Monday, December 13, 2021

We have a good dog

I had the guys who installed our furnace here today to install a replacement fan sensor. Before they showed up, I told The Dog she had to get in her "box".

Her "box" is a large dog crate. The door is tied open on it and she sometimes crawls in there to sleep. When we have strangers coming to the house, we have her get in the crate and then close the door so she doesn't bother them.

This morning I said, "Come on baby, get in your box" and she crawled right in. I closed the door and she promptly laid down and stared at me like I was the worst person in the world.

Trust me, when the guy was finished and I let her out, she got taken care of. There was lots of praise and plenty of treats.


Something happened today that made me smile.

Gregg Bigda was found not guilty of all charges.

I've met Gregg. I've seen the video of that so-called "brutal interrogation". I know two individuals that have worked with Gregg for a lot of years and they have always had nothing but good things to say about him.

The "brutality" that had some overly-sensitive idiots up in arms was when he yelled at a little thug who stole a car.

Maybe if that kids parents had yelled at him when he was growing up instead of either ignoring him or treating him like he was the second coming of christ, he wouldn't have grown up to be a car thief.

Gregg Bigda was not guilty of brutality. The only thing he was guilty of was being an adult.


As a heads up, you may hear something about a new computer vulnerability called "Log4Shell". The media will say a lot of things about it, most of them will be wrong.

I spent most of my day listening to a lot of very smart, very geeky people, including some nerds from the FBI and the NSA. Here's what I know to be factual:
    This vulnerability is known as a "injection attack". This is when someone injects computer code into a field that is suppossed to only accept text and the computer runs that code. For example, if there is a form that asks you to enter your name and instead of entering your name, you enter CMD: EXEC(DELETE DISK), the computer will see the code and run it.

    In this case, the field is a system field in a log utility that comes with JAVA. The way it is activated is by passing code using almost any internet protocol to the java programming interface that calls the logging function. That code is a set of instruction to download and install some malicious code on the computer.

    So far, it appears that the majority of malicious code being installed involved coin miners. These are a set of process intensive programs that will use all of your computer's memory and cpu trying to generate Bitcoin. The problem is, that's just what is being seen. The malicious code could be anything. It could be ransomware that steals your data, locks your computer and charges you money to get your data back. It could be code to turn your computer into a robot that sends out millions of emails. It could be anything

    Since this is java, it means no one is safe. Java runs on linux, Apple, Microsoft, IBM mainframes and just about every one of those little "smart" devices we all own like cell phones, smart TVs, Alexa's, etc...

    Currently, there are a lot of pretty bright people working on the best way to identify what is vulnerable and how to fix it. When that happens, I believe the fix will be rolled out be every technology company on the planet.

I'm not trying to frighten you but I am going to strongly recommend you do backups to external drives and save those drives. I can pretty much guarantee that you have this vulnerability.

Your goal should be to give yourself the ability recover if someone takes advantage of it. Once the fix becomes available, you should get it installed as soon as possible. Trust me, if I hear about the fix being available, I will post it here.


SInce I've spent the majority of my day on the internet doing security stuff, I didn't have time to find a lot of links.

The ones I did find are here:


No comments: