Lenovo shipping laptops with pre-installed adware that kills HTTPS | CSO Online

Whoops. Lenovo shipped computers with adware that breaks ALL SSL on its laptops. Not only that, but the private key is also widely available, meaning anyone can spoof any website on an unsuspecting Lenovo owner’s computer. Major security fail!

Lenovo is in hot water after it was revealed on Wednesday that the company is shipping consumer laptops with Superfish Adware pre-installed. Security experts are alarmed, as the software performs Man-in-the-Middle attacks that compromises all SSL connections.

It’s a fact of life; PC manufacturers are paid to install software at the factory, and in many cases this is where their profit margin comes from. However, pre-installed software is mostly an annoyance for consumers. Yet, when this pre-installed software places their security at risk, it becomes a serious problem.

via Lenovo shipping laptops with pre-installed adware that kills HTTPS | CSO Online.

Update: More technical info here and here.

New Snowden Docs Indicate Scope of NSA Preparations for Cyber Battle – SPIEGEL ONLINE

Germany’s Der Spiegel published Snowden documents last month that describe an NSA project to modify hard drive firmware for spying purposes. This pretty much fingers the NSA as the “Equation Group” Kaspersky mentioned in its report.

Normally, internship applicants need to have polished resumes, with volunteer work on social projects considered a plus. But at Politerain, the job posting calls for candidates with significantly different skill sets. We are, the ad says, "looking for interns who want to break things."

Politerain is not a project associated with a conventional company. It is run by a US government intelligence organization, the National Security Agency (NSA). More precisely, it’s operated by the NSA’s digital snipers with Tailored Access Operations (TAO), the department responsible for breaking into computers.

via New Snowden Docs Indicate Scope of NSA Preparations for Cyber Battle – SPIEGEL ONLINE.

Equation Group: NSA-linked spying team have software to hack into any computer – News – Gadgets and Tech – The Independent

Astonishing. The apparent creators of Stuxnet have learned how to alter the firmware in hard drives to hide spying software in hidden sectors.

The US security services have developed software that has enabled it to spy on home computers almost anywhere in the world.Russian researchers at Kaspersky Lab have claimed that the software gave those behind it, thought to be the US National Security Agency, the power to listen in on the majority of the world’s computers.

It could be installed on practically any of the world’s most common hard drives and spy on the computer while going undetected.

It was used to break in to government and other important institutions in 30 countries across the world, they claim.

via Equation Group: NSA-linked spying team have software to hack into any computer – News – Gadgets and Tech – The Independent.

Update 10:20 PM: Read Kaspersky’s blog post on the Equation Group and it’s Equation Group Q&A [PDF].

Why Tesla’s battery for your home should terrify utilities | The Verge

Telsa and SolarCity are working on a residential battery that might let people drop off the electric grid completely. The utilities are sweating.

Earlier this week, during a disappointing Tesla earnings call, Elon Musk mentioned in passing that he’d be producing a stationary battery for powering the home in the next few months. It sounded like a throwaway side project from someone who’s never seen a side project he doesn’t like. But it’s a very smart move, and one that’s more central to Musk’s ambitions than it might seem.

via Why Tesla's battery for your home should terrify utilities | The Verge.

MicLoc – DIY acoustic triangulation

On the the East CAC Facebook page, some neighbors recently asked if the police department was using acoustic triangulation systems for tracking gunfire. I responded that systems like ShotSpotter were interesting but that the police department couldn’t afford the $300k cost.

Ah, the joys of open source! It turns out one enterprising hacker has built his own Arduino-based triangulation system using easy-to-obtain parts. This has me thinking that if a few neighbors here and there were willing to station these near their homes, the fixes that could be plotted would be extremely accurate. Even a small network of these would do wonders. In this way, neighbors could be helping to fight crime in their area without actually having to do anything. It sounds like a great solution!

MicLoc is an effort to develop a device capable of passively identifying a sound based event position on a given map, therefor pinpointing its location. The whole idea is to achieve this goal with everyday electronics and reduced development costs.With the event of small, affordable, powerful microprocessors and electronics in general, this technology now seems accessible to potential commercial applications and general public use.The main goals of this project are:

  • Develop a low cost, compact device capable of identifying a source source location on a map with sub-meter precision.
  • Develop, detail and open-source the hardware and plans used so anyone can build this device.
  • Develop, detail and open-source the software needed to interface the device with a computer.

via rural hacker: MicLoc.

Google Cloud and latency

Since I’ve been having so much fun with Amazon Web Services, I thought I would check out Google’s offering, called Google Cloud. I’ve only had a trial running with it for about 24 hours but so far it seems solid. The server I am using is fast and has good connectivity to Google’s servers, which is a good thing.

What is a bad thing, however, is that my hosted server has very poor connectivity to me. The round-trip ping time is about 55ms, whereas AWS with it’s Ashburn, VA datacenter gets me 25ms. Huge difference! Also, my AWS instance has 14 routers to navigate before it gets to me but my Google Cloud instance travels through a whopping 24 routers. Those packets bounce around like ping pong balls! I was hoping that with Google’s company-owned fiber network and datacenters located here in North Carolina I would get faster response times. No such luck … yet.

