Monitor your wireless network against intruders

There are a couple of things you can do to protect your wireless network against freeloaders and intruders. Probably the best thing right now is to make sure it is protected by a security protocol that is offering the best protection. That is usually WPA2 right now. You also need to make sure that the key is significantly long enough so that it can’t be easily guessed (your cat’s name) or brute forced.

There are a couple of other things that you can do, for instance position the router in a way that reception is bad or not available at all when you are not in the apartment or house. There is also wifi blocking wallpaper and paint available, but that is usually something that companies may want to do.

Another effective option is to monitor your wireless network for new connections. SoftPerfect WiFi Guard is a free program for the Windows operating system that can aid you with that. The program monitors all wireless connections which it displays in the main window.

softperfect wifi guard

Here you find information about the IP address used by the devices, the MAC address, the name, and additional information. The listing provides you with information about all connections, so that you can easily distinguish your own devices from devices that someone else may be using to connect to your wireless network. The program scans the network automatically from time to time and provides you with the means to run manual scans whenever you want to. Devices are pinged automatically which helps you detect systems behind firewalls or other security that blocks ping requests.

Since it is not really practicable to have the window open 24/7, it ships with a notification system in place that informs you whenever unknown devices connect to the wireless network.

The program is dead easy to use and a great option if you are using wireless connections to connect to the Internet, especially if you suspect someone else taking advantage of your wireless setup.


Original news article at https://www.ghacks.net on December 05, 2012 at 04:45PM

Want Microsoft’s Imagine Cup Grant? Combine Devices, Sensors And The Cloud

Microsoft’s Imagine Cup rewards student innovators with thousands of dollars worth of prizes, the chance to network with other entrepreneurs and valuable experience. But to develop those skills into a viable business can require additional funding, and Microsoft’s Imagine Cup Grant winners, announced Tuesday, now have that.

Team Graphmasters of Germany walked away with $100,000 in cash, which the company will use to develop a navigation system using Windows Phone and Microsoft’s cloud technology, Windows Azure. Team Stethocloud placed second, walking away with a $50,000 prize for its mobile-hybrid stethoscope that can be used to detect childhood pneumonia via the cloud.

See the similarities? The company is funding startups that combine a client sensor, like a phone, with the combined knowledge of the cloud. In fact, every team that Microsoft funded combined a Windows Phone with Windows Azure.

According to a Microsoft representative, each team was judged based on four criteria:

  1. Project impact and viability (40%), including whether or not the solution would be technically and economically viable.
  2. Team quality and motivation (30%), concerning how the team is structured, and how capable it appears to be to overcome obstacles.
  3. Solution design (20%), or how novel the solutuion is.
  4. Defining the problem (10%), or how broad the problem that the team is solving actually is.

Imagine Cup Grants are a three-year, $3 million competitive grants program that provides opportunity for young people by helping them realize their vision of bringing their technology enabled projects to life, according to Microsoft. Grant recipients receive funding, access to resources and support to help them create a business or nonprofit organization. The Imagine Cup Grants are part of Microsoft YouthSpark, a global initiative that aims to create opportunities for 300 million youth in more than 100 countries during the next three years.

Graphmasters: Solving Traffic Problems, Collaboratively

According to Christian Brueggemann, who is involved in the technical development of the algorithms behind Team Graphmasters, the company began life as an academic project, natch, which competed in the Imagine Cup about four years ago.

The company’s first product – originally dubbed “Greenway” and now known as “Nunav,” uses a combination of cloud services and devices not to route drivers to their destination via the shortest, most optimized route, but to send them along a variety of paths to minimize total congestion. That, in turn, can cut the amount of time all drivers spend idling in traffic, reducing congestion and the corresponding increase in greenhouse gases from wasted gas. In a hypothetical example, one car can produce 2.5 tons of carbon dioxide per year – enough that a forest of 200 trees would be needed to consume it all. In total, the CO2 output from the world’s cars would require a forest the size of Australia.


Rival navigation systems, according to Brueggemann, are reactive: a driver’s GPS device encounters a traffic jam, reports it, is rerouted, possibly encounters another traffic jam, and the process repeats itself. What Nunav attempts to do, he said, was to proactively assign drivers to side streets, so that every driver wasn’t trying to fit through the same high-speed bottlenecks. (It’s worth noting that Graphmasters’ examples focused on cities, where a number of relatively equal alternative routes present themselves.)

“A reactive system routes drivers around traffic jams that already exist, and when the traffic jam exists, you already have the problem,” Bruggemann said.

