February 28, 2004

D-Link DI-624 802.11g with WPA-PSK

A WPA story.

I got a D-Link DI-624 802.11g wireless router and a D-Link DWL-G650 card a few months ago. Good price and it runs the Atheros chipset with bonds two channels together to give a max bandwidth of 108Mbps. Supposedly WPA support was available in the router firmware but I could never get it to work. Then, last week, D-Link released firmware revision 2.36. A few people reported on their installs on the D-Link forum on Broadband Reports and, at the time I read them, things didn't seem too bad. I installed it and it was a disaster! Reboots, disconnects and lost connections and I hadn't even enabled WPA. So, I backed it off and things still didn't come around until I'd done about 3 reboots of my laptop. D-Link removed the firmware from their site.

OK, I backed off and decided to wait. Just a few days ago, D-Link posted version 2.37. Good reports in the forums so, after about 24 hours, I installed it. Last night. Before I went to bed. From the wired computer. And then I went to bed.

Got up this morning and the router hadn't rebooted all night. A good sign as it was rebooting every few minutes on 2.36. So, I connected my wireless laptop. No problems. Ran most of the morning and still no problems. OK, deep breath, take a System Restore point (that was the only thing that rescued me the last time I installed the WPA update). Run InstallWatch so I can see what's changed on my system and install the WPA update. Things continue to run OK in WEP so I decide to enable WPA-PSK on the router and on the laptop.

Voila!

Posted by tony at 03:18 PM | Comments (0)

February 27, 2004

Couple of MP3 tools that might be interesting

I've been using J. River's Media Center since, oh, I dunno, maybe version 7. It was called Media Jukebox then, I think. Version 10's in beta now and I'm very pleased with it. There are a lot of free media managers and taggers out there and I'm always looking. Two that have recently come to my attention are The Godfather and Media Tagger. Doesn't look like either of them maintain a database like the J. River products but they still look like they can be handy.

Two others that I've looked at and am pretty happy with are ID3-TagIT and Mp3 Book Helper.

Posted by tony at 07:22 PM | Comments (0)

February 26, 2004

WinXP SP2, boiled down

Got this abbreviated rundown of what's in SP2 from a friend. He distilled this from the various documents available from this Microsoft page.

The overview White Paper seems to have the most useful info in least amount
of bytes. Major tightening on:
* Firewall (ICF beefed up quite a bit, but still no outgoing protection like ZA does.)
* RIPC - but Firewall has to be on to enforce
* DCOM - better protection from non-authenticated admins lot of safeguards/detection on buffer overruns, other memory protection (enabling hardware protection on Itanium & AMD K8)
* Outlook Express gets most of the Outlook security enhancements (images, HTML, application execution, etc.)
* IE adds a lot of new controls (all URL objects similar to ActiveX controls, no cached scriptable objects, block pop-ups, stop scripts from moving/resizing windows, etc.)
* DirectX and Media Player 9 locked down - details for that in a doc I have not read yet
* Alerter and Messenger services OFF by default

Posted by tony at 12:50 PM | Comments (0)

Mozilla cross-site scripting vulnerability

I've been taken to task on occasion for only reporting Windows issues. Well, the fact is, that's what concerns me the most. But this Secunia advisory got my attention because I use Mozilla (well, Firefox) a lot. Not to the exclusion of IE but a lot.

The flaw's supposedly caused by a race condition which will allow a script from a previous page to be executed in the current page's context. It's supposed to be fixed in V1.6b of the Mozilla Suite.

I notice that the Mozilla site doesn't say anything about the flaw or its resolution and the current full Win32 download is tagged as being version 1.6 (note, no "b"). Matter of fact, 1.6b was released BEFORE the current release, back in December. The bug was reported on December 2 and a fix was submitted on the 3rd but there was a lot of discussion in the bug report about whether it should be "revealed" until all versions are fixed. Then, on Feb. 25, they finally say it's fixed and we get the security alert. Isn't that backward? Aren't we supposed to know about these things earlier?

(OK, Chuck, you happy now?)

