Posts

Leaky WiFi leaks App data

Recently a settlement was obtained between 2 companies with the FTC. The charge was that these organizations failed to secure their mobile apps, which put consumer’s private data at risk.

5WThe FTC says that these companies disabled the SSL certificate validation. This default process confirms that an application’s communications are secure.

Because the SSL was disabled, the apps were made prone to cyber attacks, in which crooks could steal data like SSNs, home addresses and credit card information.

These attacks are the man-in-the-middle type and are a particular threat to unprotected public Wi-Fi (hotels, coffee houses, etc.).

If you use your mobile on an unguarded network, a crook can get in between you and the site you want to visit, and pose as you and communicate with the intended site. Posing as you, he can then manipulate your data. The scoundrel can also make your mobile visit a fraudulent site that you think is legitimate and lure you into entering personal information.

A website is secure if the site address begins with “https.” However, the smartphone’s small browser discourages users from checking this. And crooks know this.

Of particular interest to criminals is texting between banks and companies that utilize a one-time password. The crook can intercept this transaction and gain access to sensitive data. He can actually redirect an intended wire transfer to his account.

All of this can be avoided by avoiding online financial transactions with a mobile device on public Wi-Fi. Don’t even visit your bank’s site. Also don’t send personal information via e-mail on public Wi-Fi. If you must conduct mobile transactions in public, buy a Wi-Fi device, get a VPN like Hotspot Shield or use your carrier’s 3G or 4G network.

Finally, install anti-malware programs on your mobile, especially if it’s an Android. Don’t just sit back and assume that the app makers, app sellers and other businesses are going to take care of all of this for you.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

7 Ways we leak our Private Data

Smartphone apps. There are apps wanting your location when they do not need it. Are there any apps requesting your location? You should deny them this information unless it’s absolutely necessary.

2PAnother way your phone knows where you are in terms of location is through the data of a photo. Put up lots of photos on Facebook, and the metadata will contain your location. A stranger can then figure out your where you’ve parked yourself.

Solve this problem with these apps for iOS and Android: deGeo and Pixelgarde, respectively. They’ll rid your GPS data prior to the photos getting posted.

Too close for comfort. When services are linked together, your private information is more likely to get leaked. An example would be to hook an app into Facebook. If you link an account, that’s set to private, with a second, public account, anyone might see your activities. Unknowingly granting unwanted access to an app can result in data leakage. To make the process of figuring out all the different privacy rules, you can use MyPermissions. Don’t be lax on privacy issues.

Always being connected. Always staying connected to social networks means they can track your activities via cookies. If you don’t need to be connected online, then disconnect your device from the cyber world. However, it’s easy to forget to keep doing this.

A browser extension can solve this problem by preventing entities from tracking where you visit online. You should also make a habit of deleting cookies from your browser.

And if you want to know how your phone “knows” your shopping habits, it’s because your Wi-Fi is enabled when you walk into stores or even past a retailer without ever stepping inside; stores implement wireless technology to collect your data, even track your walking pattern inside the store. Turn your Wi-Fi connection off when being near retailers.

A retailer’s free service. Sign up for this and they’ll probably collect data from you, somehow, some way. The customer reward card that you get at the supermarket will likely collect lots of your private information.

Not encrypting. Encryption, by scrambling messages, prevents snoops from reading the messages you’re sending while they’re in transit, but the messages can still be found on your device. However, encryption is one way to reduce the amount of data that gets in unwanted hands. Encryption isn’t just for using a public computer; use it on your home computer and mobile too.

Using free WiFi. Every time you log into free WiFi you are either giving your data away through the carrier who logs your device or criminal hackers are sniffing out your information via unencrypted wireless. Never log into free WiFi without a virtual private network (VPN ) like that offered by Hotspot Shield.

Using a public computer to log into a private service. When you access one of your accounts on a computer at a coffee shop or hotel, this can leave your data on that computer. The browser’s private mode is the solution: use it. If you’re particularly concerned, use Tails, a private operating system.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

7 Lies You tell Yourself about Your Wifi

…think again, even if most of your wireless network activities revolve around your personal and family life. There are seven lies about wireless protection; have you fallen prey to any of them?

1W#1 “I’m protected with my password.”

Even an amateur hacker can get past a password. Don’t think that WEP (wired equivalent privacy) can keep out hackers. It’s outdated. Its encryption abilities are flawed. Avoid WEP. Use WPA or WPA2. If you are on a free Wifi get Hotspot Shield VPN which protects your entire wireless session.

#2 “My ISP set up my wireless network, so it must be safe.”

Do you really think that big stupid cable company that’s can’t get a simple customer service call right really has your back? Many ISPs and equipment makers often use WEP as default protection—even big ISPs. Technicians who install your service usually do not automatically install a stronger encryption technology, and you end up getting hacked.

Nevertheless, ISPs and equipment manufacturers are slowly coming around to realizing this problem. More recent wireless gateways and also routers are using WPA for the default. If you have WEP, you may need to change it manually. Don’t assume you automatically have WPA. Find out if you have WEP or WPA. If your router is old, you may need to buy a new one to get WPA.

#3 “Breaking into my wireless is too expensive and difficult.”

Not anymore. A determined hacker can use a plain ‘ol laptop to crack long passwords. Tools are available for free or just a few bucks to do all the dirty work. All Mr Hacker needs to get going is to download free tools to carry out the deed.

#4 “Nobody wants to bother hassling around trying to break into my wireless; it’s not worth it.”

It may seem complicated to you, but not to an experienced hacker. Give him just 5-10 minutes and your wireless network could be in his hands. Even a beginner hacker could crack through your network in under an hour, courtesy of online tutorials. You need superb protection, not just good.

#5 “My credits no good, I’m small potatoes. Nobody is paying attention to me. I’m safe.”

A bored hacker who wants some fun doesn’t care if your data is highly sensitive government information or your kid’s soccer team standings. Just knowing he busted into your private life is enough to thrill him.

#6 “I have firewalls and my computer is patched.”

A “man-in-the-middle” attack can gain a hacker invasion of your communications. This type of attack is stealthy and slick, bypassing the victim’s human radar.

#7 “I’ll see a hacker in front of my house and stop him.”

No, you won’t. Your wireless boundaries don’t stop at your front door; they can extend to neighboring space, meaning that your signal “bleeds” out—horizontally and even vertically. Savvy users know they can stretch the bleed into a few blocks’ distance via cheap antennas. So down your street your attacker may be sitting inconspicuously in his car.

Hopefully your awareness of these lies you tell yourself has prompted you to take measures to upgrade your wireless network’s security with the right design and implementation.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Small Business Protect Your Wifi

With Wi-Fi, your data is literally in the air, up for grabs by anyone with the right tools. It needs protection from nearby users who may want to freeload off you (which can slow you down) or…hijack your accounts. You need encryption.

1WEspecially when you’re connected in airports, hotels, coffee shops, etc., almost always the connection is not secure.

Wi-Fi Security Options

Varying security levels are provided by WEP, WPA and WPA2. WEP is not secure. WPA provides moderate protection. WPA2 is the best. But you can use both WPA and WPA2. Use the “personal mode” (for one or two users) of WPA/WPA2 with a long, non-dictionary word passphrase.

For more than a few users, the “enterprise mode” is suitable, but requires a server. It has stronger security than personal, and each Wi-Fi user has his or her own password and username. Enterprise prevents snooping and hijacking among your organization’s employees.

Personal: To enable personal mode WPA2 on a wireless router, create a passphrase on access points or the wireless router. Type the IP address of each AP or router into a web browser to log into the control panel of each AP or router. Then enable WPA2-Personal with encryption/cypher type by finding the wireless security settings. Create a non-dictionary-word long passphrase—which is required to connect to the Wi-Fi.

Enterprise: You need a RADIUS server to get WPA/WPA2-Enterprise going. A hosted service will set up the server if you can’t. Some APs have built-in RADIUS servers. After the RADIUS server is all set up, input a password (shared secret), etc., for each AP or router. Input usernames and PWs for your organization’s Wi-Fi users into the RADIUS server.

Configure each AP or router with authentication and security settings. Log into the control panel of each AP or router by typing its IP address. Find the wireless security settings; enable the enterprise WPA2 (“WPA2”). Enter the IP address; input the password (shared secret). Users can now connect.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

Crack Your WiFi Password To Protect Yourself

Ever wanted to be a hacker? Today, anyone can learn code and understand the ins and outs of all the technology we are simultaneously blessed and cursed with. But once you know how all this technology works to the point of calling yourself a hacker (which, by the way, isn’t necessarily a bad word), then everyone in your life will be calling you to fix their devices. Hackers are often technologists that are inventive, curious and take technology to the edge of its limits. They often break it so they can fix it.

2WAnyway, one of the more interesting hacking professions is the “penetration tester,” which is someone hired by companies to determine the vulnerabilities in a company’s networks and then patches those vulnerabilities so bad guys can’t get in. “Penntesters,” as they are known, are good-guy hackers also known as “white hats.” Their counterpart bad-guy hackers, known as “black hats,” are also penntesters—but they don’t do it to look for vulnerabilities to then secure the network; they do it to ultimately get in and steal stuff for their own personal gain.

One of the best ways to protect your own network is to hack your own network, as Lifehacker shows us here. “A new, free, open-source tool called Reaver exploits a security hole in wireless routers and can crack most routers’ current passwords with relative ease. Here’s how to crack a WPA or WPA2 password, step by step, with Reaver—and how to protect your network against Reaver attacks.”

What this hacker does is explain how the attack works, seeing the vulnerabilities users can use to reverse engineer this process to protect themselves.

Whether on your own network or on someone’s free wireless network, a VPN such as Hotspot Shield VPN  will mask a user’s IP address and protect all wireless data from thieves. But if a router is hacked, that vulnerability may still allow for an attacker to plant code on various devices. So check out the Lifehacker post and lock down your router with encryption.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

Beware of iOS app vulnerabilities when on WiFi

We know WiFi is insecure. When logging onto any open (often public and free) unencrypted WiFi, your data is there for all the snoopy snoopers to see and download for their own personal gain.

1W

But now researchers have found a whole new hack for you to protect yourself from. When iPhone users launch an application, the app sometimes has all its data right there on the device. But more often, the app is talking to its home server, meaning it’s calling home, and will download what you need on demand. An example would be a weather application that is definitely getting all its data from the app’s home server, while a game might have everything it needs on the device.

Still, even in the case of the game, there still may be ads on the game, and those would be streamed to the app. Researchers discovered that there seems to be an issue within iOS that allows for hackers to manipulate the server address the app calls out to in a way that allows the attacker to change the URL address to one that serves up malicious links that would download to the iOS device.

Currently, it is not known if criminal hackers are using this exploit; there are no known reports. The hopes are that Apple will make a quick fix and patch this vulnerability before attackers latch onto it.

Meanwhile, you should only download applications from trusted sources such as Google Play or iTunes—and only use a secure wired or wireless connection when going online. A VPN such as Hotspot Shield VPN will protect users data from the snoopy snoopers…but until Apples fixes this issue, all users are vulnerable.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

Employees putting data at risk on WiFi

Employees expect to uses their mobile devices at work, and employers often don’t mind because of the cost savings. However, being able to use personal smartphones and other mobile devices at the office creates problems for IT managers. A small business with 100 employees might have an additional 300 “bring your own device” users to contend with, all using phones, tablets and laptops. There are a lot of potential leaks there.

While a company’s IT department may have a solid grasp on company-issued laptops, desktops and mobile phones, it is almost impossible to control the various types of personal devices on the company’s network. When you get that new, shiny device and install various apps, and then plug it into your work desktop to update or sync necessary settings, files and folders, you’re putting all the data in the company at risk. Further, the IT guy has to worry about whether that last app you downloaded might infect the entire network.

A recent survey showed just how much employees who use public WiFi while commuting back and forth to work shows they are putting their companies’ data at risk. A survey conducted by GFI Software doesn’t paint a pretty picture. “The research findings reveal a stark and concerning trend among commuters—one of using their personal devices to catch up on work during their commuting downtime, but doing so over highly insecure internet connections that can be easily intercepted by other users or the operator of the access point. Mobile internet access is now firmly entrenched as a day-to-day norm, but with that has come an increasingly relaxed user attitude to data security, compliance and data governance policy. Companies need to address mobile device management to ensure that use in insecure environments doesn’t create vulnerabilities that could be exploited by criminals—both cyber and conventional.”

In the least, these companies should have policies that explicitly spell out what employees can and can’t do on their devices and if they are allowed at all on the network. But in reality, policies are only as effective as the consequences of not following them. If employers want to prevent data leakage, then enterprise-level software must be installed on each device that allows IT to lock, locate and wipe data, along with to restrict the device’s access to certain activities.

Having each device equipped with a VPN (virtual private network) like Hotspot Shield VPN is an effective way to encrypt the devices’ WiFi communications when on unencrypted public WiFi.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

School WiFi Often Open and Insecure

2W

Many elementary, middle and high schools are offering WiFi, and of course colleges and universities provide it as well. Some provide the networks with a required login access, and for others it’s open, unencrypted and free for anyone to jump on.

Traditionally, when we think “login,” we believe that also means encrypted and secure. However, logging in with a user name and password doesn’t necessarily mean it’s a secure network. Traffic on many networks requiring a login is unencrypted, which means anyone who connects to the network with the right “sniffing” tools can see others’ information.

When connecting to a network that requires a login credential, the easiest way to tell if that network has encryption is to pull up the list of wireless networks from your control panel and simply hover over each with your mouse (or right click) to show its properties. Any network labeled WPA or WP2 has encryption. If it’s labeled WEP, it also has encryption, but at a substandard level that is hackable.

Want to be safe? Use a private VPN! Logging into public WiFi without any encryption puts all your information at risk. Install a wireless VPN such as Hotspot Shield. Hotspot Shield VPN is a great option that protects your entire web surfing session, securing your connection on both your home internet network and on public internet networks (both wired and wireless). Hotspot Shield’s internet security solution protects your identity by ensuring that all web transactions (shopping, filling out forms, downloads, etc.) are secured through HTTPS—the protected internet protocol.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

Streamlined ‘Passpoint’ WiFi coming

WiFi connects us everywhere, such as in parks, subways, airplanes, coffee shops and public WiFi hotspots. The WiFi Alliance says there are more than a million hotspots worldwide, and a report by market research company Informa Telecoms and Media (Informa.com) reports that Wifi hotspot numbers are set to grow to 5.8 million globally in the next four years.

4WWhile all this wonderful WiFi is everywhere, there are issues with seamless connectivity and security that can be alleviated with cooperation from the larger ISPs and device manufacturers. Right now, public WiFi is wide open and vulnerable to wireless sniffers. Without a virtual private network like Hotspot Shield VPN, the data on your wireless devices are vulnerable to criminals.

According to the Wi-Fi Alliance, Wi-Fi CERTIFIED Passpoint™ will transform the way users connect to WiFi hotspot networks by making the process of finding and getting access to the right network seamless. It also provides user connections with WPA2™ security protection, enabling you to feel confident that your data is safe. Mobile devices that are certified for Passpoint, such as handsets and tablets, can still be used in existing hotspots. However, when you are in a Passpoint-enabled hotspot, you’ll discover a newly smooth connectivity experience.

An added benefit to seamless WiFi means less data usage on a carrier’s 3/4G network. With carriers pretty much nixing unlimited data use, consumers are finding they have to upgrade their data plans so they don’t go over their limit. With Passpoint, data usage will go down when WiFi connections happen effortlessly.

This is all great news for millions of people now using their wireless digital devices exclusively. But always keep in mind that no matter what you are using—a laptop, tablet, reader or mobile phone—wireless is inherently insecure and until Passpoint becomes as ubiquitous, a VPN such as Hotspot Shield VPN is as an essential layer of defense for your wireless devices.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

Why Should You be Careful When Using Hotspots or Free Wi-Fi?

These days, it’s not uncommon for us to connect to Wi-Fi wherever we go. In fact, we’ve come to expect there will be a Wi-Fi connection—at hotels, coffee shops, airports, and now even on some flights—pretty much everywhere. While the ability to connect just about anywhere is convenient, it also has opened the door for hackers to gain access to our personal information.

If you are using an unsecured connection—in public, at home or in the office—you run the risk of exposing your sensitive data to hackers. While it may seem strange to worry about bad guys snatching our personal information from what seems to be thin air, unfortunately, it’s more common than we think. If they hack the Wi-Fi connection you are using, they can not only see data stored on your computer, but see data you are typing into online sites.

Some hackers specifically search for unsecured wireless connections driving to different areas to find them and sit quietly across the street while accessing all your info. They also will often set up fake free Wi-Fi connections or hotspots specifically aimed to steal your information.

The good news is there are things you can proactively do to help protect yourself when using Wi-Fi connections:

Basic Connection Tips:

Turn off Wi-Fi. When you’re not using your Wi-Fi connection on any of your devices, it’s good practice to turn it off. That way it won’t automatically connect to any Wi-Fi that is in the area. And for your mobile devices, it will help save your battery life since your mobile will not be constantly searching for an available Wi-Fi connection.

Only connect to secure connections and save your sensitive searching for home. Make sure that any network you connect to away from home, such as those in cafes and hotels, are secure. You can tell when a network is not secured because you will see a message when you connect saying that you are “connecting to an unsecured network.” And if you are using an unsecured network, do not shop online or access any of your personal and financial sites.

Only use HTTPS. HTTPS, or hypertext transfer protocol (HTTP) with secure sockets layer (SSL, hence the S after HTTP), is a more secure option set up by a website owner who knows security is essential. Look for “HTTPS://” in the address bar to signify you are on a secure page. Even on an open, unsecured wireless connection, HTTPS is more secure than HTTP.

Tips to Protecting Your Home Wireless Connection:

Password protect your Wi-Fi connection. You can set your router to allow access only to those users who enter the correct password. These passwords are encrypted (scrambled) when they are transmitted so that hackers who try to intercept your connection can’t read the information.

Change the password on your router. Router manufacturers usually assign a default user name and password allowing you to setup and configure the router. Hackers often know these default logins, so it’s important to change the password to something more difficult to crack so your router settings cannot be changed by a hacker.

Change the identifier on your router. Each router is also assigned a default identifier, or Service Set ID (SSID), by its manufacturer. This ID is usually broadcast by the router to announce its presence to any devices in the area. Once again, hackers have done their homework and use default IDs to try to gain access to your network. Your best bet to keeping the bad guys out is changing the identifier to something only you know. For some routers, you can also turn off the broadcasting of this ID, so it can’t be seem by other devices when trying to connect.

Knowing that you could be vulnerable on Wi-Fi connections is a good first step to taking the proper precautions to protect your data and information.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.