toggle.org, TOGGLE On-line Newsletter

Number 311 - April 2009

Why security precautions are necessary
By Bob de Violini,. Channel Islands PCUG, California www.cipcug.org, rjddev (at) gmail.com This article has been obtained from APCUG with the author's permission for publication by APCUG member groups; all other uses require the permission of the author (see e-mail address above).
First off for the holidays, there's a story that illustrates just why you should always enable encryption on your wireless router (for those who use one) AND why you should be leery of any public computer for Web sites you need a password to access. A college student in Kentucky has been charged with identity theft, among other crimes, for planting malware on computers in his school's library. The malware was a keystroke logger that captured user names and passwords for any pages fellow students logged into. He then used this information to access their e-mail accounts and send out e-mails attempting to extort these same fellow students. He also used an unsecured wireless router to access these accounts, making it look as if some-one else were actually sending the e-mails. The attempted extortion took the form of a threat to divulge personal information the thief had stolen from the compromised e-mail accounts. That leads me to our next item, WPA encryption. As of the beginning of November, a pair of computer security re-searchers in Europe disclosed a technique they'd developed to partially hack WPA encryption used by a great number of wireless routers today. Before anyone thinks the sky is falling, rest assured it isn't. Their hack involves only the traffic being sent from the router to a computer and only a small number of data packets can be cracked before the router resets its encryption. However, it is enough to be able to send just enough rogue data to a computer to compromise it with any number of known vulnerabilities. Specifically, it involves the TKIP protocol that WPA and WPA2 are allowed to use.The specifics of just how this trick is accomplished have been made available to hackers in many areas of the Internet, so it's just a matter of time before it begins spreading. TKIP and AES encryption are selectable by the user in many wireless router configurations, and some have WPA with TKIP selected by default. I strongly recommend you check your wireless router's encryption configuration, and if it's set to use WPA with TKIP, you switch to WPA2 with AES if at all possible. This is especially important if you use a wireless router to run a network for a business. I have my Linksys wireless router set to use WPA2 with AES encryption. AES is significantly harder to crack than the older TKIP protocol. One final note on this, however. For AES encryption to work, both the router and the network adapter in the computer must be able to use it. Some older hardware may not support AES encryption, so an upgrade may beneeded. If you'd like some more information, please drop me a line at the email address at the top of this article, and I'll gladly send you a link or two. Scare of the month department Even though Halloween has already passed, we have the Scare of the Month Department chiming in with some news. There is a new phishing e-mail making the rounds disguised as a warning from the U.S. Federal Reserve. The message bears the usual dire warning of a scam and	contains links for readers to follow to get more information. However, there are a few clues that give the message away as a hoax, the biggest one being poor grammar. The links in the e-mail lead unsuspecting readers to a fake site that will redirect them to a search page for porn, which will download a PDF file with malware to their computer. The malware comes in various forms, including one that attempts to make your computer a member of a botnet. A brief notice can be had here, courtesy of USCERT: http://tinyurl.com/66lzv9. The link does go to the USCERT site; I just used Tiny-URL to shorten the URL's length. Patches Galore Department As I mentioned above, there have been some exploits on the loose for a bit for Adobe Acrobat, and the full program and the reader have been updated as a result. The latest versions are 8.1.3 and 9.0. Adobe has also updated its Flash player, standard fare in most browser installations, to version 10.0.12.36 to patch publicly reported vulnerabilities last month as well. Not to be outdone, Mozilla has also issued a patch for its Firefox browser and Thunderbird e-mail client. These patches address several bugs that have been brought to light in the past month to month and a half. The latest iterations of Firefox are 2.0.0.18 and 3.0.0.4. The latest version of Thunderbird is 2.0.0.18. I have read reports of some problems with version 3.0.0.4 and 2.0.0.18 of Firefox, with most of the reports being about version 3.0.0.4. The solution for those having problems after upgrading to3.0.0.4 has been to go back to 3.0.0.3. I have updated my version to 2.0.0.18 and have had no problems. Some patches take longer than others to develop and test, however. One of the patches issued by Microsoft on November's Patch Tuesday took them seven years to develop and test. The bug it patched was first reported by a security researcher in March 2001. Microsoft claims that it tried patching it when it was first reported but wound up killing off most networking applications with the patches when they underwent testing. However, they didn't give up and finally found a way to patch the vulnerability earlier this year. While we're speaking of Microsoft, it has announced plans to abandon its One Care concept of computer protection service and develop free anti malware applications for release in 2009. The new concept is code named "Morro." As usual, folks are coming down on both sides of pro and con when it comes to this development. Microsoft hasn't given a firm release date for the new software, but has said that One Care will come to an end on June 30. Well, that's all for now. Here's wishing everyone a joyous Holiday season and a Happy New Year! Always practice safe computing by keeping your applications and your anti-malware applications fully up to date. Make sure to run your anti-malware scanner(s) once a week, even if they don't flag anything in between scans.
Number 311 - April 2009