* Posts by Mad Chaz

214 posts • joined 9 Dec 2009

Page:

Sophos' putrid patch snuffs Citrix kit, kills call centre

Mad Chaz
Childcatcher

Well, consider the following.

Most citrix setup, especially in a call center, aren't internet facing. This means they aren't exposed to the internet. So the kind of encryption used in the connection, if it's going over LAN, is relatively unimportant. So patching for a SSL vulnaribility isn't that much of a security priority.

The vendor did not provide the complete information on the patch. More specifically, on a component of the patch they should have known could cause very big issues.

While I can't condone the corporate policy of always having the oldest software you can get away with, the vendor is really who failed here.

1
0

Hackers exploit fresh PC hijack bug in Adobe Flash Player, the internet's screen door

Mad Chaz
FAIL

Re: So the internet is actually

No No No No. We all know the internet is a bunch of tubes. And what's in tubes? Water!

So our problem is adobe sprung another leak ...

3
0

Canada to ICANN in dot-sucks dot-rumble: Take off, you hoser!

Mad Chaz

icann.sucks

Wonder if that one got registered already ...

5
0

NSA: 'Back doors are a bad idea, give us a FRONT door key'

Mad Chaz

Re: Plug that leak

except of course those 5 pieces will need to be put in one place at some point, to use it. What keeps the spooks from remembering the 4 other pieces exactly? It's not like a bunch of characters can be copied ...

Not to mention, it'll have to be all there in the devices. Not like we ever heard of someone extracting keys from hardware. DVD and blue rays are still impossible to copy, right?

5
0

PHYSICS APPLECART UPSET as dark energy disappears, Universe slams on brakes

Mad Chaz

Re: Science is self-correcting

I don't think I ever read a scientist's words as saying what you accuse them of. I think you're confusing real scientist with your local "religious scientist" nutter.

13
7

FTC: Hey, Network Solutions, time we had a chat about 'refunds'

Mad Chaz
Coffee/keyboard

Re: I can only think of this...

have an upvote. Also, see icon.

1
0

Sony tells hacked gamer to pay for crooks' abuse of PlayStation account

Mad Chaz

How to contradict yourself

" due to the nature of digital content, in that it is made available immediately and cannot be returned"

But we can cut off access to any and all content on your account and everything linked to it. So what exactly prevents them from, say, removing that ONE game from his account and removing the charge? What did this really cost them? After all, no physical media was send to him, just some bandwidth was used. Removing the game doesn't even cost bandwidth.

So basically, Sony is saying they are unable to make a button allowing the call center drone to make a simple SQL statement in the database to remove the game from your account? Now I'm no game developer, I suck at making pretty things. But I have a lot of programming experience and this sounds like a trivial problem that SHOULD be solvable in an afternoon by any half decent programmer.

No wonder they store passwords in plain text and can't figure out how to keep everyone and his brother from hacking them ...

6
0

Swedish city demands £40,000 to repair teenage hacking spree

Mad Chaz

Here is what this sounds like to me, by telling a story that I think equates to what happened.

You are walking down the street and pass by a local police building. It's got a nice architecture so you go to take a closer look. You see, via a window, highly sensitive investigation files, right in view of anyone who could walk up to the window, like you just did.

You walk in the front door and tell the officer on duty "Hey, I was passing by and noticed someone doing an investigation is leaving the files in plane view of the third window on the right from the door, you guys should be more careful."

Then the cops reply "Sir, you're under arrest for breaking into police property and damaging the building security. Pay up a huge fine so we can install automatic curtains that stay closed at all time on the windows so it doesn't happen again".

Yea ... the public is no longer allowed to point out incompetence in the gouv. That will never go wrong ...

4
0

FCC to Verizon: Blocking 911 calls? That's a $3.4m paddlin'

Mad Chaz

Re: Precisely the point

They can't do that, the competition will take clients away ... o wait, never mind.

4
0

Hello? Police? Yes, I'm a car and my idiot driver's crashed me

Mad Chaz

"aren't supposed to spy on it's own citizens."

I think the last few years as shown us the difference between what they are SUPPOSED to do and what they actually do is about as big as the solar system.

10
0

FCC takes three-month pause to consider massive telecoms mergers

Mad Chaz

" but the FCC is determined to look at all angles in the case before giving it the nod."

And that's the rub here really. Even if everyone knows this is basically the re-construction of old telecom monopolies, the FCC as never been able to put it's foot down and say no.

What is really needed is not to let those corps merge, but to force then to compete. It's a sad state of affairs when the argument for "we should be one corp" is that they aren't bothering to compete anyway.

6
0

Microsoft RE-BORKS Windows 7 patch after reboot loop horror

Mad Chaz

Caused me a very weird issue. The timer vanished on Grub after this patch was installed. Re-installing grub fixed it, but that was weird ...

