1266 posts • joined 7 Dec 2012
Re: and best of all ...
"Somebody screwed up and didn't get this classified quick enough."
Do you mean something like, the NSA and GCHQ has ordered 15 billion "demonstration units" with specific modifications installed?
Re: Swiss cheese?
True, but when one has *standards*, one has to have a gauge against those standards.
The problem comes when someone takes the scan results at face value, rather than what was verified as a false positive and documented as such, then runs with it to the press.
What goes unremarked is, are these systems network isolated, hence the common vulnerabilities would be non-exploitable? Are these systems on an isolated VLAN, where they can only access their peers and reporting servers?
Then, there are a thousand other questions along similar lines, any of which turns the report into bird cage liner.
Re: You see, this is the kind of stuff that discredits government-led initiatives...
What the story does not bother with, nor did the report bother with is, there are times that one is using highly specialized software, where a software patch breaks the piss out of the entire system.
I'm an IA guy by trade, that is Information Assurance. Much of my work is and has been government related.
I've had systems that drove me over the edge, as they *always* popped on vulnerability scans and I had to explain that fact in my reports.
The NA/SA in me sought more data, to find to my horror, patches frequently broke those specialized systems. Things had to be tuned and some vulnerabilities left alone.
Which lead me to see to it that those systems were placed onto a heavily protected VLAN.
Now, you may still object, the reality of it is, it very well is likely that patching those vulnerabilities would create an inoperable control system.
If it's all the same to you, I'd rather have operators able to control those rather expensive satellites.
One can only hope that their IA guy or girl saw to it that said sensitive and vulnerable systems are protected by isolation from the big, bad network.
Because, for such specialized systems, that isn't really that difficult.
I remember trying to install a banking app from my bank, on Google's store.
Bloody thing wanted access to my phone memory, contacts, camera, microphone and a DNA sample from my testicle.
Needless to say, the DNA thing would be acceptable, the rest, nope. I do without their app that desired greater access than GCHQ or the NSA to my information.
Re: George Osborne is the saviour of the Universe
Hawking: "...unlikely to be funded in the present economic climate."
Fortunately, said funding has already been provided, courtesy of many millions of neutron stars and those pesky supernovae.
I stand here, before you now, truthfully unafraid. Why? Because I believe something you do not? No, I stand here without fear because I remember. I remember that I am here not because of the path that lies before me but because of the path that lies behind me. I remember that for 13 billion years we have fought these machines, errr, survived such energetic events. And after Hawking's pronouncement, I remember that which matters most... We are still here!*
*Liberally mutilated from a stolen passage from the Matrix Reloaded.
Re: "If this happened anywhere other than HealthCare.gov, it wouldn't be news"
Heh, in short, they accidentally installed a honeypot.
Meanwhile, the media ignores the hell out of numerous DoD compromises, every government agency having compromises and focuses on a code testing machine that was compromised.
Oh well, any hyperbole to try to kill a first, faltering, half step toward universal health care in the only industrialized nation in the world to not have universal health care.
Of course, the right wing media spout off how universal health care is communism and all of Europe is socialist-communist (they typically cannot ascertain the difference between the two systems) and ignores monarchies that most assuredly not be socialist by definition.
@John Savard, erm, it's a *bit* more complicated than that.
First, you confuse network centric warfare with electronic warfare, which are two entirely different things, that *may* coincide in some operations.
Second, you manage to ignore the hell out of global history in not noticing North Korea *is*, was and will remain a satellite state of the PRC. That news is only thousands of years old.
Strange that you missed the memo, I got the memo around... Genesis.
Re: Hacking into defense nets? That makes me feel safe
"If all the electronic traffic generated by the various militaries is so secret and sensitive, why is it going across what appears to be the "public" networks?"
OK, a primer. First, the traffic is *not* typically over "public" networks. It is over private networks, with various means of encryption, but with internet access.
That leaves a dozen rather sweet spots of vulnerability and more less sweet spots open.
