Wireless Security Tip: Don’t Connect Automatically

I have a quick tip that will exponentially increase your laptop, tablet, or even phone security. When you’re setting up your wireless connections, there are 2 options that you should never turn on: 1) “connect automatically when this network is in range” or “start this connection automatically” and 2) “connect even if the network is not broadcasting”.

You can blame hidden wireless networks for this gaping security hole. The How-To Geek has a really good article explaining why you shouldn’t use hidden wireless networks.

Why should I turn off these convenience features?

When you use the auto connect features of WiFi, your device will seek out the wireless connection. In the process of seeking out the connection, it also broadcasts the connection information. Devices such as WiFi Pineapples can be built to scan for the broadcasts coming from your devices. Once it has found a device, it automatically configures a matching connection and allows you to connect. Once you’re connected, your internet traffic can be monitored.

The following comes directly from the product information of Hak5’s WiFi Pineapple:

You see most laptops have network software that automatically connects to access points they remember. This convenient feature is what gets you online without effort when you turn on your computer at home, the office, coffee shops or airports you frequent.

Simply put, when your computer turns on the wireless radio send out out beacons. These beacons say “Is such-and-such wireless network around?” Jasager, German for “The Yes Man”, replies to these beacons and says “Sure, I’m such-and-such wireless access point – let’s get you online!”

Of course all of the Internet traffic flowing through the pineapple such as e-mail, instant messages and browser sessions are easily viewed or even modified by the pineapple holder.

VirtualBox UUID Change Script

UPDATE: Oracle has decided to change the command from setvdiuuid to sethduuid for version 4 of VirtualBox. Please make this correction if you are using version 4.

How many times do you simply copy a virtual hard drive when you want to stand up a development environment? In VirtualBox, it isn’t as simple as a simple copy, paste, and rename. Each virtual hard drive in the VirtualBox world (.vdi files) gets its own universally unique identifier, or UUID. When you copy a vdi file with your file explorer it also brings over the UUID. Fortunately, VirtualBox has a command to generate a new UUID for a copied vdi file.

%ProgramFiles%\Oracle\VirtualBox\VBoxManage.exe internalcommands setvdiuuid

Being in the SharePoint development world, I create new virtual machines all the time so I created a script to take care of the UUID change. I have a batch file named changeUUID.bat that this script is contained.

IF "%1"=="" GOTO Error
"c:\Program Files\Oracle\VirtualBox\VBoxManage.exe" internalcommands setvdiuuid %1
ECHO No file path given!

Gist Link: https://gist.github.com/knight0323/4488526

NOTE: VirtualBox does offer a command called clonevdi which will copy the vdi and ensure a new UUID is assigned to the clone. The setvdiuuid command is just a personal preference.

Is your favorite application portable?

I just have to mention one of my new favorites. The website www.portableapps.com has a great program suite for portable applications. Their suite works with most portable hardware (USB flash drive, iPod, portable hard drive, etc.) and for those that do not wish to use the entire suite they also have a pretty nice library of portable applications. Best of all – its completely free.

I personally use their Lite Suite. OpenOffice was a bit much for me to put on a thumbdrive and between the Lite’s AbiWord and the fact that most pc’s have office software I decided against it.. I’ve customized it a bit so with the suite I always have Firefox, Filezilla, Notepad++, Foxit Reader, and 7-Zip just a few clicks away on any computer.

Thanks PortableApps!