The mistake this magazine, and others, had made is assuming WPS has anything to do with WPA(2), the underlying security mechanism of current wireless products. We all remember when WEP was so completely compromised that it made its use a polite gesture and little else. WPA(2) was a response to the weaknesses with WEP and the worry was that this too had become useless. Fret not! This is absolutely not the case. The vulnerability has nothing at all to do with the encryption methods employed by WPA(2).

So, just what is WPS then? For that matter what is WPA(2) and why do I keep adding a 2 in parenthesis? Here’s it is, the history of wireless security in one paragraph. When wireless first started to make inroads it was obvious pretty quickly that transmitting all your personal data in clear text out into the ether for anyone with a strong enough antenna to pick up was going to seriously limit its adoption so WEP was created. WEP stands for “Wired Equivalent Privacy”. The title ended up being ambitious to say the least. Research into WEP quickly revealed glaring faults that over the years has turned cracking WEP into a 5 minute or less endeavor. In response the IEEE (the standards body that defines networking protocols) started work on 802.11i which was then integrated into the 802.11-2007 standard. The important part of 802.11i (at least for our discussion) was the creation of RSNs (Robust Secure Networks). The problem was that the IEEE is not exactly known for their speed so we had this proposed standard that was going to take forever to get ratified and a seriously broken security protocol. This is where the Wi-Fi Alliance stepped in. You may have see Wi-Fi plastered all over your new wireless device. It’s important to note that the primary goal of the Wi-Fi Alliance is merely to certify products. They take the products produced by various companies and make sure they work the way those companies say they do and can all talk to each other. Well, the Wi-Fi Alliance looked at the 802.11i spec and created WPA (Wi-Fi Protected Access) as a stopgap measure until the standard could be ratified. When 802.11i finally did make it to a full fledged standard the Wi-Fi Alliance went back and created WPA2 to take advantage of all the aspects of 802.11i.

If these are all the security methods used with wireless then what is WPS? WPS stands for “Wi-Fi Protected Setup” and you’ve probably never heard of it because almost nobody actually uses it. The idea was that setting up routers and client computers could be difficult for even the most tech savvy of end user so what if they could make it simple enough for a 2 year old? There are 4 methods you can use with WPS: PIN, push button, NFC and USB. As it generally works you have a button on your router/access point and a button on your wireless card. You push the button on the router to initiate the protocol and and then push a button on the wireless card and everything is set up for you automagically. Now, I used the word “button” but it may not always be an actual physical button, it could be a software button you click. It’s not always practical to have a physical button, especially it laptops, cellphones and tablet devices.

The type of WPS that was found to be vulnerable lies on the PIN method. Basically the problem is PINs are short and WPS lets you try as often as you want without getting locked out. You should see where this is going. It was fairly trivial to create a program (Reaver) that lets you try every possible PIN and effectively bypass the security of the network. Reaver is pretty simple to use and several tutorials and videos have already been put together to show just how easy this flaw is to take advantage of.

So what’s our take away here? The underlying security mechanisms of today’s wireless networks, namely WPA(2), are as safe as they ever were. I also implied that while WPS is trivial to take advantage of it’s also rarely used. This is true… but it also doesn’t take one important piece of information into account. You don’t have to actually be using WPS for it to be turned on and thus exploitable. Unfortunately many consumer routers and access points ship with this “feature” enabled by default. To effectively secure your network just make sure WPS is turned off (assuming your hardware even supports it, it is optional after all). This process is usually as simple as going to the hardware’s management interface and changing a radio button from “yes” to “no” or “on” to “off” and saving the configuration. The problem here should be fairly obvious. The people using WPS were exactly the people that didn’t want to deal with the management interface to begin with. WPS was designed specifically to keep consumers out of that area and make everything as simple as possible.

So, is this security risk the end of the world? Clearly not, but it’s also not something that can just be ignored. As is often the case the reality lies somewhere in the middle.

But what if you need to tell someone else that password, or perhaps log in on another computer?

Raymond.cc has a great solution to this problem. He has written a piece of JavaScript code that you can simply copy and paste into your browser’s address bar to reveal any hidden passwords on the page that may be saved.

Here’s the code!

Check out his blog at Raymond.cc for more info and instructions on usage.

There are two secure programs that enable you to securily share your files and documents with staff and clients.

Microsoft Groove is by far the best collaboration program.  It allows you to collaborate calendars, documents, meetings, and much more.  If you have Microsoft Office 2007 Professional, you already have Groove available.

