Let’s say you’re running a Wi-Fi network from your house (or anywhere else) and use a PC-based router. Most people with a modicum of sense these days add access control or hide the network in order to deter War Drivers or others who are too cheap to pony up for access, but what if you could mess with their heads instead? That’s exactly what one guy decided to do, and it sounds like a lot of fun.

Note: you can’t do this with a Linksys or other dedicated router. You need to use a PC as a router, probably running Linux since the hack requires some scripting and access to utilities that generally aren’t included under Windows. This said, the end result might be worth the effort.

The first step, as he notes, is to split your network into trusted and untrusted blocks. All machines that you register (i.e. your own PCs) are put into the trusted, or “don’t mess with these guys” block. They enjoy normal Internet access. Everyone else gets a treat. When they try to use your Wi-Fi, they’re immediately designated as an untrusted machine and routed to the alternate block.

What this means is that, using a Squid proxy, you can route all their traffic to some heinous site like (as the author notes) Kittenwar. Use your imagination. Send them to a LOLcat site, or wherever strikes your fancy. No malware sites, please. That would be wrong.

If you want to truly push someone’s buttons, take the next step and adapt the script included at the above URL. What it does is run every URL an “untrusted” user visits through the Mogrify application before it’s returned to the user’s browser. The end result is an upside down and reversed view of the world…literally. Every page they visit will show up backward and upside down.

Of course, what’s effectively happening here is similar to the “man in the middle” attack that some hackers use to capture and alter traffic as it passes through a hacked machine. If you wanted to, you could also just silently capture and store data from the “untrusted” users as it passed through your clever little trap. This will use some amount of CPU time and other resources, so don’t get too clever or you might really degrade your machine’s performance.

The whole setup would be illegal, except that you’re only altering traffic that’s passing through your own Wi-Fi network. And no one but you should be using it, right?

If you’re a science geek like me, or if you’re just interested in early warning of potential disasters, you might want to have a look at the US Geological Survey (USGS) site. It turns out they’ve developed a plug-in for Google Earth that allows anyone to track earthquake worldwide activity.

All you have to do is pick one of two feeds, then load it into your local copy of the Google Earth application. Once it’s set up, you can look at earthquake activity (denoted as a function of the Richter Scale, of course) as well as tectonic plate distribution and even movement rates. It’s an extremely cool addition to an already cool application. Anyone who lives in an earthquake-prone area might want to consider loading this up, or even subscribing to one of the RSS feeds found at the same URL.

If earthquakes aren’t interesting to you, just visit the Google Earth Gallery and you’ll find all sorts of pre-written extensions that provide all sorts of external data. If you’re so inclined, you can track anything from global oil consumption (by region) to international airline flights as they’re traveling around the globe.

In fact, if you’re of a mind to you can also write your own extensions. Google, of course, makes the whole Google Earth API (Application Programming Interface) available for free, along with sample code to get you started. If you want to write an extension that will track the location of your favorite rock bands while they’re on tour, go for it.

This is why open architectures are cool. They allow everyone to get involved on some level, to add something to the global information store, and maybe learn something new while they’re at it. You can already post photos and other information to Google Earth. Just visit a location like Trafalgar Square in London and look at some of the user-added photos for an example.

This is bottom-up development at its best. Why wait for a big corporation to create something when you can do it, maybe better and with more passion, on your own?

Apparently even a residency on the International Space Station can be a bit boring on occasion. NASA disclosed today that a few (non-essential, to be sure) PCs on the ISS turned up recently with a low-level virus usually associated with attempts to “swipe passwords from online gamers”

Does that mean astronauts have been playing online games in their spare time? One would think the view from the station would be entertaining enough!

Actually, it’s entirely possible the virus simply came in via removable media, like a CD or thumb drive. It was found on personal laptops that apparently are regularly transported back & forth by crew members. According to the report, it’s been identified as W32.Gammima.AG. It’s basically a nuisance, and “spreads by copying itself onto removable media. It is capable of stealing passwords for online games and is classified as a very low risk.” It didn’t get near the command and control machines, and they probably don’t run Windows anyway. I’d hope not, in any case.

Naturally, NASA is being very close mouthed about the incident. For obvious reasons, they don’t want to discuss details or any potentially dangerous situation (not that one existed). But it does show that viruses can appear nearly anywhere, even if you’re taking all the appropriate precautions. Any minor slip-up, like someone inserting a thumb drive in an otherwise clean system, could cause an infection to occur. And it might end up being something a lot nastier than this virus.