Laundry, food, toilet requirements and more are unclassified and hence, are transmitted on (hopefully) private network connections back home.
Well, that (hopeful) is only that, if a server or certain workstations can "see" said traffic.
Now, here in the real world, food requirements and laundry is the *least* of that which is transmitted on unclassified networks.
One also must include vendors supplying the needs of the defense requirement.
So, what is *your* suggestion?
I'm quite certain it will be outside of mission requirements or general reality.
"Instead, many regime-sponsored attacks are launched from cells based in China, US, South Asia, Europe, and even South Korea."
Interestingly enough, various nations learned the value of buffer nations. China learned of it far, far, far long ago.
The west learns of it at variable lengths of time.
I'm honestly uncertain if the UK or US has the longest record. There were a few gaps, the longest being the US, but some, erm, effort has since been expended...
Re: What's that rattling noise coming from HP?
Save that HP wasn't the *only* source. It's only the only trivially available publicly available source.
But, whatever. I know what I saw in the traffic and logs, you know far better than I, based upon your Twinkie encrusted sofa in mom's basement.
Re: North Korea is ramping up its cyber spying efforts ..
"Luckly, we here in free world have the American NSA and British GCHQ to protect us .."
Well, if it's any consolation, there is the US NSA, the US DoD, the US DHS and more "protecting us".
For every charm there is a countercharm.
For every mousetrap, there is a smarter mouse.
To be honest, today's weapon of WMD is an exceptionally cheap one. Education and network access. No Manhattan project, no adding hydrogen species to the mixture, simple network access and education.
I'm an information security professional and one with US DoD experience watching raw logs.
We'll suffice it to say that I'm rather alarmed, not by this, just overall open atmosphere nuclear testing of information warfare.
The harm that can result from some actions *can* result in the use of WMD's.
For, all sides are village idiots and insist upon pushing things in some ways. It'll only take one off programme individual or group to run it all off of civilized information warfare into ruins.
As in, the nuclear clock should be two seconds from midnight.
Worse, I'm an optimist in my field.
Re: The conspiracy becomes clear...
Sorry to burst your bubble, but I managed to track traffic of some rather serious trolls that were hellbent upon causing unrest in certain regions to this particular entity.
I'll remind you of this: "Although North Korea’s cyber infrastructure may not measure up to that of wealthier nations, the regime is making significant progress in developing capable and technically trained forces..."
The PRC has quite an exemplary cyber operations unit and education programme. Within that programme is various dialects of English, such as UK, Australian, New Zealand and US English educated upon.
It's quite good.
I am unable to go further, due to various NDA signatures.
Apparently, our intrepid author failed to recognize *dictionary attacks*.
Hence, the dictionary of refute.
My personal one is far more extensive, but profanity is quite common.
"...maybe even flying cars one day..."
Who in the hell would want that?!
They can't bloody drive on the ground, I'd hate to see the mess that the average idiot driver would do in the air.
And honestly, I put a roof on the house 10 years ago, I'm not in a hurry to replace it, along with the upper story of my home due to an idiot driver crashing above.
Well, here, in the real world
The NSA *officially* supported the software. Officially.
Then, considering the official mandate of supporting certain people, via TOR.
Meanwhile, I consider the *mission* of the "puzzle palace" and their ongoing mission to meet new encryption and crush it or adopt it.
*That* is the real world.
Some parts are trying to catch up, some parts are forward of that curve, a few adjusting, the "senior management" still fights and is first echelon.
We, in the real world are stuck with licensing of our software, guarding against many enemies, some being part of the US "bad list", some earning their keep onto a watchlist.
For the El Reg correspondent, I'll suggest more research. You've screwed the pooch and missed a much more notable story, as I know from a firsthand basis, if the NSA doesn't want to be noticed, it shan't. That said, I know full well how said agency goes "loud".
Now, if you'll excuse me, I have to phrase something, I *really* need to address a certainand current problem set.
Signature detection doesn't work. Use *our* signatureish BS.
