Like so many other technologies, IT – Information Technology – has the potential to make a substantive difference in our lives. Sometimes it offers something entirely new, something it reinvents something that may or may not need reinventing in the first place, and sometimes it solves an issue created by IT in the first place.
To transfer notes from GMail to Google Keep as demonstrated last week, I had to grant access to my Google account to a third-party application. While I was happy to do so to accomplish what I wanted, once that had been done, I no longer saw any value (and indeed quite a bit of inherent risk) in allowing the application continued access. Call me paranoid if you wish, but I prefer it that as few people as possible have access to my accounts. Luckily, revoking access is simply achieved:
One of the pracctical functions in Firefox is the option to save passwords. This also has a backward function, in that you can find out what your saved password is. To do so, simply go to the login-page in question. Then right-click the site and select View Page Info. Go to the Security-tab and find the button View saved passwords. Then click the button View passwords to see all saved passwords.
Now, as I’m sure I’m not the only paranoid browser around, here’s how to set a master password to protect your saved passwords:
At this year’s DefCon, a security problem inherent to the default settings in GMail was unveiled. The problem is that, by default, GMail does not use encrypted sessions.
Windows XP is Microsoft’s longest living operating system to date. Released in October 2001, it succeeded the total failure that was Windows Millennium Edition, and has, in turn, been succeeded by Windows Vista. Service Pack 3 is, as implied by the name, the third major upgrade package – Service Pack – released for Windows XP. Unlike SP2, SP3 contains no changes that are directly experienced by the end-user. SP3 was released for download on May 6th, 2008.
I’ve been using computers more or less actively for about 10 years now. My first encounter with a computer was a hulking 386, which I never really got the hang of. Since then, I’ve encountered computers in many different ways, but the first time I can remember getting a “So that’s what it’s all about” feeling, was back in the summer of 1996. Using Word (!) I constructed my very first website.
A man in his twenties, let’s call him Bill, gets on a bus in Oslo. He carries with him a portable computer, complete with a wireless network adapter. The computer is running Windows XP Professional, and has an app installed called NetStumbler. The man is bored, and decides to have some fun…
Bill turns the computer on and starts NetStumbler. After a short distance, he has found in excess of two hundred wireless networks, half of which are unsecured. The man unboards the bus, and selects one which is unsecured called “Linksys”. He decides to punish the owner a little, you simply don’t leave your wireless network with default settings, onw do you?
He logs onto the network, and using Google, it is the work of a minute or two to learn that the config-page of the router is located at the IP-adress 192.168.0.1, and the default user name and password are both admin. He logs on, and finds another computer connected to the router. He shuts the computer out, and starts working his mischief.
Bill starts out turning off broadcasting of the SSID, and changes the SSID, following which he sets WPA-security. He then changes the admin-password of the router, logs off, and gets on the next bus. The entire process, from logging on to the config-page until he logged back off, took him less than two minutes.
The above scenario is not unthinkable. In spite of it mostly being mindplay, I have myself seen close to fifty available wireless networks, many of which are not only unsecured, but also sport default values for everything. So, what does the scenario teach us?
If you know something of routers, you’ll know that the first thing you’ll try when unable to contact the router, is either connect directly to it with a cable (which wouldn’t help you in the above scenario, as the admin-password has been changed), or simply push the reset-button, located on the back of the router. In the case detailed above, the problem will be solved, and for the owner in question, who hasn’t bothered to set up the router, the default settings will be restored.
The next piece of knowledge we can glean from this, is that by doing two simple things, the security of your router will be heightened by large degrees. By changing the SSID (the name the router presents to the outside world), and changing the admin-password, much has been achieved. If you want to go a step above and beyond this, I’d recommend turn off broadcasting the SSID, and setting some sort of security, either WEP or WPA2. These simple steps will prevent trespassers to connect to the network, and secure the network even more
I’ll not tell you what will work best for you, but I personally feel that if the SSID does not identify you is better than a SSID that does. If your name is John Smith, I think that it is better to call the network HomeLAN than calling it JohnLAN or SmithLAN.
Another thing I’ll tell you is that it is better to use a randomly generated WEP-code, instead of one that can be logically disseminated. A quick Google-search for “random WEP code generator” will provide you with many useful pages, for example this one, whereas a search for “WPA2 code generator” will, among others, turn out this one.
Securing wireless networks is very important, so much so that even Microsoft has created a guide to help users set up their wireless networks.
Fighting and defending against computer viruses is one of the largest challenges facing businesses and individuals in the IT world of today. To guard against this, most people have anti-virus software installed on their computers. However, even though you have anti-virus software installed, how can you be certain that the policy-files are the ones your anti-virus supplier has supplied? What is done by the different developers to secure the transfer of these files? What sort of knowledge and access would be needed to hack through the protection?
I’ve asked these questions to a few of the leaders in anti-virus software development. Only two answered my questions; here’s what they said: