Computer Security Weblog

It is that time of year.  It’s tax time.  Yep, and many of us file electronically either from home or a tax preparation service.  You can file them yourselves from your home PC which you have some control over.  You can take steps to protect yourself.  We talk about steps here in my Computer Security Blog.  We go over the steps of patching, using AV and Spyware Removal Software, keeping your signatures up to date, using a firewall, etc., etc..  So if you are filing your taxes at home, take time to protect your identity.  Jeepers, you have your SSN, Name, Address, and if you have the IRS deposit your refund directly into your bank, you have your bank account information.  If you haven’t thought about what steps to take, maybe realizing all this information packaged up for some hacker to steal from you if you aren’t careful.

So what if you have your taxes prepared by an accounting firm, or other tax preparation service, shouldn’t we ask what types of policy’s they have in place to protect their customers private information?  Do they have some things in place to protect their customers?  Ask a few questions.  I know I do.  I’m not going to let some Joe Schmo transmit all of my private information across the electronic wire for any hacker to steal.  You do the same.

Well my Kansas Jayhawks have smashed the Kansas State Wildcats.  Beasley scored something like 39, but there wasn’t anything KSU could do tonight.  Rock Chalk Jayhawk GO KU!!!!!!

As many of us approach a new year, we like to make resolutions that we want to do in the coming year. Nothing should be different when it comes to computer security so I thought I would help you out. First things first. Please care about computer security. In this post, I will refer back to some of my prior posts that explain why you should care. It reminds me of the old joke. Doctor Doctor! It hurts when I do this!!! The Doctor said “Don’t do that!!!”. Computer security is kind of like that. You can tell people what to avoid and behaviors to do or not do, and they choose to ignore suggestions. Or you have kids who choose not to do what you tell them. So here it goes for my computer security resolutions.

1. Care about computer security. Bad guys would love to get control of your PC. Click here to see why.

2. Steps to take in 2008. Click here to see them.

3. Get smarter! I’ll try and help teach you what steps to take to not be a victim. Click here to see how.

4. Change passwords to a more secure password. Click here to see why.

5. Be careful when going mobile. If you have a laptop and travel, take caution when connecting to wireless AP’s. Click here to see why.

6. Change your Internet behavior. Click here to see what I mean.

If you can’t tell, I am rather passionate about what I do for a living. If I can help someone not have their ID stolen or credit card information stolen, I would feel much better. Hopefully this outlet has allowed me to help you some this year. I hope you will continue to read my posts. I will try and keep them current and yes I’ll probably repeat myself on certain topics. It is because the bad guys are always looking for a way to entice you to click on some attachment or a link in an unsolicited e-mail. Please let me know if you find this information helpful. I think one of the most popular posts I have made is how to find the SSID on a wireless router.

Stay safe this New Years Eve and have fun. I talk some about my KC Chiefs and well all I can tell you is I’m glad this season is almost over. My Kansas University Jayhawks are in the Orange Bowl on January 3. We are really starting to get into the heart of the NCAA Basket ball season and my Hawks are ranked number 3 right now. They look good. I’m looking forward to another great year so stay safe while online and we’ll talk again after the New Year!

Well hope all is well with you this Holiday Season. It’s been a few days since posting anything so I thought I would add something here late Sunday evening. I took a trip to a popular area in the Ozark Mountains this past weekend. Ended up driving home in a storm that was highlighted on The Weather Channel. This is where this posting comes from.

Well, traveled down to the Branson area on Friday evening. Guess I missed a pretty big storm around home. Ice, snow, sleet, or a mix off all three. Anyway, of course the lodging that I stayed in offered free WiFi. Fantastic. I’m always leary of signing on these AP’s so I don’t enter any personal information. I had brought the handy dandy laptop and fired it up to get some information on Silver Dollar City, and of course look at the weather story that was starting to unfold this weekend. Well we arrived late enough Friday that I really didn’t want to call and get the sign on information from the front desk, but decided to fire up Net Stumbler to see what I could at least find.

I could see the resort’s AP’s. They were named something really obvious. To access it you had to have the credentials. However, I also noticed what looked to be an internal network the resort ran, plus an interesting AP that was named linksys. Wow, linksys. Very common name. Just happens to be the default SSID name for LinkSys wireless routers. So I closed down Net Stumbler and opened up the wireless AP’s that were broadcasting and within range of my laptop. I could see the LinkSys SSID called linksys.

