Little Common Sense Problem

Wi-Fi Security Threat You May Not Realize Is Hunting You There’s an old trick out there to catch all the new dogs that come into town. The screenshot is taken in the middle of the busy Brooklyn neighborhood, in the middle of the day. Do you see the danger already?

If not – here’s a little hint: there are Time Warner Wi-Fi hot spots in New York, but they are in Manhattan and Queens, not Brooklyn. Something else – the location of the spot where I got this reading is exactly out of reach the only 3 available Optimum Wi-Fi hot spots on their map, so I definitely did not expect to see 69% of signal power – more like 10 – 20%. So what the heck is going on with all three networks, including XFinity Wi-Fi, having the same signal strength? Someone had set up a rogue router that poses as XFinity WiFi, Optimum WiFi and Time Warner WiFi at the same time to capture your data. Those network SSIDs you’re seeing – all fake.

If you bought any recent laptop, chances are you have your firewall set up and enabled and it will take some time and dedication to break into your laptop. Not to say it’s impossible – it’s just requires time and effort and knowing you’re actually there. With fake Wi-Fi hot spots, you can set up a script that will capture anything you send over rogue Wi-Fi network automatically, so anyone connected through is just voluntarily giving up their data to someone who’s willing to listen. Since your device will most likely connect to a known Wi-Fi automatically – it will hook you up with fake one just as easy, without you even realizing it. No time, no effort – everything just happens automatically as long as the rogue SSIDs match those of real SSIDs of public networks. It’s like you’re shouting all your secrets and passwords in the middle of the street: if anyone listens close enough – you’re going to have a problem.

How to prevent this? Make sure your device – be it laptop, iPhone or iPad – asks for your explicit permission to connect to Wi-Fi that’s not your at your home or at work. Before you go someplace – check what Wi-Fi options are available and don’t use those that seem to good to be true. Apply some common sense to the situation and don’t fall into the trap of fake Wi-Fi hot spot, or it may prove to be too hot.


Small Business Basics – 5 Online Fraud Prevention Tips

There are hundreds of accounts of fraudsters using various scam methods for credit card stealing, making fraudulent purchases or selling goods that never arrive at their intended destination. So much so that small businesses were literally forced to incorporate those fraud transactions into cost of doing their business online. Here are a few tips that should help a small business sustain some of the most often tried transactions – purchase with fraudulent credit cards. Some small businesses have this reason alone to choose more expensive credit card processor, like PayPal,  in order to not to deal with fraud themselves, potentially loosing thousands of dollars in revenue. These simple steps may help recover that money given that small business processes credit cards through its own merchant account.

1. Verify shipping vs. billing address. Some web sites even refuse to ship to an address that is different from billing, but that is really up to the business owner. If you sell something that could potentially be a gift, so that one relative can order it for another – pass it on, but if you sell something that people mostly order for themselves, like gadgets or novelties, then shipping address way off from billing might suggest something fishy.

2. Ask yourself – does the order make sense? If you are selling expensive merchandise that people are most likely to buy once in a while – would the order for five items make sense? Call the billing phone number to verify the purchase – it will cost you 2 minutes, but potentially can save you hundreds of dollars.

3. Have the payment cleared yet? Institute shipping and handling policies that will cover your bases while you wait for payment to clear. Sometimes it may take a day or two for payment to go through all the hoops of your payment system, be patient and wait out the whole thing. It may bounce off for a number of reasons, first of which is stolen credit card.

4. Verify the IP address‘s geographic location vs. both shipping and billing. It sounds a bit nerdy at first, but any online shopping cart can be tweaked to display originating IP address along with the order information. The task is to see if the IP address belongs to the same region as the two addresses. An order originating from Eastern Europe’s IP address that has billing address in Connecticut and shipping destination in California is hardly legit. In some cases you won’t be able to tell if the IP address is or is not located where the billing or shipping addresses are, in these cases just move on to #5.

5. Never hesitate to call the bank that have issued credit card. Have your clients enter the 800 number on the back of the credit card along with their billing information. In any doubt – call the bank and have them verify that name, billing and shipping addresses are legit. Some banks even have that option on their initial menu.


Ongoing IFrame Attack From Russia

There’s been a nasty bug prowling the ‘Net of late, and it works by using a site’s own Search Engine Optimization (SEO) practices against it. Ars takes a look at the iFRAME injection campaign and the organization behind it. As Ars Technica points out:

The launchpad for these various malware campaigns is our old friend, the Russian Business Network. According to Danchev, earlier reports of the network’s demise have been greatly exaggerated. Faced with dwindling functionality thanks to security policies that prevented traffic from reaching IP addresses associated with the RBN, the company divided itself, sought new service providers, and is back in business. Many of the codec downloads and false website fronts active in the above attacks trace directly back to RBN addresses.

Interesting view on this twist from a Ars’ forum discussion:

I was 18 when the Berlin wall fell. States colonized by the former USSR were freed and democracy was put in place. I hoped for a better future for Russia. Since then, they have turned authoritarian, abused nations around them, threatened the world with missiles that can penetrate defense systems, poisioned and shot dissidents, and allowed a large organized crime sector to operate.I know my response isn’t technical, nor even helpful, but I couldn’t help but express my sadness over all this. When you see a great threat removed, especially as a teenager, you hope for the best, but I guess we aren’t going to see much good news from Russia for a long time.

It is, indeed, sad that instead of business partnership some Russian companies are trying to establish themselves as a highway robbery corporations.