Security


When your outsourced security vendor outsources it’s own security…and things ...

Verizon is trying to make itself out as a security firm…but they failed to ensure their own outsourced vendor had proper security policies and procedures in place: An Israeli technology company has exposed millions of Verizon customer records, ZDNet has learned. As many as 14 million records of subscribers who called the phone giant’s customer services in the past six months were found on an unprotected Amazon S3 storage server controlled by an employee of […]


The FBI’s Nonsensical Advice to Reboot Infected Routers

The gov’t is a dubious source of information about cyber security.  I have personal experience in this area….. Rebooting an infected router will do NOTHING to stop this botnet.  Rebooting the router(and the FBI is aware of this) will only stop the active payload that can lunch attacks.  The payload that allows the re-infection of the device is still inside the devices firmware which will result in a re-infection of the device.  There is only […]



My Local Backup Strategy

I have not been at my computer as much and I missed the fact that March 31st was world backup day.  This article on extremetech details some of the author’s backup plans. I wanted to have ransomware resistant backups at all levels so my system is a bit more elaborate: Backups are handled by Windows server backup for local backups and CrashplanPro for cloud backups of the entire R610. Windows server backup will not do […]


If You Pay The Ransom Do You Get Your Data ...

Ransomware is now making it into mainstream television.  Chicago Med(Season 2 Episode 19) has an episode where they get hit with ransomware.  Unlike Hollywood though most folks who pay loose not only their money but also their data.  I have never been an advocate of having pay the ransom as any line of defense.  Being ransomware resistant is not as difficult or as expensive as trying to recover your data from ransomware criminals.  The big […]



Spectre and Meltdown. How Susceptible Are you?

There’s a ton of crap running around about these vulnerabilities.  This video talks about the vulnerabilities on a user level and gives some background on exactly where the problem lies and much you should worry.  A technical paper on this is upcoming.  This is only a basic overview so the non-techies out there can truly understand what is going on.


Is The Cloud About to Become Fog?

It very well could be. right now I am seeing signs about an embargoed(aka being kept secret) serious HARDWARE security problem RE: virtualization(aka the cloud) that affects Intel processors. The amount of software patching going on is massive and even open source software maintainers are keeping a lid on things. Eventually something will either leak or it will get disclosed. Get ready because it appears this could be something really big….I hope this is speculation […]



How bad is the IntelME problem?

Every machine Intel has shipped from 2007 to present has had this below firmware..below the operating system thing in it.  All Intel CPU’s use the ME to boot at first..then the bios takes over..then the OS. It is too bad it tool this long to come out.  Honestly, I never fully trusted any Intel machines(yes i am on one right now that is “patched”) but unfortunately AMD was never a truly competitive chip for the […]


AMD Pro…Any Better Than IntelME?

AMD is now releasing their Ryzen Pro cpu offerings for businesses.  AMD is claiming their “management” solution is more secure than IntelME.  Given the extremely low bar set by IntelME that’s not hard to accomplish.  I have not had the time to research the Ryzen Pro but I will be watching and posting as i learn about it.  For right now…my advice is to NOT install any systems with Ryzen Pro.  Ryzen is OK…but Ryzen […]



Intel Skylake and Newer CPUs Expose JTAG Over USB. ...

As if the Minix OS that runs on the chipset of ALL Intel processors isn’t enough…it has now been shown that you do not even need any complicated steps to get to the IntelMe engine.  You can now access JTAG over ANY PCH(southbridge) and it is called DCI(Direct Connect Interface).  With this JTAG access you can access the Minix IntelME directly from USB with no additional security.  You can run ANY code(even unsigned) on the […]


Amazon key(Based upon IOT) makes your house absolutely insecure

Amazon Key IMO is a bad idea.  The fact that it is based on IOT makes it worse.  The very concept of you give someone access to your house with no other controls…there’s a camera to watch them but a camera will not stop anyone from doing anything else..jsut record the video of them doing it. now a security vulnerability has been found in the “smart lock” that powers this “service”.  Malwarebytes does not mention […]