Security Chronicle

 

Yesterday’s San Francisco Chronicle includes a good overview article on WiFi security, which is clearly a hot topic these days. Poetically entitled “It’s easy to spy on your WiFi,” the article includes a number of standard pieces of good advice, along with a couple new, interesting ones. In general it’s good to see Internet security, and WiFi security in particular, getting such mainstream coverage.


From the article:


  1. "Wi-Fi, as implemented out of the box, is not only not secure, it's promiscuous," said David Perry, director of global education for Trend Micro, a Japanese maker of security software.


  3. If you use it at home, you're likely to be opening yourself up to attacks unless you take precautions. If you use Wi-Fi in a cafe, "It turns your network into a radio station," Perry said. Or you could be connecting to an "evil twin" -- a Wi-Fi network set up by a bad guy posing as the cafe's network.


  5. And if you use a publicly available computer, such as one in a library, "assume that it's compromised," Perry said. "A lot of those are infected with keyloggers, screenscrapers, bots, rootkits, data stealers, all kinds of stuff."


Standard pieces of advice:


  1. •Use a suite of security software, including a firewall, like those available from McAfee, Symantec and Trend Micro. Make sure your software is up to date. Some companies, such as Webroot of Boulder, Colo., offer free scans of your system from their Web sites. [And of course for Macs, consider our DoorStop X Security Suite.]

  2. •When logging on in a cafe or hotel, make sure you find out from an employee what the name of the network is, so you don't fall for a phony network set up by a hacker.

  3. •Change the password when you set up your router at home. [***Critical***]

  4. •When on a secure financial site, make sure the address bar reads https (the "s" at the end stands for "secure") and that a picture of a lock shows up next to the address.

  5. •If you get confused, call tech support for the router or the security software. You can also pay for a service like Best Buy's Geek Squad to fix the problem.


“Interesting” pieces of advice:


  1. •Try using OpenDNS, a free service at www.opendns.com, which will change the router's settings and, among other things, prevent pharming attacks (in which you think you're entering data at, say, your bank's Web site, but really you're at a fake site). [The jury’s still out on this service, actually, as the whether it makes you safer or not.]

  2. •To get particularly tricky, when setting up your laptop, Robert Graham of Atlanta's Errata Security suggests giving yourself a gender-bending sign-in. If your name is Bob, make your sign-in Mary. Most hackers wouldn't suspect people of lying to their own computer, and it will throw them off the trail of your data. [Half the SF paper’s audience probably has already done this anyway :) ]

Tuesday, March 13, 2007

 
 

next >

< previous

blog home    book home