Feb 13, 2011

RE "Wi-Fi service can expose your really sensitive data to cybercriminals"

This short article is "non-panic" class of material referenced to Kaspersky Lab article WiFi + Airport = Lost password
We left following comment for this article on www.securelist.com
Just opinion...
Wireless connection or wired... Secured traffic is secured traffic. If you talking about security and exposed credential, it is no matter what "last mile" do you have. People, who are hunting, personal credentials, encryption certificates and so on, will do their job even with your existing VPN (pairing traffic for PKI extraction for example, especially on M$ Windows platforms).

It is just talking about egg and chicken. So, if KaspLab placed egg affront and says "this is solution" (making money BTW), why not?

low level education in IT security of regular users is just a reason to have such of product on-board of their laptops, PCs, etc. It is kinda business, is it?

Simple solution is:
1. Enable firewall on your netbook/laptop/PC, and carefully research what traffic do you use, and what is necessary to pass in and out (DO NOT TRUST wizards of any firewall software, each wizard leaves back-door for "technical" reason even KaspLab products)
2. Be aware of what you gonna explore in Internet. Even you have super cool antivirus or any security enabled controlling software, this will not warranty that you will not get trojan-style virus, or rootkit, or fake login pages or any related which may be not yet recognizable by installed antivirus on your HW.
3. Even you have simple and proved traffic protection on your PC, you are not protected. Your PC is your PC, but rest of the world is opened even you are protected incide of your PC. Strong advise of ANY more less in mind security specialists — change your password, do not be lasy, change your personal credentials frequently (once a week, once a month, once... as «once» as possible)
4. Do not use M$ products. Tobe honest, it is rare situation that commercially delivered operating system is most patched, even KspLab products just developed as extension of file system interfaces, networking interfaces (as patch alternative of own M$). Did you think ever why? So, try alternative OSs, and enjoy most virus-free and stable user environments.
5. If you have business needs to access to your banking or incorporate resources, the best solution is to use dynamic encryption of traffic access for VPN access on numbers of ports (even on HTTP, HTTPS). What is dynamic encryption? It is mostly hardware implemented pass phrase generator for access to remote secured areas via VPNs. Yes, yes, VPN ports can be blocked, ask sysadmins to add for binding additional ports that can be available anywhere.
6. Never, never and never exchange your e-mails WITH NO SSL/TLS encrypted connection!
7. Do not afraid to use open Wireless networks – no difference in general will you use WiFi, GPRS or HSDPA.

Again, this is just opinion.

Feb 8, 2011

Wi-Fi Roaming, Solution Overview

Hi falks!
We have started to release documents and specifications derived from our past projects to PUBLIC. Even documents are exposing on public, we still own those solutions and techniques. So, be kind, to tell about us first before try to implement it somewhere. This way will help you to get low-cost or free support on your projects.

Here is our first fly "Wi-Fi Roaming, Solution Overview" one of 100 presentations explaining how some of our solutions are working.

Any comments are welcome.