Posts Tagged ‘WiFi’

Windows Mobile and Windows XP News

For all of you people out there with Windows Mobile smart phones, you could soon be making free phone calls from your Windows Mobile and Windows Mobile 6 smart phones using Fring, a VOIP service that’s a lot like Skype.

Fring allows users to make free VoIP phone calls and conduct multiple live chat sessions through Skype, Google Talk, MSN Messenger, and many other SIP service providers, according to the company.

Fringland says its mobile VoIP client enables “WiFi enabled but SIM-less” Windows Mobile PDAs to function as open VoIP phones, using either WiFi hot spots or 3G cellular data services for access to the Internet. It supports making low cost VoIP calls to PSTN/POTS landline phones using SkypeOut or similar services. “Presence” functions indicate a contact’s availability in real-time, allowing the user to select the best calling method based on factors such as the recipient’s availability, reception quality, and call cost, according to the company. Source: Free VoIP For Your Windows Mobile Smart phone

Download Fring here. In a related story, it appears Microsoft has been working on an application that will allow voice searches of your Windows Mobile device using Bluetooth and your mic. Check it out here.

From Techrepublic, you can download a Font properties extension that will give you loads more information on the fonts that are installed in your Windows XP system, both versions, home and professional.

After you download and install this extension, the number of tabs on each font’s properties dialog box will jump from two to 11, with each tab providing all kinds of information about the font. The information contained on these 11 tabs includes very detailed descriptions of each font, links to the font vendors and font designers, legal information, such as ownership, copyright, trademark, license, and embedding permissions, as well as technical information about the font. Source: Download an extension to learn more about Windows XP fonts

Check out the extension here from Microsoft, where you can download it from here or an older version for everyone still limping along on Windows 98 or 95.

Tired of the auto play box that pops up every time you insert your USB drive(s) into your computer? You can set Windows Explorer to be the default auto play action and it will open up every time you insert a USB drive, instead of that annoying box.

  1. Insert your flash drive into the USB port.
  2. When you see the AutoPlay dialog box, click Cancel.
  3. Open My Computer, right-click your flash drive icon, and select Properties.
  4. In the Properties dialog box, select the AutoPlay tab.
  5. Perform the following steps for each item in the Content Type drop-down list:
    - Select an item in the Content Type drop-down list.
    - Choose Select An Action To Perform in the Actions panel.
    - Select the Open Folder To View Files In Windows Explorer action.
    - Click the Apply button.
  6. Click OK to close the Properties dialog box

. Source: Permanently set Windows XP’s Windows Explorer as your flash drive’s default AutoPlay action

Be the first to comment - What do you think?  Posted by Jimmy Daniels - June 25, 2007 at 6:42 pm

Categories: Windows Mobile, Windows XP   Tags: , , , , , ,

Drive-by Pharming

Or, did you configure that router or just plug it in?

A new security problem with some of the most popular wireless routers, could cause much pain and heartache to users and their security on the internet. Researchers have discovered a new attack vector, they are calling it Drive-by Pharming, in which a malicious website could host some javascript that could change the DNS settings on wireless routers that are still using the default login password. This would allow them to re-direct any and all traffic coming through that router to a DNS server that they setup, making it possible for them to send all traffic coming through that router wherever they want. They could create fake banking sites to lure users into entering their banking info, which they could use to take money from your bank account. This is similar to phishing, but this attack would appear seamless as they are re-directed without their knowledge, whereas, when you get a phishing attempt, it is just an email trying to get you to click on a link which sends you to their fake site. This would catch everybody that they had a site set up for, banks, Paypal, stores, etc, and they would have no idea until the money started disappearing. Here is what the researches posted in December.

Inexpensive broadband routers are a popular way for people to create an internal, and sometimes wireless, network in their homes. By purchasing such a router and plugging it in, they can have a network set up in seconds. Unfortunately, by visiting a malicious web page, a person can inadvertently open up his router for attack; settings on the router can be changed, including the DNS servers used by the members of this small, quickly erected internal network. In this paper, we describe how a web site can attack home routers from the inside and mount sophisticated pharming attacks that may result in denial of service, malware infection, or identity theft among other things. Our attacks do not exploit any vulnerabilities in the user’s browser. Instead, all they require is that the browser run JavaScript and Java Applets. We also propose countermeasures to defeat this type of malware — new methods that must be used since the traditional technique of employing client-side security software to prevent malware, is not sufficient to stop our proposed attacks. Source: Technical Report TR641: Drive-By Pharming

This is available in PDF format, here. Symantec has a video on this page Drive-By Pharming: How Clicking on a Link Can Cost You Dearly, and some more info.

For background info, the DNS system, or domain name system, is what allows us to just type in www.bank.com in our browser to display that webpage. Each website has at least one ip address, sometimes more, sometimes shared, that we connect to, the DNS system is like a big phone book that our computer checks to find out where to go. When you type in www.bank.com, your computer checks several spots to see how to get to the website, the DNS servers have all of the domain names mapped to ip addresses, so when you type in www.bank.com it checks DNS and the DNS says go to this ip address. If a hacker changed your DNS server to one of theirs, then they can tell your computer where to go. So, when you typed in www.bank.com, it would tell it to check a different ip address, one that was hosting the hackers version of the website, where they could record all of your info as you type it in. Now they have your info and can do whatever you can do in your bank account because they have your userid and password. They only thing that could possibly give it away, is when it tries to log you in, you don’t actually login, they could setup some re-direct to the real bank, where you could login, but this could cause problems to, as your computer thinks www.bank.com is on a different ip address and would end up sending you back to the hackers site, causing even more confusion on your end. But, there are probably workarounds to that as well, such as depositing a hosts file on your computer, etc.

The easiest work around is to change the password on your wireless router, in most cases it is pretty simple and definitely worth the time to keep this from happening to you. Instead of detailing each individual router, here are some links to information on some of the different routers and how to change the default password.

D-Link When clicking this link, it will ask you where you are, US, Canada, etc, pick your country and then come back to this link and click it again and it will then take you straight to the page.

Linksys

Netgear

As you can see, it is pretty simple to change it, and to login to most routers, you would connect to http://192.168.0.1 I say most because I have seen a couple that used a different default ip address, the one that comes to mind is one of Microsoft’s. You can probably find the spot to change the password very easily, use the links above if you have trouble locating it.

I will try to post these malicious sites here as we, the security researchers and other security sites find them, and as always, lets be careful out there.

1 comment - What do you think?  Posted by Jimmy Daniels - February 16, 2007 at 5:17 pm

Categories: Security, Wireless   Tags: , , , ,