In my time in IT I have worked with a number of wireless devices for the consumer and for businesses. These have ranged everywhere from simple $40 products that are only meant to get you online (not fast, but online) to multi-component wireless systems costing thousands of dollars. All of these still use the same basic technology to get you connected and to pass traffic between your device and the internet. At their heart is going to be a wireless radio, but this does not mean that all wireless products are the same; quite the opposite in fact. There is a clear line between wireless for the average home and wireless for the average business. The factors are mostly in the software used and the features that you have at your disposal, but you also will often have more advanced hardware under the hood as well. Today we will be taking a look at standalone wireless access point that is aimed at the business market (although there are many things that consumers will like about as well). This is the NETGEAR WNDAP360 ProSafe Dual Band Wireless Access Point; let’s see if worth the $290 it will cost to put one of these in your office.
As more and more user accounts are hacked, we still hear about systems that still allow for simple password hints, security questions, and even worse will not allow for complex passwords. We know of at least three banks that will not allow special characters in their passwords and limit them to 14 character maximums. This lack of foresight on the part of the people that are supposed to be protecting our data is shocking to say the least. Even with easy access to items like TFA (Two-Factor Authentication) we still hear about security breaches and account hacks on a daily basis. So what do you do if an online service does not provide any two-factor authentication? Most would say you are out of luck, but there is something that might help keep things a little more safe than just the stock password that you are required to drop into your accounts. This is the Yubikey which provides something like a secure token that you can add to your online accounts to put in a little more protection.
In a very interesting twist on the Occupy movement Subpoenas are being issued demanding information relating to many of the Websites that related to the Occupy cause. One of the Subpoenas that was posted on Scribd.com is asking for quite a bit of information including “Any and all documents and records relating to the following articles posted on the Website including records of the IP addresses and pseudo names of the blog posters.”
The threat of a data breach is one that every company faces and it is also an eventuality that they all know can happen at any time. The number of daily attempt to penetrate corporate security is staggering as is the number of successful attack where at least some data is taken. It is for this reason that we still a confused when companies want to move to a cloud based or subscription style software agreement. Once all of that billing information is stored in a single spot (even multiple data centers) it becomes a very big target. Adobe has found that out the hard way as they are now reporting a breach that lost the information for approximately 2.9 Million users and source code for Cold Fusion and Acrobat.
The National Security Agency has just released a report to the powers that be in the US that expresses concern that the online activist group Anonymous could go after the US power grid in the next 3-5 years (we told you things like this would happen). This report was put together by their counter terrorism group and while it lacked any details in the body of the report (like the axis for attack) and forgot to mention there are other people out there that would like to do this (like foreign countries and real Terrorists) it does raise some real concerns.
In what has to be one of the most unusual “Get-The-Vote-Out” campaigns that I have personally seen it appears that Anonymous and the Occupy group are urging people to hold politicians accountable for their actions by voting them out of office. While some in the media are calling this a first it is not the in reality. In multiple messages Anonymous has called on the public to hold their political leaders accountable. Their methods might be different at times, but this is also the beginning of the voting season in the US so the move really comes as no surprise.
We have always been a supporter of certain Internet freedoms as well as individual privacy (no surprise there huh). Bills like PIPA and SOPA showed us a glaring issue with the existing level of knowledge currently held by the people that make our laws (and not just in the US). This is not a big shocker to most people either. It is fairly common knowledge that our law makers get into office based on little more than a popularity contest that is held every few years. Once in office they are like the gullible kid in school that gets talked into things, by the “cool kids”, but in this case the cool kids are lobbyists and are not looking for a laugh they are looking to improve their control and profit.
As we have been working with Windows 8 and Windows 2012 server we have become increasingly concerned about security. Although Microsoft has claimed that they have improved security through items like the locked UEFI boot process there are still glaring omissions in security that keep popping up very recently it was noted that despite the claims from Microsoft of a more secure login process the password hint is exposed in the SID database and easily recovered remotely. We also found that users’ contact lists are also left in the open (and in plain text) and available to anyone that can gain remote elevated privileges; which is what almost all Viruses and Malware try to do.
If there is one thing that you can say Anonymous has done that has a measurable positive effect it is exposing the level of Corporate and Government Ignorance. Ignorance is not an admissible excuse any longer in this day and age and is often used in court when someone says they did not know they were breaking the law. Since this is generally accepted why is anyone willing to give companies that show massive amounts of ignorance (which is just really lack of forethought or cost cutting) when it is discovered that their systems are not secure? We are shocked that this is at all acceptable considering the data breaches going back as far as 2009. Still we continually hear about this product or that network is suddenly discovered to be insecure. Exactly how is that possible?
The online movement known as Anonymous had a fairly busy weekend and even managed to push their “fun” into Monday. According to several of the Anonymous twitter accounts they are now rather upset at PasteBin. It seems that the owner of PasteBin is unhappy about the uses that Anonymous has put his “code sharing” site to. He laments that it was never intended for the sharing of sensitive information and has even stated he is going to hire additional workers to help remove these types of posts. This had an interesting effect on the collective where tweets saying things like “Srsly Pastebin, f*** you - @Pastebin to hire staff to tackle hackers' 'sensitive' posts” .