This is probably an obvious development, but it is a bit disturbing. It appears that the Google vans doing the street view in Germany are also collecting wifi information including SSID and MAC Addresses. The SSID is the name you are giving your WIFI system. That is moderately disturbing. The MAC address is a lot more disturbing. The MAC address is a unique address given to a network interface (i.e. a cable or wifi interface).
What this means is that there will now be a database that will cross reference MAC addresses to a current physical location. It will also mean that, if the information were made public by Google, hackers will be able to easily find wireless access points. If the information includes the security status, then they can seek out unsecured Wifi points. This is a danger in that hackers can use unsecured wifi for illegal activities such as: distributing illegal porn, hacking, ecommerce theft and sending spam.
What you can do
1. Make sure that your wifi system has the best encryption available to your equipment. WEP is an older and less secure encryption. There are various versions of WPA that provide increasing levels of security.
2. Consider setting your wifi system to only allow connections to devices with an allowed MAC address. This is a bit more complicated in that you need to list the MAC addresses that are allowed to access your Wifi. If you have visitors you will need to add the MAC addresses of their equipment to allow access.
3. Most wifi systems are in a broadcast mode where it will broadcast the SSID or identifier of your wifi. This can be turned off which will probably prevent being cataloged. Once again, this increases the complexity of your wifi network.
Keep in mind that wifi access is hackable. A hacker can use a sniffer to grab and analyze the traffic. Eventually they will be able to access your wifi network.
The original article in The Register is here
Sunday, April 25, 2010
Saturday, April 24, 2010
Sitemaps for Joomla sites
We are in the process of converting our sites from Frontpage to Joomla. We add sitemaps in google and yahoo for our sites. Finding a decent low cost or free sitemap generator has always been a bit of a problem.
I searched the Joomla extensions for 'sitemap' and found more than a few that looked promising. The first extension I tried seemed to be a bit too complex as far as configuration. I tried the XMAP sitemap extension. That worked great. After installing it in Joomla, I had a sitemap for Google and Yahoo in a matter of minutes.
We will need to fine tune things a bit but, for now, this seems to be an excellent solution.
You can find the XMap extension here
I searched the Joomla extensions for 'sitemap' and found more than a few that looked promising. The first extension I tried seemed to be a bit too complex as far as configuration. I tried the XMAP sitemap extension. That worked great. After installing it in Joomla, I had a sitemap for Google and Yahoo in a matter of minutes.
We will need to fine tune things a bit but, for now, this seems to be an excellent solution.
You can find the XMap extension here
Monday, April 19, 2010
Lower Merion Spy Cameras snapped 56000 pics of students
56,000
Fifty Six Thousand
That is how many pictures the Lower Merion School District snapped of students (A couple of weeks ago, they were only claiming '400 or so')... That is the trouble with our educational system, the people running it have math skills so lacking they thing that 56000 = 400.
There is a Fox News article about this.
A Philly.com article seems to show that the administration was aware of the situation and referred to it as "A Lower Merion School District Soap Opera". It's nice to know that when people send their kids to a government run school, they are respected as well as their privacy.
From the Philly.com article
Back at district offices, the Robbins motion says, employees with access to the images marveled at the tracking software. It was like a window into "a little LMSD soap opera," a staffer is quoted as saying in an e-mail to Carol Cafiero, the administrator running the program.
"I know, I love it," she is quoted as having replied.
Well, THAT should be a little disturbing. I would suggest that parents throughout the country check with their local school districts to determine exactly what policies are in place regarding privacy.
Oops - Google password system might be hacked
There is a Washington Times article about hackers compromising the Google password system. Apparently hackers, possibly from China, gained access to the code for Google's password system. Google has reacted to this and is taking steps to increase security.
Since the hackers got access to the source code there is a possibility that they can exploit the system even in spite of any additional precautions by Google.
Many people use Google for their business:
Since the hackers got access to the source code there is a possibility that they can exploit the system even in spite of any additional precautions by Google.
