(847) 201-6416

Category: Security

Surfing safely on public wi-fi

Free wi-fi is becoming ubiquitous at restaurants and coffee shops (Starbucks and Panera Bread are two that come to mind). It’s convenient, but it’s not secure.

Once again, hackers have found a way to ruin the fun for the rest of us. By using nothing more than a laptop or handheld PDA with wireless capability, a malicious individual can establish a spoofed access point that looks identical to the one hosted by the store. If you innocently connect to it, the hacker can capture all of the data you send and receive from your laptop, including passwords.

Worse yet, a hacker can use a public access point to launch exploits — code that attacks known security vulnerabilities in both the wi-fi network hardware and your laptop.

Chances are that the fellow jerking lattes at Starbucks is not a network security expert. Therefore, you need to take basic steps to protect yourself and your equipment.

A pcmag.com article by Jamie Lendino lists four things you can do to protect yourself on public wireless networks, which I will summarize as follows:

1. Keep your shields up. Make sure you have security tools installed on your portable device. Antivirus software is a must, as well as a firewall. The built-in firewall provided with Windows XP is sufficient for most purposes, but if you use a wi-fi network frequently, consider a two-way firewall such as ZoneAlarm. A full suite such as Norton Internet Security will cover all the bases, but it tends to be a resource hog, especially on older laptops.

2. Stay up to date. Make sure you have installed all the latest updates for both your security software and Windows.

3. Don’t share. Make sure Windows file and print sharing are disabled when you are out in public. It’s a convenience when you’re in the office or at home, but an unnecessary exposure when you’re not.

4. Watch where you’re going. Before entering any personal info on a secure site, make sure it’s secure. Look for https:// in the address bar, as well as the padlock icon on your browser. Better yet, maybe you should think twice before conducting any major financial transactions on a public network.

I don’t want to scare you off using public wi-fi. It can come in very handy sometimes. These four tips are important for any PC use, public or private. But on a public network, they are vital.

.ANI patch can break audio applications

Reports are coming in that some users are experiencing a problem with the Windows .ani vulnerability patch I informed you about previously.

The patch is reported to break certain audio applications, specifically the Realtek HD Audio Control Panel, and CDtag, which is used for ripping music CDs.

If you are affected, you will see an “Illegal System DLL Relocation” error when you start your computer. Microsoft has issued a hotfix for the problem, which you can find here.

Microsoft regards this as an isolated incident and does not plan to issue the hotfix as part of its automatic updates.

The hotfix should be installed only if you are experiencing the problem described.

Patch available for animated cursor exploit

Microsoft today issued a security patch for a recently discovered vulnerability that can affect users of Internet Explorer 6 or 7 and Outlook 2002 (also called Outlook XP) on Windows XP.

By embedding a hacked animated cursor (.ani) file in an HTML e-mail message or Web page, a malicious individual can potentially take control of your PC. All you have to do is view the infected e-mail message or Web site. This security advisory from Microsoft has all the details.

This is not a widespread problem, but Microsoft considers the exploit potential to be serious enough that it issued a patch outside of its normal security update cycle.

Make sure you have this patch installed. Even if you have automatic updates enabled, there can be a delay before the patch is downloaded. I suggest you run Windows Update (or Microsoft Update, if installed) from your Start menu at your earliest convenience. Select the “Express” option to install critical updates. You will have to reboot your system after the patch is installed.

While we’re on the subject, there’s also a nasty virus being distributed via e-mail messages with a subject line of “Internet Explorer 7 Downloads.” Details are here. As always, common sense applies. If you don’t recognize the sender, don’t open the message.