ap02In my time in IT I have worked with a number of wireless devices for the consumer and for businesses. These have ranged everywhere from simple $40 products that are only meant to get you online (not fast, but online) to multi-component wireless systems costing thousands of dollars. All of these still use the same basic technology to get you connected and to pass traffic between your device and the internet. At their heart is going to be a wireless radio, but this does not mean that all wireless products are the same; quite the opposite in fact. There is a clear line between wireless for the average home and wireless for the average business. The factors are mostly in the software used and the features that you have at your disposal, but you also will often have more advanced hardware under the hood as well. Today we will be taking a look at standalone wireless access point that is aimed at the business market (although there are many things that consumers will like about as well). This is the NETGEAR WNDAP360 ProSafe Dual Band Wireless Access Point; let’s see if worth the $290 it will cost to put one of these in your office.

ybk-01

As more and more user accounts are hacked, we still hear about systems that still allow for simple password hints, security questions, and even worse will not allow for complex passwords. We know of at least three banks that will not allow special characters in their passwords and limit them to 14 character maximums. This lack of foresight on the part of the people that are supposed to be protecting our data is shocking to say the least. Even with easy access to items like TFA (Two-Factor Authentication) we still hear about security breaches and account hacks on a daily basis. So what do you do if an online service does not provide any two-factor authentication? Most would say you are out of luck, but there is something that might help keep things a little more safe than just the stock password that you are required to drop into your accounts.  This is the Yubikey which provides something like a secure token that you can add to your online accounts to put in a little more protection.

73In a very interesting twist on the Occupy movement Subpoenas are being issued demanding information relating to many of the Websites that related to the Occupy cause. One of the Subpoenas that was posted on Scribd.com is asking for quite a bit of information including “Any and all documents and records relating to the following articles posted on the Website including records of the IP addresses and pseudo names of the blog posters.”

84

The threat of a data breach is one that every company faces and it is also an eventuality that they all know can happen at any time. The number of daily attempt to penetrate corporate security is staggering as is the number of successful attack where at least some data is taken. It is for this reason that we still a confused when companies want to move to a cloud based or subscription style software agreement. Once all of that billing information is stored in a single spot (even multiple data centers) it becomes a very big target. Adobe has found that out the hard way as they are now reporting a breach that lost the information for approximately 2.9 Million users and source code for Cold Fusion and Acrobat.

anonymousThe National Security Agency has just released a report to the powers that be in the US that expresses concern that the online activist group Anonymous could go after the US power grid in the next 3-5 years (we told you things like this would happen). This report was put together by their counter terrorism group and while it lacked any details in the body of the report (like the axis for attack) and forgot to mention there are other people out there that would like to do this (like foreign countries and real Terrorists) it does raise some real concerns.

anonIn what has to be one of the most unusual “Get-The-Vote-Out” campaigns that I have personally seen it appears that Anonymous and the Occupy group are urging people to hold politicians accountable for their actions by voting them out of office.  While some in the media are calling this a first it is not the in reality. In multiple messages Anonymous has called on the public to hold their political leaders accountable. Their methods might be different at times, but this is also the beginning of the voting season in the US so the move really comes as no surprise.

broken-lock

As we have been working with Windows 8 and Windows 2012 server we have become increasingly concerned about security. Although Microsoft has claimed that they have improved security through items like the locked UEFI boot process there are still glaring omissions in security that keep popping up very recently it was noted that despite the claims from Microsoft of a more secure login process the password hint is exposed in the SID database and easily recovered remotely. We also found that users’ contact lists are also left in the open (and in plain text) and available to anyone that can gain remote elevated privileges; which is what almost all Viruses and Malware try to do.

New Sandworm 0-Day and Possible SSL V3.0 Flaw is a Great Way For a Sysadmin to Start the Day
Published in News

When you are a sysadmin there is nothing like waking up to not one, but two troubling bits of news. The first one centers on a new and fun Zero-Day vulnerability that affects just about every version of windows that Microsoft still supports. Dubbed Sandworm by iSight, the security firm that discovered it this bug exploits yet another flawed internal mechanism in Microsoft’s OS.

17We have always been a supporter of certain Internet freedoms as well as individual privacy (no surprise there huh). Bills like PIPA and SOPA showed us a glaring issue with the existing level of knowledge currently held by the people that make our laws (and not just in the US). This is not a big shocker to most people either. It is fairly common knowledge that our law makers get into office based on little more than a popularity contest that is held every few years. Once in office they are like the gullible kid in school that gets talked into things, by the “cool kids”, but in this case the cool kids are lobbyists and are not looking for a laugh they are looking to improve their control and profit.

Wednesday, 26 September 2012 22:17

Samsung Galaxy S3 remote reset hack

samsung-logo

It looks like there is a simple hack, containing of only one line of code that can start an unstoppable factory reset on the Samsung Galaxy S3. According to security researchers there is a simple USSD (Unstructured Supplementary Service Data) code that can do some serious harm to S3 owners. USSD is a session based GSM protocol unlike SMS and MMS, and it is used to send messages between a mobile phone and an application server. With the advancements in technology there are more than few services based on USSD, some of them are social networking apps, mobile banking, prepaid recharge/account balance, even the NFC technology and QR codes.