We need to fix CISPA, not kill it

Dave Farquhar security , , ,

Here’s a good plan for fixing CISPA. And CISPA needs to be *fixed*, not stopped. We have three alternatives right now:

Secure the Internet
Voluntarily pare back the Internet
Wait for the Internet to fall apart and/or become too dangerous to use anymore

Given the unpleasant side effects of options 2 and 3, option 1 is all that’s left. Otherwise, the Internet will become a weapon of mass destruction. Keeping a hacktivist group or rogue nation from shutting down all gas and electric power in New York City on the coldest day in January is CISPA’s goal. Read more

The ethics of writing nefarious security instructions

Dave Farquhar security , , , , , , ,

This week I posted a link to a video showing how to crack a WPS-enabled wifi network, and this week, Ars Technica wrote a firsthand account of cracking a password list. I’m sure this raises questions of ethics in some people’s minds. To be honest, spreading this kind of information makes me a little uncomfortable too, but I also think it’s necessary.

Read more

The Internet is at war. Please read this if you run a DNS server.

Dave Farquhar security

A Dutch ISP that acts as a spam haven is DDOSing Spamhaus, and they’re using DNS to do it. The attack is using spoofed DNS queries to create, basically, a smurf-like attack. And the sheer volume of traffic is likely to affect the Internet as a whole.

That might explain why my recruiters were complaining that it was taking forever to look up job postings today. (Yes, I can publicly admit that I’m talking to recruiters. That’s another story.)

But basically, if you run a DNS server, you need to check your configuration to keep lowlives from using your DNS as a weapon. Here is a useful page for those of you running BIND, the one of the most popular DNS servers.

This was the most common type of attack in 2012; it looks like some people are trying to up the ante in 2013. We can make it stop, but every sysadmin running a DNS server is going to have to pitch in to help.

No, it doesn’t take a “serious hacker” to crack wi-fi through WPS

Dave Farquhar security , , , , , , ,

John C Dvorak is raving in PC Magazine about Netgear wireless routers and range extenders and how easy WPS makes it to set them up–and providing some very seriously flawed security advice along the way.

“Note that WPS is crackable by serious hackers using brute-force attack, but any SOHO user not dealing with government secrets should be fine.”
Read more

An inside peek at a newsroom

Dave Farquhar Journalism, St. Louis ,

St. Louis Post-Dispatch columnist Joe Holleman and his editors had to dodge some strange accusations this past week. These ranged from Holleman catching his editors sleeping, to amazement that his editors “allowed” him to write something they agreed with.

My longtime readers will know that prior to becoming Security Dude, I graduated from journalism school with the intention of eventually becoming a magazine editor. In the meantime, I spent a lot of time paying my dues writing for a daily newspaper. I’ve dealt with a number of editors. And they’ve dealt with me. Although I’m considered a moderate now, in the 1990s my now-moderate views qualified me as a conservative. My editors were always more liberal than me, so we had some disagreements.

Read more

Mark Hurd doesn’t sound like he’s just what Dell needed

Dave Farquhar Hardware , , , , , , , , ,

Word on the street is that Blackstone Group has a plan for turning around Dell: Buy the company, take it private, and install Mark Hurd as CEO. The thinking is that he’s available, has experience, and would have baggage keeping him from being the CEO of a public company.

I just see one glitch. Available != good fit.

Read more

Welcome, Tony’s Kansas City readers

Dave Farquhar Copyright , , , , ,

Thanks to Tony’s Kansas City for the link this morning. Tony noted that “Security dude reminds us that Google Fiber could kill the software industry.”

That’s an interesting spin. I do think it will affect the software industry–but so long as Kansas City stays at the forefront and the rest of the country is content with being a technological backwater, the effect will be minimal. But “kill” is an awfully strong word, even if every major city in the country were to get affordable Gigabit Internet in the very near future.

I say that because of what I saw in college. Read more

Another take on working from home

Dave Farquhar Uncategorized

Lifehacker posted an interesting take on working from home: The assumption that productivity is all that matters. The point being that if productivity were all that matters, there’s a drug we can take to be more productive, just like athletes can take steroids. It’s illegal, but the drug exists. It doesn’t make taking that drug right.

It’s an interesting discussion. Part of it is also moot. Read more

Kansas City and Google Fiber

Dave Farquhar Uncategorized , , ,

I get a few questions about Google Fiber, because I have Kansas City connections, and I work in computers. People who’ve known me long enough know that I upgraded to first-generation DSL about 30 minutes after it became available at the apartment complex I lived in at the time. The question then was the same as the question in Kansas City now: What do you do with an Internet connection that fast?

Well, for starters, there’s this novel idea involving the public library… Read more