All Nunav needs is about 1% of the cars on the road to communicate and respond to create a detailed traffic overview, and about 10% of the GPS infrastructure. “The strategy we’re making is to get our service into the navigation systems alrady in the market, because once we do that it will be very easy to get 10% of users,” Bruggemann said. That doesn’t necessarily mean only Windows Phones, but all GPS devices.

And what’s the business model? It’s a new one: Nunav charges for the accelerated route. Yes, it’s only $.10 or so, which Graphmasters promises will be made up for by reduced stress.

Stethocloud And Winsenga

The same strategy – the cloud plus a device – drove the introduction of Stethocloud, a nifty app developed by four students from Australia. The team created a digital stethoscope that could be plugged into the audio jack of a smartphone. The goal is to help diagnose and treat pneumonia. 


After a user enters some basic information about the child, such as the date of birth, the app asks the parent or doctor to hold the stethoscope up to eight points on the child’s chest, “listening” and then uploading the sound file to the cloud. An algorithm then determines whether or notthe child has pneumonia, and advises a course of treatment.

That same approach was used to develop Winsenga, which combines a high-performance microphone placed within a Pinard horn, rural Africa’s answer to the stethoscope. Without access to ultrasound machines, doctors and nurses have to rely on their own ears to determine if a fetus is alive, and what problems there might be. The app listens to the heartbeat, diagnoses any problems and issues an alert if needed.


Team Vivid from Egypt and Team QuadSquad from Ukraine each won $50,000 to form companies that can access healthcare records from mobile devices, as well as help disabled individuals speak more effectively.

The message here is clear: Microsoft is looking for developers focused on using devices as a local sensor and tapping into the cloud for specialized intelligence and additional computing horsepower. Whether it’s Microsoft technology talking to Microsoft services, or something like Symbian talking to an Amazon Web Services hosted application running within Amazon’s cloud, the company sees the combination of local sensors and back-end intelligence as a powerful trend it wants to encourage.


Original news article at https://readwrite.com on December 05, 2012 at 06:30PM

5 tips to stay safe on the Internet

Why is is that many computer users do not take better care of their systems security-wise? I think the main reason for that is that security does not matter for as long as you are not attacked or encounter situations where you need better security. When that happens, it is often too late and while many Internet users learn from this, it is still fair to say that security is something that many users ignore for the most part.

Many may have an antivirus solution installed because all the magazines and sites tell them that this is important, but it usually does not get farer than this.

I’d like to present to you 5 tips that help you stay safe on the Internet. Some recommend software programs or browser extensions, while others explain key security concepts that you can use to make sure you are safe. Feel free to add your own recommendations in the comment section below.

1. Updates

I’m not telling you to install antivirus solution A or B, or that you need a bi-directional firewall, or need to scan your system from time to time with a rootkit scanner. No, the most important tip is to keep your system up to date. This includes Windows Updates that get released on the second Tuesday of every month. Make sure you install them when they are released, and not days, weeks or months later (unless you know what you are doing).

But updating does not end there. You also need to make sure that your programs are up to date, especially those that you use to connect to the Internet, web browsers for instance, but also programs that may embed plugins into those browsers, like Adobe with its Flash Player.

Some programs come with options to install updates automatically, while others require you to download and install updates by yourself.

I recommend to activate automatic updates in Windows and in your browser of choice. It is also useful to stay on top of Flash and Java updates, and updates for other browser plugins you are using.

To find out which you are using, enter about:plugins in Firefox or Opera, and chrome://plugins/ in Google Chrome. For Microsoft’s Internet Explorer, it is complicated.You need to open the Windows Registry Editor and look under the following keys:

  1. HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects
  2. HKLM\Software\Microsoft\Internet Explorer\Toolbar
  3. HKLM\Software\Microsoft\Internet Explorer\Extensions

plugins

Some web browsers inform you if plugins need updating. You can visit Mozilla’s Plug-in Check site to test if plugins in your browser need updating. Note that this may not work in all browsers.

2. Know Internet addresses

Sounds easy but is something that most users do not pay attention to. The Internet address, or website address or url, determines the site you are connected to. What you need to understand is that https is better than https, and that finance related sites, like your bank’s website, payment processors and the payment section of shopping sites, need to display https in front. You also need to make it a habit to check the web address.

secure internet address

You can also click on the icon in front to get additional information in your browser.

