The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1
Latest posting
By rating
By popularity

10 Dec WiFi study in Dubai Dmitry Bestuzhev

12 Feb WiFi + Airport = Lost password Dmitry Bestuzhev

22 Jul How does your vacation affect your security? David Jacoby

10 Oct To Open Wifi or Not To Open Wifi? Eddy

27 Nov Free Internet Costin Raiu

16 Jan Just for fun Kostya

Join our blog

You can contribute to our blog if you have +100 points. Comment on articles and blogposts, and other users will rate your comments. You receive points for positive ratings.

Research|WiFi study in Dubai

Dmitry Bestuzhev
Kaspersky Lab Expert
Posted December 10, 11:34  GMT
Tags: Wardriving, Wi-Fi

Why in Dubai? First, I was there recently.  Second,  Dubai has become one of the most important cities in the world for holding IT conferences.

All statistics are based on around 3 thousand found WiFi access points.  Let’s begin with the channels Dubai’s WiFi is running on:

Opinions|WiFi + Airport = Lost password

Dmitry Bestuzhev
Kaspersky Lab Expert
Posted February 12, 13:00  GMT
Tags: Wi-Fi, Identity Theft, Data Encryption, Data leaks

As most travelers know, many airports and VIP lounges offer Wi-Fi connectivity but, unfortunately, these connection are rarely encrypted.   Here’s an example:

All data sent and received travels in clear text, which means anyone could intercept the data for malicious purposes.  This unencrypted data could include passwords, logins, financial information like PIN codes, etc.
Many people also know that it’s always better to use a VPN connection.  However, in many cases,  VPN connection are filtered out and blocked by rules on the network firewall. I tried two different protocols and both were blocked.  Mostly network administrators don’t allow using VPNs from Public WiFi access points only because they want to make sure the network isn’t be used for malicious purposes without any readable network logs.  These policies actually allow to the bad guys to launch really easy  man-in-the-middle  attacks when all traffic pass through a malicious host.

The reality is that using a public Wi-Fi service can expose your really sensitive data to cybercriminals. Recently, we saw some famous people lose their Facebook and other social network passwords by using open (insecure) Wi-Fi connections.

So what is the solution when your VPN is blocked? Well, in some cases, an SSL (https) connection may help. Please, before going to any Website, type in the address bar https:// and then the domain name. After the page is loaded, please check if the certificate used for encryption is a valid one and issued to the site you’re visiting. If you see something wrong with the certificate, stop using the site.
Another solution is to use a cable Ethernet connection instead of a WiFi. Many lounges have such connection as well; it will be much safer for you.
In any case if you’re connected from a public place, it’s better not to use eBanking or ePayment services. That data is the main target for criminals. So, travel safe and keep your personal data safe as well!

10 comments      Link

Vacation is a time for visiting friends and family, going abroad, eating ice-cream, gardening – whatever helps you regroup and recharge. Computer security is probably the last thing on your mind, even if you’ve taken your laptop home with you to keep tabs on what’s going on at the office.

But as my colleague Christian pointed out in this article last year, summer often brings some serious security issues. And I’ve got recent further proof of this: just a few weeks ago I was attending our annual security conference at a very classy hotel in Cyprus. Everything seemed perfect – until we connected to the hotel Wi-Fi.

If you’ve ever taken your laptop with you on business or vacation, you’ll know the drill. When you want to connect to the Internet via a hotel network, you get redirected to a site controlled by the hotel’s router. You need to either enter a code provided by the hotel, or your credit card details – all on a site which may or may not be secure.

In Cyprus, we found out that the page you get redirected to when you try and access the Internet was infected with Gumblar. The hotel was lucky to have 30+ security experts staying there – but if we hadn’t been holding our conference there, the site could have stayed infected for quite a while!

Logging on via insecure connections isn’t the only seasonal security issue. People’s computer and online habits change when they’re on holiday – they tend to use their computers less, and in short bursts, just to get the information they need. For instance, you’ll often see people logging on for ten minutes to quickly check email, download maps or details about the places they’re planning to visit, etc.

If you’re quickly checking for some information that you need via GPRS or a slow Wi-Fi connection, you’re probably not going to bother updating your antivirus or installing security patches. You might rationalize your decision (if you even think about it) by telling yourself that you don’t go to dodgy sites which are likely to be hosting malware. But our experience in Cyprus really highlights the fact that malware is everywhere.

Ignoring security patches and antivirus updates while you’re on vacation means that if you log on, you are putting yourself at risk. And when you get back to work after two, three, or even four weeks off, if you haven’t been using your computer, the very first thing you should do is make sure that it’s fully patched, and security software up to date. Of course you want to get to all the funny YouTube links etc. that your colleagues sent while you were away – but update before you start checking your mail or clicking through links and attachments.

