Tuesday, October 09, 2007

Eircom Wireless Security

If you are an Eircom customer you are no doubt now aware of a security flaw in relation to their Netopia wireless routers. The security risk arises as a result of a combination of factors.

When a customer receives a Netopia wireless router, WEP encryption is enabled. WEP (Wired Equivalent Privacy) is a system of encryption that requires a user to enter a code (a 26-digit code in the case of Eircom of the form 879411b4f741e806a275565e16, which is a hexadecimal (base 16) number) before their computer can connect wirelessly to the router. When an Eircom customer receives a Netopia router, the specific 26-digit code will be provided to them, and known only to them, which allows them to connect to the wireless router. All good stuff to keep the bad guys out and your network private. So far so good.

In addition to a pre-assigned WEP encryption key, the customer's Netopia wireless router also has another pre-assigned parameter programmed into it called an SSID (Service Set IDentifier). The SSID is, in effect, the broadcast name of the wireless network which appears in the View Available Networks window. This can be anything you want but Eircom Netopia routers have an SSID of the format eircomxxxx xxxx e.g. eircom1242 9777. The problem arises due to the fact that the default WEP key and the part of the SSID after the eircom part are derived using the same algorithm. This has allowed some clever people to analyze the relationship between the WEP key and the SSID and come up with a small program called a key generator. Since the SSID is broadcast by default on the Netopia wireless router anyone can see the SSID of a router within range. All one needs to do to connect to that router is enter the 8-digits after the eircom part of the SSID into the key generator program and, voilĂ , the 26-digit WEP code is presented. Enter this code when required and you are connected to the network. PC Medic has seen this program in action and can confirm that it takes less than 1 minute to connect to a "secure" network.

What to do? It's actually quite simple to totally eliminate this security risk by either (a) changing your SSID or (b) changing your WEP code. Unfortunately, many customers don't feel comfortable connecting to their Netopia router to do this (Eircom should have contacted you if you have an "at risk" Netopia unit, and provided you with instructions to remedy the situation). If you're concerned and don't want to undertake this procedure on your own, contact PC Medic and we'll help you out.

Friday, October 05, 2007

Blast from the Past

Earlier this week we picked up an old Dell Dimension from its owner who purchased the computer in January 2001 with Windows 98 installed. Up until the failure of his hard disc he hadn't a day's trouble with the PC (probably mainly due to the fact that it wasn't on-line). We installed a new hard disc and reinstalled Windows 98 from the Dell recovery CD (he had all his original Dell-supplied CDs after 6 1/2 years - how many people lose them after 6 1/2 months?!). What surpised me and prompted me to post this blog was just how fast Windows 98 can run. Start up time was 40 seconds from button push to full systray. Shutdown time was an incredible 3, yes 3 seconds! All applications opened in a flash and this is on a P3 box with 128MB of RAM.

When I see how long it takes for Vista to boot and shutdown on our Dual Core box with 2GB of RAM you start to wonder are we going in the wrong direction. Time is the one thing we have less of as the years go by, so do we really want to spend that time looking at an hourglass? Perhaps we should be pushing for stripped down operating systems and streamlined applications (hands up all those who actually understand pivot tables, VBA macros and VLOOKUP in Excel, let alone use them). The term "Less is More" comes to mind.