I spotted it on page 597 of the 1983 Sears catalog. “Two big names play the same games,” the headline boasted. Next to the venerable Atari 2600, Sears presented the Coleco Gemini, an Atari 2600 clone.
In 1982, Coleco built an add-on to make its Coleco Vision game system Atari 2600-compatible. Atari sued. And then Coleco poked the bear by making an outright clone. Sears had sold Atari 2600 clones before, but they were actually a private-label version of the real Atari 2600. The Gemini was more of a true Atari 2600 clone.
A former journalist whose track record includes being fired from the Tribune Co. and from Reuters is facing two decades in prison for giving the hacking group Anonymous credentials to log into a Tribune web site and change stuff.
Anonymous changed one headline, and it took about 40 minutes for someone at Tribune Co. to notice and change it back.
It reminds me of something that happened at the newspaper where I used to work.
I cited MS14-066, commonly known as Winshock, this week as a reason to take action on a server. Another stakeholder tried to argue with me. The vulnerability was very old, he said–years old, and hadn’t caused a problem yet.
He’s right. It’s at least 19 years old. But that’s merely interesting, not important.
What’s important is what’s possible now that people know how to look for it and how to exploit it. Read more
On the Risky Business podcast last week, Andrew Wilson, the CEO of Australian cryptography gear maker Senetas, stated that many businesses see the bad things that happen from poor IT security as just a cost of doing business.
Nothing revolutionary there. We’ve all seen it. Target is paying a steep price right now, but what about Michaels and Nieman Marcus? They got breached at the same time as Target, and nobody’s talking about them. Maybe Target thinks the cost of doing business got too high, and they’ve hired a CISO and I hear they’re hiring lots of new security personnel–I have coworkers and former coworkers in the Minneapolis area who tell me as much–but for Michaels and Nieman Marcus, the cost, at least so far, appears to have been manageable.
But Wilson added something that I hadn’t heard anywhere else before. Fifty years ago, he said, construction workers dying while building a large building was considered a cost of doing business. Fifty years ago that was normal. Today it’s unacceptable.
I saw this new headline regarding Edward Snowden, discussing his NSA hacking training. Don’t be impressed.
For several years, I lived in that same world Snowden lived in. I’ve gone out of my way to avoid mentioning this, but from 2005-2012, I was a consultant. I worked for several different companies, due to contracts changing hands and companies merging, but my client was the United States Air Force. And from 2011-2012, I even had direct dealings with the NSA. I attended NSA meetings in the Washington, D.C. area. I received NSA training–in person–in a security discipline called threat modeling. My job was to represent NSA to the Air Force three weeks out of the month, and represent the Air Force to the NSA on the fourth week.
Just don’t ask me anything about UFOs. Unlike some people, I didn’t snoop around on classified networks. Whenever possible, didn’t look at the data at all. If I had to look at data, I preferred to look at dummy data. If I actually did look at real, honest-to-goodness classified data, it was because I needed to know that information to do my job. I was a pretty good contractor, I think.
I also know about this training that Snowden put on his resume. Read more
Ars Technica made a bit of a splash this week with this provocative headline. This is real.
The article gives the usual advice, like not opening e-mail from strangers, not clicking attachments from strangers, and not visiting dodgy websites. That’s all good advice, as is staying off torrent and other file sharing sites, but even all that is not enough. Read more
There are only six patches in this month’s edition of Patch Tuesday, and only one of them is critical, but it’s a big one.
The critical patch fixes a flaw in Remote Desktop Protocol, something typically only present in the business-oriented flavors of Windows. But if you don’t know whether you’re affected, it behooves you to let Windows update whatever it wants to update. Read more
Digital video is confusing. You get some clear advantages, since signal degradation becomes a thing of the past, but if you’re not someone who works in video for a living, it’s difficult to keep it all straight. And standards are a problem. You can’t just assume that two devices will work together because they’re both “digital.”
One of the problems is physical incompatibility. Some devices have Displayport ports. Some of them have HDMI ports. The solution is easy: get a cable with an HDMI connector on one end and a Displayport connector on the other. Problem solved.
And now the guy who sold it to you is a criminal. (You aren’t necessarily. Possession isn’t illegal, just sale or manufacture. So don’t sell it at your garage sale in 2019.) Read more