Monthly Archives:March 2007

Don’t do it for long term..say over a month or two and then no more than a few hours a day..and definitely don’t go more than 10-20 hours a week for that short time.. Even fellow Christians get comfy with it and forget you don’t actually work there..you are a volunteer and they forget the respect and care that goes into not only getting volunteers but keeping them. I have 3 hugely long-term projects that i have been deeply involved in. I just completely resigned from one…another ends on Friday..and a third while it doesn’t fully end it gets cut back by 90% in a couple of weeks.

I ha a volunteer career going there for a while. My wife and family bore the brunt of my time that was eaten up by my volunteer career. That career is now gone and i can focus on what matters the most..my wonderful family that God has given me..:)

For me this is a big deal due to the HUUUUGE amount of training courses i have access to for free! My business has finally brought in enough money where i can take the IEEE up on their invitation of a discounted membership offer. I can’t wait to start my training..just which one to take? Cisco? CISSP? I honestly don’t know as i have 1300 courses to choose from. I also have access to testing facilities at large discounts. I’m not trying to brag I am just so ecstatic it’s amazing! This is all God! I have been praying and hoping for this to start happening. I hope i continue to do HIs will so He will continue to bless my business.

A cracker got into WP’s systems and compromised the release. A new release was put out to protect against this since all of the files are now suspect. Upgrade your wordpress immediately.

I have the file download attached to this post. Grab it here and install it. I’ll let the transcript from Security Now! talk about it:

Steve: Oh, yes. The challenge of secure Wi-Fi just never seems to be resolved. We of course talked last week, following up from the week before, last week we were talking about this problem of how ad hoc networks, as opposed to infrastructure networks, an infrastructure being where you’ve got a base station you’re connecting to, an ad hoc network being where you just have two random, for example, laptops that are able to directly connect to each other or associate in order to create a connection, and how unfortunately Windows XP is a little misbehaving. In fact, you had that neat anecdote from two weeks ago, Leo, about how there’s sort of almost a virus, this Free Wi-Fi network virus that jumps from laptop to laptop.

Well, hearing last week’s episode where we talked about and showed on the show notes page how to go through and deliberately disable this sort of automatic ad hoc network connectivity, some sharp people over in the GRC newsgroups picked up and said, hey, Steve, did you forget about the Windows Client Update from late last year? And it’s like, uh. Then of course it rang a bell, and I remembered being aware of it, but it’s something we definitely want to talk about.

Okay, now get this, Leo. This is really annoying. A completely patched, like right up to date, XP system that includes wireless will not have a client update to the Windows ‘ it goes by various names, like Wireless Zero Configuration, WZC. But it will not have a really important update which all XP Service Pack 2 people will really want to incorporate. So it’s something that Microsoft ‘ it turns out it was on October 17 of ’06, so only a few months ago, that Microsoft released this to fix a whole bunch of holes in this Wireless Zero Configuration. But they never put it on their list of stuff that you’d like to have automatically downloaded into your machine.

Leo: Oh, so you have to specifically request it.

Steve: Yes. Yes. And it’s really important. For example, reading from ‘ and on our show notes page, of course, I’ve got links to all this. But reading under Changes for Ad Hoc Networks, it says, ‘On a computer that does not have the wireless client update’ ‘ which is what we’re talking about ‘ ‘installed, wireless auto configuration’ ‘ which is the other name it goes by, either zero configuration or auto configuration ‘ ‘automatically tries to connect to all the wireless networks in the preferred networks list that have previously been connected to.’ Get this. ‘If no infrastructure mode networks are present, wireless auto configuration sends probe requests out to try to connect to the first ad hoc wireless network in the preferred networks list. An observer could monitor these probe requests and establish an unsecured connection with a Windows wireless client.’

So literally, a laptop that someone’s just carrying around with them, when they’re not connected into a network already, every minute it’s sending out probes announcing networks that it used to be connected to or had been connected to in the past to see whether there might be a non-broadcasting network, that is, a network which is not broadcasting its SSID, its network identification, that would allow then this machine to connect to it. So it’s, literally, it’s spilling the beans. It’s sending out the names of networks that your laptop knows about. So…

Leo: Wow. Wow.

Steve: Yeah. And so, like, okay. This is not a huge security problem. But who wants their Windows machine sending out, you know, by radio, Wi-Fi names of…

Leo: Here’s people I trust. Here’s people I trust. Okay, just come on, pretend you’re one of them.

Steve: Yeah, I mean, essentially, anyone passively sniffing Wi-Fi packets will be learning about the names of the networks that the people around them have connected to in the past.

Leo: I would guess that’s how the Free Public Wi-Fi…

Steve: That’s exactly how it happens, is that a machine that has it, broadcasts it. Another machine says, oh, and connects to it. And now it has it. So the changes, on a computer that has the wireless client update installed, ‘Wireless autoconfiguration does not send probe requests to connect to newly created ad hoc wireless networks in the preferred networks list. Because many ad hoc wireless networks are created for temporary wireless connectivity’ ‘ I mean, that’s like all what you’d be using it for ‘ ‘you must use the Choose a Wireless Network dialogue box to manually initiate a connection to an ad hoc mode wireless network.’

