Security


My Local Backup Strategy

I have not been at my computer as much and I missed the fact that March 31st was world backup day.  This article on extremetech details some of the author’s backup plans. I wanted to have ransomware resistant backups at all levels so my system is a bit more elaborate: Backups are handled by Windows server backup for local backups and CrashplanPro for cloud backups of the entire R610. Windows server backup will not do […]


If You Pay The Ransom Do You Get Your Data ...

Ransomware is now making it into mainstream television.  Chicago Med(Season 2 Episode 19) has an episode where they get hit with ransomware.  Unlike Hollywood though most folks who pay loose not only their money but also their data.  I have never been an advocate of having pay the ransom as any line of defense.  Being ransomware resistant is not as difficult or as expensive as trying to recover your data from ransomware criminals.  The big […]



Spectre and Meltdown. How Susceptible Are you?

There’s a ton of crap running around about these vulnerabilities.  This video talks about the vulnerabilities on a user level and gives some background on exactly where the problem lies and much you should worry.  A technical paper on this is upcoming.  This is only a basic overview so the non-techies out there can truly understand what is going on.


Is The Cloud About to Become Fog?

It very well could be. right now I am seeing signs about an embargoed(aka being kept secret) serious HARDWARE security problem RE: virtualization(aka the cloud) that affects Intel processors. The amount of software patching going on is massive and even open source software maintainers are keeping a lid on things. Eventually something will either leak or it will get disclosed. Get ready because it appears this could be something really big….I hope this is speculation […]



How bad is the IntelME problem?

Every machine Intel has shipped from 2007 to present has had this below firmware..below the operating system thing in it.  All Intel CPU’s use the ME to boot at first..then the bios takes over..then the OS. It is too bad it tool this long to come out.  Honestly, I never fully trusted any Intel machines(yes i am on one right now that is “patched”) but unfortunately AMD was never a truly competitive chip for the […]


AMD Pro…Any Better Than IntelME?

AMD is now releasing their Ryzen Pro cpu offerings for businesses.  AMD is claiming their “management” solution is more secure than IntelME.  Given the extremely low bar set by IntelME that’s not hard to accomplish.  I have not had the time to research the Ryzen Pro but I will be watching and posting as i learn about it.  For right now…my advice is to NOT install any systems with Ryzen Pro.  Ryzen is OK…but Ryzen […]



Intel Skylake and Newer CPUs Expose JTAG Over USB. ...

As if the Minix OS that runs on the chipset of ALL Intel processors isn’t enough…it has now been shown that you do not even need any complicated steps to get to the IntelMe engine.  You can now access JTAG over ANY PCH(southbridge) and it is called DCI(Direct Connect Interface).  With this JTAG access you can access the Minix IntelME directly from USB with no additional security.  You can run ANY code(even unsigned) on the […]


Amazon key(Based upon IOT) makes your house absolutely insecure

Amazon Key IMO is a bad idea.  The fact that it is based on IOT makes it worse.  The very concept of you give someone access to your house with no other controls…there’s a camera to watch them but a camera will not stop anyone from doing anything else..jsut record the video of them doing it. now a security vulnerability has been found in the “smart lock” that powers this “service”.  Malwarebytes does not mention […]



Apple Values Your Privacy…Not Really.

We all know google mines everything..that’s been well established by Google themselves.  We knew Apple mined our data and “keeps it private”.  I always called BS on their privacy stance…Here’s the proof: http://www.zdnet.com/article/uber-app-can-silently-record-iphone-screens-researcher-finds/ Still think Apple values your privacy?  I put this squarely on Apple as they did not have to give up this priveldge to Uber….they chose to.  The security implications are huge as a single weakness in the Uber app effectively gives you […]


Bruce Schnier Destroys the State Sponsored Angle in the Equifax ...

The instant I saw folks start pandering the absurd theory that China or Russia had financed this attack I knew it was bogus.  The problem was a well-known and well published vulnerability in their website that their site(and many other larger websites) used called Apache Struts.  The resulting breach did not take any skill to exploit and the fact it took Equifax as long as it did shows the basic incompetence of the Equifax personnel.  […]