Scary New Malware Uses Your Phone To Make A Map Of Your House For Robbers. If you aren’t careful, much of the tech you hold near and dear can be used against you. An app called PlaceRaider, for instance, can use your phone to build a full 3D map of your house, all without you suspecting a thing. Developed by Robert Templeman at the Naval Surface Warfare centre and a few buddies from the University of Indiana, PlaceRader hijacks your phone’s camera and takes a series of secret photographs, recording the time, and the phone’s orientation and location with each shot.
Using that information, it can reliably build a 3D model of your home or office, and let cyber-intruders comb it for personal information like passwords on sticky notes, bank statements laying out on the coffee table, or anything else you might have lying around that could wind up the target of a raid on a later date. You might be asking yourself “why not just take video?” There are a couple of reasons. Top 10 Safety Tips for Wi-Fi Hotspots. Public Internet access portals pose security risks if you don’t take precautions. Wi-Fi hotspots can be found at hundreds of thousands of locations worldwide, and the Wireless Broadband Alliance predicts that deployments of wireless network access points will increase 350 percent by 2015. The widespread availability of Internet connectivity means you can cruise cyberspace anywhere from your front porch to your local coffee shop to hotels, airplanes and beyond without being tethered to an ethernet cable.
But just because you can connect to these open portals from your smartphone, tablet, Ultrabook or laptop, should you? Wireless Internet offers many benefits in terms of flexibility and improved productivity, but there are also serious security risks. If you can get easy online access from a Wi-Fi hotspot so can experienced hackers who can tap into your system to read your email, scan the websites you visit and even pay an unauthorized visit to your hard drive. 1. 2. 3. 4. 5. 6. 7. 8. 9. Home Wi-Fi Network Security: 4 Ways to Avoid Big Trouble CIO. CIO — Locking down your home Wi-Fi network with a password is like making sure you eat your broccoli.
It's probably good for you, but you probably think it's not much of a priority or a big deal. Well, it's time to make an attitude adjustment. It turns out that you can cause yourself a good deal of trouble by leaving that door to your system unlocked. Don't believe me? Just listen to the story of a homeowner in Buffalo, N.Y., who endured an ugly encounter with a weapons-waving coterie of law-enforcement agents who swarmed into his house in February and accused him of downloading a huge trove of child pornography, a federal crime.
As you might have guessed, the man (his name has not been released) was guilty of nothing more than failing to secure his Wi-Fi network. After an extensive grilling and the seizure of his family's computers and smart phones, the real culprit emerged. I'm not saying there's a creep outside of every unlocked electronic door just waiting to download kiddie porn. Midnight raider: Why someone may be looking at your online bank statements. Someone has been logging into my online banking account. Yesterday, after working with my bank to get to the bottom of this I finally found out who was doing it -- and I was dumbfounded. I first noticed the clandestine activity on Tuesday morning after I had received an e-mail message from my bank. The note confirmed receipt of a request, sent from my online account, to change how my banking statements are delivered.
As I had made no such request, I found this somewhat disconcerting. I immediately logged into my account to see what was going on. That's when I saw it: In the upper right hand corner of the account summary screen was a status update I'd never noticed before. Last logged in: 05/03/11 at 2:34 AM. Everyone in my household had been in bed at that hour, and all of our computers were turned off. Uh-oh. As I trolled through my bank accounts, I braced for the worst. I immediately changed my password and challenge questions and called the bank's online group. Identifying the perpetrators. Securing wireless networks at home and at work. In case you didn't see it, there was an interesting post on Network World detailing a heckuva Wi-Fi security horror story.
Imagine sitting on the couch with your family watching the latest episode of American Idol, Gray's Anatomy or Top Shot, and suddenly a flash bang grenade bursts through your window, stunning you temporarily as a FBI SWAT team comes swarming in to take you into custody on charges of child pornography. Hey, it was your network, but it wasn't you!! Not securing your wireless network is pretty dangerous these days. As an IT professional you really have a responsibility to not only secure your own wireless LAN, but also those of the people close to you. I mean, if you were a doctor and stopped by your mom's house one day to find her chain smoking in a tanning bed, wouldn't you say something?
Most wireless devices come with easy-to-use, web-based admin consoles that make configuring security fairly painless. Require authentication and don't use WEP. Flame on...Josh. Microsoft, Juniper urged to patch dangerous IPv6 DoS hole. Network World - Security experts are urging Microsoft and Juniper to patch a year-old IPv6 vulnerability so dangerous it can freeze any Windows machine on a LAN in a matter of minutes. Microsoft has downplayed the risk because the hole requires a physical connection to the wired LAN. Juniper says it has delayed a patch because the hole only affects a small number of its products and it wants the IETF to fix the protocol instead. SEE IT YOURSELF: How to use a known IPv6 hole to fast-freeze a Windows network The vulnerability was initially discovered in July 2010 by Marc Heuse, an IT security consultant in Berlin.
