security

Farquhar’s security New Year’s resolutions

Dave Farquhar security

As I mentioned in passing last week, I had a job interview at the end of the week. There was one question, near the end of the interview, that’s a fairly common question, but I wanted to record my answer to that question because I think it’s important.

The question: What do I see my next role being?

Fair question. I said I didn’t know for sure, but I knew what I have to do to find out. Read more

Linksys routers are under attack, and here’s what you can do about it

Dave Farquhar security , ,

A couple of my college buddies posted a link to an Ars Technica article about Linksys routers getting hacked. Sorry I didn’t find it myself, I’m prepping for a job interview. Excuses, excuses, I know.

Researchers have been doing this kind of stuff for at least a year, but now we’re seeing the bad guys do it. It was just a matter of time, because bad guys are going to attack whatever is easiest to attack, and consumer routers are direct-connected to the Internet and their security isn’t really all that much better today than it was when Linksys released its first router in 2000.

What’s worse is that two of the affected models, the Linksys E1000 and E1200, are no longer supported by Linksys. The answer is DD-WRT. Visit the linked page, type in the name of your router, check the version (it’s on a sticker), then load DD-WRT like you would load Linksys firmware. If you’re not comfortable doing it, a computer-savvy friend or acquaintance can do it in half an hour for you. I’m running DD-WRT on two routers myself, and put it on my mother-in-law’s router, and find there’s no comparison between it and anything any of the manufacturers are shipping from the factory.

Is its security perfect? Probably not, but it doesn’t even have the feature this exploit is using. And turning off undesirable features is the beginning of good security.

Time to update Flash again. This is a big one.

Dave Farquhar security , , ,

There’s an exploit in Flash, on all platforms, being actively exploited in the wild. Adobe rushed out an update. It allows remote code execution, so this one is as bad as it gets.

Installing EMET is a potential mitigation against Flash exploits, so if you’re running Windows, protecting Flash with EMET is an extremely good idea. Uninstalling Flash is an even better idea, but I don’t think HTML5 is quite ready to replace this scourge of computing security just yet.

I noticed that Secunia PSI automatically updated Flash on all of my machines, which was nice.

See, security doesn’t have to be painful.

 

Why you may not want a Nest

Dave Farquhar security , , , , ,

Ars Technica (link removed in retaliation for Conde Nast’s 11/3/2025 layoffs–sorry not sorry) has some harrowing speculation about the Nest, and why Google is interested in it.

I wanted a Nest, but haven’t bought one because I have a Carrier Infinity furnace that’s incompatible with it. Read more

KSDK-TV was wrong to test Kirkwood High School’s security

Dave Farquhar Journalism, security, St. Louis , , ,

Last week on Jan. 16, KSDK-TV caused Kirkwood High School to go on lockdown as part of a news story.

As a security professional, a journalist, a St. Louisan, and a parent, I have more than one stake in this. And an opinion. KSDK has no leg to stand on. Read more

More details on the Target hack come to light

Dave Farquhar security , , , , ,

Yesterday I read that the Target malware resided on cash registers (which I’d heard elsewhere before), and that the first step to getting there was via a compromised web server.

And that led to a question in the comments, that sounds like it came from an IT professional:

don’t they have their network segregated into zones!!!? It shouldn’t be possible for a web server to touch a POS system in a store….

The commenter right, it shouldn’t be. But it doesn’t need to be, either. Read more

How to increase the capacity of a Log Logic appliance by 45%

Dave Farquhar security, Software , ,

My 9-5 gig revolves primarily around Tibco LogLogic (I’ll write it as Log Logic going forward, as I write in English, not C++), which is a centralized logging product. The appliances collect logs from a variety of dissimilar systems and present you with a unified, web-based interface to search them. When something goes wrong, having all of the logs in one place is invaluable for figuring it out.

That value comes at a price. I don’t know exactly what these appliances cost, but generally speaking, $100,000 is a good starting point for an estimate. So what if I told you that you could store 45% more data on these expensive appliances, and increase their performance very modestly (2-5 percent) in the process? Read on.

Read more

Why the Target data breach news keeps getting worse, and what you need to do

Dave Farquhar security , , , , , , , , ,

As you probably know, last year some still-unknown criminals stole a whole bunch of credit and debit card data from Target. And the story keeps changing. First there weren’t any PINs. Then they got the PINs, but no personally identifiable data. Well, the latest news indicates they got credit card numbers, names, addresses, phone numbers, e-mail addresses, and for a whole lot more people, and probably from a longer length of time than just late November to mid-December.

There are a few things you ought to do if you shop at Target, which many people do. Read more

How I upgraded a TP-Link TL-WR841N to DD-WRT

Dave Farquhar DD-WRT, security, Servers and Networking , , , , ,
How I upgraded a TP-Link TL-WR841N to DD-WRT

If you want a nice router or access point, you can do a lot worse than upgrading a TP-Link TL-WR841N to DD-WRT. The TL-WR841N is inexpensive and reliable, and DD-WRT runs well on it once you get the right build.

You can configure it to be a router, an access point, or a repeater, based on what you need. It usually costs $25 and sometimes you can find one on sale for $20 or even $15, so it’s a huge bargain. Even if you want 802.11ac speeds, a TL-WR841N makes a fantastic secondary access point to improve your connectivity.

Let’s get on with the upgrade. In the case of the TP-Link TL-WR841N (or TL-WR841ND, which uses the same build), it’s really easy–10 steps. Read more

Another day, another router backdoor

Dave Farquhar security , , , , , , ,

Bad news everyone: There’s a backdoor in Linksys and Netgear (and possibly other) routers. The exploit works on a weird port, so it’s not remotely exploitable, nor is someone going to drop it with some crafty Javascript like the recent D-Link backdoor, but it’s not out of the question at all for malware to do a pivot attack. Here’s how it would work: Once a computer is infected, it could attack the router and infect it too, so that once someone disinfects their computer, the router could re-infect the computer at a later date. A router is a great place to hide, because nobody looks at it, and they have ample storage on them to exploit..

What can you do about it? Read more