Category Archives: Security

Keeping your safe online

Home Comcast Xfinity Routers As Public WiFi Hotspots

ISP giant Comcast has quietly implemented a plan to turn its home Wifi routers into public hotspots. On the surface, it seems like a good idea, as it would allow their customers to get online easily over a much larger area, no longer confined to the environs of coffee shops and airports. But Comcast has embarked on this sweeping effort without offering users anything in return for participating. They did not ask permission or even notify them. Beyond that, the corporation has not made the public hotspot easy to opt out of, or provided any clear, technically useful information on the service, such as addressing security risks or how it might affect the paying customer’s own bandwidth. Perhaps they don’t know, or have other reasons for not doing so – such as many people opting out. Alongside with the home user’s private Wifi spot, the gateways set up a parallel public one for other Comcast customers, called “xfinitywifi“. These customers will be able to log in for free using a smartphone, tablet, or other enabled device. And once they do, they’ll be automatically logged into all others also called “xfinitywifi”. What could go wrong? Potentially, quite a lot, apparently. Comcast apparently began rolling out the service this summer, first testing it in Houston, but it is in effect in other major urban markets by now. So far there’s been little outcry, possibly because Comcast has been very quiet about it. … Continue reading

Posted in Interesting Items, News, Warnings | Tagged , , , , , | Leave a comment

Ransomware: Another Reason for Back-Ups

Among the many kinds of wicked online traps that users must beware, one of the most vicious kinds is called “ransomware“. This is a generic term for a type of malicious software that encrypts all or the most useful of the victim’s files, making it impossible to open or do anything until a ransom is paid to the cybercrooks. As in many kidnapping cases, their demands can greatly escalate if not paid quickly. But even if the ransom is paid, the victim very often does not get what was taken back. Fortunately, this last summer, a particular nasty specimen called CryptoLocker was finally broken open by two Internet security firms, FireEye in California, and Fox-IT in the Netherlands. Once they recovered the encryption keys, they put up a free site, decryptcryptolocker.com, to help victims get their precious files back. The details of how they were able to do this are sketchy, but the opportunity apparently arose after an international effort by law enforcement agencies, Operation Tovar, successfully took down the GameoverZeus botnet. Since then other tools and policies to avoid infection have been developed. CryptoLocker is usually spread by email attachments but can also be spread through by malicious websites exploiting outdated browser plug-ins. More information about how it works can be found here. Though the malware itself is surprisingly easy to remove, decrypting files is not so easy. Thus the tools. There is, however, an easier way of dealing … Continue reading

Posted in Security, Warnings | Tagged , , , , , , , | Leave a comment

What Does Apple’s New Privacy Policy Mean?

Apple’s CEO Tim Cook has recently been touting the company’s new privacy policy. In a letter to customers, he said that while the company collected user data, that was not the basis of their business model. In an obvious swipe at Google, he claimed: Our business model is very straightforward: We sell great products. We don’t build a profile based on your email content or web browsing habits to sell to advertisers. We don’t “monetize” the information you store on your iPhone or in iCloud. And we don’t read your email or your messages to get information to market to you. Our software and services are designed to make our devices better. Plain and simple. More importantly, he went on to write: I want to be absolutely clear that we have never worked with any government agency from any country to create a backdoor in any of our products or services. We have also never allowed access to our servers. And we never will. In fact, Apple now claims the company is making it impossible for them to turn over data from most iPhones and iPads to police even with a warrant. They claim to have reworked encryption for iOS8 so that they no longer have the keys and thus cannot help authorities. In other words, only users have the passcodes to their accounts (which means if they forget them, they’re in real trouble). But is this truly as radical … Continue reading

Posted in News, Security, Warnings | Tagged , , , , , , , | Leave a comment