Posted by tony at 12:43 PM | Comments (2)

February 23, 2004

"Control" a Mars rover

Maestro lets you control a virtual Spirit or Opportunity. The site claims the software is a scaled-down version of the software actually used by NASA. Here's what Chapter 1 of the Online Manual says:


Maestro is a publicly available version of the tool used by scientists to plan daily activities for the 2003 Mars Exploration Rover mission. With Maestro, you can view pictures taken by the rover. You can also select driving destinations and points of interest where you want to take your own pictures.

Posted by tony at 07:44 PM | Comments (0)

Moving things around and between Active Domains

Also discussed in the current issue of Windows Tricks and Tips Update is how to move objects between domains, how to move users between domains and how to move computer accounts. These 3 items are also listed in their FAQ.

Posted by tony at 07:48 AM | Comments (0)

Network drive letters in WinXP

Today's Windows Tips and Tricks Update (subscribe here) has a good tip for those of us that still use tools that don't allow UNCs and have to use drive letters for some of our network drives:

Q. Why doesn't my Windows XP system display drive letters for my network drives, and why can't I create long filenames and folders?

A. You might receive the error

"The drive that this file or folder is stored on does not allow long file names, or names containing blanks or any of the following characters: \ / : , ; * ? < > |"

You might also notice that no drive letters are assigned to your network drives. These problems can occur if Windows Explorer starts before your network logon script has finished running. A new feature in XP known as Fast Logon Optimization allows faster logon by letting the logon process continue, even while other tasks finish (such as applying Group Policy).

To resolve this error, you can revert the computer to a Windows 2000-style execution by performing the following steps:
1. Open Group Policy Editor (GPE) and locate the Group Policy that affects the client computers (e.g., the Domain Group Policy).
2. Navigate to Computer Configuration, Administrative Templates, System, Logon, then double-click "Always wait for the network at computer startup and logon."
3. Select Enabled, then click OK.
4. Close GPE.

Posted by tony at 07:45 AM | Comments (0)

February 19, 2004

Tunable iTunes RSS Feed

Saw this on one of the Office (? -- yeah, weird, I know) web sites. At this URL, Apple let's you create an RSS feed to see new releases, top tunes, etc of the genres you specify.

Posted by tony at 11:06 AM | Comments (0)

MS04-004 updates

Current issue of Woody's Windows Watch talks about the FUBAR stuff that MS04-004 has caused a number of people. MS04-004 is the one that removes the ability to include username and password in the URL field and has apparently broken a number of applications and sites. So, MS has released an update to the patch, MSKB 831167. The symptoms are described as follows:

Programs that use Wininet functions to post data (such as a user name or a password) to a Web server retry the POST request with a blank header if the Web server closes (or resets) the initial connection request.

Note A POST request has a blank header if its content length is set to 0 or is empty.

Sometimes, this behavior prevents another reset from occurring and permits authentication to complete. However, you may receive an HTTP 500 (Internal server error) Web page if the Web server must have the POST data included when Wininet retries the POST request.

For example, when you submit your user name and password to an SSL-secured Web site by using a form on a HTTPS Web page, Microsoft Internet Explorer may not resend this information to the Web server if the initial connection is closed (or reset).

Posted by tony at 08:39 AM | Comments (0)

February 13, 2004

Samurize : Superfine system monitoring

I like knowing what my system's doing. Bandwidth utilization, processor and page usage, that kinda stuff. I've been using CoolMon from ArsWare for a really long time ... like more than a year. But it's had a couple of bugs that bother me. Not significant problems, just little nuisance ones. Well, last week I came across Serious Samurize and, I've gotta tell ya ... WOO HOO! It has built-in access to quite a few counters but also gives you access to perfmon counters and WMI stats and plug-ins PLUS console-based programs and VB scripts. You can render things as graphs (line, pie chart, histogram, etc) and/or as text. Comes with a configuration editor that's very intuitive. It's donation-ware (free but they ask for a donation) and well worth whatever you wanna throw at 'em. I'm a convert.

Posted by tony at 08:40 AM | Comments (0)

February 10, 2004

ASN.1 and WINS vulerabilities

Today the BBC published one of the most worthless articles on a Windows XP vulnerability (here). Also on the "nearly worthless" list was this one from US-CERT (although it contained quite a bit more technical information). Far and away the best one, though, is this one from Secunia, at least IMHO. Secunia tells you that Kerberos and NTLMv2 authentication can trigger the vulnerability.

Very nearly as scary, at least if you're running a server, is this WINS vulnerability as reported by Secunia.

Update:

OK, I take it back. The US-CERT Technical Alert gives a good technical overview of the ASN.1 vulnerability, adding SSL and TLS to the list (NTLMv2 and Kerberos) that trigger it.

Posted by tony at 05:35 PM | Comments (0)

February 06, 2004

MS04-004 : Cumulative Security Update

MS04-004 is a cumulative security update (Microsoft KB832894) which addresses 3 issues:

* A cross-site scripting issue
* a drag-and-drop DHTML vulnerability and
* an incorrect parsing of URLs.

It also makes URLs of the form http://username:password@site/something-else invalid. Note that URLs of that form are acceptable according to the W3C and is a shorthand way of specifying an unencrypted username/password pair.

This bulletin replaces MS03-048.

Posted by tony at 09:05 PM | Comments (0)

February 05, 2004

Secure firewalls?

Imagine having a truly state-of-the-art firewall. One that's recognized as being one of the best around. How would you feel if you found out that it was susceptible to penetration? You should feel better about things. Know why? Cause nothing's truly secure. And knowing about the vulnerability is better than not knowing. What you should care about is how quickly your vendor responds to vulnerabilities.

OK, so, US-CERT's reported this vulnerability in Check Point's Firewall-1 NG with Application Intelligence which allows an attacker to penetrate by attacking in a particular way. The good news? Check Point's already got a fix.

Posted by tony at 07:53 PM | Comments (0)

February 04, 2004

More (better) detail on IE spoofing flaw

V7#3 of Woody's Windows Watch offers some very good insight into Secunia's Internet Explorer File Download Extension Spoofing advisory. None of the information in the Woody's Watch article is really new but it explains things in ways that helps one (me, in particular) understand the exposures a little better.

(If that link to the Woody's Watch article doesn't work yet, try this one and if it still doesn't work, try again in a few hours -- I just got the email newsletter and there's sometimes a lag before the newsletter makes it on to his website.)

The long and short of Woody's article: NEVER use "Open" when you're downloading a file, ALWAYS use "Save", even if you think you're an expert on these things. And if you're reading email and there's an attachment, even if it looks benign ("no, that's not an executable, it's a PDF"), it might not be -- check to make sure that the sender actually sent you the email and included the attachment. And, again, don't "Open" the attachment, "Save" it and make sure it's what you think it is.

Posted by tony at 02:34 PM | Comments (1)

February 03, 2004

Now why would you want one of those?

Take a look at this. A combination wireless spycam and AM/FM Clock Radio from TigerDirect.

Posted by tony at 07:25 PM | Comments (0)

2 concurrent sessions in Windows XP SP2

Supposedly, XP SP2 will give you the ability to have one user logged in locally and one user logged in remotely, over Remote Desktop. According to this FAQ from Windows and .NET Magazine:

1. Start a registry editor (e.g., regedit.exe).
2. Navigate to the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal
Server\Licensing Core registry subkey.
3. From the Edit menu, select New, DWORD Value.
4. Enter the name EnableConcurrentSessions, then press Enter.
5. Double-click the new value, then set it to 1.

I'll have to give it a try when I finally install a production version of SP2.

Posted by tony at 04:44 PM | Comments (0)

Windows XP Keyboard shortcuts

Did you know there's a keyboard shortcut to move focus between the items in the system tray? There is. -- Ctrl-Windows Logo Key-TAB will get you there and then you can use the Left and Right cursor keys to move between them, bringing up context menus or whatever you like.

Having been raised on keypunch machines, VT100s and 3270s, I've always fancied myself a keyboard kinda guy, priding myself on being able to just about anything with a keyboard on a contemporary Windows system. Well, I learned something from Microsoft KnowledgeBase article 126449, including that little gem I started with.

Posted by tony at 04:32 PM | Comments (0)

Wardriving maps/locators

Pete's Demo Wardriving Maps (SF Bay area)
WiFiMaps.com (maintenance until Feb 7, 2004)

Posted by tony at 04:25 PM | Comments (0)