IT-DISCUSS Archives

January 2006

IT-DISCUSS@LIST.UVM.EDU

Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
From:
Stefanie Ploof <[log in to unmask]>
Reply To:
Technology Discussion at UVM <[log in to unmask]>
Date:
Fri, 20 Jan 2006 10:57:30 -0500
Content-Type:
TEXT/PLAIN
Parts/Attachments:
TEXT/PLAIN (60 lines)
Phil and Greg -- good morning to you, too. :)  That is why I chose
IT-DISCUSS, where techs can read the info and decide to discuss it or not,
but it's not broadcast-worthy.  It's information for anyone who wants it.


On Fri, 20 Jan 2006, Philip Plourde wrote:

> So this threat is about as dangerous as being connection to a network
> with other computers while having file sharing turned on.
>
> I love this line in particular:
> "This would allow the two machines to associate together, potentially
> giving the attacker access to files on the victim's PC."
>
> Associate together?  Is that like having tea?
>
> This feature, that I believe was deactivated with SP2, is one of the
> first questions we get from people with a new notebook.  They take the
> machine home and find that it won't talk to their home wireless
> gateway/router.  You either have to create a wireless profile for your
> home system and allow it to connect, or you throw the switch back to
> auto connect to any available network.  If you offer the security
> prudent solution and create the profile, your third support call will be
> a few months later with them in their hotel room at some conference and
> their machine will again not connect to the latest wireless network they
> encounter.
>
> The bottom line is still the same:  If you are not accessing your files
> remotely, leave file sharing blocked by the firewall.  Regardless of
> whether you access files remotely, have good passwords on all accounts
> on the machine, especially Administrator, which should be renamed anyway.
>
> The vector of attack here is the mere ability to pass IP traffic to your
> machine.  If that worries you, I'd consider one word very carefully:
> CatsPAWS
>
> Phil.
>
>
> Stefanie Ploof wrote:
> > Microsoft has acknowledged a wi-fi security flaw in their operating
> > system, but will not offer a patch until 2007 when Windows XP SP3 is
> > released:
> >
> > http://newsletters.zdnetuk.cneteu.net/t/103590/1882716/78546/0/
> > http://news.zdnet.co.uk/internet/security/0,39020375,39247302,00.htm
> > http://news.zdnet.co.uk/software/windows/0,39020396,39247733,00.htm
> >
> > If you follow the chain of ZDNets you'll see that Vista is taking
> > priority over XP SP3, hence the delay.
> >
> >
> > ----
> > Stefanie Ploof
> > CIT Client Services
> > CALS Information Technology Office
> > University of Vermont, Burlington
> >
>

ATOM RSS1 RSS2