Feeds

* Posts by gollux

274 posts • joined 11 Sep 2007

Page:

Attack reveals 81 percent of Tor users but admins call for calm

gollux

OMG, I'm all TORn up, my TORnography habit may be exposed...

Nice to know there's always an end run around this stuff. Get them to come in flocks, identify and flag the paranoid as some of them might be criminal... Sounds like a honeytrap to me.

0
0

The ULTIMATE CRUELTY: Sandworm uses PowerPoint against Swiss bank customers

gollux

Death by Powerpoint - heh, hehheh, hehh...

From all of us who've dealt with zombification by bullet point slide and an uninspired reader of said slides who purports to be giving an informational presentation.

'Bout time.

0
0

Pay-by-bonk 'glitch' means cards can go kaching-for-crims

gollux

Re: And yet...

Heh, my millwright uncle had no problems with the magstripe technology, he says a day at work around any heavy motors degausses them pretty effectively. His maximum life on card readability was about two weeks once.

We'll have to see how chip & pin and NFC fare under that environment.

0
0

Carders offer malware with the human touch to defeat fraud detection

gollux

Re: My golden rule since my card was cloned at a Texaco petrol station

"The Wife" doesn't seem to mind as she's also "The Better Half" and thinks "The Husband" is reasonably adequate to being a companion.

And what a thread hijack this whole discussion turned into... Worries of cloning Chip&Pin cards (soon to be standard in the US latecomer market as a platinum answer to all our woes) all swept aside in a flurry of pedantic semantics.

"The Better Half" tends to look after the bills and finds the discussion a waste of time as card security worries and dealing with credit card companies eats up real time unlike the gust of hot air and insignificance that has been the topic here.

0
0

Tor exit node mashes malware into downloads

gollux

Re: Never ever trusted TOR enough to use it

Too much stench of the G-Man on it...

0
0

Tor attack nodes RIPPED MASKS off users for 6 MONTHS

gollux

One of the first of many firsts...

Which will be repeated many times in the future.

Your TORnograpy isn't safe, your criminal activity isn't safe, your underground political activity isn't safe, your wish for anonymity isn't safe.

It's becoming increasingly easy to trap the paranoid, spread news that they can be paranoid in total anonymity and they will come sucking at the honeypot in droves.

0
0

MtGox allows users to see a picture of their money, but not have it

gollux

Re: Interesting times ahead

The average Bitcoin user doesn't understand runs on banks and not being able to cover lender's balances... Otherwise no regulation wouldn't be such a "feature".

1
0
gollux

Re: Goon Show moment

To complete that, it would be funny if any attorneys involved were required to take their payment solely in Bitcoin.

0
0

US BACKDOORED our satellites, claim UAE

gollux

Freedom from backdooring

Belongs to them what owns their own aerospace program with launch facilities, their own chip fabbers, electronics manufacturers and satellite manufacturing.

Outsourcing is the first step in losing national security.

0
0

Microsoft, HURTING after NSA backdooring, vows to now harden its pipe

gollux

The world needs more...

hardened pipes...

Free standing towers of data security.

Hardened against backdoor penetration by the NSA et. al.

May the Schwartz be with you!

0
0

Anonymous Indonesia gets it right, attacks Australian government

gollux
Mushroom

Get it on!!!

The A-Nutty-Mess wars against something will pass on to mean pretty much nothing...

Honk if you love Jesus and all that rot.

0
0

AVG, Avira and WhatsApp pwned by hacktivists' DNS hijack

gollux

Re: so far so good

You baggin' on Notwork Pollutions who keeps spamming me to have a free website built to better my business? Yep, they're still highly automated and deaf as they've always been.

1
0

NSA using Firefox flaw to snoop on Tor users

gollux

Re: VMs are your friend

Reduce your threat surface, don't follow the Silk Road.

1
1

It's about time: Java update includes tool for blocking drive-by exploits

gollux

Re: About damm time

The usual confusion, java != javascript

Java is a system where compiled bytecode runs under a runtime environment.

Javascript/VBscript is now merged under ECMAScript and is an interpreted script language.

