其實使用無線上網時除了注意連接正確及信任網絡外, 仍需注意如果錯誤地連接其他非信任網絡有機會被人入侵 / 資料被偷.

經明查暗訪後, 其實這是微軟 WinXP SP3 以下版本內既一個 bug, 這個 bug 令 “Free Public Wifi” 不只在香港出現, 還遍佈世界各地, 像電腦病毒般漫延.

Recently, there is an free wi-fi network name “Free Public Wifi” available in most famous shopping malls of Hong Kong. However, [...]]]> 近日香港發現疑似假免費無線網絡, 名稱為 “Free Public Wifi”. 該無線網絡為開放網絡並不設加密連接. 根據電訊網絡商 PCCW 指出, 該網絡並非真正 Wifi 熱點, 而是偽無線網絡 (viral SSID).

其實使用無線上網時除了注意連接正確及信任網絡外, 仍需注意如果錯誤地連接其他非信任網絡有機會被人入侵 / 資料被偷.

經明查暗訪後, 其實這是微軟 WinXP SP3 以下版本內既一個 bug, 這個 bug 令 “Free Public Wifi” 不只在香港出現, 還遍佈世界各地, 像電腦病毒般漫延.

Recently, there is an free wi-fi network name “Free Public Wifi” available in most famous shopping malls of Hong Kong. However, there is no network traffic when you try to stuff the net. According to an ISP, PCCW, this is a fake wifi network (viral SSID). This SSID not only exist in Hong Kong, but all over the world. This mainly because a bug exist in WinXP SP2 or lower version. That bug will let the old version windows remember this SSID and recall it when no wifi available around.

The only workaround is avoid to join this wireless network, because the we can’t fix the problem in other computers not owned by us, right?

首先, 雖然收費既上網服務感覺上令人覺得安全有保障, 但只要其他人處於同一個網絡既人既都有機會接收到你電腦既資料. 而且, 有部份收費既上網服務只有確認使用服務時是使用 https / WEP / WPA / WPA2 加密機制, 當服務一旦確認後上網既傳輸有機會以 http 傳輸 (即資料會在完全沒有保障下傳輸). 所以就算使用此類收費服務都建議盡量使用 https 傳輸.

其次, 使用完任何私人賬戶必須完全登出. 因為有部份程式 (例如 facebook, twitter 等等) 在關閉後仍然會記住登入狀態, 所以當電腦 / 手提電話 / PDA 再次連上網, 程式使會在背後自動登入並更新. 如果該類程式沒有 https 加密保護其他人就有機會獲取到登入資料. Outlook, Outlook Web Access, Gmail 因為本身有 https 機制會較有無障.

另外, [...]]]> 近日睇到一篇文章講這個話題, 當然在公眾地方上網最基本注意唔應該登入自己既私人賬戶, 同盡量使用 https 加密傳輸. 但其中也講了幾個使用 wifi 時需要留意既地方.

首先, 雖然收費既上網服務感覺上令人覺得安全有保障, 但只要其他人處於同一個網絡既人既都有機會接收到你電腦既資料. 而且, 有部份收費既上網服務只有確認使用服務時是使用 https / WEP / WPA / WPA2 加密機制, 當服務一旦確認後上網既傳輸有機會以 http 傳輸 (即資料會在完全沒有保障下傳輸). 所以就算使用此類收費服務都建議盡量使用 https 傳輸.

其次, 使用完任何私人賬戶必須完全登出. 因為有部份程式 (例如 facebook, twitter 等等) 在關閉後仍然會記住登入狀態, 所以當電腦 / 手提電話 / PDA 再次連上網, 程式使會在背後自動登入並更新. 如果該類程式沒有 https 加密保護其他人就有機會獲取到登入資料. Outlook, Outlook Web Access, Gmail 因為本身有 https 機制會較有無障.

另外, 其他沒有收費上網服務既人亦不代表不能使用這類服務. 因為無線上網是以無線訊號形式傳輸, 這代表任何人都可以接收到, 只是接收後會怎樣處理. 就算使用 WEP / WPA / WPA2 既加密傳輸, 只要有人獲取並複制到 WEP / WPA / WPA2 既密碼訊號, 其他人都可以利用這種稱為 piggybacking 既方法上網.

其實如非必要應盡量避免在公眾地方上網. 如果想用最安全既方法可以考慮 VPN. 因為它會先將數據加密後才進行傳輸, 大大減低被偷數據後既損失. VPN 需要既硬件要求則較多及複雜, 因為當 VPN 連線后, 所有上網資料會先傳送到 VPN sever 再經 VPN server 上網.

參考文章:

http://www.pcworld.com/businesscenter/article/194062-1/how_to_stay_safe_on_public_wifi.html

其實無線網絡有先天因素, 令速度不及一般既連線網絡, 亦不能抺殺其對手提裝置普及既奉獻. 個人認為有線網絡始終較快及安全, 迫不得已才設定無線網絡, 否則往往傾向連線方式上網. 雖然有少許不便, 但總不會在家四處跑著上網.

另外, 當設定無線網絡時需時加強保護, 建議選用最高安全級數既制式, 如 WPA2. 設定 MAC address 控制, 隱蔵無線網絡名稱, 甚至限制 DHCP 派放數量等等. 千萬不可使用預設設定, 否則整個網絡將會完全對外開放.

