[divider_top]

All Wi-Fi now hackable – this affects everyone!

All Wi-Fi now hackable – this affects everyone!

This topic is so serious, I feel obliged to tell as many people as possible. This affects everyone!

An extremely serious vulnerability has been exposed affecting everyone. We all use WiFi and we are all vulnerable to this latest attack.

 

KRACK ATTACK

Two Belgian researchers discovered a vulnerability in the WiFi protocol (last year! 2016). They put their research paper out for comments in May 2017 and have now released it to the public. Key Reinstallation Attack (KRACK) is a man-in-the-middle attack targeting the 4-way handshake that occurs in the WPA2 wireless protocol. Huh?  Read on..

 

DOES THIS AFFECT ME?

YES!!!

hacker

Not too long ago, we all used WEP wireless encryption (even if you didn’t know). It was the standard and is now extremely unsecure and can be hacked real time.  The industry settled on WPA2 wireless encryption protocol as the new standard. It is everywhere. We all use it. It’s the default.

ALL ARE AFFECTED
Androids, iOS, MacOS, Windows, OpenBSD, Linux, Embedded and IoT devices.

The most vulnerable devices are Android 6.0 for the simplest form of attack making it trivial to decrypt all network traffic yet even Windows and iOS are susceptible to other forms of attack. All major operating systems are vulnerable to at least one form of the attack.

BleepingComputer.com is maintaining a list of all vendors addressing the KRACK WiFi vulnerability.

 

Note this does not affect your cell phone 4G/LTE data connection but rather Wi-Fi.

 

WHAT DOES THIS MEAN?

Someone can be sitting in a vehicle or in your neighborhood, within range of your wireless network, and they can potentially see what devices you have on your network (webcams, security devices, printers, computers, files, private photos). They can see where you are going on the Internet, what websites you are browsing, and potentially see your account passwords. This is a real threat to everyone’s privacy. We all rely very heavily on wireless technologies.

 

WHAT CAN I DO?

  1. Once again, I emphasize how it is important to ensure websites you interact with have SSL encryption. This is another layer of protection that is separate from the WiFi protocol. You need to see that lock symbol in your web browser, it needs to say “https” (the “s” is important).  Also ensure that it continues to stay secure as there are attacks that exploit webservers and disable the SSL encryption.
  2. Make use of virtual private networks (VPN) when connecting to home or office networks remotely. This is another encrypted layer which securely tunnels your traffic over the Internet to the destination.
  3. Ensure you apply firmware and software updates on a regular basis!!  So many people do not apply updates.  For this situation, this affects everything you have which communicates wirelessly. There will be updates coming soon for iOS and Android, make sure you apply them. I am concerned that many of you have never updated the Internet routers at your home and this opens up your entire home network and all devices to hackers. Learn how to update your routers (NetGear / DLink / Linksys / Asus / Ubiquiti / Cisco / etc).

 

I’M NOT TECHNICAL

You need to get some help, either someone your know or else pay someone to secure your devices.    This is not a topic you can ignore and hope it goes away.  Privacy and security is something very real that everyone needs to understand the risks and address.

 

I AM TECHNICAL

Want more information?

https://www.krackattacks.com/

https://arstechnica.com/information-technology/2017/10/how-the-krack-attack-destroys-nearly-all-wi-fi-security/

https://www.bleepingcomputer.com/news/security/new-krack-attack-breaks-wpa2-wifi-protocol/

 

[divider_top]

Breathalyzer… how about Textalyzer?

Breathalyzer… how about Textalyzer?

Texting and driving are becoming big campaigns globally for awareness and definitely with reason. Someone people don’t even look when they are walking and crossing the street. There are apps that help in locking your phone when it detects movement over a certain speed and apps that can send automatic responses indicating your are unable to answer at the moment.

Law enforcement use breathalyzers to quickly test for the presence of alcohol and now a new technology is months away from being tested in New York… a textalyzer.

 

Technology

The technology is being developed by an Israel-based company called Cellebrite. According to public information, law enforcement officers will plug this into a person’s phone for up to a minute and it will do a quick scan of all texts, web surfing history, and emails to see if the device was used before a serious crash.

Privacy

I see huge amounts of potential misuse, violations of privacy, and potential false positives with this very new and immature technology. They claim it will only provide access to phone usage and not personal material, but that information is still present and they go hand in hand.

Compliance

Under the proposed NY bill, people who refuse could have their driving licenses suspended. Yikes!

Big brother is watching.

[divider_top]

Is Your Browser Telling You Everything? How Web Domains Aren’t Always What You Think

Is Your Browser Telling You Everything?  How Web Domains Aren’t Always What You Think

Developer Xudong Zheng created a web page to educate people about a new security threat online. The danger was rooted in the weaknesses of several browsers, including Chrome, Firefox, and Opera.

He found that web addresses could have one appearance while being registered as something completely different.

To show the potential danger, he set up a dummy site. https://www.xn--80ak6aa92e.com/ is a URL appearing in several browsers as www.apple.com. How did he do it? Keep reading to find out.

Back in the early 90’s, only ASCII characters were used in domain names. ASCII, short for American Standard Code for Information Interchange, assigns a number code to each standard English character. If you were working in certain industries or in college school during the 80’s and 90’s, you may remember using it to share document texts between computers and countries.

ASCII

[divider_top]

Parents Are in Control with Google’s Family Link

Parents Are in Control with Google’s Family Link

Here’s good news for parents of kids 12 and under. Google has created a way for young children to have their very own parent-controlled accounts. The new Family Link program offers a safer online experience that gives kids both freedom and safety.

According to Influence Central’s 2016 Digital Trends Study, kids are getting their first smartphones at an average age of 10.3-years-old. 64% have online access with their own laptops or tablets. And tablets are replacing tic-tac-toe and DVDs to make up 55% of family road trip entertainment.

Parents can now moderate their kids’ activities and information-sharing online by requesting an invite to the Family Link early access program. Once approved, they can create an account for each child and start using the free app.

A parent and one other adult can use the app on almost any android cellphone or tablet. Family Link allows a full range of control. At the same time, it encourages parents and kids to talk about online choices.

[divider_top]

What to do if you’re locked out of your phone

What to do if you’re locked out of your phone

If you’ve ever been locked out of your phone, you know how frustrating that can be.  

In fact, there’s a new term for the anxiety people feel when they don’t have access to their phones – nomophobia. In a 2010 British study, a full 53% of participants experienced nomophobia after losing a phone, battery power, or access to mobile networks.

We all depend on mobile now, and we need security features like passwords, PIN codes, fingerprints and gestures to keep our data secure …

But what if you forget your PIN code and you are the one who’s blocked?

You may have to sacrifice data with a factory reset. However, with a little planning, you can have your security and continued access to your information.


[divider_top]