The Importance of WiFi Security, Using Internet Sharing to Work Around USB Modem Problems, and More

• WiFi Security Important for Mac Users
• Working Around USB Modem Problems with Internet Sharing
• Love the Austin Mini
• Synching My iPhone 3G with My Pismo
• Play with Pictures Software from Vertus

WiFi Security Important for Mac Users

From Brian:

Charles,

I've written in a couple times regarding my MacBook Pro purchase a few months ago, not sure if you remember, since I'm sure you get literally tons of email from readers all the time. In any event, I thought I might share a little story regarding personal security in case it might be of some interest to you.

I usually provide technical help for family members for free. As a result, I insisted everyone whose computer could handle it get Leopard so that I could remote in when needed. I know, there are other products out there for earlier OSes, but with Leopard it's free, integrated into the system, and very easy.

One such case I had to use this feature to help my sister whose neighbor kid decided to have a little fun and hacked her wireless WEP encryption. My initial thought was to take care of it from the source - they knew who was hacking, so talk to the parents, involve law enforcement if need be. The parents were a dead end (they didn't give a crap), and my sister was unwilling to involve the cops. So I remoted in, we turned off SSID on her router, and upgraded the encryption to WPA (the highest encryption her Qwest router supports), changed passwords, and changed the name of the router. I also checked her iBook's setting and made sure the firewall was up, file sharing off, and everything was password protected.

My final comments were to not use the administrator account for normal day to day work - best not to use that account at all - and that if the kid made it back on it was a clear sign that he was specifically out to hack her network, since WPA, though not insurmountable, is difficult to crack.

Well, a couple weeks later, the kid was back on again. Again I reminded her that this was a federal offense (felony, I believe) and strongly warned she should contact law enforcement; she refused. I also learned that she was once again using the administrator account for day-to-day activity

If I were to post this in a Mac forum or email list, I'm sure I would get flamed, but my concern here is that this kid has essentially stolen the keys to my sister's entire property. Being on the network alone, with the right network tools he can essentially see everything being transmitted (passwords, personal data, Facebook, email, online banking, etc., etc.). What's worse, it's my understanding that both Safari and Mozilla have been exploited at hacker conferences, leaving a way in to my sister's iBook itself. I'd say that risk is relatively low, but this kid is already going out of his way to be there, which I find to be a disturbing sign.

I would not try to argue that Macs are not secure - I think the fact that there are only a couple of worms out there (that require the user to manually install on their Mac) and zero viruses speaks to that, but just because it's a Mac doesn't mean you are invulnerable. What bothers me about this is the number of people who I speak to who agree with my sister on this issue - no need to call the cops, no need to change security and computing habits, no harm, no foul. Most agree, at least until I mention the types of data that are visible to someone snooping around your network. But even then, the inconvenience of changing passwords, boosting security, et al, is enough for most people to tell me that's it's just not worth the bother, since they don't really understand it all anyway.

I guess the only point I have is, that all of us on the Internet - Windows, Mac, Linux, whoever - we all have to accept there is a risk whenever we log on. Considering my sister's stance on the hacker she's dealing with, I will most likely be withdrawing my technical support for the most part and viewing emails and attachments I receive from her with great suspicion from here on out. Perhaps I'm overreacting, but better safe than sorry, in my honest opinion.

Thanks again for the good reading you provide,
Brian

Hi Brian,

Thanks for reading.

You're much more experienced and erudite in these security issues than I. One of the few advantages of being stuck on a slow, wired, dialup connection in an isolated rural setting is that the likelihood of being hacked is relatively low, so I guess I'm personally fairly lax about security, but I agree with you that where it is an issue, it's just plain reckless to be slack about taking reasonable security precautions, and I tend to be of the better safe than sorry school of thought as well, even it it involves some hassle and inconvenience.

Charles

Editor's note: When you buy a WiFi router, all security is turned off by default. That means that the data sent between your computer and router is being broadcast unencrypted - unless you're connecting to a secure site (in which case the URL will begin with https: instead of http:). Best practices for securing your WiFi network include:

1. Use encryption. Any encryption is better than no encryption. WEP is the oldest and most easily hacked encryption method. It's also the lowest common denominator in wireless security - everything supports it. WPA is newer and much more secure, but it's not supported by 802.11b hardware (such as Apple's original AirPort) or Nintendo DS.
2. Use a secure password or passphrase, the longer the better. Avoid using only dictionary words and common names; mix some numbers and other characters in for good measure. But don't get too carried away - remember that every authorized user will need to type this in, so a 63-character passphrase could result in a lot of frustration and grumbling. (The minimum length is 8 characters.)
3. Restrict access by MAC, a number that every network device uses. This won't prevent a serious WiFi hacker from detecting and faking an authorized address, but it will keep casual users out. On the down side, it means you'll need to reconfigure your router any time you add a new wireless user.
4. Hide the SSID. This means that anyone who wants to connect to your wireless network needs to know the SSID. Be aware that a serious hacker can still discover your SSID, but it should be safe from casual users.
5. Change the SSID, which is usually the brand of the router. This means someone connecting wirelessly won't know if your hardware comes from Apple, Linksys, Netgear, Belkin, etc. That means it won't be as easy to hack the router itself.
6. Block 802.11b if possible. If you won't be using any 802.11b hardware on your network, set the router to not support it. This doesn't do a lot for security, but it will keep hardware that only supports 802.11b from attempting to connect to your network. It will also make your WiFi network a bit more efficient, since it won't have to worry about slow 802.11b packets.

