Sean Kalinich

It’s a failure of imagination that will always get you
Published in Editorials

Back in 2007 or so I was asked to write a white paper on the subject of why Intel was able to pass AMD as quickly as they did. This is back in the AM2+ days when Intel was dropping Conroe on the world. Many people were surprised that Intel made this shift so quickly when you consider how badly AMD had beaten the P4. It was incorrectly assumed that AMD had reach a peak that Intel could not touch. Because of this they did not push their advantage. Instead they opted to move in a very different direction and purchase ATi for way more money than they should have. This one move started the long decline of AMD as we knew it. It was a massive strategic error and it all came down to one thing. A failure of management and stockholders’ to imagine that Intel could so easily blow past AMD’s performance lead. This type of failure can have catastrophic consequences in the business world and in security.

NSA mass data collection to stop in 20 days, but just on paper.
Published in News

In the post-Snowden era the idea that government agencies are spying on us is no longer the real of Movies/TV or conspiracy theorists. It is fairly well documented that this is happening every day. The question has moved from what if this happens, to what we are going to do to change it. Well one of the biggest hurdles has been trying to find people in power that even want this to change. When you consider the fact that the people with the power to stop the mass spying are likely to be the ones that voted to put it in place. This has meant that the average person must try to prove their case in the courts.

AMD sued for misleading information about Bulldozer cores, does it hold water
Published in News

It seems that at least one person is rather annoyed at AMD for making claims about certain FX series CPUs running Bulldozer cores. On November 4th the news went out that Tony Dickey had filed a class-action lawsuit on behalf of himself and others. The suit was actually filed back on October 26th and alleges violations of the Consumer Legal Remedies Act. This act covers misrepresentation and false advertising. Dicky alleges that AMD knowing mislead consumers about the number of functional cores Bulldozer CPUs have. AMD claims that Bulldozer has eight independent cores, Dickey says that there are only four that are functional.

CISA passes the Senate, opens the door to more abuse and fails to address security
Published in News

Cybersecurity is a fairly common buzz word used in Washington these days. It is tossed around to scare people that are ignorant of the way computer systems work so that legislation that is exceptionally pro-corporate friendly and anti-consumer can be pushed through. The latest of these is the Cybersecurity Information Sharing Act. This handy little bit of law just passed through the US senate on the 28th (74 to 21) and allow corporations to share customer data with the US government and other companies without any consequences for doing so. This effectively removes any recourse customers or users have about the sharing of their personal information.

The cloud, IoT, vendors and security: things that do not go together.
Published in Editorials

This is not the first time that I have spoken out about cloud computing (internet based, or the Internet of Things and the way they are impacting the ability to secure a network. It is also not going to be the last. Simply put, the concept that everything needs to be controlled by a computer and talk back to some sort of internet based cloud show a level of ignorance that should not still be out there. Sadly it is and companies are still trying to push the cloud and connected device mentality despite the inherent and known security flaws that exist.

WiFi is one of those services that people simply expect to see these days. When you walk into just about any public building you are going to start looking for the “free” WiFi that they have. Most people do not stop to think about that that looks like behind the scenes especially when you are in a smaller business. In a large business you have multiple wireless access points (WAPs) that are run by a central controller. This centralized control system makes it relatively simple to control both the business side and the guest side of the wireless network. These tools can be very expensive and out of the budget range for most small companies. Instead a small business will end up with either an edge device with built in wireless (and really bad service), a single WAP or multiple individual WAPs that need to be managed independently and have their own problems.

Potential New Exploit found in OpenSSL gets around latest hotfix
Published in News

It seems that someone may have found a way around at least one of the latest hot fixes for OpenSSL. According to some talk around the darker places on the internet, a rehash of metadata can allow a malicious individual to get around the latest hot fix designed to stop someone from bypassing the CA check in OpenSSL. The original flaw was found to exist during certificate validation. When OpenSSL checks the certificate chain it will try to build an alternate route if the first attempt fails. Due to a flaw in the way this is done can allow a “bad guy” to actually force some of the secondary checks to be bypassed and allow an invalid cert to pass.

Possible Breach At Hilton Highlights PoS Risk
Published in News

Just when you thought it was safe to use your credit card we are hearing rumblings of a breach at Hilton. According to Brian Kerbs and some of our own sources a payment card breach has taken place and the only unique feature about this was that all of the affected cards were used at a Hilton Property. This is not just the regular Hilton Logo properties, but also includes Embassy Suites, Doubletree, Hampton Inn and Suites, Waldorf Astoria Hates and Resorts, and potentially others. The exact timing of the breach is unclear at the moment, but could go as far back as November 2014.

Hackers using unencrypted satellite communication to hide C&C servers
Published in News

Security and malware research company, Kaspersky has recently released a paper describing what they say is the “ultimate level of anonymity” used by any malicious hacking group. In their report they describe a new attack by the group Ouroboros as “exquisite”. This is the same group that was linked to the Turla malware last year so we are not talking about amateurs or script kiddies. The attack uses commercial satellites’ unencrypted communication channels to send and receive traffic to their C&C servers.

iConnect has a Lightning interface that can be plugged into an Apple device directly – Now available in the U.S.

September 2nd, 2015 - Taipei, TaiwanFoxlink, PQI, the world’s leading brand in peripheral storage accessories for portable devices is proud to announce the ultimate storage solution, the iConnect. It seems that almost everyone eventually runs out of space on their iPhone, iPad or iPod, whilst there are multiple ways to solve this problem, there’s nothing better than simply having more space. The iConnect is an Apple certified Lightning interface flash drive that can be plugged directly into an iOS device to store photos, music, movies and to back up contacts. With the iConnect, you will no longer have to go through your phone deleting old memories or trying to figure out which app you can live without. Available in the U.S. this September, the iConnect will give you enough space so you never miss the next photo or video opportunity.