Hackers steal Citibank card data

About 200,000 Citibank credit card customers in North America have had their names, account numbers and e-mail addresses stolen by hackers who broke into Citi's online account site.

Citigroup Inc said it discovered that account information for about 1% of its credit card customers had been viewed by hackers. Citi has more than 21 million credit card customers in North America, according to its 2010 annual report.

The New York-based bank, which discovered the problem during routine monitoring, didn't say exactly how many accounts were breached. Citi said it was contacting those customers.

The bank said hackers weren't able to gain access to social security numbers, birth dates, card expiration dates or card security codes. That kind of information often leads to identity theft, where cybercriminals empty out bank accounts and apply for multiple credit cards.

That can debilitate the finances and credit of victims. Citi customers could still be vulnerable other problems.

Details about their bank accounts and financial information linked to them could be acquired using the e-mail information and account numbers hackers stole.

Federal regulators have taken notice and are asking banks to improve security.

The Citi data breach was the latest in a series of recent high-profile data attacks against a number of major firms.

On June 1, Google Inc said that the personal Gmail accounts of several hundred people, including senior US Government officials, military personnel and political activists, had been breached.
On May 30, broadcaster PBS confirmed that hackers cracked the network's website and posted a phony story claiming dead rapper Tupac Shakur was alive in New Zealand.

On May 28, defense contractor Lockheed Martin Corp said it had detected a "significant and tenacious attack" against its computer networks. The company said it took swift and deliberate actions to protect the network and the systems remain secure.

Worrisome
In April, media and electronics company Sony Corp's PlayStation Network was shut down in April after a massive security breach that affected more than 100 million online accounts.

Also in April, hackers penetrated a network operated by a data marketing firm Epsilon. The company handles e-mail communications for companies like Best Buy Co and Target Corp.

The number of data breaches in the last two months sets a "high water mark," said John Ottman, CEO of Application Security Inc, a New York-based firm that specialises in securing databases, the big repositories companies use to organise account information and other data.

"Attackers have realised that most organisations have not properly protected databases," Ottman said.

The fact that the Citi hackers only got a few pieces of personal data on customers may limit what crooks can do with the information, said Susan Grant, director of consumer protection at Consumer Federation of America, a consumer advocacy group.

"But any ID theft is worrisome for consumers," she said. She believes companies are responsible for protecting their customers' information from internal and external abuse.

In an e-mailed statement, Sean Kevelighan, a spokesman for Citi said the bank is contacting affected customers and enhancing procedures to prevent a similar security breach from happening again.

"For the security of these customers, we are not disclosing further details," he said.

Hackers steal Citibank card data

About 200,000 Citibank credit card customers in North America have had their names, account numbers and e-mail addresses stolen by hackers who broke into Citi's online account site.

Citigroup Inc said it discovered that account information for about 1% of its credit card customers had been viewed by hackers. Citi has more than 21 million credit card customers in North America, according to its 2010 annual report.

The New York-based bank, which discovered the problem during routine monitoring, didn't say exactly how many accounts were breached. Citi said it was contacting those customers.

The bank said hackers weren't able to gain access to social security numbers, birth dates, card expiration dates or card security codes. That kind of information often leads to identity theft, where cybercriminals empty out bank accounts and apply for multiple credit cards.

That can debilitate the finances and credit of victims. Citi customers could still be vulnerable other problems.

Details about their bank accounts and financial information linked to them could be acquired using the e-mail information and account numbers hackers stole.

Federal regulators have taken notice and are asking banks to improve security.

The Citi data breach was the latest in a series of recent high-profile data attacks against a number of major firms.

On June 1, Google Inc said that the personal Gmail accounts of several hundred people, including senior US Government officials, military personnel and political activists, had been breached.
On May 30, broadcaster PBS confirmed that hackers cracked the network's website and posted a phony story claiming dead rapper Tupac Shakur was alive in New Zealand.

