<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE></TITLE>
<META http-equiv=Content-Type content=text/html;charset=ISO-8859-1>
<META content="MSHTML 6.00.5730.11" name=GENERATOR></HEAD>
<BODY text=#000000 bgColor=#ffffff>
<DIV>Paul,</DIV>
<DIV> </DIV>
<DIV>The problem is not someone using someone else's wireless router to
access the internet. Using the router to get to the wireless send/receive
box and antenna does not imperil the owner's computer's security,
although the trail it leaves at the owner's ISP may be deceptive or
incriminating, if the intruder is clever enough. It is when a
hacker tries to go from the wireless router into owner's/user's
computer that the problems begin. I have not completely described the
device I mentioned before but it can obviously be set to as to allow access
to certified users but not others.</DIV>
<DIV> </DIV>
<DIV>Recently Idaho passed a law allowing the use of force, even deadly force,
against intruders into your home. While a poison bill from an online
protection device is not deadly force, it is a force that be could used to
protect yourself and your family, if you can afford it. I might point out
that there is software available for PCs that will do something similar to what
the device will do, only not nearly as effectively.</DIV>
<DIV> </DIV>
<DIV>The chances of someone being caught and convicted of illegal electronic
snooping in Latah County are nil at the present time. The is so much going
on and no real detection and enforcement capabilities at hand, although it is
possible that certain out-of-county agencies are now investigating several
individuals. For example, just think of the online security problems of
the UI in the last 18 months. In one UI case given national news coverage,
there was even national assistance to local law enforcement, but with no
tangible result.</DIV>
<DIV> </DIV>
<DIV>There may be some question of the legality of the device I speak of for
home, business, and some other users. If you are good at inferences, you
can figure out where some of these devices are being legally used. Notice
also that I did not claim that the device was of American manufacture.</DIV>
<DIV> </DIV>
<DIV>Here's another tip for those on a wireless connection: Do not leave
your browser (especially if it is IE) or email program open when you are not
actively using it.</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV>W.</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV style="FONT: 10pt arial">----- Original Message -----
<DIV style="BACKGROUND: #e4e4e4; font-color: black"><B>From:</B> <A
title=godshatter@yahoo.com href="mailto:godshatter@yahoo.com">Paul Rumelhart</A>
</DIV>
<DIV><B>To:</B> <A title=vision2020@moscow.com
href="mailto:vision2020@moscow.com">Vision 2020</A> </DIV>
<DIV><B>Sent:</B> Thursday, February 08, 2007 8:37 AM</DIV>
<DIV><B>Subject:</B> Re: [Vision2020] New (and Old) Threats to On-Line
Computers</DIV></DIV>
<DIV><BR></DIV>That's a frightening device. I can't believe a company
actually produces it and sells it, even if they do claim to be a "penetration
testing firm".<BR><BR>I'd also like to add that one important security procedure
involves setting a password on your personal wireless network at home, if you
have one. The fact that the default is to leave it wide open is downright
criminal. Yes, you have to type in a password to connect to your own
network - but so does the guy who just pulled up in front of your house that
wants to use your network to surf for child porn.<BR><BR>If you don't secure
your own network, then you may not have the legal right to file charges if some
stranger connects to it. The issue seems to be a gray area in the law
right now. Worse yet, if somebody connects to your system and does
something illegal and it is traced back to your access point, you may be the one
going to trial. Basically, if your network is unsecured, it is
broadcasting a signal which translates to "Come connect to me! My address
is..." The person in the area, maybe even a neighbor, might connect to
your access point accidentally because many systems are configured to connect to
the strongest signal they see automatically. So I definitely *don't*
recommend delivering a payload to them to disable their system if all you see is
a connection that has been made. I still don't condone electronic
vigilantiism even if they do something malicious, that's what the police and the
courts are for. <BR><BR>Definitely be careful at public hotspots, as
well.<BR><BR>Paul<BR><BR>Art Deco wrote:
<BLOCKQUOTE cite=mid003601c74ae6$b81c62b0$6401a8c0@opalpeakkiosk type="cite">
<META content="MSHTML 6.00.5730.11" name=GENERATOR>
<STYLE></STYLE>
<DIV><STRONG>New (and Old) Threats to On-Line Computers</STRONG></DIV>
<DIV> </DIV>
