Pros and cons of RightTrack or SnapShot devices

Insurance companies are starting to offer discounts if you plug one of their devices, often called a RightTrack or SnapShot, into your car’s ODB2 port.

One of my college buddies asked me about them when his insurance company offered his family a 5% discount to plug these into their cars, and then make them eligible for up to another 25%. Those are compelling numbers. So what are the potential drawbacks?

Read more

Cyber security podcasts I listen to

Yesterday, after reading a post in which I cautioned about a popular security podcast, someone asked me what cyber security podcasts I do listen to. I wrote this up a long time ago and never posted it for some reason, so now I’m correcting the oversight. Here’s my collection of the best of the best security podcasts.

These are the security podcasts I’ve been listening to for several years now and continue to recommend. Security podcasts are a good way to keep in touch with current issues, and also a good way to get continuing education.

Read more

Spot phishing e-mails with Outlook

I got e-mail the other day from Turbotax saying someone had filed my taxes for me. Obviously a cause for concern, right? Here’s how I determined the message was fake in about three minutes. You can spot phishing e-mails with Outlook the same way.

Some people will tell you not to even open a message like this, but if you’re a computer professional, at some point someone is going to want you to prove the message was fake. I think this is something every e-mail administrator, desktop support professional, security professional, and frankly, every helpdesk professional ought to be able to do.

So here’s how you can get the proof. And generally speaking, Outlook 2010’s default configuration is paranoid enough that this procedure will be safe to do. If you want an extra layer of protection, make sure you have EMET installed and protecting Outlook.

Read more

Change a headline, go to prison

A former journalist whose track record includes being fired from the Tribune Co. and from Reuters is facing two decades in prison for giving the hacking group Anonymous credentials to log into a Tribune web site and change stuff.

Anonymous changed one headline, and it took about 40 minutes for someone at Tribune Co. to notice and change it back.

It reminds me of something that happened at the newspaper where I used to work.

Read more

Stunt Hacking: Why Charlie Miller hacked a Jeep driving on I-64

St. Louis-based security researcher Charlie Miller and his collaborator Chris Valasek got themselves in the news this week by hacking a Jeep driven by Wired journalist Andy Greenberg on I-64.

The reaction was mixed, but one common theme was, why I-64, where lives could have been at risk, rather than an abandoned parking lot?

I don’t know Miller or Valasek, so it goes without saying I don’t speak for either one of them, but I think I have a pretty good idea why they did it that way.

Read more

Yes, an ethical journalist protects his/her sources

An anonymous reader asked why journalists protect their sources.

It’s a fair question but an easy one to answer. Part of a journalist’s role in society is accountability. When something is wrong, the journalist is supposed to raise awareness.

Read more

Buy as much computer as you need

Veteran IT journalist Guy Wright advises not to buy any more computer than you need. Wright was a prominent Commodore journalist, so he’s been thinking this way for literally decades. I grew up reading the magazines he edited in the 1980s and 1990s–yes, really–so it’s not surprising that I would agree with him.

I saw a couple of points worth clarifying.

Read more

Hillary, hackers, threats, and national security

I got a point-blank question in the comments earlier this week: Did Hillary Clinton’s home-made mail server put national secrets at risk of being hacked by our enemies?

Depending on the enemies, maybe marginally. But not enough that any security professional that I know of is worried about it. Here’s why.

Read more

Commodore hardware viruses–yes, they were possible

Commodore hardware viruses–yes, they were possible

The conventional wisdom is that computer viruses can wipe out your data, but they can’t do physical damage. The exception to that rule was, of course, Commodore, the king of cheap 1980s computers. Commodore’s earliest computer, the PET, had an infamous “poke of death” (POKE 59458,62) that would destroy its video display, but the Commodore 64’s sidekick, the 1541 disk drive, had a couple of little-known vulnerabilities as well. Read more

Home Depot: A security pro’s dilemma

I was listening to podcasts about the Home Depot breach, and something occurred to me.

Home Depot isn’t talking much about the breach. And it’s driving security pros nuts.

But the general public takes silence as a sign that everything’s going great. So their silence is winning the PR battle in the court that matters, which is public opinion at large. Read more