The State Department is just one of many examples of IT gone rogue

Dave Farquhar security , , , , ,

Much has been made of Hillary Clinton’s use of her own mail server, running out of her home. It didn’t change my opinion of her, and I don’t think it changed anyone else’s either–it just reinforces what everyone has thought of her since the early 1990s. Then, Ars Technica came forward with the bizarre case of Scott Gration, an ambassador who ran his own shadow IT shop out of a bathroom stall in Nairobi.

The money quote from Ars: “In other words, Gration was the end user from hell for an understaffed IT team.” And it concluded with, “[A]s with Clinton, Gration was the boss—and the boss got what the boss wanted.”

Indeed. And it doesn’t just happen in the government.

Read more

Lenovo is penitent, but its customers aren’t out of the woods yet

Dave Farquhar security , , , , , , ,

After having an incredibly bad week last month, Lenovo started saying the right things, and perhaps doing some of the right things too. But some laptops with the Superfish malware preinstalled on them are still in the supply chain, which means some people are unwittingly buying them.

This isn’t terribly surprising. But there are a couple of things you can do about it, and they’re things worth doing anyway.

Read more

LED bulb longevity report

Dave Farquhar Saving money , , , , , , , , ,

Now that I’ve had a couple of LED bulbs burn out, I can actually give an LED bulb longevity report.

I’ve been buying LED bulbs since 2010, and now I’ve lost three of them. It’s a little disappointing, but two of the bulbs were Philips 420240 bulbs, which are no longer on the market. The first 420240 failed completely within a couple of weeks of getting it, and I exchanged it for a Cree. The second 420240 lasted a shade over two years. Clearly the 420240 just wasn’t a very good bulb, and it accounted for my first LED bulb mortality.

My other failed bulb is one of the early 40W equivalents I bought at either Lowe’s or Home Depot in 2010 or early 2011. So I got about four years out of that one, which is better than Philips at least.

Read more

Connect more than one game system to a TV with one HDMI port

Dave Farquhar Uncategorized , ,

I was reading reviews of televisions and found several televisions had negative reviews because they only had a single HDMI port. The guy who bought it had wanted to connect two game systems to it. But you usually can connect more than one game system to a TV with one HDMI port.

I’m not sure who buys a television without first making sure it has all of the inputs you’ll need in order to connect stuff to it. But this problem has a solution other than buying a more expensive TV with two HDMI ports.

Read more

Why I don’t scan networks with my own credentials

Dave Farquhar security, War Stories

I scan the network I’m paid and sworn to protect on a nearly daily basis. I experienced a problem with the account I use for that, and I tested by scanning a small quantity of machines (my own and my cubicle neighbor’s) with my own account to make sure the problem was the account, not the tool.

Fixing the account has become a problem–my boss’ problem now–but when I told him about it, I said I could scan the network with my personal admin account, but didn’t want to. One reason has to do with liability and HR. The other, believe it or not, is technical.

Read more

A watering hole attack example from the real world

Dave Farquhar security , ,

You may have heard people like me talk about watering-hole attacks. It’s an indirect attack on someone by compromising a third party and using that to get in. Here’s a watering hole attack example from the real world.

In this case, back in November, attackers got a Forbes ad server, and from there, attacked visitors from government and bank networks.

Here’s the logic: Since ad servers tend to be much less secure than your target company, you compromise an ad server from a site someone on the target network is likely to visit, then infect them from there. The attackers jumped to the ad network first. That put them into position to jump onto government and bank networks.

Read more

How to replace a Lionel transformer power cord

Dave Farquhar Toy trains , ,

When using vintage Lionel transformers, it’s important to make sure the power cord isn’t broken or frayed to avoid the risk of electric shock or starting a fire. If yours is, here’s how to replace a Lionel transformer power cord.

Replacing a power cord safely is a lot easier than most people make it sound. It’s possible to do the job safely with simple tools and a few dollars’ worth of parts from the nearest hardware store.

Read more

How to roll your own mini PC and potentially save

Dave Farquhar Hardware , , ,

I’ve talked at length about HP’s new mini PCs, but there are some alternatives in the DIY space. For example, Asrock offers the D1800B-ITX, which sells for around $53. Going the DIY route, you won’t get a discounted copy of Windows, but you also won’t spend money on RAM and an SSD that you’re going to end up replacing and you can get exactly as much CPU as you want.

Read more

How to convert any ATX or microATX case to silent operation

Dave Farquhar Hardware ,

Now that SSDs and CPUs that consume 10 watts are readily available and inexpensive, it’s possible for almost any mainstream PC to be a silent PC. You can of course buy new cases for silent-PC builds, but if you want to upgrade and save a little money while doing it, you can easily convert a legacy case of almost any age to work silently. If you have an AC adapter from a discarded or disused laptop or LCD monitor, you can do this project for less than $30. Here’s how.

Read more