* Posts by Aodhhan

275 posts • joined 25 Apr 2008

Page:

Wow. What a shock. The FBI will get its bonus hacking powers after all

Aodhhan
Bronze badge

Really? Making this about Trump?

This happens to be something the Obama administration wants. They're the ones who are implementing the policy through the Justice Department and Federal Communications Commission.

Congress has given powers to the executive branch to implement policies such as this in order to streamline certain processes and defer to experts in many of the different fields comprising the executive branch. So the only way to reverse it, is for Congress to pass a law restricting some of this power it turned over to POTUS (so to speak).

Does the rule need to be tweaked and reigned in a bit... yes; however, the underlying purpose does need to be an option for law enforcement. I'm thinking you'd change your mind on this a bit once your identity is stolen, along with account information and find your bank account is zero on payday.

Instead of whining like a little nine year old; why not take 15 minutes and email your representative to effect change? Instead of blaming Trump and the entire right wing... you might want to stay in school a bit longer and pay attention to how the government works, who is responsible, and what you can do about it.

Right now all 3 branches of government are okay with this addition to rule 41. Throwing a fit and being ignorant is no way to get it changed.

2
2

IETF plants privacy test inside DNS

Aodhhan
Bronze badge

DNS doesn't use...

This is really simple, don't make it difficult.

DNS doesn't use HTTPS (port 443) or your VPN. It runs over a separate unencrypted channel.

DNS typically uses a high number UDP port to send and UDP port 53 to receive. However, it can also use TCP under certain circumstances.

If someone is sniffing, they can see all the information in the packet... which includes who is asking, where it's asking and what it's asking about in plain text.

0
0

The solution to security breaches? Kill the human middleware

Aodhhan
Bronze badge

Incredible

This article has a lot of merit, but does miss some things as well.

First: any security device be it physical or logical is a tool, not a solution. Left to its own devices without monitoring, upgrading and replacing on schedule, will become an injection point for a malicious hacker. There are many other points, but you should know these along with proper defense in-depth, to include internal network security lockdown methods; such as proper VLAN creation/enforcement.

Second: system admins are the most dangerous users on a network. Most are not properly trained, don't have a 4 year degree in systems/computers, are overworked, are understaffed, and therefore try to get through things as quick as possible. They don't have security in mind, and rarely follow installation instructions as prescribed by engineers. Many will use their accesses to get around policies, procedures etc. Finally, most SAs use email with an account with admin privileges.

Third: Management is ignorant.Proper policies and procedures for security are often ignored or worse... don't have proper security engineers trained to do a complete and skillful risk assessment of the policies and procedures... let alone network tools.

As an experienced red team member for nearly 30 years, I typically take these 3 things into account when attempting to breach network systems. It's not just people, but the policies and procedures along with improper risk assessment/mitigations which provides attacking points.

How many system items can any organization within a company order without knowledge of security personnel? A LOT. Not just USB sticks, but keyboards, KVMs, mice, adapters, etc.

How many people touch a newly ordered router before it gets to network engineers, and are there procedures to ensure nothing was tampered with along the way? It doesn't take a genius to get into the supply chain of IT equipment and add malicious technology into the stream.

Yes of course, as security people you get the obvious; however, malicious hackers don't often work the obvious. You also don't hear about many breaches, such as supply chain tampering... because this type of breach is usually not handled by local authorities. Also, don't believe each and every report you hear about. Just because an particular attack method is publicized, doesn't mean it this is actually what happened.

Don't just read a book about security, you need to be critical thinkers and work outside the box. Follow your instincts and experience. Take the time to do it right.

0
0

Search engine results increasingly poisoned with malicious links

Aodhhan
Bronze badge

Pretty shotty reporting and research.

Sure, you can say there are a lot of malicious links, but the study doesn't bring up whether or not they cut off research after the first 2 or 3 pages of links.

I can do a search on some really simple things and come up with 10,000+ links. Obviously, I'm not going to look at this much, so lets use some granular techniques to bring this number down, and not use all 10,000. Which of course, will cause the number of malicious links on a search way down.

Common sense, and proper research techniques please.

