credit card. Beyond that, you’re pretty much left to the dogs.

The plane’s WiFi service comes in cheap (something like $12.95), but with a cost: no protection. Other people can see your or your company’s trade secrets and other private information. If the airline boasts there IS security, they mean for your credit card. Not much more.

Another thing travelers usually don’t know is that when they boot up their device, they may be tricked into selecting a particular connection (wireless network), without knowing that this network has been set in place by a hacker, they call this an “evil twin”. If you connect to it, your data is his to see.

GoGo is an in-flight WiFi service that a researcher says was using phony Google SSL certificates that interfered with passengers’ ability to get video streaming services but more alarming it was reported it also allowed data leakage. In short, GoGo made it look like this was coming from Google.

GoGo was called on this. In a report on theregister.co.uk, GoGo’s chief technology officer explains that the company’s feature did not snatch data from passengers, and that it only served the purpose of blocking streaming services. They said that GoGo simply wanted to upgrade network capacity for air travel passengers, and that they don’t support video streaming. Still, not cool.

How can airline passengers protect their data?

  • When you’re not using WiFi, when it’s time to nap or read some nonsense about the Kardashians in a print magazine, go to your wireless manager and disable the WiFi connection with a right-click. Your laptop may also have a keyboard key to do this.
  • If you must absolutely use public Wi-Fi for activities involving highly sensitive information, make sure that the Wi-Fi network is secure and trusted.
  • Before you get onto any website, check the URL field to make sure that there is an “https” (not “http”) AND a padlock icon; these indicate the site is secure. Also check the security certificate.
  • Make sure that every device that you own has full protection such as antivirus and a firewall.
  • You can also use encryption. Encryption scrambles your data so that it appears to be gibberish to any hackers or snoops wanting to get ahold of it. Encryption comes in the form of a virtual private network, such as that offered by Hotspot Shield. It’s free and will scramble (encrypt) all of your online activity such as things you download, purchases, etc. This provides an impenetrable shield that guards your online actions.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

5 Ways to Protect Yourself from Hackers on Airline WiFi

When getting on a flight many business professionals connect online. It’s common these days to see a number of people on an airplane busy at their laptops—business-looking people dressed in suits, eyes pasted to spreadsheets, charts, graphs and other grinding tasks.

4WHow many know that their company’s data can be snatched out of thin air, literally?

Here’s the thing: If you are connecting to WiFi on a plane and have all these company secrets on your device and all this client data, there is a solid chance you are risking information. Savvy business travelers may not be savvy about security—or, specifically, the lack thereof in airplane WiFi.

When logging onto an airplane WiFi, there isn’t any encryption preventing other users from seeing your data. The majority of the security in airplane WiFi is built into the payment system to protect your credit card. Beyond that, you’re pretty much left to the dogs.

The plane’s WiFi service comes in cheap (something like $12.95), but with a cost: no protection. Other people can see your or your company’s trade secrets and other private information. If the airline boasts there IS security, they mean for your credit card. Not much more.

Another thing travelers usually don’t know is that when they boot up their device, they may be tricked into selecting a particular connection (wireless network), without knowing that this network has been set in place by a hacker, they call this an “evil twin”. If you connect to it, your data is his to see.

GoGo is an in-flight WiFi service that a researcher says was using phony Google SSL certificates that interfered with passengers’ ability to get video streaming services but more alarming it was reported it also allowed data leakage. In short, GoGo made it look like this was coming from Google.

GoGo was called on this. In a report on theregister.co.uk, GoGo’s chief technology officer explains that the company’s feature did not snatch data from passengers, and that it only served the purpose of blocking streaming services. They said that GoGo simply wanted to upgrade network capacity for air travel passengers, and that they don’t support video streaming. Still, not cool.

How can airline passengers protect their data?

  • When you’re not using WiFi, when it’s time to nap or read some nonsense about the Kardashians in a print magazine, go to your wireless manager and disable the WiFi connection with a right-click. Your laptop may also have a keyboard key to do this.
  • If you must absolutely use public Wi-Fi for activities involving highly sensitive information, make sure that the Wi-Fi network is secure and trusted.
  • Before you get onto any website, check the URL field to make sure that there is an “https” (not “http”) AND a padlock icon; these indicate the site is secure. Also check the security certificate.
  • Make sure that every device that you own has full protection such as antivirus and a firewall.
  • You can also use encryption. Encryption scrambles your data so that it appears to be gibberish to any hackers or snoops wanting to get ahold of it. Encryption comes in the form of a virtual private network, such as that offered by Hotspot Shield. It’s free and will scramble (encrypt) all of your online activity such as things you download, purchases, etc. This provides an impenetrable shield that guards your online actions.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

7 Careful Commerce tips when Shopping this Holiday Season

Frosty the Hackman is teaming up this season with the Grinch to scam people out of their money. Shopping online is a godsend, but it brings with it a pristine opportunity to be ripped off.
http://www.dreamstime.com/stock-images-online-risks-sign-road-banner-image34668294

  1. Avoid Phishing Scams. Never click on links inside e-mails even if they’re (allegedly!) from Macy’s, Kohl’s or some other big-name retailer. Scammers can easily make an e-mail appear legitimate. The e-mail inside the message may take you to a website that downloads a virus to your computer.
  2. Thwart Visual Hackers. Planning on doing some online shopping on your lunch break? Some hackers steal data by literally snooping over the shopper’s shoulder and if your credit card number, social security or other personal identifiable information happens to be on display on screen, you will be at risk. If you couple the 3M company’s ePrivacy Filter with their 3M Privacy Filter, “visual hackers” won’t be able to see from side angles, and you’ll be alerted to those peering over your shoulder and from most other angles.
  3. Do Your Research. If you want to buy from an unknown little retailer, hunt for reviews first. Be alert to phony reviews to make them look great; identical reviews across different sites are a bad sign. Check the Better Business Bureau’s rating for retailers you visit.
  4. Be Wary of Free Wi-Fi While it might be tempting to double check your bank account balance or get some emails done while you’re waiting in line for the register, if you’re accessing an unencrypted network you are putting yourself and your personal information at risk for data theft.
  5. Credit over Debit. If you get ripped off, the money is gone the second the card is used. At least with a credit card, you have some time to issue a dispute, and the card company will usually give you a full credit.
  6. Review Your Credit Regularly. Since you’ll be using your credit cards more frequently during the holidays, it’s important to stay on top of your statements to make sure there are no fraudulent charges.
  7. Mind your Passwords. To increase your security across the web, update your passwords during the holiday season in case one of your favorite retailers is hacked. Even if these sites are not infiltrated, right away consider changing your passwords across the board to better protect yourself down the road. And while it is annoying to remember different passwords, it’s important to very them for optimal protection.

Robert Siciliano is a Privacy Consultant to 3M discussing Identity Theft and Privacy on YouTube. Disclosures.

Protect your Data during Holiday Travel

You’re dreaming of a white Christmas, and hackers are dreaming of a green Christmas: your cash in their pockets. And hackers are everywhere, and are a particular threat to travelers.
http://www.dreamstime.com/stock-photos-identity-theft-red-words-binary-code-computer-monitor-image39907813

  • Prior to leaving for your holiday vacation, have an IT specialist install a disk encryption on your laptop if you plan on bringing it along; the hard drive will have encryption software to scramble your data if the device it lost or stolen.
  • Try to make arrangements to prevent having to use your laptop to handle sensitive data. If you must, then at least store all the data in an encrypted memory stick or disk encryption as stated above. Leave as much personal data behind when you travel.
  • Before embarking on your vacation, make sure that your devices are equipped with comprehensive security software such as antivirus, antispyware, antiphishing and a firewall so that you can have safe online connections.
  • If your device has a virtual private network (VPN), this will encrypt all of your transmissions when you use public Wi-Fi. Hackers will see gibberish and thus won’t have any interest in you. Don’t ever connect to an unprotected Wi-Fi network!
  • Always have your laptop and other devices with you, even if it’s to momentarily leave the hotel’s lobby (where you’re using your device) to get some water. When staying at friends or family, don’t leave your devices where even other guests in the house you’re staying at can get to them, even if they’re kids. Just sayin’.
  • Add another layer of protection from “visual hackers,” too. Visual hackers peer over the user’s shoulder to see what’s on their screen. If they do this enough to enough people, sooner or later they’ll catch someone with their data up on the screen.
  • Visual hackers can also use cameras and binoculars to capture what’s on your screen. All these thieves need to do is just hang nearby nonchalantly with your computer screen in full view, and wait till you enter your data. They can then snap a picture of the view.
  • This can be deterred with 3M’s ePrivacy Filter, when combined with their 3M Privacy Filter. When a visual hacker tries to see what’s on your screen it provides up to 180 degree comprehensive privacy protection. Filters provide protection by blackening the screen when viewed from the side. Furthermore, you’ll get an alert that someone is creeping up too close to you. The one place where a visual hacker can really get an “in” on your online activities is on an airplane. Do you realize how easy it would be for someone sitting behind you (especially if you both have aisle seats) to see what you’re doing?

