Ramblings of an old Doc

 

Mobility and work as well as convenience considerations have encouraged most of us to get rid of the cables and use Wi-Fi to connect to and use the net. This has made us vulnerable to cyber criminals who can snoop and hack their way into our connections and steal personal, and financial data for their profit. The downside is the broadcasting…the image that comes to mind is turning a light on at night: It can be seen at a distance no matter where one stands.

TheWindowsClub published an article about this topic and how to fix your Public Wi-Fi and Home Network Wi-Fi vulnerabilities.

For Public Wi-Fi:

1. Make sure File and Printer sharing is turned off. (Right click on the Internet icon in System Tray and click on Open Network and Sharing settings. From there, go to Advanced Sharing settings and turn off File and printer sharing.

2. NEVER use one for working on confidential information, be it financial or work related.

3. If you HAVE to use a website which needs information such as your Social Security number, Medicare number, or credit/debit card information, use a VPN service (some are better than others) and realize that as with software, “free” VPNs are generally weaker than “paid services”. The article’s author recommended “SpotFlux”. I recommend doing some research and deciding for yourself.

For Home Wi-Fi

1. Turn off WPS (WiFi Protected Setup). Open the router setup page. You can find out how to do that on the router’s manufacturer’s website. If you’re confident, browse the tabs in the router’s setup page.

2. Use a strong password, using random strings of characters. You can write it down and keep it somewhere safe.

3. Check the security protocol: It should be WPA2 (some call it WPA/WPA2), and it’s available in the router configuration page.

4. If you’re on W10, turn off WiFi Sense.

These steps should reduce the chances of getting hacked, but they won’t eliminate them all.

If you have additional suggestions, please add them in your comments.

Source:

http://www.thewindowsclub.com/public-home-wifi-networks-vulnerabilities


Comments (Page 1)
2 Pages1 2 
on Nov 07, 2015

Most retailers and sites wanting confidential data (SSN, debit card etc) say its a secure connection. Am I missing something?  Or is using a VPN additional 'protection' needed because of the wifi?

on Nov 07, 2015

There are 2 things to consider, R' Elana:

1. The connection to the net: Is it secure? In a Public WiFi site, it is not - therefore the VPN.

2. The site requesting: Is it https or not?

 

This article is about making your connection secure: On public WiFi (such as coffee houses, hotels, airports, etc.) the connection is not secure, and anything you send up to the "secure site" is able to be intercepted by anyone along the way.

Here's a diagram I made for you (Photoshop is your friend )...

on Nov 07, 2015

Thanks, toda raba, I'm a visual learner and the image sums it all up very nicely. As long as my modem w wifi has encryption/password (it does) I don't need to ass VPN.  cool.  :0

on Nov 07, 2015

As long as you're talking about "home"? You might need a VPN. Why? Because from your device (whichever you might use) to your router is no different really from the public network situation. Think about it. 

Any mobile device you might use to access a public network (phone, tablet, laptop) would need VPN should you decide to transmit credit/debit card info, etc., though.

on Nov 07, 2015

DrJBHL

As long as you're talking about "home"? You might need a VPN. Why? Because from your device (whichever you might use) to your router is no different really from the public network situation. Think about it. 

Any mobile device you might use to access a public network (phone, tablet, laptop) would need VPN should you decide to transmit credit/debit card info, etc., though.

 

But if all I use is the PC hooked to modem via an Ethernet port/cable - no use devices on wiifi?

on Nov 07, 2015

ElanaAhova

But if all I use is the PC hooked to modem via an Ethernet port/cable - no use devices on wiifi?

Then you're probably just fine.

on Nov 08, 2015

if you have wifi turned OFF

harpo the ghost NON-subscriber

on Nov 08, 2015


 2. Use a strong password, using random strings of characters. You can write it down and keep it somewhere safe.

 

Tbh, randomizing individual characters is a bit pointless - most decent rainbow tables will contain combinations using all the various character combinations possible to around the 10th power, so all you're really doing by randomizing is making it hard for humans to remember it rather than making it harder for computers to guess it. Microsoft Research have published a dozen or more papers outlining this over the last decade or so. Length is the only really important thing in passwords these days.