The whole process of securing a WiFi router is needlessly confusing, which is part of the reason there are so many home and even business networks that are wide open. If you want to restrict access to your network, encryption is your best first step. dk

Further Reading on WiFi Security

• How to Secure Your Wireless Network Using WEP and WPA, Joe Rivera, Mac Fallout Shelter, 2006.01.03.
• Wireless Networking 101: Speed and Security, Andrew Fishkin, Best Tools for the Job, 2007.01.31
• The ABCs of Securing Your Wireless Network, Joel Hruska, Ars Technica, 2008.04.29

Working Around USB Modem Problems with Internet Sharing

From Christoph:

Hello Charles W Moore,

Just a quick thought on the bad performance of the Apple USB modem with your MacBook: Why not use your G4 or Pismo PowerBook with its reliable internal modem to connect to the Internet and share the connection with the MacBook via AirPort? I do this all the time (albeit, with 16000 DSL), let my PowerBook act as an "AirPort base station", and wander around with the iBook to surf the Web wirelessly in my apartment. Before starting Internet Sharing in the Sharing Preferences Panel, though, you have to open ports 80 (http) and 443 (https) in the firewall, at least in OS X 10.3. I don't know if 10.4/10.5 are more intelligent to do that for you when you start Internet Sharing.

Best regards,
Christoph

From Brian:

Could you not connect using one of your PowerBooks and use Internet Sharing to get Internet access from the PowerBook to the MacBook?

Before I had broadband access, my wife's computer was used to connect to the Internet and shared its connection with any other computer on the network.

Hi Christoph and Brian,

Thanks for the suggestion. I expect it would work, and I may check it out. Unfortunately, with just one phone line here shared with my wife for both voice and Internet, we end up logging our computers on and off dialup many times a day, and having to go to the other computer in another room to do that could get old pretty fast.

I think it might have to be the G4 PowerBook, as I'm not sure if the third party Buffalo WiFi PC Card in the Pismo would be up to the task. It might be. My experiential ignorance of wireless solutions is fairly encyclopedic, although I'm gradually getting roped in. I've been using a wireless Logitech V-550 and Targus Wireless Mouse mostly for the past six months, and when broadband service finally arrives here (hopefully later this year) it will be wireless.

Charles

Love the Austin Mini

From Andrew:

Hi Charles,

As always, it has to be said, Low End Mac is essential reading!

Regarding Nano Nano: The Tata Motors Nano and Apple's iPod nano, I'd like to offer a link to Keith Adams' site, Austin Rover Online and, specifically for your article, the Austin Mini pages

On a side note, my first car was a Mini - I absolutely loved driving it!

- Andrew

Hi Andrew,

Thanks for the compliment and links. A fellow BMC/BLMC fan. Good on you!

I was the consummate British car fan in the '60s and '70s, during which I owned 17 assorted Austin Cambridges and Morris Oxfords, four Austin 1800s, two MGBs, an MGA, and two Riley 1.5s - and that didn't count my mother's two Austin 1100s (a saloon and estate), one Austin 1800, and my sister's Mini. British autos were the dominant import brands overall in Canada through the '50s and '60s, and Austins in particular were very popular here in Eastern Nova Scotia. My wife is from Bermuda, and her family drove Morrises there for years.

Charles

Synching My iPhone 3G with My Pismo

From Will:

Hi Charles,

I appreciate your enthusiasm for and knowledge of the Pismo. Mine has served me well for going on nine years. It is the only computer I have ever owned, and it has been amazing. That said, I bought an iPhone I am not able to connect using the USB 1.1. I tried a Bluetooth USB adapter, but Apple doesn't yet support Bluetooth synching. I have searched all over the Web, but no one has a good solution. Someone refers to the possibility of using a PCMCIA adapter card, but they don't confirm that it works or really explain what the heck that is.

I don't want to retire my old friend but the lack of connectivity is a bummer so far. Any thoughts?

Best
Will

Hi Will,

I think that a PCMCIA (a.k.a. PC Card) USB 2 adapter might indeed work, but I can't confirm that from experience.

This Power Max Q&A implies that it will, although it's specifically addressing a similar issue with a PC machine. One of the posters on this MacInTouch forum says it will work. So does the first entry on this Mac OS X Hints forum.

On the other hand, that solution may not be a sure thing with these older PowerBooks, as discussed in this macosx.com forum

A USB 2.0 adapter should be useful anyway, and is a good use for the PC CardBus slot on the Pismo.

Hope this helps.

Charles

Play with Pictures Software from Vertus

From Zach:

Hello Charles,

I saw your posts about Vertus' Fluid Mask and Bling! It - thanks BTW. I wanted to let you know that Vertus is also offering a new program called Play with Pictures that you should check out. Here's the link to the free download.

Thanks,
Zach

My pleasure, Zach, and thanks muchly for the info about Play with Pictures. I'll definitely be checking it out.

Charles

Go to Charles Moore's Mailbag index.