On May 28, defense contractor Lockheed Martin Corp said it had detected a "significant and tenacious attack" against its computer networks. The company said it took swift and deliberate actions to protect the network and the systems remain secure.

Worrisome
In April, media and electronics company Sony Corp's PlayStation Network was shut down in April after a massive security breach that affected more than 100 million online accounts.

Also in April, hackers penetrated a network operated by a data marketing firm Epsilon. The company handles e-mail communications for companies like Best Buy Co and Target Corp.

The number of data breaches in the last two months sets a "high water mark," said John Ottman, CEO of Application Security Inc, a New York-based firm that specialises in securing databases, the big repositories companies use to organise account information and other data.

"Attackers have realised that most organisations have not properly protected databases," Ottman said.

The fact that the Citi hackers only got a few pieces of personal data on customers may limit what crooks can do with the information, said Susan Grant, director of consumer protection at Consumer Federation of America, a consumer advocacy group.

"But any ID theft is worrisome for consumers," she said. She believes companies are responsible for protecting their customers' information from internal and external abuse.

In an e-mailed statement, Sean Kevelighan, a spokesman for Citi said the bank is contacting affected customers and enhancing procedures to prevent a similar security breach from happening again.

"For the security of these customers, we are not disclosing further details," he said.

Hackers steal Citibank card data

About 200,000 Citibank credit card customers in North America have had their names, account numbers and e-mail addresses stolen by hackers who broke into Citi's online account site.

Citigroup Inc said it discovered that account information for about 1% of its credit card customers had been viewed by hackers. Citi has more than 21 million credit card customers in North America, according to its 2010 annual report.

The New York-based bank, which discovered the problem during routine monitoring, didn't say exactly how many accounts were breached. Citi said it was contacting those customers.

The bank said hackers weren't able to gain access to social security numbers, birth dates, card expiration dates or card security codes. That kind of information often leads to identity theft, where cybercriminals empty out bank accounts and apply for multiple credit cards.

That can debilitate the finances and credit of victims. Citi customers could still be vulnerable other problems.

Details about their bank accounts and financial information linked to them could be acquired using the e-mail information and account numbers hackers stole.

Federal regulators have taken notice and are asking banks to improve security.

The Citi data breach was the latest in a series of recent high-profile data attacks against a number of major firms.

On June 1, Google Inc said that the personal Gmail accounts of several hundred people, including senior US Government officials, military personnel and political activists, had been breached.
On May 30, broadcaster PBS confirmed that hackers cracked the network's website and posted a phony story claiming dead rapper Tupac Shakur was alive in New Zealand.

On May 28, defense contractor Lockheed Martin Corp said it had detected a "significant and tenacious attack" against its computer networks. The company said it took swift and deliberate actions to protect the network and the systems remain secure.

Worrisome
In April, media and electronics company Sony Corp's PlayStation Network was shut down in April after a massive security breach that affected more than 100 million online accounts.

Also in April, hackers penetrated a network operated by a data marketing firm Epsilon. The company handles e-mail communications for companies like Best Buy Co and Target Corp.

The number of data breaches in the last two months sets a "high water mark," said John Ottman, CEO of Application Security Inc, a New York-based firm that specialises in securing databases, the big repositories companies use to organise account information and other data.

"Attackers have realised that most organisations have not properly protected databases," Ottman said.

The fact that the Citi hackers only got a few pieces of personal data on customers may limit what crooks can do with the information, said Susan Grant, director of consumer protection at Consumer Federation of America, a consumer advocacy group.

"But any ID theft is worrisome for consumers," she said. She believes companies are responsible for protecting their customers' information from internal and external abuse.

In an e-mailed statement, Sean Kevelighan, a spokesman for Citi said the bank is contacting affected customers and enhancing procedures to prevent a similar security breach from happening again.

"For the security of these customers, we are not disclosing further details," he said.

Hackers target French Finance Ministry, G-20 plans

PARIS: Hackers infiltrated French government computers in search of information about France's leadership of the Group of 20 leading economies, the country's budget minister said.

