Re: can they hack into my computer?
- From: Jeff Liebermann <jeffl@xxxxxxxxxx>
- Date: Tue, 19 Jun 2007 09:25:05 -0700
Jose Rodriguez <josec.rodriguez@xxxxxxxxx> hath wroth:
You're right, and I've been pointed out another problem, what if
somebody is using your system with illegal purposes you might end
getting the blame for?
It's possible, but (to the best of my knowledge) it hasn't happened
yet. There have been some arrests and stupid convictions for using a
wireless connection without permission, but none for anything
involving liability. The whole issue of responsibility for wireless
security is currently unclear and I am NOT an expert or attorney.
However, I suggest you do whatever it takes to not become a test case.
Mostly true. I determined hacker could enter your computer via theThat's serious, but for that to work you have to leave things
wireless and pull out some emailed bank statements, credit card
payment statements, saved passwords, and whatever else looks
interesting. At wireless speeds, they could copy most of the junk
under My Documents and various email depositories fairly quickly, and
inspect them at their liesure. Meanwhile, they could leave you with a
virus, not be cause they're malevolent, but simply to distract you.
opened and clear; I would only store passwords in an encrypted
format and a rather obscure location. And at least online banking
is made through a secure conection, isn't it?
There are multiple levels of protection. The most obvious is to
encrypt the wireless traffic so that nobody enters you LAN in the
first place. That's the WPA and WPA2 encrytion.
However, if someone can enter via wireless, what other defenses do you
have? If you have shared folders, are they open to anyone to read or
are they password protected? Do you have intrusion detection software
running? Do you use encrypted folders (XP Pro only)? Are the
documents themselves encrypted? Can they be copied, even if they are
encrypted?
The last is fairly important. Most people assume that a document with
simple encrytion is safe. That really depends on the level of
encryption and the time allowed. The encryption used may be
relatively secure if I had a limited amount of time to recover the
key. However, if I can copy the encrypted file to my own machine, I
can do a brute force or better crack at my liesure. That would
require a more secure system. I've also found that most users tend to
use the same password for ALL their encrypted documents, so cracking
one will usually crack them all. Note the number of "password
recovery" programs and services available:
<http://www.crackpassword.com>
<http://www.lostpassword.com>
etc.
My personal solution is to NOT store anything of value on the machine.
The really important stuff is on a removeable USB thumb drive. It's
also encrypted, password protected, and backed up with a copy
somewhere. Not ideal, but with the whole neighborhood on my
neighborhood wireless LAN, it's prudent.
I guess that's one of the reasons why Linux is inherently more
secure than Windows--software comes from digitally signed, official
repositories, for instance.
Nope. There are distributions that come that way, but most of the
stuff I run isn't. The stuff I've seen that is signed, is self
authenticating and does not use an independent certificate authority.
Therefore, it could be forged. Improbable, but possible.
The major difference between Linux and Windoze security is philosophy.
Linux usually comes secure by default with all the security features
enabled on installation. If you want to do something disgusting, then
you have to do it intentionally. Windoze is built for user
convenience and requires the user to impliment and apply security. At
least that's the way they started. Both extremes found that they had
to compromise somewhat in order to make their products usable. Linux
is becoming more permissive on instalation and Windoze at least
impliments basic password security on installation. Since there's no
"right answer", the issue will continue to be a moving target. Also,
just because the vendor delivers a product that's more convenient than
secure, doesn't mean you have to perpetuate the mistake.
Unfortunately, the wireless router industry has done the worst
possible thing. Most wireless routers are wide open and totally
insecure on installation. Open the box, plug it in, and in most
cases, it will function. That's a great OBE (out of box experience)
but doesn't make for a very secure system. Eventually, someone will
sue a wireless router manufacturer for damaged resulting from the
false perception of security, and things might change. Meanwhile,
only 2-wire has gotten the clue and delivers their routers secure by
default. Again, just because the router manufacturers deliver
insecure products, doesn't mean that you have to perpetuate the
mistake.
--
Jeff Liebermann jeffl@xxxxxxxxxx
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558
.
- Follow-Ups:
- Re: can they hack into my computer?
- From: Jose Rodriguez
- Re: can they hack into my computer?
- References:
- can they hack into my computer?
- From: Jose Rodriguez
- Re: can they hack into my computer?
- From: Jeff Liebermann
- Re: can they hack into my computer?
- From: Jose Rodriguez
- can they hack into my computer?
- Prev by Date: Re: What is the point in Wireless?
- Next by Date: Netgear offers Zero reseller support
- Previous by thread: Re: can they hack into my computer?
- Next by thread: Re: can they hack into my computer?
- Index(es):
Relevant Pages
|
