Anne: Yes. Just last week I was sitting in my local Starbucks, where they offer wifi hotspots from T-Mobile. In order to log into a T-Mobile hotspot, you must have an account with T-Mobile, for which you must pay.

Even though I don't use the T-Mobile hotspots, I always check (with my laptop) to see what wifi hotspots are available at any given location because, well, that's part of my beat.

Sure enough, users at that Starbucks who opened their laptops and searched for a local wifi Internet connection were presented with the option of "T-Mobile Hotspot," as they should be, but were also presented with a second option, called "Free Wifi from Team WiFi," which I am 99% certain was an evil twin (and indeed Starbucks confirmed that there was no special offer going on which would have otherwise explained that second hotspot).

Now, notice a few things about this second, uninvited hotspot. First, it uses the term "free wifi." Who wouldn't want to use that, especially compared to the T-Mobile hotspot, where you have to pay?

Second, though, note the friendly and familiar sounding "Team WiFi." By using familiar terms for their evil twin, along with telling people it is free, they are making it very easy for an unsuspecting user to go ahead and click and connect to that evil twin. In fact, users may just think that it's a special offer from the T-Mobile Hotspot people.

Sure enough, Audri, this evil twin caught some people. As the gentleman who was sitting next to me got up to leave, after being on his computer for quite some time, I asked him whether he had logged in to the Internet while he was there.

When he said that he had, I asked him whether he was a T-Mobile user. "Oh no," he replied, "they have a free wifi hotspot set up here."

I advised him that it was almost certainly an evil twin, and that if he had done anything online while logged in through that "free" hotspot which might have compromised any sensitive information, he should take immediate measures to remedy the situation, such as changing any passwords he had sent while logged in.

At this point your readers may be wondering why I didn't alert the authorities. And this is why user education is so very important.

There really was nobody for me to effectively alert. I could have called the police, but they would not have had the resources to even figure out where this evil twin was located, let alone to figure out who and how it was being done. The best thing I could do at that point was to let people know not to use that hotspot.

1. When in doubt, don't do it. These scammers are good. This is how they make their living. If you don't feel comfortable trying to detect and outwit the scammers, then don't do anything at a WiFi hotspot. Certainly don't enter any passwords, credit card numbers, etc. Save that work for when you have a direct connection. I'm not saying you should never use WiFI; I'm saying that if you don't want to take the time to learn how to protect yourself, then you should never use WiFi.


2. Always download the latest security updates from Windows Update. Set up your machine to download the updates automatically. Don't tell me you're too busy. If you're too busy, then stay off WiFi. In fact, stay off the Internet, period. The scammers are working hard to find new victims, and you're volunteering to be one. And don't tell me that the updates "break" your machine. While I'll grant that's possible, it's most likely something you're doing wrong, and you need to fix. I've had automatic updates activated on all of my machines for years, and I've never had a problem.


3. Turn on your Windows firewall.


4. Download and install Windows Defender.


5. Install a good antivirus/Internet security package, such as McAfee or Symantec, and keep it up to date.


6. Install a spyware blocker like Ad-Aware or Spybot. In fact, install both of them. They're free, and they seem to complement each other well. And yes, Windows Defender and McAfee and Symantec all have adware/spyware blockers as well; but since each product has its own strengths and weaknesses, it can't hurt to have multiple layers of protection.


7. Despite my advocating Ad-Aware and Spybot, be careful with "free" software. Software takes time to develop. Time is money. Although we programmers will often write code for fun or passion, the most common motivation is money. If someone's offering it to you for free, it's very likely because he hopes to make money somewhere else. In many cases, that's by selling ads through adware/spyware; but sometimes, it's by installing viruses and keyboard recorders to steal your banking information. If you're installing "free" software, make sure you trust the company or person that's providing it.


8. Change your WiFi settings to Paranoid (i.e., safe). This will involve several steps:
   
   
   
   1. Open up your network connections by selecting Show All Connections from your Start menu:
      
      
      
   
   
   2. When you see the Network Connections dialog, right-click your wireless connection and select Properties:
      
      
      
   
   
   3. You should see the Wireless Network Connection Properties dialog:
      
      
      
      Switch to the Wireless Networks tab:
      
      
      
   
   
   4. Click the Advanced button to open the Advanced wireless settings dialog:
      
      
      
      This lets you choose from three different ways to access WiFi networks:
      
      
      
      
      • Any available network (access point preferred). This means that you will connect either to wirless hubs or to other wireless computers, but you'll prefer wireless hubs.
      
      
      • Access point (infrastructure) networks only. This means that you will connect only to wirless hubs.
      
      
      • Computer-to-computer (ad-hoc) networks only. This means that you will connect only to other wireless computers.
      
