There was no wireless when I arrived here many years ago  and just a few hotspots (wireless locations) until maybe 2-3 years ago. Since then, wireless has “gone viral” and has become available in numerous locations, especially in the central valley around San Jose. Nearly every hotel offers wireless and/or direct connects in the rooms. Internet cafes offer wireless as do bagel shops and pizza parlors.  More and more people are getting familiar with wireless both for home and for “on-the-road” use and they ARE using it.  A lot!

Sadly, the vast majority of the people I deal with think wireless is is a reliable, convenient, safe and secure form of communications. Reliable and convenient? Maybe. Safe and secure? Absolutely 100% NOT.

This is one of the topics I cover in my REAL Costa Rica Tour, and it is so very important, I have decided to add it here. Also, I cannot cover it sufficiently during a tour, so this will be a reference for my tour clients.

If this topic is of interest to you, (and it should be!), read on.

Let’s start with a quick video from The Discovery Channel!  Just click this link to open in a new window!

Scary huh? Well read on for some ideas on how to protect your (virtual) life!

It is a bit technical, but I will try to explain it in layman’s terms so far as possible. If you intend to use a wireless connection, whether in your home, an Internet cafe, a hotel, or anywhere in any country, (not just Costa Rica), then I would urge you again to read this post. I will tell you why it is not safe and secure and then I will teach you how to make it secure… or as secure as today’s technology can make it.

Let me start by repeating that using wireless, while wonderfully convenient, is just plain incredibly dangerous. In essence, what you are doing is sending information from your computer (email, files, photos, passwords, etc) through the air as a radio signal. As with any radio signal, all one needs to listen to what you are sending is a “radio”. The radio a bad person uses costs nothing.  They are free for the downloading on the Internet, and they are called “sniffers‘ or more formally, packet analyzers, network analyzers, or protocol analyzers.

With a sniffer and some other tools, also free, a semi-knowledegeable person can see pretty much everything you are doing. Some people think that protected network will save them. While there are password protection schemes that are more difficult to crack, I can assue you that most can be opened by a pro within minutes, and it is the pro who will be after data that can compromise your identity, your finances and your privacy. With a sniffer, they can see almost everything you are sending and receiving.

People think that their firewall will save them… or their anti-virus. This is not a virus we are discussing. this is invasion of your privacy. Firewall?  No help.  The bad guy is reading your data from the air.  As a side issue, most firewalls protect from attacks from the outside which is not the case here, right?  Windows XP firewall would be an example. What about data being sent FROM your PC?  It is incredibly easy for someone to put a small program on your computer, without your knowledge, that captures every keystroke you type (even if to a “secure” connection like a bank). This is then sent to the bad guy!  This little program is called a keylogger and can be downloaded for free from the Internet. It may surprise you that some companies place these on the computers of their employees to monitor their activity.  Doubtfully legal… but true. OK back on topic!

Once your data is compromised, for instance someone gets your email password, they can read all your incoming AND your saved email. Saved email (never a good idea), may contain logins and passwords to other services you use.  It may also contain stuff you prefer not be public.  Now, you have real issues.

How easy is it to know if a free hotspot is legitimate?  It is not.  Here is cool but easy trick!  A semi-knowledegable person can sit outside a hotspot (a location that offers a wireless connection) and from the comfort of his car, in some cases parked blocks away, logs in to any free service. He then creates his OWN open wireless network.  It is quite easy. You then go to the coffee shop, restaurant, etc, and you see an open network, let’s call it “Beetles Bagels Free Access”, and you login thinking it is service offered by that bagel shop.

You just logged into that person’s PC and everything you send and receive is piped right through his computer… and you never knew it.

OK…. you think you are safe because you check into an hotel and connect directly to the Internet (no wireless). As soon as you login, your data can be captured by another person on another room using the same network. Seldom do hotels or other hotspots have the hightened security required to protect guests from such intrusions.  In fact, it is likley your home connection is more secure.

Last, any time you connect to the Internet, you are connecting through the Internet Service Provider (ISP) that is used by that location to provide Internet service, and they too can see everything you send or receive. This, in reality, is pretty unlikely, but certainly is possible.

You use Voice Over IP (VOIP) to make calls, send info etc thinking they are private calls.  Think again.  These too can be easily “sniffed” and decoded.

