Just participated in my first podcast for Hart Attack!

It was fun, we talked about technology, hacking, and corporate oppression.  Unfortunately, there wasn’t time for hope.  I’ll have to come back on to explain that it’s not all doom and gloom.   Episode 117 airs on Saturday evening.  Downloads available sometime after here.  Here is a link to more shows:

Hart Attack Home

Hart and I have worked together for some time.  He is a mogul of all things horrific.  Now he takes on the horror of the modern day with a political/news podcast.

Remembering my Zeda on his 100th Birthday!

Zeda 100th Birthday Tribute

Today would be my grandfather’s 100th birthday.  My grandfather was a major influence on me growing up.  He lived far away for my early years.  When we did get together my sister and I were doted upon and given wonderful gifts.  My Zeda was a television repairman by profession and a photographer and handyman as well.  His unique solutions to problems helped inspire my hacker spirit. He taught me that pencil erasers make great contact cleaners and to respect electricity.  I have inherited many of his tools.  I even used a few to fix CRT displays when I first started working on hardware.  He was quiet and patient, but always quick with a joke or rhyme.  His love for technology inspired me as well as my father before me.  He had internet in the early 90s and used his computer to scan and retouch pictures well into his 90s.  He served during World War II and told me more then a few interesting stories about that and his time as a stevedore on a cruise ship before the war.  He is fondly remembered in his neighborhood and at his temple where he continued to help out, fixing things until his death at 97.  To celebrate his memory, I ate some of his favorite food and told some stories.  This is for you Zeda.  I love you.

Celebrating my grandfather's birthday with his favorite food.  pizza.

Me and Zeda

Update Java. Seriously, do it right now.

20120405-000044.jpg
Another Java privilege escalation exploit spotted in the wild. Trojans and web based java classes are already installing remote access tunnels into Macs across the globe. Apple finally updated their java binaries and you should too! Protect yourself! Just run Software Update from the Apple menu.

Apple Info:
http://support.apple.com/kb/HT5228

More info (including a AppleScript test for infection):
http://mashable.com/2012/04/05/mac-flashback-trojan-check/

Updates keep the SSL boogiemen at bay.

all the ssl blacklists are updates. we can return to thinking we are safe. Apple included the patches in a Security Update, Firefox updated to 6.0.2. Jailbroken iOS users can update or install “sslfix” in Cydia to get the protections that apple has yet to release.

After watching Moxie’s BlackHat talk, we seriously need to fix SSL. It is holding up too many technologies to be this insecure.

Mac Defender is annoying users trusting enough to type their passwords!

A bit of ransom-ware by the name of Mac Defender is exploiting a default setting in safari that will automatically launch any installer package that you download. It still requires the user to go through the steps of installing the software including entering their administrator password. Apparently this hasn’t prevented hundreds of users from installing the bogus software. It seems to do nothing but pop up ads and messages to lure the user to pay $79.99 to remove the infection. Easy, free removal instructions are available here. But let this be a lesson. Don’t type your password if you don’t know why it is asking for it. Don’t install things you didn’t know you downloaded.

Gawker fiasco and what we’ve learned about password reuse.

Segment from Gawker's defaced site

Gawker Media (Lifehacker, Gizmodo, etc.) was hacked by a group calling themselves #gnosis and their entire user database (as well as source code for the sites) was posted to a popular torrent site.  Downloaded already no doubt by hundreds or even thousands of would be nar do wells.  What does this mean?  what can we learn?  More then 50,000 users used “password” for their password.  Read the oficial statement here.  I did enjoy the irony of Facebook connect users being safe from this.  If you had an account on any of these sites, your information is compromised and i prey you don’t reuse your password.  Change it, change it fast.  Millions of user’s Data was exposed (names, emails, passwords). The ramifications of this breach will continue over the next few weeks as users accounts on other services begin to wreak havoc.

here is a humerious comic about password reuse:
http://xkcd.com/792/