The head of France's network security agency said it was the biggest-ever hacker attack against the government.

France holds the rotating leadership of the G-20 this year and is hosting a series of meetings aimed at improving relations among the world's top economies, including the United States and China.

Other attempts to hack computers at the presidential palace, the Foreign Ministry and other ministries with information about the G-20 failed, according to the National Security Agency for Information Systems.


Those behind the attacks were after information about French financial and economic policies, said Budget Minister Francois Baroin.

Baroin said it's too early to say who was behind the attacks on Finance Ministry e-mail accounts and servers, but the authorities think they came "probably from outside" France.

"It was the information about the G-20 that interested the hackers," Baroin said in an interview on radio station Europe-1.

Officials at the Finance Ministry would not elaborate on Baroin's comments.

Network security agency chief Patrick Pailloux said "sensitive" information had been obtained in the attacks which probably began in November-December, carried out by "a number of professional, determined and persistent hackers."

Speaking on radio station France-Info, Pailloux said it was not the first time government computers had been attacked, but that "it's the first time that it has reached such proportions."

Pailloux said the attack took place late last year and the intruders infiltrated around 150 computers, out of a total 170,000 computers in France's Finance Ministry. - AP

Hackers target French Finance Ministry, G-20 plans

PARIS: Hackers infiltrated French government computers in search of information about France's leadership of the Group of 20 leading economies, the country's budget minister said.

The head of France's network security agency said it was the biggest-ever hacker attack against the government.

France holds the rotating leadership of the G-20 this year and is hosting a series of meetings aimed at improving relations among the world's top economies, including the United States and China.

Other attempts to hack computers at the presidential palace, the Foreign Ministry and other ministries with information about the G-20 failed, according to the National Security Agency for Information Systems.


Those behind the attacks were after information about French financial and economic policies, said Budget Minister Francois Baroin.

Baroin said it's too early to say who was behind the attacks on Finance Ministry e-mail accounts and servers, but the authorities think they came "probably from outside" France.

"It was the information about the G-20 that interested the hackers," Baroin said in an interview on radio station Europe-1.

Officials at the Finance Ministry would not elaborate on Baroin's comments.

Network security agency chief Patrick Pailloux said "sensitive" information had been obtained in the attacks which probably began in November-December, carried out by "a number of professional, determined and persistent hackers."

Speaking on radio station France-Info, Pailloux said it was not the first time government computers had been attacked, but that "it's the first time that it has reached such proportions."

Pailloux said the attack took place late last year and the intruders infiltrated around 150 computers, out of a total 170,000 computers in France's Finance Ministry. - AP

Hackers target French Finance Ministry, G-20 plans

PARIS: Hackers infiltrated French government computers in search of information about France's leadership of the Group of 20 leading economies, the country's budget minister said.

The head of France's network security agency said it was the biggest-ever hacker attack against the government.

France holds the rotating leadership of the G-20 this year and is hosting a series of meetings aimed at improving relations among the world's top economies, including the United States and China.

Other attempts to hack computers at the presidential palace, the Foreign Ministry and other ministries with information about the G-20 failed, according to the National Security Agency for Information Systems.


Those behind the attacks were after information about French financial and economic policies, said Budget Minister Francois Baroin.

Baroin said it's too early to say who was behind the attacks on Finance Ministry e-mail accounts and servers, but the authorities think they came "probably from outside" France.

"It was the information about the G-20 that interested the hackers," Baroin said in an interview on radio station Europe-1.

Officials at the Finance Ministry would not elaborate on Baroin's comments.

Network security agency chief Patrick Pailloux said "sensitive" information had been obtained in the attacks which probably began in November-December, carried out by "a number of professional, determined and persistent hackers."

Speaking on radio station France-Info, Pailloux said it was not the first time government computers had been attacked, but that "it's the first time that it has reached such proportions."

