"Interesting Articles"

Is Free Wi-Fi safe?

By Emma McGowan, "AVAST Security" Newsletter, 31st October 2021

Here's an interesting article which I received today - although it's aimed primarily at students, I think it's well worth reading - Allen Roochove, NCC Techno Buddy (30.10.21)

Can free Wi-Fi ever be safe?  Free Wi-Fi offers a quick and cheap solution - but it's often over an unencrypted connection. Which means hackers can use them to steal personal information, launch man-in-the-middle attacks, or even hijack your browsing. So, what can you do? 

Read this before hooking into that free Wi-Fi all the other students are using

School is back in session, and for many colleges, this means a return to campus. After a full year of distance learning, preceded by a chaotic half-year of distance learning, both faculty and students are now reacquainting with being in person again, not to mention actually out in the world, away from their couch. This reacclimatization will take a little time, but there's one little part of it we need to talk about right now - the free Wi-Fi.

These days, people like to be online 24 hours a day. People also tend to like the path of least resistance, especially when they're in a hurry. If they are away from their home, and they want to use their device or laptop, chances are they'll do a quick skim of their Wi-Fi choices, then hook into whichever one seems open, free, and not shady.

The problem is, hackers know what people like. These low-security hotspots are the perfect places to launch sneak attacks on users who join. Hackers can see all unencrypted connections, which can lead them to steal personal information, launch man-in-the-middle attacks, or even hijack sessions. Hackers could try to trick users into installing malware, or they could try something less invasive, like packet sniffing, a way of monitoring the information that's coming and going. Packet sniffing is not so much an attack as simply data analysis for future use.

Now, it must be known that joining up with potentially unsecured free networks is not just a folly of the youth. Avast set up fake hotspots at the Mobile World Congress to see how many cybersecurity experts would actually fall for it; and in just 4 hours, the attendees had unknowingly run 8 million data packets through our sniffing software.

The easy solve for this problem lies in the sentence, "Hackers can see all unencrypted connections." If you want to stop them from seeing your data, you can simply encrypt it! How? Get yourself a free VPN to go with your free Wi-Fi.

A VPN is a virtual private network that encrypts your internet traffic. Imagine that being online is like cruising down a cyber highway where everyone sees you driving your car - when you use a VPN, your car windows are tinted, and nobody can tell who you are. It's the best way to keep yourself safe while you brave the free Wi-Fi offerings around campus. Install a VPN on your device and laptop, and switch it on before you join Wi-Fi networks like CouldBeShady-2G or NoHackersHereWePromise.

College may look a little different post-pandemic, but there are still a few old adages that ring as true today as they did decades ago. At the top of this list is, "You can avoid a world of complications if you just use protection.


What is a "VPN" (Virtual Private Network)?

When you switch on a Virtual Private Network (VPN), it sends your web traffic through an encrypted tunnel to a server controlled by the VPN company. From there, it exits onto the web as normal. If you make sure to only connect to websites secured with HTTPS, your data will continue to be encrypted even after it leaves the VPN. This sounds simple, and maybe superfluous, but it can have profound effects on your privacy.

Think about it this way: If your car pulls out of your driveway, someone can follow you and see where you are going, how long you are at your destination, and when you are coming back. They might even be able to peek inside your car and learn more about you. With a VPN, it's as if you drive from your house into an underground tunnel, into a closed parking garage, switch to a different car, and drive out. No one who was originally following you knows where you went.

When your VPN is on, anyone snooping around your network can't see what you're up to. This is true even if the snooper controls the network. Public Wi-Fi networks, which are ubiquitous and convenient, are unfortunately also extremely convenient for attackers. How do you know, for example, that "starbucks_wifi-real" is actually the Wi-Fi network for the coffee shop? In fact, a popular security researcher prank is to create a network with the same name as a free, popular service and see how many devices will automatically connect. Another benefit of a VPN is that your true IP address is hidden behind the IP address of the VPN server. This makes it harder for advertisers and others to track your movements across the web. Even a dedicated observer would have a hard time telling whose traffic is whose, because your data is mixed in with everyone else using the same VPN server.

 Allen Roochove, NCC 'Techno' Buddy (23rd Oct '21)                                                                               See article from PCMag UK   https://uk.pcmag.com/vpn/138/the-best-vpn-services                        Also see article  from Malwarebytes https://www.malwarebytes.com/what-is-vpn   

Browsers & Search Engines: Not The Same Thing!

Do you know the difference between browsers and search engines?    Simply, a browser is your access to the internet, and a search engine allows you to search the internet once you have access.  You have to use a browser to get to a search engine


You can choose from many browsers, but the most commonly used right now are 

  1. Chrome
  2. Safari
  3. Firefox
  4. Edge
  5. Opera
  6. Brave
  7. Vivaldi   

     Search Engines

It likely won't surprise you to know that Google is the king of the search engines.  Bing is in second place.  Once you are 'on the web' then search engines allow you to 'surf the web'

Top 10 Most Popular Search Engines in the World (2020)

  • Google
  • Bing - Bing is the second most visited search engine in the world (at least in 2020)
  • Baidu 
  • Yahoo Search
  • Yandex
  • Ask
  • DuckDuckGo
  • Naver
  • AOL
  • Seznam
Allen Roochove, NCC 'Techno' Buddy  (24th September 2021)

'Tips on creating Strong Passwords' 

Make It Long - use a minimum of at least 12 characters - the longer the password, the more secure it becomes.

Add Variety - include Numbers, Symbols, Capital, and Lower-Case Letters: the more you mix up letters, numbers, and symbols, the more potent your password becomes, making it harder for a brute force attack to crack it.

Add Emoticons - while some websites limit the types of symbols you can use, most allow a wide range. Make your symbols memorable by turning them into smiley faces to instantly boost your password strength, e.g.,     :)   :(   8)   ;)   :(   :D  :@   <3   :}   :{

Make It Unique don't use Personal Information that can be publicly accessible such as your birth of date, pet's name, car model, phone number, or street name and address.

Don't use a Dictionary Word - any word on its own is bad. Any combination of a few words, especially if they grammatically go together, isn't great either. For example, "mouse" is a terrible password, and "small brown mouse" is not much better

Avoid Common Substitutions - password crackers are familiar with the usual substitutions. "P@ssword" isn't strong just because the letter 'a' was replaced with the symbol

Creating and remembering Strong Passwords

The key to creating a hard-to-crack password is to focus on making it both easy for you to remember and extremely hard for others to guess.

Creating an odd passphrase of words that typically don't go together is a good way to create the base of a long password. Some sites will even allow spaces - just add symbols and numbers to make it even stronger.

Example: 32 Seagulls deliver bologna sandwiches to Paris    (47 character password)

Example: 32-Seagullsdeliver bologna5andwiches2Paris!       (43 character password)

Use the first digit in each word to create an acronym and add numbers and symbols throughout.

Example:    2BorNot2B_ThatisThe?                                                                                                 

To be or not to be, that is the question - (20 character password)

Example:    1gbeFnw18f:}                                                                                                            I go bowling every Friday night with 18 friends  (12 character password)

        Use Random Words to create a passphrase -

This method does not follow the traditional password advice of not using dictionary words. Instead, use four or five random words and string them together to create a passphrase that involves multiple words. 

The randomness of the word choice and the length of the passphrase are what makes it strong. 

The most important thing to remember is that the words need to be random.   For example, "cat in the hat" would be a terrible combination because it is such a common phrase, and the words make sense together.

But something like "correct horse battery staple" doesn't make sense, and the words aren't in grammatically correct order - that's a 30 character password

Developing on that, we could have something like

"7 Computers 26 Nose hairs & 320 Warts :)"

That's a 42-character password that would be easy to remember and extremely hard, if not impossible, for someone to guess - and the possibilities are endless ...

Allen Roochove, NCC 'Techno' Buddy  (August 2021)