Posts by Joe Montana

Re: Monitor

"Big firms pay peanuts for monkeys who's only technical abilities are turn it off and on again and if that fails re-image the boot drive (which is great when it takes a day and a half to install all the tools needed to do your job)"

There are millions of firms out there who need support, but far less people who are actually capable of providing it. Often the monkeys are all you can find, and some of them aren't even cheap.

And then you have the problem of microsoft constantly pushing their products as "easy to use", despite the fact that to actually use and manage them properly requires more knowledge and skill than even the supposedly "hard to use" products theyre competing with. This marketing then convinces companies that hiring the cheap monkeys is perfectly ok, and that hiring properly competent people would be a waste of money.

The end result is instability and security breaches.

Re: The above is all well and good if you're running a business

"Not all businesses have on staff IT people"

And that is the problem, if you are going to operate a complex machine you need to hire experts who know how to properly maintain it.

Despite what microsoft claim, windows is simply not suitable for non technical users - keeping it running reliably and securely is extremely difficult and requires highly skilled (ie expensive) people to do so.

Obscurity location

There's a difference between obscurity provided by the manufacturer which is common across all users, and obscurity provided by the user which is unique to that user.

If the obscurity is provided by the manufacturer, i can buy the same system myself and investigate it. The system can be reverse engineered and the obscurity uncovered and exploited.

If the obscurity is provided by the user, i can't buy the same system off the shelf and discover the passwords or keys of some arbitrary user since they won't be present.

Re: Hard not to agree...

A client machine can be dangerous too...

There are many ways that even a hardened client image can be leveraged to gain further access, especially when that client machine is part of a domain.

Re: Thanks for clarifying.

"I think that is the fault of General Protection."

It's not his fault, he passed orders down the chain to Colonel Panic.

Re: THz broadband

Shorter than cat6, but cheaper to deploy because it involves less digging up of the street...

Ofcourse it's still worse than fixed lines, you can always add more physical cables to handle greater traffic or greater numbers of users in the same area. You can't increase the available wireless spectrum within a given area, and the actual service area is smaller than the area in which the spectrum is used.

Wireless should only be used when wired isn't available, the aim should always be to deploy wired services wherever possible...

Lots of places are pushing wireless services, and they work great initially but once lots of users get on board the service becomes unusable with poor throughput and unpredictable latency spikes.

You can add more physical cables, but you can't create additional wireless spectrum.

Drivers?

"The bigger problem that has held ARM back in data centre is about drivers"

It's nothing to do with drivers, an ARM server will have drivers for the hardware fitted in it, and it's rare that a server will have anything else installed into it that would require drivers. The number of servers having nonstandard cards installed is very small. In fact, even on x86 servers all i ever see in the expansion slots are vendor-supplied storage and network cards.

The problem is application code, and specifically closed source applications. Linux has supported ARM for a long time, and the vast majority of open source code has already been compiled for ARM by various distributions.

Running Linux and open source apps on ARM is just as easy as x86, and has been for a long time. Many people are running applications on raspberry pi and other similar boards, the only thing missing is higher end ARM hardware aimed at datacentres.

Re: Another IPV6 article which exposes issues with IPV6

Well cgnat will be slower, and more open to abuse (thousands of users behind the same address making it very hard to block abusive or compromised hosts)...

ISPs will also have to log every outbound connection made or udp packet sent in order to track any kind of illegal or otherwise unwelcome activity, as simply knowing the ip address and timestamp will no longer be sufficient to identify a user.

Re: Linx 12x64

If you're just using it for browsing and some simple editing, you'd be better off getting a cheap android tablet...

If you install gentoo on it, then it should run quite well after everything has finished compiling, assuming you configure it right... Even the actual compilation won't take that long as you let it run overnight unattended.

Domain admin

Hardening active directory to make attacks like this difficult (not impossible) requires significant investment, you need third party tools, and highly competent (ie expensive) staff. Chances are this organisation didn't have the budget required to hire such staff, or do so in sufficient numbers to manage and monitor a network of this size.

If not suitably hardened, active directory is extremely easy to compromise and since it's often tied into everything - that means you now have control of the entire organisation and are extremely difficult to remove.