I'm looking on my watch for the blowme button....
Just today I read about Big Blue having a chip with the "brain" of a farking FROG.
If we're currently endangered by a farking frog, we *should* join the dinosaurs!
Never fear, more moron milk will ensue from "above"ish...
Re: So quite a lot of AV not very good?
SSL isn't *that* hard to decrypt. Especially so in a corporate enclave.
But, AV isn't the be all and end all of security. It's the storm door lock, which opens to find the entry door lock of much more complexity.
One line of defense is no defense at all. Ask the French about one line of defense in WWII.
One layers and staggers defenses.
Such as monitoring network traffic, monitoring endpoints, NIDS, HIDS, etc.
For, the zero day can and does await. With a layered and staggered and target oriented defense, one will prevail.
Waiting for AV to detect is a fools errand akin to the Maginot Line.
But, you do what you want to do and your organization desires. I'll stick with what works.
Yet again, Microsoft offers a Forefront * security offering.
With somewhat mixed blessing in *real* security.
Mixed blessing for *any* security product. :/
"China has never been particularly chuffed about the allegations but it is even less amused these days after former-NSA-operative-turned-whistleblower Edward Snowden revealed the extent of the US's data snooping."
Yet then rejects antivirus software well known to be connected with the USA and Russia.
Then, promotes their own malware, erm, antivirus software.
The reality of it is, anyone who has more than an E1 connection is doing it at a national level.
Frankly, the *only* nation I'm aware of that isn't is Somalia. Hell, Libya still is online.
Just get used to it, as I've yet to hear a *realistic* solution to resolve the problem. And to be blunt, I have no solution either.
Got a solution? Shoot it my way, I'll see to it that you're wealthier than the royal family in spades.
I'll settle for three million dollars. One to work for me, one to be riskier invested, one to be "safely" invested.
I'll not expect a realistic reply. :/
Re: No ACs Allowed - Adverse effect
"I believe that gun sales have gone up since all of the recent anti-gun campaigning."
First, let me introduce myself to you.
I'ma competition shooter, hunter and general enthusiast on things that go bang or even boom.
I'm not a villiage idiot.Indeed, I am far from it, coutesy of the US DoD testing.
I'm known for my utter inability to quit.
If you can't figure it out, you *are* athe village idiot.
As an owner of a full dozen firearms, *I* consider our system of giving harm upon a vilageidiot or insane, erm, insane in the extreme.
I guard our rights fo a level that resembles religion.
But.not being the village idiot, I also recognize that the insane ned not apply for a canon, shotgun, rifle, pistl or even a sharp spoon.
Meanwhile, my firearms are under lock and key.
And,to be blunt, wonder how my family's right to life is secondary to my family's right to *life* and enjoyment of life.Your "defending" your defending your life is interesting, as it opposes our very right to live, Or, more improtantly, why your right exceds the right of my family to survive your random gunfire.
Please excuseme if I ama bit of in laguage.
My spacebar is FUBAR, it's late and I'm massicely insulted by my "peers".
"Peers" who wish to join me as a peer. Nothing of which they've submitted wouldleet them wash my dirty socks,
I've served. I've losts damned good friends.
The moron brigade lost nothing more than a few keystrokes.
I'l respect them a *little* when I can visit my buddy, who was burned, literealy in halfin a veritcal measure.
Our mutual friends shreded.
Until then, he can wash my dirty underpants. The dirtiness is secondary do previous wounds, which the VA budget prohibits, scondary to theloses of the teat tard.
Hmm, thought of tea tard, saw what is real and left teat tard.
As for nuclear arms, they're of the nature of using a hand grenade to defend your home.
It'll be effective, but the home isn't wirthy of living in.
Re: No ACs Allowed
Well, I'll suggest national interests, then suggest this:
The problem isn't achievening critical mass, but that of one retaining supercritical mass.
This is accomplished by-------, with _____________ with a secondary method of ************.
Do you *honestly* desire that blanked information being available for one and all?
