Much has been made of Hillary Clinton’s use of her own mail server, running out of her home. It didn’t change my opinion of her, and I don’t think it changed anyone else’s either–it just reinforces what everyone has thought of her since the early 1990s. Then, Ars Technica came forward with the bizarre case of Scott Gration, an ambassador who ran his own shadow IT shop out of a bathroom stall in Nairobi.
The money quote from Ars: “In other words, Gration was the end user from hell for an understaffed IT team.” And it concluded with, “[A]s with Clinton, Gration was the boss—and the boss got what the boss wanted.”
Indeed. And it doesn’t just happen in the government.
Earlier this year at CES, HP introduced its HP Stream Mini ($180) and Pavilion Mini ($320 and $450) mini-desktops. They’re small, inexpensive, and in the case of the Stream, silent. They turn out to be surprisingly upgradeable as well. Ars Technica has details and benchmarks, but of course I have my own priorities based on their discoveries.
In a well publicized incident that happened earlier this month, someone who wrote a bad review on Amazon about a cheap router got threatened with a lawsuit by the router’s distributor, Mediabridge. Amazon retaliated by banning the distributor from selling on Amazon. But unfortunately, this means we have to think about how to write reviews without getting sued.
By the time this happened, the review was no longer on Amazon, so all I’ve heard about the review is secondhand. Ars Technica published this guide to writing reviews without getting sued and I think it’s good advice, but of course, having written dozens, if not hundreds of reviews myself, I feel inclined to elaborate. I actually value online reviews by people who bought the product and tried to use it. I value them a lot, so I want people to write reviews, and not be afraid to do it. And since I went to school for this stuff, hopefully I can say something helpful. Read more
A couple of my college buddies posted a link to an Ars Technica article about Linksys routers getting hacked. Sorry I didn’t find it myself, I’m prepping for a job interview. Excuses, excuses, I know.
Researchers have been doing this kind of stuff for at least a year, but now we’re seeing the bad guys do it. It was just a matter of time, because bad guys are going to attack whatever is easiest to attack, and consumer routers are direct-connected to the Internet and their security isn’t really all that much better today than it was when Linksys released its first router in 2000.
What’s worse is that two of the affected models, the Linksys E1000 and E1200, are no longer supported by Linksys. The answer is DD-WRT. Visit the linked page, type in the name of your router, check the version (it’s on a sticker), then load DD-WRT like you would load Linksys firmware. If you’re not comfortable doing it, a computer-savvy friend or acquaintance can do it in half an hour for you. I’m running DD-WRT on two routers myself, and put it on my mother-in-law’s router, and find there’s no comparison between it and anything any of the manufacturers are shipping from the factory.
Is its security perfect? Probably not, but it doesn’t even have the feature this exploit is using. And turning off undesirable features is the beginning of good security.
There’s an exploit in Flash, on all platforms, being actively exploited in the wild. Adobe rushed out an update. See more at Ars Technica. It allows remote code execution, so this one is as bad as it gets.
Installing EMET is a potential mitigation against Flash exploits, so if you’re running Windows, protecting Flash with EMET is an extremely good idea. Uninstalling Flash is an even better idea, but I don’t think HTML5 is quite ready to replace this scourge of computing security just yet.
I noticed that Secunia PSI automatically updated Flash on all of my machines, which was nice.
See, security doesn’t have to be painful.
Ars Technica has some harrowing speculation about the Nest, and why Google is interested in it.
I wanted a Nest, but haven’t bought one because I have a Carrier Infinity furnace that’s incompatible with it. Read more
Yesterday I read, via Ars Technica, that the malware resided on cash registers (which I’d heard elsewhere before), and that the first step to getting there was via a compromised web server.
And that led to a question in the comments, that sounds like it came from an IT professional:
don’t they have their network segregated into zones!!!? It shouldn’t be possible for a web server to touch a POS system in a store….
The commenter right, it shouldn’t be. But it doesn’t need to be, either. Read more
Ars Technica wrote last week about Samsung developing a 12-inch tablet, and asking who wants it?
I actually think a larger format tablet makes sense. Think of people in their 30s and 40s. They buy tablets. They like to read magazines on them, and have enough disposable income that they’re inclined to do both. Read more
What can you do about it? Read more
Ars Technica ran an aptly timed article today called How to talk your family out of bad consumer electronics purchases. It’s definitely worth a read, to steer you away from bad Black Friday electronics.
There’s a great tip in the article. If a doorbuster item has a model number that isn’t available the rest of the year, you don’t want it. That’s a good rule.