The Silicon Underground

Home » Page 235

Another reason to block fonts at the proxy

Dave Farquhar security October 29, 2015December 5, 2015apple, CIO, macintosh, os x, vulnerability

Last week Apple released a bunch of patches up and down its product line. One of the vulnerabilities it fixed in OS X was a vulnerability in its font parser.

In the past you could mitigate vulnerabilities like this by only installing fonts from trusted sources, but since it’s now possible for web pages to transmit fonts along with other content, there’s a limitless number of untrusted fonts out there in the world.

Since it may take a while for all of the major operating systems to shake out all of the problems in their font subsystems, that’s the reason I’ve recommended filtering fonts at the proxy.

The problem with ditching Flash and Java

Dave Farquhar security October 28, 2015October 27, 2015apple, Brian Krebs, JRE, Whitelist

Last week Adobe issued an out-of-band Flash patch, and once again Brian Krebs urged people to ditch Flash, noting that he’s done so and hasn’t missed it.

We decided to try ditching Flash at work a few months ago, but it didn’t go quite so smoothly for us. I thought I’d share my experience.

Pogue’s attitude is unfortunately far too common

Dave Farquhar security October 27, 2015October 26, 2015Charlie Miller, David Pogue, demonstration, prison

According to David Pogue, since hacking a car is “nearly impossible,” we shouldn’t talk about it anymore.

That, my friends, is precisely what’s wrong with security and security awareness today. Flying to the moon is nearly impossible, after all, and you could easily kill yourself trying. David Pogue has never done it. But Neil Armstrong and Buzz Aldrin did.

Fixing a sink that quit working

Dave Farquhar DIY, Landlording October 26, 2015November 26, 2016hardware store

My mother in law bought a foreclosed condo, and I helped her get the water turned back on, but one sink just wouldn’t work no matter what I did. I finally found an answer, and since there wasn’t much information online, I thought I’d share what I learned about fixing a sink that quit working suddenly, to save someone else some hassle.

The problem occurred in one of the bathrooms. The shutoff valves under the sink were extremely sticky and didn’t want to turn on. Eventually I got them to turn on, and then I ran the sink, and it worked. Then I turned the valves off and back on a couple of times to loosen them, in case she ever had to turn off the water. They loosened up to the point where they were usable again, but then the sink, which had been working fine a minute before, didn’t work anymore. If I turned the sink all the way up, the best I got was a slow drip. If someone else hadn’t been there with me and seen it, I would have thought I’d gone crazy.

Need a Commodore motherboard? Believe it or not you’re in luck

Dave Farquhar Retro Computing October 23, 2015October 20, 2015amiga, amiga os, commodore, commodore 64

Individual Computers is working on, of all things, a replacement Amiga motherboard that will fit in an Amiga 500 or Amiga 1200 case.

The board will use the AGA chipset that the Amiga 1200 used, but the board will be built using a modern process, modern materials, and as many other modern components as possible.

Unchecky is another tool to help with staying out of trouble with malware

Dave Farquhar security October 22, 2015September 16, 2016Adobe Flash, antivirus, irony, malware, oracle, psi

I found a mention of a tool called Unchecky as a minor point in a story about something else entirely. Unchecky helps to solve the problem with downloaded programs including a bunch of extra junk you don’t want.

I won’t be running it myself. But the next time I fix a computer, I’ll probably install it on that one.

Password management advice from CSO Online

Dave Farquhar security October 21, 2015October 19, 2015breach, passwords

Over at CSO Online, there’s a nice war story about tracking down and resetting 300 passwords.

I could pick nits at a few of his details, but that’s annoying and counterproductive. His overall advice is very good–manage your passwords, set them to something random, keep in mind that some sites just won’t allow for a very strong password so do the best you can, and protect your main e-mail password and your password management system password with all the diligence you can muster.

What the NSA can crack, and how to protect against it

Dave Farquhar security October 20, 2015November 27, 2018AES, leaks, NSA, SSL, TLS

Ever since the Snowden leaks, there’s been considerable speculation about what cryptography the NSA could break, and why. Finally, there’s a study that goes into deep detail about what it is the NSA probably can break, and why, plus how to protect against it.

‘PC Does What?’ seems doomed to fail

Dave Farquhar Hardware October 19, 2015October 16, 2015apple, dell, hp, intel, lenovo, malware

A coalition of Dell, HP, Intel, Lenovo, and Microsoft are trying to figure out how to reverse the downward trend of PC sales, and what they came up with was a marketing campaign called “PC Does What?”

The problem is it’s not 1995 anymore, and it’s going to take more than a marketing campaign to change that.

The midlife crisis-wrecking Caravan

Dave Farquhar Humor/Satire October 19, 2015October 8, 20151980s, Chrysler

Around the time I got my driver’s license, my mom’s family hauler was a 1988 or 1989 Dodge Caravan, the old non-stretched version, with a 4-cylinder turbocharged Mitsubishi engine in it.

I have several coworkers who are car enthusiasts and love to share their car stories, so I shared mine.