最後, 似乎加密與破解既競賽中, 破解開始出現了佔優既局面, 即當新安全制式出現後好快便被解破. 雖然當中大部份只涉及理論範圍, 但仍不可以忽略及後既實踐. 照情況看, 新安全制式需要再多改進才可輓回落後既局面. 而且, 要普及新安全制式可以要花上數以十年既時間.

The researchers estimate that a Wi-Fi attack could take over 20,000 wireless routers in New York City within a [...]]]> If criminals were to target unsecured wireless routers, they could create an attack that could piggyback across thousands of Wi-Fi networks in urban areas like Chicago or New York City, according to researchers at Indiana University

The researchers estimate that a Wi-Fi attack could take over 20,000 wireless routers in New York City within a two-week period, with most of the infections occurring within the first day.

“The issue is that most of these routers are installed out of the box very insecurely,” said Steven Myers, an assistant professor at Indiana University, who published the paper in November, along with researchers from the Institute for Scientific Interchange in Torino, Italy,

The researchers theorize that attack would work by guessing administrative passwords and then instructing the routers to install new worm-like firmware which would in turn cause the infected router to attack other devices in its range.

Because there are so many closely connected Wi-Fi networks in most urban areas, the attack could hop from router to router for many miles in some cities.

The team used what is known as the Susceptible Infected Removed (SIR) model to track the growth of this attack. This methodology is typically used to estimate things like influenza outbreaks, but it has also been used to predict things like computer virus infections, Myers said.

Although the researchers did not develop any attack code that would be used to carry out this infection, they believe it would be possible to write code that guessed default passwords by first entering the default administrative passwords that shipped with the router, and then by trying a list of one million commonly used passwords, one after the other. They believe that 36 percent of passwords can be guessed using this technique.

Even some routers that use encryption could be cracked, if they use the popular WEP (Wired Equivalent Privacy) algorithm, which security experts have been able to crack for years now. Routers that were encrypted using the more-secure WPA (Wi-Fi Protected Access) standard were considered impossible to infect, Myers said.

Myers’ model is based on data compiled from the Wireless Geographic Logging Engine (WiGLE), a volunteer-run effort to map Wi-Fi networks around the world, which has over 10 million networks in its database.

Using this data, they were able to map out large networks of made out of Wi-Fi routers that were each no more than 45 meters (49 yards) from the network — in other words, close enough for an infection to spread. The largest such network in New York included 36,807 systems; in Boston it was 15,899; and in Chicago: 50,084.

Because New York is such a dense city with a relatively low percentage (25.8 percent, according to the researchers) of encrypted routers, it was particularly susceptible to this type of attack. San Francisco, on the other hand, where 40.1 percent of routers are encrypted and which had a lower density of routers was less susceptible.

Myers says that because the attack would be technically complex, he doubts that criminals will attempt it any time soon. There are simply too many other, easier ways to take over computers, he said.

Still, he thinks hardware makers should take note. “The bigger point for developers and people making wireless information technology is to realize that there are serious security issues.”

首先, 當然係安裝好 winxp 先. 因為 HP 更新了 6402AU 既 driver, 反而只列出 “更新” 的檔案, 刪減了大部份基本既 driver, 例如底板, display, sound card, 甚至 CPU. 小弟剛剛有一份舊 driver 係手, 有需要可留言給我.

因小弟手中只有 winxp sp1 所以裝好後就第一時間裝 driver. 首先當然係底板 –> CPU, 當上到網後就先做 windows update 到 post-sp2 patch. 之後再上 sound card 同 wireless lan driver. 因為 [...]]]> 幾經艱苦終於將部機由 vista downgrade 去 winxp, 以下就係今次 downgrade 既總結.

首先, 當然係安裝好 winxp 先. 因為 HP 更新了 6402AU 既 driver, 反而只列出 “更新” 的檔案, 刪減了大部份基本既 driver, 例如底板, display, sound card, 甚至 CPU. 小弟剛剛有一份舊 driver 係手, 有需要可留言給我.

因小弟手中只有 winxp sp1 所以裝好後就第一時間裝 driver. 首先當然係底板 –> CPU, 當上到網後就先做 windows update 到 post-sp2 patch. 之後再上 sound card 同 wireless lan driver. 因為 sound card driver 好似要 .Net 至 work.

當 上好 wireless lan driver 後, 整部機算得上是完成 80% 既工作, 餘下既 20% 就係同設定有關, 當中又以 wireless 部份有點困難. 當完成 driver 安裝後, 部機會支持 wpa2 既功能, 但係 winxp 就要安裝 KB893357 後至會有 wpa2 既選項. 可以 Microsoft 網站下載.

寫後感: 部機既缺點除了粒 U 易熱, 得兩個 USB 之外同重量十足外, 最重要就係個面殼因為造功問題, 大部份都唔係完美. 而價錢算係中低檔, 算係部機既賣點. 因為剛剛錯過大學既 notebook offer 所以至 “錯買” 了這部機.

而事實證明 vista 比 xp 大食, 尤其對 ram 既要求. 小弟部機加盡了 2GB ram, 減去 share onboard display 果 128MB ram, 入到 vista 既時間足足比 winxp 慢了一倍. 而 vista test 就有 2.4 分, 個人來說都叫滿意.