If you do not have Groove, Dropbox is a great little collaboration program that allows you to share and transfer up to 2 gig of space for free.

Typically these thieves are exploiting the distress factor to lure in their potential victims.  “Please help me out”, “I am stranded in Germany and someone stole my money”. “click here to help me out”. Exploiting the trust you have between your friends is how their doing this.

Also now that Twitter is becoming more and more popular I see this site getting hit the most. It is so easy to shorten links to any site with out even having the name of the link in it. So even though Facebook and other sites have specialized software to detect malicious activity in your account it doesn’t always work that great. So please be careful with what links you open and do not fill out any of your account information on site that link out of social networking websites.

This problem has been solved to a great extent by digital shopping cart software.
In addition to facilitating hurdle free shopping online, this software offers security in the transactions to the online buyers. Hence, it is advisable to purchase the e-commerce software, if you are an online merchant.

Online shopping carts protect the financial and personal data of the customers through Secured Socket Layer or SSL in short. This software ensures that when the payment is made to your gateway, the transaction remains secured.

If you observe closely, you will find that when you travel from a normal web page to a secured one, the URL changes to https instead of http. This change in URL is brought about by SSL.
Thus, if you that the URL starts with https, it means that you are transacting safely and when the payment is made to the gateway, the financial details are completely secured.

SSL is not the only method of securing a financial transaction. There are several other methods by which the shopping cart can ensure security of the transaction. However, most of the customers trust SSL more than any other security mode.

It is important that your customers are aware of the security precautions taken by you. Provide your customers with an assurance on your website as to how you take care of the safety measures. Let your customers have a secure page preview before they enter in to the transaction, and enter the button ‘buy now’. This will assure your customers.
The security measures and policy maintained by you should be explained to the customers in simple and easily understandable language. Instead of mentioning legalities and marketing tactics, provide clear information to the customers. You will win their trust, if you are transparent.

Several digital shopping cart systems will help you to achieve secure transactions. Each step of the process will be secured by adding a security badge. Moreover, you can enhance the system by accepting payments through popular systems such as PayPal.

Thus, when you have a shopping cart system in place, it will facilitate your online business and you will win the trust of your customers, thereby resulting in increased sales.

1)    Using Anti-Virus Software: Install an anti virus software on your computer and check that the program is running smoothly. Ensure that you have the latest anti virus and scan your computer at least once in a week. Some of the free anti virus programs are Avast, Avira, Microsoft Security Beta and AVG.

2) Free Downloads: Your computer can catch a virus from free download sites. If you want to download something from the Internet, it is a better idea to pay for the download, as free download sites may contain virus that would harm your PC. Some of the free reputed download sites are PCWorld.com Downloads, Download.com and Sourceforge.net

3)    Update Operating System by going through windows update. This will locate if there are security lapses in your PC. Hackers may use this as an opportunity to misuse your identity, install virus on your PC etc.  Update your windows by:
Start > Programs > Windows Update

4)    Backup Your Computer: You may have taken all the necessary precautions for your PC, yet you cannot be 100% sure that your PC is secured. Hence, it is advisable to take a backup of files containing important data. You can take backup on either USB or use the facilities provided by file storage sites, email and FTP.

5)    Change your Passwords:  Having a weak password makes it easy for hackers to crack your account. Protect your password by changing it frequently; make use of combination of upper and lower cases, special characters etc, to protect your password. Another point to remember is hackers use phishing websites to steal your personal information such as credit card number and your identity.

6)    How to detect Phishing Emails: Never login through the links provided in the mail. Always open a new window. Enter the address manually. Genuine companies will address you by your name. If you get a mail addressing as ‘Dear Customer’, this is your first indication. Figure out the origin of the mail. If it is from @PayPal or @yourbank, the mail is genuine.

7) Physical Protection:  Protect your PC with laptop lock, as laptops can be stolen in minutes. Protect your desktop with surge protector. Get yourself an equipment with joules rating to protect your PC from power surges.

8 ) Firewall. Use firewall to block unwanted and unknown connections. ZoneAlarm is one of better choices, as it is user friendly.

9) Reboot Your PC occasionally to have security updates. This will also improve your PC performance.

10) Set your wireless router properly: Having unencrypted network enables a person located in close proximity to view the signal and read the information that is being sent. Hence, read the manual accompanying the router before installing it.