* Posts by gollux

406 posts • joined 11 Sep 2007

Page:

You know how that data breach happened? Three words: eBay, hard drives

gollux

Re: Investing

Yeah, that free DBan download kills most budgets, as does just simply folding most 2.5" drives in half and then peeing on them and burying them out in the rose planter.

0
0

Eat my reports! Bart ransomware slips into PCs via .zip'd JavaScript

gollux

Re: UMMMM!

Excepting that this is Javascript which is executed by web browsers and the Windows Script Host...

Sun/Oracle Java doesn't need to be installed on the system for this to operate, it's not Java Byte Code.

Honk if you love Jesus and understand the difference between Java and JavaScript!

15
0

25,000 malware-riddled CCTV cameras form network-crashing botnet

gollux
Pint

Definitely one we'd want to BrExit...

1
0

Medicos could be world's best security bypassers, study finds

gollux
Devil

Yeah, we're secure...

But the patient's dead...

There was this book written in the aftermath of WWII that pretty much details the conflict between reality, policy and management. I'm reminded of it every day...

"Catch 22"

6
0

IRS kills off PINs citing increasing suspicious activity

gollux
Mushroom

Pongs...

That whiff of a stupid number that supposedly is a key to something. Protecting stupid stuff 5 digits at a time... Hey, I have this bridge I can sell you, it's got this number on it.

0
1

Carbonite online backup accounts under password reuse attack

gollux

Totally, absolutely awesome. Steal their backups, hit them with a targeted attack while simultaneously burning their backups to the ground.

0
1

Update your buggy Samsung PC bloatware to plug privilege bug

gollux

Re: Usefulness

crapware is to manufacturer bloatware

as possible low grade fertilizer is to agent orange defoliant.

Often never updated more than once or twice after installation, the best way of handling all that manufacturer junk is to remove it with extreme decontamination level set and hope that there's no residual breakdown poison remaining in your OS.

4
0

You've got a patch, you've got a patch ... almost every Android device has a patch

gollux
Mushroom

Good Luck on that...

Good Luck getting that update from your mainline Android producer, except the majority probably won't be getting it out to you soon. Samsuck earned my eternal do not buy on this.

12
0

TeamViewer: So sorry we blamed you after your PC was hacked

gollux
Mushroom

If you value convenience over security when using Remote Desktop, VNC, TeamViewer, LogMeIn, etc...

They all become Remote Access Trojans.

6
1

Air-gapping SCADA systems won't help you, says man who knows

gollux
Mushroom

More SBO

Increasingly, the "Air Gap" is just another "Security By Obscurity" tactic. If it ain't secure offline, it ain't secure. There's always a way of jumping the "Air Gap", and often, the people working with the system assume that the "Air Gapped" system is automatically secure.

0
0

You've patched that Flash hole, but have the users? Phone's ringing. It's for you

gollux

Nobody knows yet. We hope the browser programmers learned from Flash and have done their job with security as the top priority, but I'd imagine somebody's out there with a fuzzer to see how high, thick and well built the wall is. Give it a couple years and we'll know for sure.

0
0

Smut apps infecting Androids with long-gestation nasties

gollux

Re: "plunder older Android devices through infected porn apps"

Yeah, mainline porn sites kind of want repeat customers.

Non-profit religious sites operate off a wing and a prayer and so security is often done off faith.

1
0

Flash zero day phished phoolish Microsoft Office users

gollux

Re: Why...?

So that school kiddies can attempt to bypass network security rules to play Flash Games. What's it been, about a decade now that this stupidity has been enabled? Was trouble when it began...

1
0

Adobe...sigh...issues critical patch...sigh...for Flash Player zero day

gollux

Re: WTH

Porn sites tend to want to keep their customers so are probably well ahead of the curve on HTML5 adoption, unlike ad agencies, Sage software type graphical interfaces and other companies who think they have a captive audience and therefore don't have to change.

3
0

Hackers' paradise: Outdated Internet Explorer, Flash installs in enterprises

gollux

Re: MS is trying to fix

Heh, like all the Windows versions before it. SSDD...

2
0

Android's security patch quagmire probed by US watchdogs

gollux

Re: Samsung is the worst of the big manus

Yeah, I crossed Samsung off my buy list a couple years ago. Flash but in the end, no go.

3
1
gollux

Funny how you don't have to buy cheap Android equipment either to be caught in the patch quagmire. It's abysmally bad all around. The "business" models my company paid for were promoted for their performance and support and cost a little bit more, but at 18 months were basically unsupported when it came to OS upgrades. And the companies with garbage support can be some of the mainstream types that tout their excellence in all other fields, until it comes down to Android.

5
1

Facebook bungs 10-year-old kid $10k to not 'eliminate' Justin Bieber

gollux
Mushroom

There is no justice

That should have gone up for auction with the highest bidder getting the choice of thumbs up or down and all the money put into some worthy charity. Canadians by now probably would have snapped it up to end the embarrassment and sent it permanently to the eternal bit bin.

1
0

Google can't hold back this malware running riot in its Play store

gollux
Mushroom

Intensely good news!!!

I've been told to quit whining about the lack of OS updates on the Samsung and HP abandonware that I stupidly bought because even though the last OS upgrade was a year and a half ago, I only had to worry if I had enabled downloading apps from anywhere else but the Google Store. Google Knows Best, serves out the very thing I was told by various Android FanBois that I didn't have to worry about as long as I didn't install from untrusted sources or root my tablet.

7
1

Net scum lock ancient Androids, force users to buy iTunes gift cards

gollux
Joke

Re: How Ancient?

Smash it with a hammer, silly. Isn't that what everyone does? After all, you should be buying one a year to keep the OEM in the black.

0
0
gollux
Mushroom

Users can still copy their files from infected devices before entering recovery mode and flashing a clean - and preferably updated - still vulnerable Android operating system because your major manufacturer never bothered with those silly updates.

0
0

FBI ends second iPhone fight after someone, um, 'remembers' the PIN

gollux

They didn't like the looks of that legal "wrench" being swung around. Their lawyer had a little discussion about "plea bargain" and "good behavior" and the reality of accepting lesser charges.

0
0

Exploit kit writers turn away from Java, go all-in on Adobe Flash

gollux
Mushroom

It's time for a change...

start looking for HTML5 vulnerabilities, our cash cows, Java and Flash are being taken away from us.

Oh, and Apple's still recommending Quicktime installation despite the somewhat nebulous security warning from them about their abandonware.

Respectfully,

Grott E. Hacker

3
0

Idiot millennials are saving credit card PINs on their mobile phones

gollux
Mushroom

Welcome to the new millenium...

It's time to join PETE...

People eating tasty Eloi

1
0

US-CERT advice says kill Quicktime for Windows, quickly

gollux

Re: Next

As soon as Stooge Software, err, ahem, Sage stops pushing it for their Visual Workflows tripe.

Their SOP install for their Sage 100 product leaves the central server wide open for ransomware takedown. You'd think that Client Server meant that the client wouldn't run with enough rights on the server to directly access and modify files, oh, who am I kidding. Every workstation on the network should automatically have read/write access to the data table files, 'cause, you know, Crystal Reports... even though it's only server processes on the server that actually modify the files.

0
0
gollux

Is Crapple still trying to get you to reinstall Quacktime 7.7.9 when you run Apple Update?

They announce it's abandonware and are still pushing it, must not like Windows users.

2
0

Swedish air controllers debunk cyber attack disruption theory

gollux

World War III will begin with various nations ramping up their weaponry to include all sorts of hypersonic warhead delivery systems, advanced cruise missiles and cyberwarfare initiatives.

The trigger will be a 10 thousand year solar event and an itchy, ill-educated button finger recently removed from scratching a well-fed upper class behind.

3
2

Symantec cloud portal goes titsup after database crash

gollux

Re: Root Cause identified...

Oh, you mean that awesome computer performance enhancement tool? We used it company-wide in our Windows XP days to revitalize our network and get an extra year out of the workstations so we could afford our Windows 7 roll-out. Good to know it has other world improving uses!

0
0
gollux

Welcome to the cloud...

You have just hit an embedded thunderstorm. Expect to simultaneously hit updrafts, downdrafts, softball sized hail, intense rain, icing conditions and the possibility of tornado force winds.

Hope your business survives the experience.

5
0

Websites take control of USB devices: Googlers propose WebUSB API

gollux

More stuff...

to help the "Internet of Stuff" help you get stuffed.

18
0

WordPress pushes free default SSL for hosted sites

gollux
Mushroom

At least you can be safely and privately infected when you visit WordPress sites now.

7
2

Read America's insane draft crypto-borking law that no one's willing to admit they wrote

gollux

require companies to either build a backdoor into their encryption systems or use an encryption method that can be broken by a third party

And by federal mandate, all federal, state and municipal entities, law enforcement military and intelligence and any other unspecified government entity must use said encryption systems and methods.

No governmental, commercial entity or person is above the law.

1
0

Adobe preps emergency Flash patch for bug hackers are exploiting

gollux
Mushroom

Open Cesspit's...

back in the news, try the new flush system invented by John Crapper, it has much improved handling of internet detritus, uses that newfangled HTML5 stuff.

5
1

Android gets larger-than-usual patch bundle as researchers get to work

gollux
Mushroom

Hooray!

Never has so much effort been put forth for so little return... It's wonderful if your Android device provider is keeping things current, for everyone else, not so much.

1
0

'Devastating' bug pops secure doors at airports, hospitals

gollux
Mushroom

More cool news...

From the Internet of Sh!t

1
0

Hacker reveals $40 attack that steals police drones from 2km away

gollux

Bwa ha ha

How precious... For want of a little security, you could 5 finger discount your own professional level drone.

0
0

Patch Java now, says Oracle. Leave the Easter chocolate until later

gollux
Mushroom

Thank goodness the only installation of Java I have runs on a VirtualBox VM used for the single purpose task of router management. It's been a pleasure stomping it out and not having to worry about the panicked upgrade cycle on the network for about a year now.

