* Posts by gollux

388 posts • joined 11 Sep 2007

Page:

Google can't hold back this malware running riot in its Play store

gollux
Mushroom

Intensely good news!!!

I've been told to quit whining about the lack of OS updates on the Samsung and HP abandonware that I stupidly bought because even though the last OS upgrade was a year and a half ago, I only had to worry if I had enabled downloading apps from anywhere else but the Google Store. Google Knows Best, serves out the very thing I was told by various Android FanBois that I didn't have to worry about as long as I didn't install from untrusted sources or root my tablet.

7
1

Net scum lock ancient Androids, force users to buy iTunes gift cards

gollux
Joke

Re: How Ancient?

Smash it with a hammer, silly. Isn't that what everyone does? After all, you should be buying one a year to keep the OEM in the black.

0
0
gollux
Mushroom

Users can still copy their files from infected devices before entering recovery mode and flashing a clean - and preferably updated - still vulnerable Android operating system because your major manufacturer never bothered with those silly updates.

0
0

FBI ends second iPhone fight after someone, um, 'remembers' the PIN

gollux

They didn't like the looks of that legal "wrench" being swung around. Their lawyer had a little discussion about "plea bargain" and "good behavior" and the reality of accepting lesser charges.

0
0

Exploit kit writers turn away from Java, go all-in on Adobe Flash

gollux
Mushroom

It's time for a change...

start looking for HTML5 vulnerabilities, our cash cows, Java and Flash are being taken away from us.

Oh, and Apple's still recommending Quicktime installation despite the somewhat nebulous security warning from them about their abandonware.

Respectfully,

Grott E. Hacker

3
0

Idiot millennials are saving credit card PINs on their mobile phones

gollux
Mushroom

Welcome to the new millenium...

It's time to join PETE...

People eating tasty Eloi

1
0

US-CERT advice says kill Quicktime for Windows, quickly

gollux

Re: Next

As soon as Stooge Software, err, ahem, Sage stops pushing it for their Visual Workflows tripe.

Their SOP install for their Sage 100 product leaves the central server wide open for ransomware takedown. You'd think that Client Server meant that the client wouldn't run with enough rights on the server to directly access and modify files, oh, who am I kidding. Every workstation on the network should automatically have read/write access to the data table files, 'cause, you know, Crystal Reports... even though it's only server processes on the server that actually modify the files.

0
0
gollux

Is Crapple still trying to get you to reinstall Quacktime 7.7.9 when you run Apple Update?

They announce it's abandonware and are still pushing it, must not like Windows users.

2
0

Swedish air controllers debunk cyber attack disruption theory

gollux

World War III will begin with various nations ramping up their weaponry to include all sorts of hypersonic warhead delivery systems, advanced cruise missiles and cyberwarfare initiatives.

The trigger will be a 10 thousand year solar event and an itchy, ill-educated button finger recently removed from scratching a well-fed upper class behind.

3
2

Symantec cloud portal goes titsup after database crash

gollux

Re: Root Cause identified...

Oh, you mean that awesome computer performance enhancement tool? We used it company-wide in our Windows XP days to revitalize our network and get an extra year out of the workstations so we could afford our Windows 7 roll-out. Good to know it has other world improving uses!

0
0
gollux

Welcome to the cloud...

You have just hit an embedded thunderstorm. Expect to simultaneously hit updrafts, downdrafts, softball sized hail, intense rain, icing conditions and the possibility of tornado force winds.

Hope your business survives the experience.

5
0

Websites take control of USB devices: Googlers propose WebUSB API

gollux

More stuff...

to help the "Internet of Stuff" help you get stuffed.

18
0

WordPress pushes free default SSL for hosted sites

gollux
Mushroom

At least you can be safely and privately infected when you visit WordPress sites now.

7
2

Read America's insane draft crypto-borking law that no one's willing to admit they wrote

gollux

require companies to either build a backdoor into their encryption systems or use an encryption method that can be broken by a third party

And by federal mandate, all federal, state and municipal entities, law enforcement military and intelligence and any other unspecified government entity must use said encryption systems and methods.

No governmental, commercial entity or person is above the law.

1
0

Adobe preps emergency Flash patch for bug hackers are exploiting

gollux
Mushroom

Open Cesspit's...

back in the news, try the new flush system invented by John Crapper, it has much improved handling of internet detritus, uses that newfangled HTML5 stuff.

5
1

Android gets larger-than-usual patch bundle as researchers get to work

gollux
Mushroom

Hooray!

Never has so much effort been put forth for so little return... It's wonderful if your Android device provider is keeping things current, for everyone else, not so much.

1
0

'Devastating' bug pops secure doors at airports, hospitals

gollux
Mushroom

More cool news...

From the Internet of Sh!t

1
0

Hacker reveals $40 attack that steals police drones from 2km away

gollux

Bwa ha ha

How precious... For want of a little security, you could 5 finger discount your own professional level drone.

