Sent to you by Chris Hunter via Google Reader:
Problems with security seem to pop up all the time—from an easy to hack router to apps that leak your data into the world. Thankfully, it's pretty easy to protect yourself. Here's how to do it.
Unless you keep up to date on all the security news, it's easy to miss a bit here and there about what has been exploited and what hasn't. We're all vulnerable at some point, and if you haven't touched the settings on your computer since you took it out of the box, it might be time to take another look.
Already know about these security holes and have them patched up? Good for you! Send this along to your friends who don't to help keep them safe.
UPnP Allows Access to Your Gear from Outside Sources
UPnP (Universal Plug and Play), a component meant to make devices like routers, printers, and media players easy to discover on a network, has been accused of having security holes for a long time, but this week the US Government suggested you disable it yet again. The most recent study suggests 40 million to 80 million network-enabled devices responded to discovery requests from the internet and are vulnerable to an attack that gives hackers access to webcams, printers, passwords, and more. This means routers and devices with the bug can be accessed from the internet to remotely screw with your system even if you don't have malware installed.
The good news is that most of the affected hardware is old, and the problem likely isn't as widespread as it seems. That said, in the case of most devices, you can turn UPnP off in the settings (look in your manual for directions). The UPnP setting on your router doesn't have anything to do with the protocol that lets you stream media over a network, print from inside the network, or anything similar. Turning it off on the router level only blocks you from controlling these devices over the internet, which most people don't need to do.
To turn it off on a router level, you pop into the admin page and disable UPnP. If you want to check your hardware, security site Rapid7 has made a tool to scan devices on your network.
As far as security risks go, this one's easy to fix and it's not going to affect a lot of people these days. The rest of these are much worse.
WEP/WPA Passwords on Your Router Are Easy to Crack
Chances are that your router is using either a WPA (Wi-Fi Protected Access) password or a WEP (Wired Equivalent Privacy) password. Unfortunetly, it's pretty simple to crack a Wi-Fi network's WPA password and a WEP password.
Both of these vulnerabilities exist for different reasons. In the case of WEP, it's as simple as cracking the password with an automated encyrption program (and a lot of time), while in WPA, it's more about a vulnerability in WPS (Wi-fi Protected Setup) on certain routers. This can be corrected by turning WPS off. If you can't turn WPS off, you can install DD-WRT or Tomato so you can. DD-WRT should add a nice security layer to your home network.
Browsing Without HTTPS Leaves Your Vulnerable to Snoopers
HTTP Secure is the protocol used to secure everything that you send online that's important. This includes your bank information, social networks, and just about everything else that needs security. For your home network, you can simply install the HTTPS browser extension that ensures you'll always use the secure version of a site so your data doesn't fall into the wrong hands. Without HTTPS, your personal data is far more likely to fall through a security hole and into the hands of some nefarious person.
While it's important to use HTTPS at home, it's far more important to always use it on public Wi-Fi. At places like hotels, airports, or libraries, someone is probably snooping out your passwords. Your best solution for public Wi-Fi is to use a VPN (virtual private network) to route your traffic safely and securely.
All the Apps, Software, and Websites You Use Might Accidentally Leak Data
It happens time and time again. A hacker finds an exploit, and suddenly all your favorite software and web sites are vulnerable to people snagging your passwords. This might make your entire system insecure, it may give your passwords away, or they're leaking your personal data like name and address. This happens with Java constantly, but it has happened to pretty much everyone at some point, including: Mega, Google Wallet, Apple, Skype, Path, Zappos, LinkedIn, and Facebook.
First off, you need to keep your software up to date. This means both your operating system and your mobile software. Generally, when your data is leaked, someone notices, and the software is patched up right away.
It's not exactly the perfect solution, but since the security holes are on the service or software side, it's all you can do. That said, make sure you have: two-factor authentication enabled where you can, you use a different password for every site, and use a a password system like LastPass to ensure your leaked data doesn't reveal enough information to get your login information for another service.
Strong Passwords Aren't Enough to Protect Against Everything
When it boils down to it, a good password only gets you so far. Certain security holes, like social engineering hacks can happen when a skilled hacker bypasses technical protections (like a strong password) to get the information they want from talking to a person—no "real" hacking is required. It's exactly what happened last year when the Apple and Amazon exploits were uncovered in Mat Honan's hack.
In short, people are one of the biggest security holes in the larger chain. Hackers can use psychological tricks to get your information, they might pose as someone important, as a Facebook friend, or even as you when talking with customer support. With a little information, they can then gain access to your account. If that account uses the same password as everywhere else, they essentially get access to everything you do. Thankfully, you can protect yourself with a few simple tips.
The main goal is to make sure you don't have all your eggs in one basket. That means if someone gets one password to one site, they can't get in elsewhere. So, never use the same password more than once, use two-factor authentication, get creative with your security questions, and monitor your accounts.
Plugging up these security holes isn't exactly a fun way to spend an afternoon, but it's certainly more entertaining than waking up one morning to find someone has stolen your identity. It's also a pretty easy process, and once you're set up you don't need to do much else.