Another day, another router backdoor

Bad news everyone: There’s a backdoor in Linksys and Netgear (and possibly other) routers. The exploit works on a weird port, so it’s not remotely exploitable, nor is someone going to drop it with some crafty Javascript like the recent D-Link backdoor, but it’s not out of the question at all for malware to do a pivot attack. Here’s how it would work: Once a computer is infected, it could attack the router and infect it too, so that once someone disinfects their computer, the router could re-infect the computer at a later date. A router is a great place to hide, because nobody looks at it, and they have ample storage on them to exploit..

What can you do about it? Read more

Beyond compliance: Maturity models

A lot of organizations equate security with regulatory compliance–they figure out what the law requires them to do, then do precisely that.

Forward-thinking organizations don’t. They see security as a way to get and maintain a competitive advantage, and rather than measure themselves against regulations that are often nearly out of date by the time they’re approved, they measure themselves against a maturity model, which compares their practices with similar companies in similar lines of work so they can see how they measure up. Read more

Gene Kim on scheduled maintenance

The excellent book The Phoenix Project has a choice quote that stuck with me.

In this scenario, the Yoda-like character asks the hero to imagine a company that makes deliveries. If the trucks break down, the deliveries stop, right? So you change the oil, since not changing the oil causes trucks to break down.

“Metaphors like oil changes help people make that connection. Preventative oil changes and maintenance policies are like preventative vendor patches and change management policies. By showing how IT risks jeopardize business performance measures, you can start making better business decisions.”

Read more

My $30 desktop PC upgrade

I built my main desktop PC three and a half years ago and have no complaints about it, save one. Hard to believe, but PC hardware has improved considerably in recent years. This weekend, I sunk $30 into it to solve my single complaint, and now I can reasonably expect to get another three years out of it, if not longer.

Read more

How to paint model railroad scenery

When it comes to model railroad scenery, you tend to see two extremes–a plywood board painted a solid color of green, or an attempt (with varying success) at detailed scenery using ground foam and other materials, such as those sold by Woodland Scenics, at a price.

What if you want something in between? Well, on the Facebook Marx page, I saw a brilliant idea: sponge painting. The results looked really good, especially given the cost and effort required.

Read more

Cutting through the fluff around the Target PIN breach

OK, so Target is back in the news, and it’s nowhere nearly as bad this time but there’s some posturing and some fluff in the news, so I’ll take it upon myself to demystify some of it. Some of it’s PR fluff, and some of it’s highly technical, so I’ll cut through it.

I’m just glad–I guess–to be talking about this stuff outside of a job interview. Like I said, this time the news isn’t nearly as bad as it could be. Read more

Those marketers targetted the wrong guy

So, I’ve been seeing one particular ad incessantly lately. It’s a fairly generic-looking ad, with the words “Jesus Christ is Lord” in bold letters across the top. Scroll down a little further, and there’s a very heavily tanned woman, under a thick layer of makeup wearing a skimpy halter top. She’s probably in her early 20s. It’s an ad for a certain Christian-themed dating web site I won’t mention by name.

It seems to be targeted advertising. Fine, my religion is no great secret. Most public databases that I’ve queried about myself identify me as a Protestant, and some even peg me as Lutheran too. But there’s this one other little detail that’s even easier to find out than what religion I practice.

I happen to be married. Read more

Losing the luster of Christmas–and something of a cure

The Kansas City Star published a forlorn editorial this week about the struggles of many people this Christmas.

I can relate. I’m much better off than many people, but this is the third Christmas in a row where my job has a hard end date attached to it. And this year, for the first time in my career, I made less money than I did the year before. For me, Christmas has been the worst day of the year for a very long time, because I know I can’t live up to everyone’s expectations of me.

But I’m better off than a lot of people. Right now I have a job. Some of my former coworkers took bigger pay cuts than I did this year, or they’re still looking. And, as bad as this year has been, I think everyone needs to go without work for a month or so sometime in their life. I think I have something that can help, but I’m gonna make you read something first. Or at least scroll a lot. Read more

What I’m doing to protect myself after the Target data breach

As you’ve probably heard, Target had a bad month. Between the days of 27 November and 15 December, about 40 million credit card numbers were stolen, making it one of the biggest breaches of its kind in history. As far as we know, the card number and security code were stolen, but debit-card PINs and addresses were not.

Target says they have contained the breach and are cooperating with credit card companies and authorities. Cringely has some analysis, but it has more for people like me to think about how we do things at work than it does for consumers.

And, well, as luck would have it, I shopped a lot at Target between the days in question. And I used both my credit and debit card during that time. Here’s what I’m doing, some of which may be counter-intuitive.

Read more

The New York Times’ dialect map can’t figure me out

My first semester of college, one of the copy editors for the student newspaper either minored in linguistics or just enjoyed the subject. He could peg where all of us were from–except me.

The New York Timesinteractive dialect map struggled with me too. I’ve taken the test five times, and it managed to give me a map just once. Read more