Security Alert: Port 32764

SECURITY ALERT! Make sure that your Internet router isn’t exposing port 32764. It has been revealed to be a major security hazard, potentially leaking your router admin data and wireless encryption key to hackers. Use the link below to check your port status. Make sure the result on the probe below is STEALTH or CLOSED. If the result of the port scan is OPEN, you should log in to your router administration and change your settings to block that port immediately.

I’ve heard about this security alert two weeks in a row on one of my favorite podcasts, Security Now with Steve Gibson. If you want to hear the details, this was discussed on the latest episode 438. The conversation about this security alert begins at precisely 52:10 in the show.

Check your port: bit.ly/port32764

Wi-Fi WPS Security Flaw Exposed

I listen to a terrific podcast by Steve Gibson and Leo Laporte about digital security called Security Now. A new security scare is making the rounds that everyone with a wireless router needs to address as soon as possible. Complete details about this flaw were outlined on Security Now episode 335.

A recently discovered flaw in the execution of WPS (Wi-Fi Protected Setup) makes it relatively easy for a nearby hacker to circumvent your wireless security settings and gain access to your network. The fact is, every router that bears a seal of certification from the Wi-Fi Alliance ships with WPS enabled by default! In essence, that means that every router that has been sold in the past several years is potentially vulnerable to attack.

I am not a security expert, so I am not going to delve into the dirty details of how a router with WPS enabled can be compromised. I simply want to get the word out to everyone. Fortunately, an attack on WPS must be made within the wireless signal range of your router, so attacks in this form cannot originate from long range across the Internet.

The bottom line is that everyone should immediately visit the settings page for your router and disable WPS!

You can do an online search for this security flaw to find out more information. At the time of this writing, a reasonably good article detailing the GPS security flaw can be read at TechLogon.

It is assumed that router manufacturers will eventually update the firmware of their products to correct this flaw in WPS. That said, WPS itself is a system designed to let a novice user create a secure wireless network with little knowledge or effort. Anyone who takes computing and networking seriously would never use WPS in the first place, so I recommend that all users disable the feature and leave it disabled permanently.

While I am on the topic of Wi-Fi security, I want to add that everyone should have their wireless home network secured using WPA2 encryption with a password key that is at least 12 characters in length. Obviously, you should never use the name of your wireless network (SSID) as your security password. Personally, I use a complex 16-character password, which I think is sufficient.

TrueCrypt File Encryption

I’ve often wondered how to go about encrypting a particular file or folder on my computer, but always figured the process to be so daunting as to not bother to ever try. A recent article on the subject in my PC World magazine has shed some light on the matter. I’m going to fill you in on my experience that I’ve gained thus far. Keep in mind that I am not attempting to encrypt the contents of an entire drive, and I am not encrypting data on removable storage devices. I can’t speak to those scenarios in any way at this time.

I reviewed three possibilities for my approach. First, I’m a Mac user and looked into the FileVault encryption that is built into OS X. That solution is very easy, but it wants to encrypt my whole account user folder. In that scenario, logging into the OS decrypts all of the data. I worry that may slow down my computer, and that isn’t what I was going for in the first place.

Second, I researched the popular PGP encryption solutions. Their products all appear to go above and beyond my needs. PGP adds email and instant message encryption to their desktop offering. I don’t need any of that, and PGP’s products are all pretty costly for my taste, ringing in at $99. I’ve heard good things about PGP overall, but I am not looking to spend that kind of money on my project.

Third, and my favorite solution, is a free open-source application called TrueCrypt. TrueCrypt is available for Windows, Mac, and Linux! It’s free and easy to use. You create an encrypted volume that is stored as a single file on your computer. That file can have any file extension you want, or none at all. You can hide it anywhere you like, and the program won’t memorize locations if you ask it not to. Opening the contents of your volume is achieved by mounting the volume, which allows you to use it with a drive letter of its own. Dismounting the volume encrypts all of the data again. I’ve had a wonderful experience using this program. One downside for me is that I wish the program was faster at dismounting my volume, though speed will most certainly vary depending on your system. On my Windows PC, dismounting was nearly instant.

TrueCrypt was definitely the way to go for my needs. The program can also encrypt an entire drive as well. It does exactly what I want it to, with ease. It’s fast, secure, and completely free!

WordPress Security Scan Plugin

Recently, after upgrading to WP 2.61, I installed a plugin called WP Security Scan. If you’re running a website with WordPress, it is certainly worth installing. I did, and was blown away at the lack of security that my blog was exposed to. This little plugin lets you know where you need to make alterations. I very highly recommend it to everyone using WordPress!

