Wireless Client Update for XP SP2
Plus: secure e-transactions, baseless Russian hacker hysteria, more.
changes to wireless networking
have been affected for 32-bit versions of
Windows XP with SP2 applied. The changes include increased Group Policy support
as well as alterations to the way the system probes for preferred networks:
- WPA2 support has been added to the Wireless Network Policies node of the
Computer Configuration Group Policy Object.
- Wireless Networks set up in Windows XP can now be specified as either broadcast
or non-broadcast. Networks specified as broadcast are no longer probed when
the client cannot find a preferred network.
- When a wireless adapter is “parked,” which is a state where it
is not currently connected to any network and is scanning every 60 seconds
for a preferred network, some drivers may interpret this state as a valid
network. A random network name is assigned, which may be discoverable by a
criminal. Should that happen, it may be possible for the criminal to connect
to the system while in this state. The update causes a random strong encryption
key to be applied to the random network created.
- The update also prevents systems from connecting to newly created ad hoc
networks and forces the user to choose which network they want to connect
to. This should help prevent criminals from connecting to the system while
it probe for an ad hoc network.
column was originally published in our weekly Security
Watch newsletter. To subscribe, click here.
Russian Terrorists May Try Cyber attacks
A Russian computer security expert uses FUD
to try and drum up more state-funded efforts to combat cyber crimes.
Seems this is the week for FUD! Despite no cyber terrorism events being recorded
in Russia, this guy has suggested physical incidents of terrorism by Chechens
as somehow indicative that, in the future, they will focus on Russia’s
increasingly wired infrastructure.
No reasonable explanation is offered as to why he thinks this, except the fact
that he believes the Russian government is understaffed and ill-trained to thwart
an attack. While this clearly makes a suggestion terrorists might consider,
the fact it has not happened anywhere suggests terrorists aren’t terribly
interested in such an attack.
In any event, it is hard to see the value in such stories beyond suggesting
that investment in Russia is ill-advised.
E-gold Operator Identifies People Who Misuse System
You’re damned if you do and damned if you don’t. E-gold’s president,
Douglas Jackson, says he’s having a tough time getting
law enforcement to cooperate regarding his discovery of suspicious transactions
while e-gold is being investigated by the U.S. Secret Service.
According to Jackson, he’s been tracking suspicious activity on this service
for a year in an effort to expunge the company’s name from its association
with carders, botnet owners and child pornography rings. Seems law enforcement
would be willing to work with him, but won’t guarantee they won’t
use the information he provides against e-Gold should they feel it points in
Very chicken-and-egg-like. E-gold has started suspending accounts it deems
suspect and -- according to one individual -- without providing much reasoning
when it does so. It's hard to tell at this point who is in the wrong, but clearly
someone is. If e-gold is the festering pool of criminal transactions its been
made out to be, it's high time something happened to reverse that, whether it
means them ceasing some or all transactions either at their own behest or with
influence from law enforcement.
Teenager Ran Internet Banking Scam
A 16-year-old that New Zealand police sent to computer training courses
in order to improve his behavior has
been charged with and admitted to 26 counts of fraud. The youth defrauded
banks of nearly $45,000.
Talk about being out of touch with the times. Clearly there is far more criminal
activity to be found by a 16-year-old online than there typically is in the
physical world, and online criminal activity is far more stealthily conducted.
It might have been better to have the kid pick up garbage on the side of the
highway than to teach him to spew it on the Information Superhighway.
RFID Personal Firewall
A research paper on preventing or managing the reading of RFID tags within your
personal space has won Best
of Show at the Usenix LISA '06 conference. The paper (.PDF
here) describes how to build a unit from commercially available off-the-shelf
Unfortunately, it seems that the authors have failed to recognize that the
device they describe will make an excellent tool for thieves who want to
ensure the RFIDs on the goods they steal cannot be detected.
Russ Cooper is a senior information security analyst with Verizon Business, Inc.
He's also founder and editor of NTBugtraq, www.ntbugtraq.com,
one of the industry's most influential mailing lists dedicated to Microsoft security.
One of the world's most-recognized security experts, he's often quoted by major
media outlets on security issues.