Robert Siciliano is a Privacy Consultant to 3M discussing Identity Theft and Privacy on YouTube. Disclosures.

College bound kids: protect your identity

The good old days were when today’s college kids’ parents lugged their typewriters into their dorm room, and they communicated to people via the phone on their room’s wall. Their biggest worry was someone stealing their popcorn maker. Nowadays, college kids need to beware of remote invasions by thieves.

http://www.dreamstime.com/stock-photos-identity-theft-red-words-binary-code-computer-monitor-image39907813Major educational institutions have reported numerous data breaches; they come from criminals but also result from professors being careless with laptops and students on open WiFi.

Why are colleges hotspots for hackers? There’s all sorts of users on insecure networks, not to mention a wealth of data. So it’s no longer just warning your kids not to walk the campus alone at night or to stay away from drugs and alcohol.

Students can have a tendency to reuse the same password—anything to make college life less hectic. All accounts should have a different password. And don’t use a password like GoSpartans. Make it nonsensical and full of different characters.

Social engineering. College kids can be easily tricked into making the wrong clicks. A malicious e-mail can pose, for instance, as something from the university. The student gets suckered into clicking on a link that then downloads the computer with malware. A student may be tricked into clicking on a “video link” to view something hot, only to instead download a virus.

Students should look for signs of a scam like bad grammar and spelling in the “official notice” and other suspicious things. Though it’s of utmost importance to have antivirus and antimalware, these won’t stop a thief from using the student’s credit card number after the student is tricked into giving it on a phony website.

College kids also have a tendency to go nuts on social media, posting continuous updates of their day-to-day actions. If the student’s Facebook page is chockfull of personal information, a crook who has the student’s e-mail address could use this information to figure out the student’s answer to security questions and then gain entry to their accounts. This is why two-factor authentication is so important. The thief can’t possibly bust into an account if they need a special one time PIN code with the password usually delivered via a text on their mobile.

Unprotected Wi-Fi. Not all campuses provide secure Wi-Fi, and the presence of antivirus, antiphishing, antispyware and firewalls don’t guarantee all levels of protection. To play it safe, students should never visit bank account sites, insurance carrier sites and other such sites while using public Wi-Fi. Better yet install Hotspot Shield to lock down and encrypt any unsecured WiFi.

Connection salad. Campuses are full of all sorts of connected devices, from phones and tablets to nutrition trackers and other gadgets. Everyone has a device, creating a hodgepodge of connections that puts students and everyone else on campus at risk for a data breach. These Internet of Things devices need their latest software updates and firmware updates. Keep them safe from physical theft too. Shut them off when not in use.

Password protect devices: We lose stuff and stuff gets stolen. While it is certainly more convenient to not password protect a mobile, laptop or tablet, it is also an identity waiting to be stolen. Everything needs a password and don’t share that password with anyone but parents. Because when you are sleeping some night, a drunk college dormate will come log in and start posing as you on social posting disparaging stuff that will last forever.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

How to see and boot off Someone using your WiFi

You were taught to share your toys as a young child, but this doesn’t apply to letting others use your Wi-Fi. The difference between sharing the plastic shovel and sharing the wireless connection is that with the latter, who’s to say that the “thief” won’t eventually crash in on your private information? And don’t forget that not only will this sharing possibly slow down your connection, but there could be legal repercussions if this moocher uses your connection for bad deeds.

2WHow can you spot a moocher?

  • Log into your computer’s router’s administrative console: Type its IP address straight into the browser address bar. Don’t know the router’s default address? Go to (Start > Run/Search for cmd) and then enter ipconfig.
  • The address you want will be next to Default Gateway, under Local Area Connection.
  • Mac users can locate the address by going to System Preferences, then beneath that, Network. If you’re using Ethernet it’ll be next to “Router:” and if you’re using Wi-Fi, click on “Advanced…” and go to “TCP/IP.”
  • Point browser to the address; enter your login details. If you’ve never changed the default settings, the login should be a combination of “password” and “admin” or blank fields.
  • Locate a section for wireless status or connected devices. Here you’ll find a table with details including the IP and MAC address of all devices currently connected to the router.
  • To find moochers, check that list against your gear.
  • To find the MAC/IP address of your computer, go to the Command Prompt and enter ipconfig /all. The MAC address will show as the physical address.

How to Help Prevent Mooching

  • Implement a strong password; use WPA2 or WPA, not WEP.
  • Turn off the SSID broadcast.
  • An alternative to the prior point is to set a filter up for blocked or allowed devices by MAC address.
  • Whenever on free public WiFi use Hotspot Shield to mask and encrypt all your data as it fly’s through the air.

If you want to find out just who is getting a free ride on your wireless, use MoocherHunter. This tool will locate the source within two meters of accuracy. Tracking down the culprit will prove handy if the moocher has been getting you in trouble by using your network for illegal activities.

On the other hand, if the lectures about sharing your toys still ring loud in your head, why not make lemonade out of this lemon by using a third-party firmware alternative to run a public hotspot? You can then offer for-pay Internet access points that come from your consumer router. Another option is to get a Fonera router. If you share some of your home WiFi, the Fonera router will grant you free roaming at Fon Spots all over the world.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

WiFi world wide a Big Security Issue

Do you access your various financial or social media accounts, or other private accounts such as e-mails with your doctor, at public computer stations? At the coffee house or hotel, for instance? Boy, are you ever setting yourself up for cybercrime including identity theft.

3WWhat usually happens is that the criminals establish Wi-Fi hotspots that trick people into thinking they are legitimate public Wi-Fi locations—people take the bait and log on. The crooks can then watch your communications through their Wi-Fi access points, and steal your personal information like passwords and credit card numbers.

A computerweekly.com report warns that anything you send via a public Wi-Fi may potentially fall into the hands of fraudsters.

One of the scams is that a criminal will get in the middle of a transaction between a user and a website, then intercept in tricky ways to steal the user’s data.

A Few Experiments

  • The security firm, First Base Technologies, did an experiment in November 2013. The public participants had no idea that thieves could set up rogue wireless points of access that fake out users as being valid connection points.
  • The participants were also shocked to learn that their exchanged information was not encrypted.
  • FBT did another experiment using its private wireless network and numerous mobile applications. FBT was easily able to use the apps to invade other smartphones on the same network.
  • One of these apps was a setup to get the participants to use the “attacking” smartphone as their portal to the Internet. This meant that the attacking device siphoned all the traffic and was able, in many instances, to remove encryption from supposedly secure connections.

This weakness in knowledge in the user, and in the security of public Wi-Fi, needs to be addressed by—obviously—the user and the providers of public Wi-Fis, plus business organizations that rely on public Wi-Fis.

Another survey in the same article found that 34 percent of PC users said that they do not take special precautions to safeguard their online interactions when using public Wi-Fi. Just 13 percent do take the time to inspect encryption prior to making a connection to a particular point.

So how can you protect yourself when using public Wi-Fi?

  • If you must absolutely use public Wi-Fi for activities involving highly sensitive information, make sure that the Wi-Fi network is secure and trusted.
  • Before you get onto any website, check the URL field to make sure that there is an “https” (not “http”) AND a padlock icon; these indicate the site is secure. Also check the security certificate.
  • Make sure that every device that you own has full protection such as antivirus and a firewall.
  • Use a reputable virtual private network such as Hotspot Shield to secure your device for public Wi-Fi use.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.