Malta Info Security

I am pretty sure that there are a number of you out there reading this blog over a wireless network. Given that wireless is so widely distributed these days, its not uncommon that users are unaware of how insecure their wireless setup maybe.

Unfortunately one other reality is that a number of ISP's install wireless modems without setting up any sort of security. What's worse is that if the client doesn't speak up - they don't quite advise the customer of what could be at risk. Basically as long as your laptop/device successfully connects to the wireless LAN that is setup up for you, they're out of there. SOO - this is where we come in to offer some advice.

If you connect to your wireless router without a password, its time to get hold of a technician who knows his business and set up some security on it. That's not all...

Recent developments published by Petko D. Petkov reveal some pretty nasty things an attacker can do to Thomson Speedtouch wireless modems - which is what a lot of us Maltese people have at home to connect to the internet.

Thanks to a friend of mine who first pointed out the article above, it is now possible that if an attacker sees your default network name (SSID) then it would be possible for him to crack your default password and use your internet connection. Therefore here are some healthy tips you could pass onto your technician if you're not confident to set them yourself.

Use WPA2 encryption rather than WEP/WPA.

Note that this will affect usage of early PDA's wireless and even computers with Windows XP. In fact you will need to download a patch for Windows XP to use WPA2. Also certain old wireless adapters (802.11b) might not have updated drivers, so do your homework to see if your adapter can use WPA2 before you start changing anything.

Change the default network name (SSID)

Change the default name of your router to something else. Invent an name.

Change the default password (preshared key)

If you don't have a password - PUT ONE. If the router is using a default password, its a good idea to change it unless you don't mind sharing your internet conenction with your neighbours.

Continue reading " Wireless modem considerations"

Posted by Donald Tabone

Sunday is the most relaxed day of the week. I've been pondering about a strange (and useless) subject, just to fill in my precious Sunday morning.

Some time ago I had a brief discussion with Sandro about the padlock and why it's not a very good symbolic figure for security. In reality this is true since padlocks nowadays are a weak and most basic form of physical security.

Continue reading "The Real Security Icon"

Posted by Giannella De Leonardo

Just stumbled upon www.yoggie.com, a security 'server' that is able to provide a laptop with the same level of security as within the
corporate network.

Continue reading "Yoggie - Personal Laptop Security on USB"

Posted by Giannella De Leonardo

Recently I created an Open ID Login in order to log-in to a website. Since this was something new for me I did some research of my own and I found this instructional video that explains this in detail:

More Info:

Continue reading "Open ID & Alternative Login Methods"

Posted by Giannella De Leonardo

There are lots of ways business networks can be compromised, and more are developing all the time.

They range from technology exploits to social engineering attacks, and all can compromise corporate data, reputation and the ability to conduct business effectively.

Since we all like lists here are 10 such threats and some suggestions on what to do about them.

1. Virtual host security
2. Protecting the virtual machine monitor (hypervisor)
3. Botnets
4. Targeted attacks
5. Attacks via gaming and virtual reality sites
6. Browser threats
7. Mobile phone browser exploits
8. Lost mobile devices
9. Insecure Web applications
10. Rust-out

Read the full-article and grab the details here. Take a look at the NSA's published 10 best security practices.

Posted by Donald Tabone

In view of a recent article on the Times of Malta dated 9-4-2008 titled Some Visa cards replaced due to possible fraud we would like to take the opportunity to remind our readers about exercising caution to disclosing personal card details to untrusted people or websites through email or otherwise.

VISA provides a link with Fraud Prevention TIPS some of which are listed below - so there is no excuse for being negligent. Take your time to make sure you are duly diligent with personal details. There are many physical and logical attacks that can take place such as skimming, phising and even social engineering.

When providing payment information online, look for the 'padlock' icon on your browser's status bar - this signals that your information is kept secure during transactions.

Do not reply to unsolicited e-mails or telephone calls that request your personal information such as your SIN, password or bank account number.

When possible, keep an eye on your Visa card when it is swiped at the merchant's terminal to ensure information on the magnetic stripe is not copied through a skimming device.

Precautionary measures are good - but prevention is better than cure - and preceding that being aware is the first step. The hard part is getting the message out there - and that is where strive to make a difference.

Sources/References
http://www.timesofmalta.com/articles/view/20080409/local/some-visa-cards-replaced-due-to-possible-fraud
http://www.visa.ca/en/personal/securewithvisa/fraudprevtips.cfm
http://www.visa.ca/phishing/

Posted by Donald Tabone