Re: Depends entirely on the risk

Actually there are many ways that an attacker with a tiny foothold on the network could use that foothold to elevate their privileges and gain access to far more resources.

Re: Where's the problem?

If you need to do maintenance yourself then it's not suitable for the typical user, who has no idea how to perform these maintenance tasks. People complain about linux, but windows is actually worse in this respect - more maintenence required, and more difficult to fix anything that breaks. The typical windows workarounds posted on forums involve registry edits and powershell scripts, which is just as difficult for non technical users as shell commands if not more so.

Downloading porn...

Most of these research institutes have extremely fast internet connections, so yes it can download porn faster than your desktop...

Re: So for a while now...

Ditto, as someone who rarely uses windows but has been using linux and unix for years i've rarely seen kernel panics, and those i have seen were usually down to either hardware faults or me testing/writing experimental kernel patches.

The few times i've used windows, or seen someone else using it, i always wonder how they put up with it. Just last week a friend of mine was unable to connect to wifi and had to reboot before it would work, and after rebooting the system was sluggish for several minutes and inundated with focus-stealing popups.

Other processors

Intel and AMD have a lot more legacy 32bit (and even 16bit) code hanging around, removing 32bit support would cause a lot of headaches. ARM chips are usually used in embedded devices which are typically designed together with the software they will run so there's far less problem.

There have already been pure 64bit chips with no 32bit mode, such as Alpha...

Interestingly while ARM64 is quite new, their primary competitor in the embedded space is MIPS, and MIPS64 has been around since the early 90s, but they failed to capitalise on their lead over ARM.

Re: Mapping plan

You may have missed the bit about developing countries...

They have slower connections, which don't need these new expensive routers, so they buy older routers that providers in developed countries have discarded, which is part of the problem as many are using equipment which doesn't support ipv6 or incurs significant performance penalties when doing so (eg ipv4 in hardware, ipv6 in software on a slow cpu).

Re: How can we learn from this?

The problem is that the people making the purchasing decisions don't understand technology at all, so they don't question what sales people or random websites are telling them.

Most such purchasing decisions are not made by the IT department, but even the IT dept often don't have much of a clue either. The requirement for staff increased much more quickly than the availability of skilled staff, so companies have to take whatever they can get - including people who don't have much of a clue.

Re: Violation of national sovereignty

They're not claiming rights over another nation, they are claiming rights over data which is privately held by a subsidiary of a US corporation that just happens to be located in another country.

If the data was held on a server belonging to an Irish company then the US would have no way to demand the data, and would need to apply for an order through the Irish court system.

The fact is while Microsoft employees in Ireland are not directly answerable to the US government, they are answerable to senior Microsoft employees based in the US who in turn are answerable to the US government.

Employees working for an entirely Irish owned company with no US parent company would not be answerable to the US government at all, and could only be compelled to perform any action by Irish or EU governments and courts.

If you're concerned about foreign governments interfering in your business, then support local businesses and only worry about your own government (which you cant avoid anyway, and theoretically have some control over).

Re: Hmmm

"Or stopped if necessary"...

So you leave your car to charge overnight, and it may or may not do so... When you wake up for work in the morning the car might not move, that's not really usable.

Age limit?

If someone is underage, or cannot legally buy a gun for whatever other reason, but wants to use one for some kind of illegal activity then they're going to acquire one illegally on the black market or steal one.

If acquiring a gun is too difficult then they will use whatever else they can get their hands on which might be a knife, a bomb or even a car. The fact is crazy people will do crazy things, using whatever tools are available to them, and focusing on guns just distracts from the actual problem.

Re: Going from 32 to 64 bit was so simple nobody really noticed it happened

NTVDM uses vm86 mode on 32bit x86, but on other architectures (mips, ppc, alpha) it would emulate the cpu... There's no reason they couldn't use an emulation mode for 64bit x86 too, dosbox works fine like that.

Chipsets

A lot of cheaper chipsets are capable of connecting to a gigabit ethernet connection, but not actually transferring data at the full rate...

Aside from the chipset, it also depends on your (pci/e/x/etc) bus, memory, processor, and if your downloading data - the disk onto which the data is being written.

There have been gigabit ethernet nics for nearly 20 years, some are better than others.

Firewall rules

If you allow rules for AD, then you allow the very ports that most of this malware uses to propagate.