Adoobie Trash, Murdersloth SliverBlight been exorcised as well. Sigh...

11
2

Hackers giving up on crypto ransomware. Now they just lock up device, hope you pay

gollux

Welcome to the TOR crime locker.

0
0

Cloud security harder than 'encrypt everything'

gollux

<quote>“So you decided to encrypt the giant database at rest – but you have automated queries coming in from other systems, all day."

“All those other systems have copies of the keys – you have copies of the keys all over the place. It's hardly any different to the data not being encrypted.”</quote>

Heh, the same argument as used against backdoors. All those keys sitting around just waiting to be extracted and exploited.

2
0

Apple stuns world with Donald Trump iPhone

gollux
Joke

Re: Good phone makers start to recognize there's a market for 4" devices...

Smaller, less foldable phones is a good idea. Also makes it more impressive when they shoot 8" flames. Nothin' lights better than a Ronson...

1
0

Apple engineers rebel, refuse to work on iOS amid FBI iPhone battle

gollux

Re: How unAmerican ...

Next time around, please put a joke alert on. While a good portion of Apples software engineering and hardware R&D might be done in the US, I'd like to see a list of who builds iPhones in the US. It's got to be a pretty short to non-existent list...

Also, last I heard, Taiwan hasn't been taken over by Mainland China yet... and that's where Foxconn is based so we have a mix of their Mainland China locations that are Communists waiting to be rebranded as Extreme Communists and Taiwanese who will laugh at you...

5
3

HTTPS is not enough: Boffins fingerprint user environments without cracking crypto

gollux

One of those...

This is a "no shit" type of finding. Yes, there is metadata that is used in the establishing of connections and outside of the encrypted connection that can be statistically and directly analyzed to identify the two stations exchanging information. We've known this all along unless we were hiding under a rock.

3
1

'Millions' of Android mobes vulnerable to new Stagefright exploit

gollux

Re: Cyanogenmod time

Better to brick it finding Cyanogenmod won't load than to be running a easily compromised device.

If it bricks, replace it with something supported by Cyanogenmod for that inevitable point in time when the manufacturer quits supplying Android updates.

0
2

Millions menaced as ransomware-smuggling ads pollute top websites

gollux
Mushroom

Re: Not only that...

Yeah, run Privacy Badger to be enlightened. I've seen as many as 200 offsite links being blocked. Give me a break, no wonder your website loads slow and needs lazy loading to help increase the number of attack vectors... No thanks!

13
0

Microsoft stops accepting Bitcoin in Windows Store

gollux
Joke

Dang!

Where are all those ExtortionWare people going to spend their BitCoins now?

Expecting to see more of the kind as BitCoin increasingly is used in extortion payment schemes. It's kind of the "Unmarked Bills" thing like you see in the movies, though I never could figure out if the idiots asking for "Unmarked Bills" could tell if they were marked. I always figured it was one of those Hollywoodisms.

0
0

Go ahead, build better security: it just makes crims try harder

gollux

Re: The French have it right

So, where's this superior French OS so that we may adopt it?

2
0

Flash – aaah-aarrgh! Patch now as hackers exploit fresh holes

gollux

Re: So, which comes first?

Some say the world will end in fire,

Some say in ice.

From what I’ve tasted of desire

I hold with those who favor fire.

But if it had to perish twice,

I think I know enough of hate

To say that for destruction ice

Is also great

And would suffice.

- Robert Frost

So, our local sun going super-nova or the heat death of the universe?

0
1
gollux

Thank you for the amicable divorce...

The sun's nice here in Bermuda, celebrating the 5th anniversary of us parting our ways...

Sorry your portion of the money from the property division has run out, the kids said to say hi, but decline to visit anymore as the flashy lifestyle kept declining every time they visited. For some reason, they don't like staying in pay by the month hotels with those huge flashing ad billboards outside the windows.

Jerry didn't like the time the mugger held a knife to his throat and Vivian says that walking through the discarded syringes and broken bottles is scary. Bobbi just shivers when your name is mentioned, haven't been able to get out of her what happened.

Every so often, I remember the good and fun times, before it went south so badly, miss you then. But then the news reports show me that the right decision was made, I sigh and think to myself, "There but for the Grace of God and Flash Uninstaller (https://fpdownload.macromedia.com/get/flashplayer/current/support/uninstall_flash_player.exe) go I..."

3
1

Google splats more bad Android security bugs with patches your mobe will probably never see

gollux

Re: active customer exploitation

Heh, actually read post on a security forum today about an android RAT that the user had on his phone that had been used to siphon money off his bank account. Am expecting to hear more of these as time goes on as passive goes active.

0
1
gollux
Mushroom

Friends don't let friends...

Buy android devices that aren't being actively supported by cyanogenmod or similar programs.

Best fix for any android device that's unsupported is to smack it with a hammer and never buy from that particular manufacturer ever again.

0
4

Page:

Forums