* Posts by EJ

152 posts • joined 9 Jul 2007

Page:

Drive-by web nasty unmasks Tor Browser users, Mozilla dashes to patch zero-day vuln

EJ

NoScript FF add-on

It's a wonderful thing.

0
0

Bletchley Park Trust vows to shore up insecure website

EJ

Dead now?

Is it just me or has someone set fire to the site and it's just a smoking pile of ruins?

0
0

Oh no, software has bugs, we need antivirus. Oh no, bug-squasher has bugs, we need ...

EJ

*Yawn*

OK, I bit and threw my privacy to the wind in order to read the 3 page report. I saw nothing of real concern here, unless you're heavy into IBM software or a PAN OS user.

0
0

Half-ton handbuilt CPU heads to Centre for Computing History

EJ

Should be the basis for Dom Joly's mobile device when he next films an episode of Trigger Happy TV.

0
0

Poison .JPG spreading ransomware through Facebook Messenger

EJ

"Checkpoint"...

Any relationship to Check Point, the firewall security company?

0
0

Phishing tackle ships data catch to net sharks

EJ

Just more justification for ad blocking tool usage.

0
0

WordPress auto-update server had flaw allowing anyone to add anything to websites worldwide

EJ
WTF?

Re: Welcome to the future. It's not safe.

Last I knew, WordPress is free software, so this 'rich corporate bastards' take is probably not very hot.

1
0

It's time: Patch Network Time Protocol before it loses track of time

EJ

Link for PoC is 404

The link for the PoC code is fubar'ed - the URL appears to have been doubled.

0
0

178 arrested in pan-European money mule crackdown

EJ

Re: Cops 178, Criminals 0

I hear ya: we need more drone strikes.

2
0

Some! at! Yahoo! knew! about! mega-breach! as! early! as! 2014!

EJ

*typing...*

https://www.google.com/search?q=best%20alternatives%20to%20yahoo%20email&ie=utf-8&oe=utf-8&safe=active

0
0

Computer glitches force US election poll stations to stay open for longer

EJ

Unaccountable? Yes. Illegal? No. Let's see how fast either side moves to close that loophole once and for all. Hint: not fast.

0
1

Survey finds 75% of security execs believe they are INVINCIBLE

EJ

For the 3 of us who haven't seen Goldeneye yet...

Thanks for the spoiler alert.

0
0

Smell burning? Samsung’s 'Death Note 7' could still cause a contagion

EJ
Go

In a perfect world...

... there'd exist a video where a dude riding a hoverboard while using his Note 7 has both catch on fire at once. That needs to happen.

1
0

FCC death vote looms for the Golden Age of American TV

EJ

And... the FCC voted to delay the vote.

http://www.nytimes.com/2016/09/30/technology/fcc-cable-box-vote-delayed.html

0
0

Dev teaches bot to talk spammers' ears off

EJ

Loved the response from Pratik D in his thread: "why are you sending spam emails?" Lol - oh, the irony...

2
0

Two-speed Android update risk: Mobes face months-long wait

EJ

It's my understanding you have 2 points of failure in this issue: the handset manufacturers and the wireless carriers. Example: even if Samsung releases something for your phone, you're still beholden to Verizon Wireless to release their version of that patch.

Google sold their soul in order to try to catch and dampen Apple's momentum in the market, and now that eagerness is stifling the ability to secure an Android.

0
0

Ex-Citibank IT bloke wiped bank's core routers, will now spend 21 months in the clink

EJ

IT Suicide Bomber

Nothing better justifies the judgment of management in firing/sanctioning an employee than when said employee turns around and pulls a stunt like this in response.

0
0

36 idiots running SAP under attack after flubbing 2010 patch

EJ

Having done battle with patching in an enterprise environment for years, it's very understandable why this would have been missed. My security team is always ready to demand patching ASAP, but the admins and customer support are always on about "up time", "reliability & availability", "regression testing", and other non-sensical terms. Enough with the hand wringing... Just patch the damn stuff and let God sort it out, I tell them.

3
0

Infosec freeloaders not welcome as malware silo VirusTotal gets tough

EJ

So... who are these freeloaders touting "patternless" next-gen AV vendors? Let's name names...

Ahh - I guess Reuters did: www.reuters.com/article/us-cybersecurity-sharing-virustotal-anal-idUSKCN0XY0R4

0
0

Linux infosec outfit does a Torvalds, rageblocks innocent vuln spotter

EJ

A ringing endorsement of the firm's professionalism. About the same for the researcher.

14
1

Linux-fight! Dev's plan to bundle kernel patches sparks debate

EJ

Remember the days when we believed Linux and open source were the paths to security? Oh, we were so full of hope back then...

1
0

Facebook tells Viz to f**k right off

EJ

https://www.facebook.com/papa.bungard

This page is immune to complaints made to Facebook...

0
0

Obama govt proposes 33% hike in cyber-security spending

EJ

$5B? Pfftt... that's like 28 F-35 fighters.

3
0

Samsung sued over 'lackadaisical' Android security updates

EJ

USA wants in on this

In fact, I'm surprised we haven't already tried this. BTW - it's an open and shut case as Samsung is crap with regards to Android patching.

0
0

Windows for Warships? Not on our new aircraft carriers, says MoD

EJ

US Navy & Windows

Back in 2000 I had the chance to tour the USS Hue City when it was docked in Boston Harbor, as part of a special millenial Tall Ships weekend. We eventually headed down to the "war room" on the ship. This place was really impressive to me because of all the computer equipment. It was equally exciting to see Microsoft Windows NT logon screens on several monitors (I had read an article in Computerworld that the Navy was going to use NT on missile cruisers, and we had made several jokes about re-booting in the middle of a battle and dealing with blue screens when things were going hot and heavy). At the Vanguard Security Expo later that year, Bill Murray (of IBM & Deloitte & Touche fame, not the actor), a recognized national expert in secure computing issues, had stated during a presentation that he would leave the country if the military ever began to rely on Microsoft technology for anything of a strategic nature. I could hardly contain my excitement to point out I'd already seen it in use on a US Navy ship. "God help us..." is all he could mutter to the audience.

3
0

VirusTotal invites Apple fans to play in updated Mac malware sandpit

EJ

At least the clean up is simple

I've been helping a friend get some malware/adware off her Mac. The one positive I can add here is that clean up has been pretty easy compared to the Windows side of things.

3
0

ProtonMail pays ransom to end web tsunami – still gets washed offline

EJ
Facepalm

So fail

Paying crims didn't solve the problem? Wow - who could have anticipated that?

4
0

Russian hacker, nabbed in Spain, cops 4+ years for Citadel botnet

EJ

Re: "who was arrested by US law enforcement partners"

As an American citizen, I'd be worried that Mother Russia will attempt to put a few American citizens under her skirt in retaliation.

1
3

Robo-car wars: Delphi's near crash, prang, wallop with Google DENIED!

EJ

I'd tend to believe the exec who was actually in the car rather than Delphi, who has something to lose if the story is true. Then again, if Brian WIlliams, formerly of NBC, was in either car, then I'm probably back to believing Delphi.

0
1

Man sparks controversy, fined $120 for enjoying wristjob while driving

EJ

What an idiot

His "life" of enjoying his toy does not trump someone's right to hold onto their life rather than die because he can't keep his eyes focused on the road. I would like to see those convicted of texting while driving or other e-distractions be charged with attempted manslaughter, as that is what they are doing, they are knowingly putting others at great risk due to their inattention. At the very least, it should result in license suspensions of significant time.

28
3

Chrome version 42 will pour your Java coffee down the drain: Plugin blocked by default

EJ

Great.

Now how about Flash Player?

0
0

VirusTotal wants YOU (but not you) to join its epic AV whitelist

EJ

Hmm... that's a tough one. How would Google, the handler of VirusTotal, deal with Chrome, another Google product.

Would Google act in their own best interests? I'm stumped...

0
0

Bitcoin, Litecoin, cash, watches seized from alleged software pirates

EJ

Re: What exactly

So MS sells them for $70, and the pirates sell for $30. MS then sells for $30, and the pirates drop to $10.

Not a winning strategy, but I agree that at some price point some portion of people are going to be willing to pay for the security of having a genuine MS product rather than a questionable purchase. The problem remains with the folks who are always going to want to pay as little as they can get away with.

0
0

Phishers, scammers pile into worried Anthem customers in FRAUD FRENZY

EJ

Before California gets too high and mighty here, I just had a buddy purchase a Cisco ASA firewall on eBay cheap. He turns it on and finds it has a configuration already in place. Turns out it is from the California Department of Parks & Recreation. No wipe, and the thing was on their network as recently as October 2014. Shining example of security awareness right there.

1
0

Secret Service on alert after drone CRASHES into White House

EJ

Re: How much C4

There was a story of an American microbrewery that was using a drone to deliver 12 packs? of beer to ice fishermen in the Great Lakes region, but the plug was pulled on it once the FAA heard about it. http://abcnews.go.com/US/faa-slaps-drone-beer-delivery-service-ice-fishermen/story?id=22314625

How much C4 equals the weight of a 12 pack of beer?

