Friday, October 24, 2008

Comments on the news, this one's NOT overblown 

Run Windows Update.

Microsoft released a "Critical" security patch to fix a problem in which any computer running Windows file sharing can be completely taken over with no action on your part.

It's less of a worry if you're running Vista, and normal firewalling will stop the attack. But it's still a big concern.

When the news broke, I advised clients that before long there would be automated attack programs that unskilled attackers could use, and that attackers would use the new attack to spread infections after getting a toehold by other means.

Both have already happened. There's already a self-reproducing "worm" program taking advantage of the security weakness. It's being introduced behind people's firewalls by the usual sort of trickery, but then once it's on one machine it copies itself to the others on the network.

It's a little more complicated than that, but now you have the gist.

If you use a laptop on the road, make sure you've got a firewall program running on it and that it's set to block Windows file sharing, or turn off file sharing altogether in the Control Panel.

|

Comments on the news: this is overblown 

The headlines said that wireless networking security is now a thing of the past, due to a clever company finding a way to program graphics cards to crack security codes.

In a word, no.

What they did was speed up existing password-guessing attacks on one flavor of Wi-Fi security, by a factor of 25-100. If you've chosen a good password in the first place, it's not going to be so close to guessable that it matters if someone can guess 25 times faster.

And you can really go to town picking a hard password for your Wi-Fi setup, because you only have to type it in when you're installing things. You can use something long and obscure. You can make it up to 63 characters long!

I recommend a passphrase, something with multiple words instead of an incomprehensible set of letters and numbers. Visit http://www.diceware.com for a system that lets you roll dice to pick short words from a big list. As long as you've chosen them randomly, a passphrase with as few as four words will defy any feasible attack.

|

This page is powered by Blogger. Isn't yours?