Month: December 2011

Making this WPS vulnerability even worse

Dave Farquhar security , ,

If the vulnerability in WPS that I linked and talked about this week wasn’t bad enough, some of the commenters at the always excellent Hackaday found something terrible.

Many vendors use a predictable number as the WPS PIN, and don’t even bother to make it unique on a router-by-router basis. So much for it taking a couple of hours to get into a network. Since some vendors set the PIN to something like 123456789 or 123456780 (how clever), the vulnerability may not even be necessary to get in. Just try some of the known numbers, and chances are you can be on somebody’s network in a matter of minutes.

Read more

Is that file safe?

Dave Farquhar security , ,

So you’ve downloaded this great new piece of free software, but you’re not sure if it’s safe to install. Your antivirus software says it’s not infected, so you can assume it’s safe, right?

Not so fast. Nothing detects everything. Using multiple virus scanners dramatically decreases the chances of something getting through.

Read more

I’m doing my homework

Dave Farquhar Personal

As I continue studying for my CISSP, I’m rebalancing things a little bit. I plan to still post most days (probably weekdays), but until I pass the test, I’m probably going to be posting shorter pieces than I usually do. I don’t know exactly how much time I spend writing every day, but it would be prudent for me to limit myself to 30 minutes or less until I reach my goal. I write fast, but I know I can’t write 1,000 words worth reading in 30 minutes.

Once my life returns to normal, I expect the length and content mix will also.

My buddy Halon-2402

Dave Farquhar security ,
My buddy Halon-2402

Last Updated on August 4, 2017 by Dave Farquhar

Halon-2402 and I have met. Some years ago, I saw an old sign in a computer room. The sign had to be old, because smoking in offices has been banned since the 1980s, and the sign appeared to be hand-lettered in colored permanent marker. It read something like this:

No smoking is allowed. Smoke in this room will cause the release of an expensive gas (Halon) and require its replacement. Absolutely no smoking is allowed!

The sign omitted one relatively significant detail. Not only is (was) Halon-2402 expensive, it will also kill you!

Read more

This is why you disable stuff you don’t think you need

Dave Farquhar security , ,

This is going to sound like gloating, so I’m going to apologize for that right up front. A few weeks ago, I recommended you keep WPS disabled except for brief intervals for convenience. I had no specific reason in mind. Just in case. Just in case, you know, a vulnerability in WPS got discovered.

Well, one got discovered.

Read more

Is Anonymous trying to get a CEO jailed or fined?

Dave Farquhar security ,

The hacking group Anonymous hacked security contractor Stratfor, stealing its customer list including names, addresses, and credit card numbers, which they then used to go on a charity shopping spree.

My former boss’ wife asked him on Facebook what these guys want. And that brought a CISSP question to mind.

Read more

Recovering files from found.000

Dave Farquhar data recovery

Last Updated on April 18, 2017 by Dave Farquhar

Windows stores orphan files in a directory called found.000 with a .chk extension. It’s possible to recover data from those orphans. Here’s how to recover chk files, or recover files from found.000.

Read more

Is overclocking over?

Dave Farquhar Hardware , , ,

Last Updated on July 15, 2017 by Dave Farquhar

Extreme Tech (via Slashdot) asks if overclocking is over. It’s an interesting question. It has a long and colorful history. But maybe it is history.

I have a 4-core machine whose cores can all run at a top speed of over 3 GHz. And it’s a midrange PC at best, these days. The only time I ever push its CPU usage is when I’m encoding video. Web pages that bring a P4-class machine to its knees momentarily bring this PC’s CPU usage to 10%.

Not being a gamer, I haven’t had any reason to overclock in years. In fact, even back in 2000 I was recommending against it. Bad things can happen when you overclock.
Read more

Advice for upgrading from a CRT to an LCD

Dave Farquhar Uncategorized , ,

Like a lot of people are doing these days, my brother- and sister-in-law replaced a CRT TV with an LCD. I helped my brother-in-law hook it up last weekend, and we got it working, but probably could have done things a little bit differently.

A lot of inexpensive LCDs have a limited number of inputs in order to meet a price point, and that’s what we ran into. The LCD had just as many inputs as the TV it replaced, but with some cable shuffling, we would have been able to make the new TV easier to use.
Read more

Message says Firefox is already running when it isn’t

Dave Farquhar Software , ,

Last Updated on November 22, 2016 by Dave Farquhar

Earlier this week, when doing an emergency computer upgrade, Firefox gave me a weird problem. I installed Firefox, then when I tried to launch it, I got the popup dialog box stating that Firefox is already running. When, of course, it wasn’t–I’d just installed it.

There are a couple of helpful articles on Mozilla’s knowledge base.  It didn’t quite solve my problem, but it pointed me in the right direction.
Read more