The Silicon Underground

Home » Page 273

Be careful about cheap phone/tablet chargers

Dave Farquhar Uncategorized July 3, 2014June 29, 2014

Consumerist has a sad story about a woman who was electrocuted by a cheap USB charger. The danger seems greater in countries that use 230 volts around that house rather than 115 like the United States, but even 115 volts can be dangerous if it crosses a vital organ.

A charger’s job is to take the higher AC voltage that comes from the wall and convert it to 5 volts DC to power the phone or tablet plugged into it. Poor design or poor manufacturing can cause the wall voltage to go where the converted voltage is supposed to. Literally, getting the wires crossed in this situation is very dangerous.

The solution is to be careful where you’re buying your chargers. Don’t buy them out of the back of a van, and don’t buy them from the dollar store. Get a charger made by a company you’ve heard of, and look for a regulatory logo on it. Approved products sold in the United States generally will bear a UL (Underwriter Laboratories) logo on them, while approved produces for the European Union will bear a CE (Conformité Européenne–European Conformity) logo.

I agree that many chargers are greatly overpriced, but there are reasonably priced, safe third-party chargers available too, such as the Amazon Basics USB charger, which costs around $9. Some stores have their own house brand that are similarly priced. Even at $9, there’s a comfortable profit margin for the retailer.

The difference an SSD makes

Dave Farquhar Hardware July 2, 2014June 6, 2026chrome, Libre Office, pentium d, samsung, Western Digital, windows 7

Back in the spring I bought a used computer. My wife wanted one, and while I probably could have cobbled something together for her, I didn’t have any extra Windows 7 licenses. So I bought a home-built Pentium D-based machine with Windows 7 on it from an estate sale for $70. The Windows license is worth that, so it was like getting the hardware for free.

When I got the hardware home to really examine it, it turned out not to be quite as nice as I initially thought. It was a fairly early Socket 775 board, so it used DDR RAM and had an AGP slot, limiting its upgrade options. The system ran OK, but not great, and it was loud.

The hard drive was a 160 GB Western Digital IDE drive built in 2003. That’s an impressive run, but a drive that old isn’t a good choice for everyday use. It’s at the end of its life expectancy and it’s not going to be fast. This weekend I got around to replacing it with an SSD. Read more

The Moto E, two weeks later

Dave Farquhar Android July 1, 2014June 29, 2014android, motorola, samsung

I’ve been using my Moto E for a couple of weeks now, and sometimes impressions over time are much better, or at least more useful in the long run, than initial impressions.

I still like the phone, but I’ve discovered a few things, mostly good.

Rick Broida thinks he doesn’t use antivirus software

Dave Farquhar security June 30, 2014June 28, 2014antivirus, malware, McAfee, pfsense, symantec

C’mon. You knew I’d get around to writing a response to Rick Broida’s claim that he doesn’t use antivirus software.

Actually, he’s not nuts. But he’s also mistaken if he thinks he doesn’t use antivirus software. His editorial is kind of like saying, “I don’t use a web browser. I use Internet Explorer.”

Although he’s mistaken that he doesn’t use antivirus software, and not all of his advice is spot-on, you can do a lot worse than follow his advice.

How to measure the effectiveness of a security program

Dave Farquhar security June 27, 2014June 23, 2014CIO, CISO, Rabbit Hole

On a recent episode of Down the Rabbit Hole, Rafal Los and James Jardine asked CISO-turned-CIO Joe Riesberg how he measures the effectiveness of a security program. He came up with five things, which are pretty much how we measure our effectiveness where I work too. That’s a pretty good indicator. Read more

How to do one-off patches without an Internet connection

Dave Farquhar security, Windows June 26, 2014June 22, 2014

If you need to patch a small quantity of Windows servers or desktop PCs and don’t want to download four gigabytes of updates, or, worse yet, can’t download updates, WSUS Offline Update is your buddy. Don’t let its name fool you–it doesn’t require a Microsoft WSUS server in order to operate. But if you have a local WSUS server, you can point it at that to download updates, which is faster than downloading from Microsoft.

It’s a script that can download all existing updates for a given operating system, and then, you can run it off a network drive or removable media on individual systems to install missing patches and service packs. It’s a reliable way to quickly patch a small number of systems. I’ve had to use it a few times in my career and it’s worked well for me.

Patching hundreds of systems with it isn’t something I recommend–if you have a lot of machines, you need to stand up an enterprise patching solution–but this tool definitely has its uses, especially in small environments, or even for one-offs in large environments.

I can think of another good use for it: If you have a development network that doesn’t have an Internet connection, this will let you download and apply updates to it so your development network matches production, which is critical for a properly-working environment.

In the bad old days I used to use batch files to apply updates. This is better, because it will apply only the missing updates, and it does a reasonably good job of applying the updates in the proper order. Using batch files, sometimes I would have to run the file, reboot, and repeat a half dozen times to end up with a clean system, which didn’t make the security team happy. When I started using the predecessor to this tool, my security team and boss were a lot happier.

XP may not be as bad as it sounds

Dave Farquhar security, Windows June 25, 2014June 22, 2014windows 7, Windows XP

Patrick Gray and Darren Pauli of The Register blasted the continued use of XP on Risky Business last week.

But I think their criticism is based on an assumption that may not be correct. Read more

Don’t run unknown executables for a dollar. And PLEASE don’t for a penny!

Dave Farquhar security June 24, 2014June 21, 2014antivirus, information security, NIST, preschooler

I can’t bribe my preschooler with a penny anymore, but, sadly, a consortium of Carnegie Mellon University, NIST and Penn State University found that 22% of respondents through Amazon’s Mechanical Turk were willing to run a dodgy unknown executable in return for a penny. Fifty-eight percent would do it for 50 cents, and 64 percent would do it for a dollar.

I’ve been telling people for 17 years not to take executable files from strangers. I know the percentage of people who will bend down to pick up a penny off the ground when they see one is less than 22%, so this saddens me. Read more

What Linkedin is good for

Dave Farquhar Careers June 23, 2014February 23, 2022cissp, LinkedIn

Alistair Dabbs posted a nice, curmudgeony anti-social-media rant over at The Register. In part, he asked what Linkedin is good for, noting it’s never netted him a job or a useful contact.

I found his piece entertaining, so I thought I’d talk about how I use Linkedin, besides dodging recruiters who blindly type “cissp security clearance” or “security analyst st. louis” and message every single person who comes up. Read more

The ultimate budget smartphone: The Moto E

Dave Farquhar Android June 20, 2014June 19, 20141980s, amiga, android, benchmark, cyanogenmod, motorola, samsung

I wanted to like the Moto E, for sentimental reasons. The Motorola who made this phone isn’t the same Motorola who made the MC68000 CPU in my Amiga, and it’s not the same Motorola that built the hulking briefcase-sized bag phone Dad toted around in the 1980s, but the logo is the same.

The stingy Scottish miser in me wanted to like the phone too, because it costs $129. A few short months ago, the only phones you could buy new for under $130 were cheaply made no-name phones like the Blu Advance with half a gig of RAM, a low-visibility screen, a low-end processor you didn’t want and an Android that was a few versions out of date, encased in lots of cheap plastic. Next to the Moto E, the Blu phones lose what little appeal they had.