Security & Privacy
Router Attack - If This Applies, Fix It Now.
Those of my clients for whom I manage systems need not worry about this.
For everyone else, take note of a rather dangerous new security hole. It may affect you if you have a home router (or even a business router) that is still using the default user credentials. For example, some routers require a blank username and a password of "admin." If this is the case, and someone using your router's network visits a Web site with malicious code, your router could be hijacked.
This "pharming" threat is described in a paper from researchers at Indiana University and Symantec. See a good explanation in this PC World article.
There is a more general lesson to be learned here. Whether hardware or software, never leave default usernames or passwords in place. Always change them.
February 15, 2007
Windows Genuine Advantage
I am disappointed in Microsoft for its Windows Genuine Advantage program, which appears to fit the definition of spyware. It is a breach of trust from the "trustworthy computing" company.
The best place to start to learn about this terrible initiative is Brian Livingston's great article in his Windows Secrets Newsletter.
I will be in touch with my clients regarding appropriate next steps. Others should ask their systems administrators for their best advice on this matter.
This is a very sad turn of events.
June 15, 2006
Windows Metafiles
The final word on the Windows Metafile (WMF) vulnerability can be found at Steve Gibson's terrific new WMF page. He also has a new utility to test for the problem.
See Microsoft Security Bulletin MS06-001 for details on the official patch.
Steve's research establishes that no patch is required for Windows 95, 98, 98se, or ME.
January 24, 2006