I most certainlydo not.
There are also embarassing matters, such as the UK convincing a US president to overthrow a democratic government, to which we now, for some inconsiderable reason, have problems...
Add in information sources that would end up dead, if their information to become public, erm, it *should* be a no-brainer.
But then, it *is* a democracy.
If you can figure it out, clue me in. I have no clue, but do know those, erm, solutions and more.
It's both that simple *and* that complex.
Hanged if I can figure it out. I can only mange to vote for someone I don't consider the village idiot.
May *your* mileage fare better.
Re: In the words
Well, to judge from my own experience as a US DoD IA contractor, the contract isn't at risk due to underperofmance.
I've watched that one firsthand, with a one billion dollar recovery for one incident and a classified cost for the month later recurrance.
Said company was *awarded*, based upon the response to the monster they created by their non-compliance with US DoD standards.
Now, as a victim, I'd usually minimize the impact in a press release.
But, the impact was a pitiful 800 megs or so. In an age where terabytes are normally sent astray.
Knowing information systems rather intimately and, erm, knowing something about guided missile systems, 800 megs would give them some fuel formuae and general construction data only and more likely, granted access to laundry and food consumption data as well.
Leaving them at best, fuel formua data and sparse information on anything *really* of import.
But then, I've dealt with compromises, *real* data and know what file size files actually are for designs.
So, it's most likely that the data compromized was chow hall consumption and sparse unclassified data that is of little import.
Re: Where did it all go wrong?
It was all a gambit in the Cold War.
We got there first. Things cooled in space, didn't cool Earthside.
Reagan came along and his advisors dreamed up Star Wars. Not as a national defense, but as a money drain on the Soviet economy reflecting our efforts.
Then, Bush the Elder found we needed a service economy. In an economy gearded toward the Reagan professional.
The rest is attempting to achieve third world status.
For, the well educated populace is impossible to control. The ill educated populace, triviial to control.
As for paranoia, I learned about OBL back in 1982.
Do you *still* want to play and attract *more* NSA attention?
Well, shove your asshat northward.
I long knew this and more.
I watched the lunar landing live.
I remember Apollo 13 as clearly as I recall JFK being shot in the head, both of which I watched live.
I also watched the US decline as the USSR declined, then work hard toward achieiving third world status.
Something I *never* enlisted to achieve.
So, sod off, sonny.
Lest I become far less polite.
Re: sign of times ?
By your standard, Columbus would've been better served with a bottle and a letter.
Still, the US is a faded giant, lacking an enemy that offers more challenging interests.
The US *only* went to the moon because the Russians put a rover there that did *extremely* well. Facing some nonsensical lunar base military force that did not exist, paranoia forced the US to put men into an aluminum can about as stern as a beer can and shoot them at the moon.
Then trumpet it a bunch of times until the populace found a trip to the next town more interesting, as they didn't comprehend the danger of the lunar excusursion.
In short, it was all cold war bravado.
Something I tired of after losing a few friends in various events that "never happened".
Re: Chinese chest puffing?
Actually, I'd give *real* money to see it happen.
It'd jog the US off of its "successful" ass of mediocracy and into innovation again.
For, now, we're awaiting the barbarians at the gates to rescue us.
Re: Not Complete non-news
Well, when I was in my teens, I recall some newsworthy event in 1976. Some bicentenial thing about colonists being revolting or something.
I also recall 52 birthday celebrations, OK, 51. Can't recall my first birthday, my earliest memories are from when I was around 18 months old.
Then, there was that Edison anniversary.
Various and sundry other celebrations on technology and I'll not even go into our national worship of things warfare.
The latter being somewhat special to me, as I'm a retired veteran, but really don't find warfare worthy of celebrating, only its end.
Re: Complete non-news
Erm, dude, I was gone from 2005 to 2010 from the US and a bit preoccupied with some war thing and rather strong men trying to kill me and my teams.
But, I recall seeing more than a few stories on just this subject, both before I deployed and since I returned.
