Power Rangers De-Boot fan short.

Filed in ShortsTags: , , ,

Or what I like to call the “Shut Up And Take My Fucking Money!!!” Power Rangers fan short.

I won’t spoil it for you by telling you more than this:  Watch it.  If you hated Power Rangers, watch it.  If you loved Power Rangers, watch it.  If you don’t have a single fraking clue who the Power Rangers were, then you should still watch it you old decrepit troglodyte who didn’t have a TV in the 80s or 90s.

Nudity (very brief, but oh so lovely), language, violence, and (in the words of Darph Bobo) Bloody Vengeance!!!!

UPDATE:   Vimeo has pulled the video.  They apparently don’t understand the concept of parody and derivative works.   Queue “The Streisand Effect” in 5…4….3…

https://vimeo.com/120401488

So, with that said, here’s a youtube link:

Superfish, https redirects and other security stupidity

Filed in SecurityTags: , , ,

First there was a $300m bank heist that was driven out of the news by the NSA (again) snooping on everyone (well, yeah.. this is news?) and then the news broke of one of the most boneheaded tech decisions since Sony’s rootkit laden audio CDs.

With that kind of week, you know the awesome weight of attention turned on one little company’s products,ie.. superfish, was going to turn up more and more fun for us security types.   Lo and behold, here’s what’s behind door number 2.

The SSL exploit code has been identified in at least a dozen more apps,  several of them marketed as security apps.  If that wasn’t enough, it’s been discovered that it also signs invalid or self-signed certificates for you and presents them as valid to the browser.  An in depth technical explanation of just how nasty this can be is out at filipo.io who seems to be rapidly becoming the go-to place for info on this debacle.

Microsoft has stepped up to the plate with an update to Windows Defender to help clean up this mess.  All I see in Windows Updates is one for IE 11 and an ASLR but in Jscript9.dll.   I haven’ t tracked down the details from Microsoft’s site about the Defender update, but The Verge has some good info on it.

So now that the work deployment I’m assisting with (I’m on call.. if it goes bad, I get woken up anyway so might as well be useful, ya know?) is done, I’ll bring this post to a close and leave you all crying in your beer and cursing at your packet dumps.  After all, how much worse could it get?

Scott

Lenovo & Superfish == Sony Rootkit redux?

Filed in SecurityTags: , , , ,

Seems Lenovo got the bright idea that they wanted to be in the adware business and started shipping Superfish adware system that uses a self signed root cert to basically commit a MITM attack and intercept HTTPS connections.   Why?  To inject adverts, of course, because we all know there aren’t enough advertisements on the net these days.

Ars Technica’s article has a good summary and Errata Securty’s blog goes even deeper into the mess.  If you bought a Lenovo laptop any time after October of last year (though some say as early as June) there’s a good chance you have this abomination installed.   The Errata Security link above will walk you through testing for and uninstalling it.

This is why we can’t have nice things and why any company that lets marketing make these kinds of decisions deserves the pounding they get from the users and buyers of their products.  There is absolutely no excuse for this in 2015. Period.

Lenovo just took themselves off my list of considerations for my new laptop this spring.  I’ve been looking for a 4k laptop to replace about 90% of what I use my desktop for and Lenovo had a couple of good prospects.  Not any more.  Damned shame, really.  I love their hardware, at least on the upper end.

Scott

Equation Group, Stuxnet and the NSA

Filed in SecurityTags: , , , , , ,

A few links to get you started then I’ll return later today for more analysis.

One of the most impressive bank heists outside Hollywood:  Bank Heist Steals Millions
Sophistication that would make even William Gibson envious: Beyond Stuxnet and Flame
And you guessed it, The NSA is involved (maybe): Sources connect NSA spying with hacks reported by Kaspersky.

More later as I have time to read and research.  If you have something, post it in the comments.

Scott

 

Categories
Click to view/hide
Calendar
Click to view/hide
February 2015
M T W T F S S
 1
2345678
9101112131415
16171819202122
232425262728