All Posts by Date or last 15, 30, 90 or 180 days.
also by Lloyd: diglloyd.com photography and WindInMyFace.com

Thank you for buying via links and ads on this site,
which earn me advertising fees or commissions.
As an Amazon Associate I earn from qualifying purchases.

Other World Computing...
B&H Photo...
Amazon
As an Amazon Associate I earn from qualifying purchases.
Memory Upgrades for 2019 Mac Pro - Save Up to 65% vs Factory Costs
877-865-7002
Today’s Deal Zone Items... Handpicked deals...
$300 $175
SAVE $125

$999 $799
SAVE $200

$2798 $2198
SAVE $600

$348 $278
SAVE $70

$389 $299
SAVE $90

$2098 $1298
SAVE $800

$1479 $1079
SAVE $400

$322 $242
SAVE $80

$1479 $1079
SAVE $400

$330 $330
SAVE $click

$498 $398
SAVE $100

$180 $140
SAVE $40

$500 $275
SAVE $225

$180 $136
SAVE $44

$130 $100
SAVE $30

$2997 $2497
SAVE $500

$3498 $2998
SAVE $500

$370 $370
SAVE $click

$4899 $4499
SAVE $400

$1000 $1000
SAVE $click

$1699 $1149
SAVE $550

$280 $230
SAVE $50

$1899 $1499
SAVE $400

$4499 $3499
SAVE $1000

$2198 $1998
SAVE $200

$3998 $3498
SAVE $500

$1799 $1699
SAVE $100

$18599 $16599
SAVE $2000

$1149 $799
SAVE $350

$650 $450
SAVE $200

$199 $119
SAVE $80

$280 $200
SAVE $80

$1399 $1049
SAVE $350

$1199 $779
SAVE $420

$250 $200
SAVE $50

$1699 $1149
SAVE $550

$195 $125
SAVE $70

$79 $49
SAVE $30

$120 $30
SAVE $90

$189 $159
SAVE $30

$3699 $1299
SAVE $2400

$3899 $1499
SAVE $2400

$2999 $1999
SAVE $1000

$1699 $849
SAVE $850

$1698 $1198
SAVE $500

$1149 $799
SAVE $350

$1399 $1049
SAVE $350

$1498 $998
SAVE $500

$2797 $2497
SAVE $300

$280 $230
SAVE $50

$700 $500
SAVE $200

$899 $549
SAVE $350

$1699 $1149
SAVE $550

Sea Change: Security is Your Job Also, the Writing is on the Wall

With the recent and ongoing security breaches at Sony Pictures, a chilling new level of risk has emerged that is pummeling Sony*, but applies to any entity, including Apple and Google. No company has perfect security nor will it ever, period.

Sony Pictures Hacked: Do You Really Want to Update your Camera Firmware with a Sony Updater that Runs as 'root'?

Sony Firmware Updater: a Security Risk

* Reportedly, Sony has shut down filming because hackers have rendered its payment systems inoperable!

See also A concise history of recent Sony hacks (MPG takes no position on the material at that link).

Security is YOUR job too

This is a general discussion, and while specifics are used, the issues span a much larger space than detailed here.

This has always been true, but the risks have never been harder to understand or more concerning, nor has there every been more inter-connected. Then think bank and brokerage accounts, which in MPG’s view, should not be used via the web, though admittedly that is a huge hassle these days. A system compromise of any kind potentially delivers the juiciest prize: draining money from your account to a hacker somewhere.

Risk for which you by law have no choice and no control: MPG vehemently objects to electronic medical and tax records. For reasons that should be obvious given the Sony fiasco, e.g. the government is incompetent to protect those records from determined hackers. Edward Snowden showed that even our “spooks” with the most highly classified information and strictest procedures can be compromised.

MPG advises readers to disavow cameras that require software updaters or USB transfers or charging (USB also has exploits when connected to the computer):

Computer code that can turn almost any device that connects via USB into a cyber-attack platform has been shared online.

You camera and your computer

Sony and certain other camera vendors provide software updaters that run on the computer in order to upgrade camera firmware. Moreover, the Sony updater (and some other brands) must be run as 'root' (no security restrictions). A software updater that must be run on the computer with root access is a fundamentally flawed design; it is a potential “root kit” vector. Other vendors like Nikon and Canon provide downloadable firmware that the camera itself can load**.

Patient: “Doctor, it hurts when I do that”.
Doctor: “Don’t do that!”.

It cannot be fixed except by doing it properly: no software updater at all. The camera itself should accept a firmware file, taking the computer out of the loop, at least in the sense of running 'root' capable software. Because either the updater or the firmware could compromise (hack into) the system, and the user would have no way to tell (well written malware is invisible).

The writing is on the wall. Meaning that all Sony software of any kind must now be suspect as potentially harboring malware, either now or some time down the line. There can be no assumption that it is “only Sony Pictures” or similar naive ostriches.

As this was written, it appears that Sony had not revoked the certificates for the compromised PFX (private key) files. If true, that a (non) act of gross negligence that in MPG’s view carries the prospect of awesome financial and legal liabilities, should the private keys be cracked and used for unsavory purposes.

** There are no zero risk approaches to updating camera firmware, but a binary file that the computer does not execute carries a much lower level of risk than having to run software, especially software that executes as “root”.

 

Save the tax, we pay you back, instantly!
View all handpicked deals...

Apple 13.3" MacBook Air with Retina Display (Early 2020, Space Gray)
$999 $799
SAVE $200

diglloyd.com | Terms of Use | PRIVACY POLICY
Contact | About Lloyd Chambers | Consulting | Photo Tours
Mailing Lists | RSS Feeds | Twitter
Copyright © 2020 diglloyd Inc, all rights reserved.
Display info: __RETINA_INFO_STATUS__