Vulnerabilities in Huawei Routers Discovered →
While not exactly news that home and small enterprise routers tend to be insecure, the magnitude of the problems with Huawei’s devices was revealed at DefCon this year. Given the failure of the company’s engineers to recognize and navigate around longstanding security issues it seems particularly prudent for a public accounting of Huawei’s enterprise and ISP-focused routing...
You hereby grant Ninja Tel permission to listen to, read, view and/or record any...– Ninja Tel Terms of Service (read more at Ars)
Some Literature on Skype Security
Chris Soghoian has a good piece breaking down what we know, and don’t know, about Skype’s VoIP security. While not mentioned, it’s helpful to keep in mind that the security and anonymity offered by Skype is questionable regardless of whether the company provides a private key/enables MITM/etc for law enforcement agencies. Such questions are, and have been raised by academics for...
The Pwnies Are Out →
I admit to having a preference for the attack on MySQL. The description: “Are we there yet?” MySQL Authentication Bypass (CVE-2012-2122) Credit: Sergei Golubchik On vulnerable versions of MySQL simply asking to authenticate repeatedly enough times is enough to bypass authentication: “Can I log in as root now?” ”How about now?” ”Now?” That said,...
Origin Stories and the Internet
There are a large list of origin stories and myths surrounding the ‘net. Some are far better than others. Given a recent (significantly misguided) piece by WSJ a quick couple of responses have gone up at Ars (not bad, not great) and by Robert Graham (pretty good). I’m not going to write an origin myth - though I’ve got one that I’m writing for future publication, and have...
Comment on Lion's Internet Recovery
I’ve recently added a new non-spinning disk to my system and decided to give Lion’s disk recovery system a try: how did it actually perform, where were there problems, and how were they resolved? I was incredibly impressed with the general functionality of the Internet-based recovery mechanism. After adding the new disk I was asked to connect to a local wireless network and then basic...
Why I Can't Recommend gfxCardStatus
A recent Ars Technica article got me interested in a neat piece of donation-ware called gfxCardStatus. See, contemporary 15” Macbook Pros have two GPUs. One is discrete and the other is integrated. The theory is that when you’re on battery power you’re more likely to hop over to the integrated GPU to save battery, though whenever you need the power of the discrete GPU you have a...
SandForce Controllers and Encryption →
Rob Graham has a good look at the challenges facing SandForce controllers - which are used by a large number of the solid state hard drives on the consumer market - as related to disk encryption. I highly recommend reading it but, if you just don’t have the time, here’s the key takeaway: “The problem with a SandForce controller is that all its features are lost when using full...
A Glimpse Into How 'Normals' Read the Internet →
I use the term ‘normals’ in an utterly positive sense: Vanity Fair’s recent piece, titled “World War 3.0,” scatters enough truth through the article that it possesses a veneer of credibility while obfuscating falsehoods and myths. The result is that unsavvy readers will be left with conceptions the everything is peachy with ICANN (false), that the ITU is coming to...
Can Nulpunt "Abolish Government Secrecy?" →
In a word: No. Nulpunt is an online database that lets individuals subscribe to topics and, when a freedom of information request on the topic becomes available, ‘pushes’ the content to the user. This mediates the present format for such requests, where individuals tend to be hunting for specific information and the population generally has no effective means to see or understand the...