cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

The Actuator - November 2nd

Level 17

Home for a week after the PASS Summit before heading back out to Seattle on Sunday for the Microsoft MVP Summit. It's the one week a year where I get to attend an event as an attendee and not working a booth or helping to manage the event. That means, for a few days I get to put my learn on and immerse myself in all the new stuff coming to the Microsoft Data Platform.

As usual, here's a bunch of links I found on the Intertubz that you might find interesting, enjoy!

AtomBombing: The Windows Vulnerability that Cannot be Patched

I've been digging around for a day or so on this new threat and from what I can tell it is nothing new. This is how malware works, and the user still needs to allow for the code to have access in the first place (click a link, etc.). I can't imagine who among us falls for such attacks.

This is the email that hacked Hillary Clinton’s campaign chief

Then again, maybe I can imagine the people that fall for such attacks.

Apple's desensitisation of the human race to fundamental security practices

And Apple isn't doing us any security favors, either.

Mirai Malware Is Still Launching DDoS Attacks

Just in case you thought this had gone away for some reason.

Earth Temperature Timeline

A nice way of looking at how Earth temperatures have fluctuated throughout time.

Surface Studio zones in on Mac's design territory

We now live in a world where Microsoft hardware costs more than Apple hardware. Oh, and it's arguably better, too, considering the Surface still has the escape and function keys.

Swarm of Origami Robots Can Self Assemble Out of a Single Sheet

Am I the only one that's a bit creeped out by this? To me this seems to be getting close to having machines think, and work together, and I think we know how that story ends.

Management in ten tweets

Beautiful in its simplicity, these tweets could serve as management 101 for many.

I wasn't going to let anyone use the SQL Sofa at PASS last week until I had a chance to test it first for, um, safety reasons.

couch - 1.jpg

12 Comments

The "Atom" story:

I'd really hoped that this article would not only reveal the vulnerability, but would also discuss correcting it.  Instead, it says this problem is inherent to computing systems, cannot be prevented or mitigated, and our only recourse is focus on reducing the consequences of becoming compromised.  That's pretty short-sighted.  If the issue is inherent with computing, and if the cost of the exposure is high (i.e.: changing computing at the most basic level) then bite the bullet and propose the change.  Sometimes amputation really is the only way to prevent dying, and if an entire section of computing must be cut out (for fun and shock value, let's say "all Microsoft products have to be removed/replaced with something based on an entirely different platform that doesn't have this vulnerability"), then it's time to start planning to cut off the gangrenous limb and looking for a replacement.  Sure it'll be ridiculously expensive.  Does that mean it can't be done, or that the vulnerabilities aren't going to be even more expensive?  A practical person doesn't moan that a solution is inconvenient or difficult or expensive.  They evaluate, confirm, and plan the next moves that brings one to a better environment.

 

Hacking campaigns through spear phishing:

The word about phishing has been out for years.  It's unfortunate folks don't read it or understand it or implement best practices.  This is a great example of someone not verifying the alerts actually come from valid sources and that the links go to valid destinations.  You can say "fool me once, shame on you; fool me twice, shame on me", but in this case "Phish me once" isn't even an option.  These kinds of people should plan to change industries, because this won't look well on a resume, and you're not going to cover up being fired for highly visible errors like this one.  Who'd hire this person in the future for a technical position?

 

Apple Support Breaking Best Practices:

This is a wonderful article!  And a great example of how we all MUST react in similar situations.

 

Mirai Malware:

So everything old is new again--even if it's only a few days old.  What percentage of users, after hearing about the DYN DDOS attack, evaluated all their IoT devices AND their traditional networked devices, and remediated the issues by changing passwords and firewalling unexpected traffic?  Until that happens, Mirai and its compatriots will remain sources of vulnerabilities and attacks.  We isolate communities that experience outbreaks of Measles and Polio and the like, inoculate everyone, and eventually end up (virtually) eliminating these diseases in our lifetimes.  We must do the same with vulnerable computing systems--including IoT!  But that will be a never-ending chore until we eliminate the cause of the problems.  Folks raised in environments that are filled with inequities and bad examples, where there's no safe place to sleep, not enough food to eat, where there is anti-social behavior towards those who are vulnerable, etc., can become people who grow up to do things that are anti-social.  It's one thing to throw a pound of cure at it, but who's doing anything about the ounce of prevention?

