Wednesday, September 29, 2010

Borepatch 101: Internet Security

I've been going back through my archives, and am organizing things so that some early posts don't get lost in the mists of time.  Over the next few days, I'll be putting up a series of posts on various topics, which basically highlight a set of posts on the subject.

Assuming that someone could actually learn something from all this verbiage, having it collected in one easy to reach place may be useful.  Or it may not.  In any case, it seems like an interesting experiment.  Please leave your comments as to whether this is useful or a waste of time.

My security posts have evolved over time.  A lot of you comment saying that you like the "Hey, go grab the patch for your Foo application", and so most of my security posts in the last year have been along those lines.  When I first started posting, it wasn't that way at all.  I posted on a lot more wide ranging security topics, and it struck me that it would be a shame for them to get lost in the dusty archives.  Here are a set of early security posts that may be worth your while.


WiFi security for home users.  If you haven't turned on security in your home WiFi device, you know that your neighbors can lock you out of your own network, don't you?  This post walks you through how to turn on WiFi security in a Linksys router (it's pretty much the same for other brands).  What's a little sobering is that I get around 50 page views a day from Google searches for "hack neighbor's wifi".  Don't be that neighbor.

Military threat from InfoWar.  How do you stop an Armored Brigade using computer hackers?  The threat is real, but probably not what you think, or what Hollywood shows.  I hope our Uniformed Services are taking this seriously.  I suspect they are.


Don't bank online from your cell phone.  I used to rant a fair amount about the risks of online banking, and maybe have mellowed a bit in my old age.  However, banking online from your cell phone is an astonishingly bad idea - epic security FAIL that puts your money at significant risk.  Here's why.


Why bridges don't fall down, but programs crash.  Software is a strange beast, but the way we think about things is based on what we've learned from observing physical things.  No wonder Internet security is counter intuitive.

Hacking a bank for fun and profit. Not that you'd ever do that.  The secret, as they say, is don't let a crisis go to waste.

Funny Database tricks.  This post not only contains what IMHO is the funniest Internet security cartoon ever, but the story of how some d00d used that on the tax people.  Heh.

How to hack a classified network. Yes, it's been done.  This isn't about how it was done, it's about why it's possible.  The recent StuxNet worm - was it really Israel hacking Iran? - is only the latest of a series of incidents.

There you go.  Let me know if this is worth doing more.

2 comments:

Joe said...

I've always enjoyed your posts on security. I know enough about computers to be dangerous (mostly to myself) but reading through your posts gives me plenty to think about and sometimes sends me off to do some more research.

wolfwalker said...

Let me know if this is worth doing more.

Yes.

I'd also appreciate your detailed thoughts on the story of the Stuxnet worm, which is getting more and more interesting. According to its wikipedia article (so grain-of-salt warnings are in effect!), it seems to be specifically targeting Iran, with more than four times as many known infections as any other country. It also does two things I've never heard of a virus doing before: it can flash EEPROM, and it can infect subsidiary machines such as attached controllers.