Okay, now, that makes sense. So here’s a perfect example of Microsoft still not getting this tradeoff between privacy and security and convenience. Because the original design, even post-Service Pack 2, I mean, this is just in October, at the end of ’06. So even post-Service Pack 2, the big, much-heralded security update for Windows XP, they’re saying, oh, it’s better to err in the direction of convenience and, oh, look, it just works, than it is towards privacy and security.

Leo: Interestingly, though, this whole Wireless Zero Config, while I guess on the surface it looks more convenient, it’s caused more problems for more people. It is not, it is the opposite of convenient. I get people complaining all the time that they drop connections, and often it’s because Wireless Zero Config is kind of promiscuous.

Steve: Ah, well, actually that’s also one of the things that this update deals with is, if you end up with another network acquiring a stronger signal than the one you’ve got…

Leo: It just flips right over.

Steve: Yes, it’s able to jump networks and switch to the stronger one. It’s like, no. That’s not my network. This is not a cell phone, where I want to be jumping between cell towers. So anyway, they’ve fixed a bunch of things. We’ve got links on the show notes page to this description, to the page you can use for downloading. And just I was curious. So I, literally, I took an XP machine that had never ‘ it was fully patched, up to date. I looked at one of the main files, which is wzcsvc.dll. So that’s going to be Wireless Zero Config service dot dll. On a completely patched XP SP2 machine, its file date was 6/21/05.

Leo: That’s completely patched with critical patches, but not these optional patches.

Steve: Well, no, everything that ‘ no, not, I mean, everything that you can get automatically from, you know, as you install XP, then you go through all the Windows Update cycles over and over and over until it finally, you know, the patches have had their patches, and they’ve had their patches. so that it’s all settled down, and so okay, you’ve got everything you need, this thing is not part of that. And so only if you deliberately update, then it jumps you from a 62105 to 81806 on basically a whole set of files, which are enumerated on this page. So people will be able to look at their files, see whether this has been done for them by someone, and most likely it hasn’t been since it hasn’t been that long ago, it was in October.

Leo: I’m sure mine’s not.

Steve: And so everyone listening is going to want to run this patch because this basically locks down the wireless service, you know, this autoconfig sort of promiscuity of XP.

Leo: So once again, you’ll run Windows Update. It’s not a critical patch, though. You have to go in the optional patches. And what’s the name of it?

Steve: No no no, Leo. It’s not in Windows Update. You can’t find it there.

Leo: It’s not even there?

Steve: No. You have to deliberately go and ask for this by name.

Leo: Oh, grumble, grumble, grumble.

Steve: So the only way to find it, I mean, if you put in, for example, to Google or to Microsoft, you put in ‘wireless client update,’ I’m sure you could find it on Microsoft’s site that way. So ‘wireless client update,’ put it in the Microsoft search box, I’m sure you’ll find it. Or we’ve got links to it on our show notes. But there is no way, I mean, it doesn’t show at all through any of the normal, you know, take-care-of-me-Microsoft updates.

Leo: It’s not even an optional update. Okay.

Steve: Right.

Leo: And it is the first Google result if you do ‘wireless client update.’ And there’s a download link on that page.

Steve: Perfect.
Windows XP Wireless Update

During the past two/three weeks, the mainstream media has flooded us with images and news stories surrounding the death (and legal actions) of Anna Nicole Smith. A day has not gone by when there has been something posted on msnbc.com and others, to be sure, relaying the latest developments in the bizarre case. Chapter One, the death of Anna Nicole Smith came to a close on Friday when she was laid to rest, next to her son, in the Bahamas.

So, one must wonder, why so much attention paid to a person who was not a politician, not royalty, not an A-list movie star or other high profile person. The American public has been eating up the coverage of the trial, the custody fight and other unique developments. As one who has been involved with custody trials, they are not pleasant to endure. It is a private time between arguing family members, not a circus. But, nonetheless, we continue to digest every word that is fed to us. Why.

Let’s take a look at the other news stories that have been relayed to us this week:

1. Hilary Clinton’s presidential bid (pretty scary stuff)
2. Stock Market crash (see notes above)
3. Democratic candidates presidential bid (ditto)
4. Bus crash (very sad)
5. Nasty weather
6. War in Iraq (nothing against our troops, but the political mumbo jumbo is really getting old)
7. Iran
8. Need I go on?

Anna Nicole’s death and subsequent legal issues have been an escape for us. There is only so much that one can take of the bad news. Watching the same shows recapping the same issues is tedious. The dates may change, but the overall stories stay the same, especially in the political arena. It is extremely sad when lives are lost. My prayers go out to those who have lost someone close. A bus accident is tragic, but what about those lives lost that did not make the news? We are constantly bombarded with images of bickering, fighting and bantering. Enough is enough. While the Anna Nicole circus may seem surreal, it provides a relief that is desperately needed. I, for one, welcome the images of a pink rhinestone draped coffin. It rates significantly higher than images of Hillary Clinton.

Gen

And who really needs reality TV when we have the news covering the Anna Nicole Smith events in such detail.