Link checking is important. This is done by hovering your mouse cursor over a link to read the web address it links to. Browsers and other programs usually display link destinations then, which you should make use of to make sure a link leads to the correct destination and not a phishing or fake site.

If you are unsure, enter the address manually instead in your browser or contact the support of the site to find out if the mail is legit or not.

3. Pick secure unique passwords

A password like Dallas or 123456 is easy to remember, but what you need to consider is that it is also easily guessable. You need to select secure unique passwords whenever you sign up for a service.

Secure means that it needs to have a decent length, 12 to 16 characters is a good start, that it is diverse, meaning that you need to mix letters, numbers and special chars if allowed by the site. Since it is quite difficult to remember passwords like V34cy_dsf23$s23, especially if you have dozens or more of those, it is advised to use a password manager. You can use an online password manager like Last Pass for that, or a desktop password manager like the excellent KeePass.

secure passwords

These programs not only save your passwords and usernames, they also include password generators which simplifies the generation of secure passwords.

Unique on the other hand means that you should not use the same password on more than one sites. The only exemption that I’d make here is if the account is not personal, e.g. you have signed up for a site to watch videos there but have not entered any personally identifiable information.

Do not write those passwords down physically, save them in unencrypted form on the computer, or tell them to anyone you know or do not know.

4. Use disposable mail / a second mail account

You do not and should not sign up for all services with your main account. One option that often makes sense is to create a second email account and use that account exclusively for sign ups on sites that are not overly important to you. While you might want to sign up with your real email address on your University’s student site, you should prefer a secondary address for social networking sites, news sites, blogs, gaming sites and more or less all other sites on the Internet.

Why? This is more of a “we sell your email address and profile information” kind of thing that it is a potential security hazard. Still, if you do not want to be swarmed by spam, use a secondary address or disposable email.

Disposable email addresses basically let you create email addresses on the fly that have a limited lifespan. The idea is to sign up using one, get the confirmation email, click on the link, and never use that email address again. Pretty handy huh?

They are not useful for all types of sign ups though. Anyone with knowledge of the email address you signed up with can for instance request a password reset for your account. The email goes directly to the disposable email provider where anyone with knowledge can access it and reset your password. When that happens, it is usually only a matter of time until your account gets hijacked.

In short: they are very good when you need to sign up to a site to access contents. As soon as you reveal personal information, it is better to use a secondary email account for sign up.

5. Use common sense

A Nigerian prince wants to give you 10% of his 10 billion Dollar stash but requests that you send him money first so that he can make the transfer? A women emails you that you never heard of before and claims that she wants to have sex with you? An Iraqi war veteran stumbled upon a ton of Gold and needs logistics to transport it out of the country?

Those email messages and a lot more are common. Spammers try a lot to get you on the hook. Even if you would not fall for those examples, there are others that you may. Examples of this are information about a package that a service like UPS tried to deliver but could not, a Casino that is offering you free spins, or someone who claims to have made millions with a simple Internet site (and wants to sell that secret to you for $10).

A rule of thumb is that you should not open attachments of emails where the sender is not known to you. I do not open emails from businesses that I do not have a relationship with.

But common sense is also important when you are browsing the web. Congratulations, you are the 1,000 visitor, you have won an Apple iPad. Bogus messages are all around you, and it is best to ignore them all instead of falling pray to people who just want your data so that they can sell it to the highest bidder.

Common Sense should probably have been number one of the list

Closing Words

Anything that I missed that you’d like to add? Leave a comment below, I’d love to read your suggestions.


Original news article at https://www.ghacks.net on December 05, 2012 at 09:10PM

ATM Thieves Swap Security Camera for Keyboard

This blog has featured stories about a vast array of impressive, high-tech devices used to steal money from automated teller machines (ATMs). But every so often thieves think up an innovation that makes all of the current ATM skimmers look like child’s play. Case in point: Authorities in Brazil have arrested a man who allegedly stole more than USD $41,000 from an ATM after swapping its security camera with a portable keyboard that let him hack the cash machine.

Photo: TV Bahia

The story comes from O Estado de S. Paulo (“The State of São Paulo“), a daily newspaper in Brazil’s largest city. According to the paper, late last month a crook approached an ATM at the Bank of Brazil and somehow removed the security camera from the machine. Apparently, the camera was a USB-based device, because the thief then was able to insert his own USB stick into the slot previously occupied by the camera. As you can imagine, a scene straight out of Terminator 2 ensued.