 

I advise my clients to make long passwords mirroring human sentence structures - so rather than '1lkafkliihu29f!', which is short enough to crack in a couple of days of offline dictionary bombardment but impossible for anyone to remember without writing down, I tell them to use the combination 'number adjective noun verb noun' - something like 'fiveangrychimpsdrinklemonade'. This is easy to remember, and far stronger than the random string - even though this password will be rejected as 'strong' by most websites for failing to include arbitrary random characters. 

 

Of course, it's still not going to stop an experienced pen tester with a full copy of Kali from getting in, but they're not likely to be trying to get on my home wifi.

on Nov 08, 2015

naselus

I tell them to use the combination 'number adjective noun verb noun' - something like 'fiveangrychimpsdrinklemonade'. This is easy to remember, and far stronger than the random string - even though this password will be rejected as 'strong' by most websites for failing to include arbitrary random characters.

Decoding a text string is 26x26x26x...etc to the number of letters....made FAR EASIER to solve if common words are used.

A shorter string using alpha-numeric only is 36x36x36x to the length...

and add the 30 or so non alpha-numeric and you get 66x66x66x - to the length of the string...without the ease of logical vocabulary.

You can do the math...but WHEN a password is deemed 'strong' through the use of more than just the alphabet there is a very good reason...

on Nov 08, 2015

....and 'Microsoft Research'?  Please....those morons can't even release an OS that doesn't shit itself randomly.

If their 'research' was any good they wouldn't have released Windows 8.

on Nov 08, 2015

Will use this one.

on Nov 08, 2015



Quoting naselus,

I tell them to use the combination 'number adjective noun verb noun' - something like 'fiveangrychimpsdrinklemonade'. This is easy to remember, and far stronger than the random string - even though this password will be rejected as 'strong' by most websites for failing to include arbitrary random characters.



Decoding a text string is 26x26x26x...etc to the number of letters....made FAR EASIER to solve if common words are used.

A shorter string using alpha-numeric only is 36x36x36x to the length...

and add the 30 or so non alpha-numeric and you get 66x66x66x - to the length of the string...without the ease of logical vocabulary.

You can do the math...but WHEN a password is deemed 'strong' through the use of more than just the alphabet there is a very good reason...

 

A 'strong' password is pretty typically a number, a special character and 8 letters. That takes about 5 days to break on a reasonable laptop with a standard rainbow table that you can acquire anywhere. A 'weak' password of 20+ letters will take years to breach. The modern definition of a 'strong' password is a relic of the 90s; there's no strong password under 12 characters anymore (except maybe if you're using some crazy 1000+ character chinese keyboard), by which point you've exceeded people's ability to remember it and you end up with passwords taped to monitors and stored in plaintext on smartphones.

 

As to the relative merits of Microsoft Research... That's not the division responsible for the O/S. MS Research is the most cited computer research institution in the world, with a little under double the citations of Stanford (it's nearest rival), and roughly equal to IBM, Google and Intel combined ( http://academic.research.microsoft.com/RankList?entitytype=7&topdomainid=2&subdomainid=0&last=10&orderby=1 ). So I'm a little dubious over your valuation of their contribution to the field.

on Nov 08, 2015

The only difference re 'strong passwords' these days is the processing power of the cracking computer.

Your password 'phrase' can be cracked with deductive logic and an understanding of vocabulary.  The 'processing power' isn't even needed.

Remember 'password' isn't, yet it's in theory 26 to the 8th - 'crackable' by a moron in an instant.

DrJBHL posted a link at one time to a site that could test your passwords...and demonstrated exactly how poor a text/phrase pass actually is.

 

66 to the 8th is significantly higher than 26 to the 8th..... has 8 'symbols' and is thus as simple to learn to remember as 8 alphabetical.

 

Re MS Research...why did they NOT 'research' the likelihood of acceptance of the introduction of Win 8 ?

Too busy doing esoteric bullshit? ...

on Nov 08, 2015


....and 'Microsoft Research'?  Please....those morons can't even release an OS that doesn't shit itself randomly.

If their 'research' was any good they wouldn't have released Windows 8.
OR windows ME

harpo the ghost NON-subscriber

2 Pages1 2