Posts Tagged ‘access’
Airport Security
In a post by news.com.au, an airport in Australia has made a major breach of their security and restricted area. Take a gander at the following image:
Credit: news.com.au
The note read: “Gate Access Code,” revealed the code and advised people to “please touch pad softly” and “remember code to re-enter.”
The pin was changed after it was posted on the Internet, and the airport security is stating the following:
Dubbo City Council corporate development director Megan Dixon said the access code was changed on Tuesday after the airport was made aware of the potential for a security breach.
She said the PIN code was signposted on the gate to allow “itinerant airport workers who have security clearance to use this gate.”
I surely hope that airport security in the United States is not taken this lightly. Come on people, get with the times. There are people out there that want to do major traffic flows harm…and we’ve seen it numerous times in airports already. Why would this even be acceptable to any airport worker? Better get your act together before it’s too late.
Hacker Disables Cars Remotely
Originally posted by Wired
More than 100 drivers in Austin, Texas found their cars disabled or the horns honking out of control, after an intruder ran amok in a web-based vehicle-immobilization system normally used to get the attention of consumers delinquent in their auto payments.
Read More http://www.wired.com/threatlevel/2010/03/hacker-bricks-cars/#ixzz0iXfLGh18
Omar Ramos-Lopez was arrested by police and was a former worker at the Austin Auto Center. He was laid off and was seeking revenge…so he hacked into cars and either disabled them or made them do odd things.
Texas Auto Center’s manager, Martin Garcia, stated: “We started having a rash of up to a hundred customers at one time complaining. Some customers complained of the horns going off in the middle of the night. The only option they had was to remove the battery.”
The dealership used a system called Webtech Plus as an alternative to repossessing vehicles that haven’t been paid for. Operated by Cleveland-based Pay Technologies, the system lets car dealers install a small black box under vehicle dashboards that responds to commands issued through a central website, and relayed over a wireless pager network. The dealer can disable a car’s ignition system, or trigger the horn to begin honking, as a reminder that a payment is due. The system will not stop a running vehicle.
Read More http://www.wired.com/threatlevel/2010/03/hacker-bricks-cars/#ixzz0iXg8mj3m
Garcia says that Ramos-Lopez’s network account was disabled and that he was good with computers.
More on immobilization of cars:
First rolled out about 10 years ago, remote immobilization systems are a controversial answer to delinquent car payments, with critics voicing concerns that debtors could suffer needless humiliation, or find themselves stranded during an emergency. Proponents say the systems let financers extend credit to consumers who might otherwise be ineligible for an auto loan.
Read More http://www.wired.com/threatlevel/2010/03/hacker-bricks-cars/#ixzz0iXgggWPb
Secure Your Internet Wi-Fi
Most Internet Service Providers send along a built in wireless router with their modems when you order a new Internet subscription. Or maybe you need to connect two computers to one Internet connection and you buy a router. Most of the time, these new router or router/modem combos have unencrypted wifi upon installation. First, let’s discuss why this is bad to have an unencrypted SSID or wifi connection:
- Anyone in the area of the router can connect to your router and use your Internet and have access to all your network resources.
- If people other than you have access to your Internet they can do the following:
- Sniff your packets and gather login information for websites and even crack your passwords
- Use your network to pirate movies, music or TV shows without getting caught
- Slow your network down
- Ban you from your own network
- Infect insecure computers with malware
So, now do you see why it’s VERY important to encrypt your router with a password?
There are many ways to do this on a router…to make it secure. There is an old fashioned WEP key encryption, which is NOT recommended. WEP can be cracked very easily. Just to test out its strength, I created my own WEP network and was able to crack the WEP key within ten minutes. So, DO NOT go the WEP route. Instead, chose the more secure and less crackable WPA method. WPA is also better because you can specify any password over 8 characters, rather than having a 64bit key in WEP.
To set up WPA, open your router control panel, usually located at http://192.168.1.1 or http://192.168.0.1. If you have not set up your router before, the username and password are usually “admin” for both fields. However, this is not always the case, so consult your router documentation for more.
