[ale] semi [OT] cool info, sn podcast, FIXING SSD'S, linksys router flaws, more

Sun Jan 20 10:44:11 EST 2013

Hi all,

The latest security now podcast had lots of good info I wanted to 
share.  Some of you already know much of what they cover and some are 
above the level the podcast is aimed at.  However, I find the info 
useful so I would just say use it for what it's worth to you.

http://www.grc.com/securitynow.htm - show web page
http://twit.tv/sn - show web page on This Week In Tech network

http://media.grc.com/sn/sn-387.mp3 - show audio
http://www.grc.com/sn/sn-387.pdf - transcript

I'll reference pages in the transcript for each item.  Not sure of the 
exact position in the audio.

* p2  -  They spent a while discussing yet another of the seemingly 
endless zero day exploits in Java as well as disconnecting it from your 
browser while leaving it on the system, if you have to.  -  p2

* p6  -  They discussed the USB drives brings down power plant issue for 
a while.  -  p6

* p7  -  They discussed a flaw which allows someone to get root access 
to certain Linksys routers, hopefully only from within the LAN side of 
the device. This could affect 70,000,000 routers.  Info here 
bit.ly/linksys0day which links to 
http://www.defensecode.com/article/upcoming_cisco_linksys_remote_preauth_root_exploit-33 
.  According to Leo's and Steve's opinion, Cisco has been extremely 
negligent in patching flaws in the Linksys product line.  There was also 
a fiasco recently where they tried to disable the control panel in their 
new routers and force users to log into a Cisco web account just to be 
able to administer their router.  I don't think I'll be buying any 
Linksys products.  -  p7

* p8  -   A short discussion about an article comparing various USB 
chargers.  Apparently some are much better and some are much worse.  I 
haven't read it yet but it sounds cool.  Info here bit.ly/usbcharge 
which links to 
http://www.arcfn.com/2012/10/a-dozen-usb-chargers-in-lab-apple-is.html 
.  This is a very detailed article.  -  p8

* p10  -  FIXING SSD's - A number of listeners have reported that A) 
their relatively new SSD's are failing to read properly, and B) you can 
sometimes fix them with SpinRite.  This is important info.  According to 
Steve, the economics of the SSD market are forcing producers to operate 
at the very bleeding edge of what is technically possible for the price 
they're selling the product at.  Sometimes, they cross over to the wrong 
side of that fence.  According to Steve, the units are JUST RELIABLE 
ENOUGH to sell them, just like HDD's.

Imagine this, you have a microscopic storage tank for electrons, a 
capacitor, which is VERY microscopic.  You stick a VERY small charge of 
electrons into the storage tank through a lid which is inherently 
leaky.  The more you use it, the more leaky it gets.  Not only that, you 
try to fill it either 1/4 1/2 3/4 or full, and then sense what state 
it's in to read back 2 bits of data.  (MLC cells)  The engineers know 
this won't work sometimes, so they rely on lots of ECC (error correction 
code) to make it work.  Sometimes, even that fails, and you get 
"sectors" that won't read properly.

A number of listeners to the podcast have reported that they've used 
SpinRite to fix SSD's which are giving failures to read.  SpinRite has 
various operational levels.  It is now apparent that there is value in 
forcing an SSD controller to periodically read all of the "disk" in the 
same way it's useful to do this to a hard drive.  In the case of an SSD, 
it forces the controller to acknowledge weak storage cells and either 
refresh the data (electrical charge) or relocate it.  The user that 
contacted the show was having problems with a balky SSD running on a 
Mac.  He moved the SSD to a pc and ran SpinRite on it at Level 1 - read 
only and don't try to recover data.  He got a number of unrecoverable 
sector errors.  Upon Steve's advice, he ran SpinRite on Level 2.  This 
is also read only, but invokes a massive statistical analysis routine to 
try to recover unreadable sectors by reading the raw data up to 2000 
times.  On a HDD, SpinRite would fly the heads in to the sector from 
many different locations to account for mechanical variances in the read 
mechanism.  On an SSD, this does not apply.  However, the statistical 
data analysis on bad sectors is still valid.  Note that something like 
badblocks can exercise the drive's controller.  However, it cannot do 
the extensive data recovery on unreadable sectors that SpinRite can.  In 
any case, once the user had run the SpinRite level 2 process on the 
drive, the unreadable sectors had been recovered sufficiently to put the 
drive in the Mac and it worked fine.

To give you an idea of how Steve feels about the reliability (or lack of 
it) of SSD's, he is using some in a server, but for him to feel safe, 
they had to be:
    - OWC premium brand
    - Single Level Cell memory rather than Multi Level Cell (very expensive)
    - Massively overprovisioned with spare sectors
    - Configured in fully redundant RAID such that any two drives can 
fail and the server still works

      -  p10 in the transcript

* p15  -  They talk about using Java apps, like CrashPlan or MineCraft, 
without allowing Java to be active in the web browser.  -  p15

* p17  -  They talk about new technology involving filling HDD's with 
helium, which allows higher platter speed and higher aerial density.  -  p17

* p19  -  They talk about how to configure a PS3 for UPNP using a DMZ 
without endangering your network.
                Glossary - PS3 - Play Station 3
                                - UPNP - Universal Plug and Play
                                - Demilitarized Zone (in the router)  -  p19

For those that don't know, UPNP is a potentially dangerous technology 
that allows an application to open ports in your router's firewall, for 
games to work, etc., without your knowledge or permission.  In many 
cases, you cannot even tell what's been opened.  If something malicious 
does get inside your firewall, either through a web page or an 
application, it can swing the doors of your firewall open wide and let 
all it's malware friends in.  The best idea is to disable it unless you 
need it.

* p19  -  They discuss The Quite Canine project - An ongoing (very cool) 
design for a simple high frequency sound blaster that can be used to 
convince barking and / or aggressive dogs that you encounter to shut up 
and leave without harming them.  -  p19

* p24  -  Reminder by a listener of a year old problem in a large number 
of Linksys routers of a flaw in the WPS security system which allows the 
WPA password to be cracked in less than 10 hours by sniffing the 
traffic.  Apparently, yet again, Cisco has dropped the ball an not fixed 
it.  The moral of the story is, disable WPS on your router, if you even 
can.  Apparently, on some of the Linksys routers, the disable function 
doesn't work.  -  p24

I found these links:

http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver
http://arstechnica.com/business/2011/12/researchers-publish-open-source-tool-for-hacking-wifi-protected-setup/

I hope you find this info helpful and useful.  There appears to be a 
never ending supply of security problems to talk about.

Sincerely,

Ron

-- 

(To whom it may concern.  My email address has changed.  Replying to former
messages prior to 03/31/12 with my personal address will go to the wrong
address.  Please send all personal correspondence to the new address.)

(PS - If you email me and don't get a quick response, you might want to
call on the phone.  I get about 300 emails per day from alternate energy
mailing lists and such.  I don't always see new email messages very quickly.)

Ron Frazier
770-205-9422 (O)   Leave a message.
linuxdude AT techstarship.com