Ars Technica Archives - The Silicon Underground

Home » Ars Technica

The State Department is just one of many examples of IT gone rogue

Dave Farquhar security March 10, 2015August 12, 20181990s, Air Force, Ars Technica, contractor, early 1990s, emachine, firewall, hillary clinton, installing windows, RAM, server, servers, State Department, tactic, Windows Server

Much has been made of Hillary Clinton’s use of her own mail server, running out of her home. It didn’t change my opinion of her, and I don’t think it changed anyone else’s either–it just reinforces what everyone has thought of her since the early 1990s. Then, Ars Technica came forward with the bizarre case of Scott Gration, an ambassador who ran his own shadow IT shop out of a bathroom stall in Nairobi.

The money quote from Ars: “In other words, Gration was the end user from hell for an understaffed IT team.” And it concluded with, “[A]s with Clinton, Gration was the boss—and the boss got what the boss wanted.”

Indeed. And it doesn’t just happen in the government.

Initial upgrade reports on the HP Stream and Pavilion Mini

Dave Farquhar Hardware February 19, 2015February 18, 2015802.11, 802.11ac, AC, Ars Technica, CES, GB, hp, pcie, sata, SODIMM, ssd, Stream Mini, upgrade, wi-fi, Windows 10

Earlier this year at CES, HP introduced its HP Stream Mini ($180) and Pavilion Mini ($320 and $450) mini-desktops. They’re small, inexpensive, and in the case of the Stream, silent. They turn out to be surprisingly upgradeable as well. Ars Technica has details and benchmarks, but of course I have my own priorities based on their discoveries.

How to write reviews without getting sued

Dave Farquhar Uncategorized May 19, 2014November 22, 2016amazon, Ars Technica, FCC, google, journalism, linux, motherboard, Packard Bell, router, toy, toy train, TP, WRT

In a well publicized incident that happened earlier this month, someone who wrote a bad review on Amazon about a cheap router got threatened with a lawsuit by the router’s distributor, Mediabridge. Amazon retaliated by banning the distributor from selling on Amazon. But unfortunately, this means we have to think about how to write reviews without getting sued.

By the time this happened, the review was no longer on Amazon, so all I’ve heard about the review is secondhand. Ars Technica published this guide to writing reviews without getting sued and I think it’s good advice, but of course, having written dozens, if not hundreds of reviews myself, I feel inclined to elaborate. I actually value online reviews by people who bought the product and tried to use it. I value them a lot, so I want people to write reviews, and not be afraid to do it. And since I went to school for this stuff, hopefully I can say something helpful. Read more

Linksys routers are under attack, and here’s what you can do about it

Dave Farquhar security February 13, 2014Ars Technica, Exploit, Firmware, good security, linksys, malware, router, routers, WRT

A couple of my college buddies posted a link to an Ars Technica article about Linksys routers getting hacked. Sorry I didn’t find it myself, I’m prepping for a job interview. Excuses, excuses, I know.

Researchers have been doing this kind of stuff for at least a year, but now we’re seeing the bad guys do it. It was just a matter of time, because bad guys are going to attack whatever is easiest to attack, and consumer routers are direct-connected to the Internet and their security isn’t really all that much better today than it was when Linksys released its first router in 2000.

What’s worse is that two of the affected models, the Linksys E1000 and E1200, are no longer supported by Linksys. The answer is DD-WRT. Visit the linked page, type in the name of your router, check the version (it’s on a sticker), then load DD-WRT like you would load Linksys firmware. If you’re not comfortable doing it, a computer-savvy friend or acquaintance can do it in half an hour for you. I’m running DD-WRT on two routers myself, and put it on my mother-in-law’s router, and find there’s no comparison between it and anything any of the manufacturers are shipping from the factory.

Is its security perfect? Probably not, but it doesn’t even have the feature this exploit is using. And turning off undesirable features is the beginning of good security.

Time to update Flash again. This is a big one.

Dave Farquhar security February 6, 2014adobe, Adobe Flash, Ars Technica, code execution, EMET, execution, Exploit, psi, scourge, secunia

There’s an exploit in Flash, on all platforms, being actively exploited in the wild. Adobe rushed out an update. See more at Ars Technica. It allows remote code execution, so this one is as bad as it gets.

Installing EMET is a potential mitigation against Flash exploits, so if you’re running Windows, protecting Flash with EMET is an extremely good idea. Uninstalling Flash is an even better idea, but I don’t think HTML5 is quite ready to replace this scourge of computing security just yet.

I noticed that Secunia PSI automatically updated Flash on all of my machines, which was nice.

See, security doesn’t have to be painful.

Why you may not want a Nest

Dave Farquhar security January 22, 2014January 18, 2014Ars Technica, Democratic Party, facebook, google, hillary clinton, insurance companies, insurance company, microsoft, thermostat, vista, windows 8

Ars Technica has some harrowing speculation about the Nest, and why Google is interested in it.

I wanted a Nest, but haven’t bought one because I have a Carrier Infinity furnace that’s incompatible with it. Read more

More details on the Target hack come to light

Dave Farquhar security January 17, 2014January 16, 20141980s, 1990s, Ars Technica, Credit card, credit cards, DMZ, hacker, malware, server, servers, sysadmin, web server, windows 2000, windows nt

Yesterday I read, via Ars Technica, that the malware resided on cash registers (which I’d heard elsewhere before), and that the first step to getting there was via a compromised web server.

And that led to a question in the comments, that sounds like it came from an IT professional:

don’t they have their network segregated into zones!!!? It shouldn’t be possible for a web server to touch a POS system in a store….

The commenter right, it shouldn’t be. But it doesn’t need to be, either. Read more

This curmudgeon knows who wants a 12-inch tablet

Dave Farquhar Android January 10, 2014January 4, 2014720p, Ars Technica, christmas, samsung, tablet

Ars Technica wrote last week about Samsung developing a 12-inch tablet, and asking who wants it?

I actually think a larger format tablet makes sense. Think of people in their 30s and 40s. They buy tablets. They like to read magazines on them, and have enough disposable income that they’re inclined to do both. Read more

Another day, another router backdoor

Dave Farquhar security January 3, 2014December 5, 2015Ars Technica, cissp, d-link, dd wrt, Exploit, Exploitation, Federal Express, Firmware, linksys, malware, netgear, ROM, router, routers, TP, upgrade, wireless, WRT

Ars Technica dropped this bombshell toward the end of the day yesterday: A backdoor in Linksys and Netgear (and possibly other) routers. The exploit works on a weird port, so it’s not remotely exploitable, nor is someone going to drop it with some crafty Javascript like the recent D-Link backdoor, but it’s not out of the question at all for malware to do a pivot attack. Here’s how it would work: Once a computer is infected, it could attack the router and infect it too, so that once someone disinfects their computer, the router could re-infect the computer at a later date. A router is a great place to hide, because nobody looks at it, and they have ample storage on them to exploit..

What can you do about it? Read more

Beware the Black Friday electronics

Dave Farquhar Android, Saving money November 28, 2013November 22, 2016Ars Technica, asus, Asus Memo Pad, black friday, capacitor, capacitors, CPU, CS, ECS, hard drive, Hisense Sero, laser printer, Memo Pad, motherboard, pixels per inch, printer, RAM, sero, tablet

Ars Technica ran an aptly timed article today called How to talk your family out of bad consumer electronics purchases. It’s definitely worth a read, to steer you away from bad Black Friday electronics.

There’s a great tip in the article. If a doorbuster item has a model number that isn’t available the rest of the year, you don’t want it. That’s a good rule.

← Previous