Insecure networks, infected sites, and vulnerable software and systems are all technical aspects of IT security. But apart from all the technical stuff, lots of people are giving out far too much information on Facebook, Twitter, and even in their Out Of Office replies. Posting that you’re off to some exotic resort for two weeks is almost an open invitation to burglars and other criminals to come and rifle your property while you’re gone…

Simple tips on how to have a more secure vacation

Before you go

  • Don’t write on your social network that you’re going on holiday!
  • Make sure you’ve got all the latest security patches installed, including patches for third party applications such as PDF readers, browsers, chat programs, etc.

While you’re away

  • Make sure that your antivirus is up to date. You never know what might be lurking on the network!
  • Use common sense - don’t enter credit card details or passwords unless it’s essential, and only if you’re confident the network is secure
  • If you’re paranoid, disable programs that autostart such as Skype or MSN – you wouldn’t want someone to steal your passwords over an insecure network.

When you get back

  • Make sure you scan and patch your work computer before you start reading emails and working.

  • Comment      Link

    Opinions|To Open Wifi or Not To Open Wifi?

    Posted October 10, 16:28  GMT
    Tags: Cybercrime Legislation, Wi-Fi

    During our visit to the Virus Bulletin conference 2008 last week a man was arrested in Belgium for using someone else's unsecured Wifi connection to get on the Internet. (More details in Dutch available here).

    The case is interesting because the only thing this guy did was use the connection to get onto the Internet - what we call Wifi "piggybacking," or logging on to someone's open 802.11b/g/n network without their knowledge or permission. And quite a lot fo countries (such as the UK and Belgium) have laws making this illegal.

    There've been other cases like this in the past: Illinois man was arrested and fined an $250 in 2006 for using an open network without permission, while a Michigan man who parked his car in front of a café and snarfed its free Wifi was charged back in May 2007 with "Fraudulent access to computers, computer systems, and computer networks."

    Stealing Wifi Internet access may feel like a victimless crime, but it's wrong nonetheless. You could be depriving ISPs of revenue. Furthermore if you've hopped onto your next door neighbors' wireless broadband connection to illegally download movies and music from the Internet, chances are that you are also slowing down their Internet access and impacting on their download limit.

    From a security point of view, if someone can access your network, they can misuse that network, and (potentially) the computers on it. For instance, two months ago Indian police raided the Mumbai home of an American expatriate after someone used his open wireless network to send an email taking responsibility for a bomb blast that killed at least 42 people.

    The Indian authorities are now considering making open Wifi networks illegal. And Belgian law enforcement want to make an example of the man arrested last week. So to stay on the right side of the law, do yourself a favour: don't go using anyone else's network without permission. And make sure that your network and router are secured - you may be ethical, but that doesn't mean that everyone else is.

    Comment      Link

    Opinions|Free Internet

    Costin Raiu
    Kaspersky Lab Expert
    Posted November 27, 10:47  GMT
    Tags: Wi-Fi

    Free WiFi Internet connections are increasingly popular and can be found in hotels, cafes and airports around the world. But it's not always as good as it seems - although I wouldn't say TANSTAAFL, some of today's 'free lunches' come with a serious downside.

    What makes me say this? Well, earlier today I was catching a connecting flight at Schiphol Airport in Amsterdam. While scanning for available WiFi networks I got the following list:

    The KPN and Schiphol-Group networks are legitimate but what about the other two?

    One thing you might notice is that they're AD-Hoc type networks. This means that they're not really WiFi access points but other computers which have been deliberately named 'Free Public WiFi' and 'US Airways Free WiFi' to tempt users into connecting.

    Joining such a network can have a number of unpleasant consequences. If the attacker has Internet access himself, s/he can allow you to get online and then sniff the traffic, potentially getting hold of your passwords and other personal data. And if the attacker doesn't have Internet access, s/he could try to directly hack your computer by using various network-level exploits.

    It's easy to spot rogue WiFi links - you just need to look for the following signs:

    - an enticing name like 'Free Wifi' or 'Free Internet'
    - an AD-Hoc type connection, rather than an access point

    To stay safe:

    - use a VPN link over any public WiFi internet access link to dial back home and access the internet using a secure proxy over the VPN link
    - use only encrypted IMAP e-mail connections to read mail, TLS or SSL
    - beware of fake certificates
    - use a firewall and IPS or a combined security solution such as KIS7

    Happy surfing!

    Comment      Link

    Research|Just for fun

    Kaspersky Lab Expert
    Posted January 16, 12:29  GMT
    Tags: Wardriving, Wi-Fi

    I decided to introduce a bit of variety into my daily commute today by scanning the Wifi networks on the way to the office.

    I used my Sony pcg-fxa53 laptop with a senao NL-2311CD Plus Ext2 pcmcia wifi card, an external antenna, and a garmin legend gps navigator. As for software, I used Linux SuSE OSS 10, kismet, gpsd, gpsmap and google api.

    Once I'd thrown all that together (and of course I could write an article on that) I set off for work.

    I live pretty close to the office, and my commute only takes about ten minutes - even in that time I was able to collect a fair bit of data which is shown in the picture below.