0
0

DMCA updated – toaster penetration testing gets green light in America

Aodhhan
Bronze badge

Re: I have a fundamental problem with the whole concept...

You're a bigoted idiot.

I'm not a fan of Budweiser, nor is most of the USA; however, it's amazing at how well Budweiser does in Europe. It's one of the highest selling major beer brands there.

You're also closed minded, and not well versed in critical thinking.

Sure, England has thousands of micro-breweries, but this concept isn't unique to England. Imagine how many micro-breweries there are in the USA. There are probably 30 individual states in the US which have more micro-breweries in them than in England.

And finally... and biggest fact. You're not a beer miser, guru or expert. In fact, you're a beer idiot and should never bring up anything related to beer or brewing.

..as Budweiser is a "LAGER" not an "ALE". Pretty big difference there.

0
2

'Hacker' accused of idiotic plan to defraud bank out of $1.5 million

Aodhhan
Bronze badge

Re: Well, no one ever said crooks had to be smart...

Apparently, you're the idiot here. Showing you cannot read the article or display any common sense.

It didn't take the FBI a month to track him. They monitored him for a month.

This is done to BUILD A CASE, and find all tracks which can be used.

They also want to ensure there isn't anything else he's doing.

If you just go in and bust someone immediately, there could be other criminal acts going on, like pulling money out of YOUR bank account.

..and the 7 people who gave you a thumbs up, are equally unprepared for life after age 21.

5
1

US govt straight up accuses Russia of hacking prez election

Aodhhan
Bronze badge

Wait...wait, wait.

So, the US Government states Russia is trying to interfere in elections by hacking into systems; yet it has no problem with a bunch of other governments purchasing favors and God knows what else, by sending a bunch of money to the Clinton's via their foundation?

...and second. The only way to be sure with HIGH CONFIDENCE a group or government is attacking you, is to have access inside their network to witness what is going on, by whom, and under what control or (likely classified) documents or other official message/voice traffic stating the fact.

Either way, it's hypocritical.

0
0

London cops charge ATM malware hacker

Aodhhan
Bronze badge

ATM Machines

The money in the ATM machine is pretty well protected. It's not easy to access, especially with newer systems.

Likely these ATMs are the smaller, thinner and older type. Newer systems will shut down if tampered with, and send an alarm to either a private company or the bank itself. Newer systems have multiple sensors now, so if the machine is even moved or rocked a bit it will alarm. If a panel is opened inside and a few other goodies. Security software to monitor MD5 hash changes on library and executable files and some other standard file system checks.

0
0

Crooks and kids (not scary spies paid by govt overlords) are behind most breaches

Aodhhan
Bronze badge

Targeting

The laugh test for most breaches is all about the data. State sponsored attacks don't hit retail stores or go after money. Think about it for 2 minutes, and you'll get why.

State actors go after technology, military, large business products for intelligence and to reverse engineer/steal and copy, and huge business assets/powerful individuals to gather inside information for investment. Attacking Google, Yahoo, Target, etc. doesn't provide this.

8
0

Feds collar chap who allegedly sneaked home US hacking blueprints

Aodhhan
Bronze badge

Re: Coincidence or something serously wrong here...

Why should Booz Allen be removed as a defense contractor? While they may have hired him, it is the government (not BAH) who provides security clearances. It's only BAH's responsibility to ensure an employee is qualified for clearances. On top of this, once hired and put to work, a government representative, along with a government security manager verifies an individuals clearance and is responsible for reading them into particular programs (if appropriate).

To say Booz Allen is responsible is ignorant.

The coincidence is BAH is often contracted to find the cyber professionals to put in very sensitive positions. If you want to blame anyone, blame the current White House administration... who, instead of providing proper training to military and civilian cyber professionals, would rather pay substantially more for a contractor to find people. This is the real problem; because even after they're hired... they aren't provided with training to upgrade and maintain certifications, get the latest training, etc.

..and finally, because contracted work isn't permanent, and the pay isn't comparable to the same commercial positions, the best cyber professionals stay far away from contracted government work, because they can get paid 2 to 3 times more and have permanent employment working for a commercial company.