The Java browser plugin hands off the execution to the Java runtime environment installed on your computer

ECMAScript runs within the browser

2
2

Tor traffic torrent: It ain't the Syrians, it's the BOTS

gollux

State it for what it really is, increased WAGS as to what on earth is happening. Welcome to faith based explanations over increase in traffic on a faith based TORnogrpahy network.

0
1

Boffins confirm quantum crypto can keep a secret

gollux
Mushroom

Re: Great Idea...

Simplicity by Complexity - or it takes another right Charlie to Foxtrot the system.

0
0

NSA: NOBODY could stop Snowden – he was A SYSADMIN

gollux

NSA HAS SERIOUS ISSUES

First thing, lock down sysadmin access to only what's necessary for the sysadmin to do his job. Shouldn't be a global account that has access outside his well define access level and job scope.

This is one reason to not trust the NSA. If he had GOD level status just because he was a puny SysAdmin, how do we know that Putin also doesn't have access... due to high level incompetence and the data leaks this enables.

Or they intentionally wished that the information be leaked so they can build a strawman.

0
0

Beware the ad-punting crapware-laden Firefox, warn infosec bods

gollux

New NSA Security Bundle

Keeps you from being spied on by offering Privoxy and TOR for anonymously accessing your pedobear stash. First proxy/TOR node is your friendly local strongarm looking for marks to extort. Wubba wubba wubba.

0
0

Hey, you know Android apps can 'access ALL' of your Google account?

gollux

But its so darn convenient!

0
0

Terror cops swoop on couple who Googled 'backpacks' and 'pressure cooker'

gollux
Happy

Re: Thank god for the war on Terror

Welcome over for tea, the Spandaus are warmed up, and the Jenny is dead.

0
0

Snowden leak: Microsoft added Outlook.com backdoor for Feds

gollux
Mushroom

In the haystack that is Linux, there is room for many needles to hide.

With all those lines of code, Detective Lecoq would be looking for the rumpled envelope in the letter basket.

3
0

'Chinese' attack sucks secrets from US defence contractor

gollux
Mushroom

Re: Congratualtions

In other words, it may have actually been a partner trying to expedite getting the job done.

Easiest way, hack QinetiQ.

0
0

South Korea data-wipe malware spread by patching system

gollux
Mushroom

Re: what about the ssh keys ? lol

It gets in the way of Agility, Extreme Programming, BYOD and whatever other latest Management Fad that hits the fan.

0
0
gollux
Mushroom

We are truly fortunate...

It is with greatest humility and admiration that we find our patch systems to be highly useful at doing much more than just making our computers run slower and inevitably need to be replaced as they start crashing from the continuous stream of CYA patch code.

Our computers become ever more needful of having multi-core systems with appreciable memory to run security software in the hopes that at least 5% of their processing power be left for doing other mundane activities, usually the tasks for which we purchased them in the first place despite the reality that the systems are probably already secretly compromised despite the 95% devotion of processing power for the prevention thereof.

Let the patches freely flow!

0
0

BIGGEST DDoS ATTACK IN HISTORY hammers Spamhaus

gollux
Mushroom

Re: cyberbunker

And also really useful as a buffing wheel compound for producing a really high polish on metal!

0
0

Oracle trowels more plaster over flawed Java browser plugin

gollux
Mushroom

Re: The process is tiresome

Oracle Sievemaster Sisyphus, just keep rolling that stone!

One day it may stay up there at the top of the hill, somewhere around the heat death of the universe.

0
0

Yet another Java zero-day vuln is being exploited

gollux
Mushroom

Re: Every Android sold

All these Oracle Sievemaster Java fans like to make noise by pointing out that Android phones supposedly run Java applications.

Android uses the Java programming language and the Android API. Java source code is compiled to run on Dalvic. They had the good sense to boot the Java API and Java Virtual Machine to the curb.

1
0

NBC.com HACKED to spread bank account-raiding Trojan

gollux
Mushroom

Re: RedKit Exploit Kit ..

So basically one Adobe PDF Reader vulnerability that was patched two years ago and one Smoking Piece o'Java that was patched last year.

