This blog will not only deal with computer security but also with Fraud and Social Engineering. An an introduction I'll give you a personal story about how I left myself vulnerable and embarrassed.
I was exploring Fisherman's Wharf with a vacationing friend of mine. As with most cities as the evening begins to take over, the tourist shops begin to close up and the seedier side of the city comes out. We were walking along some of the more permanent shops on Embarcadero when we came across of group of males lounging about. I wrote them off as typical street performers, but instead of walking past I made eye contact with a guy. That was my first mistake. As an obvious tourist with a camera around my neck, I was obviously an outsider to the area. As soon as I made eye contact, he started right in.
"Would you like a shoeshine?" I said no, as we attempted to get by, almost made it but he caught my attention with another statement. "I can show you a trick." I'm normally curious about people, and for some reason that stopped me. I nodded for him to go on, curious and a bit amused. "I bet you that I can tell you where you got your shoes." this flagged my curiosity even more. Not quite sure what to say, I told him to go on. "I can tell you where you got your shoes, here let's shake on it." My impulse was not to make physical contact but he reached out and shook my hand, as everyone around him watched. Now I was obligated, and pretty much my last mistake.
He stepped back, and then said "You got your shoes, on your feet!", then swooped in and put shoeshine goop on my shoes and began cleaning them. Suckered out of $20. As I left, he imparted me with another blow to the ego. "The shine was free, you paid for an education."
You know, he was actually right. It helped me understand the phases of a con. Praying on curiosity, disbelief, and a trick that has little to no payoff. Added onto that was a false sense of obligation, and quickly catching me off guard. I'll always remember that encounter, and frankly it was worth the $20 "shoeshine" for what it taught me.
First: Never make yourself look like a tourist. I had a large camera around my neck, and I was looking around at the sights and sounds as if I were a vulnerable target. Now I've switched to a small, pocket-sized camera.
Second: Never acknowledge a stranger that has more to gain out of an encounter than you do. You see this in Las Vegas, those guys who hand cards out on the sidewalks. If you make eye contact, or start a conversation by saying "No Thanks", there's no telling how quickly you'll end up with a card in your hand.
Third: If they are with a group of people, it can be even more dangerous. Best case they'll chide you if you walk off without living up to your end of the deal worst case, they'll take you down an alley.
Fourth: Never find yourself in an unfamiliar place at night, not only is it creepy but dangerous as well.
Thankfully my encounter was fairly harmless, and this type of con has gone on for hundreds of years. I watched a show about old time freakshows, where they played these types of tricks on people. It just goes to show, no matter how old the con there are always people unprepared to deal with the situation.
9/11/08
Securing your Wireless Connection Part 2
I apologize for such a big break between blog postings. In the future I'll make my posts shorter, as I realize the last post was quite a bit to register all at once.
But at least we have the definitions out of the way and now work towards proper wireless IP configuration.
Items to disable:
SSID, so long as you know the name of your access point you can manually configure your devices to connect to your wireless access point. Disabling SSID will prevent everyone in the neighborhood from knowing that you have a wireless router.
Web based configuration from the outside, this is actually more of a port setting on the router. You never want to open up a login/password screen for anyone on the outside network. This opens up an avenue where a hacker could use automated scripts to log into your router over and over again until it has your password correct.
Items to enable:
WPA encryption, although a little more complex to set up WPA is far more advanced than WEP, which can be cracked in a short period of time. I say this because once WEP is cracked, a hacker has access to all of your computer sessions on the network. I have noticed that devices such as Nintendo WII and DS only connect using WEP protocols, if you have to go this route due to limitations of your wireless devices make sure that you have a fairly random and complex WEP key. Steve Gibson has an excellent random number/password generator, Click Here to view
MAC address filtering, this step is optional but offers more control for your network devices. Every network enabled device has a MAC (Media Access Control) address, which is unique to each device. View your network device documentation to find the Mac address, add it to the allow list and only machines with your unique addresses will be allowed on to the network. This is a huge undertaking for a large-scale network, but pretty manageable on a small home network. MAC addresses can be spoofed, in other words a person with the right software can make its MAC appear to be the same as another device. In order for this process to work correctly to get into your private network, they would have to actually know the MAC addresses that you have on your allow list. So long as you aren't broadcasting this information, you'll be safe.
That's it for now. I'll continue to add configuration tips throughout the blog, but will try to work with quick and to the point posts from now on. I'll be glad to answer any questions that you have.
But at least we have the definitions out of the way and now work towards proper wireless IP configuration.
Items to disable:
SSID, so long as you know the name of your access point you can manually configure your devices to connect to your wireless access point. Disabling SSID will prevent everyone in the neighborhood from knowing that you have a wireless router.
Web based configuration from the outside, this is actually more of a port setting on the router. You never want to open up a login/password screen for anyone on the outside network. This opens up an avenue where a hacker could use automated scripts to log into your router over and over again until it has your password correct.
Items to enable:
WPA encryption, although a little more complex to set up WPA is far more advanced than WEP, which can be cracked in a short period of time. I say this because once WEP is cracked, a hacker has access to all of your computer sessions on the network. I have noticed that devices such as Nintendo WII and DS only connect using WEP protocols, if you have to go this route due to limitations of your wireless devices make sure that you have a fairly random and complex WEP key. Steve Gibson has an excellent random number/password generator, Click Here to view
MAC address filtering, this step is optional but offers more control for your network devices. Every network enabled device has a MAC (Media Access Control) address, which is unique to each device. View your network device documentation to find the Mac address, add it to the allow list and only machines with your unique addresses will be allowed on to the network. This is a huge undertaking for a large-scale network, but pretty manageable on a small home network. MAC addresses can be spoofed, in other words a person with the right software can make its MAC appear to be the same as another device. In order for this process to work correctly to get into your private network, they would have to actually know the MAC addresses that you have on your allow list. So long as you aren't broadcasting this information, you'll be safe.
That's it for now. I'll continue to add configuration tips throughout the blog, but will try to work with quick and to the point posts from now on. I'll be glad to answer any questions that you have.
Subscribe to:
Posts (Atom)