So, I'll suggest that either you failed to pay attention due to life events or you choose a better news outlet for your information.
I tend to use CNN, Al Jazeera and BBC for general information. I have a handful of special interests that also include other foreign news sources, but they're outside of this context.
OK, reality check here
In my first three minutes of research, upon learning of this recent hole in the ground, I learned some interesting facts.
First, it's a near-permafrost area. Near, not permafrost.
Second, it's an area with a decent amount of water in the ground and soil.
Third, the area is lousy with natural gas.
Fourth, the area is lousy with shallow methane deposits from decompsition.
Add point three and four together, as natural gas and methane are pretty much the same thing (there's some very modest differences, but it's in dilutant gasses for the most part, isotopes being the larger part).
What one geologist suggested seems likely.
A methane bubble formed long ago. Ice and water did their thing, melting ice freed its "cap" and let it vent as a big bubble of fart gas from hell.
The rest is "mystery".
There's no hint of conflgration. There's no hint of detonation. There's less than no hint of impact, vaporization, photon torpedoes, phasers, disruptors or anything else mythical.
Only earth tossed about by modest pressure and nothing heated/burned.
Re: the Age of Miracles & Wonders
If it's all the same to you, I'll pass on the flying cars.
People can't drive them on the ground, I'd hate to see what a crash in mid-air would bring raining down on my roof.
Re: Why am I not surprised by this?
" But I wonder, if they intercept a 13 year old's sexy pic, will someone charge them with child porn?"
Actually, yes. The NSA is part of the US DoD and hence, has anyone viewing, trading or collecting child porn arrested and charged for the crime.
Re: Congratulations to the Chinese for ...
You're not much of an IA type.
The baseline configurations were DISA issued, via the gold disk. They most certainly were not NSA issued.
The NSA likely had input, but so did NIST and JTF-GNO.
Re: No attack necessary
OPM is for government employees, military and contractors.
Heh, same here.
Though, it's long been a dream of mine to meet Buzz and tell him happily, "Buzz, you most certainly did *not* walk on the moon! You shuffled, you hopped, you fell on your, well, everything save the top of your helmet. What you did *not* do was walk.
That is something reserved for much nearer one G or a bit more (much more ends up a different shuffle).
I suspect I'd not get punched, but receive a rueful chuckle.
For, indeed, it *is* the truth.
Walking isn't an option under lunar gravity from someone born, raised and *very* recently still living under one G.
And something I learned from NASA lunar archives that were suppressed for decades. The Lunar Follies, where astronauts were spending more time falling than walking. The shuffle being the worst for causing falls, due to unseen rocks beneath the regolith dust.
In a way, our unenlightened OP was correct.
Evolution is far from slow at times, positively glacial at others.
It all depends upon major changes creating pressures and vacancies in an ecological niche.
Consider the humble domestic turkey. A creature evolved by man, which we proclaim as breeding, to its desired proportions of what we can purchase at market today. In a remarkably short amount of time in *human lifetime years*, that bird was bred from the wild version that is a far, far cry from that domestic bird.
How much harsher a taskmaster is nature itself?
"You can make a diode out of a piece of coal and a wire."
Forgot about that one, did remember POW's using a razor blade and a wire for a diode for a radio.
Years ago I considered gathering and rectifying stray currents from mains current usage. Right until I calculated the wavelength.
Of course, today, our environment is so much richer in frequencies and "lost" signals of a much more easily utilized wavelength.
Re: No cloud is still the best option
Why, you're absolutely right!
Why, in 2008, the US DoD networks were able to ignore cloud attacks.
By actioning other vulnerabilities to over one billion dollars on first response, the second response (due to your thinking pattern) was classified, but more.
In the civilian world, the cost ends up confidential, but an onus enough to bear significant expenditures in protecting.
Under your candle, everything will be compromised, hence isn't worthy of protection.
The *reality* is, one monitors, then proceeds on a value based computation of a plan.
Rather than jump into a bear trap, leaping for some rabbit.