The good news, again, is that no critical systems were endangered. The question, however, remains: how many critical systems in other areas — the electric grid, telecommunications, utilities, or even the military are running Windows? Or, for that matter, MacOS? How heavily are they protected, and are they scanned on a frequent enough basis to avoid infection?

I’d bet that no matter how secure these machines are, someone will eventually make a mistake. A virus will get into some very sensitive areas, and it’ll play havoc with a key piece of infrastructure until it’s brought under control. Hopefully no space mission will ever make the news because a virus crashed its computers.

As if the recent announcement of a big problem in the DNS architecture wasn’t bad enough, recently it was disclosed that a design-related problem in the Border Gateway Protocol (BGP) could cause even bigger security breaches. Just what we all needed to hear.

The root issue is that none of the protocols used during the design phase of the Internet (30 or more years ago) had security in mind. They were all created under the fundamental assumption that all nodes on the network were trustworthy. Back then, this made sense. At that time, no one expected the Internet (or the ARPAnet, as it was known in those days) to grow to encompass millions of relatively uncontrolled machines.

Just how bad is the new hole? Well, effectively it allows people to snoop at will and has the potential to “let an attacker surreptitiously monitor unencrypted internet traffic anywhere in the world, and even modify it before it reaches its destination.” The last part of that sentence is critical — it means people exploiting this weakness can launch “man in the middle” attacks that could be virtually untraceable.

The truly heinous part of this discovery is that others have made it before. But no one listened, apparently. One long-time hacker apparently “testified to Congress in 1998 that he could bring down the internet in 30 minutes using a similar BGP attack, and disclosed privately to government agents how BGP could also be exploited to eavesdrop.” But no one did anything about it, and apparently either blew it off as so much ranting or just didn’t think it was serious.

The hacking method doesn’t exploit a bug in BGP. Instead it relies on its inherent design. In using it to capture traffic “an eavesdropper would advertise a range of IP addresses he wished to target that was narrower than the chunk advertised by other networks. The advertisement would take just minutes to propagate worldwide, before data headed to those addresses would begin arriving to his network.” Once you have the traffic, you can either do something malicious with it or silently record it before sending it on the way to its rightful destination (the “man in the middle” approach).

This means huge quantities of traffic can be intercepted and monitored — by clever hackers, by governments, by ISPs, or by corporations — and no one would be the wiser. It can be fixed, if a newer protocol called SBGP (Secure BGP) is adopted, but that could take a long time due to hardware requirements and deployment time.

This revelation could increase the popularity of encryption technology, since encrypted communications would require much more processing if someone wanted to try a man in the middle attack. They could still capture your packets for later decryption, though.

Virtualiization is one of the big buzzwords of the industry these days, and with good reason. Everyone and their mother is hopping aboard the bandwagon in the hope of reducing their overall hardware costs, while introducing more flexibility into their server farm. Why run multiple physical machines when you can virtualize multiple systems onto a single box?

As it turns out, there’s a really good reason and no one seems to be taking it seriously. There’s more than a little evidence that virtual machines aren’t all that secure, especially if they’re running on the X86 platform. This hardware wasn’t designed with security in mind, after all, and is relatively easy to break.

As one long-time BSD developer observed in another blog, “x86 virtualization is about basically placing another nearly full kernel, full of new bugs, on top of a nasty x86 architecture which barely has correct page protection. Then running your operating system on the other side of this brand new pile of [expletive deleted]. You are absolutely deluded, if not stupid, if you think that a worldwide collection of software engineers who can’t write operating systems or applications without security holes, can then turn around and suddenly write virtualization layers without security holes.”

The basic issue is that if someone compromises a single virtual machine running on a given piece of physical hardware, they’ll almost certainly manage to hop to other virtual servers on the same system. This means a single hack could cause damage to multiple running OS instances. It’s like the problem of a company accidentally distributing an infected PC boot image or installation — a single error can affect many machines and no one might even be aware it’s happening.

Even worse, there are no tools at present to diagnose or track down such hacks. No one has, as far as anyone knows, tried this trick in the field yet. That said, it’s a massively tempting target for hackers worldwide. Not only would someone probably make a lot of money by selling details of their hack to the highest bidder, but they’d also earn massive street cred among the hacker community.

Everything else being equal, my own opinion is that virtualizing production systems on at least the X86 platform is just asking for trouble. Right now it’s not an issue, but if someone figures out how to hack VMware or Citrix virtual servers, it’ll have a major impact on a lot of sites. And it won’t be easy to fix.

