Security

Thursday Random Stuff…

January 11, 2018, 15:05(EST) By Eric (a.k.a. TweakHound)

Meltdown and Spectre News
Yeah I know, daily stuff. I know some of you are sick of it but it is bigger than a big deal so hear we go…
Intel has the nads to release some benchmarks showing performance hits varying from +1 to -21%. (pdf) None of us are going to know what the heck hits us until we get some fracking firmware updates.
On my end, Gigabyte has been silent on the entire issue. I emailed both the Press and Tech Support teams with no reply. Questions on this topic have gone unanswered in their forums.
Dell on the other hand has been a pleasant surprise. They have a dedicated support page for this issue that even list when your model will get an update. My Alienware 15 R2 is scheduled to get an update on the 14th.
Lawsuits: I am now officially a part of a class action suit (well, after I sign the retainer). More news may follow. Or not.
CEO: No new word on Intel’s CEO that many think should be fired or worse.
Excellent read: iVerge – How the industry-breaking Spectre bug stayed secret for seven months
Linux: Spectre & Meltdown Checker “A simple shell script to tell if your Linux installation is vulnerable” I repeat myself, at the risk of being cruel, if you’ve got Intel you’re vulnerable. Apologies to Paul Simon.
Browsers: Online browser checker. “If the result is VULNERABLE, it is definitely true. However, if the result is NOT VULNERABLE, it doesn’t mean your browser is absolutely not vulnerable because there might be other unknown attacking methods. ”
VMware Workstation Player: 14.1.1 released “This update of VMware Workstation Player exposes hardware support for branch target injection mitigation to VMware guests.”

Why Are You Still On Social Media?
I’m constantly amazed at the utter gall displayed by the higher-ups at these social media companies. The gist of this article is that if you don’t think like they do you are “shitty people” and they will “shadow ban” you. I don’t care what your political views are, no freedom loving person can find this behavior acceptable. The only way to change this is not to buy the Bravo Sierra that they will try to “fix” things. The fix is to remove their power over you. The fix is to GET OFF SOCIAL MEDIA.

The Beginning Of The End
Facebook developing ‘Portal’ gadget which will let it put microphones and cameras in people’s homes

Off Topic
Cleveland Indians pitcher Trevor Bauer: 116.9 MPH
I don’t think I could even stay in the batters box.

PowerShell – Check For Meltdown and Spectre

January 5, 2018, 05:20(EST) By Eric (a.k.a. TweakHound)

IMHO this is a Geek tool for fun. Got Intel? You’re vulnerable.
[Read more…] about PowerShell – Check For Meltdown and Spectre

Chrome & Firefox Updated

January 4, 2018, 17:08(EST) By Eric (a.k.a. TweakHound)

Chrome 63.0.3239.132
AFAIK this does not address the Meltdown and Spectre stuff. That was due to happen with Chrome 64 due out next Tuesday.
“The stable channel has been updated to 63.0.3239.132 for Windows, Mac and Linux”
Download

Firefox 54.0.4
“Security fixes to address the Meltdown and Spectre timing attacks”
Download
Release Notes

Win10 January 3, 2018 Updates And AV Software

January 4, 2018, 08:29(EST) By Eric (a.k.a. TweakHound)

Important information regarding the Windows security updates released on January 3, 2018 and anti-virus software
Microsoft has identified a compatibility issue with a small number of anti-virus software products.
The compatibility issue is caused when anti-virus applications make unsupported calls into Windows kernel memory. These calls may cause stop errors (also known as blue screen errors) that make the device unable to boot. To help prevent stop errors caused by incompatible anti-virus applications, Microsoft is only offering the Windows security updates released on January 3, 2018 to devices running anti-virus software from partners who have confirmed their software is compatible with the January 2018 Windows operating system security update.
If you have not been offered the security update, you may be running incompatible anti-virus software and you should follow up with your software vendor.

Intel CPU Fiasco – More Info

January 4, 2018, 07:47(EST) By Eric (a.k.a. TweakHound)

last updated: 0838EST, 04JAN2018

Full breakdown: https://meltdownattack.com/

iVerge – Microsoft issues emergency Windows update for processor security bugs

Google: “These vulnerabilities affect many CPUs, including those from AMD, ARM, and Intel, as well as the devices and operating systems running on them.”

AMD says, “near zero risk”

CERT: Vulnerability Note VU#584653 – CPU hardware vulnerable to side-channel attacks

WARNING – Do Not Run Windows Update

January 4, 2018, 07:31(EST) By Eric (a.k.a. TweakHound)

Patches will be rolling out today for the Intel CPU Fiasco.
(See below for the email I woke up to this morning.)
I highly recommend you pause, disable, stop, do not run Windows Update.
Full details have not been released as of this writing. These updates will at the kernel level. For the non-Geek that means at the core of Windows. I am not trying to play chicken little (henny penny for my U.K. friends). IMHO these updates are being rushed out and will be altered over time. They could slow down or even hose your PC. Let someone else beta test this stuff.
[Read more…] about WARNING – Do Not Run Windows Update

Patch Tuesday

December 12, 2017, 15:58(EST) By Eric (a.k.a. TweakHound)

Time To Run Windows Update
Patches available for all things Microsoft. Full breakdown at the end of this post.
Windows 10 – December 12, 2017—KB4053580 (OS Build 15063.786)
“This update includes quality improvements. No new operating system features are being introduced in this update.”

