Wardriving is the technique of driving around in a car with a laptop searching for unsecured wireless networks.  Have you ever been using your laptop in a new location and all of a sudden your laptop automatically connects to an unfamiliar network?  You just accidentally found an unsecured wireless network.  Some moron bought a wireless router and just plugged it into the wall without configuring any of the router’s security settings.  Mr. Moron is now providing free wireless internet to anyone within range and has just opened up his network to anyone who wants to use it.  A wardriver will hop in the car and seek out these unsecured networks, perhaps for nefarious purposes.

The crooks in this case apparently decided to wardrive down to their local strip mall and were probably pleasantly surprised to find that the computers used by retailers – those would be the one’s with all our debit and credit card information – were hooked up to wireless networks.  Why not just download all the information and go shopping?

To be fair, these retailers’ wireless networks were probably not completely unsecured – at least I hope not.  The crooks probably found ways to get around the security of these wireless networks.  Given enough time and computing power any wireless network can be cracked.  By definition a wireless network is constantly transmitting and receiving data over-the-air and anyone with the right equipment can receive it.

I have always been uncomfortable with the use of wireless networks in a business setting where confidentiality of information is an issue – and when is it not an issue?  Do you really want your competitors reading your email or seeing what websites you browse?  If you process thousands or millions of credit cards, security is paramount. 

Wireless networks have security and encryption settings and certainly they should always be used, but by their nature wireless networks are never totally secure.  I’m not sure I would ever trust them to keep my credit card information secret.  Several large retailers just learned this lesson the hard way – and 41 million consumers are paying the price.

While the researchers required sophisticated lab equipment which had to be placed within two inches of the device, they were able to reprogram the pacemaker to shut down or deliver potentially fatal jolts of electricity. According to the researchers, these tests demonstrate that too little attention is being paid to security in the growing number of medical devices being equipped with communications capabilities.

Hundreds of thousands of people currently have implanted defibrillators to regulate their hearts. Considering one of these patients is Vice President Dick Cheney, this could indeed be a cause for concern.

Users should always consider the security implications of using any wireless device.  If a device does not use wires to attach to a computer system, the data is normally sent via radio.  This means you have a small radio transmitter broadcasting everything you do.  You privacy and security is dependent upon the weakness of the signal and the strength of the encryption.  The radio signals are relatively weak, meaning the person examining your activities would have to be relatively close to you – say within 100 – 200 feet.  Most products encrypt the data in wireless devices, but this encryption is often weaker than other forms of encryption such as that used on the Internet.

How important is your privacy?  Do you really want to set up a mini radio station and transmit all your activities?

I have been using a technique to create strong passwords for years, since I have notice the technique starting to appear on other websites (Microsoft’s Strong Passwords, for example), I’ll share it here.  First, think of a phrase which is easy for you to remember.  Then use the first letter of each word in the phrase – this is a good starting point for a password.  Then, try to exchange numbers for some of the words and add punctuation.  For example,  “My dog Spot used to bark when I came home from work.”  Take the first letters, mdsutbwichfw.  Swap a 2 for “to” – mdsu2bwihfw.  An exclamation point after the bark should be easy to remember so now we have mdsu2b!wichfw.  If the password is case-sensitive maybe we could capitalize the first letter of the phrase, Spot’s name and the I.  Now we have MdSu2b!wIchfw.  That is a pretty good password that is going to be hard to guess – but it should be easy for you to remember.  Do not bother trying to remember the letters – remember the phrase.  It will quickly become a habit to type the right letter as you are remembering your dog Spot.  Try it – it works.  It also makes it very hard to tell someone your password without thinking.  Trust me – you won’t be able to verbalize your password without considerable thought – but you will be able to type it dozens of times a day with no effort at all.

It is critical to keep your computer safe from botherders.  Keep your computer up-to-date with the latest operating system updates and patches, install and properly configure a firewall, install and keep anti-virus software updated, use strong passwords, and beware of phishing scams.  Failure to protect your computer not only puts your own information at risk, but may lead to your computer being used in the commission of other computer crimes.

Now that’s a comforting thought.  Why should a foreign nation spend time and money on spies when all they need to do is send a cleverly worded email to a government employee to get the intelligence they want.

In a recent blog posting on the Computerworld site, Michael R. Farnum argued that when doing a security assessment for a company, examining social engineering is often not necessary.  His point seems to be that most companies will fail in this part of an assessment, so why bother?  The same could be said of the entire security assessment.  If there are areas you know a company is going to fail, why examine them?  The point of a security assessment is to have an outside third party examine security with an objective point of view.  The assessment then gives objective evidence which can then be used to justify the budget to fix these problems.  If company management is already on board with tightening security, start with fixing the problems you know about – including training employees on social engineering.  When you think you have everything fixed and airtight – then have a security assessment to find the areas you overlooked or to test employee training.

Vishing is similar only the user is directed to a phony phone number.  A victim may receive an email which states that their creditcard has been disabled due to possible fraud.  The victim is then directed to call the credit card company.  The phone number given is a direct line to the bad guys.  In some variations of the scam, the bad guys even call the victim.  The bad guys can even use voice over IP technology to send a fake Caller ID to the victim’s telephone, making the victim think that the call is legitimate.

Regardless of the source, never give out your personal information and report any suspicious attempts to gather your personal data.

Bugs in computer chips are not unheard of.  A division bug was discovered in Intel’s Pentium processor in the mid-1990′s.  Shamir noted that the danger is theoretical and that there is no evidence that anyone is currently using such an attack.