In terms of security and infected PCs, the news just keeps getting worse. Not only is the number of infected machines worldwide rising, but the subtlety of the techniques employed is increasing. According to the statistics, “11 percent of the world’s computers are part of at least a single botnet, 23 percent of home computers that are already running anti-malware software are infected, and a whopping 72 percent of corporate networks with more than 100 computers have an infection.” That’s a whole lot of machines.

Even legitimate corporate sites are becoming vectors. A while back, Sony’s Playstation site was hacked. A piece of malware masquerading as a virus scanner was installed. How many people fell for it before the hack was corrected? Who knows. So you can no longer avoid infection by staying away from suspect websites.

Happily, there are techniques that’ll help you either avoid malware or find it if it’s already been installed. The same article provides a good starting point for this process. The annoying part, which most people won’t like, is that you can’t just scan once and forget about it. Like antivirus scanning, malware testing has to be conducted on a regular basis.

Effectively the process involves taking “snapshots” of your machine — running processes, TCP/IP ports in use, memory profiles, etc — then comparing them against earlier snapshots. If a new snapshot shows a previously unknown process or active port, for example, it may simply mean you’ve installed a legitimate new application. If you haven’t, or if you don’t recognize the process name, it could be a bot or other malware application. What you’re doing is tracking changes to your machine over time, looking for suspicious changes that might indicate the presence of a bot.

Some Uninstaller applications provide this change-over-time monitoring functionality, to a greater or lesser extent, as well.

UNIX systems administrators often use tools like Nessus, Snort, and Ettercap to monitor changes to their systems or networks. Now you can do it as well. It’s just a good idea, unless you like having your machine hijacked and used to spam half of Germany.

Technology is a great thing in most cases. However, occasionally something really dangerous arises unexpectedly. Email led to spam. The open structure of TCP/IP led to port scanning and other hazards. And now, RFID (Radio Frequency ID) is opening another Pandora’s box in terms of potential privacy violations.

The problem is very simple. RFID in its present form is insecure. It was really designed that way, since no one initially planned for or even considered some of the uses to which it’s being put. Anyone who wants to invest in a cheap scanner can read RFID chips, often from a fairly significant distance. If they were reading the chip located on a pallet of goods rolling into a Wal-Mart, this wouldn’t be an issue.

However, RFID chips are being embedded in very sensitive places. Credit cards. Drivers’ licenses. Passports. Debit cards. What this means is that anyone can effectively read the unique ID embedded in these chips. If the government wanted to, it could set up a scanner in a bus terminal or subway station and figure out who passed through the area and when. That’s a serious privacy issue.

While governments have claimed their encryption techniques are very safe, they’ve been broken on numerous occasions by researchers. “In 2007 British security consultant Adam Laurie cracked the encryption code on a U.K. passport and ’skimmed,’ or remotely read, its personal information—while it was still sealed in its mailing envelope. Around the same time, German security consultant Lukas Grunwald copied the data from a German passport’s embedded chip and encoded it into a different RFID tag to create a forged document that could fool an electronic passport reader.”

There’s an even more subtle issue involved as well. There are plans to “upgrade” retail stores from existing UPC (Uniform Product Code) systems to RFID-based scanners. Theoretically this means you could load up your cart, bag everything as you shopped, then just walk through the door. The scanners could read not only the contents of your cart, but also your credit card. No more shoplifting, right?

Also no more privacy. Aside from the obvious implication of having your every purchase tracked (even more than is already the case), anyone who wanted to could sit outside in a parking lot with a scanner and read exactly the same information as people passed by.

You should be worried. This isn’t science fiction. IBM already has patented the method for doing this, and has shown “how the cards can be used for tracking and profiling even if access to official databases is unavailable or strictly limited.” It describes how “networked RFID readers called ‘person tracking units’ would be incorporated virtually everywhere people go—in ’shopping malls, airports, train stations, bus stations, elevators, trains, airplanes, restrooms, sports arenas, libraries, theaters, [and] mu­­se­­ums’—to closely monitor people’s movements.”

Why should we ever acquiesce to such a program?

Recently a writer on a discussion group I frequent complained that his ISP was randomly unable to connect to certain websites. The problem included even high visibility companies like the New York Times or ZDnet. Instead of a home page, he’d get the ISP’s customized “we can’t find that host” error page with a list of “suggested links” (most of which were ads). He wondered if his connectivity was at fault.

I and others suggested he check the DNS configuration on his PC or router, because it sounded like his ISP’s DNS servers weren’t responding quickly enough. The basic idea of DNS (for those neophytes out there) is to resolve a human readable host name (like “www.nytimes.com”) to an IP address. The browser or other application then contacts the host via its IP address.

