Hack Wifi in Your Spare Time

Learn how computer hacking is done so you can defend against it. http://freehowtohackwifi.com

Archive for the tag “Data security”

Who Should be Held Accountable for the Rash of Database Security Breaches?

Attacks and compromises on databases have risen at an alarming rate over the past several years. Sony, LinkedIn, eHarmony, and Yahoo are just a small example of organizations having suffered from these high-profile attacks. The attackers themselves have moved from techniques such as SQL Injection to more advanced means of breaking a database and dumping the contents within for all to see. You can find plenty of more examples on my website.

hacking attacks

There needs to be a clear chain of custody as to who is responsible for safe guarding databases and the information they contain. In my opinion, the IT staff responsible for the databases should be held accountable because they should be knowledgeable enough to choose products that are known for being secure. At the very least, the staff and database administrators must be proficient with patching vulnerabilities present in existing databases.

The government should consider funding money for private organizations to join together and create more standards for data security, similar to standards enacted by like the Consumer Product Safety Commission and the FDA. Laws could then hold these companies accountable. Periodic security audits would hold them to these new safety standards.

If data is breached, an organization should be bound to notify its customer base. Withholding information of a break-in could be construed as obstruction or even collusion in court by crafty lawyers. It is best for an organization to admit a data breach up front and on the record. At that point, we can all collectively move closer to a more secure, and accountable future where computers are gaining even more information about us.

Advertisements

OpEd – Would I Connect to an Insecure Wireless Network?

wifi hackWireless networks are tricky to deal with because, even if they are secured with a preshared key, they do a poor job of providing non repudiation to the network’s owner. It is extremely easy for someone to crack a WEP key (and many times it is easy to crack a WPA1/WPA2 preshared key as well, provided the password is a dictionary-based.) Once this is finished, the attacker can use the wireless network as a digital beachhead of sorts, and launch further attacks. If forensics experts ever get involved, the trail leads back to the wireless network itself. By then, the attacking node has moved on and long gone. Always remember that its trivial for anyone to learn how to hack WiFi.

Would I connect to an unsecured wireless network? Or, would I use a neighbor’s unsecured WiFi? I have done this in the past, but I do not any longer. Honestly, my reasoning is not so much for moral reasons but rather my own self-preservation. Personally, I feel that the responsibility is on the WiFi owner to secure their network. (Breaking an encrypted network is a different story altogether, and one that I do hold a moral compass for.) There are countless open source tools that allow an attacker to sniff, redirect, and modify in transit data as it goes across the air. Weaponized programs such as sslstrip allow someone with minimal computer skills to strip out the SSL encryption used in banking, email, and social networking login forms. Thus, https://gmail.com becomes http://gmail.com, and most laymen don’t pay attention to the address bar the way I do now. Unsecured networks offer no substantial proof that your data will be secure and intact.

wifi hack

What would I do if I found out that someone was using my wireless home network? Firstly, this would not happen because I secure my home WLAN using enterprise encryption (the AES-256 algorithm authenticated to a RADIUS server.) In addition, I use MAC filtering and an IDS in a layered approach to security. (I’m paranoid) However, in the context of the question, if I were to find someone using my WiFi network, I would first set up wireshark or tcpdump and try to determine  the user and what they were using the network for. Piggybacking a wireless network to stream Netflix is one thing. Doing the same to download child pornography is something else entirely.

Passing laws policing the internet sets a dangerous precedent. Obviously, we need laws that will punish those that break an encrypted network, but I do not think punishing WiFi network owners is a good idea (even if they chose to leave it open.) A better solution would be to pressure WAP manufactures to implement out-of-the-box WPA2 encryption using a random, alphanumeric password. WAP manufacturers should stop setting default passwords that are the same across an entire product line. Manufactures could also set complexity requirements for the WAP password. This would cut down on the effectiveness of wireless cracking tools like cowpatty or aircrack. You will never eliminate  threats such as these entirely. A determined attacker will always find away in (perhaps leveraging some sort of social engineering attack to get the owner to divulge the key) and no system is 100% secure. But passing broad laws is not going to help here. Education, and better product security should be the way forward.

Post Navigation