Blog Archives

When Making a Wi-Fi connection …

Some great advice and tips to follow when connecting your computer via Wi-Fi.

It’s a good idea to connect to public networks that require passwords when possible, as they tend to be more secure. Many public networks have a legal disclaimer stating network use and security. It pays to read these before connecting.

Turn Wi-Fi off We don’t mean you should turn your Wi-Fi off permanently, rather, when you’re not using your device, or are connected to another network, e.g., mobile data, turn your Wi-Fi connection off. If you have Wi-Fi on while connected to another network, your device can and will actively search for networks to connect to and often connect to an unsecure network, unintentionally exposing your information.

Use HTTPS when possible HTTPS stands for Hypertext Transfer Protocol with Secure Sockets Layer SSL. In layman’s terms this is a website that has been built with security of user’s data in mind. Many popular websites have a HTTPS version that can be accessed by typing in https://www.sitename.com. Using HTTPS makes websites a lot harder to hack, and it’s a good idea to get into the habit of using them when on a public network or connected to Wi-Fi outside of the office.

Use data not public hotspots Hotspots are public Wi-Fi connections usually provided by a company e.g., many coffee shops have Wi-Fi, this is a hotspot. These can be unsafe, so it’s much better to invest in a data connection for your device, or a mobile Internet stick, which are considerably safer as the data is encrypted before it’s transferred from the cell tower to your device.

Use a VPN A Virtual Private Network – VPN – connects multiple computers in different locations to the same network via the Internet. Many companies use this to connect and share data with satellite offices, as the data is encrypted and secure. The main benefit to VPNs is that you can connect to a public Wi-Fi network, and transfer data securely using the network’s bandwidth. Many businesses use some form of VPN, which makes it easy for you to keep your business data secure while out of the office.

There are also VPNs that allow you to securely access the Internet via a public Wi-Fi connection, while encrypting all data sent and making your computer anonymous.

Source: Beware when connecting to Wi-Fi – Wausau, Eau Claire, Green Bay | Network Solutions of Wisconsin.

The key is to make it as difficult as possible for someone to hack into your computer.

Using SSL to detect …

a hacking proxy.

There are several different ways for MITM/hacking proxies to handle SSL. They can create a self signed root cert that the attacker/user accepts once, they can do a per site snake oil cert, or they can simply downgrade the attacker/user to HTTP (a la Moxie’s sslstrip). Any of those work, and it’s kind of a matter of preference and circumstance as to which is better. But what if I’m running a site and I want to see if the user coming in is using a hacking proxy? There’s a few techniques to do that.

First of all there’s really not all that much you can do within SSL itself to create more than binary options (there are some exceptions to that rule, and I’ll post about that later) but those binary options are actually just enough. Let’s say I have several sites. One of which is a banking site. The others just have something as simple as a tracking pixel on them. Firstly, the time difference between when the user pulls the SSL certificate and actually instantiates the site might indicate whether they are going directly to the site or if they had to take some time to accept a self signed-per site certificate (a la Burp Suite).

Now if the MITM proxy uses a standard root signing certificate one of those sites with the tracking pixels on them can use the same standard root signing certificate (since it’s sitting right there in the tool and can probably easily be ripped out and re-tasked to be used on the banking’s tracking pixel site) to sign it’s own SSL session. If the user pulls it down anyway, even with the mis-match error, you know they are either using or have used that particular MITM proxy. (Source: Detecting MITM/Hacking Proxies via SSL – ha.ckers)

A very informative article for IT security personnel, go to the source for the whole thing.

Reblog this post [with Zemanta]
%d bloggers like this: