Snow – So Pretty!

It is so pretty outside today, snowing like crazy, it is so nice to see, finally.  Here in Canada, everyone is usually so sick of snow by this time of year, that they pray for spring, but this year they pray for snow. All we’ve seen is rain and more rain, since the last snow storm just before Christmas, when the snow melted in a day or two, to be replaced by rain.


We’ve had so much rain, the grass is starting to grow, and my roses starting to bud.  The grass almost needs mowing, but that would really kill it, because in this climate it is inevitable that it will get cold again.  I am hoping the grass and plants survive this early growth when spring finally arrives. If I have to live with winter, and cold miserable weather, then I want to see snow. 


I remember a year when we had snow all winter, it didn’t melt until spring.  The kids had so much fun that year, what can they do when all we have is cold and rain.  I miss the snow this year, rain doesn’t do anything for me at all, except make my joints ache.  The rain can come back in the spring, to help the plants and trees grow with outside temperatures around 75° F (~22° C), much better than just above freezing.


Ahhh snow……

EZ Armor Subscription "Expires" – Yes Dies

On the eve of the execution of the Kama Sutra worm my EZTrust AV and Firewall by Computer Associates, stopped working. 


An IE window from Digital River kept popping up asking me to pay for my renewal and tellingn me I had no AV or Firewall.  I had already paid an annual renewal fee on December 15, 2005.  I checked the expiry date marked on the software and yes it said that their software expired on 02/02/2006.  Not a good deal for an “annual” fee that lasts only 6 weeks. 


The end of November 2005 I started being harrassed everytime I logged in to my computer by IE popups asking me to renew my annual subscription for EZArmour, and also offering me a deal to upgrade to Computer Associates EZ Internet Security Suite, if I renewed then.  The expiry date for EZArmour was December 23, 2005.  I wrote their customer service dept. and asked why I should renew before my subscription expired because I had lost almost a month when I renewed the previous year.  (The previous year, my subscription was to expire at the end of January 2005. I renewed on December 23, 2004 and they set my annual renewal date to December 23rd, so I lost a month of the “annual fee” I had paid the previous year. )


They responded saying that they would make sure the expiry date was December 23, 2006, if I downloaded their software then.  So I went to the website that handles renewals: Digital River.com on December 15, 2005 and renewed, only to find that they would only allow me to download EZArmour, not the upgrade they had been harrassing me with.  So I wrote customer service again.  I finally was given a download link to receive EZ Internet Security Suite and a new License Key.  After downloading and installing the software, it again “expired” several times, on several different days. After writing Customer Service 3 times, the IE popups asking me to renew, finally stopped….until February 2, 2006.


Then all of a sudden on February 2nd at 5:47 pm, an IE window from Digital River, started popping up which contained my information, my license key and credit card information, asking me to pay my renewal fee by agreeing that they could charge my credit card.  I immediately wrote customer service.  As the hours passed,  knowing I had no protection from the kama sutra worm I installed AVG free in the interim and sent another email to customer service.  I also tried the other license key I had been given by customer service when I renewed, but it also showed that it had expired 02/02/2006.  I tried re-installing the software, but no dice, it still had “expired” that day. 


The evening wore on, and after IE popping up several times asking me to renew, I found a notice on their website, that they had a “glitch” in their updates that day that had failed to take, and asking people not to write to customer service about it.  My AV wasn’t working, neither was my firewall…a glitch you say…if the worm had managed to get on my PC …


Well, I wrote customer service again anyway, as I found it outrageous that they didn’t care what they had done, so much so that they didn’t want to hear about it.  They did not mention in the notice that people had no AV or Firewall, or apologize for it. 


Finally I shut down for the night and when I logged in the following day, the expiry date had changed back to December 23, 2006 and it appeared that my AV and Firewall were functioning normally. 


However, since then I get a daily popup asking me to register my software.  I registered it on February 3rd then again on the 4th and again on the 5th. 


The “glitch” certainly could have caused many people to be infected by the Kama Sutra worm, and many other viruses or trojans. To top it all off, I have yet to hear from customer service about any of the emails I sent that day.  I just hope that no one paid them money to renew, when it wasn’t their renewal date. If they did, I hope they ask for a refund plus interest.


