Archive for the ‘Idiocy’ Category

The Internet of Things with Pre-Installed Backdoors

Friday, August 12th, 2016


Threatpost: https://threatpost.com/undocumented-snmp-string-exposes-rockwell-plcs-to-remote-attacks/119865/

The SEO-friendly URL says it all. The Rockwell PLCs in question have a RW SNMP community common to a range of their devices, undocumented, but if you can find it, you can light up every one of them.

Correction: there’s another SNMP string that allows even more access, also undocumented. That’s what’s makes this newsworthy. Not one backdoor, that’s old news. Two pre-installed backdoors, now we got us a story!

If you work with PLCs, read the article above, check to see if you’re using any of them, and then contact the manufacturer. You need to get all over this like a donkey on a waffle.

This News Just in…

Friday, July 22nd, 2016

If you’re an infamous person that the government is out to get, don’t use iTunes. Or Facebook. The guy supposedly in charge of Kickass Torrents used both, his IP address for iTunes matched the IP address for editing his website’s Facebook page, and it was all over for him. He would seriously have benefited from adversary-resistant computing and adversary-resistant networking.

Twitter Twits

Tuesday, November 12th, 2013

Fun stuff in a Pew Research report about Twitter users: only 16% of America’s adults use Twitter. Of them, only half use it for news. That means – I’ll do the math for you, you’re welcome – only 8% of USA adults use Twitter for anything more than ranting and following Miley Bieber or Khloe Cyrus or whoever. The data get more interesting: roughly half of Twitter’s users are 18-29 years old, and they are disproportionately college-educated, relative to the rest of the US population. Put that together with recent unemployment trends and the pattern emerges: Twitter is the home for unemployed college students with nothing better to do. Great demographics, there.

Twitter news users tend to be caught up in a constantly-shifting emotional flux. They forward along stories, talk about them for a few hours, and then lose all interest and focus in the face of a new story to be passionate about. I don’t see much monetization potential here, space cadets.

This makes me wonder about those that purchased Twitter stock… while I won’t offer any advice on equities, I will wonder about the sanity of those that bought into the hype. Perhaps I shall find some cultist fodder amongst their weak and suggestible minds.

Go Cheap, Then Go Home

Monday, October 21st, 2013

There’s the old saw about being penny wise and pound foolish. If you’re a company officer, and you’re looking to skimp on network security and redundancy to save a few bucks up front, just ask yourself this one little question:

How much money will you lose when your network goes completely down due to a security incident or a major hardware failure of a key device? Those events are not possibilities, they are guaranteed to happen at some time in the future. Does the future cost justify the short-term savings?

Does your IT staff agree with your assessment?

If you pay up front and have a secure network with high availability, your network guys aren’t printing off this article in secret and sliding it under your door. They’re satisfied that you’ve followed due diligence and that they won’t have to try and find another job before the big meltdown hits so that they won’t be blamed for your stinginess.

If this article *does* wind up passed to you surreptitiously, then rather than going after the guy that dropped the note on you, how about you revisit those budget figures for network security and high availability and get a better set of solutions in line so that when disaster happens, your network guys are positioned to deal with it appropriately.

At the end of the day, it’s your call, but don’t be surprised if the good talent bails out on a bad network.

How to Think Like a (bad) CIO

Monday, October 14th, 2013

1. Go to a magazine, blog, or website that purports to summarize IT information for executives. Alternatively, go to an airport men’s room.

2. Look at all the pictures, captions, and words in ads printed in large fonts. If in the airport men’s room, take note of whatever is advertised at eye level above the urinals.

3. Become obsessed with leveraging next-generation synergies with the emerging technology described, above.

4. Take the marketing to the next level. One way to do that is the expansion of benefits ad infinitum: if one of those devices/software platforms is good for a company, then one per user ought to be awesome. For example, if one firewall will protect a company, then one firewall per user will provide awesome protection. Another example: if one load-balanced virtual server cluster is good for a company, then getting every user his or her own load-balanced virtual server cluster will definitely deliver those leveraged next-generations synergies.

5. Present the next-level solution to your IT team and express confidence that they can get the implementation done right.

If you can do this and you are an IT professional, you will be ahead of the curve when the orders come down from above, and you’ll be ready to roll with the project.

PROTIP: having budget numbers ready to go on the outlandish ideas is a great way to get the project canceled. Don’t present the budget numbers with a negative attitude. Instead, present a can-do “we can raise the money!” attitude about the massive costs, wait a week or two, and it’ll be quietly moved to the back burner in the next big emergency.

PROTIP: If the big budget doesn’t scare the top brass, then celebrate! Your company is awash in cash and you will get loads of experience on some sweet new equipment. Don’t worry about the waste. Seriously, if you can get it all to work, you’ll have some of the funnest days at your job, ever. If not, well, keep up appearances and it’ll still probably get moved to that back burner in the next big emergency.

Every Fibre Optic Is a Loaded Fibre Optic

Wednesday, September 18th, 2013

Although not every fibre optic cable will have power sufficient to burn out a human eye, there are enough out there that can to warrant a caution to never direct the end of a fibre optic at an eye, unless one intends to do that eye grave harm.

Would that that was the only cautionary tale to go with fibre. But, alas! It is not! There is also the danger of scraps of fibre from an installation landing on your hands… and then you rub your eyes with your hands… and AIIIEEEEEE! Not a good situation. Or, you could be installing fibre and little bits of it fly through the air, direct to your eyes, and… AIIIEEEEEE! Put on the wraparaound safety glasses and keep them on. Remember that eyes are very much like computers: you take care of the ones you want to keep.

So are your innards. That’s why it’s a good idea to never have food or drink near where you’re working with fibre. Most people cannot eat glass, due to the harm it causes them. You are most likely in the category of “most people.” Therefore, exercise caution.

With a few proper safety measures, you can have a safe and happy fibre optic installation. But there is one safety tip that is best of all…

… get a disposable minion to install the fibre optic for you. Then, when the fibre is all up and running, toss the minion into the shoggoth pens so he doesn’t track up the office with all those nasty particles of glass and what-not that go with fibre installations.