Have I got your attention? Scary huh?

So is there any way to protect yourself…. especially when using wireless? The answer is yes, and it is really very, very effective. It does cost a bit of money, often about the same or a little more  than a good anti-virus program.  It is called a Virtual Private Network or VPN.

VPN’s

Many companies use VPN’s to protect their employee’s data when accessing the Internet from outside the office. It is common practice, but few people think of setting up such high security for themselves.  If your company has a VPN, that is fine, though many companies prohibit personal use of the Internet through the company connection (VPN).

So what does a VPN actually do? In as simple words as possible, a private network (a VPN) is created within the main network that you are using (hotel, hotspot, Internet Cafe where you connect directly not using their PC’s etc.).

The geek word for this is an “encrypted tunnel”. You have probably used a VPN and never knew it as such.  When you shop or bank online, you may be using an HTTPS:// connection to protect your data. With your own VPN, you open a secure “encrypted tunnel” from your computer the instant you login.  Therefore, it is not tied to any particular web site that you go to. Your security and privacy is always ON regardless whether  you see that  https:// or not.

Further, a VPN protects every piece of data you send and receive including VOIP, email, instant messaging, and of course browsing. All data is encrypted instantly, send to the VPN where it is decoded and sent on. Any data sent to you is likewise encrypted before coming back to you! You computer decodes it and you then see it as “normal”. Does this slow things down? Nope.  I use a VPN on my laptop and have found no significant loss of speed. As all data is decrypted in a secure data center, it is virtually impossible for your information to be intercepted.

So now you have true Internet security, whether from a hotel room or at a wireless hotspot!  Remember the guy who created his own “fake” network outside the bagel place?  No worries. He cannot even access the tunnel and even if he could, he sees nothing but highly encrypted data.  He gets nothing!

Other Benefits

I’ll mention here a few more items of interest.  A good VPN also provides you with a new IP address.  Your IP address identifies you, where you are located, your country, town, etc. Is this a problem?  It can be.  If you are in Costa Rica, you may have issues shopping online as when you order, your location is provided by your IP and often companies will not accept a credit card issued in one country if you are using it from another country. My VPN gives me a US IP address, so I now have no issues!  Any one checking see me as being in Dallas.  Further, companies like Netflix.com and others will not permit viewing of their material if you are outside the USA.  With your new US IP address, you will have no problems.  These companies “see” you as being in the USA.  Some VPN services will offer you an IP in Europe or even in Hong Kong (though I suspect you would notice a service degradation if using a VPN in Hong Kong from Costa Rica.

For you privacy/conspiracy nuts (and I know who you are!) Google, Yahoo and in fact all search engines track and record all your searches and tie them to your IP address.  So…. If they don’t have your real IP… heh, heh!

Finally, there are still countries that limit access, censor, monitor content, block VOIP services (SKYPE, etc), or restrict Internet access. A good VPN handles those issues completely. Now you can travel to Cuba!

Expensive??

You decide.  Mine costs $60.00 per year.

$5.00 per month to protect my identity and the security of my data, my email, my passwords, etc., is, quite frankly, not even worth my consideration.

Hard to set up?

I use a MacBook Pro, and setup time was 9 minutes (including the time to download the software). It was a 100% no brainer. I have not tried it on a Windows machine, but I expect it is equally as easy. I am a bit of a geek, but really, this was NOT hard.

Where do I get one?

Use a search engine.  Google, Yahoo, Bing, etc.  this:  ”personal vpn service” (quotes not needed).

You will see several companies offering VPN’s.  Check them ALL out and compare their service offerings.

Summary

I truly hope I have gotten your attention… especially but NOT limited to you wireless users. You really are at risk.

This is really important stuff, and I would urge you to consider protecting yourself. If you don’t feel comfortable doing this yourself, find a pro to help you with the install, but please, do not do nothing.

I personally bank at three Costa Rica banks: BAC San Jose,  Scotia Bank and Banco Nacional.  All were subject to various schemes that could easily cause serious security problems, especially if the customer did not use adequate security protection in their computers or worse, used Internet cafes or a wireless connection while banking online.

