Airpot WiFi Looks like This

Pretty eh.

And unsafe – airport WiFi is the most dangerous network in the world.

Why? Read these 2 posts – here’s a possible attack, and the time when I was compromised using it at ORD Chicago.

How to Protect Yourself

Don’t connect to it.

Okay fine you have to?

Tether your phone, via USB, to your laptop.

Not possible? Then do this:

– check the network name and verify it’s actually the airport, and not someone spoofing it. Example: FreeWiFiAtPearson is probably fake

– only visit sites using SSL (the address bar will have an S in it – httpS://KeriBlog.com – like that)

– turn on your firewall

– never enter any logins or credentials; banking from an airport WiFi connection is practically begging for it

– use a VPN – Virtual Private Network

turn off WiFi on both phone and laptop when not in use

Another screenshot of airport WiFi.

WAIT. This just hit me… could that printer be a honeypot?

That’s in Miami, and seems odd to permit a printer to be unlocked – ( why to always lock your printer here) – and like, if I was in charge of securing an airport I’d tell the vendors lock theirs…..

Blog tag = Wifi Security

Blog tag = Airports, because I love them

 

 

BMW is 1st Automaker to Admit a Security Flaw

Hat tip to BMW – they may be one of the first automakers to publicly admit to a security flaw in their vehicles.

What Happened

The potential breach was found in BMW’s ConnectedDrive infotainment system.

In Germany, the ADAC (their CAA) discovered a potential security gap during data transmission.

It would have allowed an attacker to use ConnectedDrive to remotely unlock the car’s doors, then potentially access the SIM card to control some of the vehicle’s functions (not critical ones though, like steering or braking.)

What BMW did

They promptly sent out a mass software patch to over 2.2 million vehicles, switched to using HTTPS (like a bank) to encrypt traffic between their servers and the vehicles, and then even posted a press release about it, here.

Why this is meaningful

It’s not the first time an automaker has experienced some sort of potential security breach.

What’s different is how they handled it – swiftly, and openly talked about it, something which often only happens when the manufacturer is publicly shamed.

 

 

Google & ‘Safer Internet Day’

When you Google’d today you saw it’s ‘Safer Internet Day, but then probably not much more about it, because it’s more of a European thing.

Still a good reminder to change a few passwords,
because when was the last time you did?

At least change email / Facebook / bank passwords. Or don’t, it’s not my identity and money.