Diary of a Network Geek

The trials and tribulations of a Certified Novell Engineer who's been stranded in Houston, Texas.

2/8/2005

Security Issues

Filed under: Deep Thoughts,Geek Work,News and Current Events,Personal,The Network Geek at Home — Posted by the Network Geek during the Hour of the Hare which is in the early morning or 7:37 am for you boring, normal people.
The moon is Waning Gibbous

There’s been a couple of security “issues” lately.
As many of my regular readers know, security is near and dear to my heart. In the past couple of weeks, there have been several computer security notes that have come up in the news. First, there was the Big Browser Bug. Basically, if you haven’t read about this yet, it’s based on a “feature” called IDN (International Domain Name) which allows people to use special characters in non-English languages to resolve domain names. Well, phishers can use this to disguise their domain name even more to lure unsuspecting suckers into giving up their information. Bad news. Worse news is that this is mainly a problem for non-Internet Explorer browsers, like Firefox and Mozilla. So, what to do? Well, in Mozilla, type “about:config” into the URL bar and set “network.enableIDN” to false. Simple. Of course, it disables an interesting feature, but better safe than sorry.
Second, there is the “evil twin” wireless router problem. In a nutshell, a cracker finds an office or apartment near an unsecured wi-fi router. (Which isn’t that hard. I’ve been squawking about how insecure wireless is for years. I think it even contributed to my job change at that-damn-boat-place.) Then, the naughty person sets up a router that mimics the unsecured one and forwards all the traffic on to the “real” router. Of course, before it does that, the “evil twin” router logs all the info. In a way, it’s just a more aggressive and sneaky way of phishing. The end result is the same. All your personal data ends up in the hands of a crook. That’s one of the reasons I ran Cat 5 in my house instead of going wireless.

Now, for a more positive story, the Register is running a bit about how computer forensics have cleared teachers and students of illicit porn collecting accusations. Apparently, a folder of pornographic images was found on a school computer and was seemingly updated during regular class time. The school brought in an independant consultant who was able to show that it was, in fact, a piece of spyware that was doing the downloading and updating. So, sometimes, we geeks can come in handy, eh?

You know, in today’s world of crackers, hackers, phishers, virus-writers and disgruntled employees, we just can’t be too concerned about security. It’s a very, very big deal. Every single person in IT is responsible, to a greater or lesser degree, for some aspect of computer security in their business. Even the Receptionist has to be thinking about security these days. After all, if I can get physical access to a machine, I’ve just beaten a majority of the normal security measures most companies put into place. It’s something every one of us need to think about every day, both at home and at work.

2 Comments

  1. Is this evil twin activity any more dangerouse than sniffing all traffic available in promiscuouse mode ?

    cj

    Comment by im822 — 2/8/2005 @ 10:42 am

  2. Possibly. It also looked like the “evil twin” could spoof being on the attacked network. That would make it a LOT more dangerous.

    Comment by Network Geek — 2/8/2005 @ 11:23 am

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.


Powered by WordPress
Any links to sites selling any reviewed item, including but not limited to Amazon, may be affiliate links which will pay me some tiny bit of money if used to purchase the item, but this site does no paid reviews and all opinions are my own.