Subtle Rantings

First let me say there is a TON of news that has come out over the weekend, so I think I’ve got my content for the week in just one day. This is unfortunate, as I’m sure there will be more good content coming out this week as well. You say I should just post more often right? Ha! I wish! Anyway, on to today’s posting.

No longer will you need WEP or WPA encryption schemes for your wireless networks. There is a new paint that you can paint on your walls and it will keep all wireless signals from “leaking” out to the real world. However, I hope no one will need to use a cell phone or cordless phone for that matter in this “secure” room as I’m betting most all signals at 2.4Ghz range and maybe even 5.8Ghz range will be blocked.

I see one huge problem with this that is going to be great business for pen-testers once and if this product ever gains widespread popularity.  I think it’s possible people could start using this new paint product and give them a false sense of security whereby they begin to believe they no longer need wireless encryption protection. I was joking earlier when I said WEP and WPA are no longer needed, but unfortunately, some people will believe they no longer need it. Like I said, this will be great for criminals and pen-testers alike.

The correct stance to take on this product is to regard it as an additional layer of security for wireless networks. Continue the use of normal wireless security measures as well. I personally would definitely use this product if I didn’t need to have cell phone coverage in my office. Heh, and I just thought about a great practical joke. Paint someone’s room with this stuff. Then paint over it and they’ll never know why their cell signal isn’t getting out of that room anymore. Which brings up a very good question: How do you take this stuff off if you don’t want to be “secure” anymore? Guess I need to do some more reading on the product. Anyway, check it out if you’re interested: EM-SEC Technologies

Popularity: 17% [?]

This is totally awesome. One number for life! A friend of mine sent me this article today from the NY Times. Do you have too many phone numbers? Do your phone numbers change frequently for whatever reason? Then this service may be for you. GrandCentral is offering a one number for life service. They assign you a “virtual” phone number that is good forever! Then you configure what phones you want to ring when someone dials your “virtual” number.

Only one phone number to give out at parties. Centralized voicemail for ALL lines (cell, home, work, doesn’t matter). Record phone calls. LOTS more features. I’m not getting a referral or anything for this but you guys need to check this out.

Popularity: 10% [?]

So now, not only do OneCare users have to battle the normal malware/spyware problems, they have to worry if OneCare is going to eat their email. Read the story here: Over-Zealous OneCare Eats Some Outlook E-mail

So not only did it delete this person’s entire .PST file, it REALLY deleted it. I’m talking, no Recycle Bin deleted. Ahhh, Microsoft, how do I love thee? Let me count the ways. Seriously, please continue to screw up and put out totally shoddy products so that my switch to a Mac will be so much easier.

Popularity: 8% [?]

Does anyone remember that wonderful “feature” of Microsoft Windows 3.x days called Microsoft Anti-Virus? Wow, if that wasn’t a horrible and completely worthless anti-virus package, I don’t know what is. Actually, wait, I can think of another worthless AV package. It’s called Microsoft OneCare and it’s the new antivirus, spyware prevention, and firewall all-in-one software that comes by default with as an option for Windows Vista. It was actually released in beta format for Windows XP in 2005 I think, but I could be wrong.

Where do I get the opinion that this new software addition to the Windows family will be worthless? Barring my own personal bias, from a number of other sites that have tested this product, one of which is The AV Comparatives Website. They recently performed a review of 17 antivirus software programs and recently released their report. Their findings showed Microsoft OneCare coming in at a pathetic last place showing with a detection rate of only 82.4% of the malware. You can see the news article discussing the findings here: Microsoft OneCare Last in Antivirus Tests

I am personally so close to switching to a Mac, if I could only afford the price tag of converting. I love Windows XP, don’t get me wrong. I am terrified though of Vista and what it will do to not only my machine, but the unsuspecting home users that are going to be assimilated to this new bloatware. So, when the time comes that Vista is a requirement, you just might see me with a brand new, shiny MacBook.

And I promise not to complain about the price tag too much.

Popularity: 7% [?]

Here is another reason why I never give out my SSN if I can absolutely help it: Stolen Computer Holds Government Data on 1.4M Coloradans

The government is notorious for asking for Social Security Numbers. Some applications make a little sense while others make no sense at all. Of course, the privacte sector isn’t any better. The only difference is, at least I have better odds of suing a commercial company than I do trying to go after “the Man”. If more people would actually give a rip about privacy and identity theft and start bucking the system when everyone and their mother asks for a SSN, then things might actually change. Instead, people just accept the idea that there is nothing they can do about it, so they just buy Identify Theft insurance along with Home and Auto now.

Read the rest of this entry »

Popularity: 16% [?]

Here’s a link a coworker sent to me that confirms once more the reasons why I have taken the stance I have on RFID credit cards: Hacking contactless credit cards made easy

Popularity: 14% [?]

Actually, I don’t. I don’t hate to say I told you so. As un-Christ like as that is, I love being right. Who doesn’t? I love proving people wrong and I love proving I’m right. I’m a prideful person. There, I admit it. I know, I know, where’s the grace? Where’s the humility? Don’t I know “pride cometh before the fall?” These are all valid questions and all very accurate. It is completely wrong of me to have to have this need to always be right and it is completely wrong of me to harbor the pride that I do. But hey, sanctification is a life long process and God is working on me everyday to make me into the man He would have me to be. And before people start assuming that I’m this extremely arrogant, snooty, jerk of a person, because I’m not, let me tell you this need to be right only applies to certain subjects or even certain said statements. Either way, I’m eternally grateful He has made numerous changes in my life and saved me from who I am and I look forward to the changes He is going to be making in me over the many years to come. Moving on…

One of the subjects I am most passionate about is privacy and how we as citizens of the US and of the world can protect those rights. The whole use of the SSN by the US and every company in the country is a whole separate topic which I’ll post about soon. Today’s subtle rant is about RFID and more specifically contactless credit cards. The I told you so part is my consistent stance that RFID is inherently insecure and should NEVER be used for any identity application or any type of authentication/authorization mechanism.

Earlier this week I read this posting and was consumed by a number of emotions. First and foremost, it’s amazing to me that people are not fighting this movement of RFID credit cards more, if at all. I attribute this to two reasons. 1) Ignorance – people just don’t know and/or don’t understand the security risks. 2) Laziness – people are ultimately so lazy that they will trade personal privacy for convenience. Part of the assurance to these people is the promise by Visa, MasterCard, Chase, etc. that if a person’s card is indeed “cloned” or misused, the consumer is not liable for any charges.

While this is all a very grand and noble idea, the risks are just far to great. This is why there are the hundreds of credit monitoring services out there now. That’s why there is Identity Theft insurance (which my wife and I have). By enabling this convenience (again due to our laziness), we have enabled the proliferation of identity theft, while at the same time lining the pockets of creditors who will so graciously monitor our credit history and tell us if there is a problem for just $99 a year. Without going into more technical detail of the additional risks involved and boring the majority of you (if I haven’t done that already), I will conclude with one last thought. Privacy is far too great of a liberty and luxury for us to give it up so easily. I urge each of you to consider this the next time you choose a credit card company or your current creditor tries to send you a new “more modern” credit card. This way, you won’t become one of “those” people that do get a contactless credit card and end up getting their identity’s stolen. And, you won’t have to hear me say I told you so…

Popularity: 14% [?]