Next, find Wireless settings and turn wireless access points on. The SSID is the name of your network. For this example, I will use tylersmiller as my SSID. Save those settings and then find Wireless Security. On this page, select WPA Personal encryption method and create a password. Any characters, numbers and symbols work. My WIFI password is over 40 characters…so make it secure!
Next, save those settings and head to your nearest laptop or wireless device. Scan for wireless networks and find your SSID or tylersmiller in my case. Enter the password you chose and now, you are browsing securely and only people with that specific password can access your network.
This is a brief overview of wireless network security, I have a wealth of information on network security, and would be glad to share it with you free of charge. If you have questions, comment on this post, email me or contact me on Twitter.
Be well.
TSA Hacking
The TSA has discovered an internal breach of security, according to Wired.com.
A former Transportation Security Administration contractor is being charged in Colorado for allegedly injecting malicious code into a government network used for screening airport security workers and others.
The code that was input into the system was a logic bomb, programmed to go off at a certain time and date. Either deleting data or deeming servers unusable at that specified time. More information on the hacker and the system he infected.
Douglas James Duchak, 46, had worked as a data analyst at the TSA’s Colorado Springs Operations Center, or CSOC, since 2004. The CSOC is used to vet people who have “access to sensitive information and secure areas of the nation’s transportation network,” according to the indictment. A source involved in the case said this involved screening of both passengers and workers at airports and other transportation facilities.
Duchak’s job was to update the CSOC database as new information arrived from these two sources. But on Oct. 15, he was given two weeks’ notice that his job would be terminated.
The man pleaded not guilty and was released on a $25,000 bond.
Duchak has been charged in the U.S. District of Colorado with two counts of attempting to cause damage to a protected computer. If convicted, he faces a possible prison sentence of 10 years and a $250,000 fine for each count.
David Lindsey is Duchak’s attorney and had the following statement:
“It wasn’t connected to anything that had to do with security,” Lindsey said. “Before anything he had his hands on left, it went to another system before it got into any live system that did screening. As I understand it, it is a system that does statistical analyses on the systems that are up and running. And when the tests are run, those are done at one level and then [go to] a second level and then at a final level before the analyses are verified and passed onto anything you would call a live system.”
I will keep you updated with new results on this TSA hacking.
Think government networks are insecure?
Think government networking should not be outsourced to a third party?
School Webcam Spying Continues
Two IT employees at Pennsylvania’s Lower Merion School District have been put on administrative leave, and pictures taken from Webcams on school-issued computers have been turned over to the local police department, according to the attorney of one of the employees now on leave.
I have posted numerous times on the school spying incident, and if you are not clued in, check these posts out:
http://www.tylersmiller.com/fbi-webcam-spying-continued/
http://www.tylersmiller.com/school-webcams-fbi-involved/
http://www.tylersmiller.com/school-spying/
Alright, after doing that and getting caught up, lets move on to the new information released.
The IT Staff said that it was their job to turn on the webcam and monitor who had the laptop. They said that every fifteen minutes the laptop would snap a picture of who had it…to track where it was and if it was in the wrong hands.
Every time a tracking device was activated, it was activated at the request of an administrator or another IT person. The district has admitted activating the Webcam tracking system 42 times.
The school has stopped using the software and has removed the ability all together to remotely activate the webcam. So, good move on their end…too bad its a little too late.
I plan to keep my readers up to date with more information on this. My school district is adopting the 1:1 Laptop program, and I am interested in this completely. Your thoughts on webcam spying and 1:1 Laptops in school…
Original Post: CNET
Video: TrueCrypt
Tracking a Stolen Laptop
Most of us have laptops and we carry a lot of valuable data on them. If we lost the laptop or even had it stolen, a lot of things could go wrong. 1) We would be without a laptop. 2) All our data is available to anyone who has the laptop. 3) We don’t know where it is.
There are plenty of software makers that have developed software to assist you in recovering a stolen or lost laptop. I hope that never happens to you, but it is always better to be prepared.
The software I am going to be talking about is totally free. So, I recommend installing one of these two products.