Now along comes Banco Nacional with a high tech but easy-to-use gadget that all but guarantees your security even if banking from an Internet cafe or using a wireless connection. I got one about three weeks ago and have since been trying to figure out how someone could get into my account. My conclusion?  They cannot or if they can, they are a whole lot smarter than I am.

If this topic interests you, read on!

So how does it work?

Well first let’s look at security at most Costa Rica banks.  Almost all use a password that must be longer than x but shorter than y numerals or numbers.  Because of their antiquated operating systems,  symbols cannot be used i.e. ^%)@ etc. Most require that you change your password regularly. but people being people, folks often choose passwords that can be “guessed”.

All have a login name as well, of course.  Logins are often easy to find, however, as they often are your cedula numbers, email address, account name… whatever.  So, if the password gets compromised (stolen),  entry to your account is not hard and you have issues. All of these things are made far worse if you are using wireless or are on a computer where a keylogger has been installed without your knowledge.

So what has Banco Nacional (BN) done that is so great? Well they still require a login and it is usually your cedula # (dumb),  passport number (dumber) or other and is thus NOT very secure.

After you enter that, you are then taken to a pop-up window that is just silly! (yeah, I know, the good part is coming!). In this window you type 4 characters and use your mouse to click 4 numerals.  Why is it silly? Because it is fully visible to anyone standing or seated anywhere near you while you are typing this stuff…  Then they have (well they had) all they needed to get into your account.

But…. here is the cool part:

If you look at the picture above left at the beginning of this post, you will see what looks like a key fob with a little window.  You get this from BN for 3,000 colones (but see below).

With this gadget BN adds a final login step which makes everything incredibly secure!  After you log in doing the same old useless stuff… you are asked for a code number.  You now press a button on the key fob (llevero in español) and enter that generated number.  Also available is a card type device (see right) for generating the code. You now have access to your account.

Why is this cool and more important, safe?  Because each number generated is “one-use”.  Even if someone sees you entering it or actually sees the number, it can never be used ever again.  This number is mathematically tied to your account, and no other llavero (or card) will work in your account.

This thing is called a token. You can either go to your local BN office and get one for 3,000 colones or, if you have them, you can use your entertainment points that you get for paying bills online.

With this new security option, I would say this places Banco Nacional miles ahead of their competition in terms of keeping your account safe. As I know many of you here must use Internet cafes, shared computers or wireless, this new gadget can now make all the difference in keeping your money safe.  In fact, until the other banks “catch up”, I would suggest using BN as your primary bank using other only for spreading the wealth.

As some of you know, several of my companies here in Costa Rica are “high tech” related, especially the web hosting business where we host thousands of customers world wide. Server and computer security are paramount issues as you might guess.

So when I got a phone call yesterday asking me my thoughts about this rash of Internet bank fraud and seeking advice, I decided rather than answer her question immediately, I would BLOG about it and maybe pass on some ideas for my readers. While this relates to the banking thing, it is really germane to ANY Internet transaction that uses passwords, bank information, credit cards or ANY confidential data.

This will not be a “techy” post. I’ll try to keep it very basic so non-techies can understand what they can do (MUST do) to avoid Internet fraud.

I am sorry, but this will be a long post, but I cannot recommend strongly enough that your read this.

If this topic interests you, read on!

First, let me begin with this. Internet banking or for that matter any Internet commerce IS inherently safe if you take responsibility for protecting your computer, protecting confidential information, and learning about Internet safety.

The problem, of course, is that many people either do not know how to do this, think it is too technical, or frankly, cannot be bothered to learn (until they lose some large green, then amazingly, they have all sorts of time!).

Connection to the Internet – Computing Environment

Of course the first thing to discuss is your connection to the Internet. Basically, there are three ways you can connect and variations of those that we won’t get into here.

• Connect via modem
• Connect by cable modem, DSL or another “always on” connection, meaning you do not have to LOGIN each time you use the Internet
• Connect via a wireless connection, meaning you have no wires hanging off your computer when actually on line. You are sending and receiving radio signals from your PC to a box often called a wireless router, most capable of handling a number of wireless computers at the same time.
• Connect via and Internet cafe or other public locations that offer use of a PC to go online.

