The AMI BIOS breach of 2013

A security professional’s nightmare happened to AMI this week. Tons of confidential data, including the source code for the UEFI BIOS for Intel Ivy Bridge-based systems and an AMI-owned private key for digital signatures, turned up on a wide-open FTP server for all comers to download anonymously. This AMI BIOS breach has numerous implications.

The implications are nearly limitless. To a malware author, this is like finding a hollowed-out book at a garage sale stuffed with $100 bills with a 25-cent price sticker on the front. If you’re a budding security professional, count on being asked in job interviews why you need to protect confidential information. The next time you get that question, here’s a story you can cite.

Read more

Take a peek at Bill Gates’ pre-Microsoft resume

Bill Gates and Paul Allen posed for a re-creation of a famous early Microsoft photograph this week; at the same event, Gates’ pre-Microsoft resume surfaced.

Read more

Although it’s counterintuitive, AT&T’s new password policy makes sense

AT&T has a new password policy that forbids the use of certain common words in passwords, including some words of a colorful nature.

Yes, it reduces the number of possible passwords, but that isn’t exactly a bad thing.

Read more

Firefox 20 is out. I don’t blame you if you wait for 20.1.

I need to sync my haircut cycle with Firefox’s release cycle. It’s that time again. Version 20 is out, and it has some new features, but as frequently as dot-one releases follow new releases, I don’t blame you if you wait.

I usually update at least one of my machines right away, if only out of curiosity, but tend to let the others lag a day or two. Or a week.

How I once took down a network, including a radio station

I met up Monday night with some other security professionals for some emergency networking of the professional kind. One of the attendees, a penetration tester, had a little incident where he took down a production system when he conducted his penetration test. The system owners were a bit arrogant, and, well, they paid for it.

I’ve taken down a network too, but in my case it wasn’t something security-related. No, in my case, I was a 20-year-old desktop support technician working in a college computer lab, making an honest mistake.

Read more

Scratchbuilding, Marx-style

I saw a modern-production Lionel box car in a hobby shop one weekend. I wanted it, but I really wanted it in Marx 3/16 style, so it would look right with my Marx #54 KCS diesels pulling it. But I face very long odds of ever getting that car in Marx 3/16 unless I build it myself.

So I started building. And you can too.

Read more

What I learned about air travel by globetrotting back and forth to Baltimore and D.C.

In 2011-2012, I flew to Baltimore or Washington D.C. a lot–probably eight times, if not more. Internet pal Rob O’Hara wrote about his recent flight to Seattle this weekend; predictably, they lost his bags.

Here’s what I learned by getting to know the Baltimore area by plane.

Read more

Shakespearean surprises

This oft-cited story about Shakespeare’s wealth and how he got it in the Telegraph led me–as the Internet often does–to something else: Shakespeare as therapy.

Read more

My earliest memory of using a computer

My earliest memory of using a computer

Gizmodo asked this weekend about earliest computer memories, and illustrated it with a computer that sported a 3.5″ floppy drive. Young whippersnappers.

My first memory was in 1981 or 1982. Dad went to see one of his coworkers in his home, and brought me along. He had a son a few years older than me, probably about 12 years old, and there in the living room was something I’d never seen before, connected to a television and sitting on a desk. “What’s that?” I asked.

“This is a computer,” he said. Then he inserted a Choplifter cartridge and taught me how to play. Read more

A quick fix for the Insignia NS20EM50A13 monitor’s biggest annoyance

I’ve written about the Insignia NS20EM50A13 monitor before. It’s a reasonably good low-end monitor with the annoying tendency to change the video input back to VGA any time your system goes to sleep or changes from text to graphics mode. I accidentally discovered this week–after using the monitor for months–that if you push the OK button on the front of the monitor, it brings up the input menu, allowing you to quickly flip it back to DVI without fumbling through the menus.

I still wish the monitor would let me set the default to DVI and make it stay that way, but this is an acceptable workaround for the price, at least for me.