Tag Archives: Wi-Fi

The Pictorial Definition of ‘Unexpected User Error’

Send to Kindle

So here’s a funny story: Detroit Tigers General Manager Dave Dombrowski goes on TV from the press room at Comerica Park to discuss the suspension of Tigers outfielder Delmon Young — in full view of a sign declaring the SSIDs and passwords of some local Wi-Fi networks. This clip ran on ESPN’s Baseball Tonight, presumably in front of millions of viewers. That’s probably how this screengrab ended up on Reddit, which in turn ended up on Bruce Schneier’s blog.

Check the picture: You can clearly see the two SSIDs — MLB-Press and MLB-Photos — along with their respective passwords, BWAA#2012 and Photo#2012. (BWAA isn’t a random alphanumeric string, by the way, it’s an incorrect abbreviation of Baseball Writers Association of America, lest you think the Tigers IT staff were trying to make the password less obvious.)

Now, I’m certain Dombrowski gave not two seconds thought to network security when he posed for his television stand-up; he had bigger things to worry about. But I’m also equally certain that the Tigers IT staff doesn’t have a contingency plan in place for “local Wi-Fi credentials get broadcast on national television.”

The Wi-Fi networks are non-sensitive, to be sure, as most sports venues offer dedicated and separate wireless access for the press, often with a standalone high-bandwidth connection for photographers to upload large images and video files during the game. Signs like the one captured in the background of the above photo are found in almost every major sport team’s press room, not just Detroit’s. It’s extremely unlikely the publication of these credentials put the Tigers organization at any risk of a serious security breach.

That said, everyone within a hundred feet or so of the Comerica Park press room can now snag a chunk of free Wi-Fi bandwidth, which means if somebody wanted to prevent the local press from getting online during the next Tigers game by playing bandwidth hog — or simply wanted a nice fat pipe to anonymize their own nefarious outbound traffic — Mr. Dombrowski just gave them exactly what they need. And he didn’t know it. There are hackers out there that would want to spike the Tigers Wi-Fi network just because the team was dumb enough to throw login credentials out on TV, either for the attention or because the hackers bizarrely consider making an example of dumb enterprise security is a public service. In either case, the Tigers computer staff just got sucker-punched through no real fault of their own.

That’s the point.

User error can’t be predicted. Neither can all your risk vectors. Eventually, something will get exposed, corrupted or deleted in a way you never expected, and you’ll have to clean up the mess. That’s the nature of IT security and data integrity.

Hope you’ve got a good backup plan.

Five Steps to Surf Safely on Public Wi-Fi

Send to Kindle

wi-fi garbage

One of the great advantages of Software-as-a-Service solutions like Salesforce and Google Apps is that you can access these tools from any Web browser, rather than simply from a PC connected to the corporate LAN. With this reward comes some risk: Your data is now transmitted via Internet connections you don’t control — including public Wi-Fi hotspots with dubious security measures.

Below are five simple steps to make sure your web apps stay safe, even over the sketchiest wireless network.

1. Disable Automatic Wi-Fi Connections
For the sake of convenience, most laptops are configured to automatically seek out and connect to available wireless networks, often without you even noticing. The security risks involved are fairly obvious. You should disable automatic Wi-Fi connections to ensure your computer doesn’t wander into any unsavory wireless neighborhoods.
Instructions: Windows | Mac

2. Disable Sharing
Both Mac OS X and Windows natively support shared network printers, directories and hard drives, and hackers use faked printer and storage connections to sneak onto your laptop over public wireless networks. Shutting down remote sharing is a must for a laptop in the wilds of unknown Wi-Fi.
Instructions: Windows | Mac

3. Choose the Most Secure Network
Just because the SSID name reads “Free public Wi-Fi” doesn’t mean it’s actually provided by the local venue. Hackers often set up false networks simply to gain access to your computer. Before you logon to any wireless network, make sure it’s legitimate. Most public spaces, particularly airports and hotels, post the names of their Wi-Fi networks. If the SSID name isn’t posted, ask the staff. Never assume.