Many people use Google for their business:
- Google Mail can contain sensitive information such as passwords, credit card information and business plans
- Google adwords accounts might be compromised where hackers can load their advertising on your sites
- Many companies have sensitive information in Google Docs. Your company's sensitive information could fall into hostile hands.
- A merchant's google shopping cart could be compromised leading to stolen information and goods.
- Users of Google Calendar might find their schedules falling into the wrong hands.
In short, there is a possibility that your account could be compromised. The impact of this includes wholesale identity theft.
What can you do?
- Given the nature of the attack, I'm not sure that changing passwords would protect you. There is also the chance that the password changing system could be compromised.
- You should keep a close watch on all of your Google related accounts for any evidence of tampering.
- It might be a good idea to go through your Gmail and Google Docs and clean out any sensitive information.
Friday, April 16, 2010
Lower Merion School spy cameras
If you haven't heard about this, it should send some shivers down the old spine. What happened was that the Lower Merion School district purchased laptops for students. They also purchased software that was supposedly to be used to retrieve lost or stolen laptops by turning the computer's camera on.
The allegations against the Lower Merion School district is that they had turned the webcams on and recorded pictures of students. Recent information has come out that thousands of photographs of children were taken. This Philly Com Article has more details.
This needs to be thoroughly investigated and addressed. It is disturbing on many levels:
The allegations against the Lower Merion School district is that they had turned the webcams on and recorded pictures of students. Recent information has come out that thousands of photographs of children were taken. This Philly Com Article has more details.
This needs to be thoroughly investigated and addressed. It is disturbing on many levels:
- Unauthorized surveillance
- The audacity of those willing to authorize such a program
- The fact that minors were under surveillance
- The fact that innocent family members were also photographed.
I think that people throughout the country should ask their school boards if any such spying is occurring.
Wednesday, April 14, 2010
Windows Password Recovery by Pogostick
One of our clients got locked out of their Windows 2000 system. They somehow forgot the password.
The password recovery bootdisk from Pogostick is a great tool for these situations. As with any powerful tool, there are are some risks. Also, if the user opted for encrypting their files, you will not be able to recover them with this tool.
However, if you are simply trying to restore access and the files are unecrypted, this tool is worth a try. You first download the ISO file and then burn a bootable CD from that.
Some systems will require that you change the boot options to allow booting from a CD. Once you boot, then you will be in a linux/unix environment. In most cases, you can simply choose the default options.
We simply cleared the password for the Administrator account and saved the changes. Once we did that and rebooted, we were able to access the Adminisrator account. From there, changing the password for the user's account was simply a matter of going into the control panel.
You can find the pogostick password recovery boot CD at
http://pogostick.net/~pnh/ntpasswd/bootdisk.html
Keep in mind the other side of this. This is a fantastic tool for gaining legitimate access to systems. It can also be used for illigitimate access. Part of your security plan should involve controlling physical access to your systems.
The password recovery bootdisk from Pogostick is a great tool for these situations. As with any powerful tool, there are are some risks. Also, if the user opted for encrypting their files, you will not be able to recover them with this tool.
However, if you are simply trying to restore access and the files are unecrypted, this tool is worth a try. You first download the ISO file and then burn a bootable CD from that.
Some systems will require that you change the boot options to allow booting from a CD. Once you boot, then you will be in a linux/unix environment. In most cases, you can simply choose the default options.
We simply cleared the password for the Administrator account and saved the changes. Once we did that and rebooted, we were able to access the Adminisrator account. From there, changing the password for the user's account was simply a matter of going into the control panel.
You can find the pogostick password recovery boot CD at
http://pogostick.net/~pnh/ntpasswd/bootdisk.html
Keep in mind the other side of this. This is a fantastic tool for gaining legitimate access to systems. It can also be used for illigitimate access. Part of your security plan should involve controlling physical access to your systems.
Thursday, April 08, 2010
Continuing issues with Norton 360
I am still unable to use the backup features of Norton 360 Premier.
