Unfortunately, the manner in which WPS was implemented is not secure at all. Without getting too technical, the problem lies with how the 8 digit PIN is verified by router. Instead of checking the entire 8 digits, it checks the first four, then the next four. Well, you have a 1 in 10,000 chance of guessing the first four digits, which in a brute force attack doesn’t take an unreasonable amount of time.

In fact, using the open source tool, REAVER (http://code.google.com/p/reaver-wps/), you can EASILY crack the WPA password of your (or your neighbor’s) router very easily. I”m sure that Windows and Mac tools to perform this attack will be released soon.

The kicker is that in order tobe certified, WPS has to be enabled BY DEFAULT by the manufacturer, even if you’re not using it or aware that it exists.

You should go into your WIFI router’s configuration pages and disable WPS as soon as you can. It is highly insecure, and you run the risk of strangers eavesdropping on your network traffic if you don’t. Certainly, if you’re in a corporate environment you need to do this ASAP. For the average home user, you’ll need to weigh the risk, but if it was me, I’d disable it right now.

is:unread

Now, only the unread messages will show up. Simply click the select all box at the top and choose mark as read, and BAM, they’re all read. If you’re like me, you may have multiple pages of these to go through. After you clear one page, the next should show up automagically.

Click here for more

Accepting an untrusted Exchange server certificate results in storing an exception on a per-hostname basis. On the next visit to an Exchange server contained in the exception list, its certificate is accepted with no prompt and validation. This may lead to the disclosure of credentials or application data. This update addresses the issue through improved handling of untrusted certificate exceptions.

and this interesting one:

A logic issue in the handling of ICMP echo request packets may cause an assertion to be triggered. By sending a maliciously crafted ICMP echo request packet, a remote attacker may be able to cause an unexpected device reset.

So, in case you’re waiting for some reason to update, go ahead and take the plunge and do it. Its my belief, that as users become more mobile and start keeping more of their private information on these devices, the attempts at hacking mobile devices will become more common.

Here’s a link to more info straight from Apple regarding these fixes:

http://support.apple.com/kb/HT3639

Let’s be safe out there…

In theory, you should be able to simply set up Internet Sharing on your Windows Mobile device with Bluetooth PAN. Then on your Mac, simply create a BlueTooth PAN connection. The problem with this is that you run the risk of eating up your mobile device’s battery much quicker as its using its 3G connection and its bluetooth connection simultaneouslly. Even though it should work, I never could get it going, anyways. Ideally, we want to plug the phone in via USB, so that it is charging while sharing its connection. OSX won’t support the standard ActiveSync USB Internet Sharing method, so you’ll need to do a little work to get it going.

First download these files

Unzip and Copy all three files to /Library/Modem Scripts

Back on your Windows Mobile device, in the USB connection settings, change USB to mode to MODEM instead of ActiveSync. You may get a warning here that ActiveSync won’t work when Modem is selected. Remember to change it back later when you are ready to sync up again with a Windows computer. Once you’ve selected modem, plug your device into your Mac via USB.

Now, go to your Network Preferences menu.

On the left side, you should see your list of Network Interfaces. Click the little “+” sign to add an interface. Click Interface drop down menu, and you should see a choice for “Samsung CDMA Technologies”. Go ahead and choose it, and click CREATE. it should populate itself on the left-hand pane now.

Highlight the new Samsung Entry, and on the right side make the following entries:

Configuration: Default

Telephone Number: wap.cingular

Account Name: WAP@CINGULARGPRS.COM

Password: CINGULAR1

Now click Advanced…

On the Modem Tab, make sure Vendor is Samsung and Model is GPRS (GSM/3G)

On the PPP tab:

For Session, Uncheck “Redial if Busy”

Next to Settings, choose CONFIGURATION and select “Send PPP echo packets” and uncheck: Use TCP header compression.

Apply all these changes and lock the Network Preferences, and you’re ready to test.

Its a good idea when testing to disable your Wi-Fi so you can be sure you’re genuinely using your mobile devices WAN.

Now, highlight the Samsung modem, and on the right side, click CONNECT. If all goes correct, you should see a little meter with your connection strength, and you should now be able to surf the web. Go for it!

First, shut down the virtual guest with the full hard drive. Once it’s shut down, commit any snapshots to disk by deleting all snapshots in the snapshot manager.

Connect to your ESX server host via console or ssh, and navigate to the directory where the .vmdk files reside for this guest. Decide on a size that you want to increase your hard drive to. Make sure to leave room for future services packs and patches, etc.,

type this:

vmkfstools t -X 50g myvmguest.vmdk

Replace myvmguest with the appropriate vmdk file name and replace 50g with the appropriate size for your environment.

