E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Professional Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by:
Bennett Gold LLP, Chartered Professional Accountants


SPECIAL NOTE TO ALL VISITORS:
Effective December 31 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering notable e-commerce news articles from the period 1999 to 2012.


WIFI CAN LEAVE USERS EXPOSED

Source: San Jose Mercury News

Posted on October 8, 2007

      Taking out the garbage one night, I noticed a woman sitting in a sport-utility vehicle in front of my house. Her face was lit by the white glow of a laptop. Odd, I thought. I went up to her and tapped on her window and asked her what she was doing. She said she was waiting for her husband to return from walking the dog and that she lived in a house a couple of doors away.

      "Oh, I thought you were stealing my WiFi connection," I said, referring to my wireless high-speed Internet connection.

      I went back inside, then realized her story didn't make sense. I went back out, and she was gone. There was no SUV at the house where she had pointed, and never had been. So I think she was piggybacking on my WiFi, or someone else's.

      That's one of the hazards of WiFi networks. The woman in the SUV might have taken a lot of things that are important to me - in my computers - without ever stepping inside my house. Our networks leak out of our houses and the problem is only getting worse as most new WiFi products use the long-range 802.11n wireless network standard that the industry recently adopted.

      I have a new "n" router, a Netgear WNR854T RangeMax Next Wireless Router, that gives me broadband at any part of my house, including my back yard and garage. But the downside is that the radius of my network is now extended three or four times farther than the 50-meter range of my old WiFi 802.11g network. That distance is far enough for my neighbors or anyone else outside to piggyback on my WiFi, allowing them to use laptops to access the Internet for free while I pay for it.

      Left unsecure, this unintentional extension of WiFi bubbles beyond property borders can exacerbate family problems. One family I know had a problem with its neighbor's WiFi. The family had a rule that the 15-year-old son wasn't allowed to use the Internet past a certain time. They shut down the computer network at night. But the boy simply hopped on the neighbor's unprotected network instead. To parents, the neighbor's WiFi is essentially pollution.

      The security issues are much worse with unprotected public WiFi and WiFi in coffee shops sprouting everywhere. Competent hackers can use "sniffers" to collect and analyze all of the data traffic going back and forth over a compromised WiFi network.

      "It's absolutely crazy," says Jeff Moss, security expert and organizer of the Black Hat security conference. "The WiFi infrastructure is insecure, but the public awareness isn't there."

      It is a simple matter to set a security password for your WiFi network. My Netgear router came with software on a CD that explained how to set up a password using the wired equivalent privacy, or WEP. Any password should have capital letters and numbers and be at least 10 characters long.

      But people shouldn't use WEP anymore, says Robert Graham, security consultant and CEO of Errata Security in Atlanta.

      Just ask TJX, the owner of various retailers that lost a lot of customer information to hackers who broke into its computers via WEP- protected WiFi. The problem is that a lot of old laptops, printers and other gear work only with WEP security. Most router companies give consumers a choice for the kind security they use.

      Home users with newer equipment should use a variant of the WiFi Protected Access protocol, or WPA2, which is more secure than WEP, says David Henry, product marketing manager at Netgear. Most new home routers in the past two years come with procedures for setting up WPA2 security. Some equipment vendors also enable users to download software updates that allow older equipment to use WPA2 security. Even so, as easy as it is to set up, about 20 percent to 30 percent of people don't bother to set up any password protection, Henry says.

      That's a big mistake. At the recent Black Hat convention in Las Vegas in August, Graham showed how he could easily break into WiFi networks in public places and even break the security for Google's Gmail. He could read the e-mails of anyone logging into Gmail, in fact, even though he didn't have their logins and passwords. He could do the same for many other sites.

      He advises people to be vary wary about using WiFi in hotels or conferences, where the odds are strong that someone is looking over your shoulder. "It's just too dangerous to use," he says.

      Google says that over time it will shift to a more-protected login process as its default for those logging into Gmail. Currently you can log into Gmail in a secure way if you type https://www.gmail.com instead of just www.gmail.com.

      If you're really worried about it, visit www.wifialliance.org for more information. Meanwhile, watch out for those WiFi bandits parked outside your house.




CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.


ALERT
ARCHIVES
Final Entries
2012
2011
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
2000
1999


LINK TO: Bennett Gold, Chartered Professional Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Against
Privacy Breaches.

Get WebTrust
Working For
Your Site.