Pailloux said the attack took place late last year and the intruders infiltrated around 150 computers, out of a total 170,000 computers in France's Finance Ministry. - AP

Britain's Royal Navy website gets hacked

 

GONE OFFLINE: A Nov 8 screengrab made in London of the Royal Navy website which has been taken offline after it was 'compromised' by a hacker. - AP

LONDON: The website of Britain's Royal Navy has been closed after hackers gained unauthorised access to the military site.

Military computer specialists are investigating the cybersecurity breach. A statement posted on the website yesterday said it is closed for "essential maintenance."

The navy said in a statement that the website was compromised over the weekend but no damage was done. A hacker who goes by the name TinKode has claimed to have gained access to the site.

The navy said the unauthorised access gained to the "public relations" website did not compromise sensitive information. - AP

Britain's Royal Navy website gets hacked

 

GONE OFFLINE: A Nov 8 screengrab made in London of the Royal Navy website which has been taken offline after it was 'compromised' by a hacker. - AP

LONDON: The website of Britain's Royal Navy has been closed after hackers gained unauthorised access to the military site.

Military computer specialists are investigating the cybersecurity breach. A statement posted on the website yesterday said it is closed for "essential maintenance."

The navy said in a statement that the website was compromised over the weekend but no damage was done. A hacker who goes by the name TinKode has claimed to have gained access to the site.

The navy said the unauthorised access gained to the "public relations" website did not compromise sensitive information. - AP

Britain's Royal Navy website gets hacked

 

GONE OFFLINE: A Nov 8 screengrab made in London of the Royal Navy website which has been taken offline after it was 'compromised' by a hacker. - AP

LONDON: The website of Britain's Royal Navy has been closed after hackers gained unauthorised access to the military site.

Military computer specialists are investigating the cybersecurity breach. A statement posted on the website yesterday said it is closed for "essential maintenance."

The navy said in a statement that the website was compromised over the weekend but no damage was done. A hacker who goes by the name TinKode has claimed to have gained access to the site.

The navy said the unauthorised access gained to the "public relations" website did not compromise sensitive information. - AP

The Hidden Downside of Wireless Networking

Wi-Fi can cause big trouble--and you may not even know it. Here's how to keep the hackers at bay.

Going wireless offers a panoply of attractive benefits to school districts. Because you don't have to run cables to every classroom, it's cheaper to deploy a wireless network than an old-fashioned wired network. Wireless makes it more convenient for administrators, teachers and students to connect.

But there's a perilous downside: A wireless network is easier for hackers to break into. Without the proper security measures, going wireless means opening a gaping hole in your computer systems' defenses.

Worse, you may already have a wireless security problem-even if your technology staff hasn't deployed a single wireless access point. At many school districts, parents and teachers have installed unofficial Wi-Fi hotspots that connect to the school's existing wired network. (Wi-Fi, short for "wireless fidelity," is the trade name for a family of wireless networking standards.) In so doing, they may have inadvertently compromised the school's network, and your district's IT staff may be none the wiser.

Rogue Hotspots
Charlie Garten, the former chief information officer for the Poway Unified School District in southern California, says his district's struggles with Wi-Fi security began as early as 2002. "We weren't surprised that there were ways to jump over our firewall using wireless," says Garten, who retired in 2005. "We were caught a little bit by surprise by the number of rogue access points that had been plugged in." In some cases, his staff would receive complaints about network slowdowns at a school; on investigating, they would find as many as 10 Wi-Fi hotspots that had been installed without the IT department's knowledge. "Well-meaning people wanted to get more access for the kids, but they didn't understand all the consequences of just throwing in a bunch of wireless access points," adds Garten.

In the Palo Alto (Calif.) Unified School District, the security holes introduced by rogue hotspots had a much more public and embarrassing effect. Located in the heart of tech-savvy Silicon Valley, Palo Alto's parent community includes many people who work for companies that supply Wi-Fi equipment. As a result, these parents brought wireless networking into their children's schools at a very early stage.

