WiFi Security Important for Mac Users
From Brian:
Charles,
I've written in a coupletimes regarding my MacBook Propurchase a few months ago, not sure if you remember, since I'm sure youget literally tons of email from readers all the time. In any event, Ithought I might share a little story regarding personal security incase it might be of some interest to you.
I usually provide technical help for family members for free. As aresult, I insisted everyone whose computer could handle it get Leopardso that I could remote in when needed. I know, there are other productsout there for earlier OSes, but with Leopard it's free, integrated intothe system, and very easy.
One such case I had to use this feature to help my sister whoseneighbor kid decided to have a little fun and hacked her wirelessWEPencryption. My initial thought was to take care of it from thesource - they knew who was hacking, so talk to the parents, involve lawenforcement if need be. The parents were a dead end (they didn't give acrap), and my sister was unwilling to involve the cops. So I remotedin, we turned off SSIDon her router, and upgraded the encryption to WPA (thehighest encryption her Qwest router supports), changed passwords, andchanged the name of the router. I also checked her iBook's setting andmade sure the firewall was up, file sharing off, and everything waspassword protected.
My final comments were to not use the administrator account fornormal day to day work - best not to use that account at all - and thatif the kid made it back on it was a clear sign that he was specificallyout to hack her network, since WPA, though not insurmountable, isdifficult to crack.
Well, a couple weeks later, the kid was back on again. Again Ireminded her that this was a federal offense (felony, I believe) andstrongly warned she should contact law enforcement; she refused. I alsolearned that she was once again using the administrator account forday-to-day activity
If I were to post this in a Mac forum or email list, I'm sure Iwould get flamed, but my concern here is that this kid has essentiallystolen the keys to my sister's entire property. Being on the networkalone, with the right network tools he can essentially see everythingbeing transmitted (passwords, personal data, Facebook, email, onlinebanking, etc., etc.). What's worse, it's my understanding that bothSafari and Mozilla have been exploited at hacker conferences, leaving away in to my sister's iBook itself. I'd say that risk is relativelylow, but this kid is already going out of his way to be there, which Ifind to be a disturbing sign.
I would not try to argue that Macs are not secure - I think the factthat there are only a couple of worms out there (that require the userto manually install on their Mac) and zero viruses speaks to that, butjust because it's a Mac doesn't mean you are invulnerable. What bothersme about this is the number of people who I speak to who agree with mysister on this issue - no need to call the cops, no need to changesecurity and computing habits, no harm, no foul. Most agree, at leastuntil I mention the types of data that are visible to someone snoopingaround your network. But even then, the inconvenience of changingpasswords, boosting security, et al, is enough for most people to tellme that's it's just not worth the bother, since they don't reallyunderstand it all anyway.
I guess the only point I have is, that all of us on the Internet -Windows, Mac, Linux, whoever - we all have to accept there is a riskwhenever we log on. Considering my sister's stance on the hacker she'sdealing with, I will most likely be withdrawing my technical supportfor the most part and viewing emails and attachments I receive from herwith great suspicion from here on out. Perhaps I'm overreacting, butbetter safe than sorry, in my honest opinion.
Thanks again for the good reading you provide,
Brian
Hi Brian,
Thanks for reading.
You're much more experienced and erudite in thesesecurity issues than I. One of the few advantages of being stuck on aslow, wired, dialup connection in an isolated rural setting is that thelikelihood of being hacked is relatively low, so I guess I'm personallyfairly lax about security, but I agree with you that where it is anissue, it's just plain reckless to be slack about taking reasonablesecurity precautions, and I tend to be of the better safe than sorryschool of thought as well, even it it involves some hassle andinconvenience.
Charles
Editor's note: When you buy a WiFi router, all security is turnedoff by default. That means that the data sent between your computer androuter is being broadcast unencrypted - unless you're connecting to asecure site (in which case the URL will begin with https:instead of http:). Best practices for securing your WiFinetwork include:
- Use encryption. Any encryption is better than noencryption. WEP is the oldest and most easily hacked encryption method.It's also the lowest common denominator in wireless security -everything supports it. WPA is newer and much more secure, but it's notsupported by 802.11b hardware (such as Apple's original AirPort) orNintendo DS.
- Use a secure password or passphrase, the longer the better.Avoid using only dictionary words and common names; mix some numbersand other characters in for good measure. But don't get too carriedaway - remember that every authorized user will need to type this in,so a 63-character passphrase could result in a lot of frustration andgrumbling. (The minimum length is 8 characters.)
- Restrict access by MAC, a number that every network deviceuses. This won't prevent a serious WiFi hacker from detecting andfaking an authorized address, but it will keep casual users out. On thedown side, it means you'll need to reconfigure your router any time youadd a new wireless user.
- Hide the SSID. This means that anyone who wants to connectto your wireless network needs to know the SSID. Be aware that aserious hacker can still discover your SSID, but it should be safe fromcasual users.
- Change the SSID, which is usually the brand of the router.This means someone connecting wirelessly won't know if your hardwarecomes from Apple, Linksys, Netgear, Belkin, etc. That means it won't beas easy to hack the router itself.
