Category Archives: Security

Windows Firewall

Attended an interesting talk with an engineer from the self-proclaimed leader in Denial of Service protection. I will not mention the company name, but for $50,000 they claim they can solve DoS problems, except single-packet attacks. Not exactly a bargain, even at $10,000, if you still have to worry about the next redbutton.

Appelez-moi fou, but I could not resist the urge to post a translation link. Want to read this this page in French?

TS/SCI information work this morning led me to a handy guide to the US government document classification system. I also started testing the ISCA Certified Tiny Personal Firewall from Tiny Software. It is free and is extremely easy to setup and manage. This sort of tool should be bundled in the next OS release from Microsoft.

Insecure Meeting

While researching news on the Comoros, (the elections are almost here) I read an interesting site that describes Offshore Anjouan as an excellent tax haven for banks and casinos. The same site also advocates buying a second passport and nationality to escape taxes. Ugh.

Afan mentioned the Open H323 Project, which clearly aims to free the H.323 teleconferencing (VoIP) protocol stack and has some excellent backgrounder information on related standards. I also came across this handy PocketGuide to VoIP.

Working with NetMeeting, an H.323 application that runs over IP, I noticed TCP port 1720 is the trigger but it needs all incoming UDP ports 1024 to 65534. Obviously not a well thought out network application. In any case, here is an incomplete reference to ports for popular applications.

There are many serious and well documented security concerns for a NetMeeting call, although you can read Microsoft’s firewall configuration guide and judge for yourself…and I quote: “There are few available products that an organization can implement to securely transport inbound and outbound NetMeeting calls.”

Lariam

Today I was prescribed Lariam as a malaria prophylaxis for my trip. To be honest, I have not been impressed with the doctors in Santa Cruz and was expecting more of the same when I went in for the required “travel consultation”. For example, even though I need the doctor to give me a prescription I would not count on a local doctor to know a potentially adverse reaction from a drug they prescribe. This seemed especially clear to me after my doctor started to struggle with a hefty immunization book. He looked a little worried when he asked what part of Africa I would be in. “Near Madagascar” I replied. His eyes lit up for a moment, but then he lowered his brow and said quietly “oh, I know where that is”.

The Comoros are not in the book, but all of sub-Saharan Africa is listed as the same in terms of malaria; so Lariam is what I was prescribed. I then asked the obligatory side-effects question. He plainly said that he had taken Lariam himself and nothing happened. Then he laughed a little and said “after all, no one knows really what causes Leukemia, right?” I took my prescription and went home.

On the Internet I found more than enough anti-Lariam information to convince me that I should avoid it if possible. Amazingly, there are whole organizations and lawsuits that oppose the use of Lariam. The only good thing about Lariam seems to be that you only need to take one pill a week instead of a daily pill, and I am not sure that is such a good thing. On the other hand, Melarone was approved by the FDA two years ago and is a suitable choice with none of the known side-effects of Lariam.

Fortunately, after a few phone calls, my doctor’s assistant was happy to change my prescription. Unfortunately Lariam would have been approximately US$100, whereas Melarone is US$300 for one month’s dosage. The pharmacist, who happened to be from India, told me that if I am willing to take the obvious risks from medicine outside the US, then I might be better off just buying a few pills here to get me started and the rest when I arrive.

EDITED TO ADD: In fact, when all was said and done, taking local medications turned out to be the right thing to do since they were easily available and supported by local doctors. Malaria is considered by them as normal as a flu with fever might be seen in America. I am happy I chose not to take Lariam.