"We had open networks. When they were first installed, folks could sit in the parking lot if they wanted to get some access," says Marie Scigliano, the director of technology for the district. Scigliano's staff was aware of the security problem but hadn't been able to address it completely when, in the summer of 2003, a local reporter found that she could access the district office's network through an unsecured Wi-Fi connection. Worse, the reporter was able to log on to the student information system and download students' grades, phone numbers, home addresses, medical information, psychological evaluations and even full-color photos.

The district quickly took the network offline and began correcting the problem, according to Scigliano. "We came back up with secure networks, logons, authentication and so forth," she says. However, the story received wide national coverage-thanks in part to the severity of the breach-causing a significant public relations problem for the school.

While the reporter didn't publish or alter student records, press reports noted that it would have been easy for her to do so, if she had been a more malicious hacker. That in turn would have exposed the district to serious liability problems and could possibly have put its students in danger.

Steps for Safer Wi-Fi Wireless doesn't have to be a security nightmare. Here are some tips from Brian Hernacki, an architect with Symantec Research Labs, on how you can keep your Wi-Fi network safe and sound: Turn on encryption Set your network to use Wired Equivalent Privacy or even stronger Wi-Fi Protected Access encryption, which encodes every transmission on the network, making it harder for hackers to "sniff" the data as it goes by. Neither form of encryption will keep hackers out entirely, but they set the bar a lot higher. If you use WEP, make sure you use a 128-bit key, which requires a 26-character pass phrase. WPA is harder to crack and uses easier-to-remember passwords for access, so it's a better choice if your equipment supports it. Limit access Wi-Fi networks can be configured to accept connections only from certain computers, using those computers' Media Access Control addresses, a unique number that's attached to the network adapter in every piece of networked equipment. MAC addresses are difficult to spoof, so limiting access to certain MAC addresses helps you ensure that you control who's on your network.

On the down side, you need to maintain an up-to-date list of permitted machines. Require usernames and passwords Configure your network so that users can gain access only with the proper username and password. If you issue unique usernames to each student, teacher and administrator, you'll be able to track any misuse of the system. Because people may share passwords with each other, be sure to change these every month or every quarter. Keep the network inside By carefully locating Wi-Fi routers and using directional antennas (which focus the signal in a particular direction), you may be able to limit the accessibility of your network outside school grounds. This will make it harder for hackers to do their dirty work unobserved. Turn it off at night Turning off the Wi-Fi network after-hours means that hackers will need to make their intrusion attempts during the day, when they're more likely to be noticed by staff or students. Educate your staff Make sure teachers and administrators are aware of the security risks of using Wi-Fi. For the maximum security, permit access to student information systems (such as grades databases) via wired networks only, and ensure that computers connecting to these systems do not also have Wi-Fi capability.

Read more »

The Hidden Downside of Wireless Networking

Wi-Fi can cause big trouble--and you may not even know it. Here's how to keep the hackers at bay.

Going wireless offers a panoply of attractive benefits to school districts. Because you don't have to run cables to every classroom, it's cheaper to deploy a wireless network than an old-fashioned wired network. Wireless makes it more convenient for administrators, teachers and students to connect.

But there's a perilous downside: A wireless network is easier for hackers to break into. Without the proper security measures, going wireless means opening a gaping hole in your computer systems' defenses.

Worse, you may already have a wireless security problem-even if your technology staff hasn't deployed a single wireless access point. At many school districts, parents and teachers have installed unofficial Wi-Fi hotspots that connect to the school's existing wired network. (Wi-Fi, short for "wireless fidelity," is the trade name for a family of wireless networking standards.) In so doing, they may have inadvertently compromised the school's network, and your district's IT staff may be none the wiser.

Rogue Hotspots
Charlie Garten, the former chief information officer for the Poway Unified School District in southern California, says his district's struggles with Wi-Fi security began as early as 2002. "We weren't surprised that there were ways to jump over our firewall using wireless," says Garten, who retired in 2005. "We were caught a little bit by surprise by the number of rogue access points that had been plugged in." In some cases, his staff would receive complaints about network slowdowns at a school; on investigating, they would find as many as 10 Wi-Fi hotspots that had been installed without the IT department's knowledge. "Well-meaning people wanted to get more access for the kids, but they didn't understand all the consequences of just throwing in a bunch of wireless access points," adds Garten.

