Main Line Commodore User Group

Newsletter


December 2008 Issue 319

VILLANOVA UNIVERSITY, ST. AUGUSTINE CENTER, ROOM 110

MEETING STARTS - 09:30 – DECEMBER 13th


UPCOMING MEETING

DECEMBER HOLIDAY CELEBRATION

JOIN US FOR HOLIDAY FESTIVITIES

REMINDER: RENEW YOUR MEMBERSHIP NOW IN TIME TO RECEIVE NEXT YEAR’S JANUARY NEWSLETTER!

As in years past, this will be one of our more light hearted meetings in keeping with the holiday spirit. We will eat, drink, and be merry and have prizes, raffles, and a club USB flash drive loaded with portable Windows applications and possibly other software that will hopefully keep you productive and safe during the next year.

As always we will open the formal part of our meeting with our round-table of announcements, questions, and problem solving. This is the part of the meeting where we all get an opportunity to help each other thru our computer experiences, both bad and good. So come on out to the meeting prepared to make a gift of your experiences and knowledge so all may learn and reap the benefits of shared knowledge.

For our main presentation John D will review the contents of this year’s club USB flash drive. The drive currently contains Windows portable applications, but by the time of the meeting may also contain an archive of the past year’s newsletters as well as slightly higher quality audio recordings of the meetings. The recordings will be slightly higher quality than can be found on the club web site. In addition we may include files and software similar to the content of last year’s DVD.

As in years past, there will not be any advanced session. Instead we will intersperse the meeting with raffles and prizes and a Christmas luncheon near the end.

So come out and join us for the holiday festivities. Have a safe and happy holiday!

--------------------------------------------------------

THIS ISSUE OF THE NEWSLETTER

This issue has been put together by the club treasurer, John D, who has become acting editor in Emil’s absence. Please excuse the changed appearance and content of this newsletter during this time.

Emil has been experiencing health problems which keep him from participating in the normal club activities. Please pray for his return to good health.

--------------------------------------------------------

ANNOUNCEMENTS & REMINDERS

1) If you are a member and did not attend the December 2007 meeting, then you likely missed out on getting the end of year club DVD. If so, and you would like a copy, contact John M to make arrangements to get the DVD. (See the LAST MONTH’S MEETING section of the January newsletter for more info about the DVD.)

2) Club membership entitles you to receive a copy of the newsletter and access to our email list server, which is run for the benefit of our members. Please do not hesitate to post club and computer related notices and problems to it. If we can’t solve your problem remotely, we can be alerted to it ahead of the monthly meeting where more hands-on may help resolve your problem.

3) A few of the regular attendees usually partake of lunch at the Country Squire Diner in Broomall near the intersection of Routes 3 and 320. So, after the meeting, why not join us? It’s an opportunity to get more help and to discuss our common interests.

4) It’s that time of year again – Club Membership Renewal time. Please give your dues to our treasurer, John D, at the meeting or mail checks to his address as indicated on the back page. Checks should be made payable to: MLCUG .

--------------------------------------------------------

LAST MONTH’S MEETING

Attendance: 10 people in all attended the meeting on Saturday, November 8th.

Main Meeting Q&A: We began last month’s meeting with our normal round of questions and announcements. Among the questions and announcements, John D mentioned his transition to FiOS, the shockwave and flash security updates, and the updated Secunia software; Tom J asked about video capture to which there was a discussion for Real Player; Rich T spoke about netbooks, Sony MagicLink, and an HP laptop repair kit; Don W spoke about the use of cell phone ICE (In Case of Emergency) numbers, and Craig’s List and Angie’s List; Marty C mentioned his experience making an open wireless connection at his shore house and followed with a discussion about a restoration from a backup he made a few months earlier; Pat S talked about his Wi-Fi connection issues; Stewart D had a query about a computer upgrade from his old Win98 machine; Bill D asked about an AVG issue; and Ed C also had AVG problems and issues.

Main Meeting Program: Our main meeting was a continuation of a multi-part overview presentation on Microsoft Vista.

Due to the duration of the round-table discussion, John D had about a half hour to expand on the on-going overview presentation of Vista. John D focused on two aspects of Vista in a mobile environment related to its use on laptops and other such devices.

First, users should be aware they can quickly and easily affect the amount of time their laptop will be able to run just on battery power by selecting one of three power schemes. The default power scheme is a “balanced” power scheme, but there is also a performance power scheme and a power saving power scheme. Each power scheme can be further customized by the user. It is an easy thing to change the power scheme you are using by selecting it through the battery icon in the task tray.

Second, John D also discussed network settings, and in particular focused on how to toggle Vista’s Wi-Fi setting between public and private networks and how this toggle affects the Vista firewall and network share settings. If you are using your laptop in an airport, coffee house, or public library and have Wi-Fi connectivity turned on, then you definitely want to toggle your Wi-Fi setting to public to tighten up your firewall and disable file and folder sharing. Changing your Wi-Fi security level in Vista is easily accomplished by accessing the setting through the network connectivity indicator in the task tray.

One issue that arose during the October meeting and again during the November meeting was the constant high (40 to 45%) CPU usage by Vista on my MacBook. Following on the heels of the October meeting I discovered that the SysInternals Process Explorer showed information that Windows Task Manager did not, namely high CPU activity related to hardware interrupts. This problem again occurred during the November meeting. I’m of the opinion this occurs as a result of the dual monitor display mode I use during the meeting, but I have no way to prove it. The problem doesn’t occur when I’m at home and the only significant difference during the meeting is the dual monitor operating mode.

For more info about the SysInternals Process Explorer, go to this link:

http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

Advanced Meeting Program: No activity – no report.

Miss The Meeting? NOTE: Recordings of the meetings (made and edited for the web by John M) are online for you to download and listen to. Go to our web site:

http://mlcug.org/

and scroll a bit down the page to locate the Audio Archives. The audio is accessible from the web site as MP3 files. You can download and listen to them as you choose!

--------------------------------------------------------

WPA WI-FI SECURITY CRACKED

Did you know that both WEP and WPA wireless security are susceptible to attack? You should now be using WPA2. Did you know that most wireless devices have security turned off by default? Did you know that Verizon supplied wireless routers come with WEP security enabled by default? You should check the security settings of all your wireless devices and configure them for WPA2 if all devices will support it. If one of them doesn’t support WPA2, you should consider upgrading to a replacement that does. Until all your Wi-Fi devices support WPA2, you will be relegated to using the vulnerable security of either WEP or WPA. Some security is better than no security at all as it will keep less knowledgeable people off your Wi-Fi network.

WPA Cracked - What It Means Thursday November 13, 2008

Source: http://blogs.pcmag.com/securitywatch/2008/11/wpa_cracked_what_it_means.php

Researchers at a security conference this week announced a new form of attack against WPA (Wi-Fi Protected Access), a popular form of security for wireless networks. The attack is not a complete compromise and not reason to panic, but it does bode ill for wireless hardware that's not particularly recent. The attacks may get more sophisticated over time.

It's well-known that the original security mechanism for Wi-Fi, known as WEP (Wired Equivalent Privacy), is trivially breakable. When this became known, the industry cobbled [thanks Randall -LJS] together WPA as a stopgap standard while work proceeded on the 802.11i standard, in which everyone had a lot more confidence.

WPA employed a modified version of WEP called TKIP (Temporal Key Integrity Protocol), which defeated all the known attacks against WEP, but which was designed to work on hardware that supported WEP. Later on, when 802.11i was in final form it was released as WPA2, employing the much more secure AES (Advanced Encryption Standard) and other improvements, and requires new hardware support, as opposed to just a firmware upgrade.

The new attack is against WPA, also known as WPA1, and specifically against TKIP. It does not allow an attacker to read encrypted data on the network, but it does allow him, after 12 to 15 minutes of access and analysis, to decrypt certain network control messages (ARP requests and responses), and to send 7 packets with custom content to the network. This could, in theory, allow him to compromise the network.

WPA2 with AES is not vulnerable to this attack. Wireless hardware with WPA2 and AES has been available for some time now and has been considered best practice, at least in business environments, but not urgently so. Probably the large majority of wireless routers and adapters in consumer and small business installations today do not support WPA2. Even for those that do, many, if not most, default to TKIP instead of AES because the more widespread support of it makes it more likely that the configuration will work. A few, such as the Apple Airport, default to using AES, and Windows Vista will attempt to use it too, but most wireless hardware will attempt to use TKIP first.

This attack is not an easy one to commit. It requires some analysis time, so you can't do it in a drive-by. Someone physically nearby, a neighbor perhaps, could commit it, but at this point it has to be considered one of those things where they have easier ways to compromise your network if they want to. In the future you should make sure to buy only wireless hardware that supports WPA2/AES and look into moving your network to it, but there's no particular reason to panic.

A business is different, especially if sensitive data traverses the network. For you, the migration to WPA/AES just became a more urgent matter, even if you have other security issues which are more pressing. Make a note that this needs to be dealt with.

--------------------------------------------------------

DIRECTIONS FOR ST. AUGUSTINE CENTER MEETING ROOM Meetings are in the St. Augustine Center at Villanova University. The regular monthly sessions meet in Room 110.

Enter from the ITHAN AVENUE main gate, then proceed to the upper level of the 2-level parking building adjacent to the St. Augustine Center, on the Ithan Avenue side of the building. NOTE: maps on our web page - http://micug.org/

 MLCUG Meetings 2008      Steering Committee Meetings
    December 13			December 17
    January 10			January 14
    February 14			February 18
EDITOR: Emil J. Volcheck, Jr. 1046 General Allen Lane West Chester, PA 19382-8030 ACTING EDITOR: John W. Deker, Jr. 2210 Lantern Lane Lafayette Hill, PA 19444-2211 Produced with PowerSpec 8922a: 2.6GHz Pentium 4, 3GB RAM, 640GB HD cap, Brother HL-5250DN laser printer, CD-RW/DVD±R/RW drives, Windows XP Home OS, MS Office XP, Ghostscript 8.54 & Bullzip PDF Printer software

MLCUG LISTSERV: for members only... OUR WEB PAGE: http://mlcug.org/ PUBLICITY: Position OPEN! VILLANOVA SPONSOR: Prof. Frank Maloney, Dept. of Astronomy

MLCUG STEERING COMMITTEE;

PRESIDENT: Emil Volcheck 	610-793-5156	
TREASURER: John Deker 		610-828-7897	
WEBMASTER: Peter Whinnery 	610-284-5234	
AT LARGE:  Tom Johnson		610-896-2434	
SECRETARY: Position open
DATABASE: Layton Fireng		610-688-2080
AT LARGE: Al Gottlieb		215-793-9725
AT LARGE: John Murphy		610-935-4398