A Great Week For the NSA

It’s been a great week for the NSA. First, we get the news that they are (effectively) behind the hacker collective known as the Equation Group (which does insane things, like deploy malware into the firmware of hard drives, so it survives drive formatting). Now we learn that they’ve essentially pwned all cell phone SIM cards.

“The bottom line is that people around the world, regardless of their nationality, should know that the United States is not spying on ordinary people who don’t threaten our national security and that we take their privacy concerns into account in our policies and procedures” — Barack Obama, Jan 17, 2014

Between this and the fact that the private key for the Lenovo adware/malware was cracked in 3 hours by a single man…

Superfish, or how to MITM everyone

Lenovo was just added to the list of companies I’m hesitant to ever buy anything from ever again, in any capacity. As Ars Technica reports, the Superfish adware that was installed by default on Lenovo machines presents a self-signed root CA certificate in the Trusted Roots for the system’s SSL keys. This certificate was also trivially cracked. This means, if you are running Windows as shipped on a Lenovo machine, you may well be subject to insane security breaches.

Best bet: backup your personal data, return the Lenovo, and get a new laptop from a different vendor. And when you get the new machine, wipe the drive and reinstall your OS of choice from a vendor-supplied DVD. Only then should you put your data back on the machine.

Oh, yeah, and never trust OEM supplied OS images, ever again.

Changes

New Year News: I will be posting more here and on GitHub in 2015. I have taken a new job, due to start in late January, which encourages open source project work. I will be working for a company called 42 Lines, doing systems administration and Operations work.

FreeNAS

FreeNAS is becoming more and more unusable for me. Part of the reason for using it was access to the jails and plugins – notably CrashPlan and OwnCloud. Due to the moving target nature of the system, I have had to repeatedly login and restart processes, manage memory, kill zombies, and deal with other issues in the jail setup. Further, the performance of AFP in FreeNAS (for me) has not been something to write home about, even with the newer bits (3.1.x branch, last I looked). The last straw is that the ZPOOL version is 5000 with a number of feature flags that nobody else has implemented yet. This means that the pools on my system are unreadable without the very newest releases of FreeNAS or FreeBSD.

I’m backing up now, headed for the better understood lands of ZFS on Linux. It looks stable enough to keep me afloat, and I know how to keep CrashPlan from spawning 65000 zombies in the background.