Build the best, most secure wifi in your neighborhood

My neighbor asked me for advice on setting up wi-fi in his new house. I realized it’s been a while since I’ve written about wi-fi, and it’s never been cheaper or easier to blanket your house and yard with a good signal.

Blanketing your house and yard while remaining secure, though, is still important.

Read more

How to use the lock in your web browser’s location bar

How to use the lock in your web browser’s location bar

A commenter asked me last week if I really believe the lock in a web browser means something.

I’ve configured and tested and reviewed hundreds of web servers over the years, so I certainly hope it does. I spend a lot more time looking at these connections from the server side, but it means I understand what I’m seeing when I look at it from the web browser too.

So here’s how to use it to verify your web connections are secure, if you want to go beyond the lock-good, broken-lock-bad mantra.

Read more

Don’t use personal information as your wifi network name

This weekend Lifehacker advised against using things like your name and address as your wifi network name or SSID–if you’re targeted for attack, it makes you that much easier to find when your wifi name is your name or address.

When I set up a wifi network, I usually set the name to the time of day. That way the network name ends up just being a meaningless, useless number, with no clues as to who owns it, or who the broadband provider is. Clever names draw attention, and you don’t want to draw attention.

Let’s talk about two other common security measures that you probably shouldn’t do.

Read more

Cutting through the fluff around the Target PIN breach

OK, so Target is back in the news, and it’s nowhere nearly as bad this time but there’s some posturing and some fluff in the news, so I’ll take it upon myself to demystify some of it. Some of it’s PR fluff, and some of it’s highly technical, so I’ll cut through it.

I’m just glad–I guess–to be talking about this stuff outside of a job interview. Like I said, this time the news isn’t nearly as bad as it could be. Read more

Hostsman makes it easy to block malware with a hosts file

I’ve written before about using the hosts file to block domains that are hosting malware. The idea is pretty simple. There’s a known list of domains that are either hosting or controlling malware, so by blocking your computer from accessing those domains, you make it much harder to get infected in the first place, and in the event that you do get infected, at least you block access to the command and control servers.

The problem is that Windows doesn’t make this easy. Well, I found an easy way: Hostsman. You can have it up and running in minutes.

Update: Don’t mess around with hosts files. It’s more efficient and more effective to change DNS servers instead.

Read more

Upgrading a D-Link DIR-615 to DD-WRT

Last year I bought my mother in law a D-Link router, an oddball DIR-615 revision E1 that was only sold at a few stores. It was supposed to be a Fry’s exclusive, but I bought hers at Micro Center. It worked for a while, then gave her trouble, so this year I was working with it again, and when I was setting it up, I noticed it had some security vulnerabilities–remote code execution, UPnP vulnerabilities, and who knows what else.  So that got me some practice upgrading a D-Link DIR-615 to DD-WRT.

DD-WRT’s track record and attitude towards security research could be better, but I’d rather trust my mother in law to DD-WRT’s B+ security than D-Link’s F.

Read more

Bad news about smartphones, but maybe not all bad

When you install Java on a Windows box, it brags that it runs on 3 billion devices. It’s not joking. A fair chunk of those 3 billion devices are the SIM cards that register your cell phone on its network. And those SIM cards frequently are woefully insecure. The mid-90s called, and they want their crypto back.

Via a text message you’ll never see, it’s possible to hack the 56-bit DES encryption used by many cards, or the triple-DES-in-name-only crypto used in others–repeating wimpy 56-bit crypto with the same key three times doesn’t make it any less wimpy–then send the cards a malicious Java applet, which busts out of the security on the ancient version of Java on your card, and ride this cascade of security flaws to do lots of nasty things like listen in on phone calls and intercept text messages.

Even if half of Americans don’t seem to mind the NSA listening to their phone calls, I’m pretty sure a majority of Americans don’t want the Russian Mafia listening to them. Read more

The 1 TB-ish SSD: The Micron M500

Anandtech has a review of the Micron M500, which is the first 960 GB SSD to retail for less than $600. Micron had to make some decisions to get that combination of capacity and price, so it’s not truly a no-compromises SSD, but like the article states, it’s a not-quite-a-terabyte capacity at the price that the best 80 GB drive was selling for in 2008. That’s a long way to come in five years. At $599, the price is high, but it’s not out of reach. If you really need that much high-speed capacity, you can probably come up with that sum.

And the drive’s reception has been very good. It’s backordered everywhere I’ve looked. Read more