The hole is in a technology known as router advertisements, where routers broadcast their IPv6 addresses to help clients find and connect to an IPv6 subnet. Heuse became so frustrated with Microsoft's refusal to fix the hole that he published his findings to the Full Disclosure mailing list on April 15. Microsoft has little to say on the subject. Motorola jacks up high-end 802.11n Wi-Fi controller capacity tenfold - Computerworld. Network World - Motorola Solutions Tuesday recast its enterprise WLAN product line with a new range of one- and two-radio 802.11n Wi-Fi access points, plus a large-scale controller that can handle 10,000 access points.
The product refresh is intended to make large-scale, high-performance Wi-Fi networks more affordable and reliable. The new products incorporate Motorola's Wireless Next Generation (WiNG) 5 Wi-Fi software, which was released about six months ago, to push more intelligence to the edge of the wireless network.
BACKGROUND: Motorola shifts Wi-Fi smarts to access points With WiNG 5, access points now can handle a range of tasks that once were centrally handled by a controller, such as roaming, authentication, encryption and local data routing. That change, part of an industry trend by WLAN vendors, can boost performance of streaming video and VoIP, and offloads processing from the controller. The 9000 will ship in June. You hate AUPs, but you need one for guest Wi-Fi access.
By Deb Boehling, partner, Levine, Blaszak, Block & Boothby, LLP April 28, 2011 12:46 PM ET Network World - If you are a smart enterprise customer, you hate carrier "acceptable use policies" (AUPs). They have virtuous roots (avoiding liability for customer communications under the Digital Millennium Copyright Act) but have morphed into lengthy, (allegedly) non-negotiable, overly broad and one-sided "agreements" that make the customer responsible for all kinds of things for which it isn't really responsible and shield the carrier from responsibility for things for which it should be responsible.
It's all true. And you need one of your own. HOW-TO: Improving network access security for unmanaged devices For years visitors have asked to use your company's wireless Internet access without charge while on-site. The risks of providing Internet access to non-employees The biggest operational risk is that the ISP takes down your Internet connectivity because of "bad conduct" by a guest. Hacking to pwn a cop car. Penetration tester Kevin Finisterre has found all kinds of exploits and has been hired to hack all kinds of companies and peculiar devices.
But after Finisterre was hired to pen test a city's infrastructure, he discovered just how easily he could compromise a police cruiser's computer gear. He tapped into a digital video recorder in a cop car and soon saw the live feed on his computer screen. Cameras mounted on dashboards are meant to insure police accountability about any possible abuse of authority as well as to collect evidence. These dash-cams can provide situational awareness in real-time of perps and of officers for law enforcement back at the police station.
By the end of the hack, Finisterre accessed the DVR hard drive and could see with cams and hear through the microphones in the police cruiser. By using default passwords, he was able to upload, download and even delete video feed files which had be collected from cop cars. Dirty Mary Crazy Larry? For safe browsing, always use protection. | Private Internet Access. Force-TLS. Firesheep: Why You May Never Want to Use an Open Wi-Fi Network Again - Kashmir Hill - The Not-So Private Parts. Downloads for codebutler's firesheep - GitHub. Liar, Liar, Sheep on Fire. New Firefox add-on hijacks Facebook, Twitter sessions. News October 25, 2010 03:38 PM ET Computerworld - A new Firefox add-on lets "pretty much anyone" scan a Wi-Fi network and hijack others' access to Facebook, Twitter and a host of other services, a security researcher warned today.
The add-on, dubbed "Firesheep," was released Sunday by Eric Butler, a Seattle-based freelance Web application developer, at the ToorCon security conference, which took place Oct. 22-24 in San Diego. Butler said he created Firesheep to show the danger of accessing unencrypted Web sites from public Wi-Fi spots. Although it's common for sites to encrypt user log-ons with HTTPS or SSL, few encrypt the actual traffic. "This leaves the cookie, and the user, vulnerable," said Butler in a post to his personal blog. With a user's cookie in hand, a criminal can do anything the user can do on a site, Butler noted. Butler did not reply to an interview request Monday. Butler created Firesheep to illustrate the wide-ranging problem of unencrypted sites and public networks. Add-on Search Results for Firesheep. BlackSheep - A Tool to Detect Firesheep. UPDATE: see the requirements for the extension at the end of the postUPDATE: an new version is availableUPDATE: BlackSheep for Linux is available hereUPDATE: If you use FileVault on MacOSX, you might be prompted for a password.
See this thread for more information. You've probably all heard of Firesheep by now, a Firefox add-on which lets anyone hijack a user's session to various popular web applications when they're using an open wireless network. While sniffing/stealing session credentials is nothing new, Firesheep exposes this capability to the masses by automating the process so that absolutely no technical know-how is required.
Unfortunately, it is actually quite difficult to defend against Firesheep because most sites only permit SSL connections during the initial login, not while surfing other pages. As such, while your username and password are encrypted, your session ID is available to all other machines on the same network. How BlackSheep works Use Firesheep to combat.... TCPDUMP/LIBPCAP public repository.