security

Hack your heart

Wireless networking is clearly a basic requisite for any electrical device these days, now we all live in the future. The Nintendo Wii, for instance, would almost be worth the extra £180 even if it was exactly the same as a NES, but had wireless controllers and the ability to upload your shamefully bad racing times to the world. However, inevitably, the more devices that are on networks, the more security issues crop up; and the more devices that are on wireless networks, well, you don't even have to touch them to destroy them.

It's bad enough that people's computer networks are relatively easy to illegally access, even when certain common forms of encryption are used to prevent it. Generally, this isn't a matter of life or death. When it's hacking into someone's pacemaker though, obviously it is.

Disaster tracking

Danger!Danger!Disasters disasters disasters everywhere? Well now courtesy of the Havaria Information Service's Alertmap, you can see where some of the world's worrying disasters are happening in real-time. As Chicken Yoghurt note it really looks a bit like scary sci-fi. Except it's real, and you can click on any icon for a full report of the problem concerned. Or if you're in the middle of an epidemic of bird-flu related earthquakes that they've somehow missed, submit your own.

If you're a real disasterophile then, and wait long enough for the page to load, you'll see big lists of earthquakes, volcanoes, massive fires and so on from the past 24 hours. Who would have thought the world was ravaged so?

No-effort surveillance

Forget any bugging of your wheelie bin - if the Government / police / identity thieves / blackmailers really want to track you and your life then there's something slightly more to be worried about. It's with you all the time, it knows where you are and what you're saying. It's often linked personally to sensitive identity and financial information about you. You even pay heavily for the privilege of having it.

Yes, of course, it's your mobile phone.

Passsport non-control

Lookalikes?Lookalikes?In these post 9/11 days of increased airport security where wearing a foreign-looking t-shirt or carrying a bottle of coke is enough to get you banned from a flight, you might think it was kind of hard to go a-flying without some vaguely accurate declaration of who you are being requested.

Not so for Mark Coshever, a 29 year-old businessman who was flying from Luton to Amsterdam via easyJet. He passed through the full security process at Luton successfully and all seemed well with his journey. Until he arrived at Amsterdam passport control that was, where he suddenly realised he was travelling under the wrong passport. More specifically the passport he got on the plane with was Alicia Coshever's, his 2-year old daughter.

Bypass port restrictions on cPanel and WHM

cPanel and WHM are nice friendly systems that allow one to configure much of a web/ftp/email server with ease using nothing but your web browser. It is commonly made available by web servers that offer shared hosting packages, and includes a webmail package to allow you to access your personal email remotely. Just right for those boring office hours where you need a few hundred hours break from doing what you're paid for.

Make your own passport

Britain is in the middle of a move towards making everyone's passport include a microchip. As of February this year, any passport you sent off for or renewed may have cost you substantially more and have included biometric information on such a device. In the case of the UK, this information includes a coded version of your facial features, in other places it may be fingerprints, iris scans and so on.

The chips these passports use include radio frequency ID (RFID) technology. This means the chip inside your passport will transmit some data – in this case your biometrics - to a reader when it receives signal from a RFID reader. The reason? More secure than paper based documents, and less open to fraud. Unless of course the potential fraudster knows a bit about such chips. Unsurprisingly, despite the Government's arrogance, they've already been hacked. Now that didn't take long did it?

Breaking WEP for novices - more wifi insecurity

Having dealt with faking MAC addresses in a previous article, the Poorhouse heard on the grapevine that it wasn't so difficult to beat the other side of bog-standard wireless network security either; the encryption key.

When a wireless network client talks to an access point (for instance a router) it transmits packets of data. These packets could potentially be intercepted by a nefarious individual sitting nearby by virtue of the fact they are flying through the air for all to see. They could then feasibly see what the network user is up to, or sneakily communicate with their network, use their Internet connection and so on. Therefore wifi networks with a semblance of security use encryption so a passer-by cannot see what is going on with the network or understand any of the packets being transmitted around it. Typically this may be done with "Wired Equivalency Privacy" (WEP), which is often the only option open to users of older or cheaper equipment. The Poorhouse knows for sure that both home users and perhaps more worryingly business users use it regularly.

Faking your MAC address

Most network hardware, be it in a computer, a PDA or a component, has a Media Access Control (MAC) address associated with it. This is a unique number, often written in the format 00-00-00-00-00-00, that is permanently assigned to one exact piece of network equipment. From it you can work out such things as what company made it and so on.

More critically it is often used as at least one part of network security with regard to wireless networks. This, combined with the (usually WEP) encryption key that the other part of "bog-standard" wifi security, does indeed sound like a very good idea insomuch as someone wanting to access that particular network would need a specific piece of hardware (identified by its MAC address) and a specific piece of knowledge (the encryption key). Indeed this is the upper limit of security that many older or cheaper network set ups have available to them.

Sign of the times

Perhaps the recent mandatory switch to Chip and Pin credit cards in the UK wasn't merely something designed to wind up the proportion of the populous of Britain who can't quite reliably grasp which way they should be inserted into the never-hidden-from-public-view chip reader. Whilst the Poorhouse would dispute that they couldn't be easier to use - not having to put them in a slot reader and not having to remember a PIN are 2 ways in which we'd venture they would be easier to use - it does at least prevent the sort of potential fraud that John Hargrave from Zug went out to test.

Identity theft is too easy

Identity theft- the "hi-tech" crime of our times. But is it actually remotely hard to do? Perhaps not. Take the following as an example of how ridiculously easy it can be.

Every home dweller is familiar with receiving a pile of bad-for-the-environment credit card applications you never asked for or wanted. You get a glossy leaflet about how much money it won't cost you, a prepaid envelope, a half-filled in form and, if you are especially lucky, a free pen. Sometimes it even says "Priority Application" or something equally as discrete on the envelope.

Syndicate content