Despite Oracle Slagware being a torture hole of demonic spew, if you'd kept it patched to the latest vulnerable version, you would still have missed out on joining the trojanfest. Nice to know that keeping the patches up had some little use and wasn't totally a Sisyphean task heading towards Pyrrhic Victory.

0
0

Facebook devs HACKED in 'sophisticated' Java zero-day attack

gollux
Mushroom

Re: Zero Day

Based on "Tora, Tora, Tora", involves a lot of Mitsubishi A6Ms swarming your battleship to draw off the fire from the low flying Aichi D3As delivering torpedos for the kill.

0
0

China 'enhances' Great Firewall, teaches it to choke off VPNs

gollux
FAIL

Re: and they want to do business with the rest of the world?!

It works in their interest to transparently proxy your VPN communications for a reason. You only thing you have free access through. They have your lunch.

0
0

Taliban official's email blunder leaks 400+ contacts

gollux
Mushroom

Re: Numpties, you picked the wrong points.

The Immoral Minority wins the election, the Moral Majority is flabbergasted.

Conclusion: Maybe your name is wrong and you're really the Moral Minority

1
0

Samsung turns screws on Apple, hikes A6 processor price 20%

gollux
Mushroom

Running their own fab

Apple has squat for experience creating hardware in a fab.

The first year's production will be up to the quality of Apple Maps.

By the time they get up to speed, they'll be the greying dry dust of history.

1
0

English Defence League website 'defaced, pwned' by hacktivists

gollux
Mushroom

Re: Linux = Insecure.

More likely that Right Wing resistance to learning anything new and to paying enough wages to get someone knowledgeable had set in and they weren't going to pay anyone smart enough to secure the site, no matter what OS and web server the site's being run on.

0
1

Israeli cops penetrated by army of fake generals with trojans

gollux
Mushroom

Re: "The Trojan features Windows 8 compatibility..."

Sweet Metrosexualness and all that... Plays well with others...

0
0

US accused of hypocrisy over cyber warfare

gollux
Mushroom

Re: 'Speak softly and carry a big stick' (Churchill)

And a phrase used long before by TR "Bullmoose" Roosevelt during the era of William Randolph "You provide the pictures and I'll provide the war" Hearst.

0
0
gollux
Mushroom

Re: "Physical Infrastructure" shouldn't be connected to the Internet in the first place.

Heh, since that's the way the Iranians got hit so mightily. Never underestimate the danger of a USB stick.

1
0
gollux
Mushroom

In the words...

Of the greatest president of all time, "Bring it on!"

0
0

Twitter bows to subpoena, releases Occupy protester's tweets

gollux
Mushroom

Yabba Dabba Doo on the loose...

So Bummer Harris prattled on a publicly accessible broadcast medium where anyone archiving the feed could have decided there was incitement and sent it in and we have our knickers in a twist over a Subpoena under duly constituted process of law...

4
0

Mac-based Trojan targets Uyghur activists

gollux
Mushroom

Re: virus vs trojan

Preaching to the choir doesn't take care of the problem

To the common user viruses = all the above, to the common Mac user, Macs don't get viruses, so by continuing this logic, Mac users don't have to worry about any of this silly junk.

I work in a community of Mac, iPad, iPhone users and keep trying to get the word out that Mac Malware exists, but the most literate give me the, "It runs on OS X which is Unix and Unix doesn't get viruses like Windows does". routine which makes them sound smart but makes for an environment ripe for digital ambush of the willfully unwary.

2
0
gollux
Mushroom

Re: Silly

The most vulnerable and exploitable portion of the internet, identified as CVE-0 has been shown to be easily overcome by well crafted attacks. The more over-confident and power-conscious the target, the easier it is to socially stroke it to the point of climax where it spews forth the information the attacker wishes. This is best enabled by an entire forensics surveillance directed at lower level entities taking advantage of their wish to be helpful, to identify CVE-0's contacts within the company, contacts external to the company, captured emails to analyze the writing style of CVE-0's contacts and various outside interests. Identifying communications for events and projects can help prepare CVE-0 for communications that contain desirable attachments which when activated, further root in to produce better information streams to the attacker.

http://isc.sans.org/diary/Managing+CVE-0/10933

0
0
gollux
Mushroom

Re: Seriously?