I am really getting tired of Computer Associates and their EZ line of products. Though the products are good, after all the harrassment, and now the “glitch” which prevented the software from functioning for a number of hours, I will certainly think twice before I renew again.  For now, I will continue to use the EZ Internet Suite because I have paid for it, but will also keep AVG free on hold, in case there is another “glitch”.


 


 


 


 


 

Wireless – Why Do I Need Security?

Gaining access to a computer and the internet through someone else’s computer is a full time job for some of people and the determined hackers have sophisticated tools that will crack into an unsecured wireless computer or network in a very short time. The one thing that deters all of the above is security. Any type of deliberate access, can be avoided with good security. Unfortunately, many people have little or no security set up on their wireless PC or network. Setting up security can even prevent determined hackers from getting into your network, because they will often bypass a computer if they have to spend time breaking into it. There are so many insecure wireless PC’s that they don’t have to work to get access to, that if yours is secure there is much less likelihood of you becoming a victim.


First and most innocent, are the accidental connections to other wireless computers:


  • Your neighbours may end up connecting to your wireless computer because it is not secured, just by allowing Windows to search for other networks
  • A person tries to connect with their own wireless equipment and your signal is stronger than theirs, so they accidentally connect to the unsecured wireless PC with the stronger signal.

There are the kids who find it a challenge to see how many wireless computers they can get access to:


  • It is a game with them, but they sometimes leave unpleasant things behind that will cause you problems just to say they have been into your PC.

There are the bandwidth thieves who have variety of reasons, from unpleasant to criminal, for wanting to use your internet connection instead of their own:


  • Anyone who is losing their signal strength and is physically within your area can connect to your computer and use your bandwidth to connect to the Internet if you do not have your PC or network secured. These people usually do not do damage, steal anything or leave anything behind, they just wanted your internet connection to do what they needed to do.
  • As above there are people who drive around and connect to the unsecured wireless computer with the strongest signal, just to access the internet to read their email.
  • Another type may want to send email to an illicit friend, or visit porn sites without their mate knowing about it, or gamble on the internet, so they use your computer for their illicit activities. This may leave junk on your PC because these websites often download junk. Or it might get you in trouble with your mate if your mate finds the websites in the Internet history.
  • Some may want to send spam or trojans or viruses to a large number of people and if they used their own ISP they would quickly lose their Internet access and probably be charged.

There is the criminal element who want access to your Hard Drive to steal what they can find. They are usually looking for the following:


  • Financial information stored on your computer
  • Bank Account numbers and passwords
  • Family Pictures they can use for criminal purposes
  • Credit Card numbers
  • Medical or Legal records are worth a lot of money
  • Access to your company network through your computer to steal information.
  • Identity Theft: a very active criminal element who want to steal your Identity. This group can do you a lot of harm.

Ask yourself what you have to lose on your PC, that you would not like to share with your neighbour, someone driving by, or a hacker : contents of your hard drive, email, financial information, credit card numbers, bank passwords, family pictures, shared documents or even access to your companies network.


Continued: http://msmvps.com/blogs/dgosling/articles/Protection_For_Your_Wireless_Devices.aspx


 

Wireless – How To Protect Yourself

This security list assumes that your wireless network is already set up and needs to be secured. The types of encryption listed here also have several sub-types that you may be able to use depending on what type of network you are securing. I have listed only the basic types as they will work in most wireless home networks.


