Why Chinese hackers would be interested in U.S. healthcare data

Dave Farquhar security ,

About a year ago, a vendor mentioned kind of offhand that Chinese companies are extremely interested in U.S. healthcare data. Then he added, “I don’t understand why Asian people are interested in American health.” Then he questioned the appropriateness of the comment.

Appropriate or not, it’s an example of something that, on the face of it, doesn’t make a lot of sense until you dig deeper. Read more

Another breach, more credit-card advice

Dave Farquhar security , ,

So Minnesota-based Supervalu, an operator of grocery stores, had a data breach in the midwest last week. If you’ve shopped at Cub Foods, Farm Fresh, Hornbacher’s, Shop ’n Save, Shoppers Food and Pharmacy, or former Supervalu chains Albertsons and Jewel-Osco between the dates of June 22 and July 17, and you paid with a credit or debit card, call your credit card company or bank.

If you need a new card, it’s much faster to let them know than for them to try to figure it out. And in the meantime, continue to use the card for everyday purchases to establish normal behavior. Don’t run up debt, but you want to establish where you are, so if someone buys the card info and tries to use it, it will stick out. And if their small transaction did happen to go through and they tried a larger one, it’s a little less likely to go through if you’ve run the balance up a little. These are little things you can do to make things harder for the criminals and easier for the banks, and potentially make it easier for the authorities to find the criminals.

Someone else’s opinion on the best SSDs

Dave Farquhar Hardware , , ,

Every once in a while I get a question about what SSD I recommend, since I’ve been buying them a long time. I always recommend the best price you can get on someone who makes their own memory chips, which means the cheapest drive you can get from Micron/Crucial, Intel, Samsung, Toshiba, or Sandisk.

Looks like someone else, in that same vein, recommends the Crucial MX100. The explanation why is good reading.

Windows Vista’s market share is growing. After seeing 8.1, I know why

Dave Farquhar Software, Windows , , , , , , , , , , ,

I installed Windows Vista last week. I need a legal copy of a supported version of Windows to use to VPN in to work and run the corporate Citrix client. Vista fit the bill. It’s better than 8.1, and it’s supported until April 2017. I always hated Vista, but 8 and 8.1 made me realize it could have been a lot worse, and on recent hardware Vista does OK. It still prompts you for admin rights too much and too slowly and makes you work too hard to click yes, but at least you can find stuff. Read more

The Ferguson race riots: An outsider’s perspective from not far outside

Dave Farquhar St. Louis , , ,

A Ferguson police officer shot and killed Michael Brown, an unarmed 18-year-old African-American man, on August 9, 2014. The night after, riots broke out.

Ferguson is an inner-ring suburb in north St. Louis County. As such, Ferguson is now approximately 67% African-American, although the power structure remains mostly white.

I am a native of Kansas City who has lived in suburban St. Louis for a little more than 20 years. As a quasi-outsider, St. Louis has some quirks that I recognize and understand. It helps to understand that St. Louis is very divided, both along the lines of race but also along the lines of class. One of the first questions many St. Louisans will ask you is what high school you went to. This conveniently tells people how much money you grew up with. If you went to a private school, you’re good. If you went to a public school in an affluent area, you’re good. If you went to a public school in a poor area, I hope you’re living in a more affluent area now because there are people who will look down on you.

Sometimes the lines are fuzzy but sometimes they’re very stark. In north St. Louis, there’s an east-west street called Delmar. On the south side of the street are expensive houses. I won’t say they’re all millionaires on that side of the street, but many undoubtedly are. On the north side of the street, the houses that aren’t vacant are occupied by people who have minimum-wage jobs. The haves and have-nots can stare at each other from their windows, separated by five lanes of traffic. This oddity has even caught the attention of the BBC.

Ferguson is a step up from the wrong side of Delmar, but many St. Louisans would have jumped to conclusions about Michael Brown and his Normandy High School diploma for the rest of his life, regardless of how long that might have been. Read more

The clear and present danger lurking at the edge of your home network

Dave Farquhar DD-WRT, Hardware, security, Servers and Networking

In 2003, Dan Geer called the combination of Microsoft’s market dominance and the flimsy security of its products a threat to national security.

Today, he’s calling the security holes in consumer routers a threat to critical infrastructure.

These two things are related in more ways than being utterances from the same person. These routers were designed to protect flimsy PCs from the horrors lurking on the Internet. In 2003, they were arguably adequate. But since 2003, Microsoft operating systems have improved dramatically from a security standpoint while routers have stood still. Many of them are still running on the same outdated Linux kernels and userspaces, just on newer, faster hardware. These routers are now less secure than the computers they are supposed to protect. This isn’t a knock on Linux; Linux has improved in the last 11 years too, but router makers generally haven’t incorporated those improvements. So these routers are easy to attack, easy to use to build botnets, and the user will never be the wiser since they keep the devices until they break. The only good news here is that many of them break after a year or two, and that’s supposed to be bad news.

Sadly, these problems are all solvable.

Read more