I got the "Macs don't get viruses" comment as late as last week. Since most of the Mac users I know include all malware as viruses, it's no great reach for them to include clicking on links or running dmg installers.

0
0

'Super-powerful' Flame worm actually boring BLOATWARE

gollux
Mushroom

Re: Why don't you get it already?

Heh, about 1,000 computers in countries that aren't very trusting of Western Technology and afraid already of being spied on? How could it go undetected for very long? Very easily...

If the Iranian government was eating less of the stupid sauce, there'd be normal business relationships between commerce within Iran and the companies that produce anti-malware. There isn't, so you have a breeding ground for this stuff to be sent to.

0
0
gollux
Mushroom

And to keep it all in perspective...

Stuxnet = 2010 Bugatti Veyron

Flame = 1976 Cadillac Fleetwood

Luxury cars both, one lean, fast and tight to the road, built with custom parts

the other huge, soft, padded and drives like a fishing boat on the ocean, built from repriced Chevrolet parts.

0
0

Researchers find backdoor in milspec silicon

gollux
Mushroom

The All New "Flame FPGA"

It knows all, controls all, reports all. Brought to you by Stuxnet's White Box Line.

1
0

Megacorps accuse Chinese fab workers of pilfering designs

gollux
Mushroom

Re: uhuh

Oh, and as a reality check, except for the Toyota Landcruiser whose engine was a copy of a Chevy 235 inline 6, all the engines copied were top-of-the-line European technology. Interestingly enough, they didn't consider US auto technology worth copying.

1
0
gollux
Mushroom

Re: a couple of Chinese proverbs

"What goes round comes round". And they ain't really started yet.

Payback for the Opium Wars and all that God Bothering might be a real bitch...

0
0
gollux
Mushroom

Re: uhuh

The joke on "us" in the long run is that they're the next tech giant. I remember the old jokes about Japanese cars, they were copies (Mazda 626 engine = field repairable BMW 1600, Toyota 4M engine = field repairable Mercedes SOHC inline 6) and if you pulled the panels off the doors, you could read the beer can labels. Note that I said on the engines, that the Japanese copies were field repairable. Having worked on all four engines, it's a really important distinction. Not only were the Japanese copying, but they were modifying and changing to make stuff work better in the real world. You won't necessarily have a full machine shop to do repairs in Central America. So given the choice, the Japanese model could be the better choice in the long run.

From copy and refine to world leader and innovator was a two decade jump and was the brute force necessary to push American car manufacturers out of the 1950's OHV engine technology they were so stuck on. Why buy a lumbering OHV, gas guzzling tuna boat when you could buy a Pentroof DOHC 4 valve per cylinder engine that outperforms in power and fuel economy, an engine three times its displacement.

The Chinese are stepping into the arena of high-tech many decades later, the electronics fabs they use are on the leading edge, why do you think they'll sit around waiting for orders? Might as well put them to work.

Steal, refine and innovate. It's been done in the past, and will be done in the future. If you won't do it yourself, someone else will do it for you. So, ship it overseas and lose it...

0
0

Doh! Sage Pay forgets to renew SSL certificate

gollux
FAIL

Sweet Dreams

Just what I want my customers receiving, the good old "Abandon All Hope Ye Who Enter" page.

0
0

Apple trails behind world+Microsoft in 'Flashback' malware debacle

gollux
Mushroom

Re: @cashxx Apple is going after all servers that is talking to this malware..........

Given their clownshow reaction to a known exploit fixed by Oracle and mostly ignored by them and their stupid "part of the os" Java variant, I nominate Apple to run the TSA and DHS. More hilarity to ensue...

0
0

TSA bars security guru from perv scanner testimony

gollux
Paris Hilton

Empty bottles are highly dangerous...

If you're of the female persuasion, have a young child and are carrying a breast pump, be sure that the bottles you bring with you are filled with milk. You may be required to fill them at the airport in order to bring them along as empty baby bottles may be used to constitute a weapon.

http://articles.nydailynews.com/2012-03-06/news/31129902_1_breast-milk-tsa-worker-tsa-officer

0
0

Page: