Security

Man, The WiFi and Bluetooth Space Is Getting Crowded Around Here
9 May 2007 in Root & Security | Comments (0)

Looks like the 2.4 GHz spectrum is getting crowded around my apartment these days. Way back, ’bout 2 years ago, when I moved to my current apartment, I was the only one using WiFi in the building. Well, except for someone in a neighboring house who also had WiFi, but I only saw that access point near the windows.

Today, when I tried to use my Bluetooth Plantronics stereo headphones to listen to some music in the kitchen but it turned out to be more difficult than previously. All was well for a few seconds and then…. silence… I quickly checked that the headphone and transmitter were connected and the power on — and yes, they were on and the music was still playing.

The music came back for a second, silence, some music for a bit more than a second, silence… and some music now until the track changed and more eerie silence. Aaand finally the music came back on.

This is probably what it sounds like when the headphone and transmitter try to find a less congested channel to broadcast on. I had thought there were quite few WiFi access points that could interfere with my Bluetooth headphones, but boy was I wrong! :) Using my Pocket PC and a program called WiFi Graph I checked out the number of APs it could find in my vicinity. The sum: 7 (including my own). So, all of my neighbors seem to have now! :D

Funny and scary bit was that 4 of those APs used the same WiFi channel number 6, and two of them had their manufacturer’s name, Zyxel, as the SSID. I’m afraid that those who didn’t change their SSID didn’t fix the password from the factory default either. :( Even more worrying is that only I and another WiFi user have enabled some sort of WiFi encryption (WPA or WEP), the others don’t seem to have any encryption in effect (unless they are using IPSEC or VPN, which I doubt they are using).

It is somewhat unfortunate that Bluetooth has to share frequencies with WiFi on the 2.4 GHz band, but what can you do when there is nothing left really for them to use? Plus, me being a sort of “bitten by the Bluetooth”-fanatic it probably doesn’t help that I have a good number of Bluetooth devices in good daily use: my computer, phone, Pocket PC, keyboard and mouse. (Sure, I have a bit more Bluetooth devices here also, but they are not always on. ;) )

I wonder how long before the 2.4 GHz band will be over-crowded in apartment buildings by all of the super-converged-devices. Five years, perhaps?

Certificate for University of Vaasa’s E-Mail Server
11 April 2007 in How-To & Phones & Root & Security | Comments (0)

If you, like me, have a Nokia phone (or any other phone or mail program for that matter) and want to use the automatic pull mail feature for getting the e-mail from your University of Vaasa account, then here is the certificate that you will need. Unless you have this certificate installed, you will recieve a certificate error message on the server mail.uwasa.fi everytime you connect to the server because the UoV’s computer center have used their own self-signed certificate on that server.

Download: mail.uwasa.fi Server Certificate

Extract the file withing the zip-file and transfer the .der-file to your phone. Open the file there and allow the import of the certificate into the phone’s certificate list. If the phone asks for which usage areas the cerficate should be used for, select ”Internet”.

How can you do this yourself? Follow the instructions by Kevin Henrikson in “Gmail POP SSL certs for Symbian / Nokia phones“. I have used Opera to easily export the certificate, but the OpenSSL method used by Kevin also works fine. (Plus there seems to be some bug with the export function in the latest version – 9.10 – of Opera, or at least on Windows Vista. Can’t say which one is the faulty one for sure.) The settings for connecting to the UoV mail server can be found here.

New Year, New Vulnerabilities
2 January 2006 in Code-ing & Security | Comments (0)

This new year started off in great fashion, with a new vulnerability discovered in Microsoft Windows that affects every computer out there and is ridiculously simple to use. The bug in WMF-files is that the file format itself allows code to be executed on all computers running Microsoft Windows. The best part of the bug is that it is a feature from way back in Windows 3.0 (1990)! 8O

According to F-Secure’s weblog:

The feature now in the limelight is known as the Escape() function and especially the SetAbortProc subfunction. This function was designed to be called by Windows if a print job needed to be canceled during spooling.

This really means two things:
1) There are probably other vulnerable functions in WMF files in addition to SetAbortProc
2) This bug seems to affect all versions of Windows, starting from Windows 3.0 – shipped in 1990!

The (Unofficial) Fix

The fix to this security hole is already available, but not from Microsoft but from the author of IDA, Ilfak Guilfanov. Here is a link to an installer of the unofficial patch:
http://www.hexblog.com/security/files/wmffix_hexblog13.exe

I have downloaded and installed the patches, just to be safe when I’ve gotten Google Desktop running. FYI: Google Desktop will be indexing and thus run any malicious code in WMF-files that you view in a browser or get via email, so you better disable indexing (in GD preferences), uninstall Google Desktop (recommended by F-Secure) or install the patch ASAP.


  •  

    July 2014
    M T W T F S S
    « Mar    
     123456
    78910111213
    14151617181920
    21222324252627
    28293031  
  • Categories