Michael Horowitz

About the Author Michael Horowitz


Testing an AmpliFi mesh point as a Wi-Fi extender

When mesh router systems started appearing last year, I purchased a Ubiquiti AmpliFi system for someone whose house was a worst case Wi-Fi scenario. The internet entered the home in the basement on the south side of the house, while the bedrooms are on the second floor in the north side.

I liked the AmpliFi line, sight unseen, because unlike most other mesh systems, it did not require you to register with Ubiquiti and it did not phone home with who knows what data about your network. Still, in October of last year, I griped that the AmpliFi mesh system lacked remote control. This is no longer true. 

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Testing an AmpliFy mesh point as a Wi-Fi extender

When mesh router systems started appearing last year, I purchased a Ubiquiti AmpliFi system for someone whose house was a worst case Wi-Fi scenario. The Internet entered the home in the basement on the South side of the house while the bedrooms are on the second floor in the North side.

I liked the AmpliFi line, sight unseen, because, unlike most other mesh systems, it did not require you to register with Ubiquiti and it did not phone home with who knows what data about your network. Still, in October of last year, I griped that the AmpliFi mesh system lacked remote control. This is no longer true. 

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Verifying and testing that Firefox is restricted to TLS 1.2

TLS is the protocol invoked under the covers when viewing secure websites (those loaded with HTTPS rather than HTTP). There are multiple versions of the TLS protocol, and the most recent version, 1.2, is the most secure. Last time, I discussed tweaking Firefox so that it only supports TLS version 1.2 and not the older versions (1.0 and 1.1) of the protocol.

But that begs the question: what happens when a security-reinforced copy of Firefox encounters a website that does not support TLS 1.2? The answer is shown below.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Restricting Firefox to TLS version 1.2 makes browsing safer

Although its common to think of a secure website as the opposite of an insecure one, the choice is not, in fact, binary. For a website to be truly secure, there are about a dozen or so ducks that all need to be lined up in a row.

Seeing HTTPS does not mean that the security is well done, secure websites exist in many shades of gray. Since web browsers don’t offer a dozen visual indicators, many sites that are not particularly secure appear, to all but the most techie nerds, to be secure nonetheless. Browser vendors have dumbed things down for non-techies.

Last September, I took Apple to task for not having all their ducks in a row, writing that some of their security oversights allowed Apple websites to leak passwords.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Are Android bug fixes worth $510 when buying a phone?

Techies are supposed to focus on the latest and greatest, the biggest and fastest. I’ve never been like that. Especially when it comes to cellphones, my computing needs are modest.

So, consider the fairly low end ASUS ZenFone 3 MAX ZC520TL phone which Asus currently sells for roughly $140.

It has a 5.2 inch IPS screen with a resolution of 1280×720. Many phones offer more pixels, but this is sufficient for me and fewer pixels should help with battery life. It has 2GB of ram, 16GB of storage, an FM radio, a 4100 mAh battery and its made of metal, not plastic.

On the downside, the Wi-Fi is limited to the 2.4GHz frequency band, it only works with AT&T and T-Mobile and the battery is not removable. Considering the price, it’s good enough for some of us, myself included. 

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Windows Defender does not defend Windows 7 against WannaCry

Thanks to Kaspersky, we now know that 98% of the Windows machines infected by WannaCry/WannaCrypt were running Windows 7. Since, once it gets a foothold, the malware can infect an entire network, most of the attention was focused on LAN based attacks. My previous blog was about using the Windows firewall as a defensive measure.

But any malware can spread in multiple ways so there is always a need for anti-malware software on Windows PCs. The May 12th blog post, Customer Guidance for WannaCrypt attacks, in which Microsoft announced the release of a bug fix for Windows XP, mentioned that 

To read this article in full or to leave a comment, please click here

Read more 0 Comments

The Windows firewall is the overlooked defense against WannaCry and Adylkuzz

Despite all the attention currently focused on Windows computers being infected with WannaCry ransomware, a defensive strategy has been overlooked. This being a Defensive Computing blog, I feel the need to point it out.

The story being told everywhere else is simplistic and incomplete. Basically, the story is that Windows computers without the appropriate bug fix are getting infected over the network by WannaCry ransomware and the Adylkuzz cryptocurrency miner. 

We are accustomed to this story. Bugs in software need patches. WannaCry exploits a bug in Windows, so we need to install the patch. For a couple days, I too, ascribed to this knee-jerk theme. But there is a gap in this simplistic take on the issue. Let me explain. 

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Patching Windows XP against WannaCry ransomware

Microsoft just released a patch for Windows XP that fixes a file sharing flaw being exploited by the WannaCry ransomware. Here’s how to install it. 

You can download some versions of the patch using links at the bottom of this May 12th  Microsoft article: Customer Guidance for WannaCrypt attacks. The full list of patch variants, including languages other than English, is in the Windows Catalog, just search for KB4012598. Windows Update does not work on XP.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Third party antivirus programs interfere with Windows Defender critical patch

Like others running Windows, I have been dutifully updating Window Defender the last few days with a fix for a critical bug. The update procedure is simple. Open the Control Panel, click on Windows Defender, and then check for updates.

The only thing out of the ordinary, on Windows 7, is that the update check is hidden behind a downward pointing triangle just to the right of a white question mark (this is not true in Windows 8 or 10). The “about” panel is also here. If the Engine Version is less than 1.1.13704.0 then it needs to be updated immediately.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

7 mistakes Google made updating my Google Wifi router

Many of the new mesh router systems self-update their firmware (router operating system). While this is a big step forward from the bad old days, where the task fell to the router owner, it’s only a first step.

On my Router Security site, I go into the difference between self-updating firmware done right and done wrong. With that in mind, here is what went wrong when my Google Wifi router updated its firmware. 