    Overall, I detected 40 Wifi networks: the totally unprotected networks are marked with a red dot, those with WEP enabled are marked with a yellow dot, and those with WPA are marked with a green dot.

    Just another little bit of data to add to our continuing research on wifi networks and encryption around the world.

    Comment      Link

    Incidents|Myspace redux

    Costin Raiu
    Kaspersky Lab Expert
    Posted August 08, 10:42  GMT
    Tags: Social Networks, Wi-Fi

    One of the dark attractions at DefCon is the "Wall of Sheep". The idea is simple - a bunch of people with sniffers sitting together capturing all the unencrypted traffic that flies through the air via the free WiFi connections available at the convention.

    HTTP, POP3, FTP and ICQ logins are definitely intercepted, and others may be.

    I was quite suprised to see lots of Myspace accounts listed on the Wall of Sheep. It turns out that unlike other community services such as Orkut or LinkedIn, Myspace's login is totally unencrypted and prone to sniffing.

    So if you are a MySpace user, I suggest you stay away from your account next time you connect to the Internet by a public WiFi network.

    Comment      Link

    Incidents|And another follow-up on the railway hotspots

    Kaspersky Lab Expert
    Posted July 26, 11:42  GMT
    Tags: Wi-Fi

    Today I got some more information about the railway hotspot situation in the Netherlands.

    It seems that the new portal I mentioned yesterday isn't exactly new. In fact, it’s the standard KPN (a major Dutch ISP) hotspot portal which is providing Internet access.

    It turns out that our blog set some things in motion and KPN fixed the problem as I described, by redirecting to a different portal. It also turned out that the error had been present for quite a while, meaning a lot of users had potentially exposed their data.

    While I was browsing the KPN hotspot site I came across this - a program which you can download which will secure the connection between your notebook and the hotspot.

    I haven’t had a chance to look at it in depth, but I'm sure the extra layer of protection will come in handy.

    Comment      Link

    Incidents|Railway hotspots revisited

    Kaspersky Lab Expert
    Posted July 25, 15:04  GMT
    Tags: Wi-Fi

    We've received some comments and some questions about my previous blog post.

    First, let me clarify. Naturally I didn’t solely rely upon the output from my web browser.
    I analysed what was happening at network level: the POST information which contained the username and password was being transmitted via plain text using HTTP.

    After the inquiries I was particularly interested to see if the situation was still the same following the weekend. After all, what I experienced could have been some glitch.

    So yesterday I went to the local station nearby and tried to confirm Friday’s findings. Although the access point was visible, the Internet seemed to be dead - it was impossible to get a response from the access point.

    In an effort to solve this puzzle, I rang one of my colleagues to see if he could check his location. Unfortunately he was unable to get an IP address from the hotspot so that attempt failed as well.
    We gave up for the day.

    I tried again today in the renewed hope of finding something. Once again, at the first station I was unable to get an IP address, which dampened my spirits a bit. However, when I tried the hotspot at the second station it cooperated. Success!

    And the outcome? What I found was a completely revised portal on a different webpage, using HTTPS. That's good. Interestingly, the old portal is also still up and running, and still using HTTP.

    My educated guess about all this? The Dutch railways announced yesterday that they are going to make Wi-Fi available on all trains. They probably constructed the new portal specifically for this. And probably something has gone wrong with the old portal - we don't know why. This might also be why connecting to the hotspots is such a problem; I was only able to get a connection at the biggest of the three stations I visited today.

    It’s an interesting little security puzzle. And it once again highlights that you should always keep your eyes open for anything unusual, no matter what the time or place.

    Comment      Link

    Incidents|The insecure pleasures of wi-fi

    Kaspersky Lab Expert
    Posted July 21, 14:13  GMT
    Tags: Wi-Fi

    Today I was travelling in the Netherlands by train. One of the great things is that major stations have their own wi-fi access. When we stopped at a station, as usual I wanted to check my emails while waiting for the train to move on.

    Once I established a connection with the access point and opened my web browser to log on I immediately noticed something suspicious. Instead of getting an HTTPS site I was being directed to an HTTP site.

    In my mind there were two options. Either the log on procedure had changed, or I was dealing with a rogue access point. It turned out to be the first.

    What's the problem with that? Well, anything you send over an unencrypted wi-fi connection is sniffable. This is why the log on page in particular should use HTTPS.

    You can bypass traffic sniffing by using an encrypted tunnel to the service of your choice. For instance, emailing via SSL/TLS or using a VPN connection to do all your work. However you can not set up such a tunnel without having actually logged on to have full internet access. The log on credentials are transmitted in plain text.

    This issue is particularly critical because a number of ISPs offer (limited) free internet access via these station hotspots. This means that if you log on using one of these hotspots, your log on details will be available to anyone with a network sniffer who is in the neighbourhood.

    These hotspots may be convenient, but they’re currently insecure. As long as there’s no HTTPS available for logging on, I won’t be using this service, and I would advise users in the Netherlands to follow my lead.

    Comment      Link