The magazine of the Melbourne PC User Group
Editorial
Ash Nallawalla
 ash@melbpc.org.au

This month we showcase Security. Like proverbial charity, good security begins at home. More specifically, it begins with you. In my experience, the following are examples of poor security practices:

  • Writing down or storing your password where others can find it.
  • Choosing a password that "looks like a password" or is one that others can guess. Which of the following is a password: godogs1, kylie1, 6m71osJwb they all could be passwords. The last one is the best one. Are you wondering how you could remember it? It is a contraction for "6 May 71 our son John was born".
  • Sharing your password with someone or typing it while others are watching your fingers.
  • Having no password.
  • Not using an antivirus program.
  • Clicking on an e-mail attachment without thinking.
A lthough many of us have progressed beyond that stage of security-consciousness, there are weaknesses in technology that can work against us. It is safe to say that the majority of our members have Internet access.

Security goes far beyond unauthorised access to your information. In many cases, it has little or no value to others but they may may still want to decide for themselves. Although you may employ safe password practices, it is possible for others to access your machine over the Internet. Even worse, you may be an unwitting advertiser of your information or an unintended pawn.
 
Zone Alarm
 
For more information, I recommend regular visits to Steve Gibson's site: http://grc.com. Steve recommends a firewall that is free for personal use, Zone Alarm, but be sure to understand its operation before using it. The most common "problem" is to discover that others are trying to access your computer. That only becomes a problem if you misinterpret the information shown to you. 

The caution can only be explained here with an analogy. Someone knocks on your door or peers through your window. Someone turns the doorknob or tries to open a window; perhaps every door and window in your house. You have a combination lock on your front door and someone tries every possible combination to it. I have presented a range of possibilities. Many Zone Alarm alerts are merely of the "door knock" type, often caused by legitimate actions. When you notice a repeated and systematic pattern of probes, then you need to get concerned. Gibson's site contains links to articles that will help you to understand this topic better. 

Credit Cards and Windows NT 

I expect that if your credit card number was compromised, you will have found out by now, but take a look at http://www.fbi.gov/pressrel/pressrel01/nipc030801.htm for an account of recent cracker activity. It is said that financial institutions never like to reveal incidents of this nature, so this is unusual. 

Windows NT administrators should take a look anyway, because the article mentions that several vulnerabilities in NT were exploited. Steve Gibson's name pops up again, as he has built a special tool for the FBI that is available to all who need it. Even if your NT system does not store credit card details, the information will be useful. 

Mail Delivery Subsystem 

The Internet service administration team sometimes sees replies from subscribers to "Mail Delivery Subsystem" (MDS). MDS is merely the software (not a human) that attempts to deliver your e-mail. It is trying to inform you about problems in delivering your e-mail, so it is pointless to reply to it. Please try to understand its explanation and delete it.

Telstra ADSL - Wait 

I subscribed to Telstra's residential ADSL plan in January and have mixed feelings about it. When it works, it is good, not great. You may have read about the ongoing authentication problems where subscribers cannot log in. That is frustrating if you strike this at 7.00 am and cannot complain to the help desk until 8.00 am (when it opens). If I left my PC permanently switched on and logged in (my plan is not time or volume based), I might not see this problem, but I like to turn it off every night or when I am out of the house. 

I have also had problems with a lack of DNS and loss of packets, making Web surfing fully or partly unusable. At the time of writing another undersea cable has been cut and it will be a week before a ship can fix it. Although such cuts can sometimes affect the entire Internet-using Aussie population, sometimes it depends on who feeds your ISP. Melb PC gets its feeds from more than one multi-homed supplier - in simple terms, its suppliers have feeds from competing carriers, so your data has a greater chance of getting through.
 
The bottom line is to not rush into getting Telstra ADSL, certainly not without a fallback modem-speed ISP (such as Melb PC). Cable is apparently a lot more stable (and cheaper).

Reprinted from the April 2001 issue of PC Update, the magazine of Melbourne PC User Group, Australia

[About Melbourne PC User Group]