May
08
2007
I’ve been a fan of my local ISP, Sonic.net, for a long time, and one of the reasons is the fact that they give good intelligence about their own outages. Here’s an example of a post on the Sonic.net sitefrom earlier today, when I noticed incredibly slow Internet access. I did about half a dozen tests on my network before contacting them, so
I was relatively certain the problem was on their end this time.
Tue May 8 10:57:02 PDT 2007 — A hardware failure in
one of our DSL gateway routers has caused packet loss and slow
performance for a percentage of our DSL customers. We have identified
the problem and expect service to be fully restored in 30 minutes.
-Eli, Operations
This is more information than the average user might want or need, but it’s exactly the sort of thing a power user is going to want to know. They treat their users as knowledgeable until proven otherwise, which has greatly helped me the few times I’ve had to call in with support issues.
They appear to have fixed the issue, which means I can stop using my cell phone for connectivity and go back to the wireless.
Technorati Tags: Sonic.net, ISP, DSL
![[Slashdot]](http://slashdot.org/favicon.ico)
![[Digg]](http://digg.com/favicon.ico)
![[Reddit]](http://reddit.com/favicon.ico)
![[del.icio.us]](http://images.del.icio.us/static/img/delicious.small.gif)
![[Facebook]](http://www.facebook.com/favicon.ico)
![[Technorati]](http://technorati.com/favicon.ico)
![[Google]](http://www.google.com/favicon.ico)
![[StumbleUpon]](http://www.stumbleupon.com/favicon.ico)
May
08
2007
I went camping with my father and brother, along with about 30 other guys on our annual ‘fishing’ trip this last weekend. It was great, except when we went to start Dad’s truck Friday morning; no truck should be making the sounds his did. This wouldn’t have been a big deal, except we were over 10 miles from the nearest paved road. AAA came through, but not without a some hassle. This didn’t ruin the trip, but it had the potential. Minor disaster #1.
Sunday after grabbing a ride home from another camper, I took my car out to drop off a couple of movies the wife had rented for the kids. I went to roll down the driver’s side window and I heard a crack and the sound of parts settling to the bottom of the door. This was worrisome, but livable, until the whole window decided to fall to the bottom of the door. Luckily it didn’t break. Minor disaster #2.
Last night after work I settled down to play a few minutes of my favorite game, City of Heroes. I’d been online for half an hour or so when the screen went black. Figuring something had overheated, since it was 93 degrees out, I let the system cool down for a little while. When I booted, only one of my two monitors was coming up, and even then, there were strange characters on the screen. A trip to Best Buy for a brand new GeForce 8600 GTS OC video card and I was back in business for a mere $300. But the good news is I got a much better video card out of the deal, the 8600 replacing a 6600 I had purchased last year. This one’s actually meant to drive two monitors. Minor disaster #3.
These are all minor issues in the grand scheme of things and I hope they’ve run their course. It’s annoying to have a series of mishaps like this, so I hope I’ve had my share for a little while. I don’t know how much it’s going to cost to fix my car or my father’s truck yet, but I have the funny feeling neither is going to be cheap. Looks like things are going to be a little lean until next paycheck.
And now back to your regular programming.
May
07
2007
A couple of months ago I was in Massachusetts, driving down the road when Mitchell pointed out the window and said, “There’s the TJX building.” And there it was, fully visible from the highway with the corporate logo on the side of the building. All the talk the last couple of months and I finally got to see where the TJX compromise really happened. It definitely changes your perspective to see a place in the real world that you’ve only read about previously.
I can see how easy it would be to war drive the TJX building. We were on a main freeway and passed within a couple of hundred yards of the building. I can only guess that there would be a main street on the other side of the buildings and it probably wouldn’t be all that hard to sit on the street sniffing the wireless traffic. Which is apparently very close to what happened. TJX was using WEP encryption on their access points, even after they knew it was a cracked technology. I guess they didn’t understand how completely they were vulnerable.
There are at least a couple of databases of access points discovered from war driving that I know of and I’m certain there are some only the hackers use. I can imagine that TJX’s previously insecure access point was in at least one of these databases, which would make finding and targeting it a breeze. With a good yagi antenna, the hackers wouldn’t even have to be that close to the actual access point. There were several buildings in the TJX area that were stories taller and would have made good wireless attack points with a yagi. If TJX was really using WEP, there are several tools that could easily have broken the encryption with in a day, maybe less.
I hope other businesses who are still using WEP or no encryption in their wireless networks read about this. It’s one thing to have the convenience of wireless, it’s another thing to share it with someone who wants to steal your credit card data. Another point the auditors made in the TJX review is that the wireless network was basically part of the wired network, with no firewalls or other layers of security between the two. This is basic network architecture, which should have been in place if the network was set up by a security professional.
There are a lot of lessons to be learned from TJX and I’ve only scratched the surface. While I don’t like reaching management using FUD, this article gives a lot of very specific examples you could use to wake up your own management. I’ve often found the “See, this is exactly what we’re doing!” argument works well when you have specifics.
Technorati Tags: security, TJX, credit card, compromise
May
03
2007
This Quicktime bug has the potential to be a nasty, little cross-browser exploit. If you haven’t already turned off Java in your browser, you should stop reading and do it now. Even if you’ve updated to the latest and greatest Quicktime and Java patchs, you might want to leave Java off in your browser. I’m running Firefox with Java off on both my main systems, and I’m running NoScript on my Mac Book Pro, soon to be installed on the Windows desktop. Yes, no Java will interfere with some sites, but not as many as you’d think.
Thomas does an excellent job of explaining how this bug affects your system something close to plain English. It’s more than a little bit scary that he can demonstrate how the bug in less than five lines of code. If he can show it that quickly, I have to imagine it can’t be too hard for a talented coder to work up a more useful exploit for the vulnerability, if they haven’t already. Making the exploit cross-platform will be a lot harder, but given a little bit of time, I’m pretty sure it will happen.
Technorati Tags: security, Java, Quicktime, noscript