If a DNS request isn’t fulfilled quickly enough, a “no such host” error can be returned. This is reflected in the requesting application. Your browser says “sorry, can’t find that machine” or shows some other error text indicating a problem. This is not an uncommon problem. I see it occasionally on my own ISP, but generally re-trying the request produces the expected result.

Happily, there’s another solution. Hint: you don’t have to use your ISP’s DNS servers. Instead, the OpenDNS project can provide the same service. All you need to do is change your PC, Mac, or router to use the OpenDNS servers instead. Not only will you probably get faster response, but you won’t be treated to those bogus “suggested links” pages that are generally little more than sponsored advertising.

OpenDNS offers other services, like adult site blocking and warnings if you’re about to visit a “suspect” site that could damage/infect your machine. These guys also operate PhishTank.com, which accumulates information about known Phishing sites and disseminates it to users. They also give you the option of blocking certain sites or IP ranges from your network — perfect for corporate administrators who want to prevent employees from surfing porn or otherwise wasting time during work hours.

OpenDNS is worth a try. It certainly won’t harm your machine, and you can always switch back to your ISP’s DNS servers if you don’t like the service. If you’re experiencing lots of apparent DNS timeouts, it might make your life a whole lot easier.

I didn’t know this until today, but it turns out the CAPTCHA technology used by some companies to provide a level of anti-bot protection may be doing double duty. According to a recent article in Scientific American, at least one of the providers of this software also uses it to help human librarians decode blurry lettering that can’t be read from antique books.

That’s right. We’re still smarter, at least in terms of visual capabilities and fast deciphering of oddly formed text. That makes me feel much better for some reason. According to the article, “web users have transcribed the equivalent of 160 books a day—that’s more than 440 million words—in the year since researchers kicked off the program.” And we never even knew we were helping archivists and others make more books available electronically.

This is yet another example of a distributed computing (or, maybe more accurately, “cloud computing”) can be used to leverage all that unused CPU power sitting idle on the Internet. SETI@Home, the BBC Climate Prediction project, Breast Cancer, and other active projects are taking advantage of all those unused cycles; anyone who signs up for one of the projects barely notices their machine is being used for other purposes.

Projects like these, of course, are totally different from having your machine taken over by some evildoer Bot that uses it to send spam to millions of unsuspecting recipients. Such applications are installed without your permission, make every effort to conceal their presence and activity, and are used for illegal activities. Legitimate distributed computing projects don’t do any of the above.

You might be annoyed whenever you have to read those wavy letters shown in a CAPTCHA on someone’s website. Many people consider the things intrusive and annoying. But that’s the way everyone tends to think of security measures, whether they involve locking doors or changing passwords. At least the CAPTCHA technology is also being used to perform a secondary function.

Who knows, maybe someday you’ll end up reading one of the books you’ve helped archivists decipher over the years. Plus, it’s good to know we can still do at least a few things better than the machines we’ve built.

The difficulty involved in maintaining one’s privacy in today’s digital world is fairly obvious. Anything we do is logged, registered, and stored somewhere. I’m sure WordPress keeps a log of the origin IP of any posting that’s made here, so a record is being kept of when and from where this post originated. Find the IP, and generally you can find the person.

The same goes for your email and browsing history. I can review the logs at my website any time to see which pages are being hit most frequently, and by whom. I can see who’s linked against my pages, as well as loads of other statistics. This is only the most basic level. Marketing machines collect and process far more data in order to tease out user trends and how successful (or not) a given campaign has been.

Every time you swipe your debit card at the grocery store, your purchases are recorded and used by advertisers. If you bought cat food for the first time, a company might assume you’ve just bought a kitten. As a result, you could start receiving solicitations for everything from veterinary services to cat litter. Some companies are up front about this, as Amazon.com users know. If you buy something, they record it for later use when recommending new products.

The good thing about Amazon’s system is that you can specifically remove certain items (like the baby shower gift you bought for your nephew) from the recommendations-generation algorithm. This means you can avoid receiving masses of spurious recommendations about stuff you’ll never want. Personally, I like that. I hate getting solicitations in the mail for stuff I’m not interested in. It’s just landfill-clogging garbage.

In fact, some of us are eschewing privacy altogether. “Some people, primarily those younger than about 25, claim to have done just that, embracing its antithesis, total public disclosure.” I guess the idea is that it’s harder to have something used against you if everyone knows about it already. Does that mean you should advertise that you’re having an affair, that you just got pulled over for DUI, or that you voted for George W Bush (twice!)?

Someone with reasonable investigation skills can probably uncover all those things. To withhold or to disclose: that’s the question.