So again, blame the Obama administration. While they have published and updated a lot of cyber security regulations, etc. They don't provide the country with the best professionals available.

1
2

Russia reports RAT scurrying through govt systems, chewing data

Aodhhan
Bronze badge

Re: After reading the description of the malware...

Based on the fact the malware is after commercial industry and not government military services, it's unlikely the US government is involved. The US doesn't stand much to gain by honing in on Russia's commercial industry, as it lags behind the US and most of western Europe.

Based on the targets, I'd say China is highest on my list. It's no secret, China spends a lot of money building resources for information theft rather than research & development.

My second pick is contracted hackers in India. Many new industries and a government which is growing; it's a lot quicker to learn by stealing and selling the information.

Third is Ukraine... don't need to say much here. Motivation is obvious.

1
0

Yahoo! Answers used to cloak command and control networks

Aodhhan
Bronze badge

...and useless

OMG, I sniffed the packets and they all showed abc.waalsx.bobafett.wxoidgyd!!!

Just kidding. Good grief.

At least initially, there has to be a call out to a particular server. Not too tuff to drop these packets, then sit back and wait for back/forth communication. You can also set up a lab server with a firewall to prohibit a class of IPs at a time and see which fires off and gets dropped (there are scripts for this, or at least, it's easy to write one). Change it the next day, and narrow it down. C'mon, this isn't brain surgery.

0
0

Fingerprint tech makes ATMs super secure, say banks. Crims: Bring it on, suckers

Aodhhan
Bronze badge
FAIL

2 factor (multifactor) Authentication... To clear things up.

Authentication: is the act of confirming the truth of an attribute of a single piece of data (a datum) claimed true by an entity.

Identity: is the act of stating or otherwise indicating a claim purportedly attesting to a person or thing's identity, authentication is the process of actually confirming that identity.

So, the article is correct. Because it didn't talk about a fingerprint or iris itself, it referred to the method of authentication; in this case which uses fingerprints or iris, etc.

Don't read into something just to make a point.

0
0

Microsoft lets Beijing fondle its bits in new source code audit hub

Aodhhan
Bronze badge

The Chinese

They aren't as worried about back doors as they are other things. For instance, The Chinese, like other governments do most of their classified work on non-public connecting networks. So they aren't too worried here. However, due to their tireless efforts hacking into corporate and other government systems, they may be more concerned something is coded in Windows allowing the US government to trace malicious packets back to them, to identify them definitively when they commit such acts.

...not that US Intel agencies really need this technology }:>

0
0

Brits: Can banks do biometric security? We'd trust them before the government

Aodhhan
Bronze badge

Of course 2/3rds say this...

Most of the public is ignorant to the pitfalls of using biometrics. They see Hollywood movies depicting the US government using biometrics to access the most secure places (which of course, isn't the case), so they believe this is the way to go.

Once Hollywood comes out with a movie showing how hackers can take advantage of biometrics, then perhaps things will change. :)

0
0

It's OK for the FBI's fake hacks to hack suspects' PCs, says DoJ watchdog

Aodhhan
Bronze badge

Re: Old trick works

This is why most hackers will use links to a malicious site rather than pictures or a variety of other methods.

0
0

Remote hacker nabs Win10 logins in 'won't-fix' Safe Mode* attack

Aodhhan
Bronze badge

Re: At the AC, Security 101:

Unless the hard drive is encrypted. Then booting up Linux and mounting the system's hard drive doesn't help you grab anything.

The subject of the article allows you to get around this, since as a user with local administrative privileges, you'd have the encrypted keys.

0
0
Aodhhan
Bronze badge

Re: Remote???

Insider threats... which are approximately 18% of attacks corporate networks face.

0
0
Aodhhan
Bronze badge

Unless the hard drive is encrypted. Then booting up Linux and mounting the system's hard drive doesn't help you grab anything.

The subject of the article allows you to get around this, since as a user with local administrative privileges, you'd have the encrypted keys.

0
0

Sniffing your storage could lead to sensitive leaks, warn infosec bods

Aodhhan
Bronze badge

Re: I'm starting to get tired of these ...

This is because you haven't done a lot of research.

Gathering information via electromagnetic signals from computer systems was being done by various intelligence agencies back in the 70s, without having to have internal access to the building which housed the computer system.

Today, computer devices are everywhere. Most concerning are point of sale and point of interaction devices, ATMs, etc. They also give off EM signals, and I can stand in line next to you while you use them and pick up the signals. I don't need to be 50 feet away.

At the bank, while a teller enters your information I can be in line, and again, pick up EM signals or at the ATM. While you're tapping away at Starbucks, etc. Laptops are made to be light weight, and have nothing which interferes with EM signals. Picking up keyboard signals can provide a malicious individual with a lot of information. Like credit card numbers, passwords, etc.

Automatically discounting something without conducting research on it doesn't make a lot of sense. Just because you "believe" or "think" something cannot happen, doesn't make it true.

3
1

33 million CLEARTEXT creds for Russian IM site dumped by chap behind Last.FM mess

Aodhhan
Bronze badge

Why are we talking about passwords

The best password in the world doesn't matter if the site storing them doesn't properly take care of it.

The subject of this article is more about poor password storing, which affects a lot of users. If an individual decides to use a crap password, then it only affects them (for the most part).

Lets face it, this application isn't exactly high risk if someone manages to guess or dictionary attack a simple password. So, focus needs to be on web sites which are negligent in their responsibility to protect your information.

It doesn't take a genius to setup an encrypted database and route to and from the web service.

1
0

Meet the malware that screwed a Bangladeshi bank out of $81m

Aodhhan
Bronze badge

Re: Your teacher told you that proper spelling and grammar are important

Perhaps you mean, "...proper spelling and grammar IS important"?

Have to love grammar-police who lack skills.

0
0

Apple is making life terrible in its factories – labor rights warriors

Aodhhan
Bronze badge

There's more to China than meets the government approved pictures/videos

Yep, China has grown in huge leaps and bounds for about 20 million Chinese citizens, who live in the 4 largest cities. Unfortunately, these 4 cities don't encompass or reflect China as a whole or the other 2 billion citizens who live in very poor conditions.

Stop and look at the forest through the trees, and only the pictures you are allowed to see by the Chinese government. People there are still very controlled by the government, who also controls what and where there is wealth. You can work hard there, build a very successful corporation... yet if someone in power doesn't like you for some reason or another, you likely won't own your business very long.

1
0

Russia MP's son found guilty after stealing 2.9 million US credit cards

Aodhhan
Bronze badge

Just because his crime isn't violent doesn't mean he/she wouldn't do anything to stay out of jail. There are plenty of times when non-violent offenders have taken hostages when faced with arrest or claim to hold an explosive device. In today's environment, law enforcement around the world isn't taking chances... since they would like to make it home safely every day after work.

5
0

NewSat network breach 'most corrupted' Oz spooks had seen: report

Aodhhan
Bronze badge

Re: ISP's are the keyholders

Trevor... you're obviously not well versed in encryption; which means you couldn't hack your way out of a "hello world" statement.

2
2

French submarine builder DCNS springs leak: India investigates

Aodhhan
Bronze badge

What is deployed operationally and what is available are two entirely different things.

A ship can be in port for crew rest and or training. Or to save money.

Why have half of your fleet out and about doing nothing if there isn't a mission for them to do? This would be a huge waste of money and resources.

You guys are smarter than this. Before engaging your mouth prematurely, stop and think for 5 minutes why something is the way it is... believe it or not, you're not the smartest person on the planet. Especially when it comes to naval deployments/operations.

0
0

French, German ministers demand new encryption backdoor law

Aodhhan
Bronze badge

Let's face it...

This isn't a high priority item for most people, so they aren't supporting or not-supporting politicians based on their encryption stance. Most politicians, once they get into office are going to want controls on e2e encryption.

Toss out statements all you want; it isn't going to change things in the near future.

0
0

Update your iPhones, iPads right now – govt spy tools exploit vulns

Aodhhan
Bronze badge

The SKY IS FALLING

Don't you just love those who over do worrying in an above and beyond means to display drama?

