Keep your laptop safe while using Wi-Fi hotspots

The relaxing atmosphere of surfing at the beach makes it easy to forget about the sharks. Connecting to an unsecured network poses serious risks to your laptop and data. In a recent study, Bitdefender labs revealed 85% of people choose to connect to a free Wi-Fi, despite clear warnings that their data can be viewed and accessed by a third party.



Surfers can lose sensitive information to hackers in a bewildering variety of ways - especially if they access the Wi-Fi networks available in public locations:

• Around you, others connect to the same network, and one of them might happen to have the proper tool to scan your laptop for vulnerable software and use it to plant backdoors or access login credentials if, for instance, they are sent unencrypted.
• A mid-level techie can set up a network, give it a generic name such as “free Wi-Fi” or “Secure public Wi-Fi,” and monitor the traffic of all users that connect to his network in sniffing or man-in-the-middle attacks. They can read all data sent in that network.
• Someone sniffing data packets can snatch session cookies to access your resources, including social networking, online banking and online shopping accounts during that open session. Imagine someone changing your status or uploading a photo on your behalf.
• Accessing online banking and online payment websites or making e-shopping transactions through public Wi-Fi hotspots might be convenient, but cyber-criminals can still use a fake SSL certificate to circumvent a secure connection, have the user approve it and use it to sniff login data and such.

Best practices to protect your data while using a Wi-Fi connection:

1. Access only encrypted websites while on public hotspots. Make sure you type ‘https://’ before the URL of the website or look for the locked padlock that shows you are using a secure connection, meaning you are using encryption over a public Wi-Fi.

2. Ask an employee (bartender, hotel receptionist) for the exact name of the hotspot you intend to use so you don’t accidentally access a network set up by someone with a secret agenda. You can also ask the hotel receptionist if they use AES with their wireless network. But if you access over a wireless connection websites that are not using encryption, someone in the same network can still sniff data packets and see what you send in the network.

3. Make sure the Wi-Fi, or the automatic sharing options are switched off when you are not using them. With Wi-Fi automatically enabled, you risk having your laptop trying to connect to an unsecure network without you even realizing it.

4. Don’t check your account balance sheet or shop online on a public Wi-Fi. If you do, use a dedicated payment solution that helps you securely connect to your bank account or e-payment website from an unencrypted hotspot.

5. Password–protect and encrypt your device. In case someone steals or finds your device, make it harder to access information stored there. Also encrypt your data with dedicated software, or – if your device supports it – with the default encryption option. Use anti-theft programs to help track your device and lock or wipe your data from afar.

6. Install anti-virus software and keep it up-to-date. Installing an antivirus and a privacy security solution on your laptop is imperative. A good security solution with anti-malware, anti-spyware and anti-spam modules offers an effective shield against all kinds of threats. This will help you steer clear of fake security apps, worms, Trojans and viruses.

By keeping your OS and apps up-to-date, you give your system the most recent patches for all known vulnerabilities to protect you against the latest threats. Many pieces of malware target unpatched vulnerabilities. Once patched, they cannot harm your device or your data.

7. Turn off the laptop when you are not using it. You want to keep your laptop always on so you can access it the instant you need or want to, but this can be a bad practice. In case your system is infected with a botnet, the malware may continue to use your resources even when you are not using it.

8. Your firewall must be on at all times. The firewall is crucial for joining this kind of network. When surfing without a firewall, your PC is visible to others, along with your network shares you might have left open for friends at the office or for your family at home.

Qualys announces WAF Beta for Amazon EC2

Qualys will release the beta of its new cloud WAF solution as an Amazon Machine Image (AMI) and as a VMware virtual image for on-premise deployments starting August 1.

Qualys’ new WAF service is delivered through the multinational, highly scalable QualysGuard Cloud Platform, providing customers centralized management capabilities, distributed protection and ease-of-use, whether applications are running on premise or in the cloud.

WAFs work by shielding web sites by applying a set of rules to HTTP conversations to prevent them from being attacked. However, WAF technology is costly and complex to apply because these rules need to be customized to the applications, and they must be updated often to cover changes to the applications and to address new and emerging threats. As a result, many organizations cannot afford to deploy WAFs, or they can only deploy them on a select number of mission critical web properties.

The new QualysGuard WAF is designed to provide:

• Real-time application defense, blocking attacks against websites as they happen.
• Application hardening, minimizing application attack surfaces by providing a shield around coding defects, application framework flaws, web server bugs and loose configurations.
• Low-cost, automated service maintained and updated by Qualys’ security experts providing new defenses and features transparently to users and site visitors.
• A multitude of deployment options for distributed WAF protection points managed through a common, central policy administration and reporting interface with APIs for integration.

Customers using WAF will experience benefits including:

• Always up-to-date rules.
• Immediate rules deployment on all WAFs connected to QualysGuard.
• Maximum efficiency as rules are strengthened with security events from all WAF customers.
• In-cloud or on-premise web site protection, with a SaaS platform providing centralized management for distributed WAF virtual appliances.

“Qualys is committed to delivering powerful, effective cloud solutions that remove the cost and complexity associated with IT security and compliance, and we are excited to provide an affordable, automated solution with our next generation WAF,” said Philippe Courtot, chairman and CEO for Qualys. “The debut of our WAF service in beta for Amazon EC2, as well as with an on-premise virtual appliance image, will offer customers the flexibility they need to protect their applications no matter where they reside.”

FBI uses malware to spy on suspects via their phones

he FBI has been known to use malware to spy on suspects via their computers but mobile phones make even better sources of information.

Just think about it: the great majority of people carries their mobile phones everywhere with them, and surreptitiously turning on the device's microphone can result in crucial information being gathered.

Former US officials have revealed that the FBI has been using mobile malware to compromise suspects' Android-based phones to record conversations happening in the presence of the device and to exfiltrate data from it that might offer more insight into the suspects' potential criminal activities.

According to the WSJ, a permission to do that is more easily secured from a court that that for listening into the suspects' communications made via the device.

It's interesting to note that this approach is used in organized crime, child pornography or counter terrorism cases, and rarely - or possibly never - to target hackers.

The thing is that in order to install such spyware on the device, there has to be some user interaction. The target must follow a web link or a link delivered to him via email in order to land on a website that will exploit a vulnerability in his software to make the malware download on the device - and hackers are more likely to detect the attempt, look into it and publicize it.

A former official in FBI's cyber division claims that the Bureau creates some of the hacking tools internally, and buys additional ones as well as exploits for zero-day vulnerabilities from private companies such as HackingTeam SRL and Gamma International, both of whom were recently dubbed "corporate enemies of the Internet" by Reporters Without Borders for selling products that are liable to be (and have been) used by governments to violate human rights and freedom of information.