CAT | Wi-Fi
Welcome to our November 2012 podcast. In this episode, I’ll be talking about the tactics websites use to charge one customer more than a customer in a different city, state, or country. After that, I’ll discuss the dangers of using the Internet while on the road – as many of you are likely to do this holiday season.
Don’t miss our video showing how your Facebook account can be compromised on an unsecured connection. Follow this link to Anonymizer’s site and select ‘Video 2′.
Download the transcript here.
CNET’s Declan McCullagh reports on Microsoft restricting access to their Wi-Fi geolocation database shortly after this CNET article describing how to track devices using such databases. I have written about these databases before here, here, and here. Specifically Microsoft is preventing users from querying for the location of a single Wi-Fi device by specifying just one MAC addresses. Prior to the change it was possible to track an individual phone or laptop by querying for the location of that device’s MAC address.
CNET describes a test where they were able to track a device as it moved around Columbus Ohio. This would indicate that the underlying database is updated in near real time, and that it is collecting on mobile devices as well as on the fixed Wi-Fi base stations it is supposed to catalog for enhanced location services.
Tracking mobile devices can only harm the accuracy of enhanced GPS location services because they move around and could potentially give misleading information. It would be easy to eliminate such devices from the database because the type of device is discoverable from the MAC address they are collecting.
While there is no reason to track mobile devices for enhanced GPS, there are all kinds of less savory reasons to gather and track this kind of information. I note that Microsoft’s solution is to prevent access to this individualized tracking information about mobile devices rather than to stop collecting it…..
This is really just an automation of something we demonstrated in the Anonymizer Labs section of our website a while back.
Reuters reports that the Google admits that its Street View vehicles captured much more WiFi data than previously reported. It appears that they managed to capture entire emails and passwords among other information.
People are vilifying Google about this, but I am not going to get on that bandwagon. The reality is that they did this accidentally, but the architecture of WiFi allows any bad guy to do the same thing intentionally. Google did not “hack” in to these WiFi communications, they simply configured their WiFi cards to accept all packets flying by them through the air in the clear. Anyone sitting in a Starbucks, driving around town with a laptop in the passenger seat, or in a thousand other ways could intentionally capture and maintain much more information and with it do significant damage.
The take away from this is that you need to take precautions when using open public WiFi. Full VPN technologies like Anonymizer Universal ensure that when (not if) someone sniffs your traffic they will not be able to get any of your personal information.
One of the reasons interception of insecure passwords is so scary is the tendency for people to use the same passwords for many accounts. While you might not care if someone hacks in to your social network or news account, if you use the same password attackers might use it to log in to your bank or email.
We discovered a major security hole in Facebook almost by accident. The exploit is so trivial I can’t justify calling it hacking. Any time you are on an open WiFi and accessing Facebook, anyone else on the same network can easily grab your credential and access Facebook as you with full access to your account.