I recently purchased BFBC2 on steam because it was on sale for under $10 and prepared to run the game through its paces. The game loaded up perfectly fine, though I had to deal with the normal first initialization by steam: installing directx and punkbuster. Once in the game I decided to test the multi-player functionality so that I could configure my firewall and router settings if necessary (something I always do with a new game or program so I don’t have to deal with it later). Quickly finding that I was unable to connect, I began the usual trawl through forums and guides searching for different causes. I opened ports, ran a port sniffer so I could see what BF was trying to connect with, and added the game to the trusted group in my firewall, all to no avail. The internet posted a multitude of “solutions” mostly following illogical troubleshooting steps. Finally I came across a youtube video that described my problem and proposed a solution that appeared verifiable by several other users. I decided to do as instructed, and not so surprisingly, it worked! I have yet to actually play any multiplayer games, but I have enabled access to EA’s servers.

Okay now to the problem and solution. This guide is written for Vista/Windows 7

If you have properly setup your firewall and allowed access to the correct ports shown below, but are receive an error trying to even connect to the EA servers ingame, then the next step to determine if this solution is right for you is to go to: https://profile.ea.com. If you cannot load the page then continue reading, otherwise this solution may not solve your problems.

18390 TCP Outgoing
18395 TCP Outgoing
18395 UDP Outgoing
13505 TCP Outgoing
80 TCP Outgoing

So you can’t access the EA profile page.

What you are going to need to do next is alter a system setting so make a system restore beforehand, incase something gets messed up.

Disable ECN

After the sys restore is complete, run CMD as an administrator by typing cmd in the start menu search box then right-clicking on CMD on click run as administrator. Once there you will need to type “netsh int tcp set global ecncapability=disabled” without the quotes of course. The command will run and displays “OK” when complete.

Needs Admin Elevation

That’s it. Now try loading https://profile.ea.com again and see if it loads correctly. If so, try logging in-game. The game should work from there, if not, then perhaps there is a problem with the servers.

Here’s the less verbose walkthrough version:

1. Try to load https://profile.ea.com if fails continued to step 2.
2. Run CMD in administrator mode.
3. Type netsh int tcp set global ecncapability=disabled
4. Hit enter and wait to see an OK
5. Try to load https://profile.ea.com if works proceed to next step otherwise check the command you typed in step 3.
6. Login in-game.
7. ???
8. Profit

As far as my research has led me to believe there are no inherent security risks to disabling this feature, just perhaps a slight degradation in large file downloads, but for the most part unlikely. If you want the benefits of ECN then you can write a batch file to disable it when you play Battlefield and then another to re-enable after playing. However, ECN only works where both peers or client and server both are utilizing ECN. It is not clear from what I found so far who utilizes this feature, so I do not know what impact you will see.

Thanks to: http://www.youtube.com/watch?v=j6-PEnLBb2s

who got it from: http://www.battlefieldheroes.com/en/forum/showthread.php?tid=41186&pid=359519#pid359519

here’s additional information on the feature we are disabling: http://en.wikipedia.org/wiki/Explicit_Congestion_Notification

The internet has been a in a frenzy over Firesheep this last week, and for good reason. This tiny little firefox add-on makes session-hijacking (side-jacking) available to the masses from the script kiddies, to the trouble-making high schoolers, and adventurous college students. Strike that. Anyone with firefox can now wreak havoc.

So what is Firesheep and why might it be the best thing that has happened in terms of security?

To put it simply, firesheep is merely a firefox add-on that allows anyone who has it installed on a mac (for windows users you need to install WinPcap first) to instantly login onto someone’s twitter / facebook and a few other sites that are supported.

The way it does this is something called session hijacking which exploits the way these sites handle their secure logins. In order to protect your user credentials, facebook uses https through SSL/TLS in order to encrypt your password so that after you fill out the login form and click login, your password isn’t just sent out as text across the internet. Which, if it did, means that someone could “sniff” those packets and steal your password.

This is the first step in security and most, if not, all sites should be using this. Especially popular sites or sites that do banking or commerce.

Where this falls short, however lies in how the site recognizes who you are after you login. The website creates a cookie on your computer with an assigned key so that as long as you have it, the website knows that you are connected and logged in from your computer. The problem is, that this cookie is NOT encrypted, and all traffic to these sites afterward is done in the clear, through http.

Session hijacking grabs this cookie and basically uses it to access the website. With that credential, the site assumes that it is the original user and you instantly have complete access to the account. This is what firesheep does, now written into a nice gui application that anyone can install and utilize.

Surprisingly for many, this issue is nothing new. As early as 2003 the issue was mentioned and basically ignored. Hackers have used this technique for some time now with a lot of success. What firesheep has done, quite well in my opinion, has brought to light the large security flaw that is inherent in most websites today.

Steve Gibson of grc and the “Security Now!” podcast is understandably excited about this plugin. It takes a lot to motivate companies to change, and when user security/privacy is involved it is definitely an important issue. Because this tool brings the vulnerability to light and places it in the hands of even the most uneducated of users, it will help push these companies to change their security policies.

So when and where are you vulnerable? For the home user you will usually be safe from this particular exploit. The ones most affected are those who use open wifi such as unprotected WiFi hotspots like Starbucks. Also, users of WEP enabled networks can be attacked by other users on the SAME WEP network as seen in tests by Derek Schauland and posted on Tech Republic. WPA and WPA2 users remain safe, and I want to remind anyone reading that WPA/WPA2 encryption is the minimum you can do to secure your network. In fact it should be required.

Now that you have been sufficiently scared by the implications of all this, what can you do to protect yourself?

The best thing to do is to NOT use unsecured wireless networks such as at Starbucks or any other free wifi spot that does not password protect their networks. If you absolutely need to use WiFi at Starbucks, there are three measures you can take to protect yourself.

1. Setup a secure VPN (Virtual Private Network) that you can connect to which
   

   Lock your WiFi with WPA/WPA2

   will act as a secure proxy from you to the internet. There are numerous guides on the internet on how to setup one, and perhaps I will one day write an article on that. But it requires another computer for you to connect to, usually a server, but can be your home computer, or even your home router if it supports it (utilizing dd-wrt firmware can give you that option on supported routers).

2. You can setup remote desktop using LogMeIn’s remote tool. Their connection is secured by SSL. This will require you using a computer at home with the LogMeIn tool installed.
3. Use “HTTPS Everywhere” which is a firefox plugin that will force sites to use https the entire session. The one caveat, the site must be configured to use https or it will not work. Fortunately most large sites should work.

These three tips apply to both Open and WEP secured networks.

So, what needs to be done? The large social sites, as well as large e-commerce sites, should enforce complete https sessions while logged in to protect user’s security. There have been complaints that this would create too much overhead and cost more money and energy. However, google did this very thing with gmail with no additional machines.

One problem with google though. If you sign in via gmail through https, then start using google.com, you are no longer secured by https and thus can be exposed to session hijacking.

What WiFi hotspot operators need to do: Secure your networks with the minimum of WPA and preferably WPA2! This is the best thing any network admin can do. Even with a shared password WPA/WPA2 users will be more protected and will be completely protected from this iteration of Firesheep.

Well that was a long post. To re-iterate.

Firesheep makes hacking easier.
Open networks = BAD
WEP networks = just as bad
WPA/WPA2 = better
https = best

Finally, I will point out that the real hackers will be able to use workarounds to some of the things I mentioned, but at the very least it raises the bar in terms of protecting you and your connection.

References:
WinPcap
Firesheep
Security Now! with Steve Gibson – Firestorm
Security Now! with Steve Gibson -  Listener Feedback & Firestorm
Tech Republic
Session Hijacking @ Wikipedia
HTTPS Everywhere

At work I’m running as an unprivileged user on a Windows Domain. This means I don’t have the full admin access I’m used to, but due to my recent complaints I have been given slightly more access. As usual I like to explore the limits of security and develop workarounds for my limited access.

Because of the admin lockout I was unable to install firefox, which I wanted to use because the local copy of internet explorer 8 would often freeze when encountering flash objects that caused it to cough. Eventually I caved and downloaded the client, asking the boss to install it with his credentials. He told me to run it until it asked for credentials then he would come by and enter them.

I ran it, then because I wanted to see what I could do, hit no, on the user elevation prompt. Bing! I was able to install firefox. I was a little confused but assumed that it must be under a specified list of approved software that was stored on the network.

I moved on. To my surprise I found I had the ability to add add-ons to my copy of firefox. I decided to add firesheep which is a useful tool for session hi-jacking. (I will write on firesheep and countermeasures later) Being a non-official firefox add-on I couldn’t just download it from the add-on manager. Going to the site I downloaded the xpl file.

Now as the file type wasn’t set for this file I couldn’t just load it straight into firefox and I got the open with dialogue.

Not knowing where firefox was I tried to figure out where the process was located. I dived into the cmd prompt utilizing the wmic command to export a list of the processes. Voilla! I had the filepath to where firefox was and I could install the plugin.

Sadly enough, I forgot about the simple task manager view. You can change the columns to add the Command line column which will also list the path, but if group policy won’t allow access to task manager then maybe you can use the command line.

There is another command line you can use, tasklist, however it doesn’t display the working path of the file.

WMIC from CMD