Helpful Computer News to keep your computer up and running. Provided by Beacon Technology Solutions LLC. Serving Metro Detroit.

Archive for November, 2010

Happy Thanksgiving Everyone!!

I want to wish everyone a Happy Thanksgiving!!!

Wifi Hotspots No Longer Secure (FireSheep)

Unless they turn on WPA encryption and make you enter a simple password at a wireless hotspot (Like Starbucks, Biggby), it could happen to you. Firesheep makes session hijacking easy for the novice. So the chances of it happening to you are high. I just checked to see how many people downloaded FireSheep while I type this blog post. FireSheep has been downloaded 742,072 times. Now, how many of those are just toying with it to see how it works or testing it out live spying on people and ones using it to post bad things on someone’s Facebook or Twitter account?

More Info: Firesheep In Wolves’ Clothing: Extension Lets You Hack Into Twitter, Facebook Accounts Easily

Tools to help:

  • Firefox This is needed for the plugins below. I highly suggest using Firefox while at a hotspot.
  • BlackSheep Will tell you if anyone is using it on the wireless network you are connected too.
  • HTTPS Everywhere This will ensure you are connected securely (HTTPS) on common sites.
  • Force-TLS This will force HTTPS, but you will have to manually add the websites. How To Configure.
  • Google Chrome plug-in: KB SSL Enforcer

VPN Services (VPN, or Virtual Private Networks creates a secure connection between your computer and the VPN server. This means your Internet traffic goes over the Wifi securely to this VPN server, then out on the Internet. Then the requests come back the same way. You do not need to worry about the above if you use one of these, but most are paid services or you need to setup the VPN connection to a home pc which you must leave on.

  • HotSpot Shield There is a free and paid version. Just remember to sign in to it when you are using a public Wifi hotspot. It works, a little slow and puts anoying ads at the top of websites. Besides their big ad, you have the websites and it takes alot of space and scrolling. (This is the only one I tested.)
  • TrustConnect A pay service I have not tried. Company is reputable.
  • WiTopia – Paid
  • HotSpotVPN – Paid
  • PacketiX.net – Free
  • UltraVPN – Free France VPN service.
  • CyberGhost – Free VPN service from Germany which routes you through a German IP. The free service is limited to 10GB traffic every month, which is more than enough for surfing on websites, chatting and email.
  • TorVPN – Free VPN access is restricted to 1GB per month and works on Windows, Mac, iPhone & iPad.
  • SecurityKISS – Free VPN Service
  • Your-Freedom – The free service lets you use it for 6 hours a day (up to 15 hours a week). Windows, Mac & Linux platforms are supported.
  • OpenVPN This one you setup to use your own PC as a VPN. No costs here and no potential privacy issues. Other downside, you leave your PC at home on all the time wasting electricity when you are not using it.

Podcast:

  • Security Now #272 Here Steve Gibson, well known in computer security, talk about it with Leo Laporte. Transcripts also available.

During the podcast, they were concerned about someone’s password could be changed on Facebook. Then the other said, no because you would have to know the current one before changing it. Well, I think it could happen and here is how:

  1. User Logs into Facebook or other social networking site.
  2. Someone uses FireSheep and are in.
  3. User logs into e-mail account.
  4. The same person uses Firesheep and are in.
  5. The bad person logs off of Facebook
  6. Requests a forgot password
  7. Waits for e-mail.
  8. Clicks on link to reset password in e-mail.
  9. Deletes the e-mail in hopes user does not see it.
  10. Continues on with resetting password.
  11. Logs back in to Facebook

Now the poor users Facebook account is stolen can now pretend to be that someone and / or demand ransom…

I tested the following services I have an account with to see if they support HTTPS.

Webmail with HTTPS:

  • Google Gmail – All the time.
  • Windows Live Hotmail – Off by default. Can login by typing HTTPS or turning it permanently on in the settings.

Webmail without HTTPS: I added S to HTTP and got error messages.

  • Comcast (The largest cable Internet provider in the US)
  • Yahoo Mail
  • AOL /AIM