* Posts by Aodhhan

234 posts • joined 25 Apr 2008

Page:

TechCrunch defaced by self-professed 'white hat' hackers

Aodhhan
Bronze badge

Oh c'mon

If you host anything on WordPress you have to be willing to have your site hacked. I've said it before, WordPress is a training site for web service hacking.

If you're going to use it, only use WordPress for information... and then monitor it closely in case someone does gain access. Don't use any of the plugins, or anything which holds or allows access to backend components. In fact, if you're going to use it... don't put it on your network; instead, use a web hosting site.

Oracle database, Flash, Java, WordPress... four things you should keep on top of if you have any cybersecurity responsibilities.

Lift your nose in the air and turn away from vendor which doesn't provide web services using HTML5.

1
1

PHP flaws allowed God mode access to top smut site

Aodhhan
Bronze badge

Rumor is

...they would have found these exploits faster, but everyone kept taking long bathroom breaks.

However, I do agree with the article. I'm a bit shocked about PHP without JSON.

Time to begin coding like it's 2016, not 2006.

0
0

WordPress admin? Thinking of spending time with the family? Think again

Aodhhan
Bronze badge

I think everyone in cybersecurity knows...

WordPress is a training ground for hacking. Especially the modules. Small files which don't take a seasoned expert to reverse engineer, fuzz, etc.

2
0

Hacker shows Reg how one leaked home address can lead to ruin

Aodhhan
Bronze badge

Re: “These sites are everywhere”

Not making information available, especially where the government is concerned will make corruption much worse than it already is. In the USA, the people have the right to know everything their government is doing, it's part of the constitution and expanded by FOIA. This is one of the reasons Hillary is in such hot water, well, except for the fact she's above the law.

As far as private companies using this information. Will make it much harder to get insurance, a credit card, bank loan, etc. If you outlaw it, then the rates for using private companies needing information will go way up because their risk increases.

You don't have to play the game, but you won't exactly get far.

2
0
Aodhhan
Bronze badge

It's not just Facebook

There are so many different databases online which hold your information it's crazy. It makes doing a background check on someone so easy. What information which is available depends on the country and province/state on where you live.

Ever been charged (not just convicted) with misdemeanor; even a speeding ticket?

Been involved in an auto accident?

Been married?

Bought a house/land?

Have a credit rating?

...the list goes on and on.

In this example, he's just using Facebook as a starting point. There are many others.

4
0
Aodhhan
Bronze badge

Re: People don't listen

Yet you have an account on this website and likely others. Meaning you're IP address is recordable each time you log in, and all your posts and any information in them likely tells a story or two when laid out and studied.

You think this website or it's host is trustworthy?

Ohhh.. you only think you need to worry about facebook? There isn't much difference.

5
10

Flaws found in security products from AVG, Symantec and McAfee

Aodhhan
Bronze badge

Re: Flaws found in Windows API

You can not be serious.

Externally facing OSs has nothing to do with this vulnerability. Apparently, someone has an agenda, is blindly ignorant, or both! You think you can just see a Microsoft OS box, yell, "Weeee... I can take advantage of this vulnerability"?

There are many ways AV applications use to review code. Hooks during dynamic testing of the code is just one method. It's a little more complicated than just looking for a bunch of NOPs in memory.

I have no favorite OS. However, as a penetration tester I will say this... I have more success against externally facing *nix systems than I do externally facing Microsoft systems.

4
0
Aodhhan
Bronze badge

Re: AT WHICH POINT...

...will you get off your *nix high horse and realize this isn't an OS problem. Apparently, you're so stuck on *nix, you don't understand exactly what is going on here.

I'm not partial to one OS over the other, but realistically, I'd put the Windows OS up against *nix for memory hooking/corruption monitoring any day. So will any other penetration tester. So fuzz up your favorite *nix application, and if you look hard enough you'll like find somewhere you can stick a NOP sled and have it point to your favorite malicious code. The only thing keeping someone from taking advantage of it, is the very endpoint software you are so epically calling, "bloated".

...or stick to your barebones *nix OS and run your favorite application which does just a few things or was compiled in 1988.

3
1

For $800 you can buy internet engineers' answer to US government spying

Aodhhan
Bronze badge

Or...

Necessary if you move a lot of data. If not, the cheaper alternative is to use host-host with certs kept on a USB key. Realistically, if they really want the equations to move faster, they will need more processing and memory put on the device.

FIPS140-2 protocols and ciphers will likely be the norm on these devices. One thing to remember about FIPS 140-2 encryption, is that they only show what is usable by the US Government for top secret and below. For information above top secret, encryption is governed by a different set of publications.

Meaning, state sponsored intel agencies can likely crack the encryption within several months.

When it comes down to it, the easiest way to get past encryption is to get on the box itself. You can put millions of dollars into encryption, but if you click the wrong thing on the Internet... it doesn't matter.

So as an individual, if you really can't wait to shell out the money for this device... you likely haven't done a proper risk assessment, or you have more pride than brains.

1
0

Governments Googling Google about you more than ever says Google

Aodhhan
Bronze badge

not really...

If there are 100,000 people in a city, how many of them do you think are likely to be criminals? I'm betting it's a lot higher than the 1:10000 ratio.

0
0

Hardball hacker thrown in the cooler for 46 months for guessing rival team's password

Aodhhan
Bronze badge

I agree it's a bit harsh. People who have stolen databases with credit card numbers, other fraudulent acts, or your last name is Clinton receive less or no time.

2
1

World-Check terror suspect DB hits the web at just US$6750

Aodhhan
Bronze badge

Value

Bitcoins aren't valued on anything. Nobody uses them as an investment, since they aren't backed by anything and there is no guarantee.

The value goes up and down based on demand and to ensure the company itself profits; i.e., a commission.

If some wealthy companies find the need to use bitcoin a lot, the value goes up due to demand. If the number of companies/individuals using Bitcoin services goes down, the value goes down. It's this simple.

Companies don't invest in bitcoins because it's too risky and volatile, and they don't buy a few bitcoins in case they are hit by ransomeware. Why would they? It would be wiser to put money into an investment which is a lot less risky and more likely to provide a profit. Then purchase bitcoins as needed.

0
0

Maxthon web browser blabs about your PC all the way back to Beijing

Aodhhan
Bronze badge

There are no safe browsers.

Inherit to the protocols used by browsers, you can't keep everything secret. Even if you refuse something coming into your browser, it tells a tale.

Using the Internet is a lot like going outside in that you cannot expect total privacy.

..and get a grip when it comes to the NSA. If you live in a NATO country, your own government does more spying on your country than the NSA does. In many of them, they don't even require a warrant to do so.

3
1

McCain: Come to my encryption hearing. Tim Cook: No, I'm good. McCain: I hate you, I hate you, I hate you

Aodhhan
Bronze badge

Seriously?

I don't agree with the senator when it comes to allowing back doors for encryption, but don't trash someone who was a POW. Especially when news comes from crappy internet web sites with no credibility, no proof, and isn't picked up by a national/world media organization. To do so only makes you a hard headed partisan whose brain is so closed you're no longer able to think for yourself or think critically.

In all reality, Cook missed an opportunity to be the opposition voice for this... because of his apparent hatred of anyone who wants to mess with encryption. Because of this, it really p$$@#! me off he didn't show. Cook has more than enough experience and knowledge to have answered any questions thrown at him, and given a chance to provide light on a the subject. Congress isn't a bunch of computer nerds, so without testimony from opposition (which is done all the time).

McCain is equally boneheaded because he is focusing too much on Apple, instead of working a few other angles; which in my view would do him more good... but I must admit I'm glad he isn't!

It's also apparent people don't understand the 5th amendment and when it can be used. When asking questions to put together facts, and the questions aren't geared towards pressing charges or criminal acts... the 5th can't be used. This should be obvious. Nobody is saying Cook has broken the law, he's just standing up for what he believes to be an infringement on his rights.

1
0

World's worst exploit kit weaponises white hats' proof of concept code

Aodhhan
Bronze badge

Security is not a myth.

In the most general terms, security is: the act of protecting something valuable. You can add many different types of "security" to a door, room or a network; therefore it isn't a myth. It exists.

Absolute security however, cannot be accomplished. There will always be a weakness if you want access to the valuable. This doesn't make it a myth.

Anyone in cybersecurity knows this and before deciding on what security measures to employ first complete a risk assessment. There is no need to spend $40,000 to protect $1,000 of valuables.

To protect something, cybersecurity employs defense in-depth which are security measures placed to protect something and add protection on top of other protections. Again, security. Some protection methods are better than others, some are more expensive to employ than others.

To make the point, security by obscurity is another security measure used. Therefore, it isn't a myth. Code is obscured all the time to make it more difficult to RE. This doesn't mean it will protect the code forever... it's just another measure employed to make it more difficult to bypass the security measure.

What creates the illusion you speak of is the fact hackers only have to get it right once against millions of systems connected to the Internet. For the most part, hackers are a lot like water in that they follow the path of least resistance.

I think you can figure the rest from here.

4
0

Euro IP study finds 25 Tor-and-Bitcoin-loving pirate business models

Aodhhan
Bronze badge

Well...

This is 3 minutes I'll never get back.

0
0

Silently clicking on porn ads you can't even see – this could be you...

Aodhhan
Bronze badge

You wouldn't be guilty if you're a Clinton.

1
0

Hackers steal millions from ATMs using 'just their smartphones'

Aodhhan
Bronze badge

You're all smarter than this

If banks didn't take IT security seriously, considering the number of ATM machines there are, there would be 10-20 thefts a day. Since in most countries, the bank takes the bite for any ATM hijacking, they do take it seriously.

Some banks may not take it as seriously as others, but in most larger countries, banks have gone all out to protect ATMs.

You should also know, there isn't anything which is hacker proof. NOTHING. Especially any system with external customer facing interaction, and a huge box holding a computer which goes through quite a few hands from when it leaves the factory until it gets placed into operations. So, plenty of time for someone to gain access and introduce something. A lot of companies may not take supply chain security seriously, or can be bought. You all can figure it out from there.

1
0

OpenSSH has user enumeration bug

Aodhhan
Bronze badge

Hopefully...

Not a huge issue in my book. If you're exposing port 22 or any other comm port externally... you have bigger issues to worry about, and by now... most host based firewalls should only accept comms from other internal systems; hopefully, along with a log management system which sends out some sort of notification after 10 consecutive login fails. Yes, I know this can be irritating when decommissioning servers.

1
0

Chinese hacker jailed for shipping aerospace secrets home

Aodhhan
Bronze badge

Light Sentence

It does seem a bit light, but the information was classified "For Official Use Only", no secret or above information was stolen. I wonder though, before the arrest, how much misinformation they planted into the system which was then transferred to China?

1
0

ANZ Bank staffers drop slick incident response tool for Mandiant mobs

Aodhhan
Bronze badge
Thumb Up

Nice Article

Mr. Pauli... I normally bust your chops, this one is nicely done.

1
0

Critical remote code execution holes reported in Drupal modules

Aodhhan
Bronze badge
Joke

Re: "The Coder module [..] does not need to be enabled in order to be exploitable"

You must be joking. In the past year, Wordpress had vulnerabilities which were around for more than 90 days. This isn't impressive... especially when PoC's are available within days of the notification.

Wordpress is also popular for hacking due to the number of tools built specifically to interrogate the application for vulnerabilities.

What also makes it dangerous is the number of add-ons available and who builds them; which increases the number of attack vectors to go for.

The modules are much easier to reverse engineer than the main application itself. It's also the addons which typically have the long patch times. These are also much easier to create attack modules for... which allow just about anyone to successfully attack.

Dangerous claim to make if you're not well versed in these matters.

1
0

Webpages, Word files, print servers menacing Windows PCs – yup, it's Patch Tuesday

Aodhhan
Bronze badge

Re: Wait until the weekend to install

Spoken like someone who hasn't coded anything beyond, "Hello World", and doesn't understand anything about exploiting applications, outside using Metasploit.

0
1

Meet Riffle, the next-gen anonymity network that hopes to trounce Tor

Aodhhan
Bronze badge

Okay so...

If you think the US government doesn't already have the code, then you're not much of a thinker.

The more something bounces around the slower the responses and more likely there will be collisions. Which means, follow the error messages back home. It is using TCP after all.

I'm sure this will be secure for a while. However, you're mistaken if you think most nation states won't have this cracked within a few years.

1
1

VPN provider claims Russia seized its servers

Aodhhan
Bronze badge

Re: Snowden criticises the new laws

Really... quoting Snowden on economics? This is just ridiculously stupid.

Better would be to find out who he is getting the information from and then check on it.

1
6

US drug squads told to get a warrant before tracking mobile phones

Aodhhan
Bronze badge

In all likeliness, the DEA realized this but whomever was the officer in charge was ignorant to the differences between a normal cell phone warrant to listen in on conversations (which was granted), and setting up their own cell tower to track it.

The DEA could have gotten a warrant in less than 30 minutes, and already had more than enough information to convince a judge. So, I don't believe this was laziness it was ignorance.

So now, whenever law enforcement asks for a warrant to listen in on cell phones, they will add tracking and setting up mock cell towers along with it. Not a huge or crazy case.

0
0

50 CELEBRITY SECRETS EXPOSED scores year behind bars

Aodhhan
Bronze badge
FAIL

Yet another

C'mon Pauli. Yet another horribly written column. He was sentenced to TWO years, but given one year credit for time served.

The major crime with this as addressed in court and documents is SWATTING, and should have been the main subject.

Given this is the first time a sentence was handed out for SWATTING, it sets a precedence from which to work from. Again, this should have been a higher profile event in your column.

Please stop. You can't do technical and you can't do legal.

13
1

Chap fails to quash 'shared password' 'hacking' conviction

Aodhhan
Bronze badge

Some judges are so ignorant...

Judge Stephen Reinhardt is a technological idiot. Accounts and privileges provided to employees to access systems aren't owned by the employee, they are owned by the company. If an employee provides the keys to a building over to someone else and this person gains access with malicious intent, he will be prosecuted for trespassing among other things. So, why would turning over a password, as well as using another's password be any different?

An employee isn't given permission to give access to an employer's assets (in this case, enterprise network) to another person.

I'm sure if Judge Reinhardt's maid gave a copy of his house key to a friend, or even allowed the friend complete access to his property by opening the front door... he'd be rather upset.

The 9th Circuit is infamous for it's far left-sided decisions and often doesn't read the intent of the legislative law as written. Reinhardt only looked at the possibility of something which is out of the scope for this act, as well as attempting to change the law by adding a possibility. Something judges aren't supposed to do, but have started to do so with alarming frequency.

3
0

EU uncorks €1.8bn in cybersecurity investment. Thirsty, UK?

Aodhhan
Bronze badge

Yeesh... seriously

One of the things which drive me crazy about the EU. Pay a huge amount of tax to fill their coffers, and allow them to make a decision on where it goes without any representation or say from the people. It's shocking to me, for the size of the UK government and what they plan to do are going to invest nearly 2 billion Euro into this without providing more details on exactly where and how the money is going.

Realistically, I don't think 2 billion Euro + 6 Billion Euro (from business) is enough for their plans to equalize cybersecurity throughout the EU. So get ready to have your taxes increased to pay for this. Germany, France, The Netherlands... be ready to see most of your EU taxes go towards smaller EU countries which, according to the plan, will need to be funded so the EU isn't so 'fragmented' concerning the cybersecurity industry. Talk about stupid. Probably 60-70% cybersecurity corporations and startups are located in California. There is no need to spend money to startup companies in Alabama, Iowa and Wisconsin.

Bringing in the US's proposed increase in federal spending on cybersecurity isn't exactly a great comparison to look at. First, it doesn't fund research, development or private industry at all. Second, It doesn't concern building small corporations and balancing where things come from.

The US typically doesn't fund private industry improvement of cybersecurity. If a company needs to put money into this, it can fund it from profits or sell stock. A lot of congressional representatives were axed during the 2012 elections. Largely due to spending money on bailing out large corporations and banks, while the economy was stagnant and unemployment rising. Nobody helped bail out the citizens.

So I understand spending money to improve the cybersecurity throughout the EU governments, but not private industry. I don't blame UK for leaving... it was the right thing to do for the people. It also allows them to put money where they want and need to, like military defense... something the EU has allowed to dwindle.

1
0

One in 200 enterprise handsets is infected

Aodhhan
Bronze badge

Re: All of them are

While I don't necessarily disagree with what you've said...

Not opening the applications doesn't keep you safe. It just keeps unpatched applications on your phone. Think about it.

If you don't need it... remove it (Security 101)

If you purchase a phone from an ISP, have them remove it or go to a different company who will.

I've used 4 different cell companies, and all have removed the apps. They just won't change their firmware.

Still no luck? Then jailbreak and remove it.

0
0

Klepto Zepto could steal millions in looming ransomware wave

Aodhhan
Bronze badge

Just goes back to the old saying...

Whenever you provide defense in-depth in order to make security idiot proof; someone builds a better idiot.

Yes yes, thank you all for the obvious, "lock down the system". A little hard to lock down a system to where a user doesn't have any privileges on the system or their own file system.

In a corporation or business which only provides cybersecurity training once a year, approximately 20% of users will still open the email.

1
0

Researcher pops locks on keylogger, finds admin's email inbox

Aodhhan
Bronze badge

Re: Located or Accessed?

You're better off going to the source or searching for information on the subject whenever Darren Pauli writes an article. His apparent need to write cute metaphors which often don't work, poor grammar, inability to put together a sentence correctly so a reader can identify the subject, verb and object... are just a few examples of his writing weaknesses.

Adding to this is how he doesn't seem to correctly grasp the technical aspects of the subject. This leaves readers having to go back over what is written more than once in order to make sense out of things.

2
0

Russia, China fight UN effort to extend human rights onto the internet

Aodhhan
Bronze badge

Re: Absolute BS

You're either a liar or spent your time in China with the oligarchy. The people know too well the corruption which exists and the control of information by their government. Not to mention, there are some very smart citizens made to work in box factories making crappy off-shoot items. Imagine if you were put in this position.

Most people in China/Russia countries despise their governments, but love their country. If western culture is so hated in China, there wouldn't be the boon there is now with western items an increase in things like automobiles and other technological advancements seen as having a western origin.

What China and Russia both do very well is control information. They don't want anything getting into their country which will contradict what the government says. As long as people are told this and that and there isn't any opposing information getting in to provide objective thought, the people remain ignorant. In short, they don't know what they don't know. This is how the government wants it... not the people.

The majority in Russia and China eat up whatever information they get from the west. They aren't stupid. Like any other nation's citizens, they want to learn and hear what's going on in the world.

Finally, most American's want the government to stay away from the Internet as much as possible. They want absolutely no regulations, no control, no say from the politicians on how it is used, what is put on it and security requirements. The only one thing they will stand for, is regulating protection of people and their assets.

2
2

InfiniBand-on-die MIA in Oracle's new 'Sonoma' Sparc S7 processor

Aodhhan
Bronze badge

There is a reason...

...almost every datacenter I know of has or is in the process of dumping Solaris.

Not to mention it's an Oracle product. The company has a poor history for timely patching, and isn't exactly teamed with genius' to help when there is a problem.

2
1
Aodhhan
Bronze badge

Re: It's SPARC

Really, you want to play grammar police with all the errors in your statement?

To quell the capitalization of 'internet'.

It's capitalized if referring to the name of the world wide web encompassing internet (proper noun).

It's not capitalized if referring to a connection to a group of computers or when using the word in general.

0
0

Alleged Brit hacker Lauri Love bailed amid US extradition battle lull

Aodhhan
Bronze badge

Really you want to mock the USA's educational system?

What am I saying... This is a battle of wits with an unarmed person.

1
2

Hopeless Vic agencies have two years to hit infosec best practice

Aodhhan
Bronze badge

Another lazy and poorly written article.

Big shock... and it takes a whole page to describe:

Agencies in Victoria currently have poor information security policies and procedures. They have been given 2 years to correct, implement, and maintain industry guidelines.

<Link to the pdf>

Tada.

0
0

US Senator Wyden: Why I had to halt FBI's latest internet spying push

Aodhhan
Bronze badge

A democrat stepping against the president. Amazing!

Look, it takes 15 minutes or less to get a warrant as long as you have what's required or have MI6 do it; they don't have to worry about warrants in the USA.

2
0

Play Store malware roots phones, installs an app every two minutes

Aodhhan
Bronze badge

Re: Detail please

This is one of the worst and laziest column writers on the Internet. Don't expect too much from Pauli. He's more into trying to come up with 'snappy lines' to display his ignorance in computer security, than in providing actual information. He'd probably do better, if he had a good technical background to know what information he needs to provide, what information is important, and what it all means when put together. Sadly... no dice.

6
0

Visiting America? US border agents want your Twitter, Facebook URLs

Aodhhan
Bronze badge

What, so they can blame another Benghazi on one of our videos?

This is what we need, to have a political party which lies, misleads and insists everyone else is uneducated and clueless wants to get access to my social media. Yeah, that's great.

The next time a terrorist does something, they can then randomly find something on your Facebook, Twitter, etc. page and blame it on the video you posted of your child playing baseball instead of soccer.

0
0

Botnet-powered ballot stuffing suspected in 2nd referendum petition

Aodhhan
Bronze badge

It's not democracy when...

...people who aren't elected make the decisions.

...people who make decisions don't listen to those who live in the respective location, country, etc.

...there isn't a large vote on a decision, which includes representatives who look at how it affects people in a certain area.

...leadership over-plays hype and uses fear to overcome popular ideals of the people.

Once the general population loses voice on any decision affecting the nation at large. You've lost democracy. I say democracy is worth any pain you may endure so long as the people maintain a voice.

A few ignorant leadership members in Brussels wants to make decisions about a country without providing any extra resources or money to deal and support their decision. So now a tax has to be levied to support it. Taxation without representation.

I say, KUDOS to those who voted to get away from EU. It takes bravery to face the fear which has been shouted and threatened upon the people. It takes intelligence to see thru the BS.

14
7

NASCAR team red-flagged by ransomware attack

Aodhhan
Bronze badge

Really... ignorant about NASCAR?

Let's see, a NASCAR originating team (Chip-Gannasi) just won LeMans using a Ford. Which hasn't been in the race for 40 years; kicking Farrari's arse with ease. Other endurance drivers which have been winners (Corvette teams) also race in NASCAR. Such as Dale Earnhardt Jr.

F1 Racing.. really? You know who will win the race by the 3rd lap. I see more passing in the hallways of a retirement home. Not to mention the yellow flag rules in Europe, don't exactly make things exciting.

NASCAR isn't regional. It's followed all over North America, Australia and a few other regional countries.

American owned racing teams or drivers are at the top of quite a few racing leagues. Even those which run all over Europe. Including rally cross.

Finally, it isn't just a NASCAR team which can be ignorant to computer security. Many corporations throughout the world fall victim to this without backups.

It doesn't take a genius to yell out "NO backups, stupid?". So really.

0
0

Revive revived: Oculus DRM push shattered as DIY devs strike back

Aodhhan
Bronze badge

I'm not impressed by Oculus. The VR product is buggier than an candy bar on the ground.

No. It's not acceptable to bypass DRM for operability. If it was, there wouldn't be any DRM, because nobody would use it.

I think in the long run this will hurt Oculus. Many games which could be well suited for a VR environment may not happen because of this. Such as any games with a Hollywood movie as a base. Hollywood is a huge proponent of DRM.

If Oculus' code is so poor. All the bugs, plus having to bypass DRM... what other problems are there. How secure is their code? What attack vectors are now available due to poor coding?

No, it isn't a company trying to shut down competitors... wow, silliness. It's about poor coding and QA practices. If I pay for a product, I want it to work properly and not have to jimmy it's way around things to do it. I definitely don't want the coding to be so poor it may introduce or allow the introduction of vulnerabilities.

0
0

Drubbed StubHub carder grub guilty, faces 12 years in cooler club

Aodhhan
Bronze badge

Yeah, have to wonder about the A$ as "1337" :)

1
0
Aodhhan
Bronze badge

Re: But ... but ... but ...

Genius at work.

The law doesn't provide a favor to criminals because protections weren't in place. In most countries this applies to anything, left anywhere at anytime; and no matter how you came to possess it.

Even if a 3rd party is negligent in handling any property which is stolen.

Besides, there are likely thousands of transactions handled a second. Many times... a web service handles different transactions to the same IP address... especially when most companies use one or two IPs and have thousands of employees. You get the picture now. Especially if they don't do it all at one time, which was the case here.

0
0

No watershed: China hacker groups in decline before Xi-Obama deal

Aodhhan
Bronze badge

Pauli...you crappy columnist

Once again, you take the word of only one organization. Instead of using more than one source to collaborate data. Even so, you never investigate the matter fully to figure out why... you just take their word as gospel. WHY is a big part of journalism.

In some circles of state sponsored Chinese hacking against government networks there has been a decline... but nowhere near what is being presented by this article. The real data, Chinese hacking groups and memberships are classified, and even if you received it from USSTRATCOM or CYBERCOM, it wouldn't provide it in this manner.

China works all angles to get around any agreements, and the Obama administration is about as forthcoming with the truth in cybersecurity as they were when he stated you could keep your own doctor or ensuring Hillary maintained government guidelines on her own servers.

If a hacking group reorganizes or changes names and locations... apparently this wayword organization sees this as being removed from the Chinese hacking ranks? Or if they stop hacking US Government networks and go after privately owned networks, they don't show up anymore? Or a few other scenarios I wont name.

Don't be naïve in thinking China is going to stop going after the hard work laid down by other countries. It's what they do. They don't have the research and development budgets we do. Even the cars they develop are knockoffs of something created in the US, Japan or Europe.

They'll switch things up, and numbers will be reported differently, but don't be out fooled for a moment when it comes to China.

1
0

AirPort owners: Apple's patched a mystery vuln

Aodhhan
Bronze badge

Pay twice as much...

...and wait twice as long for a patch. This has long been the mantra of Apple.

Perhaps they should lower their public affair budget so they can increase development and testing.

1
2

Password reset: 45 million creds leak from popular .com forums

Aodhhan
Bronze badge

Probably...

Due to the number, this has to do with an application poorly written to provide a 10 digit password which is semi-complex, for either initial registration or password reset.

I'd go with the latter, if the programmer was lazy. Instead of putting in a random generator to come up with something complex to add it to the database, send out an email, etc. He used a wordlist of around 20-30 preset passwords, which probably rotated.

This is why you have an independent person check out code before release!

0
0

Smut shaming: Anonymous fights Islamic State... with porn

Aodhhan
Bronze badge

Better would be to...

...put links on their pages to sites which install ransomware. You know they'd click yes to anything from a fellow islamist.

6
0

Microsoft releases open source bug-bomb in the rambling house of C

Aodhhan
Bronze badge

Re: C is not an applications programming language

Spoken like a computer end user who is only aware of the "programming for grandparent" languages like visual basic.

C or rather C++ is still widely used as the basis for many applications, especially those requiring speed and high end calculations. Many applications used to build the console and online games (you apparently spend too much time on), are written in C++.

Applications used to conduct bank transactions are written in C++ and others use FORTRAN... yeah I know you don't know what this is.

Just because you see a front in GUI in Windows doesn't mean it's mostly written in C#.

So.. shut off your gaming console, burn your nasty collection of 4 year old t-shirts, and leave your mother's basement. You just might learn a bit more about programming languages. At least you might do a bit more research before posting.

3
0

Page:

Forums