The attacker was then able to connect a folding keyboard to the ATM’s computer and restart the machine. The newspaper story isn’t crystal clear on the role of the USB device — whether it served as a replacement operating system or merely served to connect the keyboard to the machine (it’s not hard to imagine why this would be so easy, since most ATMs run on some version of Microsoft Windows, which automatically installs drivers for most USB-based input devices).

At any rate, after the thief rebooted the ATM’s computer, he was reportedly able to type the value of the currency notes that he intended to withdraw. According to the story, the thief started by removing all of the R $100 bills, and then moved on to the R $50 notes, and so on.

A crude skimming device removed from an Inova Hospital in Fairfax, Va. last month.

A crude skimming device removed from an Inova Hospital in Fairfax, Va. last month.

As clever as this hack was, the crook didn’t get away: The police were alerted by the central bank’s security team, and caught the thief in the process of withdrawing the funds. Brazilian authorities said they believe the man was being coached via phone, but that the guy they apprehended refused to give up the identity of his accomplice. My guess is the one coaching the thief had inside knowledge about how these machines operated, and perhaps even worked at a financial institution at one point.

These kinds of attacks make traditional ATM skimmer scams look positively prehistoric by comparison. But the sad part is that even really crude skimming devices can be very lucrative and go undetected for months. I was reminded of this last week, when, for the third time in as many months, authorities discovered ATM skimmers at hospitals within a few miles of here. Local police believe the same thieves are responsible for planting all of the fraud devices, which are relatively unsophisticated but nonetheless enabled the theft of thousands of dollars over a period of several weeks.

The front of the card-skimming device.

According to Fairfax County Police, one was discovered on the same ATM located near the lobby gift shop at Inova Fairfax Hospital on Tuesday, November 27. A hospital employee noticed that the input slot for the card was loose and wobbly; when she inserted her bank card, the device fell off.

A second device was discovered on a machine located in the Inova Fair Oaks Hospital lobby adjacent to the cafeteria on Wednesday, November 28 around 1 p.m. A hospital security guard discovered the device after being notified of the prior incident.

ATMs like this one, tucked away in a hallway corner, may be easier for thieves to compromise and keep compromised.

In September, Fairfax police recovered a remarkably similar skimmer from that very same ATM in front of the Fairfax hospital gift shop. I popped by the hospital today and snagged a picture of the cash machine in question (at left, and sadly, I did not discover another skimmer).

Interestingly, the police said that none of these bank machines are either owned or “monitored” by Inova staff; while they are are located on hospital property, the banking institutions that own them are responsible for their maintenance and management.

I doubt these skimmers would have gone undiscovered for weeks a time had they been attached to ATMs at actual bank branches. These incidents are a good reminder that, whenever possible, stick to ATMs located at bank branches. And, as always, keep a close eye on your bank statement for fraudulent charges.


Original news article at https://krebsonsecurity.com on December 05, 2012 at 03:05AM

AV-TEST removes its certification for Microsoft Security Essentials

(LiveHacking.Com) –  The latest set of tests performed by AV-TEST, an independent IT security and anti-virus research institute  has shown that Microsoft’s Security Essentials (MSE) can only detect 64 per cent of zero-day threats when running under Windows 7. This is down from 69 per cent in the previous round of certification tests, which were carried out […]


Original news article at https://www.livehacking.com on December 03, 2012 at 01:27PM

Get an Annual Subscription to Prey Pro for 72% Off and Protect Up to 10 Devices from Loss and Theft

Prey is one of our favorite ways to protect your devices against theft. If a laptop or mobile is lost or stolen, Prey can help you recover it. It’s free to use for up to three devices, but if you have a family with lots of devices to protect, or just a bunch of your own, you need Prey Pro. StackSocial currently has a deal that knocks 72% off a year’s worth of service so you can protect up to 10 devices for only $50. More »


Original news article at https://lifehacker.com on December 01, 2012 at 02:30AM

Maine Construction Company And Bank Settle Dispute Over $345,000 Online Banking Heist

A Maine construction company that sued its bank after losing $345,000 in an online banking heist has settled its dispute after a protracted legal battle that raised questions about the bank’s responsibility in protecting customer accounts against cyber fraud.

The settlement between Patco Construction and People’s United Bank (formerly Ocean Bank) comes about four months after the U.S. Court of Appeals for the First Circuit faulted the bank’s security measures at the time of the theft and advised the two sides to work out a compromise.

Click for complete article >>


Original news article at https://www.teamshatter.com on November 27, 2012 at 09:04PM