E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by Bennett Gold LLP, Chartered Accountants

Effective December 31, 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering articles from the period 1999 to 2012.


Source: Seattle Post-Intelligencer

Posted on March 20, 2007

      When many of the computer industry's top security gurus gathered in San Francisco last month for a conference, a Boston company decided to point its radar toward the airwaves and see how much of the show's wireless activity it could see.

      The distressing and ironic answer? The Boston hackers could eavesdrop on more than half of the wireless traffic... at a security conference!

      If most of the people attending last month's RSA Conference have not taken the basic precautions to protect their online activity while using public Wi-Fi, then what of all those civilians setting up shop in cafes and airports?

      In short, say computer security experts, people are putting themselves at risk every day.

      The risk could be reaching one of its highest levels as the country approaches tax season and some of the most sensitive personal and financial information travels the Wi-Fi airwaves. More than 73 million people filed their taxes electronically last year, according to the Internal Revenue Service, and 46 million have already done so this year.

      "When it comes to wireless security, there is a profound amount of user indifference. You don't really see what you are getting yourself into," said Amit Sinha, chief technology officer of AirDefense, the Boston company that conducted "wireless airwave monitoring" one morning at the RSA Conference. AirDefense found that 56 percent of 623 devices - laptops, cell phones, personal digital assistants and PCs - were susceptible to attacks.

      The risks are everywhere.

      "Wi-Fi, as implemented out of the box, is not only not secure, it's promiscuous," said David Perry, director of global education for Trend Micro, a Japanese maker of security software.

      If you use it at home, you're likely to be opening yourself up to attacks unless you take precautions. If you use Wi-Fi in a cafe, "It turns your network into a radio station," Perry said. Or you could be connecting to an "evil twin" - a Wi-Fi network set up by a bad guy posing as the cafe's network.

      And if you use a publicly available computer, such as one in a library, "assume that it's compromised," Perry said. "A lot of those are infected with keyloggers, screenscrapers, bots, rootkits, data stealers, all kinds of stuff."

      At the Black Hat Convention in Washington last month, where security experts gather to marshal forces against the dark side of computing, Robert Graham of Errata Security, a high-end firm in Atlanta, demonstrated his new tool, Ferret. It impressed even the wizards at Black Hat with its ability to watch all the traffic in a network. Graham has made the tool available free on his Web site.

      In addition to the threats in public, many people do not secure their home Wi-Fi networks, sometimes because of the hassle, and sometimes because of an egalitarian impulse to share their Wi-Fi.

      "The home presents even more vulnerabilities than hotspot environments," said Stu Elefant, senior product manager at McAfee Inc., the security software firm in Santa Clara, Calif.

      "With wireless networks, your data is being transmitted over the open air," Elefant said. "Anyone can grab those data packets. And they can jump on your home wireless network to do bad things to you, and to other people. It's as if they came in your front door and plugged into your network. They can look for vulnerabilities, out-of-date security software, unpatched operating system holes," and they can set up your computer as a "bot" or "zombie" that they can use for other attacks.

      "Wireless gives them a semblance of anonymity," he said. "They can launch spam on other people, launch virus attacks on other people, steal pirated material, and the homeowner is the one who is going to get the knock on the door from the FBI."

      But all the scary rhetoric doesn't mean there are no solutions out there. There are many things people can do to make themselves safer, but those things often mean spending a little money and time.

      Two of the most popular solutions are from security software companies Symantec and McAfee. McAfee Wireless Protection sells for $29.99 for a year and its flagship McAfee Total Protection is $59.99. Total Protection offers a more complete suite, including firewall, backup, antivirus and antispam. Symantec's Norton Internet Security 2007 features antivirus and firewall, among other things, and is priced at $69.99 for a year's subscription; Norton 360 is $79.99 for one year and includes backup and tuneup, and is billed as being more comprehensive and easier to use. Both companies' products may be installed on up to three machines.

      With the solutions available, people should feel somewhat safer in their online interactions. Run everything through what Paul Miller, managing director of Symantec's mobile security group, calls a "secure tunnel," and you should be safe.


      Security experts offer these tips when using wireless Internet access:

      Use a suite of security software, including a firewall, like those available from McAfee, Symantec and Trend Micro. Make sure your software is up to date. Some companies, such as Webroot of Boulder, Colo., offer free scans of your system from their Web sites.

      When logging on in a cafe or hotel, make sure you find out from an employee what the name of the network is, so you don't fall for a phony network set up by a hacker.

      Change the password when you set up your router at home.

      Try using OpenDNS, a free service at opendns.com, which will change the router's settings and, among other things, prevent pharming attacks (in which you think you're entering data at, say, your bank's Web site, but really you're at a fake site).

      When on a secure financial site, make sure the address bar reads https (the "s" at the end stands for "secure") and that a picture of a lock shows up next to the address.

      To get particularly tricky, when setting up your laptop, Robert Graham of Atlanta's Errata Security suggests giving yourself a gender-bending sign-in. If your name is Bob, make your sign-in Mary. Most hackers wouldn't suspect people of lying to their own computer, and it will throw them off the trail of your data.

      If you get confused, call tech support for the router or the security software. You can also pay for a service like Best Buy's Geek Squad to fix the problem.

CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.

Final Entries

LINK TO: Bennett Gold Chartered Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Privacy Breaches.

Get WebTrust
Working For
Your Site.