How the KRACK attack on wireless WPA security affects you.

This issue just hit the news today, on every single computer blog and forum in existence. It does affect you, even if you're only using Wi-Fi in the nearest coffee shop or library hotspot.

Here are some reputable links if you want the technical details:

Tech Crunch

Naked Security

PC Magazine

To translate, it is possible for a bad actor to intercept any communication between your Wi-Fi device and nearly any wireless access point or hot-spot. You should act accordingly.  The researchers who found this apparently didn't give any heads-up to the device manufacturers, they just released full details of how the vulnerability works and how to duplicate their attack, and you can bet that there are people world wide who are using this attack as you read this. Believe me, anybody can do this and it takes very little technical skill, but they must be within range of your Wi-Fi router.

Protecting Your Computer Is Not Optional

 

This is geared more for the home computer user. I've encountered a lot of individuals who have no protection on their home computer, or who use the free version of an anti-virus program. The free versions of most anti-virus programs are usually junk. Better than nothing, but junk nevertheless. Using an ineffective AV program will lull you into being complacent about security. You need something really good to protect yourself.

There is no question, your computer is a valuable commodity to a bad guy who can gain control of it. The "I don't do anything dangerous" excuse doesn't work. Indeed you do many things that expose you and your computer to danger, and you must take responsibility to protect yourself.

Allow me speculate about how you may use you personal computer:

  • Your computer is connected to the internet, and is on for several hours a day.
  • You play games, one of which is a really nifty on-line version of solitaire.
  • You use your computer to record personal financial information, and pay some bills on line.

When should you run chkdsk

I service and support a lot of computers for my clients, and I often encounter unexplained situations with program misbehavior that I eventually resolve by running the chkdsk program in Windows. If you're a complete novice, Chkdsk, with its most commonly used options, checks the integrity of the internal directory that the operating system uses to record and control the locations where files are stored on the hard drive. Chkdsk (pronounced "check-disk") goes way back in history to the earliest versions of Microsoft operating systems, and although it has changed to some extent at least on the surface, it's the same program.

Getting cron jobs to work on Bluehost

 
As you may know, this site is created using the Joomla! Content Managment System program. CMS programs such as Joomla! or Wordpress make it easy to create new content and post it very quickly. CMS systems usually use three different programs to do their magic: the Apache web server, MySQL database and PHP language. By using these three interrelated programs, dynamic content is possible, so changing a database will change the web site instantly. Very cool stuff.
 
The site hosted on Bluehost, with which I have had an uneven relationship. Sometimes everything is great and support is fast, other times they will point blank refuse to help for no logical reason. This is one of the latter situations. A critical management function is to automate some maintenance tasks on schedule. When using Linux, these tasks are called cron jobs.

Advice on securing a Joomla! website

One year ago, I was struggling through a couple of episodes where my website (the one you're on right now) was hacked. I am using a program called Akeeba Backup, which in my humble opinion is absolutely mandatory for anybody using Joomla! My site is backed up automatically every night.

I would come into the office on Monday morning (always) and pull up my site using Internet Explorer and bang! Kaspersky Anti-virus would give a warning and refuse to load the site because it was infected. So I would get into the site backend administration and take my site off line, then into the host with cpanel and run through the Akeeba Kickstart process to completely wipe and replace the site with a backup from a couple of days before. I lost some information, not a lot, but it was stressful and I didn't want to have my site blacklisted as insecure. 

I researched solutions for this issue, first turning to the generic security recommendations here: https://docs.joomla.org/Security_Checklist