Flash Updated
APSB17-42 Security updates available for Adobe Flash Player
Download for Firefox and Opera: Adobe Flash Player 28.0.0.126
Download for Internet Explorer: Adobe Flash Player 28.0.0.126

CCleaner 5.38 Released
***WARNING*** As of this writing only the standard build available. No portable or slim.
I am not downloading this until a portable version is available.
CCleaner Forums post about this:
“The devs have decided to delay the portable version until the slim release. it is unclear if this is just for this version or going forward but this is a test trial of this policy.”
I am considering switching to Privacy Eraser. If anyone is/has used this please chime in.

[Read more…] about Patch Tuesday

Monday Random Stuff…

December 11, 2017, 16:11(EST) By Eric (a.k.a. TweakHound)

Another HP Keylogger
Security researcher Michael Myng found a keylogger on some HP laptops. There was one found earlier this year. This is on top of spyware found on HP devices.
Yikes!

GET OFF OF FACEBOOK
Another former Facebook exec rips social media:
“I think we have created tools that are ripping apart the social fabric of how society works…No civil discourse, no cooperation; misinformation, mistruth. And it’s not an American problem — this is not about Russians ads. This is a global problem.”
source: iVerge

FCC Chairman Ajit Pai Just Got Owned

December 11, 2017, 15:06(EST) By Eric (a.k.a. TweakHound)

Many of the computing worlds pioneers and best and brightest took the FCC chairman to school. In a letter to four Congressmen and an attached document they laid out the case for Net Neutrality and why repealing it is wrong. I’ve read both the letter and the attached document (53-page document, 43 plus credits). They are works of art. IMHO all Computer Science majors should be required to read them. If you are remotely interested in your internet freedom you should read them. If you want to understand anything about this issue you should read them.
The basic premise is that the argument that Ajit Pai is making is… well, here are some key phrases:
“appears to lack a fundamental understanding”
“fundamental misunderstanding”
“fundamentally misunderstands”
“analysis is fundamentally flawed”
“inaccurately portraying”
“This analysis is fundamentally flawed and again shows a basic misunderstanding of how the Internet works.”
“displays a stunning lack of technical knowledge”
and my favorite:
“This interpretation of the role ISPs play in a customer’s online experience is so fundamentally alien to the standard conception of how the Internet works that a well-known April Fools’ joke addresses precisely this question.”

The signers of the letter are a Who’s Who of the internet and computing world including the inventor of the World Wide Web, and the co-founder of Apple Computer.
The folks that put the document together is darn near as impressive.

Letter: Internet Pioneers and Leaders Tell the FCC: You Don’t Understand How the Internet Works
PDF: Joint Comments of Internet Engineers, Pioneers, and Technologists on the Technical Flaws in the FCC’s Notice of Proposed Rule-making and the Need for the Light-Touch, Bright-Line Rules from the Open Internet Order

Random Weekend Stuff…

December 9, 2017, 12:39(EST) By Eric (a.k.a. TweakHound)

Disqus Acquired
I forgot about this. Comment system Disqus got bought out by a marketing firm.
I deleted my account.

Thinking About Building A New PC Soon
This will be my main PC. Intel i7-8700 based (Z370 chipset). I’m thinking no overclocking. May switch to Nvidia GPU. This also may be a Linux PC with Windows in VMs.
Dual M2’s (non-RAID) + a 4TB HD. 960 EVOs for the M2s as I do not think the Pros are worth the money.
This PC needs to last several years.
Any thoughts?

Ancestery DNA Testing
At a Christmas party talking to a guy with the same last name as me. He says his Dad just got an ancestry DNA test and he was only 10% Welsh and 90% Western European. We discussed issues like migration and conquering being factors. I asked him what he thought about the privacy implications of the DNA test. I got a blank stare. I explained that you basically sign away all rights and that you’ve no idea what they are doing with your data. This could have profound effects not only for his Dad but, his Dad siblings, him and his siblings, his children, and their children… Not sure if what I was saying got through and I moved the conversation on to another topic.
I don’t agree with Chuck Schumer on much of anything but he had a great quote a few days ago:
“When it comes to protecting consumers’ privacy from at-home DNA test kit services, the federal government is behind. Besides, putting your most personal genetic information in the hands of third parties for their exclusive use raises a lot of concerns, from the potential for discrimination by employers all the way to health insurance,” said U.S. Senator Charles Schumer. “That’s why I am asking the Federal Trade Commission to take a serious look at this relatively new kind of service and ensure that these companies have clear, fair privacy policies and standards for all kinds of at-home DNA test kits. We don’t want to impede research but we also don’t want to empower those looking to make a fast buck or an unfair judgement off your genetic information. We can find the right balance here, and we must.”
Schumer added, “There is no point to learning about your family tree if your privacy gets chopped down in the process.”

Gillette Fusion Manual Men’s Razor Blade Refills, 12 Count – $23.95
Must clip $6 coupon (see pic below)
Amazon will tell you it is a total of $24.04 off but this is $29.95 at Walmart.com so the net savings is actually $6.

« Previous Page