"Beware The Wi-Fi On The Trains, My Son!"

Sunday 17th May 2009

With apologies and grateful thanks to Lewis Carroll......

Originally written as part of the novel "Alice Through The Looking Glass" in 1871, this is probably one of the best-known of all nonsense poems.  "Lewis Carroll" was the pen-name of the Rev. Charles L Dodgson, who was also an accomplished mathematician.  However, since electronic computers were still over a hundred years in the future, he could certainly not have known anything about Wi-Fi!

The poem starts off innocently enough:
'Twas brillig, and the slithy toves
Did gyre and gimble in the wabe;
All mimsy were the borogoves,
And the mome raths outgrabe.   

However, the second verse has a rather darker tone:
"Beware the Jabberwock, my son!
The jaws that bite, the claws that catch!
Beware the Jubjub bird, and shun
The frumious Bandersnatch!"

This is where the parallels with the Internet in general and Wi-Fi in particular can be seen.  Who in their right mind would give complete strangers open access to their wallet or handbag on a train?  Yet, when using wireless Internet connectivity, especially if it is so thoughtfully provided by the train operator, many people forget how easy it is for a stranger to snoop on the connection and thus obtain usernames and passwords.  Armed with this information, the stranger has the potential to impersonate the hapless user in order to empty his Bank accounts, change the passwords on his email accounts and gebnerally cause havoc.  The easiest way to ensure that this cannot happen is rather obvious - whenever accessing the Internet in any public location, whether by Wi-Fi or a wired connection, never ever do anything which requires divulging confidential information, including usernames and passwords.  The alternative is to use a fully encrypted connection back to the office and then use the office connection for surfing.  That way, any snoopers will see only the encrypted information, which is totally valueless.

Would You Like To "be There" Without Going To The Trouble Of Actually "being There"?

Sunday 10th May 2009

Well, here's how to do it....

Remote control software is nothing new.  In the late 1980's MS-DOS was in its heyday.  This was a time when 1200bps modems and 7.54MHz processors were all the rage, along with 40MB hard disks and 14" screens.  Windows and similar graphical interfaces were something of a novelty and generally considered as being "only for wimps".  A real expert, of course, would always use the "evil command line".  This was fine when the expert was actually sitting in front of the system, but less so when he had to give instructions to a user who was quite possibly unfamiliar with computers and who did not even know the layout of a keyboard.  In such circumstances, products such as pcAnywhere and CarbonCopy were invaluable.  When Windows went mainstream in the 1990's, remote control software became even more useful.  Although there was less need to access the command line, every user was now able to design their own desktop and thus support staff would often have very little idea of what the users were actually seeing on their screens.

Nowadays, high-speed broadband Internet access is almost universally available and dial-up remote control software has been relegated to a "technique of last resort".  A whole new generation of remote-control software has developed, taking advantage of the facilities available with the Internet.  There are two types of such products - "direct access" and "man in the middle", each with their own benefits and snags.  The first type requires that the firewall protecting the system being controlled must allow access from the support staff computer and generally use the VNC protocol.  "VNC" is the acronym for "Virtual Network Computing", although it could equally well represent "Virtually No Confidentiality".  Since it has no encryption, anyone who so wishes may read the information being exchanged.  The second type uses an intermediate server, to which both parties make a connection.  These connections are typically encrypted, but of course the "man in the middle" can intercept the data being exchanged at will.

As always, security and complication go hand-in-hand with each other.  By using a suitably-configured VPN, it is possible to create a secure link between two sites, thus eliminating the security loopholes associated with the VNC protocol.  This enables support staff to take control of the target system, almost as if they were sitting in front of it.  Many VNC-based products are available, both free and paid-for.

"Think Like A Hacker"

Sunday 3rd May 2009

If you don't, someone else will.....

Society generally expects adults to take reasonable care of themselves, although every civilised society will make appropriate allowances for those who, through no fault of their own, are less than able to do so.  This "reasonable care" is not restricted to physical matters such as looking both ways before crossing the road, but extends to social, as well as
financial, behaviour.  The Police regularly run poster campaigns in public car parks, reminding drivers to lock valuables out of sight in the boot when they leave their cars.  Anyone who leaves valuable items openly displayed in their car when it is unattended will receive little sympathy if they are stolen.

Nowadays, the duty of reasonable care also extends to computer-related activities.  Hacking into computers no longer confers prestige on the perpetrator.  Rather, the object may be to steal information from the target machine itself or take control of it, but will most likely be both. 

Even if a compromised machine does not contain any bank account details or other confidential information, it is far from valueless to a criminal.  Individually, it may be worth little, but when a group of thousands, or even tens of thousands or more, has been created, the owner has a valuable asset, known as a "botnet", which he can sell on or rent out to other criminals.  They, in turn, will use it for their own nefarious purposes.  These purposes may be "merely" distribution of spam emails, which may of course have offensive content or be infected with viruses.  Alternatively, botnets can be used for financial advantage, traditionally by conducting "Denial of Service" attacks against Internet servers.  The target is usually a company which depends on its uninterrupted online presence for its very survival, for example an online betting service.  By threatening to flood the company's servers with a massive number of sumultaneous connections and thus preventing access by genuine customers, the criminal will hope to extort money from the target.  Since more sophisticated attacks are now available, such simple techniques are no longer popular.

In order to make life as difficult for a hacker as possible, everyone must take "reasonable care".  Anti-virus and firewall software must always be kept up-to-date, as should browsers, while machines should be swept regularly for such scumware as spyware, malware and adware.  Even more essential than keeping anti-virus and firewall software up-to-date is the need to keep Windows itself up-to-date and the easiest way to achieve this is to make sure that "Automatic Updates" is enabled. 

Failure to do so will severely increase the vulnerability of the machine concerned and make life much easier for hackers.

Why Bother Keeping Your Qualifications Current?

Sunday 26th April 2009

If you do not, you will become marginalised - and surprisingly quickly, at that

The IT industry is constantly moving on.  The pace is rapid and even seems to increase as every year goes by.  Staying at the forefront of developments takes considerable resource, but the penalties for failing to do so are severe.

Only 10 years ago, a 1000MHz single-processor PC with 256MB RAM, a 40GB and 2 rear-mounted USB ports was really rather desirable.  Nowadays, such equipment is thrown into skips as being totally worthless.  Even when offered for 1p on eBay, noone wants it.  Imagine the case of a hardware engineer, whose qualifications are 10 years old, trying to work on a modern PC.  Unless he has somehow managed to "keep his hand in", he would be at a severe disadvantage when faced with the enormous
advances in hardware and software which have taken place since he qualified.  Anyone for Windows98 or Red Hat Linux 5?

The certifications awarded by Cisco, Microsoft and others are mostly valid for only three years, after which the holder must re-certify.  However, this is not unique to IT.  In the medical profession, even nurses have to undergo regular retraining and renew their Registration every three years.  Failure to to do so means that they are no longer allowed to practise.

In the case of IT, the consequences of failing to keep one's qualification up-to-date are more insidious.  Rather than outright loss of employment, it becomes steadily more difficult to achieve promotion or move to a different employer.