Packet Sniffing

A network sniffer, or packet sniffer, is an application that captures all traffic traveling past a network interface attached to some network. Packet sniffing is useful for network troubleshooting and software developers; however, it can also be used to eavesdrop on unencrypted traffic (unencrypted email, Web packets, IM, and more).

When people communicate via IM, they do not realize their communication is probably hopping around numerous times through various networks and routers. On any network segment along this path, someone can use a packet-sniffing tool to intercept such communications. However, scanning through a large number of packets to extract something useful is very difficult. Thus, attackers also employ communication filters, software to detect and identify specific types of communication currently underway.

When attackers get access to some wire, they attach a network device to that network segment. Next, they install a communication filter to capture packets that contain specific strings or patterns, such as the "password" keyword. If a pattern in the filter matches traffic from the wire, that packet is recorded for subsequent analysis.

Flat, unswitched local area networks are particularly vulnerable to sniffing attacks because every packet traveling between two hosts is broadcast to all nodes on the network segments to which each host belongs. Thus, a sniffing device or program could be connected to any port or installed on any machine on the same segment. A few years ago, switching technology became sufficiently inexpensive to be widely accepted as a standard LAN building block. In many installations, switches replaced broadcast hubs and were used to micro-segment LANs into numerous virtual segments. Switches also establish point-to-point channels between pairs of hosts as they initiate conversations. This alleviates the problem of sniffing but does not eliminate it completely (especially if attackers can access the switch itself).

In the real world it is at least difficult, if not impossible, to gain access to ISP facilities and install sniffers there. Therefore, the biggest source of sniffing threats stems from LANs and public facilities. Cable modem technology is particularly prone to sniffing-based attacks, because all users on a cable segment can see (and therefore sniff) all traffic on that segment. Companies or organizations that support remote access for cable modem-based users should definitely use more secure implementation, preferably those based on IPSec.

Because so much information used in popular messaging software now takes the XML format using the HTTP protocol, traffic vulnerability to sniffing is actually on the rise. The latest trend is to convert everything to XML formats. Unfortunately, this also means that using HTTP without SSL or TLS is tantamount to sending information in clear text from the hacker's perspective. This explains why sniffer attacks are both insidious and potentially very dangerous because they can decode and reveal lots of sensitive information.

To prevent information leaks, you can't rely on communication programs that use no encryption mechanisms; you must use IPSec or VPN solutions to secure communications both on the local network and for all remote access. If IM services are deployed for business purposes, use applications similar to Microsoft Exchange Server 2000, which enables you to operate your own IM server that might or might not interact with the rest of the world. As a matter of security policy and user education, users should also be coached on which types of communication and file transfer are appropriate using IM outside organizational boundaries—if indeed such use is permitted at all.

Using Caution with Email Attachments

Why can email attachments be dangerous?

Some of the characteristics that make email attachments convenient and popular are also the ones that make them a common tool for attackers:

• Email is easily circulated - Forwarding email is so simple that viruses can quickly infect many machines. Most viruses don't even require users to forward the email—they scan a users' computer for email addresses and automatically send the infected message to all of the addresses they find. Attackers take advantage of the reality that most users will automatically trust and open any message that comes from someone they know.


• Email programs try to address all users' needs - Almost any type of file can be attached to an email message, so attackers have more freedom with the types of viruses they can send.


• Email programs offer many "user-friendly" features - Some email programs have the option to automatically download email attachments, which immediately exposes your computer to any viruses within the attachments.

What steps can you take to protect yourself and others in your address book?

Be wary of unsolicited attachments, even from people you know - Just because an email message looks like it came from your mom, grandma, or boss doesn't mean that it did. Many viruses can "spoof" the return address, making it look like the message came from someone else. If you can, check with the person who supposedly sent the message to make sure it's legitimate before opening any attachments. This includes email messages that appear to be from your ISP or software vendor and claim to include patches or anti-virus software. ISPs and software vendors do not send patches or software in email.
Save and scan any attachments before opening them - If you have to open an attachment before you can verify the source, take the following steps:

• Be sure the signatures in your anti-virus software are up to date.


• Save the file to your computer or a disk


• Manually scan the file using your anti-virus software


• Open the file

Turn off the option to automatically download attachments - To simplify the process of reading email, many email programs offer the feature to automatically download attachments. Check your settings to see if your software offers the option, and make sure to disable it.
Consider additional security practices - You may be able to filter certain types of attachments through your email software or a firewall.

Excel 2007and Excel Services 2007 involving calculation

Excel 2007and Excel Services 2007 involving calculation of numbers around 65,535.This issue was introduced when we were making changes to the Excel calculation logic in the Office 2007 time frame.  Specifically, Excel incorrectly displays the result of a calculation in 12 very specific cases (outlined below).  The key here is that the issue is actually not in the calculation itself (the result of the calculation stored in Excel’s memory is correct), but only in the result that is shown in the sheet.  Said another way, =850*77.1 will display an incorrect value, but if you then multiply the result by 2, you will get the correct answer (i.e. if A1 contains “=850*77.1”, and A2 contains “=A1*2”, A2 will return the correct answer of 131,070).

So what, specifically, are the values that cause this display problem?  Of the 9.214*10^18 different floating point numbers (floating point) that Excel 2007 can store, there are 6 floating point numbers (using binary representation) between 65534.99999999995 and 65535, and 6 between 65535.99999999995 and 65536 that cause this problem.  You can’t actually enter these numbers into Excel directly (since Excel will round to 15 digits on entry), but any calculation returning one of those results will display this issue if the results of the calculation are displayed in a cell.  All other calculation results are not affected.

fixes for this issue in Excel 2007 and Excel Services 2007 are available for download from the following locations:

Excel 2007: http://download.microsoft.com/download/6/1/3/61343075-aa12-4152-a761-fccc16d6cef4/office-kb943075-fullfile-x86-glb.exe
64-bit Excel Services 2007: http://download.microsoft.com/download/c/d/c/cdcccd84-86cd-4199-b01c-1df2dac66534/office-kb943076-fullfile-x64-glb.exe
32-bit Excel Services 2007: http://download.microsoft.com/download/c/d/c/cdcccd84-86cd-4199-b01c-1df2dac66534/office-kb943076-fullfile-x86-glb.exe

KB Articles have been posted as well:

Excel 2007: http://support.microsoft.com/default.aspx/kb/943075/
Excel Services 2007: http://support.microsoft.com/default.aspx/kb/943076

Registry Clean Expert: Fix&Backup registry

The Windows registry is a database repository for information about a computer's configuration. The registry keep growing when you use Windows. As it does so, it attracts obsolete and unnecessary information, and gradually becomes cluttered and fragmented. With the growing of the registry, it can degrade the performance of the whole system and cause many weird software problems.

Registry Clean Expert scans the Windows registry and finds incorrect or obsolete information in the registry. By fixing these obsolete information in Windows registry, your system will run faster and error free. The backup/restore function of the tool let you backup your whole Windows Registry so you can use it to restore the registry to the current status in case you encounter some system failure. Besides above, the startup and BHO organizer feature let you manage your startup and IE BHO items with ease, and you can control the programs started with Windows and IE more handy with this feature!

In short, Registry Clean Expert help you get rid of the bloat in Windows registry and achieve a cleaner, faster system..

Feature highlights include:

• Scan Windows registry and find incorrect or obsolete information in the registry.


• Fix the obsolete information in Windows registry with this Registry Cleaner and boost your Windows performance.


• Make backups for Windows Registry.


• Restore Windows Registry from previous backup.


• Manage the programs started when Windows starts up with the Startup Organizer.


• Manage the IE BHOs with BHO organizer.


• Remove Spyware, Adware and Trojan hidden in your startup items and BHOs.


• Registry Compact and Registry Defrag.


• Built-in Tracks Eraser for privacy protection.


• A user-friendly interface makes it easy for anyone to use Registry Clean Expert.