Link

How Not To Get Hacked When Renting An Airbnb Apartment

How Not To Get Hacked When Renting An Airbnb Apartment:

The problem is that, thanks to the rise of home-sharing services such as Airbnb and HomeAway, thousands of people are letting strangers into their houses and apartments, and, potentially, into their networks and routers.

That’s why, Galloway argues, we need to be careful when connecting to Wi-Fi networks in Airbnbs, and just treat them like we treat airport or Starbucks connections.
“When you’re traveling and you’re on an unfamiliar network, you should behave like it and not behave like when you’re at home,” Galloway says. “You don’t use the Airbnb toothbrush, and you should probably think twice before just jumping on their network and putting your bank credentials in there.”

If you’re a renter, Galloway says the first thing to do to stay safe is using a virtual private network, or VPN, that will encrypt and protect all your connections. (There’s a lot of easy to use options out there, such as Freedome or TunnelBear.) Another, slightly more complex precaution, is to hardcode DNS settings into their devices, switching to Google Public DNS, for example.

I don’t disagree with this advice but admit it’s only something I consider when travelling for work (in part because I do so few ‘risky’ things when vacationing and decision to mostly rely on apps which I hope – though often cannot know – are transmitting credentials over SSL). But more broadly I think that what is being argued for is out of touch with how people are generally taught to understand computing and out of touch with how most Airbnb hosts operate: guests rarely meet their host and it’s unclear how often hosts themselves ever really look in on their properties. So maybe before we insist that people be wary of landlords and Airbnb hosts we should be considering what baseline requirements for offering such services themselves should be.

Link

Lack of public Wi-Fi in Toronto raises privacy concerns: experts

Lack of public Wi-Fi in Toronto raises privacy concerns: experts:

The lack of public Wi-Fi in Toronto means those in need of wireless Internet must trade their privacy for connectivity, experts say.

Privacy concerns aside, Christopher Parsons with the Citizen Lab at U of T said leaving Wi-Fi in the hands of businesses limits access. While a public Wi-Fi system would be open to all, not everyone can afford the price of admission – implied or otherwise – at places like Starbucks.

“For some people, stepping in and getting a latte for five dollars is fine, but for other people that five-dollar latte is an incredible extravagance. They may not feel comfortable in that situation, or they may not feel welcome.”

Link

iOS 8 strikes an unexpected blow against location tracking

iOS 8 strikes an unexpected blow against location tracking:

Good: Apple is demonstrably improving an aspect of wifi privacy. Kudos to them!

However: Retailers are using Bluetooth to engage in the same activity, so ideally a similar privacy enhancing technique will be designed when Bluetooth functionality is turned on.

Depressing Reality: I’ll really believe that Apple is invested in privacy when they enable/initiate similar privacy by design functions in their own physical environment system, iBeacons.

Link

Belkin #Fails At Password Creation

WPA2-PSK is recognized as a pretty reasonable way for most consumer to secure their wifi access point. That said, this mechanism falls pretty flat on its face when router manufacturers screw up, and it looks like Belkin has screwed up badly. From a Register article we see that:

Each of the eight characters of the default passphrase are created by substituting a corresponding hex-digit of the WAN MAC address using a static substitution table. Since the WAN MAC address is the WLAN MAC address + one or two (depending on the model), a wireless attacker can easily guess the wan mac address of the device and thus calculate the default WPA2 passphrase.

This is just really poor mechanism to calculate the password. At least the manufacturer has been totally silent on the issue, and unwilling to disclose how they intend to defray potential attacks; this gives the possibility that Belkin’ll fix things instead of just abandoning consumers (which seems to be, sadly, a pretty default vendor response when their errors undermine users’ privacy and security). Here’s hoping that Belkin decides to not be like most router vendors…