  1. Determine what kind of encryption and authentication that your wireless device(s), access point and software can use. If it is WEP only, then an upgrade of the firmware for your adapter, may allow you to use the much more secure WPA. WPA provides more security features for your network. If you can afford to replace all hardware, eg the access point, wireless network adapter, router or hub, with ones that will support the latest encryption standards, then doing so would be a wise choice.
    Use WPA with a pre-shared Keys, called WPA-PSK for the most secure encryption on a home network.
  2. Make sure if you can only use WEP  for security, that you choose 128 bit encryption rather than 40 bit encryption, both on your router and for your network card. This setting is chosen during setup of WEP. 
  3. Choose an alphanumeric (1-9,A-Z) or hexadecimal (1-9, A-F) string of at least 20 characters to use as your Network Key. Make sure it is not a familiar name that could be guessed such as “p@ssw0rd“.
  4. Make certain that your router has a long alphanumeric password that is different from the Network Key.
  5. Change your Network Key frequently if your WEP setup doesn’t do it automatically. Please remember all devices on your network must share the same Network Key so you will have to change the Key on every device on the network. WPA changes the Network Key automatically and frequently.
  6. Each network card whether wired or wireless will have a MAC address (physical address), which identifies the card. MAC address filtering can be used to limit the devices that can connect to your PC and/or your network. You can determine the MAC address of each device and enter them in the router’s settings. This will prevent any other MAC address from connecting to your network. However, hackers have tools to find and change the MAC addresses so they can log on to your network, so setting the MAC address filter is not 100% secure.
  7. Each wireless network adapter and router comes with a Network Name called an SSID. For example the LinkSys routers Network Name (SSID) is “LinkSys”. Always change these as the default names are well known. This provides a minimal increase in security unless you turn off broadcast of the name, because the SSID is included in the header of all data being exchanged by your network.
  8. Turn off DHCP in the Network settings, and assign an IP address range to every device on the network using the Private IP address ranges. Private IP rangers are 10.0.0.0 – 10.255.255.255;172.16.0.0 – 72.31.255.255; 192.168.0.0 – 192.168.255.255, then assign a specific IP address within the range you choose (or the router chooses), to each device on the network. When choosing an IP range make sure the range is limited to the number of devices in the network. For Example if you have 2 laptops, a desktop computer and a router, you might choose the range 192.168.0.0 to 192.168.0.4. In this way it leaves no open IP addresses for a hacker to use.
  9. Remove any unrecognized networks from the list of “Preferred Networks”
  10. Turn off the setting for “connect automatically to non-preferred networks”. This will prevent your PC from making automatic unwanted connections to any network or PC with a signal in your area.
  11. Change the name of the Administrator account to something else, if you are able. This is to prevent access to your computer using the built-in Administrator account that everyone has on their Windows PC.
  12. Change the default Administrator password to a long alphanumeric string, because the default passwords are well known by hackers.
  13. Disable remote access to your PC or network if you do not need it.
  14. Use Remote Desktop (if using XP sp2) to connect to a computer at home, when away.
  15. Disable Simple File Sharing in Folder Options > View Tab, unless you need it.
  16. Disable Microsoft File and Printer Sharing in the properties of the wireless Network connection if you don’t need it.
  17. Enable “Virtual Private Networking” in Windows for secure transactions and to connect to a business network. VPN acts like a tunnel for your communications, protecting them from anyone trying to eavesdrop. However, VPN does slow performance so you may not want to use it all the time.
  18. Always use secure websites that use SSL encryption for any private transactions
  19. Configure Outlook Express to use SSL security for all email both sending and receiving.
  20. If you use the Windows Firewall in XP sp2, make sure there is nothing checked on the ‘exceptions’ tab.
  21. Position your router or access point in the middle of your house away from windows. This will minimize the distance that you’re your devices have a strong signal outside of your home, and within your neighbourhood. A small adjustment that with all other settings can increase your security.
  22. If using a public network such as a library, be aware that the data you exchange with them is not encrypted so your security needs to be at it’s highest while connected to them.
  23. Sometimes when only WEP is available with your wireless network adapter, you will find that a wireless gaming adapter supports WPA and you can use it instead.
  24. Minimize the amount of important information you keep on a wireless laptop, such as banking account numbers, passwords or credit card numbers.
  25. Turn off the router when you are not using the wireless devices. Doing this will minimize the amount of time when anyone can get into your network when you are not using it.


Continued: http://msmvps.com/blogs/dgosling/articles/Bluetooth_Device_Security.aspx

Bluetooth Device Security

A bluetooth device operates on radio signals and supports both data and voice transmission. Examples of bluetooth devices are cell phones, wireless keyboards, wireless mice, remote controls for TV etc., PDA’s, mobile car phones, laptops and most other wireless devices that are available. The device must be Bluetooth enabled in the Control Panel or System Preferences, to be able to communicate with other bluetooth devices. The limitation of bluetooth devices is the minimal range of the signals for these devices to be in to allow connection. The range depends on the Class of device. Bluetooth comes in three classes:


1)Class 1 are used primarily in industrial applications has a range up to 300 feet
2) Class 2 has a range up to 30 feet, and
3) Class 3 has a range up to 3 feet. The Bluetooth devices you commonly use are most likely to be Class 2. Anyone connecting to a bluetooth device must be within the range that the class of device specifies.
Security Risks for Bluetooth Devices


To illustrate the risks I will be using a bluetooth enabled phone as an example. The same hackers that try to get into your computer network also make attempts to hijack your mobile car phone or cell phone. Once they have accessed your phone commands they can make phone calls, send and receive messages, listen to your phone conversations, learn all your contacts and addresses, and connect to the Internet, all without your knowledge. However, they must be located within 30 feet of your phone to do any of the above, unless they have special equipment. This applies to any bluetooth device that can be accessed, but a cell phone or mobile car phone are probably the most common.