Lets say the NSA is using this, do you really think they are looking at YOU? Or... perhaps using it against terrorists and not so friendly nation states?

Let's face it, you're not really THAT important.

0
2

Californian gets 50 months in prison for Chinese 'technology spy' work

Aodhhan
Bronze badge

Re: Heaven Preserve Us From Overzealous Agents

Yes yes, what in-sight. We all know how they work. Like there is no difference between the engine in your car and the engine in a formula 1 series car. Right? This is what you're saying.

Just as formula 1 teams closely guard the engineering secrets to creating more horsepower and torque with lighter materials to last at high RPM; there are large differences between a typical commercial jet engine, and that of a jet fighter.

..and thinking any jet mechanic understands how everything works is silly. They don't engineer or tweak the parts, they inspect, repair, replace and test. Most military jet engine schools last less than 10 weeks; this includes basic and specific engine courses.

Anything outside their basic skills is typically handled by contracted engineers for the respective company who created the engine.

0
0

Tech support scammers mess with hacker's mother, so he retaliated with ransomware

Aodhhan
Bronze badge

Don't get too happy

The fact the scammer immediately hung up is because he became wise on what was happening. Likely due to malware/virus protection on his end. This means the attack was halted.

If the attack was successful, the scammer wouldn't have noticed and gone on with business as usual.

Also, these guys aren't completely stupid. The system likely didn't allow any changes in most files/directories or registry, so a quick reboot and the system is back to normal.

1
6

White hat pops Windows User Account Control with log viewer data

Aodhhan
Bronze badge

Can you all quit spewing out the obvious?

We get it... to those who don't work in the seemingly unexcited world of computer science, this seems like a pretty idiotic thing... bypassing UAC while already having the keys to the kingdom.

To computer engineers and scientists, this represents a very large hole in the processes of the operating system, and also displays being able to do a few things out of the ordinary while bypassing UAC. In simpler terms, while digging in the sand a buried chest was found. Now someone needs to be able to work a little harder to get it out and see what is inside.

0
0

DIY bank account raiding trojan kit touted in dark web dive bars

Aodhhan
Bronze badge

You mean, why isn't the US Gov't getting into the hackware business in the same manner as when they took over the original TOR network?

...what makes you think they don't have a dog in this fight?

There is a lot of malicious tools available on the darknet. This one offers a lot of things all rolled into one, and is getting media attention.

0
0

McAfee outs malware dev firm with scores of Download.com installs

Aodhhan
Bronze badge

A great training site

download.com and others are fantastic sites for training reverse engineering. You can always find applications which have been screwed with and hand them out as assignments.

Companies who allow their freeware applications to be downloaded from these sites are just asking for trouble. They'd serve the public better by hosting it on their own site, require registration/validation and ensure an MD5 hash is provided.

2
0

Boffins' blur-busting face recognition can ID you with one bad photo

Aodhhan
Bronze badge

Privacy concerns

Use of these systems are for protection and safety; which trumps privacy in nearly every instance when you're out in public or on commercial property.

Don't get shocked when you find out there is a database of facial recognition data which is shared among those who use these applications. Las Vegas casinos have been doing this for years now.

In most cities, mug shots of criminals are posted and these pictures are available to download and put into facial recognition systems. So, if you commit a crime in Nowhereville, Idaho you could set off bells and whistles when entering a store in another part of the country.

You can bet your life, facial recognition will start to be used when you go in for a job interview. So, you think it's bad now... you have no idea.

1
0

Linux malware? That'll never happen. Ok, just this once then

Aodhhan
Bronze badge

How good of an admin are you?

Instead of staying on topic, almost everyone jumps into the ridiculous argument of UNIX vs Windows.

Really guys? If you're distracted by such idiocy, just how good can you be at administrating an operating system? I would hope you'd be more professional and not let some post agitate you.

You'd serve yourself better by taking these articles and using them as "lessons learned" to ensure your systems are secure. Just because you believe your systems are securely configured doesn't make it so.

2
0

Big Red alert: Oracle's MICROS payment terminal biz hacked

Aodhhan
Bronze badge

Another Oracle failure

Oracle has been in charge of this company long enough to be held responsible for this.

It's just another in a line of failures for Oracle. A company who states they prize security, yet continue to have problems which shouldn't happen.

When failures happen with this frequency and magnitude you cannot blame coding or personnel; you must point the finger directly to management and policy.

We stopped using Oracle products nearly two years ago. It makes me shake my head whenever I see an organization using Oracle applications of any kind.

When I notice an organization using any Oracle product, it makes me wonder just how competent the CIO and information security management team is.

1
0

How many zero-day vulns is Uncle Sam sitting on? Not as many as you think, apparently

Aodhhan
Bronze badge

What crap and an epic math fail.

Given the different operating systems involved on many different systems throughout the world, I would guess there is A LOT MORE than 50 zero days available to the US Government. However, we'll never know as these fall into special access programs; and those who work on Apple do not know what those who work on Microsoft have. Those who work on CISCO applications will not know what those who work on firewalls will have. Etc. etc.

It's always interesting when someone makes a claim about being with some agencies program, yet fails to really put 2 and 2 together.

So Professor Healey... I'd say give your students a pass, but give yourself a big fail... because you didn't adequately provide a good background for them to use. It also seems your background in JTF-GNO (as it was properly referred to when founded) is questionable.

If you were part of the organization then... just what exactly did you do? Because it seems you're way off base. You don't even have the wisdom to realize just how many different applications and OS's are researched.

0
0
Aodhhan
Bronze badge

Re: Except that the NSA is supposed to be in charge of America's cyberdefense too

You're wrong, but nice job of BSing... not really. You'd think with 3 minutes of research, any idiot can figure this out... apparently not!

NSA is not in charge of the nation's cyber defense. This is the job of USSTRATCOM, who delegates much of the responsibility to USCYBERCOM.

0
0

Broken BitBank Bitfinex shaves 36% from all accounts

Aodhhan
Bronze badge

Come on, this is almost comedic

The Hillary Clinton business model.

Have poor information security and blame it on the hackers. Then tax the heck out of everyone to pay for her salary and the 'problem'.

It works, because there are a lot of suckers and idiots.

1
0

Brit network O2 hands out free Windows virus with USB pens

Aodhhan
Bronze badge

You can call BS, but you're forgetting...

USB isn't the only attack vector for this. If you have Windows 95 system running (help us), and go to an infected web site, you've now contracted it.

Forest thru the trees.

6
2

US Politicians tell DEF CON it'll take Congress ages to sort out how to regulate crypto

Aodhhan
Bronze badge

Doughnut eaters and lazy community.

There are good arguments against encryption laws of any kind. However, bashing law enforcement officers/agents isn't the way to make a point. It's a lazy and childish means of crying. It sure doesn't make people take you seriously.

You'd like to think most people who comment here don't interject emotion, but rather are smart enough

to look at this logically and objectively. Unfortunately, this isn't the case... apparently.

If you believe those who investigate crimes (and these aren't your street cops, duh), are merely always pinning their hopes on electronic means of evidence, then you're the lazy one. Too lazy to actually realize what needs to be done in order to bring a case to a prosecutor.

...and if you think you can do a better job, that the law enforcement community is so battered, broken and riddled with corruption... join up, show everyone how it's done.

0
1

TechCrunch defaced by self-professed 'white hat' hackers

Aodhhan
Bronze badge

Oh c'mon

If you host anything on WordPress you have to be willing to have your site hacked. I've said it before, WordPress is a training site for web service hacking.

If you're going to use it, only use WordPress for information... and then monitor it closely in case someone does gain access. Don't use any of the plugins, or anything which holds or allows access to backend components. In fact, if you're going to use it... don't put it on your network; instead, use a web hosting site.

Oracle database, Flash, Java, WordPress... four things you should keep on top of if you have any cybersecurity responsibilities.

Lift your nose in the air and turn away from vendor which doesn't provide web services using HTML5.

1
1

PHP flaws allowed God mode access to top smut site

Aodhhan
Bronze badge

Rumor is

...they would have found these exploits faster, but everyone kept taking long bathroom breaks.