That said, there are often multiple legitimate networks available in the same area, especially in business offices and conference centers. If given a choice of Wi-Fi connections, choose the one that’s most secure. In order of most to least secure, WPA2, WPA and WEP are the preferred security protocols. Secured networks typically require a password to access, but that minor inconvenience is worth the added level of encryption that secured networks provide. If no secured networks are available, proceed with caution.

4. Use a Personal Firewall
Both Mac OS X and Windows provide personal firewalls to block malicious traffic from reaching your computer. Any application that tries to access your laptop must clear your firewall first. Turn your firewall on and keep it on at all times, but especially when surfing public Wi-Fi.
Instructions: Windows | Mac

5. Use SSL At All Times
Secure Sockets Layer encrypts web traffic, making your passwords and communications that much harder to eavesdrop or steal. All Google Apps services and most webmail providers offer an SSL option, noted by the HTTPS web address and the padlock icon in the address bar. Bookmark the SSL version of any online service you use, and don’t waver in that preference.
Instructions: Chrome | Firefox | Internet Explorer

A Virtual Private Network creates a secure, encrypted communication channel within a public Internet connection. They aren’t free (or, rather, the ones that are free often impose advertising on your web surfing), but they do offer an added level of protection that is generally worth the cost. You can choose from a number of reputable VPNs here.

The ‘Ten Riskiest Online Cities’ isn’t news, it’s common sense

Send to Kindle
Internet - Good Or Bad?
Image by Mikey G Ottawa via Flickr

Security software maker Norton recently published a list of the Top 10 Riskiest Online Cities, which at first glance looks like a top ten list of the some of the most Web-connected cities in the US. So I tested my hypothesis and compared Norton’s list with the¬†Forbes list of the 20 Most Wired Cities in America.

Only one city on Norton’s list of risky metroplexes failed to appear in Forbes top 20, and that city — Minneapolis — was the magazine’s seventh most wired city in 2009. This tells me that the line separating seventh from 21st in Forbes list isn’t very wide, so all these cities are pretty heavily Internetted up.

Below is the list of Norton’s wretched hives of cyber-scum and villainy, with each city’s 2010 Forbes wired ranking listed in parentheses:

  1. Seattle (3)
  2. Boston (12)
  3. Washington, DC (5)
  4. San Francisco (4)
  5. Raleigh (1)
  6. Atlanta (2)
  7. Minneapolis (20+)
  8. Denver (7)
  9. Austin (20)
  10. Portland (10)

What a shock: In a city where more people subscribe to broadband Internet, and there are more public Wi-Fi hotspots, more cybercrime happens!

As Willie Sutton apocryphally remarked when asked why he robbed banks, “That’s where the money is.” Why does more cybercrime happen in these cities, at least by Norton’s measure? Because that’s where the cyber-citizens are. (These ultra-Web-friendly ‘burbs also have the highest density of potential Norton security customers, which may also have had some influence on the composition of Norton’s list.)

You can always split hairs, of course. Seattle, Boston, DC, Minneapolis and Austin are all slightly less safe than their wired ranking would suggest. ¬†Raleigh, Atlanta and Denver are slightly safer than they “should” be. Portland and San Francisco, meanwhile, are right in line, with their wired and risk ranking precisely equal. Bottom line: If you live in a Web-centric city, odds are you’re going to encountered more Web-centric activity, both good and bad.

For our part, Backupify is in the business of helping you protect yourself from data loss, and one of the leading causes of such loss is cyberattack and other forms of online crime. As your personal online activity increases — and you store more data in the cloud — you become a more likely and more tempting target for cyberattack. But I’m pretty sure you knew that. Norton’s list doesn’t tell us anything new. It just reminds us that the more business we conduct online, the more of our risk we shift online, too.

Hope you have a backup plan.