Nasty KRACK

This week’s networking crisis is that black-hats have found another way to violate your privacy. Called the KRACK exploit, it allows hackers to spoof WiFi protocol so as to break its encryption and read your traffic.

It’s worth pointing out that this is not just a zero-day bug in some manufacturer’s implementation—it’s a defect in the WiFi standard itself, and all WiFi (802.11) encryption is vulnerable to it. It does require a hacker to be close enough to have physical access to your radio signal.

We wanted to let you know what we were doing about it, and also what you should be doing about it yourself. Continue reading

Keep it clean, folks!

CybervirusWe received a note today from CenturyLink (our gateway provider) complaining that one or more of our subscribers’ PCs are infected with the “Asprox” bot virus, and are generating traffic off-net designed to infect other users.

Since all but a few of our subscribers are anonymized at the gateway portal, identifying the articular infected subscriber is extremely labor-intensive. Asprox is typically spread by official-looking notices about court dates, traffic or toll fines, internet voice or fax messages, and the like. If you tried to open the attachment on one of these, chances are the problem is your PC. (Asprox doesn’t infect Macs.)

Instead, we’re posting this note to ask all our subscribers Continue reading

Heartbleed and You

heartbleed logoThe “Heartbleed” internet bug has been all over the news this week.  In brief, the bug allows crackers to fetch arbitrary memory regions from sites using secure transmission protocols, which can then be examined for nuggets of valuable secure information such as encryption keys or credit card numbers. This “xkcd” cartoon explains about as clearly as possible what the bug actually is and how crackers could use it.

I thought it worthwhile to write a few words to our own subscribers explaining what the bug means to you, and what, if anything, you should do about it.

Continue reading