Thursday, September 28, 2017

The Daily WTF: News Roundup: EquiTF

No comments:
News Roundup: EquiTF
by Remy Porter in News Roundup on 2017-09-28

We generally don’t do news roundups when yet another major company gets hacked and leaks personally compromising data about the public. We know that “big company hacked” isn’t news, it’s a Tuesday. So the Equifax hack didn’t seem like something worth spending any time to write an article about.

But then new things kept coming out. It got worse. And worse. And worse. It’s like if a dumpster caught on fire, but then the fire itself also caught on fire.

Wow! What a total mess! Getting hacked to death is bad enough, but not installing patches for known security vulnerabilities (even after having been hacked once before), hiding the hack from the press, and then dumping stock just before it becomes public borders on being criminally insane.

Thursday, August 24, 2017

Dry Bones: Left and Right

No comments:

Left and Right
Yaakov Kirschen. Thursday, August 24, 2017

A really close friend from America was visiting us and saw this cartoon. He's politically savvy, sharp, and intelligent, but his reaction to the cartoon shocked me. He was unaware of the antisemitism of the left. He'd never heard of the violent antifa movement, and he was ignorant of the antisemitism of the Black Lives Matter organization. Most of his information comes from Main Stream Media and he's been guided by the politically correct stance of American Jewish groups.

I took the opportunity to sell him a copy of my brand-new Dry Bones anthology "Dry Bones Cartoons Fight Back." That led me to think that maybe I should be selling YOU a copy(either for you or for you to pass on to a similarly uninformed friend).

The book is on sale at Amazon http://amazon.com/author/kirschen where, in addition to the (over sized) anthology there's a Kindle copy (and a bookshelf of other Dry Bones books). And if you buy a copy PLEASE leave a review. It would be really helpful.

I normally don't like to repost someone's entire blog post, since I don't want to take traffic away from their site, but I think Mr. Kirschen's text makes an extremely important point. I'm including his plug for his new book in the hope that those people who don't click through to the original article will at least have an opportunity to support the author by buying one or more of his books.

Wednesday, August 23, 2017

ZDNet: AccuWeather caught sending user location data, even when location sharing is off

No comments:
AccuWeather caught sending user location data, even when location sharing is off
By Zack Whittaker for Zero Day.

Popular weather app AccuWeather has been caught sending geolocation data to a third-party data monetization firm, even when the user has switched off location sharing.

AccuWeather is one of the most popular weather apps in Apple's app store, with a near perfect four-star rating and millions of downloads to its name. But what the app doesn't say is that it sends sensitive data to a firm designed to monetize user locations without users' explicit permission.

Security researcher Will Strafach intercepted the traffic from an iPhone running the latest version of AccuWeather and its servers and found that even when the app didn't have permission to access the device's precise location, the app would send the Wi-Fi router name and its unique MAC address to the servers of data monetization firm Reveal Mobile every few hours. That data can be correlated with public data to reveal an approximate location of a user's device.

We independently verified the findings, and were able to geolocate an AccuWeather-running iPhone in our New York office within just a few meters, using nothing more than the Wi-Fi router's MAC address and public data.

Shameful. I really like the AccuWeather app, but after reading this, it's gone. I'll be looking for some other app to get my weather reports now.

Sunday, August 20, 2017

Giving an old Mac a new lease on life

No comments:
Update: August 24, 2017: Added section about enabling TRIM

This weekend, I upgraded my daughter's 2011 MacBook Air with a new SSD and battery and gave it a new lease on life. Although this computer is six years old, it still has no problem handling all the tasks she uses it for: web surfing, photos, Microsoft Office, music, YouTube and other related tasks. But after all this time, the 120G SSD is getting full and the battery only lasts about an hour on a full charge. The computer was also running a pretty old version of macOS - 10.7 ("Lion") was released in 2011 and hasn't seen an update since 2012. Because of this, several other key applications, including Firefox and Chrome were also old and out of date, and were in need of upgrades.

Thursday, July 20, 2017

Washington Free Beacon: U.S. Navy Tests World’s First Laser Weapons System

No comments:

U.S. Navy Tests World’s First Laser Weapons System
By: Jack Heretik,

The U.S. Navy recently tested the world's first-ever active laser weapons system, which is now deployed and ready for war.

The Laser Weapons System, or LaWS, is now deployed aboard the USS Ponce amphibious transport ship, where CNN was able to witness the system destroy a drone in flight and moving targets on the Persian Gulf.
...
Its cost per use is also quite impressive for such a revolutionary new weapon: approximately $1 per shot. The $40 million system requires electrical power and a three-man team.

The LaWS is also extremely accurate. The system can target a single component of an enemy target, such as a boat's engine, and make it catch fire so that the entire vessel does not have to be destroyed and the Navy can avoid collateral damage.

Wow. This is a game-changer weapon.

Sci-fi stories have been describing beam weapons for over 50 years and now we have a real one deployed and in use by the US Navy.

Tuesday, July 18, 2017

Windows 10 disables ATA Secure Erase

No comments:
h/t MacInTouch

For those who aren't seriously into computer technology, there are technological issues with erasing an SSD.

With a hard drive, you can use all kinds of standard disk-erase utilities to write zeros to every block. If you're paranoid about leaving magnetic after-images, there are various algorithms for writing various patterns designed to obscure any magnetic residue of old files. They take a long time, but are generally considered secure enough for all but the most sensitive data (which should only be "erased" via physical destruction of the drive.)