0
0
EJ

Re: Pull!

I believe El Reg had an article on how the thought of shooting down a drone easily was a fallacy, at least with rifles/shotguns. It was a topic brought up in the hysteria cloud of Amazon's drone package delivery daydream.

0
0

POS malware crooks hack IP cams to validate targets

EJ

Re: Browser clock?

I seed my PC with some random Mali family's photos and set the default Windows OS to Swedish to throw people off my trail.

2
0

JPMorgan Chase mega-hack was a simple two-factor auth fail

EJ
Windows

"industry-standard security practice "

Really? TFA for servers is like a unicorn: I've heard of it, and seen some illustrations of it, but I've never come across it in real life.

Do I really work in a bubble?

0
0

Sony sued by ex-staff over daft security, leaked privates

EJ

These NORK idiots just made it my patriotic duty to go see this movie, when in fact I had no intention to do so. Thanks a lot, Un!

16
6

It's BLOCK FRIDAY: Britain in GREED-crazed bargain bonanza mob frenzy riot MELTDOWN

EJ

@ Dave Bell

What could be more American than being anti-public transportation?

On behalf of my country, let me apologize for this whole Black Friday nonsense. Many in the States are sickened by the behaviors it causes. Personally I take great pride in not even stepping foot out the door on most Black Fridays (my government agency has the day off), but this year I was dragged out to help my mother-in-law purchase a new vehicle. The Big Three auto manufacturers here decided to jump on the Black Friday bandwagon, and were offering supposed discounts and specials. Ford was offering a $1000 Amazon gift card with any new car purchase, but of course the dolts here don't conclude that it would be far simpler to just have Ford take that amount off the purchase price of the car in the first place. Like the Amazon gift card magically appears out of nowhere...

GM was offering 20% off leftover 2014 models, which according to a buddy who works for a GM dealership, was a great deal if you could find a leftover that fit your needs. Thus, I agreed to go help negotiate.

0
0

Verizon Wireless token tracker triggers tech transparency tempest

EJ

As a VZW customer, let me comment on the ending statement from VZW...

Bullsh#t.

2
0

Facebook doubles ad-hacking bounty

EJ

Sort of off the topic but...

Can anyone provide some background on the origins of the image that accompanies these stories about FB, of the woman with the FB logo painted on her face? Just wondering where this scene came from. It appears El Reg may have added the FB logo from what I can gather from TinEye. I've tried to track down info using Google and haven't had much success.

0
0

Forget passwords, let's use SELFIES, says Obama's cyber tsar

EJ

Where was this?

I saw this guy speak at a security conference in Albany NY this summer. He was as exciting and dynamic as moss. Might have punched things up a bit if he took the opportunity to mention this idea during his 25 minutes snoozefest on stage.

0
0

VirusTotal mess means YOU TOO can track Comment Crew!

EJ

Well, there's goes our plan to develop Stuxnet II...

- NSA

0
0

Webmin hole allows attackers to wipe servers clean

EJ

There's no way this can be reported correctly as there is no trail back to Microsoft being the root cause of the problem.

0
0

Show Mother Russia you love her: Click HERE and AHHH NYET!

EJ

Heads up to my Russian co-workers here in the States...

Although having discussed their viewpoints on the Ukraine situation, it's probably too late to save them.

0
0

Know what Ferguson city needs right now? It's not Anonymous doxing random people

EJ

So apparently the brains of Anonymous have been scooped up in previous raids, leaving just the tech dregs to carry on the work. Time to close shop or hire new talent.

1
0

Seedy hacker steals 1300 Monsanto client and staff records

EJ

So the takeaway is that GMO wheat should be showing up on Chinese dinner plates in the near future. Got it.

0
0

Cisco's Chambers to Obama: Stop fiddling with our routers

EJ

Comical

People complain to the POTUS like he actually has some control over the apparatus at this point. It's so cute.

3
1

Goodbye, Mr Dong: Samsung Galaxy S5 boss disappears through trapdoor

EJ

Improve physical ruggedness or ease glass repair, Mr. Lee

I actually think Samsung is onto something with the focus on physical robustness. The ability to claim to be 'water resistant' is compelling to me. Next up should be innovation improving the ability of the display to withstand drops, or at least allow a cheap and easy way to repair it. Both of those are on most folks' wish lists. Allow me to uninstall the Samsung bloatware and I'm ecstatic.

1
0

Page:

Forums