In This Issue:
- Password Security
- Need a Firewall?
- IE5 Security Bug
- Area Code Overlays
- FCC Sends Dirty Joke
- SETI@home
Virus News
After a busy April, May has been fairly normal. The same old viruses continue to be reported by those without protection and the old argument about the proper plural of the word virus (it’s “viruses”) has once again raised its head; proving that nothing much is happening.
General Security
Password Security. If you are like most of us you routinely check the “save password” box when it shows up in a wide variety of programs and utilities running under Microsoft’s Windows. This saves you the trouble of retyping it the next time and, after all, Microsoft encrypts it for you and just shows a line of asterisks in its place. You may be interested in knowing that Microsoft’s system is not particularly secure. The problem is that if the logged in user asks for a password Windows will respond.
This has spawned a number of utilities (with more on the way) to either further secure passwords on the system or recover them for you. One interesting free utility to recover passwords for you can be found at:
[Link 404]
You just get to the password dialog box, start the utility, press a mouse button and then drag the cursor over the line of asterisks. Instantly, another windows opens with the actual password in it. It doesn’t work in the NT User Manager password box, but does work for most others under Windows.
I pass this on to illustrate the quirks in the system’s password saving security and because if you are like me you just may actually need it to recover a forgotten password some day. 🙂
Need a Firewall? How do you know when you really should have a firewall? Strongly consider one if any of the following conditions apply [Note: Today, with broadband connections everyone should have some form of firewall in place!]:
- You are on a network connected to the internet. Most any time of the day or night you can find folks trolling the internet just looking for computers they can break into and explore. With dial-in connections and dynamic IP address assignment (what virtually all dial-in ISPs use) you are fairly safe since your IP address changes each time you log in, but once you get a fixed IP address you are much more vulnerable. As ADSL and cable spreads as a connection medium for individuals, having an individual firewall is going to become a consideration as well. Plan for it.
- You save important information on-line. If you have important data accessible over a public network without a firewall you are just asking for trouble. Somebody, some day will gain access and could potentially give you serious problems.
- You sell something over the web. In line with the item above, customer information is very important and should not be made available to anyone who should not have access to it.
- Your web site is becoming popular. A popular web site is far more vulnerable to crackers finding it than an obscure web site. Crackers, after all, only have so much time in a day to “work” and they tend to go after popular sites for the glory.
IE5 Security Bug. If you share your computer with others and access secure pages with a logon/password, those that follow you could access those same pages without knowing your logon/password. Basically, this is caused by pages being stored in a cache on the computer. If a snoop follows you all they have to do is access the protected page, press “cancel” and then the “back” and “forward” buttons. The snoop now has access (so long as the website uses UNIX and the .htaccess file for password protection).
Microsoft will eventually have a fix for this; until they do if you share computers you might consider clearing the internet cache before leaving the machine.
Area Code Overlays. It’s becoming standard practice in high-density areas now to start to put two different telephone area codes into the same area. This practice is called an overlay and requires all users in an overlaid area to dial eleven digits for any call, even if it’s to the neighbor next door with the same area code. While a pain for users this has become a serious problem for automatic apartment security systems. Most of those systems work by asking visitors to punch in a code (usually four digits). The system then checks the code and uses a dialer to call the affected resident and connect them to the person at the gate. These systems can also be used to control access to the building. When designed many of these systems never anticipated the need to dial more than seven digits to get a phone in the same building they were installed into. The overlay system proved this assumption wrong and apartment owners are having to scramble to replace dialer cards or, in the case of older systems, the entire system.
If you have or anticipate buying any sort of automatic dialing system be certain to consider the possibility that it will have to handle more than seven digits at some time in the future.
Items of Interest
FCC Sends Dirty Joke. Nobody is immune to glitches; not even the Federal Communications Commission. The agency which doesn’t allow obscene and indecent language on the public airwaves managed to send out a dirty joke to its Daily Digest Mailing List. The list summarizes FCC activities but it recently also included a note about nuns confessing past sexual exploits before entering heaven. An apology to the list quickly followed.
Ironically, the FCC does not police the internet and so can’t really slap its own hand.
But, this accident actually points up some workplace problems. Dirty jokes and other inappropriate uses of networks are becoming more common on networks around the world.
It’s not a bad idea to review your network use policies with this in mind.
SETI@home. If you have not signed up, consider joining those of us searching for extraterrestrial signals. It’s not as kooky as it sounds. SETI@home is a project of the University of Berkeley, the Planetary Society and others. Take a look at:
http://setiathome.ssl.berkeley.edu/
for a complete description of the project. Basically, when you sign up you are provided with a screen saver and background application. The application accepts data from the Berkeley site and then processes it in the background. The processing looks for non-random data. The application can run at all times or just when the screen saver is active; your choice. After a few days, when a block of data has been analyzed, you will be alerted and can reconnect to send the results and obtain a new block of data.
This is a true “internet” application in that millions of computers can be working in parallel to analyze data that would tax even a dedicated supercomputer (assuming you could find one not otherwise occupied with “more important” tasks).
Give it a try; if nothing else it’s kind of fun to watch the Fast Fourier Transform do its thing on the screen. 🙂
In closing: Happy summer to all. There may not be a June issue of the newsletter (or it may be highly abbreviated). June is going to be a very busy month here and my internet access may be limited.