Andrew Breese

Musings of a professional geek

Category Archives: Hacking and Security

Does Meltdown or Spectre affect normal users? Probably not

The impacts of two new CPU security expoits are being tested at present, and I’ve seen two different views – one that it will have an impact (of single digits), and another saying that those single digits are not relevant (or almost not) for gamers and normal users because they don’t involve the kernal.

TLDR = You have no choice except to Patch and move on. Maybe keep reading in the background.

  • The CPU exploit probably won’t greatly impact a gamer or a normal user, and if they do – it will be a small slow down.
  • Pretty much everyone is nominally affected, so the playing field is still level.
  • Patching the machines is important (duh!).
  • There are no known exploits in the wild yet.
  • It will be years before consumer grade hardwar is released which won’t be impacted, because deisgning new CPUs takes time, and then the companies will need to get the hardware into market.

The background:

Advertisements

Firefox Mr Robot add-on fail is akin to U2 fail

I’m staggered to read that Mozilla tried to advertise the TV show Mr Robot by forcing the install of an add-on. Yes, it was disabled by default, but thats is plainly a crap thing to do. So much for thinking of the community or for acting responsibily.

As reported by Shaun Nichols of “The Register” – Mozilla automatically installed a weird add-on to Firefox on people’s computers – an add-on that turned out to be a marketing promotion for the hit telly show Mr Robot.

The reactions are justified and blunt. Its almost implausible, but happened.

lookingglassreviews

I do not understand how this would have been seen as clever advertising, and was probably damaging to their geek-cred. As if anything the geek audience of Mr Robot tends to be more security and IT sector aware and wouldn’t like the move.

Did the music industry folks love it when U2 brute forced their new album into the iTunes media library? Broadly speaking no; there was a lot of bad press, and apologies.

Mozilla chief marketing officer Jascha Kaykas-Wolff has posted a mea-culpa on the Mozilla blog. “We’re sorry for the confusion and for letting down members of our community,” Kaykas-Wolff wrote.

“While there was no intention or mechanism to collect or share your data or private information and The Looking Glass was an opt-in and user activated promotion, we should have given users the choice to install this add-on.”

The exec also said Mozilla did not sell out its loyalists to a TV network – this was done for free.

“Over the course of the year Firefox has enjoyed a growing relationship with the Mr Robot television show and, as part of this relationship, we developed an unpaid collaboration to engage our users and viewers of the show in a new way,” Kaykas-Wolff explained.

Somehow, that just makes it even worse.

I don’t care that they didn’t get paid, I care that they did it. If fact the did sell out, however their price was exceptionally cheap in dollars, and expensive in reputation damage.

So bye-bye Firefox! You’re done for another few years (or until Chrome does something equally stupid and I’m forced to pick between the lesser of two evils).

Blockchain and Bitcoin Humble Bundle

The current Humble Bunddle is all about Bitcoin and Blockchain – two topics which are well understood in technical circles, but not well understood in many others. Like the post on Crypto and Cybersecurity with the Humble Bundle, I think this is worth seriously considering. At the $8 level it is good value and handy to have a handful of electronic textbooks. I’m no expert, but I plan to at least validate what I think I know against useful sources. Happy reading.

Humble Bundle on Cybersecurity and Crypto

Heads-up on a great Humble Bundle on crypto, security, hacking, and all sorts of related topics. As a pay-what-you-like deal it’s amazing given these books are worth. I’m really keen to read Threat Modeling: Designing for Security and Cryptography Engineering: Design Principles and Practical Applications; that is my bed side reading set for months to come. Offer ends around the end of July, and found via Bruce Schneier’s blog.

Privacy Amendment Bill for Data Breech Notification has passed.

The Privacy Amendment Bill for Data Breech Notification has passed.

Implements recommendations of the Parliamentary Joint Committee on Intelligence and Security’s Advisory report on the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014 and the Australian Law Reform Commission’s report For Your Information: Australian Privacy Law and Practice by amending the Privacy Act 1988 to require agencies, organisations and certain other entities to provide notice to the Australian Information Commissioner and affected individuals of an eligible data breach.

What does it mean? Well practically it means that companies and organisations (including the government) who suffer a breech of information must notify the government, and therefore may as well tell the public too, in a certain time-frame. And that failing to do so suffers penalties. It encourages data security, privacy, literacy for cyber threats, and might also change the ways companies think about technical security and privacy more broadly.

Is it perfect? No. Is it better than hoping it does not happen, or trusting that companies might do the right thing anyway? Hell yes. Huzzah!

%d bloggers like this: