TechTonic is a Boston based team of IT experts with a focus on Apple and Mac integration
(617) 301-6280

“The bad guys are at Starbucks!”

Bad Guys?

Drive-bys, Phishing, Identity Theft! The internet seems dangerous, but protecting yourself starts with protecting your own computer and network. One exploit that so-called “hackers” (actually it should be “attackers”) is something you may never have expected. It’s that ubiquitous resource that we can’t live without, Wi-Fi.

Because Wi-Fi is a radio version of something we always took for granted, wired networking, people assume it is inherently secure. Nothing could be further for the truth! By its nature of being wireless, your data is literally available to be collected by anyone with a laptop. Some engineers call it packet sniffing or network sniffing, but whatever you call it, joining any Wi-Fi network is the same as putting your network switch or home router outside your doorstep and putting a sign on it, “Hey, plug your computer in and invade my network!” Even outside of home, at an internet cafe or Starbucks, everyone sitting there is subject to everyone else’s traffic. So how do you protect yourself from that?

Getting Pawned at Starbucks
The short answer is encryption, and making it a priority to join “encrypted” networks. If you join a Wi-Fi network without a passphrase, you are at a very increased risk. Let’s take Starbucks as an example. You walk in, open your laptop and join the ubiquitous “AT&T” network with no password. Right away, you’ll notice other people’s laptops and phones showing up in your Network Browser or Neighborhood. Guess what? It’s open season on an open network! You type in a URL in your web browser and click “Go”. Instantly it’s logged by the attacker, who is sitting a couple chairs away! Your emails being sent and received? Captured, with all the data inside of those emails. Your name, phone numbers, email addresses, street addresses, all kinds of personal information just short of actual credit card numbers. But they don’t need that. They just need to make a profile of a person, you, and open financial accounts or fake credit cards in your name. The process spirals until your real accounts and identity are sold or compromised months or years later. The attacker never “hacked” your machine, never looked at your hard drive, all they did was listen to your Wi-Fi traffic, and it was easy because you joined an open network.

Protecting your Wi-Fi traffic

Any Wi-Fi network with a “password” greatly increases your security. The actual security mechanism is a bit more complex, the initial passphrase and your computer ID together create a pair of security keys that are unique to your computer and the network. Then, all the data that’s passed back and forth are “encrypted” with these keys. The data is still in the air, subject to capture, but an attacker would have to spend a lot of time and resources to decoding the data. That’s a huge deterrent in and of itself. There are different levels of encryptions, WEP, WPA, and WPA-2 Personal most commonly, but anything is much better than nothing.

So if you have a choice, always choose a network that has a passphrase. If you do not, limit your usage as to not expose your identity as you surf or communicate on the internet. You should know any SSL websites, that use “https” instead of the regular “http” offer some anonymity. Also, like SSL-enabled websites, email can be transmitted via SSL-enabled email servers, you’ll have to check your provider’s settings for details. But it may be easier just to check it on your phone that’s not on the Wi-Fi network. If you have a “hotspot” option on your phone, that is a on-the-go secure way to connect to internet as well.

Our pitch!

“The bad guys are at Starbucks!” was the mantra of an Aerohive Engineer we worked with. All of TechTonic’s staff are certified and trained wireless engineers, specifically in Aerohive Networks, https://www.aerohive.com/. Aerohive is the industry leader in fast, secure, pervasive Wi-Fi networking for companies and organizations of any size, from single offices, to global networks. It’s all easily cloud-managed and greatly increases the productivity and mobility of any workforce. Some industry experts call Aerohive the Cisco of Wireless! TechTonic is an Aerohive Silver Partner and is certified for training, installation, and sale of Aerohive’s entire line of advanced wired and wireless networking appliances, cloud management, and access points. We’d be happy to talk to you about it for free, just contact us here: http://ttonic.com/contact/. And remember, the bad guys are at Starbucks!

Leave a Reply

Latest Article: Hurricane and Tornado Hacking Protection 9/12/17

by Scott Morabito: Three of the biggest news stories in the last few weeks have been Hurricane Harvey, Hurricane Irma, and the Equifax data breach. The data breach at Equifax is somewhat unfathomable because of its scope and magnitude. Sure, there have been large hacks of data in the past such as Yahoo in 2016 and LinkedIn in 2012 - but who cares about email addresses? The Equifax breach contained identity information for 200 million Americans and this could systematically cause massive amounts of identity theft. From the outside, it would seem not that this is expected: surely Equifax had major security software, systems, and tools in place to prevent this from happening. This is certainly true. The problem with cyber attacks is the asymmetric nature of offense and defense. Protecting yourself from a data breach like the Equifax one is like building a house that can withstand an F5 Tornado. house2 As hurricane Harvey and hurricane Irma worked their way up the Gulf of Mexico, one thought that would go through people's mind was "Hurricane's have hit here before - we'll probably be OK". To some degree, there is some logic to this. Modern buildings can withstand hurricanes ok and can even be safe to be in during the store. Millions of people stayed in their houses during these storms and there was only a tiny percentage of life lost. There are some anomalies and bad luck associated with hurricanes, but for the most part they are survivable
Read the rest...

Other Posts

  • Hurricane and Tornado Hacking Protection
    Hurricane and Tornado Hacking Protection Equifax was hit with a Tornado, everyone else was in hurricane by Scott Morabito Three of the biggest news stories in the last few weeks have been Hurricane Harvey, Hurricane Irma, and the Equifax data breach. The data breach at Equifax is somewhat unfathomable […]...
    Read more
  • Adobe Flash and the musket
    The future of Flash and the security concerns on your Mac by Scott Morabito A number of conversations with customers has recently involved the topic of Adobe Flash.  Let’s address a couple of things quickly: Should we still be using Flash in web browsers?: Yes Should we be […]...
    Read more
  • Mac malware is real
    Mac malware risk Its time for our customers and macOS users to take the threat seriously. The risk is real and we have an answer. by Scott Morabito For as long as I’ve been working in IT and Apple, customers have always asked me whether they need to worry […]...
    Read more