Or be Target II...
Re: "terrorism-related investigations"
"IOW the other 500million+ US citizens being spied on 24/7"
So, somehow the US acquired 200 million additional citizens this week, huh?
Learn about what you're going to go on about, you'll look a lot less foolish when you comment.
Re: Goal Defines Intelligence?
With a modest amount of respect, terrorists are not idiots.
Indeed, based upon direct, personal experience, many are quite bright.
But then, I've spoken with some during questioning or after my teams captured them.
It's the body bomber that isn't very bright, in a way, but over average intelligence. The reason is that one cannot get a moron to conduct any attack that would likely end his or her life. That is something studied by multiple governments, as no sane nation would enjoy sacrificing their brightest, rather than sacrificing their dullest.
The planner, manager and supervisor types *are* quite bright, otherwise they'd have been captured.
Re: If the police state
Because, people lost the capability to speak in person and write down notes. Right?
Re: Oh dear
Well, gamma ray or particle moving at relativistic velocity.
One determines which is which by the amount of energy in the signature.
"...The idea is to conserve battery by allowing a phone to connect to known Wi-Fi networks even while in sleep mode, since Wi-Fi uses less power than the mobile data radio."
First, that is a well known *feature*, not a bug.
Second, only the most seriously mentally challenged cannot Google the result to turn off the "offending" service.
I did it a while ago, as it annoyed me that wifi kept trying to connect and worse, successfully drained the battery more quickly.
A patent does not equal a product.
The capability is present, hence, Apple patents it and can then generate income from those who would, on good faith, create a product that did perform as this patent suggests.
Re: dot and slash
"...could be hijacked by hackers abusing a hard-coded vuln that allows them to inject arbitrary commands into shell scripts executed by high-privilege users."
Erm, compromise the high-privilege user, own the system anyway. Be it a user with ill will or a user managing to have a malware product installed.
The simple truth is, anyone with high-privilege access essentially owns the system at worst, the entire network at more worst. Hence, the story is nonsense fluff that warns about excessive privilege granting.
In short, something that *should* and largely is, industry standard.
Re: Damn - now I need to go off-grid as well
Gotta go with you on psyops, but I suspect it's more innocuous, a factor of poor understanding of what is required to track *global* power fluctuations in manpower alone.
It'd be annoying to just track London, bewildering to track New York city. Incomprehensibly man hours horrific globally. Even for remote monitors to send data on grid fluctuations in a particular area (which would be, by necessity small, due to ground current differentials and assorted other phenomena.
So, I'll go with an ill informed (sparse are those truly informed on the subject) correspondent reporting on "well, I don't know, it *might* be possible".
Hell, with the saturation level required, we'd have a massive payoff in monitoring wind, temperature and humidity and get 100% forecast accuracy.
Re: Is one of the experiments...
"Mind you, they taste so awful that actually they'll probably find that there is some medicinal quality to them!"
Strange, I have heard the very same thing said of Marmite.
Re: How about using a magnestrictive or piezo substrate...
I was thinking of that initially.
Then, I started thinking of standing waves acting as waveguides...
"...but at only one-thirtieth of the original intensity."
Reminds me of early germanium transistors.
"However it was later determined that using a laser to blind a human violated the Geneva convention..."
Wrong convention. It is the Protocol on Blinding Laser Weapons, which is protocol IV of the Convention on Certain Conventional Weapons.
That said, if one had a laser with enough power to kill, that would not be prohibited. Only blinding is prohibited.
Don't blame me, I didn't write or ratify the conventions. :/
- Analysis iPhone 6: The final straw for Android makers eaten alive by the data parasite?
- TOR users become FBI's No.1 hacking target after legal power grab
- Vid Reg bloke zips through an iPHONE 6 queue from ZERO to 60 SECONDS
- Anal-ysis Buying memory in the iPhone 6: Like wiping your bottom with dollar bills
- Bacon-related medical breakthrough wins Ig Nobel prize