In computers we trust.
But the funny thing is, we shouldn’t. We really really shouldn’t.
So what’s the latest in security news to remind us how insecure computers can be? Right. Let’s get crackin’…
Gone in 60 Seconds, WPA Key On A Silver Platter:
To start with, let’s hear it for wireless networking! Never has hacking been easier. You don’t even need to connect a wire. Often, you don’t even need to be in the building. Just drive by, park nearby, walk along with a laptop, whatever your evil little heart desires, and you can begin the computer equivalent of breaking and entering at your convenience with no real worry of strange looks or calls to security. That in itself makes wireless networking so very dangerous. But then there’s the encryption protocols…
The absolute worst, most rubbish ever to use, would be WEP. Don’t even touch it. If you think you’re secure using WEP you might as well just not even bother trying. Now WPA was at least better. Key word here however is “was”. As in past-tense. Yes, that’s right. A system of hacking WPA was developed by Toshihiro Ohigashi of Hiroshima University and Masakatu Morii of Kobe University that is based on the established Becks-Tews method and can hack WPA in as little as one single minute. Yes. Sixty seconds or less and your WPA key is handed over on a silver platter. This is of news because one of the formerly best hacks of WPA, the aforementioned Becks-Tews method, takes more than ten minutes. You can look deeper into these methods if you care to, but the simple point is WPA is dead to us. As dead as WEP. Now the minimum to be secure wirelessly is WPA2. Which, being old itself, you should have been using already anyway.
Hot List – Snow Leopard Insecurities:
So you just upgraded your Mac to Snow Leopard, Apple’s latest Mac OS X. Congratulations! But did you know that Show Leopard comes with an older version of Adobe Flash? Yes, that’s right. Even if you had upgraded to the latest and safest version from Adobe before (which would be 10.0.32.18 at the time of writing), you’re downgraded now. Back to version 10.0.23.1. And that means exposure to old exploits and attacks on your shiny new and “secure” Mac. All without a hint of warning from Apple. Isn’t that nice of them? So if you upgraded to Snow Leopard, be sure that one of the first things that you do is update your Adobe Flash … again.
But that’s not all. Oh no. Apple’s far too unconcerned with security for that. Apple has kindly included malware protection built in to Snow Leopard. (Why is it when Microsoft does this, it’s anticompetitive, but when anyone else does it, it’s heralded as genius?) Which you’d think is good. Bundled protection means more people are safe. If you download and install some Big Nasty Snow Leopard pops up a warning and recommends that you toss it in the Trash before it harms your computer. How nice. It sounds good, except that so far Apple’s protection is very … limited. It hardly identifies any baddies at all. And this is the problem, because it lulls you into a false feeling of security. You’re protected, right? Wrong! So until Apple does a much better job of identifying malware it is highly suggested that you also install your own protection software.
Microsoft IE – Something Rotten in Denmark England:
And speaking of Microsoft and bundling, Microsoft’s SmartScreen Filter, built/bundled into Internet Explorer 7 and 8, has decided to protect a lot of folks from those dangerous blokes across the pond by blacklisting every uk.com top level domain! Um, come again? Yes, that’s right. To protect you from phishing attacks, IE blocks Blighty. As one would imagine, this has caused a great deal of problems and phone calls from concerned web surfers over there. Of course Microsoft fixed things fairly quickly. After all, blacklisting entire countries on a whim is kind of bad press. But it just goes to show, sometimes “security” works as much against you as it does for you.
O2- Something Else Rotten in Denmark England:
Customers of O2, a British internet service provider, may want to disconnect. O2 has been handing their customers faulty routers. The O2 Wireless Box II (a rebranded Thomson TG585) and the O2 Wireless Box III (a rebranded Thomson TG585n) are vulnerable to cross-site request forgery (CSRF) attacks, allowing pretty much anyone to easily log into your router itself, at will, no questions asked. This in turn lets them steal your encryption key, even if you use WPA2, and do all sorts of other not-so-nice things to your computer. Needless to say, this is bad. But after badgering O2 about it, security champion Paul Mutton has finally convinced O2 that it actually is a problem. And O2 has promised to look into it and remedy as necessary. If you’re an O2 customer, make sure you keep on top of this, as at-will hijacking of your router is A Bad Thing.
World of Warcraft – Gone Phishing Again?:
Yes, same as always then. The official Blizzard WoW forums are being used to distribute malware to steal your passwords, blah blah blah. If you play World of Warcraft and have somehow not heard of all of the phishing and malware trying to steal your account information so that hackers can sell your loot for real money, then you must be oblivious. To everyone else, same s___, different day. This latest phish is pretending to offer you exclusive access to a new service. Just click on their invitation, bend over, and take it from behind. I guess these things must work, because hackers keep doing them. But honestly, if there isn’t a group of people that should be extremely aware of security by now… Welcome to the World of Phishcraft.
What’s This? Good News? Google Polishes Chrome:
Well, that’s it for now. Be wary. Be safe.