0
0

Bite my shiny metal Ask: Java for OS X crapware storm brewing

Mad Chaz

I don't understand why people keep installing it. For 99% of users, it's not useful at all anymore. The few who still have to use it are almost all, thankfully, stuck with old antique versions from when JAVA was owned by sun.

5
4

US watchdog: Anthem snubbed our security audits before and after enormous hack attack

Mad Chaz

Private entities SHOULD BE ALLOWED TO FAIL. No private sector compagny should ever be considered too big to fail. As for the clients, if the insurance corp goes under, they can get it elsewhere. And if it goes under, it means it had no fucking idea how to "asses risk". Bit of the bread and butter of insurance companies, you would think.

1
0

VMware sued, accused of ripping off Linux kernel source code

Mad Chaz

Re: Case..

It's been tested in court and proven valid in the past. Just ask Cisco. They ended up paying when they realised the license isn't freebsd. You can't just take the code and do what you want with it.

You can also bet they won't be going the "a license isn't a legal document" route, as it would kind of kill the entire business if they did. A license is a private contract you agree to. It's not law, but a contract is enforceable. They do not respect the terms of the contract, you are allowed to sue. That's exactly what is going on here.

Just because you don't have to pay cash for the code, doesn't mean it doesn't come with obligations.

31
1

New Xen vuln triggers Amazon, Rackspace reboot panic redux

Mad Chaz

"Microsoft, for example, uses a homegrown hypervisor for its Azure cloud."

Microsoft doesn't do planned reboots anyway. It just falls over without warning and they wonder what happened.

3
1

'Lenovo, Superfish put smut on my system' – class-action lawsuit

Mad Chaz

"Right now our main priority is working on fixes to the SDK, once it's ready we can deal with the site and DDOS attach which is not a priority right now,"

In other words, we're hard at work hiding any and all cash we made so we close shop and vanish before someone comes knocking at the door asking questions we'll need a lawyer for.

20
0

Author fined $500k in first US spyware conviction

Mad Chaz
Trollface

"As technology evolves, the FBI will continue to evolve to protect consumers from those who sell illegal spyware."

So when can we expect you to go after the NSA then?

0
0

Lenovo to customers: We only just found out about this Superfish vuln – remove it NOW

Mad Chaz

Re: Orange Alert!

"Which threat? The security threat, or the threat to their bottom line?"

I think it's the threat to the PR director's job that got them moving.

18
0

Post-pub nosh neckfiller: The Red Dwarf chilli chutney egg sarnie

Mad Chaz

Deeper research needed

I think for a proper story, you should trace back the blokes who came up with this brilliant non-sense and ask where they got the idea.

Also, the only thing that could have made Red Dwarf more awesome is more episodes per season. Incredible show. Wish more of it existed.

0
0

New claim: D-Link router exposes unprotected config controls to web – DNS hijackers, ahoy!

Mad Chaz
Alien

Re: ISP DNS

I was going to say something among those lines. Makes me glad the only way to get into my router involves ssh on the right network interface.

What's really sad is this is the kind of stupid mistakes any kind of even 1/10th decent quality assurance would have found. I mean how hard is it to just run a port scan ONCE on the firmware before you burn it on thousands of devices? Hell, there are websites that'll do it for free for any idiot who wants to just try.

Doesn't even involve making sure your webpage doesn't let you change things without first entering the default username/password.

When are we going to make these people to issue recalls? No, a firmware update no one will install doesn't cut it. Force them to take the kit back and feel the financial pain.

Alien, because it's colder then it as any right to be here, these people are stupid and I don't want to live on this planet anymore.

Makes me want to bang my head against a wall.

3
0

Why so tax-shy, big tech firms? – Bank of England governor

Mad Chaz

Re: Common Tax Delusions

Except corporations are "people" now, so along with all the perks that offers, they have to pay taxes on PROFITS. IE, on the money they made on the product. It doesn't change the price of producing the product, just how much profit the corporation can make on it. (you make more, you pay more taxes)

It's a way of redirecting wealth concentration for the greater good. In theory, that is what taxes are supposed to do. You make those with more money pay more so you're taking the money where it will hurt less people to produce value for all in the form of public infrastructure and services. This then profits those who have more money because the lower classes can get more done. That's the theory anyway.

In practice, it's now turning a lot more into a way for the rich to get richer and keep others poor.

You know that's bad when even a BANK BOSS says so.

1
0

Video nasty: Two big bugs in VLC media player's core library

Mad Chaz

Lister: We’re on a mining ship, 3 million years into deep space. Can someone explain to me where the smeg I got this traffic cone?

Cat: Hey, it’s not a good night unless you get a traffic cone! It’s the policewoman’s helmet and the suspenders that I don’t understand!