With an SSD, however, erasure by overwriting new data is not effective. Tehnologies like wear leveling, garbage collection and TRIM make it difficult or impossible to know if data has truly been erased. Writing zeros to a logical block of data does not necessarily overwrite the flash memory containing the old data - it is more likely that the flash memory will be marked as "garbage" for collection (which will truly erase it) at some non-deterministic time in the future. That time might be quickly, or it might not be for days or even months, depending on the SSD controller's algorithm and the drive's usage pattern.

Mind you, this "garbage" data is not accessible using any software-accessible interface (SATA, SCSI, USB, etc.) The only way to read garbage data is to install special firmware into the SSD controller or to physically remove the chips. But both options are possible for someone willing to pay a data recovery company or some other similarly capable forensics lab.

Which is where the ATA secure erase command comes into play. The ATA specification (at the heart of all ATA and SATA devices) includes a command for explicitly and securely erasing a device. When supported on an SSD, it performs a flash-level erase on every single block, ensuring that no data will be available to recover.

And now, with this background material in mind, the linked MacInTouch posting now make sense. It would appear that the act of installing Windows 8 or 10 on an SSD involves writing some data to the drive that disables the secure erase command. Why they do this may be an interesting topic for discussion, but doesn't really matter if you've got a retired drive that you want to erase.

To get around this problem, you need to get a copy of the SSD manufacturer's drive utility. You can use this utility to reset the SSD's firmware, which will re-enable the secure erase command. Unfortunately, in order for this to work, you need the drive's PSID code - this is a secure ID designed to prevent malware from bypassing security features. Fortunately, most SSDs print the PSID on the drive's label. Unfortunately, if your label is removed or damaged, you may not be able to read it and there is usually no other way to get this number.

I suppose the important lesson here is that when you install a new SSD into a computer, photograph the cover to make a record of the PSID number. If you are concerned that a hacker might get this image, print a few copies and store them in a secure location (like a file cabinet) and then erase the image file.

If all this seems like too much, there's another alternative - use whole-drive disk encryption before you copy any data to the SSD. Later on, when it's time to retire the SSD, blow away the decryption key. A simple drive-erase (without decrypting it) will do it just fine. Or if you want to make it even simpler, change the drive's password to a long string of gibberish characters (30-50 characters should do nicely) and promptly forget what they are. Anybody who gets the drive in the future will not be able to access the data without this string, and it is highly unlikely that they will ever be able to provide it. Of course, you can also delete all the files and empty-trash before changing the string, to provide an additional level of protection.

Finally, you might want to encrypt the drive anyway. This way you will be protected in case the drive controller fails, since you won't be able to perform any kind of secure erase operation at that point, but your encrypted data will not be recoverable through forensic analysis without the decryption key.

Monday, July 17, 2017

MIT: Tinfoil hats make it easier for the government to scan your brain

No comments:
Study on the effect of tinfoil hats on blocking mind control satellites

In February 2005, some CSAIL graduate students "Published" a paper on the effect of tinfoil hats on blocking mind control satellites. They measured the attenuation of radio signals as a function of frequency and determined that certain frequencies which are reserved for government use are actually amplified by the tinfoil hats. Clearly the government must have started the tinfoil hat craze so it could more effectively spy on its citizens.

A full account of this experiment can be found here

Yes, this is a joke.

The interesting (and not necessarily funny) part is that one of the bands that are amplified (2.6GHz) is used by cell phones. If you are worried about cell phone radiation causing brain tumors, then you should probably avoid wearing any aluminum foil headgear.

Friday, July 14, 2017

War on "Medicad"?

No comments:

h/t Washington Free Beacon.

Apparently one of the "cost-effective ways for us to continue access to health care" is to slash by 50% spending on use of the letter "i" in promotional materials.

Wednesday, July 05, 2017

Washington Free Beacon: New York Times Falls for Parody North Korea Twitter Account

No comments:
New York Times Falls for Parody North Korea Twitter Account
BY: Alex Griswold.

The New York Times reported Tuesday that a statement from a parody North Korea Twitter account was an actual statement from the North Korean government.

The Times story on a joint military exercise between the United States and South Korea noted that "the North Korean government belittled the joint exercise as ‘demonstrating near total ignorance of ballistic science.'"

But that statement came from the parody @DPRK_News account, in what was evidently a satirical tweet.

I know this isn't the first time, and it won't be the last, but it seems significant to me. If the Times can't be bothered to fact-check something as trivial as this (to make sure a tweet claiming to be from the North Korean government actually is from them) then how can they be trusted with any other "facts" they report?

Tuesday, July 04, 2017

$70 hackintosh outperforms new laptop

No comments:

Snazzy Labs builds a $70 hackintosh—or, as he calls it, crapintosh—computer for those who want a super tight budget PC build. Can a $70 hackintosh be any good? Can a cheap hackintosh outbench a MacBook Pro? Do Apple's iMac, MacBook Pro, and Mac Pro blow this 5-year-old computer into outer space or does the hackintosh give it a run for its money?

Fascinating. Scrounge used parts (government surplus, Craigslist, etc.) to assemble a PC for $70, hack macOS 10.12 "Sierra" onto it and find that it outperforms Apple's low-end laptops and is surprisingly good at just about everything other than high-end gaming.

Now, clearly, the pricing is not realistic. Used and surplus equipment is cheap because the seller's goal is to get rid of it, not to make a profit. And it is sold as-is with no warranty, support or anything else. A company like Apple selling new equipment with the same specs would have to charge a lot more, but it is still a fascinating experiment nonetheless.

Actually, it sounds like a fun hobby project for me if I can clear out some space in my office :-)