[ale] Fwd: Re: semi [OT] cool info, sn podcast, FIXING SSD'S, linksys router flaws, more
Ron Frazier (ALE)
atllinuxenthinfo at techstarship.com
Sat Feb 9 08:20:20 EST 2013
Hi all,
Catching up on some old threads. I decided to subscribe to the podcast at pauldotcom.com, which is different from what you find at paul.com. I presume you guys were talking about the former.
I like to keep up on security stuff.
I decided not to subscribe to hak5 since that appears to be only video, and I usually consume podcasts while driving the car.
Sincerely,
Ron
Ron Frazier <rwfrazier at techstarship.com> wrote:
>
>
>-------- Original Message --------
>Subject: Re: [ale] semi [OT] cool info, sn podcast, FIXING SSD'S,
>linksys router flaws, more
>Date: Sun, 20 Jan 2013 16:16:51 -0800
>From: David Tomaschik <david at systemoverlord.com>
>Reply-To: Atlanta Linux Enthusiasts <ale at ale.org>
>To: Atlanta Linux Enthusiasts <ale at ale.org>
>
>
>
>On Sun, Jan 20, 2013 at 8:04 AM, Matthew <simontek at gmail.com
><mailto:simontek at gmail.com>> wrote:
>
> speaking of pod casts, does anyone else watch/listen to pauldotcom
> or hak5?
>
>
>I'm a big fan of both. Some people think hak5 is a bit "simplistic",
>but it's still interesting, and I appreciate their efforts to open the
>security world up to more people. Plus, the WiFi Pineapple and the USB
>
>Rubber Ducky are awesome.
>
>
>
> On Sun, Jan 20, 2013 at 10:44 AM, Ron Frazier (ALE)
> <atllinuxenthinfo at techstarship.com
> <mailto:atllinuxenthinfo at techstarship.com>> wrote:
>
> Hi all,
>
> The latest security now podcast had lots of good info I wanted
> to share. Some of you already know much of what they cover and
> some are above the level the podcast is aimed at. However, I
> find the info useful so I would just say use it for what it's
> worth to you.
>
> http://www.grc.com/securitynow.htm - show web page
> http://twit.tv/sn - show web page on This Week In Tech network
>
> http://media.grc.com/sn/sn-387.mp3 - show audio
> http://www.grc.com/sn/sn-387.pdf - transcript
>
> I'll reference pages in the transcript for each item. Not sure
> of the exact position in the audio.
>
> * p2 - They spent a while discussing yet another of the
> seemingly endless zero day exploits in Java as well as
> disconnecting it from your browser while leaving it on the
> system, if you have to. - p2
>
> * p6 - They discussed the USB drives brings down power plant
> issue for a while. - p6
>
> * p7 - They discussed a flaw which allows someone to get root
> access to certain Linksys routers, hopefully only from within
> the LAN side of the device. This could affect 70,000,000
> routers. Info here bit.ly/linksys0day
> <http://bit.ly/linksys0day> which links to
>http://www.defensecode.com/article/upcoming_cisco_linksys_remote_preauth_root_exploit-33
> . According to Leo's and Steve's opinion, Cisco has been
> extremely negligent in patching flaws in the Linksys product
> line. There was also a fiasco recently where they tried to
> disable the control panel in their new routers and force users
> to log into a Cisco web account just to be able to administer
> their router. I don't think I'll be buying any Linksys
> products. - p7
>
> * p8 - A short discussion about an article comparing various
> USB chargers. Apparently some are much better and some are much
> worse. I haven't read it yet but it sounds cool. Info here
> bit.ly/usbcharge <http://bit.ly/usbcharge> which links to
> http://www.arcfn.com/2012/10/a-dozen-usb-chargers-in-lab-apple-is.html
> . This is a very detailed article. - p8
>
> * p10 - FIXING SSD's - A number of listeners have reported
> that A) their relatively new SSD's are failing to read properly,
> and B) you can sometimes fix them with SpinRite. This is
> important info. According to Steve, the economics of the SSD
> market are forcing producers to operate at the very bleeding
> edge of what is technically possible for the price they're
> selling the product at. Sometimes, they cross over to the wrong
> side of that fence. According to Steve, the units are JUST
> RELIABLE ENOUGH to sell them, just like HDD's.
>
> Imagine this, you have a microscopic storage tank for electrons,
> a capacitor, which is VERY microscopic. You stick a VERY small
> charge of electrons into the storage tank through a lid which is
> inherently leaky. The more you use it, the more leaky it gets.
> Not only that, you try to fill it either 1/4 1/2 3/4 or full,
> and then sense what state it's in to read back 2 bits of data.
> (MLC cells) The engineers know this won't work sometimes, so
> they rely on lots of ECC (error correction code) to make it
> work. Sometimes, even that fails, and you get "sectors" that
> won't read properly.
>
> A number of listeners to the podcast have reported that they've
> used SpinRite to fix SSD's which are giving failures to read.
