Understanding WEP Weaknesses

Security researchers have discovered security problems that let malicious users compromise the security of WLANs (wireless local area network) that use WEP (Wired Equivalent Privacy) — these, for instance:

• Passive attacks to decrypt traffic: These are based on statistical analysis.

• Active attacks to inject new traffic from unauthorized mobile stations: These are based on known plaintext.

• Active attacks to decrypt traffic: These are based on tricking the access point.

• Dictionary-building attacks: These are possible after analyzing enough traffic on a busy network.

The biggest problem with WEP is when the installer doesn't enable it in the first place. Even bad security is generally better than no security.

When people do use WEP, they forget to change their keys periodically. Having many clients in a wireless network — potentially sharing the identical key for long periods of time — is a well-known security vulnerability. If you keep your key long enough, someone can grab all the frames he needs to crack it.
Can't blame most access-point administrators for not changing keys — after all, the WEP protocol doesn't offer any key management provisions. But the situation is dangerous: When someone in your organization loses a laptop for any reason, the key could become compromised — along with all the other computers sharing the key. So it's worth repeating . . .

Shared keys can compromise a wireless network. As the number of people sharing the key grows, so does the security risk. A fundamental tenet of cryptography is that the security of a system is largely dependent on the secrecy of the keys. Expose the keys and you expose the text. Share the key, and a cracker only has to crack it once. Moreover, when every station uses the same key, an eavesdropper has ready access to a large amount of traffic for analytic attacks.

As if key management problems weren't enough, you have other problems with the WEP algorithm. Check out these bugbears in the WEP initialization vector:

• The IV is too small and in cleartext. It's a 24-bit field sent in the cleartext portion of a message. This 24-bit string, used to initialize the key stream generated by the RC4 algorithm, is a relatively small field when used for cryptographic purposes.

• The IV is static. Reuse of the same IV produces identical key streams for the protection of data, and because the IV is short, it guarantees that those streams will repeat after a relatively short time (between 5 and 7 hours) on a busy network.

• The IV makes the key stream vulnerable. The 802.11 standard does not specify how the IVs are set or changed, and individual wireless adapters from the same vendor may all generate the same IV sequences, or some wireless adapters may possibly use a constant IV. As a result, hackers can record network traffic, determine the key stream, and use it to decrypt the ciphertext.

• The IV is a part of the RC4 encryption key. The fact that an eavesdropper knows 24-bits of every packet key, combined with a weakness in the RC4 key schedule, leads to a successful analytic attack that recovers the key after intercepting and analyzing only a relatively small amount of traffic. Such an attack is so nearly a no-brainer that it's publicly available as an attack script and as open-source code.

• WEP provides no cryptographic integrity protection. However, the 802.11 MAC protocol uses a non-cryptographic Cyclic Redundancy Check (CRC) to check the integrity of packets, and acknowledges packets that have the correct checksum. The combination of non-cryptographic checksums with stream ciphers is dangerous — and often introduces vulnerabilities. The classic case? You guessed it: WEP.

There is an active attack that permits the attacker to decrypt any packet by systematically modifying the packet, and CRC sending it to the AP and noting whether the packet is acknowledged. These kinds of attacks are often subtle, and it is now considered risky to design encryption protocols that do not include cryptographic integrity protection, because of the possibility of interactions with other protocol levels that can give away information about ciphertext.

Only one of the problems listed above depends on a weakness in the cryptographic algorithm. Therefore substituting a stronger stream cipher will not help. For example, the vulnerability of the key stream is a consequence of a weakness in the implementation of the RC4 stream cipher — and that's exposed by a poorly designed protocol.
One flaw in the implementation of the RC4 cipher in WEP is the fact that the 802.11 protocol does not specify how to generate IVs. Remember that IVs are the 24-bit values that are pre-pended to the secret key and used in the RC4 cipher. The IV is transmitted in plaintext. The reason we have IVs is to ensure that the value used as a seed for the RC4 PRNG is always different.

RC4 is quite clear in its requirement that you should never, ever reuse a secret key. The problem with WEP is that there is no guidance on how to implement IVs.

Microsoft uses the RC4 stream cipher in Word and Excel — and makes the mistake of using the same keystream to encrypt two different documents. So you can break Word and Excel encryption by XORing the two ciphertext streams together to get the keystream to dropsout. Using the key stream, you can easily recover the two plaintexts by using letter-frequency analysis and other basic techniques. You'd think Microsoft would learn. But they made the same mistake in 1999 with the Windows NT Syskey.

The key, whether it's 64 or 128 bits, is a combination of a shared secret and the IV. The IV is a 24-bit binary number. Do we choose IV values randomly? Do we start at 0 and increment by 1? Or do we start at 16,777,215 and decrement by 1? Most implementations of WEP initialize hardware using an IV of 0; and increment by 1 for each packet sent. Because every packet requires a unique seed for RC4, you can see that at higher volumes, the entire 24-bit space can be used up in a matter of hours. Therefore we are forced to repeat IVs — and to violate RC4's cardinal rule against ever repeating keys. Ask Microsoft what happens when you do. Statistical analysis shows that all possible IVs (224) are exhausted in about 5 hours. Then the IV re-initializes, starting at 0, every 5 hours.
 dummies.com

Installing and Configuring DNS

The Active Directory Installation wizard offers to install DNS if the wizard does not detect a proper DNS zone configuration during the installation of Active Directory. However, you should not rely on the wizard for these tasks. Many bug reports have been submitted regarding installation bases that relied on the wizard. Also keep in mind that the Active Directory Installation wizard does not install a reverse lookup zone.

The Windows 2000 DNS service can coexist with or migrate other DNS services, including the popular Berkeley Internet Name Domain (BIND) DNS service. One great place to find BIND information is the Internet Software Consortium Web site. To migrate from BIND, you must transfer the BIND zone and boot files to the Microsoft DNS service.
Windows 2000 DNS can also upgrade or coexist with Windows NT 4.0 DNS servers.
For the exam, you should know how to configure DNS for Active Directory. Here is the procedure.

1. Click Start --> Settings --> Control Panel.

2. Double-click Add/Remove Programs and then click Add/Remove Windows Components.

3. In Components, select Networking Services and then click Details.

4. In Subcomponents of Networking Services, select the Domain Name System (DNS) check box, click OK, and then click Next.

5. In Copy Files From, type the full path to the Windows 2000 distribution files and then click OK.

To host Active Directory, you must properly configure DNS with a zone for the Active Directory namespace. You should create both zone types for a proper DNS implementation for your Active Directory namespace — that is, a forward lookup zone and a reverse lookup zone. Read on to discover how.

Creating a forward lookup zone

To create a forward lookup zone:

1. Click Start --> Programs --> Administrative Tools --> DNS.

Windows 2000 launches the DNS Microsoft Management Console, from which you can perform your DNS administration.

2. Expand the DNS server.

3. Right-click the Forward Lookup Zone folder and choose New Zone.

4. Click Next to continue when the New Zone wizard appears.

The wizard takes the pain out of DNS administration.

5. Ensure that Standard Primary is selected and click Next.

6. Ensure that Forward Lookup Zone is selected and click Next.

7. At the New Zone page, type the name of your zone (for example, fordummies.com) and click Next.

8. Select Create a New File With This File Name and click Next.

9. Click Finish.

Creating a reverse lookup zone

To create a reverse lookup zone:

1. Click Start --> Programs --> Administrative Tools --> DNS.

2. Expand the DNS server.

3. Right-click your server and choose New Zone.

4. Click Next to continue when the New Zone wizard appears.

5. Ensure that Standard Primary is selected and click Next.

6. Ensure that Reverse Lookup Zone is selected and click Next.

7. Ensure that Network ID is selected, type your network ID in the Network ID field, and click Next.

8. Select Create a New File With This File Name and click Next.

9. Click Finish.

As far as Active Directory is concerned, your DNS server is almost ready. You should now configure the forward and reverse lookup zones for dynamic updating so that you do not get stuck creating all the records required for Active Directory yourself!

How to Add External Storage to Your PC

1 of 4

Attach one end of a USB cable to the external drive.

A USB cable has distinct ends, so don’t worry about plugging in the wrong one

2 of 4

Plug the other end of the USB cable into your computer.

Your PC should have at least one USB port

3 of 4

If the external storage drive requires power, plug the drive into the wall.

Or better, plug it into a UPS

4 of 4

Turn the drive on if it has an on/off switch. Open the Computer window on your PC.

You may not need to worry about this step because not all drives have this switch.
When you plug the drive into the USB connector, and assuming that the drive has power and is turned on, Windows instantly recognizes the drive and adds it to your computer's list of permanent storage devices, found in the Computer window.

Google announces trio of Nexus devices, Android 4.2 with Miracast and multiple account support

Google was forced to cancel an Android event planned for this morning due to Hurricane Sandy, but the company still went ahead and revealed its revamped Nexus lineup in a blog post. As rumored, a new Nexus phone manufactured by LG will take over as Google’s flagship handset, while an updated Nexus 7 tablet alongside an all-new Nexus 10 model will place a bit of pressure on Apple’s iPad lineup.

Nexus 4

The Nexus 4 smartphone features a 1.5GHz quad-core Snapdragon S4 Pro processor, which Google touts as the fastest on the market, as well as a 4.7-inch 1280 x 768 IPS display, 2GB of RAM, dual cameras (1.3MP front, 8.0MP back), and either 8GB or 16GB of internal storage. Google also baked in NFC support and a wireless charging feature that lets you power the phone by setting it down on an inductive “Charging Orb”.

The latter is somewhat reminiscent of the Palm Touchstore, with the face of the dock set at an angle so you can easily see the phone when charging and magnets inside the Orb preventing it from sliding off.
Google says the Nexus 4 uses the Qi wireless charging standard, so charging pads designed for Nokia's Lumia phones should be compatible too.
On the software side, the Nexus 4 introduces Android 4.2 as a new flavor of Jelly Bean, with support for Miracast (an open alternative to Apple’s Airplay), a new gesture typing keyboard similar to Swipe, a feature called Photo Sphere for creating 360-degree panoramas, among other improvements.
One feature notable missing is support for LTE networks, though. According to The Verge, Google left this feature out in order to have complete control of the software with no carrier intervention -- apparently there's no access to LTE networks without working with carriers in one way or another.
As a result, the Nexus 4 will only be available as an unlocked HSPA+ device starting on November 13 in the US, UK, Canada, Germany, France, Spain and Australia, with other markets around the world getting the phone towards the end of the month. The device will sell for $299 with 8GB of storage or $349 with 16GB. A T-Mobile version will sell unlocked for $199 on a two-year contract.

Nexus 7

Next up, Google announced a couple of updates for the Nexus 7 tablet introduced this past summer. The first relates to storage capacity, which now starts at 16GB for the same $199 or 32GB for $249, and the second is a new model with 32GB of storage and HSPA+ mobile data compatible in 200 markets for $299.

Otherwise, the design of the Asus-made tablet as well as the rest of the specs remain the same. The new Nexus 7 (32GB + Mobile) will be sold via the Google Play Store starting November 13.

Nexus 10

Lastly, Google announced Samsung as its hardware partner for a larger Nexus 10 tablet to rival the full-size iPad. The device features a dual-core ARM Cortex-A15 chip paired with 2GB of RAM, as well as a 10-inch screen at 2560 x 1600 resolution, clocking in at 300ppi. There’s also a 5MP camera on the back, a 1.9MP camera on the front, and a 9,000mAh battery that Google says runs for 9 hours.
Other features include microUSB, Micro HDMI and not one but two NFC chips.
The Nexus 10 also ships with a stock version of Android 4.2 featuring some tablet-specific improvements. Among them is multiple user support for easier sharing (each user gets their own apps and data), a "Daydream" mode that's essentially a screensaver, and a number of accessibility improvements.

The tablet will be available in 16GB and 32GB variants for $399 and $499, respectively, or essentially $100 less than a comparable iPad with Retina display. That price coupled with the device’s high-end specs make this -- at least on paper -- the Android tablet to have in the upper end of the spectrum. But while Android has been incredibly successful in the smartphone arena it still needs to up its game when it comes to tablets, specifically with apps designed with tablets in mind rather than stretched out versions of their smartphone counterparts.
It will be available November 13th in the US, UK, Australia, France, Germany, Spain and Canada.

Other announcements

In addition to the new hardware, Google also announced updates to its voice assistant feature Google Now, which now offers flight information, restaurant reservations, hotel confirmations and shipping details. Meanwhile, Google Play is getting new video content and is launching the music store in Europe.

Built-in advertising: The Windows 8 feature you haven't heard about

Windows 8 has been one of the most anticipated and talked about tech launches of 2012. Discussions intensified as the operating system neared and for the most part, everything went off swimmingly for Redmond. Sure there was the post-RTM update ahead of Microsoft’s October 26 release date but there’s something else with Windows 8 that most aren’t yet aware of: built-in advertising.
The advertisements are reportedly found inside some of the applications that ship with Windows 8 under the Modern UI (Metro) user interface like Finance, News, Travel and Weather. Advertisements in free mobile apps or even trial software are perfectly understandable, but how should you feel about finding ads inside software you paid full price for?

Several prominent figures from around the web are voicing their opinion on the issue, both in defense of the ads and against them. As ZDNet highlights, John Gruber from Daring Fireball simply believes it’s “gross.”  But it’s not just Mac fans that feel that way as Paul Thurrott from Supersite for Windows essentially believes it cheapens the operating system.
ZDNet’s Ed Bott doesn’t feel the issue is nearly as big of a deal as Gruber and Thurrott, however. Instead of seeing this as another revenue stream for Microsoft at the expense of paying customers, he says the ads are simply part of a project from Microsoft designed to inspire Windows 8 app developers.

Granted, the ads themselves aren’t terribly obtrusive. In fact, most say you have do a little digging to find the ads which is probably why we haven’t publically heard about them sooner. As Bott points out, the ad in the News app is found by swiping through seven full screens in landscape move. It’s similarly placed in the Sports app shown above as well.
Have you had an opportunity to try Windows 8 and if so, have you noticed the ads before? How do you feel about them being in a piece of software you’ve already paid full price for?

Loophole enables anyone to get a Windows 8 license for free

Copies of Windows 8 Pro are freely available from Microsoft’s website for anyone who wants to try out the operating system. Normally, the software would expire after 180 days, a period that is meant to allow Volume Licensing customers to automate and manage the activation process. But a loophole in the company’s Key Management System allows anyone to legitimately activate their copy of Windows 8 permanently, for free.
The goof centers around the Windows Media Center upgrade that’s being for free offered by Microsoft themselves until January 31 next year. Specifically, when entering the add-on key, Microsoft’s Key Management System will let you fully activate your copy of Windows 8 without running a validity check for the product key of the underlying system the Media Center add-on is being installed on.

To get a free Media Center key all users need to do is request it from Microsoft’s website using any email address. Once the code is in your inbox, do a search for “Add features to Windows 8” under Settings, click on it and enter the product key. Media Center will download and install, and after your system comes back from a reboot, you’ll be able to use the same upgrade product key to activate Windows.
With this your copy of Windows 8 will become fully active and 'legitimate', which you can verify in the activation window where it should read “Windows is activated” instead of “Windows is activated until…”.
The method has been confirmed to work by several news outlets. I tried it as well but upon requesting a Media Center key the site responded it will be emailed to me “within 24 hours” -- I can’t tell if the wait period is standard or if Microsoft is moving to patch the flaw by implementing a check for the underlying system.

Microsoft Security Essentials bombs tests, loses AV-Test certificate

Microsoft Security Essentials was the only entry to fail AV-Test's certification between September and October -- an embarrasing slip for the once well-regarded virus protection solution. MSSE received a total of 10.5 out of 18 possible points, most notably falling short in zero-day malware attacks. As a point of reference, 11 points are required to receive certification. The fallen AV only received 1.5 out of 6.0 for system protection, but fared better when it came to repairing infections and usability: 3.5 and 5.5 out of 6.0, respectively.
Thankfully, other free alternatives performed better: Avast (14 points) edged out AVG (12.5 points) and Avira (12 points), receiving above-average marks all-around. Meanwhile, Bitdefender topped payware offerings, netting an almost perfect score of 17 points.
If you're somehow not familiar with it, MSSE is Microsoft's nag-free, no-cost anti-virus solution for Windows XP, Vista and 7 owners. Although Windows 8 users can't install MSSE, the utility essentially comes integrated into the OS -- it's simply disguised as "Windows Defender".
AV-Test is an independent German organization who, amongst other things, rates anti-virus utilities based on various metrics about every two months. AV-Test's certification is by no means an industry requirement, but their test results have served as a standardized way to benchmark anti-virus programs for years.
Similarly, AV Comparatives is another firm who offers their own, indepedent anti-virus grading service. After recalling MSSE scoring very high marks with AV Comparatives back in 2009, I checked out the site's latest tests to get a second opinion. Curiously though, MSSE has been missing from tests at AV Comparatives since 2010. Looks like we'll have to take AV-Test's word on this one.