It’s summer. More and more people prefer to work in the open air instead of sitting in stuffy offices. At times you can see many people in a city park relaxing on a bench, by a fountain together with a laptop.

Your confidential information is in danger.

And, actually, it does not matter what exactly they are doing – working with the e-mail or your internet-banking, uploading pictures, using blogs or simply surfing the web.

All of them are connected to the Internet using Wi-Fi access. Every day more and more hotspots become available to users and practically every large city offers such access points.

From the perspective of any software developer who deals with information security issues, there is no secure access to the Internet in the street. Wi-Fi architecture cannot boast of any real security whereas the encryption and access isolation algorithms used here possess weak cryptographic strength and can be easily cracked.

According to the recent ABI Research the number of Wi-Fi hotspots all over the world is steadily growing.

The number of free Wi-Fi Hotspots is rapidly growing.

According to 2008 research results, the largest number of hotspots was found in Europe. For several consecutive years the UK has been the leader in the total amount of hotspots.

The most significant growth in the number of hotspots was recorded in France, Germany and Russia. Today we can easily say that open Wi-Fi access technology exists almost in every major city in Europe and even in the Middle East.

The leading computer security specialists believe that one of the worst types of the threat is the so-called “man in the middle” attack.

This expression is frequently used in cryptography and describes a situation when an intruder can read and modify messages of other correspondents so that neither of the parties will notice the presence of the intruder.

”An attacker may be connected to the same network, is able to constantly control your Internet connection and replace Internet-pages waiting for the moment when you give him your confidential information into his hands”.

Anti-virus researchers add:

”No matter what goals you pursue connecting to the insecure Wi-Fi network, we advise you to use only the protected HTTPS protocol to access the webmail. We highly recommend to avoid using the sites which require personal data entry, such as Internet-banking service.”

It’s not that hard to protect yourself from undesired consequences as it may seem. You should simply introduce a set of changes to your software security policy.

There are several principal security threats while using free Wi-Fi hotspots:

• The possibility to intercept your personal data which you enter to access various servers, payment systems or bank terminals. The networks set up by hackers resemble legitimate Wi-Fi free access points.
• An attack of a computer connected to the same hotspot with the help of an unknown malware, which is absent in virus signatures’ base.
• Sniffing – the interception and analysis of your Internet traffic by attackers may lead to the loss of confidential information.
• Data leakage through the “man-in-the-middle-attack”.

By means of practicing the simple rules below you can prevent such attacks and ensure your Wi-Fi security:

• Use SmartHide technology to connect to the Internet. It’s best to access the web through SmartHide tunnel set up in your network.
• Use only secure protocols, such as HTTPS and POP3s to access the e-mail.
• Disable confidential and personal data transfer through protocols which are not protected by secure data encryption algorithms.
• Avoid using Internet-banking through public Wi-Fi networks unless you are under SmartHide Service potection.
• Make sure that you’ve set up the firewall and antivirus software to block the incoming traffic, updated the virus signatures’ base and activated the extended heuristic analysis mode.

Copyright (c) SmartHide Security Octopus

You already know that if you want to lock down your Wi-Fi network, you should opt for WPA encryption because WEP is easy to crack. But did you know how easy? Take a look.

Today we’re going to run down, step-by-step, how to crack a Wi-Fi network with WEP security turned on. But first, a word: Knowledge is power, but power doesn’t mean you should be a jerk, or do anything illegal. Knowing how to pick a lock doesn’t make you a thief. Consider this post educational, or a proof-of-concept intellectual exercise.

Dozens of tutorials on how to crack WEP are already all over the internet using this method. Seriously—Google it. This ain’t what you’d call “news.” But what is surprising is that someone like me, with minimal networking experience, can get this done with free software and a cheap Wi-Fi adapter. Here’s how it goes.

Security Octopus Note: All SmartHide Service users should not worry about the safety of your WiFi network connection. Using SmartHide makes your access to Internet using WiFi completely secure and your personal data will be safe. This video shows the actual danger of using WiFi without proper protection.

Source: lifehacker.com

Security experts have gathered at Black Hat

Demonstrated at the Black Hat hacker conference in Las Vegas, the tools make it far easier to steal account details, said Robert Graham of Errata Security.

Identifying files called cookies are stolen in the attack which let hackers pose as their victim.

This gives attackers access to mail messages or the page someone maintains on sites such as MySpace or Facebook.

Hacker gathering

Prior to the demonstration, which involved the live hijacking of a Google mail account (GMail), many sites were thought to be safe because they encrypted the data swapped back and forth when people login.

However, Mr Graham carried out his attack on the unencrypted cookies, tiny text files, many sites use to identify people that regularly return.

The tools created by Mr Graham, called “Hamster” and “Ferret”, watch the traffic flowing in and out of public wi-fi hotspots and let attackers grab cookies as they are passed back to people logging in to their webmail or social network account.

Using the cookie an attacker could pose as a victim and enjoy almost the same level of access to an account as its rightful owner.

There were some defences against the attack, said Mr Graham.

Attackers would be unable to change a password and take over an account as most sites ask people to re-enter their old password before letting them make changes.

Also, said Mr Graham, some webmail services, such as GMail, let people encrypt all the data passed back and forth as they deal with their mail.

Malicious hackers are turning to popular video sites

Mr Graham revealed his findings during a presentation at the four-day Black Hat conference held in Las Vegas. The conference brings together security professionals around the world who swap information about the latest exploits and future vulnerabilities.He said Errata would make the attack tools publicly available via the company’s website for anyone to download.

Also at the conference David Thiel, of security firm iSec Partners, revealed that PC media players have significant vulnerabilities that could be exploited by hi-tech criminals.

The loopholes could be used to attach malicious programs to music or video downloads in order to hijack a PC.

He suggested that popular pages on social networking sites could be subverted by malicious hackers to add the booby-trapped media files.

“The potential for attack is pretty severe,” he said.

Mr Thiel said the makers of the media players had been told about the problems and were working on fixes for them.

Source: BBC.co.uk