Alexander’s Blog

Swiss IT security company Dreamlab Technologies AG has shown that it is possible to capture and decrypt keystrokes, meaning that user names, passwords, bank details
or confidential correspondence can be very easily eavesdropped. Although the trend in wireless communication in peripheral devices such as keyboards and mice is moving
towards Bluetooth, market leaders such as Logitech and Microsoft rely on cost-efficient, tried-and-tested 27 MHz radio technology. Using just a simple radio receiver, a soundcard and suitable software, Dreamlab Technologies has managed to tap and decode the radio frequencies transmitted between the keyboard and PC/notebook computer. Although manufacturers of wireless keyboards partially prevent data from being tapped by using cryptography, unfortunately the encryption is weak and thus does not offer real protection. Max Moser from Dreamlab Technologies states: “Wireless communication is only as secure as the encryption technology used. Due to its nature, it can be tapped with little effort.”

Dreamlab Technologies tested and successfully cracked the encryption key used within Microsoft Wireless Optical Desktop 1000/2000 keyboards. As most products in Microsoft’s Wireless Desktop range are based on the same technology, Dreamlab Technologies does not consider them to be secure either. During the test, Max Moser and Phillipp Schrödel of Dreamlab Technologies succeeded in eavesdropping traffic from a distance of up to ten meters using a simple radio receiver. With the appropriate technical equipment, larger distances are possible.

For more information, you can read Dreamlab’s whitepaper and watch their video demonstration.

Mozilla has taken another security blow with the discovery that Google user accounts can be accessed through a dangerous Firefox exploit.

The vulnerability, which is still in the wild some 10 days after its discovery on gnucitizen.org, allows hackers to access Google accounts, including Gmail, with cross-site scripting attacks.

A client or server-side exploit can be inserted into .zip files via open document formats from Microsoft Office 2007 and OpenOffice, and uploaded to a server where the Firefox JAR protocol extracts the compressed data.

While Mozilla has not issued a solution to the problem, application firewalls and proxy servers can be used to block Windows Universal Resource Identifiers (URIs) that contain the JAR protocol, while Web administrators can use a reverse proxy to prevent malicious content from being uploaded.

Users can download a NoScript add-on for Firefox to block JavaScript and executable content from untrusted Web sites, and can secure their Google accounts by remaining signed out whenever possible.

Read this entire story as reported by PC World.

Here’s some useful information posted by the University of Washington regarding peer-to-peer file-sharing issues.

1. Peer-to-Peer File-Sharing: What is the risk?

Every day, millions of computer users share files online. Whether it is music, games, or software, file-sharing can give people access to a wealth of information. You simply download special software that connects your computer to an informal network of other computers running the same software. Millions of users could be connected to each other through this software at one time. The software often is free and easily accessible.

Sounds promising, right? Maybe, but make sure that you consider the trade-offs. File-sharing can have a number of risks. For example, when you are connected to file-sharing programs, you may unknowingly allow others to copy private files you never intended to share. You may download material that is protected by the copyright laws and find yourself mired in legal issues. You may download a virus or facilitate a security breach.

For a more details on securing your personal information and additional information on file-sharing software and how to remove it, see file-sharing security and software programs.

2. What is the copyright issue?
Under copyright law, it is illegal to download or share copyrighted materials such as music or movies without the permission of the copyright owner. The record and movie industry in recent years has taken an aggressive approach to stopping illegal downloading and file sharing. This has put many students at the nation’s colleges and universities at some legal risk.

Your actions when downloading or sharing files are traceable and could result in a significant financial penalty to you.

3. What is the record and music industry doing about illegal downloads?
There are many initiatives that address illegal file sharing. For instance, the Recording Industry Association of America (RIAA) is now sending colleges and universities letters pointing to specific alleged instances of illegal file sharing and requesting the university to forward the letter to the person the university identifies as being associated with the activity. The letter, called a “Pre-Settlement Letter” notifies the student that he or she has a specified number of days to settle with the RIAA by going to a designated website, entering identifying information, and paying a set amount, usually between $3,000 and $5,000, but sometimes considerably more. The letter states that, if the recipient chooses not to settle, the RIAA will file a lawsuit and the offer to settle for the amount stipulated may no longer be an option.

Click here to read the rest of the article.

I recently ran into this situation where I had to configure a Windows XP computer located on an internal network behind a Windows Server 2003 running Routing & Remote Access service to connect to a Cisco VPN. After installing the Cisco VPN on the client the computer was not able to establish a VPN connection from the internal network. However, outside the internal network the connection worked fine. The Windows Server 2003 was configured as a router and the Windows firewall was enabled. I noticed that the firewall was not configured to forward the port required to establish a Cisco VPN connection. I configured the proper port (TCP port 10,000) and the client was able to connect successfully.

I should point out that this scenario doesn’t apply to only the situation I just described, it also applies to situations where computers are located behind a DSL or cable modem and are trying to use Cisco VPN client for VPN connectivity. The following procedure describes configuration of Routing and Remote Access on Windows Server 2003 to add a custom port for Cisco VPN. You should check your router documentation for specific instructions on how to configure ports on the router.

1. Start Routing and Remote Access management console on your Windows Server 2003.
2. Select “NAT/Basic Firewall” under IP Routing.
3. In the details pane on the right-hand side, right-click the network interface that is connected to the Internet and select Properties.
4. Click on Services and Ports tab.
5. Click the Add button and type a description of service, such as Cisco VPN.
6. Make sure that TCP is the selected protocol and then type “10000″ without the quotes in the Incoming port and Outgoing port boxes.
7. In the “Private address” box type the IP address of your external interface that is used to connect to the Internet. Do not use the IP address shown in the sample graphic because it is used only for demonstration purposes.
8. Click OK twice to close all boxes and exit the management console.

Your users should be able to connect to the Cisco VPN now. There is no need to reboot the Windows Server 2003.

Microsoft’s Excel application contains a vulnerability that could allow a remote attacker to gain access to a system.

The flaw affects multiple versions of the spreadsheet software, including Excel 2000, 2002 and 2003, as well as versions of Microsoft Office containing those versions. It can also be manipulated in Excel Viewer 2003 and Office 2004 for Mac. Click here for more details.