Cars, Security and a Peek into my Life
Like the 2nd floor of a mall.
What about using using a real camera, instead of a phone?
And know how, while typing, the letters get larger?
HD video camera > zoom > record > play it back slowly > get password
Back to the wall when entering passwords, and look up first, everyone forgets to look up.
Staring this 2015 model year, cars will come equipped with internet and WiFi capabilities.
Here I am sitting outside a friend’s house in suburbia; I could connect to the houses around me.
You’ll soon be connecting your car to your home network to update it. Only ever connect your car to a known, safe network, like your home, and never a public network, like a coffee shop.
* = password
You connect the car via a coffee shop > an attacker inside has MITM’d the connection > now all internet traffic runs through his computer first, before going to the internet
Connect only to a network you fully control, like your home.
… that’s only for now. While car hacking is still in its infancy, now is the time to form good habits, because it only takes one connection, one time, to tank it all.
(see: ‘Keri on Driving’ column Dispelling Car Hacking Fears, and the lead press piece I wrote for last year’s SecTor Security Conference)
***
Further reading:
– how to secure your car’s internet connection
– my column: WiFi HotSpots are coming to Cars
– what is a MITM attack
– general WiFi security
This is especially for small businesses.
Connect to the unsecured printer > which is connected to the corporate network > tada
Look in the printer’s ‘Settings‘ to find how to password protect it.
A good password looks like this: 7[LjsK<;!d:@M’j>T,^w’`;U}
***
Blog tag = passwords
1 – where you’re visiting
2 – on which browser
3 – date and time
#3 reveals the most information. Because 1 visit to 1 website, meh. But the patterns that emerge from watching someone’s traffic can reveal a lot.
– multiple daily visits to the same Facebook page = the person is obsessed with someone
– repeat visits to Tumblrs featuring X type of content = the person has a fixation for X
– visits to websites detailing how to covertly do X = the person potentially has nefarious plans to execute X attack
* – that’s the cookie / tracking code that follows you around the internet, monitoring where you’re going
***
The above photo was taken during December’s TASK meeting (Toronto Area Security Klatch), specifically during Lee Brotherston talk about his ISP deliberately MiTM’ing his connection.
The ending was the best part, because it was so refreshingly honest. Here’s his slide deck.
