Posts Tagged ‘fire’

What’s old is new again

Yes­ter­day, Mic­ro­soft put out an advi­sory to a secu­rity vul­ne­ra­bi­lity spe­ci­fic to the Win­dows Vista, Win­dows Ser­ver 2008 SP2, and Win­dows 7 RC ope­ra­ting sys­tems.  No other Win­dows ope­ra­ting sys­tems, inc­lu­ding Win­dows 7 RTM are impacted.

Holy cow, once again the older sys­tems (you go XP) are more secure then the new sys­tems.  Why is that you say?  Well this exploit was first found a decade ago.  Yes, you did read that correct, in 1999 this was dis­co­ve­red and patched for the ope­ra­ting sys­tems at the time.  Yet no one thought to put that into the: Newest, Most Secure, Latest and Grea­test ope­ra­ting systems.

So what is this vulnerability?

Accor­ding to Microsoft:

What might an attac­ker use this vul­ne­ra­bi­lity to do?
An attac­ker who suc­cess­fully exploi­ted this vul­ne­ra­bi­lity could take com­plete con­trol of an affec­ted sys­tem. Most attempts to exploit this vul­ne­ra­bi­lity will cause an affec­ted sys­tem to stop res­pon­ding and restart.

I like the last four words, “stop res­pon­ding and res­tart”.  We had an acronym for that back in the day.  BSOD.  But out of all of this, the thing that bothers me the most is Microsoft’s response:

Mic­ro­soft is con­cer­ned that this new report of a vul­ne­ra­bi­lity was not res­pon­sibly disc­lo­sed, poten­tially put­ting com­pu­ter users at risk. We con­ti­nue to encou­rage res­pon­si­ble disc­lo­sure of vul­ne­ra­bi­li­ties. We believe the com­monly accep­ted prac­tice of repor­ting vul­ne­ra­bi­li­ties directly to a ven­dor ser­ves everyone’s best inte­rests. This prac­tice helps to ensure that cus­to­mers receive com­prehen­sive, high-quality upda­tes for secu­rity vul­ne­ra­bi­li­ties without expo­sure to mali­cious attac­kers while the update is being developed.

Mic­ro­soft is con­cer­ned that this new report of a vul­ne­ra­bi­lity was not res­pon­sibly disc­lo­sed? Excuse me what?  It’s not new, it was disc­lo­sed pro­perly the first time.  Why do others become res­pon­si­ble for your oversight?

With that said Mic­ro­soft has issued two do it your­self reso­lu­tions until they can get a patch pushed.

The first is to Disa­ble SMB2 in the registry:

Impact of wor­ka­round. Host will not be able to com­mu­ni­cate using SMB2.

1. Click Start, click Run, type Rege­dit in the Open box, and then click OK.
2. Locate and then click the follo­wing registry sub­key:
   HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
3. Click Lan­man­Ser­ver.
4. Click Para­me­ters.
5. Right-click to add a new DWORD (32 bit) Value.
6. Enter smb2 in the Name data field, and change the Value data field to 0.
7. Exit.
8. Res­tart the “Ser­ver” ser­vice by per­for­ming one of the following:
   • Open up the com­pu­ter mana­ge­ment MMC, navi­gate to Ser­vi­ces and Appli­ca­tions, click Ser­vi­ces, right-click the Ser­ver ser­vice name and click Res­tart. Ans­wer Yes in the pop-up menu.
   • From a com­mand prompt and with admi­nis­tra­tor pri­vi­le­ges, type net stop ser­ver and then net start ser­ver.

The second is to Block TCP ports 139 and 445 at the firewall:

Impact of Wor­ka­round: Seve­ral Win­dows ser­vi­ces use the affec­ted ports. Bloc­king con­nec­ti­vity to the ports may cause various appli­ca­tions or ser­vi­ces to not func­tion. Some of the appli­ca­tions or ser­vi­ces that could be impac­ted are lis­ted below:

• Appli­ca­tions that use SMB (CIFS)
• Appli­ca­tions that use mails­lots or named pipes (RPC over SMB)
• Ser­ver (File and Print Sharing)
• Group Policy
• Net Logon
• Dis­tri­bu­ted File Sys­tem (DFS)
• Ter­mi­nal Ser­ver Licensing
• Print Spoo­ler
• Com­pu­ter Browser
• Remote Pro­ce­dure Call Locator
• Fax Ser­vice
• Inde­xing Service
• Per­for­mance Logs and Alerts
• Sys­tems Mana­ge­ment Server
• License Log­ging Service

Per­so­nally, I would block those on your inter­net facing fire­wall of you broad­band router.

Things Learned from the Internet

• You want it, you can find it online.
• If you don’t want it, you can also find it online.
• It might take a while.
• Some­ti­mes the hunt is half the fun.
• Ever­yone has a web­site. Grand­fathers, mothers and babies. Everyone.
• At some point, Goo­gle became a verb.
• The dif­fe­rence bet­ween web sur­fing with Fire­fox and IE is the dif­fe­rence bet­ween body armor and a trendy cot­ton vest.
• If it sounds too good to be true, it pro­bably is.
• The Inter­net is the geeks play­ground. Here, we rule.
• Not that you would ever need to know the die­tary habits of the South Ame­ri­can antea­ter, but it’s com­for­ting to know you could find it online if you did.
• When in doubt, Wikipedia.
• Anyone who uses the term ‘Inter­web’ has never been online.
• Explai­ning the Inter­net to someone who’s never been online, is like explai­ning the Magna Carta to your cat.
• Almost everything of subs­tance can be sum­med up with a “DUDE! Check this out!’ and a hyperlink.
• Be safe. Be cynical.
• Some else already said it first. But that doesn’t mean it won’t be said again, and again…
• The Inter­net IS redundancy.
• There is no such thing as ‘suf­fi­cient bandwidth’.
• There’s always something new.
• You can never go back once you’ve tried it.