It should only take a second or two, as all its doing is making a change to the file’s header so it thinks its now larger than it was.

Now, go grab a copy of GPARTED here. Download the ISO. In the CD-ROM Settings for your Virtual Guest, point it to the ISO you just downloaded. You may need to SCP this file to the server. Make sure its set to CONNECTED and CONNECT AT STARTUP.

Now power on the virtual guest, but quickly get keyboard control and hit ESC to choose another boot device. Choose CD and the GPARTED live CD should fire up.

Answer the keyboard questions when they come up. After a minute or so, GPARTED should load up and discover your hard drives automatically.

You should see a visual representation of your boot drive now, with a bunch of free space at the endthe partition. Right-click on the partition and choose Resize/Move. Drag the slider to increase the partition to the new size. Click Resize. Click Apply at the top. Depending on the size of your partition, this may take a while. Check the progress, and when its done, quit, reboot back into Windows.

Your boot drive should now be larger.  No charge.

From F-Secure:

# On April 8th a new update was made available to Conficker.C infected machines via the P2P network
# The new file, which we call Conficker.E, is executed and co-exists alongside the old infection
# It re-introduces spreading via the MS08-067 vulnerability. Spreading functionality was removed in Conficker.C and the gang behind this maybe realized they made a mistake and added it again.
# There’s a possible connection to Waledac, a spambot. Some Conficker.C infected computers connected to a well known Waledac domain and downloaded Waledac from there.
# There’s also a connection to rogue anti-virus products as we’ve seen it end up on Conficker.C infected machines. The rogue product was Spyware Guard 2008.
# Conficker.E deletes itself if the date is May 3, 2009 or later.

There are several ways for you to enjoy the Pandora service while away from your computer’s web browser. Here are a few:

1) IPhone application- You can get more info here. Basically, its just like the website. All the major functions available on the web are right there in the application – creating playlists, approving songs, getting info, etc., It’s FREE, of course.

2) Windows Mobile Application – great for your Tilt, BlackJack II, or Fuze.  This WinMo app let’s you listen to your stations, create new ones, view album art, etc., More info here

3) Boxee – Popular media center software Boxee now has a native application available for free download.  Great cover art, station creation, song approval, and slick graphics.

4) Chumby – Raise your hand if you’ve got a Chumby. No, me neither. If you’re one of the two people who has one, you’re in luck, because Chumby officially supports Pandora.  There’s more info on their website

5) Sprint Instinct – Digital Lounge now has Pandora available. Just log in to your Digital Lounge and search for Pandora. Get ready to pay $3 per month, however. ouch.

There are a few other devices out there that will play friendly with Pandora. If you’ve tried them, let us know…

In theory, you should be able to simply set up Internet Sharing on your Windows Mobile device with Bluetooth PAN. Then on your Mac, simply create a BlueTooth PAN connection. The problem with this is that you run the risk of eating up your mobile device’s battery much quicker as its using its 3G connection and its bluetooth connection simultaneouslly. Even though it should work, I never could get it going, anyways. Ideally, we want to plug the phone in via USB, so that it is charging while sharing its connection. OSX won’t support the standard ActiveSync USB Internet Sharing method, so you’ll need to do a little work to get it going.

First download these files

Unzip and Copy all three files to /Library/Modem Scripts

Back on your Windows Mobile device, in the USB connection settings, change USB to mode to MODEM instead of ActiveSync. You may get a warning here that ActiveSync won’t work when Modem is selected.  Remember to change it back later when you are ready to sync up again with a Windows computer. Once you’ve selected modem, plug your device into your Mac via USB.

Now, go to your Network Preferences menu.

On the left side, you should see your list of Network Interfaces.  Click the little “+” sign to add an interface. Click Interface drop down menu, and you should see a choice for “Samsung CDMA Technologies”. Go ahead and choose it, and click CREATE. it should populate itself on the left-hand pane now.

Highlight the new Samsung Entry, and on the right side make the following entries:

Configuration: Default

Telephone Number: wap.cingular

Account Name: WAP@CINGULARGPRS.COM

Password: CINGULAR1

Now click Advanced…

On the Modem Tab, make sure Vendor is Samsung and Model is GPRS (GSM/3G)

On the PPP tab:

For Session, Uncheck “Redial if Busy”

Next to Settings, choose CONFIGURATION and select “Send PPP echo packets” and uncheck: Use TCP header compression.

Apply all these changes and lock the Network Preferences, and you’re ready to test.

Its a good idea when testing to disable your Wi-Fi so you can be sure you’re genuinely using your mobile devices WAN.

Now, highlight the Samsung modem, and on the right side, click CONNECT. If all goes correct, you should see a little meter with your connection strength, and you should now be able to surf the web. Go for it!