<DIV>Below the line are links to descriptions of a new device implementing an
old method of attack on computers connected by a wireless method of one
type.</DIV>
<DIV> </DIV>
<DIV>The cautious will read this material carefully. Although the device
described is relatively new, the method used itself is not new and the method
can be extended beyond simple Wi-Fi connections.</DIV>
<DIV> </DIV>
<DIV>There are several individuals in this area using laptops and special
software to attempt to snoop and/or to implant snooping/remote broadcasting of
the material on your personal computer and the real-time data streams
occurring while you are connected to email and the web. Hardly a week
goes by when my computer is not subjected to an attempt of this kind.</DIV>
<DIV> </DIV>
<DIV>A prior V 2020 discussion suggested some ways to help fend off these
kinds of attacks:</DIV>
<DIV> </DIV>
<DIV>Anti-Virus software</DIV>
<DIV>Spyware Detection and Removal software</DIV>
<DIV>First class professional grade firewall software</DIV>
<DIV>An intervening router with firewall capability</DIV>
<DIV> </DIV>
<DIV>It is important to check your firewall logs daily to see if attacks have
been detected. If your firewall can be set to immediately notify you of
an attempted attack:</DIV>
<DIV> </DIV>
<DIV>1. Disconnect entirely from any connection you are
using the moment the notification occurs.</DIV>
<DIV>2. Look for unfamiliar vehicles in your area, take
license numbers. If a license number occurs more than once after an
attempted attack or there is a speedy decampment, notify law
enforcement.</DIV>
<DIV> </DIV>
<DIV>This should be a no-brainer: Do not tell anyone which
anti-virus, spyware detection, or firewall software or hardware you are
using.</DIV>
<DIV> </DIV>
<DIV>There is another remedy which is drastic, very effective, very expensive,
and whose legality may be suspect: a device which uploads a poison pill to the
attacker's computer. This pill works in the target computer's
background. First it erases the boot-strap tracks, then erases the
various parts of the directories on all disc drives, then all the data on all
the disc drives surfaces. The latter takes a lot of time so that the
attacker may be able to stop that part before it is complete. For some
computers, the software can also cause some permanent hardware damage, mainly
to the disc drives. At any rate the attacker will need to spend a great
deal of time making their computer functional again. In addition, this
device and associated software records a number of identifying characteristics
of the attacker's computer so that information may to used to arrest and to
convict the attacker may be gathered.</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV>Since the legality of this device may be suspect, please do not ask me
for details. There are various search engines which can be of assistance
should you be interested.</DIV>
<DIV><BR>Art Deco (Wayne A. Fox)<BR><A
href="mailto:deco@moscow.com">deco@moscow.com</A><BR></DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV>______________________________________________________</DIV>
<DIV>Silica--a wireless hacking tool <BR><BR>Photos: The scariest item at RSA
2007 is Silica, a portable hacking<BR>device <BR>that can search for and join
Wi-Fi access points, scan for open ports,<BR>and <BR>launch code execution
exploits. <BR><A
href="http://ct.zdnet.com/clicks?t=29190355-a10e1a02c3a4463047d2ade5662a85e8-bf&s=5&fs=0">http://ct.zdnet.com/clicks?t=29190355-a10e1a02c3a4463047d2ade5662a85e8-bf&s=5&fs=0</A><BR><BR>WiFi
hacking with a handheld<BR><A
href="http://ct.zdnet.com/clicks?t=29190356-a10e1a02c3a4463047d2ade5662a85e8-bf&s=5&fs=0">http://ct.zdnet.com/clicks?t=29190356-a10e1a02c3a4463047d2ade5662a85e8-bf&s=5&fs=0</A><BR><BR>Focus:
RSA 2007 security<BR><A
href="http://ct.zdnet.com/clicks?t=29190357-a10e1a02c3a4463047d2ade5662a85e8-bf&s=5&fs=0">http://ct.zdnet.com/clicks?t=29190357-a10e1a02c3a4463047d2ade5662a85e8-bf&s=5&fs=0</A><BR><BR></DIV><PRE wrap=""><HR width="90%" SIZE=4>
=======================================================
List services made available by First Step Internet,
serving the communities of the Palouse since 1994.
<A class=moz-txt-link-freetext href="http://www.fsr.net">http://www.fsr.net</A>
<A class=moz-txt-link-freetext href="mailto:Vision2020@moscow.com">mailto:Vision2020@moscow.com</A>
=======================================================</PRE></BLOCKQUOTE><BR>
<P>
<HR>
<P></P>=======================================================<BR> List
services made available by First Step Internet, <BR> serving the
communities of the Palouse since 1994.
<BR>
http://www.fsr.net
<BR>
mailto:Vision2020@moscow.com<BR>=======================================================</BODY></HTML>