In the Palo Alto (Calif.) Unified School District, the security holes introduced by rogue hotspots had a much more public and embarrassing effect. Located in the heart of tech-savvy Silicon Valley, Palo Alto's parent community includes many people who work for companies that supply Wi-Fi equipment. As a result, these parents brought wireless networking into their children's schools at a very early stage.

"We had open networks. When they were first installed, folks could sit in the parking lot if they wanted to get some access," says Marie Scigliano, the director of technology for the district. Scigliano's staff was aware of the security problem but hadn't been able to address it completely when, in the summer of 2003, a local reporter found that she could access the district office's network through an unsecured Wi-Fi connection. Worse, the reporter was able to log on to the student information system and download students' grades, phone numbers, home addresses, medical information, psychological evaluations and even full-color photos.

The district quickly took the network offline and began correcting the problem, according to Scigliano. "We came back up with secure networks, logons, authentication and so forth," she says. However, the story received wide national coverage-thanks in part to the severity of the breach-causing a significant public relations problem for the school.

While the reporter didn't publish or alter student records, press reports noted that it would have been easy for her to do so, if she had been a more malicious hacker. That in turn would have exposed the district to serious liability problems and could possibly have put its students in danger.

Steps for Safer Wi-Fi Wireless doesn't have to be a security nightmare. Here are some tips from Brian Hernacki, an architect with Symantec Research Labs, on how you can keep your Wi-Fi network safe and sound: Turn on encryption Set your network to use Wired Equivalent Privacy or even stronger Wi-Fi Protected Access encryption, which encodes every transmission on the network, making it harder for hackers to "sniff" the data as it goes by. Neither form of encryption will keep hackers out entirely, but they set the bar a lot higher. If you use WEP, make sure you use a 128-bit key, which requires a 26-character pass phrase. WPA is harder to crack and uses easier-to-remember passwords for access, so it's a better choice if your equipment supports it. Limit access Wi-Fi networks can be configured to accept connections only from certain computers, using those computers' Media Access Control addresses, a unique number that's attached to the network adapter in every piece of networked equipment. MAC addresses are difficult to spoof, so limiting access to certain MAC addresses helps you ensure that you control who's on your network.

On the down side, you need to maintain an up-to-date list of permitted machines. Require usernames and passwords Configure your network so that users can gain access only with the proper username and password. If you issue unique usernames to each student, teacher and administrator, you'll be able to track any misuse of the system. Because people may share passwords with each other, be sure to change these every month or every quarter. Keep the network inside By carefully locating Wi-Fi routers and using directional antennas (which focus the signal in a particular direction), you may be able to limit the accessibility of your network outside school grounds. This will make it harder for hackers to do their dirty work unobserved. Turn it off at night Turning off the Wi-Fi network after-hours means that hackers will need to make their intrusion attempts during the day, when they're more likely to be noticed by staff or students. Educate your staff Make sure teachers and administrators are aware of the security risks of using Wi-Fi. For the maximum security, permit access to student information systems (such as grades databases) via wired networks only, and ensure that computers connecting to these systems do not also have Wi-Fi capability.

Read more »

The Hidden Downside of Wireless Networking

Wi-Fi can cause big trouble--and you may not even know it. Here's how to keep the hackers at bay.

Going wireless offers a panoply of attractive benefits to school districts. Because you don't have to run cables to every classroom, it's cheaper to deploy a wireless network than an old-fashioned wired network. Wireless makes it more convenient for administrators, teachers and students to connect.

But there's a perilous downside: A wireless network is easier for hackers to break into. Without the proper security measures, going wireless means opening a gaping hole in your computer systems' defenses.