RULE ONE: YOU SHOULD NEVER FOR ANY REASON CONNECT TO YOUR ONLINE BANK ACCOUNT (OR ANY OTHER WEB SITE THAT INVOLVES YOUR FINANCES OR CREDIT CARD INFORMATION) FROM ANY INTERNET CAFE OR PUBLIC LOCATION USING COMPUTERS OFFERED BY THE CAFE OR PUBLIC LOCATION.

RULE TWO: YOU SHOULD NEVER FOR ANY REASON CONNECT TO YOUR ONLINE BANK ACCOUNT (OR ANY OTHER WEB SITE THAT INVOLVES YOUR FINANCES OR CREDIT CARD INFORMATION) FROM ANY INTERNET CAFE OR PUBLIC LOCATION USING COMPUTERS OFFERED BY THE CAFE OR PUBLIC LOCATION.

RULE THREE: YOU SHOULD NEVER FOR ANY REASON CONNECT TO YOUR ONLINE BANK ACCOUNT (OR ANY OTHER WEB SITE THAT INVOLVES YOUR FINANCES OR CREDIT CARD INFORMATION) FROM ANY INTERNET CAFE OR PUBLIC LOCATION USING YOUR OWN LAPTOP OR OTHER COMPUTER UNLESS YOU HAVE INSTALLED THE NECESSARY SOFTWARE TO PROTECT YOUR COMPUTING ENVIRONMENT.

RULE FOUR: YOU SHOULD NEVER USE A PUBLIC WIRELESS CONNECTION AT ALL.

It is important that you understand that regardless of how you connect, the instant you connect to the the Internet, your computer is vulnerable. Note the word instant. Therefore, you must have your computer protected before you ever connect to the Internet.

If you do not, you are exposed to potentially serious issues.

Your computing environment

What do I mean by “protection”? There are two critical items.

Anti Virus

First, you absolutely MUST have a good anti-virus program on your PC. By good, I mean a program that updates itself with new virus, worm, and Trojan horse information every time you log on the the Internet. Many of the best known names say they do. They do not. Most only update what they consider to be critical. The rest are updated once per week. This is nonsense! As it is estimated that between 20-40 new virus’ are released DAILY, updating once per week is just nonsense!

There are two excellent programs available, both from Europe and can easily be configured to update the virus info as often as hourly. On all our business PC’s, we have it set to every three hours.

Kaspersky and F Secure are the names of the software that we use, and you can find links to their web sites at the bottom of this post. Just scroll on down!

**Quick note to modem users! Modems users often login and immediately start reading emails or surfing. This is a mistake. Even if you are using high quality anti-virus programs like the ones I mentioned above, it takes time to download the newest virus information. Depending on when you were last online and your connection speed, from a minute or so to maybe ten minutes! Login by modem… then WAIT until your protection has caught up with you.

Firewall

The second thing that is needed, whether you have an “always on” connection (cable, DSL, etc.) or use a modem, is a BI-DIRECTIONAL firewall.

A firewall is a program that keeps the bad guys from getting in to your PC over your connection to the Internet. Many users of Windows PC’s use the firewall that is included free in the XP or Vista Operating systems. This is not enough!

Why?

Nowadays, the use of keyloggers is everywhere and especially at public locations and Internet cafes. A keylogger is a tiny program that can be installed on your PC without your knowledge. It is ridiculously easy to do this! It can be sent in an email, downloaded from a web site you visit, hidden in a Microsoft Word document… and in many other ways!

Then, every time you touch your keyboard, this tiny program records every key stroke you make! That information is then sent over the Internet to the bad guys!

They key phrase here is: “…sent over the Internet to the bad guys!”

This means that the keylogger program must have outward bound access to the Internet in order to send the information. THAT is why you need a firewall that not only controls (blocks) what wants to come IN to your PC, but also can block what wants to get OUT of your PC without your knowledge or permission. Most firewalls (Windows XP for example) do not do this. There may be other firewalls that do so. I use a product by Checkpoint; again, there are links at the bottom of this post so you can get more information.

Wireless (inalámbrico)

Wireless is just that. Your computer transmits and receives just like a little radio station. That means anyone near you can easily intercept those radio signals and can see them on their computer. The software to do this is free on the Internet. While it is a bit more complex than a keylogger, it does not take a computer scientist to do this.

EMAIL

So you may say, “All I do is check my email!” and surf the net”.

OK… so now, the bad guys can have access to your email! THAT means they can now ask for a lost password in your name, then get or change the password and erase all trace they were there!