I contacted Norton's online support. It took over 20 minutes to get a tech on chat. I agreed to allow the tech to take control but asked that he not close any windows as I was in the middle of a lot of work. Well the first thing he did was to start closing windows.
The reason I called was because I was unable to delete an online backup. I had previously tried to delete the file and let the machine run all night. The file was never deleted.
I contacted Norton's online support. It took over 20 minutes to get a tech on chat. I agreed to allow the tech to take control but asked that he not close any windows as I was in the middle of a lot of work. Well the first thing he did was to start closing windows.
The reason I called was because I was unable to delete an online backup. I had previously tried to delete the file and let the machine run all night. The file was never deleted.
Wednesday, April 07, 2010
More ranting about the Norton 360 Support
I have a couple of questions as to exactly how the backup works on Norton 360. I've looked at the documentation but the answers aren't clear. I have the premier edition which gives me about 25 GB of storage.
Some things are not clear. For example, how does the automatic backup actually work? It appears to be an idle time scan. However, it isn't clear if it needs to do an entire backup or if it can transfer files as they are modified.
It seems that, before you can get anywhere near specific support, you need to go through an automated check and then a number of other hoops.
I finally was able to get to a chat window
Some things are not clear. For example, how does the automatic backup actually work? It appears to be an idle time scan. However, it isn't clear if it needs to do an entire backup or if it can transfer files as they are modified.
It seems that, before you can get anywhere near specific support, you need to go through an automated check and then a number of other hoops.
I finally was able to get to a chat window
Backing up Blogger Blogs
I hadn't paid much attention to the details of my blogs for a while. One thing that was bothering me was that I had not backed them up. Some of the blogs were via FTP and others were hosted at blogger. (NOTE - Blogger is ending FTP support as of May 1 2010)
When I previously backed up my blogs, there was no option available on blogger for backups. I had to download a third party application. Today Google has made backing up your blogs a mind numbingly simple task for the text portions. Backing up the images is another story. We will be looking into that and will post when we've worked out the details.
When I previously backed up my blogs, there was no option available on blogger for backups. I had to download a third party application. Today Google has made backing up your blogs a mind numbingly simple task for the text portions. Backing up the images is another story. We will be looking into that and will post when we've worked out the details.
Tuesday, April 06, 2010
Joomlaatwork Free SEF patch problem solved
I was downloading the Joomlaatwork free SEF patch for Joomla 1.5.15 stable. The Windows extract was telling me that the archive was empty. Joomlaatwork's admin on their support forum suggested using 7zip or Winrar.
I downloaded Winrar and it extracted something called patch_1515_stable. This was not the usual folder and file structure I saw with previous versions of the patch. I looked at the file size and it was only slightly smaller than the original zip that I downloaded.
I renamed patch_1515_stable to patch_1515_stable.zip and then ran a windows extract against that. The folder structure I expected ot see was there.
What I suspect happened was that the downloadable zips were somehow created with a zip of a zip instead of a zip of the file structure.
By the way, the Joomlaatwork free SEF patch is well worth the effort if you are working with Joomla 1.5.x. They also offer a paid version that offers more options and features. It appears that the free SEF patch will be incorporated in Joomla 1.6 when that is released.
I downloaded Winrar and it extracted something called patch_1515_stable. This was not the usual folder and file structure I saw with previous versions of the patch. I looked at the file size and it was only slightly smaller than the original zip that I downloaded.
I renamed patch_1515_stable to patch_1515_stable.zip and then ran a windows extract against that. The folder structure I expected ot see was there.
What I suspect happened was that the downloadable zips were somehow created with a zip of a zip instead of a zip of the file structure.
By the way, the Joomlaatwork free SEF patch is well worth the effort if you are working with Joomla 1.5.x. They also offer a paid version that offers more options and features. It appears that the free SEF patch will be incorporated in Joomla 1.6 when that is released.
Subscribe to:
Posts (Atom)