Worse, you may already have a wireless security problem-even if your technology staff hasn't deployed a single wireless access point. At many school districts, parents and teachers have installed unofficial Wi-Fi hotspots that connect to the school's existing wired network. (Wi-Fi, short for "wireless fidelity," is the trade name for a family of wireless networking standards.) In so doing, they may have inadvertently compromised the school's network, and your district's IT staff may be none the wiser.

Rogue Hotspots
Charlie Garten, the former chief information officer for the Poway Unified School District in southern California, says his district's struggles with Wi-Fi security began as early as 2002. "We weren't surprised that there were ways to jump over our firewall using wireless," says Garten, who retired in 2005. "We were caught a little bit by surprise by the number of rogue access points that had been plugged in." In some cases, his staff would receive complaints about network slowdowns at a school; on investigating, they would find as many as 10 Wi-Fi hotspots that had been installed without the IT department's knowledge. "Well-meaning people wanted to get more access for the kids, but they didn't understand all the consequences of just throwing in a bunch of wireless access points," adds Garten.

In the Palo Alto (Calif.) Unified School District, the security holes introduced by rogue hotspots had a much more public and embarrassing effect. Located in the heart of tech-savvy Silicon Valley, Palo Alto's parent community includes many people who work for companies that supply Wi-Fi equipment. As a result, these parents brought wireless networking into their children's schools at a very early stage.

"We had open networks. When they were first installed, folks could sit in the parking lot if they wanted to get some access," says Marie Scigliano, the director of technology for the district. Scigliano's staff was aware of the security problem but hadn't been able to address it completely when, in the summer of 2003, a local reporter found that she could access the district office's network through an unsecured Wi-Fi connection. Worse, the reporter was able to log on to the student information system and download students' grades, phone numbers, home addresses, medical information, psychological evaluations and even full-color photos.

The district quickly took the network offline and began correcting the problem, according to Scigliano. "We came back up with secure networks, logons, authentication and so forth," she says. However, the story received wide national coverage-thanks in part to the severity of the breach-causing a significant public relations problem for the school.

While the reporter didn't publish or alter student records, press reports noted that it would have been easy for her to do so, if she had been a more malicious hacker. That in turn would have exposed the district to serious liability problems and could possibly have put its students in danger.

Steps for Safer Wi-Fi Wireless doesn't have to be a security nightmare. Here are some tips from Brian Hernacki, an architect with Symantec Research Labs, on how you can keep your Wi-Fi network safe and sound: Turn on encryption Set your network to use Wired Equivalent Privacy or even stronger Wi-Fi Protected Access encryption, which encodes every transmission on the network, making it harder for hackers to "sniff" the data as it goes by. Neither form of encryption will keep hackers out entirely, but they set the bar a lot higher. If you use WEP, make sure you use a 128-bit key, which requires a 26-character pass phrase. WPA is harder to crack and uses easier-to-remember passwords for access, so it's a better choice if your equipment supports it. Limit access Wi-Fi networks can be configured to accept connections only from certain computers, using those computers' Media Access Control addresses, a unique number that's attached to the network adapter in every piece of networked equipment. MAC addresses are difficult to spoof, so limiting access to certain MAC addresses helps you ensure that you control who's on your network.

On the down side, you need to maintain an up-to-date list of permitted machines. Require usernames and passwords Configure your network so that users can gain access only with the proper username and password. If you issue unique usernames to each student, teacher and administrator, you'll be able to track any misuse of the system. Because people may share passwords with each other, be sure to change these every month or every quarter. Keep the network inside By carefully locating Wi-Fi routers and using directional antennas (which focus the signal in a particular direction), you may be able to limit the accessibility of your network outside school grounds. This will make it harder for hackers to do their dirty work unobserved. Turn it off at night Turning off the Wi-Fi network after-hours means that hackers will need to make their intrusion attempts during the day, when they're more likely to be noticed by staff or students. Educate your staff Make sure teachers and administrators are aware of the security risks of using Wi-Fi. For the maximum security, permit access to student information systems (such as grades databases) via wired networks only, and ensure that computers connecting to these systems do not also have Wi-Fi capability.

Read more »