Interesting thing about that AP is that it was an open network. Yep. Very risky if you ask me. The security professional in my said, I hope nobody is connecting to this SSID because you don’t know if someone is sniffing the traffic. This is a huge security risk. To you and your personal identity. So I thought this would be a great lesson since many of you probably travel with your laptops. There are times that you see an open wireless AP that you could connect to. But think of this. Do you have cookies on your hard drive that contain account numbers, passwords, pin numbers? Do you have any saved passwords for certain accounts that a hacker can steal? You don’t save your bank account information do you? Or your investment account number and password? I hope not. If so, you may have lost it in a matter of seconds.

Only use trusted AP’s. Many times, this means you own secured network you have set up at home. I stress the word SECURED! Password protect your own AP at home. When traveling, be very cautious of the networks you connect to. When using a hotel’s wireless system, I would still not enter too much personal private information. Make sure you don’t save log on credentials that browsers like to offer to do for you. That means that log on information is written to a file and it can be stolen quickly. You’d never know that it happened. When traveling, check trusted sites. Weather, your destinations web pages, possibly news, but that is about it.

I’m just glad to be home even though it is a bit of a mess, weather wise. I hear we have a bad ice event that is starting Monday night into all day Tuesday along the I-70 corridor. My poor Kansas City Chiefs lost badly in Denver today. It is hard to watch but I know that there will be major changes coming next year. Many of the guys on this team will not be here next year. Gotta hope for a great draft, a few free agent signings, and then we’ll look forward to next year. Not sure we’ll have any more wins this year.

As for my Kansas Jayhawks, they looked great on Saturday taking DePaul down in Lawrence. Love to hear you Missouri (MISERY) Tiger fans cry that they didn’t get the BCS bid. I can’t wait for Christmas, I can’t wait for BCS Bowls, I can’t wait for March Madness and I can’t wait for WARM WEATHER!!

By far, my most popular post has been the one titled “How to Find My SSID” so it is obviously a topic on people’s minds. Well we will talk wireless as we enter in to this weekend just prior to Thanksgiving. I won’t repeat myself totally, so if you want more information on wireless and computer security, you can read my previous posts.

This is probably a good time to talk about wireless with the Holiday Season is upon us. A few years back, TJ Maxx had what has now been reported at over 94 million personal records being stolen. Well almost 3 years later, many retailers have not done enough to secure the wireless security and is putting YOU at risk. A company called Security Sweep who does wi-fi penetration testing for companies, did a study in what type of security is in place. They found a whopping 85% of retailers have little or no security at all. Click here to read the whole story. Makes you wonder what to do with your Christmas shopping. This argument may make you think more before you whip that plastic card down.

Here is another helpful hint if you do shopping online for Christmas. Apply for a credit card that you will use only for your online shopping. Have your financial institution only set a low limit. Maybe $300. You just have to ask for a low limit credit card. Use this only when making purchases online and then you can spot inconsistency’s on your bill each month. This low limit will minimize the losses that can be run up.

Review some of my tips we reviewed in other posts from my blog here on WordPress.

Hey, the KU Jayhawks play in a big home game tomorrow against the Iowa Stae Cyclones. They will hopefully come out strong and do what is expected. KU football has totally impressed me this year. All must say this has really been a strange season with all the teams who you normally see there getting beat. Well the dream stays alive tomorrow.

My beloved KC Chiefs will probably get a can of “whoop ass” opened up on them Sunday at Indy. I’d say they are mad they have lost 2 games in a row. With our change to a new QB, no LJ, and no O Line , it will be a LONG day.

That is it for now, so stay save and have a great weekend!!

Holy cow! Kansas University Football team is still undefeated after crushing the Big Red Machine from Lincoln, NE. Now I await my beloved KC Chiefs Sunday against the Favre machine. Come on Jarrod Allen. Welcome Bret to KC.

Nothing new for the topic of computer security except I read an interesting article out of Tallahassee about unsecured wireless and why you should secure your wireless. You may want to take a look at it and then check out my previous blog entry on taking steps to secure your own wireless router. Check this link out:

http://www.tallahassee.com/apps/pbcs.dll/article?AID=2007711030342

….and the home of the….CHIEFS!!!

I just thought we could review the steps you can take to stay protected today. Several of these have been covered in more detail in other posts so this will be high level. If you see one on this list and it hasn’t been covered, we’ll just post a future article on the specific step.

1. Patch all software. This includes Microsoft as well as all others such as Apple, WinZip, WinAmp, RealPlayer, Macromedia, Adobe, and any other software you may have. Many of the patches companies issue are security patches.

2. Install anti-viurs and anti-spyware software, and keep the signatures current by downloading them daily and running them at least once a day if not multiple times.

3. If you have wireless, log onto your wireless access point and change the SSID from the default name, change the default user name if allowed and change the default password. Also do not broadcast your SSID, review the logs periodically on the router, use WPA2 for encryption, and use the MAC filtering option on the wireless AP.

4. Use an alternative browser instead of Microsoft Internet Explorer. I personally use Firefox.

5. If needed, change your Internet behavior. This includes knowing what types of social engineering tactics are being used and know how to avoid them. A useful resource for this is the link I have in my blogroll called the Internet Storm Center.

6. If you have kids, teach them the basics of Internet safety. Random clicking and trusting everyone is not safe and they must be told. Too much information on social networking sites is dangerous too so YOU the parent should audit what is being posted on Facebook, MySpace, and many of the other sites out there.

7. Instant messaging is used by kids and adults alike. Know you must patch these applications also and don’t reply to strangers. Don’t trust links from ‘friends’ all the time also. Sometimes friends get hacked and attackers send out either a malicious link to a web site that the attacker controls or may be an invite to view their webcam, or to view a picture. This is one of those social engineering tactics used by attackers.

8. At least once a year, especially if you have a college student with a PC connected to the college network, have a professional wipe the hard drive and reload the software, then download all the patches needed to get you caught up to current on patches. I recommend this for the family PC also.

9. If you have kids, purchase filtering software so you can limit what your kids can see. This can keep your kids from going to bad sites. (Porn)

10. Download and use a firewall. Pay attention to the alerts given and make sure you know what you are allowing.

11. Don’t surf porn or use Peer to Peer downloading sites to get movies and MP3 files for free. You may get more than you bargained for. This is a known avenue attackers use to spread their malware. It is also illegal to download copyrighted material.

12. Windows and other browsers allow you to ‘remember’ passwords. Think about it from an attackers point of view. These password files are stored on the hard drive and attackers know what they are called. If you get malicious software on your machine, attackers like to look for files of interest and the password files could contain financial account user id and passwords that they can use to gain access to your bank, investment account, etc.

13. Backup your files periodically. This includes your files you’ve purchased from iTunes as well as documents and family pictures you may have loaded on your PC’s hard drive.

14. Use strong passwords. Passwords from the dictionary can be cracked VERY quickly by password cracking programs. Use more than 8 characters and mix in upper and lower case, numbers, and special characters. A pass phrase is always good to use.

15. Set up and administrator account that you use for maintaining the PC, then create accounts that don’t have administrator privileges to use when surfing the net. Attackers trick you into installing their software and if you don’t have rights to do it, then this is another layer of protection.

16. Use the Finjan Firefox plugin so when you do searches, this can tell you if the site is safe or not.

This is a pretty good list. If there are any that I may have left off, I’ll add those to this list so you can review this posting or I’ll just add them to future postings. If we haven’t covered these steps yet in postings, I’ll cover them soon. If you ever have a question, don’t hesitate to ask and I’ll try and answer it to the best of my ability. Have a great weekend and ROCK CHALK JAYHAWK GO KU! Big game tonight in College Station.

So you are sitting at home, and you wonder hey, what is my SSID name?  If you have a wireless access point, it has a name, and you have the option to either broadcast that name so others can see you, or not to broadcast your SSID and you can be stealth like.  If  you have a laptop and your have used wireless before, you know you can view networks to connect to in the Windows Operating System.  The networks that show up in that window are ones that have chosen to be broadcast.  There are ways to find SSID’s that aren’t broadcast (Kismet), but this article is about how you can find it.

If you purchased a wireless router and you just took it out of the box and then you plugged it in, you probably have an SSID that is the default name the company that made the AP decided to put in all their routers.  For example, you can find many wireless access points with the SSID name of ‘Linksys’.  Along with this, they have a default userid and password assigned to it.  For security purposes, you really need to change all these names.  Here is a little ‘how to’ on the administration of routers in general.

First of all,  if you are guilty of just plugging in the router and not changing any of these settings, then here is what you can do.  You can actually log into your router by using Microsoft’s Internet Explorer.  Look up in your documentation that came with your router to know the IP address that it uses.  For example, Linksys routers use 192.168.1.1 for their internal IP address.  So in MSIE, you would enter the address ‘http://192.168.1.1′.  What you should be presented by is something like login screen that has a user name and password.  Here is where you either look this information up in the router documentation or Google the type of router you have for this information.  Also, you can reference a site I always have handy that tells you the default router userid’s and passwords (http://routerpasswords.com).  This is another reason why you want to change these.  Everyone has access to these if they know where to look.  Some vendors don’t allow you to change the userid, but you can change the password.

Once you have logged in, you can change these values for security purposes.  If you are logging into a wireless AP, here is where you can decide to either broadcast your SSID or not.  Also you can change the name also.  I advise all people to change the name of the SSID and also not to broadcast it.  Change the password to a strong password to help protect yourself from someone doing cyber eavesdropping on you and your private information.

Learn to protect your information.  It takes just a bit of work but it is worth it.

I spoke about open wireless access points a couple of postings ago. I did an audit within a mile radius of my house and picked up over 300 total access points and a little over 30 percent of them were open. Many of course had the default SSID name and I’m fairly certain that the password also contained the default password on the wireless router. A good start to guessing is admin admin. That would probably get me logged into many of the routers if I wanted to. I have no intention of connecting to someone’s open wireless access points in my neighborhood. I just don’t think that is right. But what about others? People who don’t have the best intentions.

Here is what you need to think about. Here are some things that can happen if you haven’t secured your wireless access point. Someone who wants to download music without paying for it really wouldn’t mind connecting to your access point so the RIAA doesn’t come knocking at their door. Or what about the individual who wants to download or upload child pornography? They surely don’t want to sign on at their own home to do these types of activities. Do you bank online? Do you access sites where you use your credit card to make purchases? Do you have any financial accounts that you access? What happens if someone sitting around the corner from your house has a sniffer loaded on their laptop and they are able to sniff traffic and they can capture your credentials or capture your credit card? What a bonus for them. And a down right bummer for you.

So here I am ringing that bell. All you who live in the Kansas City, Lawrence, Topeka, Manhattan or surrounding areas, hear my warning. Take steps to protect yourself against theft of this personal and private information. Take the time to secure your wireless access point. When you purchased it, you probably had the option to secure it but may have been in too much of a hurry. Well I’m telling you to take the time. Do the following. Number one, don’t broadcast the SSID. This is the name of the access point that people can see. You can still not hide from those who have the right tools, but I still advise you to not broadcast your SSID. Number two. Change the default userid and password on the router while you are at it. Number three. Use encryption. WEP has been declared dead on arrival. I would advise WPA at a minimum. WPA2 if you really want to feel better. You may need to buy a more up to date access point if the only option you have is WEP, but I feel that it is worth it. Number four, if you want an added protection, you can restrict access by MAC address. These can be spoofed but what I’m talking here is defense in depth. Number five. Check your logs on the wireless access point periodically. See what has been going on.

All these steps will help you become more protected. The types of attacks I’ve mentioned here are just the obvious ones. There are more but taking these steps will really should give you a peace of mind. With your wireless access points wide open, you are only asking for trouble. Trouble that cost money and time to repair and sometimes, it can’t be repaired. Your credit, and your financial health cries out for you to be pro active and protect yourself.

I give talks free of charge on computer security to church groups, clubs, and other organizations. They range from protecting your identity to protecting your kids online. The Internet is a really scary place if you don’t know what is out there. Educate yourself and get help from a computer security professional in your area. Stay safe and SECURE YOUR AP’s!!!!!

I was listening one day to Pauldotcom Security Weekly and they were interviewing Roamer and he talked about the DefCon Wardriving contest. Like many security professionals, it amazes me to still find open wireless access points. Well after listening to the Roamer interview, I bought his book, read it, and I was ready. So of course I got my equipment ready and cruised the neighborhood.

Within a mile radius of my home, I found over 300 wireless access points. A little over 30 percent of the access points were open. Many of the SSID’s were the default names. I’m sure one could sign on to these AP’s using the default admin and password. People are just ignorant. There is a huge gap in education for the normal user. Nothing against those geeks who wear the white shirt and black slacks and that funny tie. The common user really has nobody on their side. Many of them don’t care to have the education or advice. All it takes is one time, and they can have information that we all want to keep near and dear to us. Banking information, credit card information, financial accounts, etc. On top of having this information stolen, how about someone who pulls up near by your house, downloads child porn, or illegal music downloads, etc. So I have started to ring the bell for the people in my town. I feel that one of the things that I can give back is information. Information that people can use to protect themselves from cyber threats. Can you eliminate all dangers? Well to be honest, all it takes is one mess up and BAM! You’ve lost something near and dear to you.

I volunteer to speak to any group for no charge. To share information. This blog is where I can begin this information sharing. Sharing about securing wireless, behavior that is safe and not so safe, knowing what social engineering techniques are being used to try and trick you into doing something (Spam emails). I’ll close with this last comment. Secure your wireless access points. WEP isn’t good enough anymore. WPA2 and not broadcasting your SSID. If you can’t find resources that came with your access point, seek out competent help. Talk soon on yet another topic.