0
0

Patch Java now, says Oracle. Leave the Easter chocolate until later

gollux
Mushroom

Thank goodness the only installation of Java I have runs on a VirtualBox VM used for the single purpose task of router management. It's been a pleasure stomping it out and not having to worry about the panicked upgrade cycle on the network for about a year now.

Adoobie Trash, Murdersloth SliverBlight been exorcised as well. Sigh...

11
2

Hackers giving up on crypto ransomware. Now they just lock up device, hope you pay

gollux

Welcome to the TOR crime locker.

0
0

Cloud security harder than 'encrypt everything'

gollux

<quote>“So you decided to encrypt the giant database at rest – but you have automated queries coming in from other systems, all day."

“All those other systems have copies of the keys – you have copies of the keys all over the place. It's hardly any different to the data not being encrypted.”</quote>

Heh, the same argument as used against backdoors. All those keys sitting around just waiting to be extracted and exploited.

2
0

Apple stuns world with Donald Trump iPhone

gollux
Joke

Re: Good phone makers start to recognize there's a market for 4" devices...

Smaller, less foldable phones is a good idea. Also makes it more impressive when they shoot 8" flames. Nothin' lights better than a Ronson...

1
0

Apple engineers rebel, refuse to work on iOS amid FBI iPhone battle

gollux

Re: How unAmerican ...

Next time around, please put a joke alert on. While a good portion of Apples software engineering and hardware R&D might be done in the US, I'd like to see a list of who builds iPhones in the US. It's got to be a pretty short to non-existent list...

Also, last I heard, Taiwan hasn't been taken over by Mainland China yet... and that's where Foxconn is based so we have a mix of their Mainland China locations that are Communists waiting to be rebranded as Extreme Communists and Taiwanese who will laugh at you...

5
3

HTTPS is not enough: Boffins fingerprint user environments without cracking crypto

gollux

One of those...

This is a "no shit" type of finding. Yes, there is metadata that is used in the establishing of connections and outside of the encrypted connection that can be statistically and directly analyzed to identify the two stations exchanging information. We've known this all along unless we were hiding under a rock.

3
1

'Millions' of Android mobes vulnerable to new Stagefright exploit

gollux

Re: Cyanogenmod time

Better to brick it finding Cyanogenmod won't load than to be running a easily compromised device.

If it bricks, replace it with something supported by Cyanogenmod for that inevitable point in time when the manufacturer quits supplying Android updates.

0
2

Millions menaced as ransomware-smuggling ads pollute top websites

gollux
Mushroom

Re: Not only that...

Yeah, run Privacy Badger to be enlightened. I've seen as many as 200 offsite links being blocked. Give me a break, no wonder your website loads slow and needs lazy loading to help increase the number of attack vectors... No thanks!

13
0

Microsoft stops accepting Bitcoin in Windows Store

gollux
Joke

Dang!

Where are all those ExtortionWare people going to spend their BitCoins now?

Expecting to see more of the kind as BitCoin increasingly is used in extortion payment schemes. It's kind of the "Unmarked Bills" thing like you see in the movies, though I never could figure out if the idiots asking for "Unmarked Bills" could tell if they were marked. I always figured it was one of those Hollywoodisms.

0
0

Go ahead, build better security: it just makes crims try harder

gollux

Re: The French have it right

So, where's this superior French OS so that we may adopt it?

2
0

Flash – aaah-aarrgh! Patch now as hackers exploit fresh holes

gollux

Re: So, which comes first?

Some say the world will end in fire,

Some say in ice.

From what I’ve tasted of desire

I hold with those who favor fire.

But if it had to perish twice,

I think I know enough of hate

To say that for destruction ice

Is also great

And would suffice.

- Robert Frost

So, our local sun going super-nova or the heat death of the universe?

0
1
gollux

Thank you for the amicable divorce...

The sun's nice here in Bermuda, celebrating the 5th anniversary of us parting our ways...

Sorry your portion of the money from the property division has run out, the kids said to say hi, but decline to visit anymore as the flashy lifestyle kept declining every time they visited. For some reason, they don't like staying in pay by the month hotels with those huge flashing ad billboards outside the windows.

Jerry didn't like the time the mugger held a knife to his throat and Vivian says that walking through the discarded syringes and broken bottles is scary. Bobbi just shivers when your name is mentioned, haven't been able to get out of her what happened.

Every so often, I remember the good and fun times, before it went south so badly, miss you then. But then the news reports show me that the right decision was made, I sigh and think to myself, "There but for the Grace of God and Flash Uninstaller (https://fpdownload.macromedia.com/get/flashplayer/current/support/uninstall_flash_player.exe) go I..."

3
1

Google splats more bad Android security bugs with patches your mobe will probably never see

gollux

Re: active customer exploitation

Heh, actually read post on a security forum today about an android RAT that the user had on his phone that had been used to siphon money off his bank account. Am expecting to hear more of these as time goes on as passive goes active.

0
1
gollux
Mushroom

Friends don't let friends...

