Archive for October, 2010

Fire Sheep Storm Social Networks

Tuesday, October 26th, 2010

An add-on for Mozilla Firefox, known as Fire Sheep has been released which allows a user to collect cookies from computers on a local network and impersonate the victims on a variety of websites. This application is being used on public WI-FI networks where people commonly log in to social network sites, leading to compromised accounts. This exposes a security flaw in the way some websites identify authenticated users and uses the same technique which caused trouble for Google as they collected information about wireless networks during their Streetview mapping.

The exploit relies on session information being passed to the website from the users computer without encryption. Once the unencrypted information about a users session is intercepted the malicious user can make requests to the web site as though they had logged in. In addition to the session information in a cookie it is possible for websites to check other aspects of the request such as originating IP (which in this case would be the same as both computers are on the same local network) and the User Agent (which is provided in the header of each request). Although both of these can be spoofed they can be used to help determine that a request genuinely originated from the authenticated user.

Ultimately the best policy is to make sure that all requests which include session information are sent via HTTPS as this encrypts the request information between the user and the website. Sites which already use this approach are not at risk.

Tags: , ,
Posted in Web Design | No Comments »

Cisco VPN Client Service Problem *Solved*

Monday, October 25th, 2010

I recently needed to use the Cisco VPN client software to establish a connection to a secure network as part of one of our recent projects and encountered some problems after the installation. This post documents the issues I encountered which will hopefully help anyone who finds themselves in the same position.

The steps to get started are as follows:

Download the package from the service provider

Unpack it to a folder

Locate and execute ‘Setup.exe’

Walk through the installation wizard accepting the default options

After a restart, run the software and click ‘import’

Select the pcf file (which contains your connection information) and you should be ready to connect

In my case, when the application was started for the first time it displayed the following error message:

"Warning 201: The necessary VPN sub-system is not available. You   can not connect to the remote VPN   server"

Cisco.com chalk this one up to a firewall problem but in my case the issue was very different. There were in fact two issues which prevented the software from working correctly. Firstly the software installs a virtual device which appears in your network connections as another LAN connection. I checked the device manager and was supprised to find that the device was disabled despite having installed the driver without a problem and following a restart.

The second issue was slightly more concerning. In addition to the graphical interface and virtual device, the package also installs a service which is set to run automatically. This is named ‘Cisco Systems, Inc. VPN Service’ and has no description. Looking at the services snap-in (Available via Control Panel > Administrative Tools > Services) I could see that it had not started. I attempted to start the service manually and received the following error:

"Could not start the Cisco Systems, Inc. VPN Service on Local Computer. Error 2: The system cannot find the file specified"

Checking the properties of the service I could see that the ‘Path to executable’ was empty which explained why Windows was unable to start the service. To correct this I needed to do the following:

Open the registry editor (Start > Run > Type ‘regedit’ > Click OK)

Navigate to ‘HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CVPND’

Right click the ‘CVPND’ folder and select New > Expandable String Value

Name the value ‘ImagePath’

Right click the new value and select ‘Modify’

In the ‘Value Data’ field type the path to cvpnd.exe, which in my case was ‘C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe’

Click OK to save the value and exit the registry editor.

Once this was carried out I was able to start the service and begin using the software as intended. I was unable to find this exact solution on any forums although I did find that some people were having the same problem so I decided to put this post together. Remember that editing the registry can have serious consequences if you are not sure what you are doing but sometimes it is the only way to fix a problem so take care and do so at your own risk.

Posted in Web Design | No Comments »

Digital Living Network Devices

Friday, October 15th, 2010

This is an exciting new development in digital media technology which promises to simplify the process of accessing digital media resources over your home network or the internet. The Digital Living Network Alliance (DLNA) is setting the standard in digital media sharing by allowing manufacturers to produce devices which are DLNA certified. This means that they can automatically share or access resources on your network such as Network Attached Storage (NAS) or a Digital Media Player (DMP)

DLNA certified televisions allow you to play video, music and display pictures in HD from any available source. This should put an end to watching videos on a PC monitor while your TV gathers dust. It is also possible to retro fit this feature into existing sets using devices such as the HTC Media Link which will be released later this year.

One of the best features of this technology is the ability to have your DLNA certified smart phone interface with your television which enables you to display media from your phone on your large screen. You can also use your phone to control the media which is displayed on your television from any resource on your home network. The limitations of this feature are yet to be explored but the possibilities are endless.

DNLA certified network storage devices are already available, offering 2TB of storage which can be instantly accessed by any other Digital Media Player or Digital Media Controller in your home.

Tags: , , ,
Posted in Mobile | No Comments »

Network Outage

Thursday, October 7th, 2010

At around 16:30 today we experienced a temporary network outage. This was resolved in under an hour and all services have now returned to normal. Emails which should have been delivered during that time will have been deferred. Within the next hour these messages will be delivered.

We apologise for any inconvenience this may have caused.

Posted in Support | No Comments »