Here's another entry to my "My 2¢" series where I rant about things I heard on podcasts or read on the web.

Security Now! Episode 154 - Questions and Answers

Let me start, as always, by saying that Security Now! is great podcast that I look forward to listening every week. In episode 154 Steve answers a question to a listeners who says he noticed a virus warning about "Wizmo", Steve's Windows tweaking tool. Steve answers by basically saying that Wizmo is safe and known to trigger false positives by some AV software so the warning can be ignored. That's some bad advice.

While I have no doubt that the Wizmo.exe file compiled by Steve is completely safe, the question is "is the copy of Wizmo.exe the listener downloaded exactly the same as the one Steve compiled?".

I've been stumbling onto blogs that provide "tips" for installing a WiFi network. Unfortunately several of these sites suggest disabling SSID broadcast, enabling MAC address filtering and other terrible suggestions as security tips. This is utter nonsense so I'm going to show you why NOT doing this is a better decision.

Take this analogy. Everyone knows banks have cash. If I take down the "Bank" sign in front of the bank it doesn't make the bank any more secure because bank robbers still know it's a bank. Removing the sign only makes it harder for customers to find. This is analogous to hiding your SSID. It decreases usability for legit users but has no impact on bad guys.

Lets use the bank again but this time the bank has a guard who will only allow entry to people wearing a simple sticker with a valid account number. A robber could watch any customer enter, copy their account number and walk right in. On the other hand, if you forgot your account number you'd have to refer to your statements to look it up. This guard is about as ineffective as MAC address filtering.

This is the first entry to my "My 2¢ (two cents)" series, an open discussion of topics from the web and podcasts.

Security Now! Episode 134

For those who are not familiar with Security Now!, I highly recommend it.  It's a great podcast and I have certainly learned a thing or two but it's not without it's flaws, some of which go uncorrected.  This is one of those uncorrected yet important flaws that I've mentioned to Steve using his feedback form but sadly got no mention on the air...