Security Issues
There’s been a couple of security “issues” lately.
As many of my regular readers know, security is near and dear to my heart. In the past couple of weeks, there have been several computer security notes that have come up in the news. First, there was the Big Browser Bug. Basically, if you haven’t read about this yet, it’s based on a “feature” called IDN (International Domain Name) which allows people to use special characters in non-English languages to resolve domain names. Well, phishers can use this to disguise their domain name even more to lure unsuspecting suckers into giving up their information. Bad news. Worse news is that this is mainly a problem for non-Internet Explorer browsers, like Firefox and Mozilla. So, what to do? Well, in Mozilla, type “about:config” into the URL bar and set “network.enableIDN” to false. Simple. Of course, it disables an interesting feature, but better safe than sorry.
Second, there is the “evil twin” wireless router problem. In a nutshell, a cracker finds an office or apartment near an unsecured wi-fi router. (Which isn’t that hard. I’ve been squawking about how insecure wireless is for years. I think it even contributed to my job change at that-damn-boat-place.) Then, the naughty person sets up a router that mimics the unsecured one and forwards all the traffic on to the “real” router. Of course, before it does that, the “evil twin” router logs all the info. In a way, it’s just a more aggressive and sneaky way of phishing. The end result is the same. All your personal data ends up in the hands of a crook. That’s one of the reasons I ran Cat 5 in my house instead of going wireless.
Now, for a more positive story, the Register is running a bit about how computer forensics have cleared teachers and students of illicit porn collecting accusations. Apparently, a folder of pornographic images was found on a school computer and was seemingly updated during regular class time. The school brought in an independant consultant who was able to show that it was, in fact, a piece of spyware that was doing the downloading and updating. So, sometimes, we geeks can come in handy, eh?
You know, in today’s world of crackers, hackers, phishers, virus-writers and disgruntled employees, we just can’t be too concerned about security. It’s a very, very big deal. Every single person in IT is responsible, to a greater or lesser degree, for some aspect of computer security in their business. Even the Receptionist has to be thinking about security these days. After all, if I can get physical access to a machine, I’ve just beaten a majority of the normal security measures most companies put into place. It’s something every one of us need to think about every day, both at home and at work.
Is this evil twin activity any more dangerouse than sniffing all traffic available in promiscuouse mode ?
cj
Comment by im822 — 2/8/2005 @ 10:42 am
Possibly. It also looked like the “evil twin” could spoof being on the attacked network. That would make it a LOT more dangerous.
Comment by Network Geek — 2/8/2005 @ 11:23 am