However, I do agree with the article. I'm a bit shocked about PHP without JSON.

Time to begin coding like it's 2016, not 2006.

0
0

WordPress admin? Thinking of spending time with the family? Think again

Aodhhan
Bronze badge

I think everyone in cybersecurity knows...

WordPress is a training ground for hacking. Especially the modules. Small files which don't take a seasoned expert to reverse engineer, fuzz, etc.

2
0

Hacker shows Reg how one leaked home address can lead to ruin

Aodhhan
Bronze badge

Re: “These sites are everywhere”

Not making information available, especially where the government is concerned will make corruption much worse than it already is. In the USA, the people have the right to know everything their government is doing, it's part of the constitution and expanded by FOIA. This is one of the reasons Hillary is in such hot water, well, except for the fact she's above the law.

As far as private companies using this information. Will make it much harder to get insurance, a credit card, bank loan, etc. If you outlaw it, then the rates for using private companies needing information will go way up because their risk increases.

You don't have to play the game, but you won't exactly get far.

2
0
Aodhhan
Bronze badge

It's not just Facebook

There are so many different databases online which hold your information it's crazy. It makes doing a background check on someone so easy. What information which is available depends on the country and province/state on where you live.

Ever been charged (not just convicted) with misdemeanor; even a speeding ticket?

Been involved in an auto accident?

Been married?

Bought a house/land?

Have a credit rating?

...the list goes on and on.

In this example, he's just using Facebook as a starting point. There are many others.

4
0
Aodhhan
Bronze badge

Re: People don't listen

Yet you have an account on this website and likely others. Meaning you're IP address is recordable each time you log in, and all your posts and any information in them likely tells a story or two when laid out and studied.

You think this website or it's host is trustworthy?

Ohhh.. you only think you need to worry about facebook? There isn't much difference.

5
10

Flaws found in security products from AVG, Symantec and McAfee

Aodhhan
Bronze badge

Re: Flaws found in Windows API

You can not be serious.

Externally facing OSs has nothing to do with this vulnerability. Apparently, someone has an agenda, is blindly ignorant, or both! You think you can just see a Microsoft OS box, yell, "Weeee... I can take advantage of this vulnerability"?

There are many ways AV applications use to review code. Hooks during dynamic testing of the code is just one method. It's a little more complicated than just looking for a bunch of NOPs in memory.

I have no favorite OS. However, as a penetration tester I will say this... I have more success against externally facing *nix systems than I do externally facing Microsoft systems.

4
0
Aodhhan
Bronze badge

Re: AT WHICH POINT...

...will you get off your *nix high horse and realize this isn't an OS problem. Apparently, you're so stuck on *nix, you don't understand exactly what is going on here.

I'm not partial to one OS over the other, but realistically, I'd put the Windows OS up against *nix for memory hooking/corruption monitoring any day. So will any other penetration tester. So fuzz up your favorite *nix application, and if you look hard enough you'll like find somewhere you can stick a NOP sled and have it point to your favorite malicious code. The only thing keeping someone from taking advantage of it, is the very endpoint software you are so epically calling, "bloated".

...or stick to your barebones *nix OS and run your favorite application which does just a few things or was compiled in 1988.

3
1

For $800 you can buy internet engineers' answer to US government spying

Aodhhan
Bronze badge

Or...

Necessary if you move a lot of data. If not, the cheaper alternative is to use host-host with certs kept on a USB key. Realistically, if they really want the equations to move faster, they will need more processing and memory put on the device.

FIPS140-2 protocols and ciphers will likely be the norm on these devices. One thing to remember about FIPS 140-2 encryption, is that they only show what is usable by the US Government for top secret and below. For information above top secret, encryption is governed by a different set of publications.

Meaning, state sponsored intel agencies can likely crack the encryption within several months.

When it comes down to it, the easiest way to get past encryption is to get on the box itself. You can put millions of dollars into encryption, but if you click the wrong thing on the Internet... it doesn't matter.

So as an individual, if you really can't wait to shell out the money for this device... you likely haven't done a proper risk assessment, or you have more pride than brains.

1
0

Page:

Forums