Tag Archives: internet

How to prevent Wi-Fi Piggybacking?

In any form of Internet communications, there is always a possibility for your information or data to be intercepted by people (or machines) you’re not suspecting. This article will provide you with some basic information about wireless networks (Wi-Fi), discuss some possible ways your data can be intercepted over Wi-Fi and simple methods of preventing these risks on Wi-Fi.

Some background info about Wi-Fi

Wireless networks began popping up in homes about 10 years or so. They have vastly changed the way we work as it allows portability and convenience around the house and the workplace. It prevents us from having to fully wire our houses, whether old or new, vastly reducing labour and integration costs. Service providers are now implementing wireless into their modems and routers. Universities offer campus-wide wireless in their campuses, and there are millions of hot-spots all over the world in libraries and coffee shops.

Beyond the scope of this article are the types of wireless network protocols. Some of the more tech-savvy would know this as 802.11a/b/g/n type wireless standards. Although it is important to know that there are differences between them, for the most part, it doesn’t change how privacy can affect you by using the different protocols. We can assume however, that the most predominant protocol being used, at the time of this blog post, is 802.11g which was standardized in 2003.

What are the dangers

If your Wi-Fi is unencrypted, then this it is important that you pay attention to this!

Like any other form of radio communications, Wi-Fi travels over the air and there is no way to control who else can listen to the basic signal. Therefore it has no way to prevent piggybacking or snooping of its basic unencrypted signal, which is the term used when an unauthorized user is able to listen in on your conversation.

For an example, think of your local FM radio station. FM signals do not care who is tuning into its channel, whoever does, will inherently be able to listen to the signal it is broadcasting as long as it’s within range. Since FM radio is usually designated as a public system intended to reach the general population, it is not a great example to demonstrate “Piggybacking” or snooping. However, if you were to designate a FM radio station as private where the intended purpose is for only you and a select number of authorized people were supposed to be able to tune into a specific channel, the moment an unauthorized person tunes into the station, he is then to piggybacking on your station and listen to everything that is to be heard over the specific FM radio channel.

Thankfully, unlike FM radio stations, Wi-Fi does not operate at extreme power levels, so the area of penetration that your computer and wireless router operate at is very low. Although this does lowers the amount of area that people can intercept your data, it does not eliminate the risk.

The ability to intercept Wi-Fi communications is very easy and nowadays, can be done even be done from a netbook or a simple kit. The software can be easily downloaded online and run by the click of a button. Its soo easy that you don’t need to know a lot about computers in order to intercept the data. These softwares are capable of handing the decryption of WEP, which, unfortunately is still used widely today on uninformed users.

Some of you may be asking, “Why does it matter/I don’t care? I have nothing to hide!”

If someone were to capture your entire Internet conversation, they would probably be able to access your passwords to your favourite websites (Facebook, Youtube, etc), your email, your online banking information, and also reconstruct what you’re doing online on your computer. They could then resell or use the information to impersonate you or steal your identity. Although this may seem a bit far fetched, why give them easy access to all this interesting data when we have the technologies to prevent most of it?

How to fix the dangers

In order to prevent “Piggybacking” a number of methods were produced by various organizations. If you simply Google or Wikipedia “Wireless Security”, you will discover many different methods of securing your wireless network.

The act of securing your network prevents Piggybacking by adding level of encryption on all the information travelling on your configured wireless network. If we look back at the FM radio example again, the unauthorized user, tuning into your designated channel or radio station, would now only hear garbled noise and have no clue how to read it.

For the basic home user/consumer, I recommend using the currently most secure
WPA2-PSK with AES encryption. If your router or computers are unable to acheive this level of encryption, I would then recommend downgrading to WPA-PSK with TKIP encryption.

Simply pick a key that is at least 10 characters long and make sure it uses a variety of different characters including special characters.

Save the key securely and only give it to people you want to have access to your network.

I would not recommend hiding your SSID or implementing a MAC address filter as it is essentially useless and makes configuration a bigger administrative pain for you and your users.

Taking these simple steps into action could prevent you from becoming a victim of data piggybacking and preventing data snoopers from accessing your personal life.

Lastly, stay on top of technology. Check for firmware updates and re-evaluate you hardware every few years to see if there are newer wireless security standards to re-enforce your network security. Something that maybe secure today, may not be secure tomorrow.

What to do if you’re on a Wireless Hotspot?

Many of you may ask…what can you do if you’re at Starbucks or at University where you need internet access via Wi-Fi and they only offer a free unencrypted version?

There’s not a whole lot you can do. Unless you’re accessing online services via a specified encryption method (encrypted browsing session, VPN), you could be susceptible to Piggybacking. Generally speaking, with wireless hotspots, there are usually tons of users. A piggybacking snooper, looking for your information would have a bit more trouble sifting through all the information he’s capturing. But don’t feel to safe.

Make sure you’re accessing your email with an encrypted protocol. Popular free email providers such as Gmail defaults to this and I believe Microsoft’s hotmail is slowly following suit. If you have a different provider, visit or call your local IT administrator to see if they can give you some further information. Lastly, try and prevent doing online banking or other personal things you wouldn’t want anyone else seeing while you’re on a hotspot.

For the average user, simple steps in securing your Wi-Fi and being more aware of the dangers of using a unencrypted wireless network should hopefully prevent you from having your data snooped unexpectedly.

Enjoy a more safe and secure web browsing life.

Further reading:
Wi-Fi cracking kits sold in China for $24
Wikipedia – Wireless Security
Wikipedia – Piggybacking
Network News – Wi-Fi security in Transition
Note: Although Wikipedia isn’t always a viable source, I do enjoy linking to them as their articles can be updated overtime to offer more current and precise information

april fools round-up

For those who forgot about April Fools day this year, the following are links that cover most of the april fools jokes on the internet.

Some people refer to April Fools as Internet Annoyance Day.

Some of my favourites:

  • GMails autopilot Link
  • Google’s CADIE, which easily fooled my friend doug. Link
  • reddigg!
  • lululemon’s brand new shopping system Link

CNET News – April Fools Roundup

What were your favourites?

conficker a dud so far

Well today was April Fools day and our favourite media virus Conficker was written-up many times over the past week in the papers and shown via newscasts all over the world. Surprise! The virus did was it was told it contacted its generated servers, only to do nothing, and the internet is still alive!

This threat is NOT over! Why the media and security organizations chose April 1st as doomsday is a mystery and was based mainly on speculation by reverse engineering the code. There are still many unpatched computers out there which need to be attended to. This day has been anti-climatic, CNET’s Conficker blog was boring to read, and we’ll have to wait until the hackers decide to make their next move, most likely during a quiet time when less IT and security staff are working.

My shift at the CCS IT HelpDesk in the library consisted of a 10-second power outage and the regular library help questions. The power outage turned off all desktop computers with stressed students working madly away to finish their last-minute assignments. I delt with about 6 lost assignments after the power outage. I was only able to recover 2 of the 6. Its ironic how people who lose their assignments almost always recognize that they SHOULD have been saving to the designated places stated on the desktop backgrounds. It’s unfortunate that most computer users do not read anything on their screens and continue to click OK and YES the majority of the time. You can blame Microsoft and Apple for accustoming their users to this.

On that note, those devious hackers also figured out how to get their search ratings high-up on Google’s results. Simply googling “Conficker” in Google generates many results, the majority of which are bad (as they have viruses or malware ready to download). This caused many curious users are used to just “clicking” to infect themselves with the virus.

If you haven’t done so, please patch your computers, use Firefox, and make sure your virus definitions are up to date. If you’re running an illegal version of the windows, make sure you check your computers thoroughly or buy a real copy.

The internet is a dangerous place. Be prepared. Lets see what the media says about Conficker now. If you’re looking for more information about it, please refer to the links below. I’ll keep you updated on its status.

Some links:
Microsoft – Bulletin MS08-076
McAfee Avert Labs – Conficker.C observations with wireshark
Wikipedia – April Fools
CNET – Conficker silence
Vancouver Sun – Conficker
Ars Technica