2
0

Apple lawyers fight to silence dead Steve Jobs: 'No right' to hear him from beyond the grave

Mad Chaz

Gota love how a story about Jobs is now completely taken over by 9/11 ranting.

0
0
Mad Chaz

Re: Not strange to me...

True, but a single manager can force 2300 architects and engineers to make the same bad decision.

0
0

WHOMP, there it is: Seagate demos Kinetic disk drive

Mad Chaz
Coffee/keyboard

"Seagate says its fancy drive is getting support from various respectable businesses like AOL"

AOL? Really? I mean AOL backing this product is enough reason NOT to want it all by itself. If AOL is interested, it MUST have fail writen all over it.

Seriously, you owe me a new keyboard after writing something like that.

0
0

Buggy? Angry? LET IT ALL OUT says Linus Torvalds

Mad Chaz

Re: So he admits it

Or Jobs. Rumor as it he was one heck of an asshole to work for.

12
0

VMware wins cool reception for two-CPU eval software

Mad Chaz

lots of home lab use KVM, almost entirely because of price.

Sure, it doesn't let you play with VMware's latest toys, but it's free and does what you need it to do for a home lab.

2
4

US drug squad cops: We snooped on innocent Americans' phone calls too!

Mad Chaz

"The agency is no longer collecting bulk telephony metadata from US service providers."

In other words, we've hired a third party private company (staffed by friends of XYZ) to do it for us. It's more expensive, but it allows us to say we're not doing it ourselves anymore.

5
1

Lazy FTSE 350 firms think lawyers can fight off cyber-security worries

Mad Chaz

Re: insurance

Once again, until top management can be held criminally and financially accountable for breaches, this will never get fixed. The people with the power to do something need to be the people held responsible when they do nothing.

8
0

Can't stop Home Depot-style card pwning, but suppliers will feel PCI regulation pain

Mad Chaz

The blame game and lack of responsibility.

The issue is that the people who COULD force the proper practices are the very ones who have all the incentives not to. The people in charge of IT are, 999/1000 of the time there to keep the budget to a minimum and rarely know how to even turn the color box on without help.

So it's "I can save here, here, and here" instead of "we have to spend X on this or we could face Y in the future".

When the penalty for a BREACH is you loose the ability to process payments until you can SHOW you took proper precautions to convince a third party you did your homework properly, as well as LARGE fines if you fail to disclose any such breach and are found out, we'll start to see some pro-active managers.

Until the idea of loosing the consumer's data equals "we will loose the entire buisness and I will not only loose my job, but also my golden parachute and I might face jail time if we don't do this right " in the mind of the people paying and approving the expense, it will continue to get worst.

2
0

Norks SCOLD Prez Obama over Sony mega hack payback sanctions

Mad Chaz

So human rights violation, torture, crimes against humanity = OK, no probs.

Hack a film studio that can't take basic security measures and keeps getting hacked like hell = sanctions.

Never mind if they actually did it. Even if they DID do it.

.... I don't want to live on this planet anymore.

19
2

Prez Obama slaps sanctions on Norks in payback for Sony hack

Mad Chaz

I blame sony. They failed to learn from past mistakes and have been hacked so many times in the past, it IS starting to look like the "victim"* is to blame.

*the real victims are the people who's info was stolen and who's life might be ruined by this, but I mean Sony here.

They seriously need to step-up security over there.

17
1

JPMorgan Chase mega-hack was a simple two-factor auth fail

Mad Chaz

I wonder when someone is going to wake up and realize all these "big scale hacks" are basically the money men leaving your private details in a box on the side of the street and claiming "someone stole our shit".

They blame technicians now, but who wants to bet this "server" was some director's old vpn entry point and the guy was too stupid/pig headed to change how he connected to the network from home on his windows XP laptop (they forced him to give up his windows 95 when the HDD died, but he screamed then too)? He'd probably convinced some "security manager" it was perfectly safe by bugging him until he gave up in frustration?

As for the "It's all TCP/IP's fault" AC, you're missing the point entirely here. Sure, we could have a better protocol then TCP/IP. It sucks. But even that would not do squat against the kinds of vectors this was done by, IE, old uncared for boxes that should have been retired 10 years ago, but with someone in power who "can't live without it", in the network. You will also always have machines that need to access other stuff (users talking to servers) and those will have to talk to all those different protocols, increasing the surface of attack IT staff have to maintain over the entire park. So more of a "loose loose" situation. This wasn't a protocol attack. This was a "we keep the door locked with just a rope and a do not enter sign" kind of attack.

The real criminals are the people who didn't take basic precautions. Those are the ones who should face a day in court.

0
0

Judge kills Facebook's bid to dismiss private message sniffing case

Mad Chaz

To me, this sounds like one of the first time an online service's T&C is likely to get a proper look at in court. Could be interesting.

14
0

Google sues Mississippi Attorney General 'for doing MPAA's dirty work'

Mad Chaz

Re: Only in America

Not for asking too many questions. For working for the studios. He's not supposed to be on special interest's payroll.

69
3

Sony hackers dump more hunks of stolen data, promise another 'Christmas gift'

Mad Chaz

Re: They are done

Last I checked, Apple and MS never released music CDs that installed malware in your computer if you so much as put the disk in.

7
1

Canadian watchdog goes to court to probe Apple's iPhone deals with mobe networks

Mad Chaz
Childcatcher

Conservative gov

I, as a proud Canadian, have full faith that justice will be rendered on by our wonderfull federal gov ... oh, this is the same gov that tried to make it illegal for fixed line ISPs to offer unlimited data usage to try and kill the small re-seller market? Right ...

4
0

It's a bad day to be Serco's CEO... or an investor, come to that

Mad Chaz

"significant advances in public sector contracting <...> that transfer substantially more risk to suppliers. "

In other words, we bid a lot lower then we knew it would cost to win the contract and got screwed over when the gov actually expected us to deliver at the price we said and didn't approve all the cost overruns we had planned.

7
0

'Tech giants who encrypt comms are unwittingly aiding terrorists', claims ex-Home Sec Blunkett

Mad Chaz

I'd suspect a fan of gulags. I wouldn't want something I like associated with that man even remotely either.

1
0
Mad Chaz

Quote: Tech companies who provide encrypted – and therefore secret – communications online <...> foster fear and instability around the world.

What I heard after: And we can't have that, because only government is allowed to do this!

Here is a clue. Maybe everyone is starting to get affraid someone's listening in, not just those you call bad guys. Cause, you know ... bypassing due process and law and all.

5
0

BOFH: SOOO... You want to sell us some antivirus software?

Mad Chaz

Re: Simple comment...

What kind of haircut did he have? I wouldn't be surprised if it as pointy ...

7
0

Ex-NSA lawyer warns Google, Apple: IMPENETRABLE RIM ruined BlackBerry

Mad Chaz

it helps them figure out what due process is so they can bypass it

2
0

By the way, Home Depot hackers also grabbed 53 million email addresses

Mad Chaz

I think it's about time laws were put in place so people who react like they did get jail time.

"We sale hammers" is not an excuse for crap IT practices when you handle people's financial information., yet it's unfortunately a very common kind of excuse. I've even seen IT stores fall to this way of thinking.

2
0

Data protection laws come to the rescue of poor, underpaid UK MPs

Mad Chaz

Re: Monitoring

Because you can't then resale a 1 bedroom flat you rented and make a profit out of it. You buy a house, let the idio ... taxpayers pay for it, then sale it and pocket the difference.

4
0

UNIX greybeards threaten Debian fork over systemd plan

Mad Chaz

Re: the "fun" part about systemd

Having spent the last 10 years supporting Windows machine(server, desktop, you name it), I know entirely too much about it for my own taste.

0
0
Mad Chaz

Re: the "fun" part about systemd

You make it sound like installing gnome is a must. If you want gnome, yea, you are stuck with systemd. That's systemd and gnome's fault, not gentoo. A lot of people who run gentoo are also likely to use something else then gnome (if they have a GUI) and the default installation manual still recommends using openRC.

0
0
Mad Chaz

the "fun" part about systemd

Is how much it wants to do. Explain to me why an init system needs (yes, it's required) an http server running?

Systemd is basically trying to take over the entire software stack. The attitude of the devs speaks volumes about this too. You find a lot of gems in the kernel mailing lists. The Gentoo Linux forum as been rather alive about this topic, as the maintainers of the distribution refuse to make systemd the default (it's an option, but not default) and a lot of the users agree with the choice.

Systemd is a lot like the windows registry. Lots of binary blobs you can't read or fix if things go wrong. Most linux users would rather the system took 10 more seconds to boot and be sure they can fix it if something goes wrong. It's not like we reboot our machines all the time.

70
0

Nadella's Karmagate howler was response to MICROSOFT BOARD DIRECTOR – report

Mad Chaz

Re: Is he a bit out of touch?

“That might be one of the initial ‘super powers,’ that quite frankly women [who] don’t ask for a raise have,” came the jaw-dropping reply. “It’s good karma. It will come back.”

Works for men too. What karma does when it comes back is land you with more work, more responsability and not a single cent more, because if you aren't asking for a raise, you must be happy with your salary!

It's like he's drinking the "trickle down" economy kool-aid.

7
2

Prez Obama backs net neutrality – but can't do anything about it. Thanks, Obama

Mad Chaz

Re: We know that

I think it's more ''Please don't hand the next election to the republicans by pissing the electorate off, our finances can't afford it right now" is how I'm reading it.

But I'm not from the US, so what do I know?

2
4

Page:

Forums