The State Department is just one of many examples of IT gone rogue

Much has been made of Hillary Clinton’s use of her own mail server, running out of her home. It didn’t change my opinion of her, and I don’t think it changed anyone else’s either–it just reinforces what everyone has thought of her since the early 1990s. Then, Ars Technica came forward with the bizarre case of Scott Gration, an ambassador who ran his own shadow IT shop out of a bathroom stall in Nairobi.

The money quote from Ars: “In other words, Gration was the end user from hell for an understaffed IT team.” And it concluded with, “[A]s with Clinton, Gration was the boss—and the boss got what the boss wanted.”

Indeed. And it doesn’t just happen in the government.

Read more

Initial upgrade reports on the HP Stream and Pavilion Mini

Earlier this year at CES, HP introduced its HP Stream Mini ($180) and Pavilion Mini ($320 and $450) mini-desktops. They’re small, inexpensive, and in the case of the Stream, silent. They turn out to be surprisingly upgradeable as well. Ars Technica has details and benchmarks, but of course I have my own priorities based on their discoveries.

Read more

How to write reviews without getting sued

In a well publicized incident that happened earlier this month, someone who wrote a bad review on Amazon about a cheap router got threatened with a lawsuit by the router’s distributor, Mediabridge. Amazon retaliated by banning the distributor from selling on Amazon. But unfortunately, this means we have to think about how to write reviews without getting sued.

By the time this happened, the review was no longer on Amazon, so all I’ve heard about the review is secondhand. Ars Technica published this guide to writing reviews without getting sued and I think it’s good advice, but of course, having written dozens, if not hundreds of reviews myself, I feel inclined to elaborate. I actually value online reviews by people who bought the product and tried to use it. I value them a lot, so I want people to write reviews, and not be afraid to do it. And since I went to school for this stuff, hopefully I can say something helpful.

Read more

Time to update Flash again. This is a big one.

There’s an exploit in Flash, on all platforms, being actively exploited in the wild. Adobe rushed out an update. See more at Ars Technica. It allows remote code execution, so this one is as bad as it gets. Installing EMET is a potential mitigation against Flash exploits, so if you’re running Windows, protecting Flash with … Read more

More details on the Target hack come to light

Yesterday I read, via Ars Technica, that the malware resided on cash registers (which I’d heard elsewhere before), and that the first step to getting there was via a compromised web server.

And that led to a question in the comments, that sounds like it came from an IT professional:

don’t they have their network segregated into zones!!!? It shouldn’t be possible for a web server to touch a POS system in a store….

The commenter right, it shouldn’t be. But it doesn’t need to be, either.

Read more

Another day, another router backdoor

Ars Technica dropped this bombshell toward the end of the day yesterday: A backdoor in Linksys and Netgear (and possibly other) routers. The exploit works on a weird port, so it’s not remotely exploitable, nor is someone going to drop it with some crafty Javascript like the recent D-Link backdoor, but it’s not out of the question at all for malware to do a pivot attack. Here’s how it would work: Once a computer is infected, it could attack the router and infect it too, so that once someone disinfects their computer, the router could re-infect the computer at a later date. A router is a great place to hide, because nobody looks at it, and they have ample storage on them to exploit..

What can you do about it?

Read more

Beware the Black Friday electronics

Ars Technica ran an aptly timed article today called How to talk your family out of bad consumer electronics purchases. It’s definitely worth a read, to steer you away from bad Black Friday electronics.

There’s a great tip in the article. If a doorbuster item has a model number that isn’t available the rest of the year, you don’t want it. That’s a good rule.

Read more