Monday, April 20, 2009

Coffee Shops, HotSpots, and Thee

Assuming that no-one manages to sneak up and splice a connection onto your home or office LAN cabling (although I'm sure it's been done!), the wireless connection to your network is the potentially the weakest spot in it - which is why using an effective wireless encryption scheme (best: WPA2 w/ AES; almost worthless: WEP) is very important in keeping your network closed to the villains.

However, when you're traveling for business and doing the hotel gig, or choking down a thermonuclearly-heated Starbuck's latte as you update your Facebook page, you might not have the luxury of being able to use an encrypted wireless connection on your laptop. At the very least, if you going to connect to a public wi-fi hotspot that doesn't offer some kind of encryption and/or VPN, make sure that your firewall is turned on and that you have un-shared any shared folders, or (probably easier) turned off sharing entirely.

The trend seems to be that responsible public hotspot providers are requiring you to set up an encrypted connection to their wireless hotspots, but for those that aren't (or just as an additional layer of protection), you can take advantage of Virtual Private Networking. Currently I'm evaluating a "free" way to do this on Windows XP with Firefox 3.0 - I put "free" in quotes because the service does insert ads here and there but it's not very intrusive in my experience (with version 1.14 anyway). It's called Hotspot Shield, by a company called AnchorFree. There is a Mac version available too, but I have not tried it yet.

The basic concept is that Hotspot Shield, when enabled via the System Tray icon that it installs, sets up a secure, encrypted "tunnel" in your browser from your laptop to their network; from there you can surf the web as usual. Data that travels to and from your laptop is in the tunnel and is not readable by anyone that's trying to snoop your network connection.

There are other ways to do this - most cost money and I may eventually move in that direction but this seems like an easy way for the Road Warrior to get some extra protection with a minimum amount of effort.

By the way, this discussion has focused on wireless connections, but note that some hotels only have wired connections in their rooms. This by no means says that you're safe - depending on how conscientious they are about how their network is set up, it could be said that you're more vulnerable in this situation since you don't even have the option of WPA encryption. So here again, using VPN along with your trusty firewall can provide a decent amount of protection against malware and/or data theft.

Sunday, April 5, 2009

Cryptography: Tambourines and Rubber Hoses

Did you know that secure passwords can, with the proper training, be discovered via a procedure that involves a tambourine? It says so right here. There's a link there that also talks about the rubber hose method, which is one of the least computationally-intensive approaches that has been developed. (Thanks to JJ for the link!)

I am reminded of one of the songs that's in the Sony PSP game Lumines 2 (awesome!) - "Black Tambourine". I never realised until just now that it's by Beck, or that it has at least a tenous link to cryptanalysis!