The first one is The Laptop Lock. This was my first program I used to install on laptops and it is very easy and simple to use. You make an account, download software and link the two. Within the program on your computer, you can specify any files you want to be deleted or even encrypted if you report the laptop as missing. Speaking of that, to report a laptop as missing, you log into the website and tell it that it was stolen or lost. And whenever the computer connects to the Internet, a signal is sent and the computer starts doing what it’s told…encryption or deleting of files.
The other software is called Project Prey. I currently use this program because it offers many other options than that of The Laptop Lock. This program also has a back end to program how you want the software portion to work. Looking at that, you can see which files were modified, trace where the computer is, get a screenshot of the screen and even take a picture from the built in webcam when you activate if the laptop is stolen. Far more options in this program. Especially if you can see what and who has the laptop.
Check out these programs, and if you have any more questions on either of these, comment and let me know.
Have you used these programs or ever had a laptop stolen? Comment below.
As a reminder, we are planning on having The Way It Should Be podcast Episode 2 released tomorrow. If you have not listened to the first one, go here and check it out. News, politics and technology.
Facebook Unblocked at Pentagon
In a recent news release, the Pentagon and Department of Defense are lifting bans on social networking websites. So, Facebook, YouTube, Twitter, etc will be accessible in the insecure networks of the DoD computers. Any computers or networks containing sensitive or classified information will continue to block most of the web.
Is this a good idea? I still have not decided if it’s a good idea. Allowing employees of the DoD to access social networking at work, especially in the government, might not be the best of practices. Loads of viruses are being released on Twitter and Facebook, and now the government buildings have access to those viruses potentially accessing their system. Even though it’s not their secure network, a worm could work it’s way into the secure network. Flash drives may still be banned at the Pentagon and other places, but what’s to say a single employee doesn’t follow that rule? Then government secrets could be compromised. It would not be the first time the government has been hacked.
I think social networks should continue to be blocked for the average employee in these buildings, but allowed only for the right personnel. A webmaster for www.defense.gov, for example, would have social networking access for updating Facebook fans and Twitter followers on new or upcoming changes and announcements.
What are your thoughts on letting government buildings access social media sites?
Original post by CNET[ad#widget1]
Microsoft Defeats Botnets
Microsoft has taken a stand and won a court approval to bring down 277 domains that operate botnets. These 277 domains are said to be able to control over 90,000 computers over the Internet. What is botnet? This diagram was written in the BBC News article, and explains it very well.
Credit: BBC News
Basically your computer has been compromised by some type of malware you installed or downloaded without knowing it. The hacker on the other end can group together many computers and start spamming other people through your computer and Internet connection. There are over 90,000 computers infected…which means one of them could be yours. I recommend reinstalling your operating system, or running an anti-virus program and making sure your system is clean. If your machine has been compromised…change all passwords to everything including Facebook, online banking, email, etc.
It’s good Microsoft is taking a stand on this and trying to combat the spammers and hackers in the world. And its good that the courts are backing them on this operation and hopefully something even better will come of this.
FBI Webcam Spying Continued
Original post: http://hothardware.com/News/FBI-Investigating-High-Schools-Alleged-Webcam-Spying/
Last November, Lower Merion School District student Blake J. Robbins was called to task by Vice Principal Lindy Matsko principal’s office for allegedly engaging in improper behavior. The bombshell is that Robbins wasn’t accused of doing anything on school grounds or even during the school day, but had done his naughty needs in his own home. As evidence, Matsko cited a photo taken by Robbin’s webcam without his knowledge or consent. Blake’s parents contacted the Vice Principal, who confirmed that the school district had installed remote monitoring software that allowed it to activate the webcam of any of the Macbooks it provided to its 1800 students. Neither parents nor students were ever notified that this feature existed, nor were they provided with information on the school’s remote monitoring policy.
In the wake of the incident, both the FBI and the DA of Montgomery County have announced they’ll investigate to determine if privacy laws or federal regulations on remote wiretapping were violated through the school’s actions. According to district spokesperson Doug Young, the school is vaguely aware it made a booboo. “”There was no specific notification given that described the security feature,” Young said. “That… was a significant mistake.”
As for the improper behavior itself, the family’s attorney has stated that Blake was eating Mike and Ike’s candy while using the computer.
I really wonder what is going to come of this case. I am guessing the school will be at fault and either have to uninstall the remote software or do away with laptops all together. Obviously there will be new policies in place, and I hope new access control to determine who can view and operate computers remotely. If the school continues to allow remote software, then the remote software should only be employed while the student is in school and deactivated while outside of the building. This is privacy invasion and it should not be tolerated.
School Webcams – FBI Involved
Here is an updated story from CNET on the case involving the school district that had been accused of using remote webcam technology to spy on students at home. CNET Article.
Quotes from the article:
The district said in a statement that the “security feature was installed to help locate a laptop in the event it was reported lost, missing or stolen so that the laptop could be returned to the student.” The district further explained that “upon a report of a suspected lost, stolen or missing laptop, the feature was activated by the district’s security and technology departments. The tracking-security feature was limited to taking a still image of the operator and the operator’s screen.” The district claims it has “not used the tracking feature or Webcam for any other purpose or in any other manner whatsoever.”
Subsequently, district Superintendent of Schools Christopher W. McGinley sent a letter to parents saying that the security tracking feature is being disabled and that there will be “a thorough review of the existing policies for student laptop use” and a “review of security procedures to help safeguard the protection of privacy, including a review of the instances in which the security software was activated.”
In the mean time, the Associated Press is reporting that the FBI is investigating the district and “will explore whether Lower Merion School District officials broke any federal wiretap or computer-intrusion laws,” according to an unnamed official who spoke to the AP.
Your continued thoughts on this?
Should software this powerful be installed on students laptops?
Passwords
The Internet is crawling with people trying to steal your identity and one line of defense is creating secure passwords. A recent post on www.eu.com shows how insecure the average persons password really is. Here is the diagram:
The best way to have very secure passwords is to randomly generate them. I use PCTool’s free service, located here: http://www.pctools.com/guides/password/
The most common used passwords are: 1. 123456, 2. 12345, 3. 123456789, 4. Password, 5. iloveyou, 6. princess, 7. rockyou, 8. 1234567, 9. 12345678, 10. abc123
These passwords are horrible and the first thing tried when trying to break an account of any type. Random passwords are the best option, as shown above. You really need a mix of characters, numbers and symbols. Most people resort to their pet names, SSN, house address, phone number, license place number, and the list goes on and on. That is not the best practice for security!
Also, you should have different passwords for every site you use. If you have the same password on your Gmail, Facebook, Blog, Twitter and MySpace, then if someone guesses that one password, they have access to all of your online life. Creating a different password for every site is most secure. To make things easy to remember, create a “master password” and add the site name to the end of it. For example, my master password may be “Tyl3r5m1LL3r.C0m” and if I wanted to use that same password on Facebook, I would add the following: “Tyl3r5m1LL3r.C0mFacebook”. That is a very secure password.
Give these practices a try, and let me know if you have trouble creating passwords. I have a lot of password experience in both creating and securing them.
Is your password secure? You might want to check!
Remote Access
In this post, I want to talk about remote computer access. There are a lot of options out there, and LogMeIn is the number one option that I use. LogMeIn is not only free, it is easy to use, easy to install and offers a great community that is very helpful and responsive.
Basically, lets say that you have a desktop computer and while on a business trip, you forget a PowerPoint presentation on the desktop computer. If you have LogMeIn installed on the desktop, you can use any computer with Internet access to securely access your desktop at home. Log into the LogMeIn control panel, and you are presented with all your online computers, click on one of them and you are off. LogMeIn is 256 AES encrypted and essentially requires two usernames and passwords to access a computer. Your original LogMeIn account login details should be different from your home desktop username and password, so it is very secure.
When you connect to a remote computer, you can do anything you would be able to do while sitting in front of the machine. You can type a Word document, design a PowerPoint, answer email or even use it as a VPN to surf securely if you are at an Internet cafe.
LogMeIn is a great free service and I recommend it for anyone needing to get to a computer while out and about and anyone who needs to provide free remote support to clients. I have LogMeIn installed on all my home machines, church machines and all my laptops. Every machine of mine is available to me at a moments notice. LogMeIn is amazing, and have I said free? Give it a try today!
Already use LogMeIn?! Let me know how you like their service!