Scheduling

My first gripe is that the software update was a surprise. There was no warning ahead of time, either that an update was available, or that it was about to be installed. In contrast, the Eero app tells you that a firmware update is available well before the update is automatically installed. The screen shot below shows the Google iOS app informing me after the fact that it had updated the router software (the screen shot was taken May 6th).

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Asus router warnings on privacy and security

I ran across a most unusual router review today, by Daniel Aleksandersen.

For one thing, it was not a review of a specific model (though the author uses an Asus RT-AC87U), instead it reviewed ASUSWRT, the stock firmware (router operating system) used in Asus routers. Think of it as a review of General Motors rather than the Buick Regal. As such, there was none of the usual focus on Wi-Fi speed and range.

And, while most reviews are written after a brief testing period, it was obvious that Aleksandersen has lived with his router for a long time.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

How seven mesh routers deal with Wi-Fi Protected Setup (WPS)

The recent wave of new mesh router systems has brought with it changes besides the obvious increase in Wi-Fi range. For example, these mesh routers are more likely to insist on WPA2-AES encryption, as many have dropped support for the less secure WEP and WPA options. Not all of them, but many.

Here I take a look at another insecure router technology, WPS (Wi-Fi protected setup) and how these new mesh routers deal with it. 

WPS is an alternate way of gaining access to a Wi-Fi network that does away with having to know the SSID (network name) and password. Much of what you read about WPS is incomplete, as it supports at least four different modes of operation.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Screwed by a VPN

As you would expect of someone who writes a Defensive Computing blog, I am a frequent VPN user. I both pay for a full-fledged VPN service and also dabble with a couple VPNs that offer limited monthly bandwidth for free.

My main VPN provider offers servers all over the world. Sometimes I connect to a server on the West coast of the US, sometimes the East coast, sometimes the South and sometimes Canada. Why Canada? Just because.

There are occasionally things that don’t work well on a VPN, but I often stay connected all day. As such, its easy to forget that the VPN is active – and I recently got burned by forgetting. Normally, of course, the situation is reversed, trouble comes to those whose VPN is off rather than on. 

To read this article in full or to leave a comment, please click here

Read more 0 Comments

A curious case with a VPN

As you would expect of someone who writes a Defensive Computing blog, I am a frequent VPN user. I both pay for a full-fledged VPN service and also dabble with a couple VPNs that offer limited monthly bandwidth for free.

My main VPN provider offers servers all over the world. Sometimes I connect to a server on the West coast of the U.S., sometimes the East coast, sometimes the South and sometimes Canada. Why Canada? Just because.

There are occasionally things that don’t work well on a VPN, but I often stay connected all day. As such, its easy to forget that the VPN is active — and I recently got burned by forgetting. Normally, of course, the situation is reversed, trouble comes to those whose VPN is off rather than on. 

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Made a fool by a VPN

As you would expect of someone who writes a Defensive Computing blog, I am a frequent VPN user. I both pay for a full-fledged VPN service and also dabble with a couple VPNs that offer limited monthly bandwidth for free.

My main VPN provider offers servers all over the world. Sometimes I connect to a server on the West coast of the U.S., sometimes the East coast, sometimes the South and sometimes Canada. Why Canada? Just because.

There are occasionally things that don’t work well on a VPN, but I often stay connected all day. As such, its easy to forget that the VPN is active — and I recently got burned by forgetting. Normally, of course, the situation is reversed, trouble comes to those whose VPN is off rather than on. 

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Blocking Windows 10 with Never10

Many Windows 7 and 8.1 users have no interest in Windows 10. But, Microsoft is determined to spread their latest OS far and wide. Resistance, however, is not futile. There are a number of ways to inoculate Windows 7 and 8.1 from being infected with Windows 10. 

Steve Gibson has just released Never10, the newest Windows 10 blocker. Before going into it, however, some background. 

GWX CONTROL PANEL 

gwx.ctl.panel

GWX Control Panel by Josh Mayfield

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Router Security done wrong

I run an ad-free website devoted to router security called, appropriately enough, RouterSecurity.org. As such, I am always on the lookout for articles on the subject. The recent FTC action against Asus, for poor router security, got me poking around the FTC website, where I stumbled across some awful security advice.

The article, Securing Your Wireless Network, is dated September 2015. The author is anonymous, never a good sign. Here’s what my government got wrong.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Poor Wi-Fi security — my visit to the dentist

Yesterday, while waiting for a dentist, I took out my phone, turned on the Wi-Fi and poked around. What I found was depressing.

First, let me not gloss over the initial step, turning on the Wi-Fi. Good Defensive Computing demands that Wi-Fi be off when not in use. If there was anything I learned last summer attending the BSides and DEF CON conferences, it was to turn off Wi-Fi when your not using it. Trust me on this.

The phone saw two networks, one private and one for guests. The guest network was password protected, the only mistake not made by whoever set things up. As for the mistakes they did make:

1. WPS was enabled on each wireless network.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Poor Wi-Fi security – my visit to the dentist

Yesterday, while waiting for a dentist, I took out my phone, turned on the Wi-Fi and poked around. What I found was depressing.

First, let me not gloss over the initial step, turning on the Wi-Fi. Good Defensive Computing demands that Wi-Fi be off when not in use. If there was anything I learned last summer attending the BSides and DEF CON conferences, it was to  turn off Wi-Fi when your not using it. Trust me on this.

The phone saw two networks, one private and one for guests. The guest network was password protected, the only mistake not made by whoever set things up. As for the mistakes they did make:

1. WPS was enabled on each wireless network.

To read this article in full or to leave a comment, please click here

Read more 0 Comments