Unsecured Wireless Routers

Here’s what happens when you don’t take proactive steps to secure your wireless router (or wireless network). Recently there were a series terrorist bomb attacks in India, and threat emails were sent by the terrorists. 

The source of the emails were traced and they came from the home of an innocent family in Mumbai (India). The terrorists had used their unsecure wireless network to gain access to the internet and do their thing. The residents said,

“We did not feel the need to secure or password-protect our internet connection. But now it has become a necessity for all citizens to secure their connections”

This stuff really happens, read the full article here.

So how do you secure your wireless router? What other consequences can you face for leaving it unsecure? Read our previous article. In fact, use the search box on the top right of this site and search for “wireless” - there’s a lot to learn about wireless security at home and in the office.

Keep in mind that when you buy new (or old) wireless equipment such as a wireless router, the security settings are almost always set to the most insecure options. That’s crazy, but manufacturers think that turning on security by default makes it too hard for people to install these things. Maybe, but most people are lazy and don’t turn on the security features, putting them at risk of being hacked or involved in serious crime.

Password Recovery Questions

A lot of web sites these days have a question & answer system as a backup to your password. The idea is that if you forget your password you’ll be prompted to answer a private question.  Assuming you’re the only one who knows the answer to this private question it’ll give you a password to log into the website.

It’s really a second password in case you forget the main password. And it’s not very secure. Let’s look at why.

Your web site password could be anything. If you use a common word then there’s approx 1 in 100,000 chance of someone guessing it (this is actually pretty poor). If  you make up a password that couldn’t possibly exist in the dictionary, e.g. by adding a random number at the end, misspelling words, etc, then the chances of guessing the password are much lower, one in millions or billions. This is good.

Now if you have to provide the name of your pet, school, or mother’s name as a password, the choices are very limited. There aren’t billions of popular pet names, there’s only a handful.

For someone to guess the answer to this question is much easier than guessing a real password. And if someone was to do a little research on you it could be possible to find this out. 

My suggestion is that you don’t use these password recovery options. When signing up to a service and you’re prompted to enter some personal details, enter random characters instead. Go crazy bashing keys on the keyboard, use something like iojxcnmvaioasflseqq. The idea is that no one could possibly guess the answer, including yourself. Then write down your real password and keep it safe.

I’d also like to add a bit about someone that recently had her private question (backup password) guessed by a random stranger.

Her name is Sarah Palin. Someone wanted to read Sarah’s Yahoo email and instead of trying to guess a password they just tried guessing a private question, and got in. This was recently publicised. It isn’t really hacking, someone just did some research and guessed correctly.

The results were disasterous - Sarah Palin is a US governor hoping to be a vice president, and there were sensitive documents in her emails that were then leaked to the internet. 

There’s a lesson here for everyone, including web site developers. Don’t use these private password questions, it’s the weakest link into web services.

Large Hadron Collider Malware

As always people who write and distribute malware take advantage of popular news stories. This time there’s a fake link to a video about the Large Hadron Collider (a new science project). If you attempt to watch the video it asks you to download a plugin (it says that you need to download it in order to view the video).

We’ve mentioned this before, you don’t normally need to download plugins to view videos on the web.

If you see an email or web post with the following then ignore it, it just asks you to install a malicious plugin,

“This thing rocks! By the way, you can watch “Large Hadron Collider” start video report at http://***sed.com/clip/?id=Large_Hadron_Collider Pretty interesting, isn’t it?”

Hijacked Baby Hoax

There’s an email being sent with a message about a hijacked baby. The message encourages the reader to open an attachment, which really contains malware.

This is what the email says:

Subject: We have hijacked your baby

Hey We have hijacked your baby but you must pay once to us $50 000. The details we will send later… We has attached photo of your fume

The attachment is called photo.zip and contains malware. Don’t open the file, just delete it.

Google Chrome

Everyone’s talking about Google Chrome today. It’s a new web browser much like IE, FireFox, Opera and Safari. Here are some things you should know about its security.

• It’s still in "beta", meaning they’re still testing it. It’s an unfinished product. There will be bugs to be found, including security bugs.
• There’s a debate going on about Google’s intentions on releasing a free browser. It seems Google will be collecting some information from some users on their browsing habits. It’s an opt-in service so there isn’t anything sneaking going on, and it can be turned off. But it still makes some people uncomfortable.
• Chrome has a private mode called "Incognito". Some other browsers also have this feature. It’s a good thing. It puts you in control over which web sites save information on your computer and which don’t.
• It uses a new programming model putting each page in its own process. This should make everything safer, but it’s new and time will tell how secure it really is.

And did I mention it’s in beta and security bugs will no doubt be found soon?

I suggest that as soon as Google are comfortable with the performance of this new product it’ll be a good alternative to Internet Explorer.

• About

  Read the latest articles shown on the left, and use the options below to search for past articles. FraudO.com is committed to educating all users on the dangers of the internet and how to avoid them.

• Email Subscription

  Enter your email address:

  Delivered by FeedBurner

• Recently Written

  • Keyloggers
  • Fake Survey Emails
  • Key Duplication
  • WorldPay Fake Emails
  • Fake eNom emails
  • Is WPA Still Secure?
  • Asus Eee Box PC comes with a virus
  • False Microsoft Patch Emails
  • ClickJacking Exploit
  • Skype in China

• Categories

  • Admin (7)
  • Antivirus (35)
  • Backups (5)
  • Fraud (46)
  • General (78)
  • hoax (6)
  • Identity Theft (25)
  • Malware (79)
  • News/Media (42)
  • Phishing (4)
  • Privacy (10)
  • Scams (58)
  • Security (92)
  • Software (60)
  • Statistics (15)
  • Uncategorized (2)

• Archived Articles

  Select Month November 2008  (3) October 2008  (7) September 2008  (5) August 2008  (11) July 2008  (17) June 2008  (8) May 2008  (17) April 2008  (23) March 2008  (22) February 2008  (20) January 2008  (31) December 2007  (17) November 2007  (21) October 2007  (11) September 2007  (5)

• Meta

  • Log in
  • Entries RSS
  • Comments RSS
  • WordPress.org

• Spam Blocked

  6,625 spam comments

  blocked by
  Akismet

• Ads

• Stats