Do Not Use Ad-Aware 2008

Absolutely under no circumstances install or use Lavasoft Ad-Aware 2008. After some recent slowdowns on my Dell laptop with XP, I installed Ad-Aware 2008 to scan for spyware. I have used versions of this software in the past, and I can tell you that something is terribly wrong with this new product. After it was done scanning, I checked the process manager in Windows to find that Ad-Aware was sucking down over 700MB of memory. After terminating the program, another mysterious Ad-Aware system process would start—over and over again. I simply could not get rid of it. Every time that process started, it would start out consuming 128MB of RAM, and grow sharply every 2 to 3 seconds. I uninstalled this piece of crap and erased every last trace of it. It seems Ad-Aware is just as bad, or worse, than the rogue applications it is supposed to be eliminating.

Password Limitations Abound

This past weekend, I set out to create a strong, complex password for my favorite log-ins. I did so, and went about changing my passwords online. I soon ran across several sites that had a 10-character limit on passwords. In total, three to four sites on my list had this limit. Even worse, the website for managing my AT&T Wireless bill only allows an 8-character password.

Fortunately, most of the sites I visited have a 20-character limit. That is way more than I will use, but a good number to use as a ceiling. Limiting passwords these days to 8-10 digits is surprising to me.

ZoneAlarm

I made a post a while back that praised Comodo’s personal firewall program, in which I made negative comments about ZoneAlarm. It’s true that I have had my ups and downs with ZA, but I have been back to using it again for a while now. The free firewall that Comodo offered turned out to be very cumbersome and slow. I can’t exactly remember my grievances because I uninstalled it months ago. I want to say something kept crashing on me while I was using it. For a time after removing the program, I used only the basic inbound Windows Firewall, which in my opinion does a fine enough job. I later read that ZoneAlarm had released a new version 7 of its firewall, so I downloaded it to give it a try (free version). I have never tried a paid version, so I can’t comment on its offerings. My computing needs are met using the free product.

So far, I have really enjoyed version 7. The best thing so far the new version is that it doesn’t slow down my Windows boot time as much as previous versions seemed to. Setting up my home network traffic was made a little easier this time, too. Overall, ZA hasn’t been as much of a nuisance as it used to be. I don’t know how much of all this is attributed to new features and how much of is my part of my imagination.

After trying other free firewalls such as Kerio and Comodo, I realize that ZoneAlarm has a lot to offer. Kerio stopped offering a free personal firewall program, so I quit using that long ago. I thought Comodo would be cool after reading a good review in a PC publication. It turns out, I was less than thrilled. ZoneAlarm, on the other hand, has always kept on a steady course by continuing to improve a great product while still offering it to the world for free. I am quite pleased with their product this time around.

Wireless LAN Security

I have toyed a lot with my wireless LAN security settings and thought I’d throw my two cents into the ring about this topic. I am not as paranoid some other computer users, so bare that in mind. To me, the best overall Internet experience is done through a traditional CAT5 wire. I insist that my desktop PC be wired, but that is also to ensure a fast connection while file sharing across the network with my laptop. Wireless LAN is fast, but it is slowed down if the source and destination computers are both using wireless signals. Also, it is worth mentioning that if you have a wireless-G router and wireless-G card, then turn off the mixed signal mode (B+G), which is probably your router’s default. This will speed things up. I am using a Linksys WRT54G router, by the way.

When it comes to the security, you should certainly not run your network with security disabled. I once thought I’d maximize my throughput by turning off all security, not broadcasting my network ID, and turning on MAC address filtering. This probably isn’t a good idea. If someone wanted in, it would have been easy.

I have tried it all. I used WPA for a while, only later to realize how much it had slowed me down. Pages would fairly quickly fill up with photos and text. It wasn’t that bad. But instead, with WEP security enabled, pages popped up on my screen like changing channels on the TV. I know that WEP can be cracked in 15 minutes from what I have read, but in my opinion, this is the best of both worlds. I want speed! Today, I use WEP with a 64-bit key. I know that some security hounds are reeling. But this is what is best for my needs. It is probably a good idea to change your WEP security key once in a while. I tend to change mine every month or two.

I wonder who really cares about my network, anyway. At my house (where they are not that close together), I can see up to six wireless networks, half without any security enabled. Personally, I have no idea how to spoof a MAC address, find hidden networks, see another person’s data, or hack their security. Nor do I care. I have no need for that ridiculousness. I have my own high speed connection, thank you. Besides even if I was leeching, there are numerous open networks available practically everywhere. Who then cares about mine? Nobody. Why would someone go to so much trouble. If you use wireless networking at a business, that is a different story, and security is paramount. But for normal personal use, it is just fine. Perhaps I am a little paranoid because I do all of my online banking via my wired desktop, and never over the wireless connection.