Security
I just had to document this: I’m at the Arcadia Public Library, and I’m connected to my home computer via Hamachi/Windows XP Remote Desktop perfectly. I came only to test it out, and to see how the speeds are. I basically feel like I’m at home, despite the chatter around me at the other tables. So much for a library being quiet, huh? Anyways, I’m stoked!
Hamachi looks like a promising tool to setup a VPN connection from my laptop on some WiFi connection to my desktop computer. After listening to the Security Now podcasts episode 18, I’m trying out Hamachi.
I initially started with 0.9.9.9. Like Steve said, it really does look slick. What’s funny is that within a minute after installing it on my desktop, 28 people must’ve installed Hamachi before I was able to get it running on my laptop. Popular? Sure looks like it!
My goal is to be able to connect to my home computer via Remote Desktop Connection. Well, the stable version wasn’t working for me. I tried connecting, but my desktop would freeze up and nothing would display on my laptop. So, I jumped into the 1.0 beta version, and finally was able to use RD [thru Hamachi] from my laptop to my desktop. Sweet!
Quoting from the transcript of Security Now! Episode #18:
So, for example, many people have written saying, hey, I love using Remote Desktop, but I’m concerned about its security. What should I do? Well, they should be concerned about its security because Remote Desktop does not have strong authentication. So it is subject to man-in-the-middle attacks, and it can be compromised. In fact, the current version of the Cain & Abel Cain tool has the latest support for the current RDP protocol, which allows - and, I mean, it actually builds a file, when you’re running Cain, of everything you do over your Remote Desktop session. So here Hamachi solves the problem of wanting one computer to connect to and control another. [..] So you’re able now to securely and safely use Remote Desktop through this Hamachi link with absolutely no concern that it can be eavesdropped upon.
It is a virtual private network, peer-to-peer secure tunneling system that, I mean, I can’t find a single fault in it. I mean, I’m using it. I’m in love with this thing.
What’ll I be using this for? Anytime I’m on a WiFi connection. I can hit up the public library, or use the connection from my friends’ house, without worrying about people eavesdropping on me.
On a sidenote, there is a forum thread on how to setup full internet access over Hamachi. It’s experimental right now, so I’ll just put up with RD. I’m not complaining!
I don’t know how often checks are being used, but this is a good read to help protect yourself from the practice of check washing. If anything, I think I’ll get a gel-based pen just for writing checks, as described throughout the article and conclusion. (Golf clap: Digg)
I was sifting thru some unread email newsletters, and came across WinPatrol (via Steve Bass). Looks pretty cool, and I think should compliment the other major anti-spyware utilities (e.g. Spybot S&D, Ad-Aware SE Personal, MS AntiSpyware).
UberGeek (his post permalink is broken) posted that NOD32 is the best, linking to the PDF media release from Eset. The document says it’s the 34th consecutive Virus Bulletin 100% award. By definition, consecutive means:
Following one after another without interruption; successive
Looking at the test history for Eset (NOD32), there is 34 successes - just not consecutively. To me, that’s misleading. I’m not amused, simply because it’s pushing them even farther up there, when they don’t deserve it.
Nevertheless, it is definitely impressive, but if someone can explain why the PDF media release is worded that way, I’ll retract my previous statement.
Have you heard of Spamgourmet? Pretty nifty! You can have a bunch of “disposable email addresses” without compromising your main one(s) to companies you’re not completely sure are trustworthy. Then, if you find out that the company didn’t give your email address away to 3rd parties (or hasn’t spammed you), you can always change your email address (if you had to create an account of some sort).
I listened to the Security Now! podcast (Episode #11) over my lunch break. Basically, Steve and Leo are telling us that WEP will barely protect us. What!?! I’m using WEP at home!
My mind was racing. Thoughts of buying a new wireless router entered in. Fortunately, I came back to earth and found that if I update the firmware on my D-Link DI-614+ above v3.28, and get the WPA drivers for my Linksys WPC11 v3, I should have WPA security.
This is definitely a notes-to-self, plus a heads up to you if you’ve got a wireless router wide open. I’ve got two friends I think I’ll need to go make sure their wireless router is secure. Security Now! (Anybody reminiscing of a certain Seinfeld episode?)
I came across this InformationWeek article “Symantec: Zotob May Be Modified To Attack Windows XP” today. Basically, Symantec recommends you apply this patch. It only takes 2 minutes (on a Windows XP machine). Better safe than sorry! Ooh, since the patch has to do with Plug and Play, maybe you should just disable it with Steve Gibson’s UnPlug n’ Pray! Now that just takes seconds.
Is The Names Database bad? My friend keeps sending me the E-vite, but I’m not sure if I should add myself in there.
Copyright © 2004-2009 All Narfed Up. Powered by WordPress using the DePo Skinny Theme. #