billso.com

I’ve seen only 4 Macs at the 2008 Academy of Management conference. There’s free WiFi in the conference lobbies, and I’ve been using it to check my EMBA course and grade the final assignments.

The vast majority of these management professors and doctoral students use Windows laptops, Outlook and Microsoft Office as they study their papers and PowerPoint slides one last time before their sessions. 

I helped one of these users connect to the conference’s free wireless network. It’s just another day of ad hoc user support for Bill Sodeman, professor and CIO.

If I get more questions, I may set out a tip jar.

In the meantime, it’s fun to watch the parade of growl notifications that Little Snitch displays on my Mac.

News is trickling into the mainstream media about the DNS security hole that Dan Kaminsky found a while back. It’s a problem that has existed for years in the DNS software used on almost every major computing platform. With a trivial amount of CPU power, a cracker can redirect a web browser from a legitimate domain name to whatever server they wish. In some ways, it resembles a pharming attack. Details on how to perform the attack were made available this week, and there’s a brief description in a Register article called Exploit code for Kaminsky DNS bug goes wild.

The Domain Name System matches alphanumeric URLs like billso.com to their corresponding numeric IP address. If DNS is broken, the Internet is more or less broken.

Patches for these systems were released after 8 July 2008, when Kaminsky announced that the bug did indeed exist. Many server administrators haven’t installed the new DNS software yet.

According to another Register article called Worlds biggest ISPs drag their feet on critical DNS patch, the following providers haven’t performed the patch on their ISP networks:

• Time Warner Cable
• AT&T
• British Telecom
• Bell Canada
• T-Mobile

I tested Hawaiian Telcom’s DSL network last night: they failed, too.

I haven’t heard whether Comcast has fixed their DNS servers, but based on the New York Times article called GComplaining Bloggers Hava a Cable Company’s Ear, I’d think Comcast would respond quickly to blogged complaints about their DNS service.

HPU’s DNS servers on the wired and WiFi networks passed the test this morning when I checked them, and I’ve received confirmation that they patched their servers earlier this week. That’s good news, since HPU’s primary ISP is Oceanic Time Warner.

You can fix the DNS hole yourself

ISPs must offer certain services as part of an Internet connection. DNS is one of these services. Many ISPs run their own DNS servers, which connect to larger servers on the backbone. Corporations usually have their own DNS servers inside their network, to help users connect to internal resources like printers, servers, and network shares.

But residential users don’t HAVE to use their ISP’s DNS in most cases. If you have your own router at home, or you just plug your computer into a cable modem or a nearby WiFi network, you can use Dan Kaminsky’s tool to see if your DNS server is vulnerable. Use the Check Your DNS button in the upper-right corner of his blog pages at doxpara.com

For those of you on a school or company’s network, please check with your IT or network staff before changing your DNS settings.

If your ISP or WiFi network is using a vulnerable DNS server, you can use a free system called OpenDNS that is probably faster and safer that what you’re already using. It takes about 5 minutes to change your computer’s or your router’s domain name settings to use the OpenDNS servers.

Make sure you have administrative rights on your computer or router. Read the OpenDNS tutorial and make the appropriate choices. Be sure to reboot or restart your computer after confirming the changes. You may find that your Internet connection seems faster. That’s a nice benefit of OpenDNS for many users.

OpenDNS also screens out phishing sites, and lets users block or restrict access to entire categories of sites and specific URLs.

Chris Pirillo of Lockergnome has been ranting about the hole for several days now, but he’s got a point. Read his article called Is Your DNS Server Safe? for his thoughts.

Updated 29 July 2008 1930 HT: Here’s an article from John Markoff of the New York Times With Security at Risk, a Push to Patch the Web . Kaminsky estimates that 41% of all DNS servers still need the patch. With Kaminsky’s presentation coming up next week at the Black Hat conference, the clock is ticking. This article by Robert Westervelt of Security News called DNS flaw handling leaves Kaminsky pleased has some good quotes from Kaminsky about the scope of the DNS hole.

Related posts and pages on billso.com

• OpenDNS
• Hawaiian Telcom
• 24 February 2008: Pakistan blocks YouTube, breaks trust
• 15 January 2008: OpenDNS update
• 3 September 2007: When users block the ads, should web sites block the users?
• 13 July 2007: Speed up your broadband connection with OpenDNS

Apple has sued Psystar, the marketers of the Open Computer, according to Jorge Espinoza’s article, Apple Goes After Clone Maker Psystar, and ZDnet. Apple seems to have a solid case, as Psystar modified Apple’s software as part of the Florida company’s product offerings. The original name of the Psystar product was the OpenMac, which didn’t please Apple, either.

Related posts and pages on billso.com

• Copyright and fair use
• 15 April 2008: Can Apple stop the Open Computer?

I write technology articles for BrightHub.

• billso’s BrightHub profile
• RSS feed for my BrightHub articles and activities

Home office technology

• 19 June 2008: The Best 3 Extensions to Install on Firefox 3 - and the Best Extension for Firefox 2
• 6 June 2008: Using a Web Based RSS Reader - Look For the Orange Icon

The Mac platform

• 1 July 2008: Mailplane - A Mac Browser for Gmail
• 23 June 2008: How to Erase Your History and Cache from Safari - A Detailed Guide
• 20 June 2008: MobileMe - A Guide for iPhone, iPod Touch and Mac Users
• 12 June 2008: Hiding the Dock in Mac OS X - A Quick Guide

Small business security

• 23 June 2008: Recovering from Ransomware - How to Foil and Stop a Gpcode.ak attack
• 17 June 2008: Upgrading to Windows Vista - Better Security for Small Businesses?

Related posts and pages on billso.com

• 26 June 2008: I’m writing for BrightHub

CIOs and IT managers tend to focus on preserving data. But what happens when companies need to destroy data?

It’s easy to shred paper data, but destroying digital files may require more tools than a sledge hammer and a blowtorch.

For many companies, data removal or sanitizing is a bigger concern. Hard drives are expensive, and sometimes removing the data from a drive is a better choice.

Many people have asked me how they can erase data from their hard drive or USB device, so that they can sell or give the device to someone else.

Formatting the device won’t do the job, at least with the default settings. Erasing the file using the standard tools in the Windows and Mac operating systems usually leaves behind some or all of the files.

Mac OS has a “secure empty trash” command that will overwrite files, as described in these articles from MacGeekery and MacObserver.

Many companies sell data erasure software, including Active @ Killdisk and OnTrack.

Blancco provides enterprise tools to help companies destroy and remove digital data. This chart from DataErasure.com, a Blannco marketing web site, lists some Federal fines and penalties that are related to data privacy and disclosure.

This video from DataCenter.tv is a bit long, but it’s got some good information about Blancco’s business model.

Image provided by JcMaco under a Creative Commons license.