- Block 802.11b if possible. If you won't be using any 802.11bhardware on your network, set the router to not support it. Thisdoesn't do a lot for security, but it will keep hardware that onlysupports 802.11b from attempting to connect to your network. It willalso make your WiFi network a bit more efficient, since it won't haveto worry about slow 802.11b packets.
The whole process of securing a WiFi router is needlessly confusing,which is part of the reason there are so many home and even businessnetworks that are wide open. If you want to restrict access to yournetwork, encryption is your best first step. dk
Further Reading on WiFi Security
Working Around USB Modem Problems with InternetSharing
From Christoph:
Hello Charles W Moore,
Just a quick thought on the bad performance of the Apple USB modemwith your MacBook: Whynot use your G4 or Pismo PowerBook with its reliable internal modem toconnect to the Internet and share the connection with the MacBook viaAirPort? I do this all the time (albeit, with 16000 DSL), let myPowerBook act as an "AirPort base station", and wander around with theiBook to surf the Web wirelessly in my apartment. Before startingInternet Sharing in the Sharing Preferences Panel, though, you have toopen ports 80 (http) and 443 (https) in the firewall, at least inOS X 10.3. I don't know if 10.4/10.5 are more intelligent to dothat for you when you start Internet Sharing.
Best regards,
Christoph
From Brian:
Could you not connect using one of your PowerBooks and use InternetSharing to get Internet access from the PowerBook to the MacBook?
Before I had broadband access, my wife's computer was used toconnect to the Internet and shared its connection with any othercomputer on the network.
Hi Christoph and Brian,
Thanks for the suggestion. I expect it would work, andI may check it out. Unfortunately, with just one phone line here sharedwith my wife for both voice and Internet, we end up logging ourcomputers on and off dialup many times a day, and having to go to theother computer in another room to do that could get old prettyfast.
I think it might have to be the G4 PowerBook, as I'm notsure if the third party Buffalo WiFi PC Card in the Pismo would be upto the task. It might be. My experiential ignorance of wirelesssolutions is fairly encyclopedic, although I'm gradually getting ropedin. I've been using a wireless Logitech V-550 and Targus Wireless Mouse mostlyfor the past six months, and when broadband service finally arriveshere (hopefully later this year) it will be wireless.
Charles
Love the Austin Mini
From Andrew:
Hi Charles,
As always, it has to be said, Low End Mac is essential reading!
Regarding Nano Nano:The Tata Motors Nano and Apple's iPod nano, I'd like to offer alink to Keith Adams' site, AustinRover Online and, specifically for your article, the Austin Minipages
On a side note, my first car was a Mini - I absolutely loved drivingit!
- Andrew
Hi Andrew,
Thanks for the compliment and links. A fellow BMC/BLMCfan. Good on you!
I was the consummate British car fan in the '60s and'70s, during which I owned 17 assorted Austin Cambridges and MorrisOxfords, four Austin 1800s, two MGBs, an MGA, and two Riley 1.5s - andthat didn't count my mother's two Austin 1100s (a saloon and estate),one Austin 1800, and my sister's Mini. British autos were the dominantimport brands overall in Canada through the '50s and '60s, and Austinsin particular were very popular here in Eastern Nova Scotia. My wife isfrom Bermuda, and her family drove Morrises there for years.
Charles
Synching My iPhone 3G with My Pismo
From Will:
Hi Charles,
I appreciate your enthusiasm for and knowledge of the Pismo. Mine has served me wellfor going on nine years. It is the only computer I have ever owned, andit has been amazing. That said, I bought an iPhone I am not able toconnect using the USB 1.1. I tried a Bluetooth USB adapter, but Appledoesn't yet support Bluetooth synching. I have searched all over theWeb, but no one has a good solution. Someone refers to the possibilityof using a PCMCIAadapter card, but they don't confirm that it works or reallyexplain what the heck that is.
I don't want to retire my old friend but the lack of connectivity isa bummer so far. Any thoughts?
Best
Will
Hi Will,
I think that a PCMCIA (a.k.a. PC Card) USB 2 adaptermight indeed work, but I can't confirm that from experience.
This PowerMax Q&A implies that it will, although it's specificallyaddressing a similar issue with a PC machine. One of the posters onthis MacInTouchforum says it will work. So does the first entry on this MacOS X Hints forum.
On the other hand, that solution may not be a surething with these older PowerBooks, as discussed in thismacosx.com forum
A USB 2.0 adapter should be useful anyway, and is agood use for the PC CardBus slot on thePismo.
Hope this helps.
Charles
Play with Pictures Software from Vertus
From Zach:
Hello Charles,
I saw your posts about Vertus' FluidMask and Bling! It- thanks BTW. I wanted to let you know that Vertus is also offering anew program called Play with Picturesthat you should check out. Here's the link to the freedownload.
Thanks,
Zach
My pleasure, Zach, and thanks muchly for the infoabout Play with Pictures. I'll definitely be checking it out.
Charles
Go to Charles Moore's Mailbag index.