      
      
      Unless you know you're intending to work with friends or coworkers and plan to meet somewhere without a WiFi network, it's always a bad idea to connect to other wireless computers. That's the easiest way to get viruses; and it's a very easy way to get hoodwinked by an Evil Twin: the scammer doesn't even have to set up a hub, just rename his computer to look like a network. The Paranoid setting here is Access point (infrastructure) networks only. Choose that one unless you're sure you have a reason not to.
      
      This dialog also has a check box: Automatically connect to non-preferred networks. For added Paranoia, make sure that box isn't checked.
      
      When you're done in this dialog, click Close. But don't close the Wireless Network Connection Properties dialog. You'll do more work there in the next step.
      
   
   
   
   
9. Next you want to disable automatic connection to all of your WiFi networks, or at least to most of them. Your home network is probably safe, as are those of your friends, and your office; but even in those places, if there are neighbors nearby, there's the chance of an Evil Twin. So the Paranoid (i.e., safe) approach is to only make manual connections. Now if you're like me, you probably already have a number of known Wireless connections; and if Evil Twins are as new to you as they are to me, then those are probably set up for automatic connection. So you'll need to switch those to manual, following these steps for each network:
   
   
   
   
   1. In the Wireless Network Connection Properties dialog, select the network you would like to change:
      
      
      
      After you select the network, click Properties. You should see the Properties dialog for the selected network:
      
      
      
   
   
   2. Select the Connection tab:
      
      
      
      Uncheck the box that says Connect when this network is in range, and then click OK.
      
      Repeat this for every wireless network. Then click OK in the Wireless Network Connection Properties dialog as well.
      
   
   
   
   
   Once you've disabled automatic connection, you'll need to connect manually to any network. To do this, right-click the wireless network connection icon and select View Available Wireless Networks:
   
   
   
   You'll see the Wireless Network Connection dialog:
   
   
   
   Select the network you want to connect to, and click Connect.
   


10. While you're in the Wireless Network Connection dialog, search for Evil Twins. If you see two networks with the same name, one is probably an Evil Twin. If you see a network with a seductive name like "Free Wifi from Team WiFi," that's probably an Evil One. Here's a hint: Internet service isn't free. If a cafe or restaurant or hotel puts in WiFi service, it's because they're hoping it will bring them customers. And the only way it can bring them customers is if customers know about it. That means they'll advertise it with signs on the wall or the front door. If you don't see an advertisement for it, it's probably an Evil One. And if there's both a fee-based service like T-Mobile and a "free" service, the "free" service is almost conclusively an Evil One. When in doubt, ask the management. If they don't know about it — or they're clueless and say, "I don't know anything about the wireless" — assume it's an Evil One.


11. If you think you've found an Evil Twin or an Evil One, I disagree with Ms. Mitchell: inform your Attorney General. They get our tax follars to pursue cybercrime, but they can't be everywhere. If they don't know about the crime, they can't pursue it. Maybe nothing will come of it, and the criminals may keep commiting their crimes; but if no one does anything, then they will keep commiting their crimes. I understand why Ms. Mitchell would inform other patrons that they were at risk. Of course, it takes some chutzpah to start telling random strangers in a cafe that they're at risk; and worse, it may also upset the scammer, and he may take steps to shut you up. And even if you inform the management, it's possible that someone in management is the scammer. I think it's best to leave law enforcement to the law enforcement authorities. Tell your AG.

1. Microsoft hasn't had a chance to test this on nearly as many machines and configurations as they would like.


2. In particular, Microsoft hasn't had a chance to regression test this. Regression testing is a way of testing that no old bugs have somehow been reintroduced in the process of fixing a new bug.


3. It may take a little more expertise to install than does a usual set up program.


4. Microsoft has to be sure that you get the version of the hotfix that's right for your operating system. (XP isn't the only OS where they found this problem.)


5. Microsoft can't support the hotfix. If you must have it, they strongly encourage you to do a thorough backup before installing it.


6. Microsoft strongly discourages you from installing the hotfix unless you're actually suffering from the problem it was designed to fix. For instance, most people never hibernate desktops, and not all laptops or Tablets are experiencing this problem, so don't apply the hotfix to those!

So liberty and diversity may well be at odds, and the tensions between them aren't always easily resolved. But the rhetoric of cultural preservation isn't any help. Again, the contradictions are near to hand. Take another look at that Unesco Convention. It affirms the "principle of equal dignity of and respect for all cultures." (What, all cultures - including those of the K.K.K. and the Taliban?) It also affirms "the importance of culture for social cohesion in general, and in particular its potential for the enhancement of the status and role of women in society." (But doesn't "cohesion" argue for uniformity? And wouldn't enhancing the status and role of women involve changing, rather than preserving, cultures?) In Saudi Arabia, people can watch "Will and Grace" on satellite TV - officially proscribed, but available all the same - knowing that, under Saudi law, Will could be beheaded in a public square. In northern Nigeria, mullahs inveigh against polio vaccination while sentencing adulteresses to death by stoning. In India, thousands of wives are burned to death each year for failing to make their dowry payments. Vive la difference? Please.