How To Secure a Bluetooth Device


There are a few very simple things you can do to minimize your risk of anyone hijacking your phone or other wireless device:


  1. To allow connection of your bluetooth device with another, you must turn on Discoverability or Pairing mode, so that your device can find the other device. The easiest method of providing security is to only turn Discoverability mode (pairing mode) on when you are attempting to connect to(pair with) another device. As soon as the devices have paired (made a connection), turn Discoverability off. Only using this setting when you need it, reduces the amount of time that someone could pair with your device.
  2. A PIN number is an alphanumeric string that is associated with the devices, each time they connect with each other. The longer the string the more secure the connection. If possible and the device supports it, increase the length of the PIN to 8 or more alphanumeric characters. If the device does not support changing the PIN, the manufacturer of the device may have a software upgrade that will allow it to be changed. It is only needed while the devices are making a connection (pairing) to make a secure connection, but it must be shared with the devices you want to connect to, because without the PIN, pairing will not occur. During pairing, a hacker has the easiest access to your devices. Occasionally, the PIN is static because it was assigned by the manufacturer. In this case you would need to remember the PIN because it is not automatically changed with each pairing.
  3. Protect your PIN by pairing your devices in a private area. This reduces the chances of a hacker regenerating the PIN as it is exchanged between devices. A 4 digit PIN, can be discovered within hours, by a hacker with special equipment. An 8 character alphanumeric string could take years to discover. Pairing your devices in private to prevent the theft of your PIN over the air waves, is one of the ‘best practices’ of wireless security.
  4. Turn the Discoverability (Pairing) mode off when in unfamiliar areas. Anyone could be trying to find another wireless device to pair with, don’t let yours be one of them.
  5. Only pair (connect) with known devices. If you are asked to connect to (pair with) an unknown device and to enter your PIN code, it is best not to accept the invitation, enter the PIN code or connect to the unfamiliar device.
  6. For mobile car phones there is a software tool that is widely available, called Car Whisperer . It can remotely connect to the car phone and send audio to the speakers using any bluetooth enabled laptop with the software tool installed. This tool can pick up sound from the microphone attached to the car phone. However, this tool can only work under the following circumstances:
    • the car phone is in Pairing Mode
    • it uses a static 4 digit PIN number that doesn’t change
    • the car phone is not paired with any other device
    • the car phone is within 30 feet of the laptop (using special tools the distance between the devices can be increased significantly). 
  7. Some Bluetooth enabled phones have vulnerabilities that allow an unknown individual to attack your phone. There are 3 different types of vulnerabilities that your phone may be susceptible to:

  • “Bluejacking” allows a person to send you ‘Business Cards’ with dubious content. and is usually done for fun. The originating phone must be within 30 feet of you, therefore the sender can see the look on your face when you receive the message. Usually Bluejacking is not malicious and does not steal information. It usually occurs in public places but can occur only if your phone is in Pairing Mode.
  • “Bluebugging” occurs when a hacker takes control of your phone’s commands. They can then send and receive email, add to your phonebook, access the internet plus other unpleasant things, all without your knowledge. Your phone is only vulnerable when in pairing mode and within 30 feet of the hacker.
  • “Bluesnarfing” gains access to your phonebook, International Mobile Equipment Identity, your calendar and images associated with your phonebook This is more sophisticated than the others as it requires special equipment if the hacker is not located within 30 feet and a device running special software. It becomes much more difficult for a hacker to use this method if your phone is in Non-Pairing Mode.

**The manufacturers of many phones have software patches available to close the holes that allow Bluebugging and Bluesnarfing. Check with your phone’s manufacturer to see if there is a software update available and keep your phone up-to-date.**


Bluetooth enabled devices are not limited to phones, remember that any wireless device including your wireless keyboard, wireless mouse and wireless printer also must pair with other devices to work.