> SpinRite has various operational levels. It is now apparent
> that there is value in forcing an SSD controller to periodically
> read all of the "disk" in the same way it's useful to do this to
> a hard drive. In the case of an SSD, it forces the controller
> to acknowledge weak storage cells and either refresh the data
> (electrical charge) or relocate it. The user that contacted the
> show was having problems with a balky SSD running on a Mac. He
> moved the SSD to a pc and ran SpinRite on it at Level 1 - read
> only and don't try to recover data. He got a number of
> unrecoverable sector errors. Upon Steve's advice, he ran
> SpinRite on Level 2. This is also read only, but invokes a
> massive statistical analysis routine to try to recover
> unreadable sectors by reading the raw data up to 2000 times. On
> a HDD, SpinRite would fly the heads in to the sector from many
> different locations to account for mechanical variances in the
> read mechanism. On an SSD, this does not apply. However, the
> statistical data analysis on bad sectors is still valid. Note
> that something like badblocks can exercise the drive's
> controller. However, it cannot do the extensive data recovery
> on unreadable sectors that SpinRite can. In any case, once the
> user had run the SpinRite level 2 process on the drive, the
> unreadable sectors had been recovered sufficiently to put the
> drive in the Mac and it worked fine.
>
> To give you an idea of how Steve feels about the reliability (or
> lack of it) of SSD's, he is using some in a server, but for him
> to feel safe, they had to be:
> - OWC premium brand
> - Single Level Cell memory rather than Multi Level Cell
> (very expensive)
> - Massively overprovisioned with spare sectors
> - Configured in fully redundant RAID such that any two
> drives can fail and the server still works
>
> - p10 in the transcript
>
> * p15 - They talk about using Java apps, like CrashPlan or
> MineCraft, without allowing Java to be active in the web
> browser. - p15
>
> * p17 - They talk about new technology involving filling HDD's
> with helium, which allows higher platter speed and higher aerial
> density. - p17
>
> * p19 - They talk about how to configure a PS3 for UPNP using
> a DMZ without endangering your network.
> Glossary - PS3 - Play Station 3
> - UPNP - Universal Plug and Play
> - Demilitarized Zone (in the
> router) - p19
>
> For those that don't know, UPNP is a potentially dangerous
> technology that allows an application to open ports in your
> router's firewall, for games to work, etc., without your
> knowledge or permission. In many cases, you cannot even tell
> what's been opened. If something malicious does get inside your
> firewall, either through a web page or an application, it can
> swing the doors of your firewall open wide and let all it's
> malware friends in. The best idea is to disable it unless you
> need it.
>
> * p19 - They discuss The Quite Canine project - An ongoing
> (very cool) design for a simple high frequency sound blaster
> that can be used to convince barking and / or aggressive dogs
> that you encounter to shut up and leave without harming them. -
> p19
>
> * p24 - Reminder by a listener of a year old problem in a
> large number of Linksys routers of a flaw in the WPS security
> system which allows the WPA password to be cracked in less than
> 10 hours by sniffing the traffic. Apparently, yet again, Cisco
> has dropped the ball an not fixed it. The moral of the story
> is, disable WPS on your router, if you even can. Apparently, on
> some of the Linksys routers, the disable function doesn't work.
> - p24
>
> I found these links:
>
>http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver
>http://arstechnica.com/business/2011/12/researchers-publish-open-source-tool-for-hacking-wifi-protected-setup/
>
> I hope you find this info helpful and useful. There appears to
> be a never ending supply of security problems to talk about.
>
> Sincerely,
>
> Ron
>
> --
>
> (To whom it may concern. My email address has changed.
> Replying to former
> messages prior to 03/31/12 with my personal address will go to
> the wrong
> address. Please send all personal correspondence to the new
> address.)
>
> (PS - If you email me and don't get a quick response, you might
> want to
> call on the phone. I get about 300 emails per day from
> alternate energy
> mailing lists and such. I don't always see new email messages
> very quickly.)
>
> Ron Frazier
> 770-205-9422 <tel:770-205-9422> (O) Leave a message.
> linuxdude AT techstarship.com <http://techstarship.com>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org <mailto:Ale at ale.org>
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>
>
>
> --
> SimonTek
> 912-398-6704 <tel:912-398-6704>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org <mailto:Ale at ale.org>
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
--
Sent from my Android Acer A500 tablet with bluetooth keyboard and K-9 Mail.
Please excuse my potential brevity.
(To whom it may concern. My email address has changed. Replying to former
messages prior to 03/31/12 with my personal address will go to the wrong
address. Please send all personal correspondence to the new address.)
(PS - If you email me and don't get a quick response, you might want to
call on the phone. I get about 300 emails per day from alternate energy
mailing lists and such. I don't always see new email messages very quickly.)
Ron Frazier
770-205-9422 (O) Leave a message.
linuxdude AT techstarship.com
More information about the Ale
mailing list