Flip 3D your Firefox Tabs

Loo­king at all the evi­dence pre­sen­ted to me, Fire­fox is making major stri­des in brow­ser pre­fe­rence among web sur­fers.  I know it is my brow­ser of choice.

One of my favo­rite things are the addons.  Some I like, other’s not so much.  I found an addon that has been out for a while by the name of Fox­Tab.  I have got­ten used to the Flip 3d from Vista and abso­lu­tely rely on it.  I like the way you can flip through the screenshots and select the exact win­dow you wan­ted.  Fox­Tab now gives me that feel with Fire­fox tabs.

Like most users, I tend to have 5–10 tabs ope­ned at the mini­mum at any one time.  With a RightC­lick and roll of the wheel, you have a cus­to­mi­za­ble 3d Inter­face.  From chan­ging the color screen, to how many tiles, the layout.  Anything to make it easier for you.

To me, this is one of those Addons you just say, “Thank You Lord”.  With 5 stars and 610 great reviews, it seems like many peo­ple think that.  Fire­fox users, do your­sel­ves a favor and give it a try.

New Computer Security Mistakes

I wan­ted to pass on what I see as some of the top com­pu­ter secu­rity mis­ta­kes that most casual com­pu­ters users make when first set­ting up a new computer:

1. Set­ting an non pro­tec­ted newly ima­ged com­pu­ter on the inter­net.  Before ins­ta­lling any com­pu­ter on the inter­net, you will want to ins­tall at least an anti­vi­rus and make sure that the built in fire­wall for Win­dows is ope­ned.  I per­so­nally have a DVD with a lot of first ins­tall appli­ca­tions on it.  This inc­lu­des Comodo Anti­vi­rus, Comodo Fire­wall, Win­dows XP Ser­vice Pack 3 (Net­work Admin Ins­ta­ller), and Vista Ser­vice Pack 2 (Net­work Admin Ins­ta­ller).  As well as a few other odds and ends.  I run these ins­talls before I ever con­nect my machine to the wire­less net­work.  I know the virus defi­ni­tion files for the Anti­vi­rus will be out­da­ted, but that is correc­ted shortly.
2. Not run­ning upda­tes as soon as online. After ins­ta­lling all the appli­ca­tions men­tio­ned above, I get my sys­tem on the net­work and run upda­tes on my anti­vi­rus soft­ware and then run­ning the Win­dows Update.  This is a very impor­tant step.  Just because an anti­vi­rus is ins­ta­lled or the latest Ser­vice Pack applied, it does not mean you are pro­tec­ted.  With more and more vul­ne­ra­bi­li­ties and viru­ses being relea­sed daily, it is a never ending battle to keep your­self pro­tec­ted.  Not only should you worry about the secu­rity soft­ware, but any appli­ca­tion you ins­tall, please run all the updates.
3. Set­ting your pri­mary login ID as an admi­nis­tra­tor.  I know this one is hard, but it has been brought to my atten­tion, and right­fully so, it is not recom­men­ded.  An admi­nis­tra­tor account has unli­mi­ted rights and power on a com­pu­ter.  You can create a sepa­rate user and make is a power user.  For the Admi­nis­tra­tor account, you should rename it from Admi­nis­tra­tor and put a secure pass­word on it.  Also, disa­ble the guest account on your sys­tem for safety measures.

1. Pass­word, Pass­word, Pass­word, and did I men­tion pass­word?  I know this is your home com­pu­ter and you won­der who would get into it.  Well, since the com­pu­ter has become so inte­gra­ted in our lives, we store everything on there.  From bank infor­ma­tion, impor­tant docu­ments, Tax infor­ma­tion, fami­lies infor­ma­tion, on and on.  If your com­pu­ter gets sto­len, someone else now has all of that infor­ma­tion.  If you do not have a secure pass­word (see ear­lier pos­ting) then it’s easy for them to get in.
2. Disk Encryp­tion.This is a topic I will dis­cuss more in depth in the next few days.  There are many free drive encryp­tion appli­ca­tions avai­la­ble that are very very good.  The rea­son for this encryp­tion is so that if someone comes in and just grabs your drive out of your com­pu­ter (less then 3 minu­tes for the most part) your data is secu­red.  See item 4.
3. Wire­less Net­work Secu­rity. Again another topic I will get into later, but for the most part I can sum it up quickly.  If you get a brand new wire­less rou­ter, the defaults are the same.  The same IP address, the same root pass­word, the same SSID (Net­work name).  With this infor­ma­tion anyone in your area can get into your net­work.  There are some things you can do to pro­tect your­self and I plan on dis­cus­sing it later, inc­lu­ding what some recom­men­ded set­tings are.  So please check back.

I hope that you found this use­ful infor­ma­tion.  Ques­tions, com­ments and feed­back is always welcome.