OK, now some users use a webmail connection!  This is very common.  Or, they use Tahoo, etc.  THEN they leave the old messages stored on their account.  NOW, when someone gets access to their email, they can read old emails… and there they can find a treasure trove of things including passwords or lost password email, etc.

RULE FIVE:  NEVER LEAVE EMAIL ON A SERVER (your email account online).  USE A GOOD EMAIL PROGRAM AND DOWNLOAD THE EMAIL TO YOUR COMPUTER AND STORE IT THERE.  Just think of what someone can find reading the past years of your emails.

Also, a really knowledgeable hacker person can get into your PC via a wireless connection! There, they can read, copy files and do other bad things. Every time I go to Bagelmans or Dennys or some hotel lobby, I see people logged on wireless thinking all is well. One day I saw a guy sitting in his car just outside one of these locations obviously using his laptop.

Was he just using the wireless for free? Probably. Right?

While there are ways to 100% protect a PC in a wireless environment, they are simply too complex for this post.

In any case… can you see the problem here? It is amazingly easy to get someone’s confidential information via the Internet.

Couple this with people who still open email that is clearly SPAM (and make no mistake, people open millions every day!) or from unknown persons, and you can see why the burden has to fall on you to protect your computing environment. Now ad a little surfing and this problem begins to take shape.

Want more? Add kids and teens! They surf everywhere and a favorite trick of hackers is to place malware (bad programs) on sites kids will be attracted to as they KNOW the kids are using mom and dad’s PC!

Passwords

Many think that using a good password and changing it regularly is enough . It is not. However, it is important to know what is a good password. For all my business access, I use complex passwords i.e. “wV1E4GJY18Ct5″. Nasty, but required in my work. Sometimes we throw in random punctuation marks as well.

However these kinds of passwords are not practical nor necessary for an average user who needs to remember the password (as everyone knows it should never be written down, RIGHT?).

So here is a little password trick.

Look around you. Find two items totally at random. From where I am writing, I can see a gourd and a table. Now, think of a number between 19-99. OK so now take that number and place it between the two words thus: gourd79table.

Now randomly capitalize 2-4 letters thus: gouRD79tAble.

You now have a pretty nasty password nearly impossible to guess and even a random password generator will never find it. Whether you use this technique or another, NEVER EVER use birthdays, names, places, ANY ID numbers of any kind for passwords. You would be flabbergasted at how much of everyones private life is already on the Internet.

Those “security test questions”

How many times have you seen a password test question something like, “What was your mother’s maiden name?” used as the test question? How dumb! Your mother’s maiden name (also probably known as your grandfather’s last name) can likely be found on hundreds of genealogy web sites or other public databases! Piece of cake for any good hacker. That is why I use the first name of the second barber who ever cut my hair as my correct answer to what was my mother’s maiden name. Let them try to find THAT out!

Summation

You must have your PC protected. I can promise you that Internet Cafes do NOT have this protection. While protecting one PC is not expensive, protecting 20-30 computers is not cheap. Also, they just do not care of course as it is not their responsibility.

• Download, install and learn to use good anti-virus and firewall software and keep them current
• Use proper passwords like those above and change them frequently
• Make sure that any time you are entering private information over the Internet that the web site is using a security certificate. You can tell this by 1. Checking for a little “lock” icon at the bottom of the web page in the browsers border. To see what I am referring to, go here.Now down at the bottom of your browser, you can see the little lock! That indicates a secure web site.Another way is to make sure the URL (web address) begins with https:// and NOT just http:// without the “s”. The “s” indicates that a security certificate is present to encrypt what you type (but remember, NOT over wireless!!)
• Avoid using wireless… period!
• Avoid using any public PC anywhere.
• If you chose to ignore this, never ever use a public PC if you will be entering even ONE piece of confidential information.
• Never open unsolicited email. Sometimes just opening an email can do damage!
• Surfing can be OK if and only if you have ALL the proper protective software installed and current on your PC.

Protection must be on your PC and for that reason, if you MUST use an Internet cafe, install these protections on your PC first and connect your PC (laptop more likely) directly (via cable) to the Internet cafe’s connection. Just about all locations offer this provision as do most hotels nowadays.

Here are links to the companies mentioned above: