Choosing a nondescript WiFi name (SSIDs)

Choosing a nondescript WiFi name (SSIDs)

Many people proudly proclaim to the electronic world their WiFi network name as the name of their business or family name.

This makes sense if you are Starbucks or McDonalds and you are offering free public WiFi access.

However, I think it is a mistake to be doing this if you don’t have a good reason other than not knowing what else to choose. It would be better to not attract attention to your network with a name such as Banana or Gone Fishing.

One of the best SSID’s I have seen was “Surveillance Van”. Definitely got a good chuckle out of that one.

Unfortunately Wireless technologies are generally insecure and these signals go well beyond the physical boundries of your walls. Someone could be sitting in a surveillance van across the street connected to your network.

Another mistake I commonly see is that WiFi passwords never get changed. Employees come and go but they still have access to connect to the corporate network.

Now go be creative and change the name of your Wireless network.

Opening your Passport can Lead to Identity Theft

Opening your Passport can Lead to Identity Theft

Over 100 countries in the world use e-passports. The US has for a number of years. Canada is just coming on board as one of the last G8 nations to do so.

ePassports contain embedded computer chips. More specifically an RFID chip (Radio Frequency Identification). These chips can contain information such as name, date of birth, gender, and digital photograph. They can also contain biometric information such as iris scans and fingerprints.

Simply opening up your passport and being in the vicinity of an RFID reader opens you up to the possibility of having your information scanned.

Unfortunately passports need to be frequently taken out and opened when traveling for customs, hotels, car rentals, etc.

It is recommended that you store these new passports in a special sleeve to block RFID signals.

Many other cards now being issued contain RFID chips, example Nexus.

Do you agree with storing personal information in RFID chips?

4-Digit Codes

4-Digit Codes

It is unfortunate that many organizations have instituted basic 4-digit codes to be used for a variety of security applications:

  • bank and credit card pins
  • luggage tags
  • garage door opener
  • home keyless locks
  • safes
  • briefcases
  • padlocks

Almost everyone uses some form of their birthdate, combination of their birthdate (month, year), or other family members.

Interesting I read recently that the top ten 4 digit codes are:

  1. 1234
  2. 0000
  3. 2500
  4. 1111
  5. 5555
  6. 5683
  7. 0852
  8. 2222
  9. 1998

It is estimated that the above 10 codes represent 15% of all user codes being used. Even worse is that once you know someone’s user code, they tend to use it everywhere, even for email accounts and computer passwords.

Certainly 4-digit codes have limited variations, but if you must use only 4-digits, please try and make the deterent a bit more difficult to overcome. Shake things up and use different codes in different places. And most of all, don’t be part of the 15%!

Are you guilty as well?

Fraudulent and Annoying Solicitations

Fraudulent and Annoying Solicitations

Being the owner of a company, I receive many irritating calls per day from companies trying trying to either gain my business or scam me. Special rewards and promotions, cheaper overseas work, & discounts. Some are bold and indicate they are from a survey company or some well known company asking to update their records. They want you to confirm information (mailing address, email address, owner of company, phone, fax, number of employees).

I get so many of these that you tend to lose patience, cut them off, and ask them to remove you from their list. Hang up and don’t give them another chance. They are very smooth talking and have been coached with their scripts on how to counter anything you say. They have an excuse for everything. Some will even try to bully you and/or talk fast and not let you interject. Otherwise will say it is a limited time offer and you need to act immediately.

If it sounds too good to be true, that’s because it is. You aren’t that lucky, you haven’t won that dream vacation. There is always fine print and a scam in play. If something is legitimate, there are many ways to qualify it and you don’t need to be time pressured. You can ask questions and ask for written information. Ask for their number so you can call them back.

If you are suspicious of a business, you can report them to:

Infected Laptop Running Windows, Hijacked hosts File

Infected Laptop Running Windows, Hijacked hosts File

Recently I helped a friend who had an infected laptop running Windows. One of the first things you want to do is disable any network connection (wireless or wired) such that your computer cannot communicate with your own local area network or the Internet. This helps prevent further spread of the virus and collateral damage.

In order to run scans on the system, it is best to download them to a USB stick or burn to a CD, and then install from that removable device on the infected system. CD’s are the ideal because they are read-only and cannot be infected while the USB key could potentially carry a virus back to your other systems.

After running through a variety of scanning tools for spyware, malware, and viruses we felt we had cleaned it up quite well. (Note that the only way to truly know is to reinstall everything – not fun). (Second note, not all antivirus are the same and they scan for different issues).

I thought I would just check one last spot which I have seen some crafty (malicious) things done in the past:

c:\windows\system32\drivers\etc\hosts

Sure enough, this file had been hijacked. Here were the contents:

 

  • 74.125.45.100 4-open-davinci.com
  • 74.125.45.100 securitysoftwarepayments.com
  • 74.125.45.100 privatesecuredpayments.com
  • 74.125.45.100 secure.privatesecuredpayments.com
  • 74.125.45.100 getantivirusplusnow.com
  • 74.125.45.100 secure-plus-payments.com
  • 74.125.45.100 www.getantivirusplusnow.com
  • 74.125.45.100 www.secure-plus-payments.com
  • 74.125.45.100 www.getavplusnow.com
  • 74.125.45.100 safebrowsing-cache.google.com
  • 74.125.45.100 urs.microsoft.com
  • 74.125.45.100 www.securesoftwarebill.com
  • 74.125.45.100 secure.paysecuresystem.com
  • 74.125.45.100 paysoftbillsolution.com
  • 74.125.45.100 protected.maxisoftwaremart.com

 

What this accomplished was not only preventing your system from communicating with legitimate anti-virus websites, it was potentially hijacking your web browser and redirecting it to a site that looked and felt like the legitimate one (spoofed / phishing).

The hosts file had been hidden as a system file. It had been set as read-only. And no matter what we did, we could not overwrite it, delete it, save new contents…

We discovered a handy free utility called Unlocker (http://majorgeeks.com/download.php?det=4660) which resolved the problem and deleted the file for us.

Maybe check the contents of your hosts file and see if anything interesting lurks there.