Why “yet?” Well, Google Fiber is coming to the Triangle, in case you’ve been under a rock. I’m hopeful once I’m on the Google Fiber network, my latency to Google Cloud will drop considerably, perhaps <1ms. This invites all sorts of innovations. Give clever developers fat resources located close (on the network, anyway) to their audience and some interesting things start to happen.

Google Fiber could be the fire that lights off Google Cloud. I figure it’s worth checking out the new landscape now so that I can get in on the game.

Up to speed on Amazon Web Services

I’ve been getting up to speed on Amazon Web Services over the past few weeks. With the end of the year bonus I got from my work I put down the money to get a 3-year reserved instance, gaining a hefty hosted server for a remarkably low price.

I’d had an Amazon instance for a few months just to kick the tires. However, when my reserved instance got purchased, it took me a while to figure out that Amazon had changed its virtualization techniques and in order to take advantage of the new instance I would have to convert my existing image to a completely new one. The blocker for this was that the CentOS-based AMI I used seemed locked and the root drive couldn’t be mounted to a new instance. I had to copy everything using the old instance.

My new instance was created completely by me, using a recipe that helped me build it from the ground up. Now that I have a good base to start from I can build some useful AMIs and share them with others. I hope to make a Rivendell Radio Automation AMI someday so that people can launch their own online radio station with a few clicks of a button.

I’ve also dug into the wonder that is S3, creating an s3fs “filesystem” on my Linux instance for serving up music for my Rivendell install. I will eventually do the same for the media included here on MT.net and push that to CloudFront.

The cool thing about the cloud is that it’s a geek’s ultimate laboratory. It’s incredibly easy and cheap to spin up computer sessions. I can play with technologies without having to commit to them long-term. I’m having a lot of fun with it.

I’m particularly proud that I was able to migrate the server that hosts my neighborhood email lists from a locally-hosted server over to AWS without any of my neighbors knowing I’d done it. I guess twenty years of sysadmin experience pays off every now and then!

RALEIGH: Senate plan would cut NC gas tax | State Politics | NewsObserver.com

Our state legislature is considering cutting our state gasoline tax when we should be doubling it. How unfortunate.

Also, I’m not happy with Bruce Sieceloff’s story about it as he doesn’t explain why our state’s gasoline tax is so high. North Carolina has the largest state-maintained highway system in the country, bigger than Texas and even California. That’s why North Carolina’s gas taxes are higher than neighboring states. Shame on you, Bruce, for failing to mention this fact.

The legislature has moved twice over the past decade to put an upper limit on rising gas tax rates. But in 2009, a tax ceiling that had been enacted two years earlier was converted to a floor to close a gap in the DOT budget. Without that action in 2009, the tax rate would have dropped from 29.9 to 27.9 cents.

North Carolina’s gas tax is one of the highest in the nation. The highway use tax collected at the time of car sales, another major source of road money, is lower in North Carolina than in neighboring states.

via RALEIGH: Senate plan would cut NC gas tax | State Politics | NewsObserver.com.

Update: As I noted then, the N&O’s editorial board mentioned this back in May 2012:

“There’s a good reason why our gas tax is so hefty. State government here, due to a policy with roots in the Depression, bears a much greater share of local road expenses than in most states. North Carolina ranks second only to Texas in miles of state-maintained roadways. This policy serves to lighten the load on county governments and is reflected in their relatively low tax rates.”

I feel it is only fair that when our state’s high gas tax is mentioned, our state’s gigantic, state-owned highway system should be mentioned, too.

Brian Williams and lies about Iraq

Brian_Williams
There’s a lot being made about NBC News anchor Brian Williams having claimed he was in a helicopter in Iraq that made an emergency landing after being hit by enemy fire. I give Williams a pass. He had made a living telling other people’s stories, stories he did not write. After reading thousands of these over the years, it must become difficult keeping straight what one did and what one only read or saw. It does not diminish my perception of Williams if his helicopter wasn’t hit as he claimed. In the heat of it all it becomes difficult to piece together what’s what.

As the photo above attests, it would be a shame if Williams were the only one punished for lying about Iraq. There are presidents, vice-presidents, cabinet officials, – and, yes, news media – that buried everyone under lie upon lie about Iraq. Williams’s faux pas is tame by comparison.

Hanging Brian Williams out to dry for Iraq lies is like making Martha Stewart the fall guy for insider trading. The worst offenders get away.

Dean Smith passes away

Dean Smith speaks with Erskine Bowles

Dean Smith speaks with Erskine Bowles

Dean Smith, legendary basketball coach of the team I love to beat (the Tar Heels), passed away last night at the age of 83. Though I’m a Wolfpack fan, I had a lot of respect for Coach Smith. You knew when your team beat his it was something special because he always had his teams prepared.

I was fortunate to stand behind him at the Kerry-Edwards rally at N.C. State on July 10, 2004. It was unbearably hot and he was sweating through his dress shirt. I asked him if the heat bothered him and he smiled and said it was actually his bad knees that bothered him. We were on risers with no seats and at that moment I wanted to flag down and organizer and demand a seat be provided to Coach Smith.