From the response we’ve had from Microsoft Vista users, it’s clear that there’s a lot of PC readers here. To that audience, we’d like to make sure you’re aware of a ‘Critical’ security update released by Microsoft yesterday.

As part of their regularly scheduled software update, they bundled 6 patched. 3 of them are rated ‘Critical’ by Microsoft - meaning you really should make sure they are installed on your system where applicable.

Of the 3, the one getting most of the noise is an Excel patch that targets a vulnerability in the company’s spreadsheet program that could let hackers break into a PC if its user opened a tainted spreadsheet.

It’s important you contact your System Administrator if you are in a supported situation or follow the instructions if you’re solo to make sure you’re protected by this patch.

Also packaged in this bundle:

• Microsoft also addressed holes in its .NET Framework, the library of computer code that is part of Windows Vista and versions of Windows XP, Windows 2000 and Windows Server 2003.
• Microsoft addressed a security vulnerability in Windows 2000 Server and Windows Server 2003.

While you’re at the site, remember you can sign up to have these periodic updates automatically pushed to your system - which is the easiest and smartest approach.

Share This

A. Ever since Tyler first posted about his dislike of ‘Bluecasting’ (also known as Bluejacking) , it’s got a lot of people asking me - if it’s so easy to push unwanted information TO a Bluetooth headset, does that mean people can PULL information through my Bluetooth device, too?

The simple answer is yes.

Since almost the very moment Bluetooth was released, hackers have been building ways to crack it.

The first Bluetooth breaches were through an early security hole. Nicknamed “Bluebugging: “, hackers took advantage of this backdoor to eavesdrop as well as access and even overwrite a phone’s address book and text message files. As with any Bluetooth security breach, the hacker had to be within 30 feet of your phone.

Starting in 2005, most new Bluetooth-enabled phones were cured of this, although hackers are always writing new code and new programs to breach security.

As that hole was being plugged, hackers discovered that Bluetooth phones in ‘Discoverable’ mode could be accessed . This is called “Bluesnarfing“.

Unauthorized users ‘pair up’ to your Bluetooth and once linked, can steal the whole of your phone book, that’s your whole contact list, your calendar, your stored pictures, even your ring tones.

There is also something called a ‘DoS’ attack. A Denial-of-Service is a malicious hacker who broadcasts a code that makes your device unavailable to you until it reboots (turned off and then turned on again). There’s usually no breach of your information in a DoS attack, or harm to your headset or phone. It’s just idiocy for idiocy’s sake.

Should these security concerns keep you from buying and using say… a new MoGo headset?No. The good news is that there are things you can do to keep your calls and information safer.

1) Turn off discoverable mode.

Most phones are “visible” (or set to ‘Discoverable mode’) by default when Bluetooth is switched on. The safest mode is ‘Non-discoverable’:

1. Non-discoverable mode: Does not respond to inquiry - highest safety for your phone. .
2. Limited discoverable mode (or ‘Hidden’): Discoverable only for a limited period of time, during temporary conditions or for a specific event - this provides medium safety.
3. General discoverable mode: Discoverable continuously or for no specific condition - no safety from Bluejacking or Bluesnarfing.

2) Use a strong PIN code for you headset.
Not only should you choose a strong PIN, you should also be careful not to use it in public where it can caught by someone watching. If your headset and phone become unpaired, go somewhere private to link them back up .... not standing in the middle of the mall.

3) Never, ever let an unknown device pair to your phone. Periodically watch the Bluetooth symbol on your phone. If it looks different, or you see an unexpected message appear on your device asking to pair up, well, to quote Nancy Reagan - just say NO.

Unsure what the Bluetooth symbol is supposed to look like? Apple has a great article showing all the Bluetooth icons and their meanings here.

4) Keep Moving. PC Today said it well: “Unless your attacker has invested vast amounts of time and money in a long-range Bluetooth transmitter/receiver, chances are great that they will be operating within standard Bluetooth range (within 10 meters [33 feet]). If you notice something wacky happening with your smartphone or PDA and don’t know what else to do, simply get up and move away.

“If you are on a bus, train, airplane, or other confined area, simply power off your device and wait to see who reacts. If you catch them, make sure to give them a dirty look. ”

————————————————————————————————

On Fridays, MoGo Mobility’s Elizabeth will seek to answer your MoGo (and non-MoGo) technical questions.

Elizabeth is a professional writer & geek with most of the last decade spent in senior management at a leading global IT provider. Thousands have attended her seminars in the US & Canada on subjects ranging from basic TCP/IP networking to high-end data storage solutions.

Got a question? Ask Elizabeth.

Share This

Here’s five quick and easy solutions to protecting your laptop and its data from prying eyes and sticky fingers. These are suggestions meant for the most common and blunt security threats; shielding yourself from worms, spam, and spies (oh my!) are posts for future days.
Without further ado…

1) Before you leave, Disable Auto-Logon.

I know, it’s convenient to be able to power up your laptop and have it automatically go into your system.

But this is a major invitation for a security breach. So when you travel, disable it.

How? If you’re running Win2000 or WinXP, Microsoft has the following instructions:

- Go to START and select RUN
- In the script box, type “control userpasswords2″
- In the dialog box that appears, make sure that ‘Users must enter a username and password to use this computer’ is checked
- Click ‘OK’

Instructions for other Microsoft operating systems HERE.

2) Along those same lines? Use Strong Passwords.

Although this seems obvious, the truth is that we are creatures of habit. Which is why so many of us STILL aren’t using strong passwords regularly.

So go ahead. Change your login password right now. If you need to write it down and put it in your wallet, feel free. The point is is to make it hard for a thief and/or hacker to get at your data.

Unsure what a “strong password” is? Wikipedia has a good definition, here. Unsure if you can create one? There is a random strong password generator here.

3) Lock access to your laptop.

Your car and house have keys, shouldn’t your laptop? Securikey is a system (about $130 at MacWorld) that gives you two USB ‘keys’ to lock your laptop. You install their software (works for most Mac and PC systems) and from then on, you have to provide a password AND have one of the USB keys in the laptop’s port before you can access your system.

The USB keys are pretty durable and designed to hang on your key-chain.

4) Lock your laptop.

We all know a co-worker or fellow road warrior who has stepped away from whatever temporary office they’ve been using only to come back and find their laptop gone.

A simple $40 laptop lock would prevent about 90% of these thefts.

So go ahead, buy one. (like Kensington’s). It takes up very little room in your bag and can mean all the difference.

5) Use a privacy screen.

I can’t tell you how much proprietary and private information I’ve been exposed to over the years in various coach seats at 15,000 feet.

40% of those surveyed, like me, will admit to seeing what they are not meant to from time to time. The rest? Well, maybe they have portable blinders.

Privacy filters for laptops run about $40 - $125. If you’re like me, you’ll soon get in the habit of leaving it on all the time, even back in the home office (because prying eyes can be anywhere.)

Share This