Now they are coming for your dd-wrt

Subject: General Tech | August 31, 2015 - 04:48 PM |
Tagged: idiots, dd-wrt, wireless router

In the next installment of poorly planned out moves by a US government agency attempting to solve a problem that does not exist, we shall see an attempt to make illegal the modification of the firmware any device which contains an radio.  This is likely to prevent you from using open source software to modify your wireless router into a death ray which will allow you to take over the planet. 

Specifically, it will make illegal the modification of any device which can broadcast on U-NII bands which happen to include the 5GHz bandwidth that WiFi broadcasts on.  While most firmware changes, such as dd-wrt only change the processor the routers are SoC's which means that the radio is technically a part of the same device as what you modify when applying custom firmware.  Hack a Day has links to the FCC proposal, you might want to consider emailing your congress critters about it.

ddwrt-alt-logo-large.jpg

"Because of the economics of cheap routers, nearly every router is designed around a System on Chip – a CPU and radio in a single package. Banning the modification of one inevitably bans the modification of the other, and eliminates the possibility of installing proven Open Source firmware on any device."

Here is some more Tech News from around the web:

Tech Talk

 

Source: Hack a Day

What if a server OS died and no one cared

Subject: General Tech | July 10, 2015 - 12:41 PM |
Tagged: server 2003, microsoft, idiots, EoL

In a lack of foresight that will not take anyone working professionally in IT by surprise, 70% of business are ignoring the fact that Windows Server 2003 hits EoL next Tuesday.  The belief that what your clients don't know won't hurt them is endemic in the business world and this is yet more proof of that philosophy.  Most businesses sign agreements guaranteeing their clients data will be stored securely and using an unsupported OS over a decade old stretches the definition of secure storage far beyond the breaking point.  Your bank, your payroll company, your government, even your ISP and telephone provider are all likely to be guilty of this and you should be aware of that.  It does not mean that there will be a sudden outbreak of attacks next week, instead it will be a slow rise in the number of security breaches and leaks as more and more exploits are discovered and never patched.  The Inquirer does not have the numbers on how many companies are taking Microsoft's offer of support for Server 2003 beyond Tuesday for $600 per server but you can bet that the uptake is a tiny percentage of the 70%.   Much like the proverbial frog, people will not notice the slow rise in security breaches until the damage is already irreversible.

7wye3.gif

"WE'RE AT T-MINUS four days and counting, and a new survey suggests that as many as 70 percent of businesses are going to miss the deadline for upgrading from Windows Server 2003."

Here is some more Tech News from around the web:

Tech Talk

 

Source: The Register

Roll over Superfish, PrivDog is just as bad but doesn't come directly from Comodo

Subject: General Tech | February 25, 2015 - 12:36 PM |
Tagged: SSL, security, PrivDog, idiots, fud, Comodo

This has been a bad week for the secure socket layer and the news just keeps getting worse.  Comodo provides around one out of every three SSL certs currently in use as they have, until now, had a stirling reputation and were a trusted provider.  It turns out that this reputation may not be deserved seeing as how their Internet Security 2014 product ships with an application called Adtrustmedia PrivDog, which is enabled by default.  Not only does this app install a custom root CA certificate which intercepts connections to websites to be able to insert customized ads like SuperFish does it can also turn invalid HTTPS certificates into valid ones.  That means that an attacker can use PrivDog to spoof your banks SSL cert, redirect you to a fake page and grab your credentials, while all the time your browser reports a valid and secure connection to the site. 

The only good news from The Register's article is that this specific vulnerability is only present in PrivDog versions 3.0.96.0 and 3.0.97.0 and so has limited distribution.  The fact that this indicates the entire SSL certificate model is broken and even those who create the certs to assure your security feel that inserting a man in the middle attack into their software does not contravene their entire reason for existing is incredibly depressing.

Update: The Register's article was originally based on research from Hanno Bock who referred to PrivDog as being distributed by Comodo. Comodo does not distribute the standalone desktop version of PrivDog only the browser extension application which was never vulnerable to the TLS interception.

picarddoublefacepalm.jpg

"The US Department of Homeland Security's cyber-cops have slapped down PrivDog, an SSL tampering tool backed by, er, SSL certificate flogger Comodo.

Comodo, a global SSL authority, boasts a third of the HTTPS cert market, and is already in hot water for shipping PrivDog."

Here is some more Tech News from around the web:

Tech Talk

Source: The Register

Ignorance may be bliss but it will cost you $600 per Server 2003 installation

Subject: General Tech | February 17, 2015 - 12:27 PM |
Tagged: microsoft, server 2003, idiots, EoL

If you ever feel ignored when offering technical advice to executives or anyone ranking above you in your business then this statistic about Server 2003 that The Register quotes will come as no surprise, "47 percent of 1,000 Fortune 500 IT executives had no idea that end-of-life was coming".  Of course this does not signify that they were never told nor that Microsoft obfuscated the EoL date, it shows that they completely ignored the professionals that work for them and warned them.   Now they will have a choice, they can run servers that no longer receive security updates nor support from Microsoft or they can pay $600 per server for a year of extended support, with that amount likely increasing every year.  It does not make business sense to migrate to every new server or client platform that is released but postponing that upgrade for over a decade in the assumption that your supplier will never cut you out is bordering on idiocy.   Just to add to your frustration, none of those supposed IT executives are likely to be fired as a direct result of this poor planning and on the off chance one does leave; the severance they pick up will likely be worth more money than you have made since the release of Server 2003.

pic4.jpg

"MICROSOFT HAS PUT a price on extended support for servers running Windows Server 2003 after it reaches end-of-life this summer."

Here is some more Tech News from around the web:

Tech Talk

Source: The Register

Steam for Linux will teach you the difference between backups and redundancy

Subject: General Tech | January 16, 2015 - 12:45 PM |
Tagged: steam, linux, idiots

If you move the Steam home directory of $STEAMROOT in Linux then you are running the risk of running rm -rf on your user directory, which in the case of this unfortunate person on Slashdot included their attached USB hard drive.  This is rather nasty bug and one which is easily avoidable by the use of proper syntax but unfortunately the command rm -rf "$STEAMROOT/"* contains an unnecessary / and without an error checking facility included if there is no $STEAMROOT directory the command run is rm -rf "/"*.  As it is in your home folder you do not even need to be running as root so for the time being it would be very wise to leave your Steam files in their default location and to realize that anything plugged into your machine is not a true backup until removed from your system.

download-1.jpg

"I launched steam. It did not launch, it offered to let me browse, and still could not find it when I pointed to the new location. Steam crashed. I restarted it. It re-installed itself and everything looked great. Until I looked and saw that steam had apparently deleted everything owned by my user recursively from the root directory. Including my 3tb external drive I back everything up to that was mounted under /media."

Here is some more Tech News from around the web:

Tech Talk

Source: Slashdot

There's one born every minute; the sound quality of different storage medium

Subject: General Tech | January 9, 2015 - 01:22 PM |
Tagged: monster, idiots, audiophile

Believe it or not there is a review out on the interwebs claiming that "'bit-identical' computer audio may well be just as inexplicably inconsistent as analogue."  In other words some hard drives and SSDs will produce better quality audio than others using the exact same audio file.  Two different QNAP NAS devices apparently produced differing audio signals which the writer claims to be able to discern.  Not only that but apparently different HDDs or SSDs inside the NAS also has an effect on the audio flavinoids and topology.  If that is not enough for you then keep reading the link from The Register as they also propose the theory that different types of RAID will change the cromulence of the audio signal as well and while they stop short of describing the audio cables which were used they did stoop so low as to use Belkin CAT6 instead of a product from Monster.  If you believe this and own a mains conditioner for your audio you should definitely let The Register know you are interested in their proposed AudioNAS kickstarter.

PT_Barnum_by_Eisenmann,_1885.jpg

"Is it April already? I really cannot tell from this post, which poses the question: "Is it really possible that the sound quality of bit-identical audio files is influenced by their storage medium before being delivered to the hi-fi system's DAC?"

Here is some more Tech News from around the web:

Tech Talk

Source: The Register

You unspeakable cad! How dare you upset those sensitve marketing types

Subject: General Tech | May 28, 2014 - 02:14 PM |
Tagged: idiots, data privacy

How dare you choose not to use all of those wonderful tools marketers provide you with to share your thoughts and have your purchases and opinions added to their databases so that they can provide you with personalized ads!  If you just email or heavens forbid, share your opinions face to face, you are part of Dark Social and are undermining the social media establishment dominated by Facebook, Twitter, Instagram and Google.  How can you chose to not let your life be dictated by social media but instead share your thoughts off the grid?  Follow the link at The Register to read about this brand new threat to advertisers that involves the use of email and interpersonal relationships instead of easily trackable social media tools.  The next time you want to go on a date you had better Instagram your outfit choice and crowd source your plans for the evening or else you are a part of the problem!

index.jpg

"If you're old enough, you'll remember that if you wanted to tell a friend – or a group of friends – about an interesting link, you'd e-mail them either the whole text or a link to it. Congratulations: courtesy of the reptiles of marketing, you're now lumped into a nasty bunch of users called “dark social”."

Here is some more Tech News from around the web:

Tech Talk

Source: The Register

The mouse continues to explore new copyright territory

Subject: General Tech | December 16, 2013 - 12:37 PM |
Tagged: idiots, DRM, disney

If you bought a collection of Disney movies to keep the kids placated this Christmas, Disney has a great holiday surprise for you. From what we have heard via [H]ard|OCP your Christmas specials are going to disappear from your library and your only *legal* way of watching these specials will be to order Disney TV and schedule your holidays around their chosen broadcast times.  Before you aim all your vitriol at Disney, save a bit for Amazon as they are the providers that have agreed to allow Disney to pull an epic Scrooge move.  When Disney first approached Amazon to be a distributor of their movies and shows Amazon agreed to allow Disney to pull the content whenever they felt like it.  Aren't you glad you paid for those movies and shows now?  Too bad there is no other way to get hold of them during the holidays and stop your children from crying. 

index.jpg

"Disney has decided to pull access to several purchased Christmas videos from Amazon during the holiday season, as the movie studio wants its TV-channel to have the content exclusively. Affected customers have seen their videos disappear from their online libraries, showing once again that not everything you buy is actually yours to keep."

Here is some more Tech News from around the web:

Tech Talk

Source: [H]ard|OCP