Earth Temp Timeline from XKCD:

I'm lovin' this one!  Through its humorous graphics it compares the history of the warming of the planet with the "coincidental" beginning of of the Industrial Revolution and the stunning amount of fossil fuel used in combustion--which releases heat into the environment, and also releases the kinds of atmospheric pollution that enhance the greenhouse effect.  A double-whammy.  It can make you think . .

Surface Studio & MACs:

I like the looks, I like the idea of having a good competitor for Macs, but is this a great idea at $3K a pop (which doesn't even include all the accessories you might need)?  Is it a great idea when we read about the Atom vulnerability earlier in The Actuator?

Self-assembling Robots:

Alright, this is cool from a knowledge and design standpoint, and I can envision its use for something unknown in the future.  But for today, it seems an exercise in creating a large amount of polystyrene pollution while simultaneously releasing a bunch of heat into the atmosphere.  Sort of like detonating a nuclear fission device, it creates more problems than it resolves.   What becomes of the nuclear waste?  What becomes of the waste styrene and its heat gone into the atmosphere?  In this case, for me, cool tech for the sake of cool tech doesn't cut it.  I won't go Luddite and say there'll be no use for these ideas in the future--maybe we'll use them to build automated shelters on the moon or Mars.  But for here and now, let's keep this kind of experimentation where it doesn't create the heat & material pollution--in the computer.

 

Tweeting Management techniques:

Good ideas are worth learning and sharing.  Via Twitter?  Not where I've been trained to expect respectable / useful content.

MVP
MVP

AtomBombing....windows is inherently vulnerable....time to move onto something else.

Will have to look at the hotforsecurity website later....can't get it to resolve here at the office.

It is amazing the backdoors they have to remote into your device these days...similar to what you can do with dameware.

Yes it "usually" requires you to authorize it but I know they have ways to do it without you knowing they are doing it.

I don't see the DDoS attacks going away anytime soon.  Those exploited IoT devices are owned by consumers that have no clue in most cases...

I will look at others later...Great weekly ponderings !

I do want a small army of bots at my control but these aren't quite ready for my plans.

Apple devices are at an odd crossroads. I don't know who they are anymore, and their name will only carry them for so long.

Level 13

Why oh why do you write these articles...now I won't be able to sleep at night.

Level 12

Pretty scary that something as simple as that phish was enough to get the campaign.  Even though the victim had the sense to ask for help with the message, the folks who should have known better said it was legit.  Bad practices by the user then compounded the breach and opened further avenues for exploitation. 

Is this whole email security thing too much for people?  Do we trust machines enough to let them handle data security?  What happens if/when AI gets more advanced and starts using or being used to gain access through meatware vulnerabilities?

Level 13

what happens? have you not heard of skynet?

Level 20

crazy shoe color you got going on there... I've got patent leather green adidas superstars... and red MiAdidas superstars I had made custom.

Level 13

almost like Hulk...

Level 14

Good reads.  Especially the spear phishing link.  I wonder what level of training their IT staff has?

MVP
MVP

Just got to look at the swarm robots and such...

interesting article...not to mention other articles on that page leading you off down a big rabbit hole.

This "stuff" is so much science fiction coming to life.  Just think, the ability to 3-d print autonomous things

means we are not far from fabricators.  Just feed it a design and raw materials and let it go.

Just think of printing up a swarm of microbots with a mission to go out and destroy all the weeds in your yard and then turn themselves back in for re-use.

What about a swarm to clean your pool like a bunch of ants that deposit the debris in a pile beside the pool for disposal.

Hmmm....swarm, hive mentality, the collective, skynet.....botnet.  Dang, gotta keep them off the network !

Here's hoping it doesn't come down to Sky-Net or Matrix-like automatons . . .

pastedImage_0.png

Level 17

You figured me out...I have invested heavily in companies that make sleeping pills

About the Author
Thomas LaRock is a Head Geek at SolarWinds and a Microsoft® Certified Master, SQL Server® MVP, VMware® vExpert, and a Microsoft Certified Trainer. He has over 20 years experience in the IT industry in roles including programmer, developer, analyst, and database administrator.