Buy android devices that aren't being actively supported by cyanogenmod or similar programs.

Best fix for any android device that's unsupported is to smack it with a hammer and never buy from that particular manufacturer ever again.

0
4

Cisco stitches default root creds for switches

gollux

Time for a rename...

Pisco, cause our programmers and security QA are taking one on our clientele.

1
0

Forget data thieves, data sabotage will be your next IT nightmare

gollux

Best thing that could happen to Big Data, a little fiddling here, a little fiddling there, we could develop a lot of Intel that is quite brilliant based on guided misdirection. The sooner this happens, the better. With automation and no real fact checking, a brilliant future is in the offing.

It's why surveys and all the other information collection sent my way get neat little novels written. Help them collect the future you want! Most of them are only asking for that which they want to hear.

1
0

Learn things? DROWN HTTPS flaw proves we don't even test things

gollux

Re: Sorry, what?

The world needs more hackers, if you aren't hacking, you won't know if the SSL Labs approved configuration is safe. Everything that is tested is insecure because the tests are mostly broken or are missing prognostication abilities (not been invented yet).

The people suggesting that testing will fix things don't even have the tests that will prove their premise.

0
0

Awoogah – brown alert: OpenSSL preps 'high severity' security fixes

gollux
Mushroom

Blown away.

Internet Security is based on a house of cards, and one day, somebody's going to open the window...

1
0

The other one. No, not WhatsApp. Telegram. It hit 100 million users

gollux
Mushroom

Everyone should use an app whose encryption programming and implementation is described by cryptography experts "so awful that reading it is like being stabbed in the eye with a fork".

1
0

Browser made by China's top search engine leaks almost everything

gollux
Mushroom

Ooh, as good as anything Comodo has released? Can has security exploit inna box?

5
0

Software, not wetware, now the cause of lousy Volvo drivers

gollux

Re: Pairing

Maybe you just discovered the mysterious cause of the engine stopping and then restarting. Looking forward to future hilarity. Welcome to the IoD...

3
0

Linux Mint hacked: Malware-infected ISOs linked from official site

gollux
Mushroom

Friends don't let friends use WordPress...

17
0

Patch ASAP: Tons of Linux apps can be hijacked by evil DNS servers, man-in-the-middle miscreants

gollux

Re: I'll bet...

All those eyes we've been quoted at us looking over the code have been blind since 2008?

Sorry, another Linux/Android user... Not the purported Wintard.

Who thinks OSS needs to get some better glasses. We need to be doing better than Cisco.

13
6

RSA: Fraud may double as 2017 Oz snap bank transfers cut safety nets

gollux
Mushroom

Time is here to phase out using banks. They aren't there to protect your assets. They aren't there to pay interest for holding your money. They're increasingly irrelevant so many ways.

So, what's the option? Tungsten mattress vaults?

1
0

Idiot e-tailers falling for fake patch that exploits year-old Magento hole

gollux

Securi blog post here on the topic. Ouch

https://blog.sucuri.net/2016/02/fake-supee-5344-patch-steals-payment-details.html

@author Magento Core Team <core@magentocommerce.com>

0
0

Trane thermostat is a hot spot for viruses on home networks

gollux

It was the only way to stop my chattering teeth as some hacker set my home on Penguin defaults...

0
0
gollux
Mushroom

Sooooweeeeet!!!

First the heat goes up, then the AC goes down,

Circulate the air all around.

Give us a natural gas flare

to help us singe our hair.

Then a pilot light flame out,

Who managed to mess up the thermocouple safety with that weird test function?

Whoops, there goes the house skyward taking us to perdition...

BOOOOM!

6
0

If you're one of millions using Magento – stop whatever you're doing and patch now

gollux

Re: Magento does not properly validate this email

Myhandler, No, I don't think that's ok, and Passive Smoking's post illustrates exactly the reason why.

Now step back to SUPEE-5344 where a similar trick could be used to directly inject Admin accounts into the Admin user database with full administrative access. The patch was released in February but not really announced besides just having a download link on their website. They got in a dead panic about announcing the need to patch somewhere in April because the people who found it decided to publish. Man that was a three ring circus...

0
0
gollux

Re: I'd like to point out...

You making fun of Broken Perl? I have some broken Pointers I can pass your way.

0
0
gollux

Re: Magento does not properly validate this email

The validation happens clientside in Javascript. You can't get the exploit samples to pass unless you shut it off.

0
0
gollux

Re: seen this before

Magento does the reverse. Store anything, sanitize the output for proper application.

With proper use of parameterized queries, the XKCD joke never works, no input sanitization needed.

I'm kind of a belt and suspenders type guy and like the idea of taking junk out both coming and going, however; I've had it proved several times as to how input santization can totally fail.

I think security has to do with that defense in depth thing.

1
0

For fsck's SAKKE: GCHQ-built phone voice encryption has massive backdoor – researcher

gollux

Cure for that...

Exploit it hard and exploit it often, make everything intercepted public.

That way the playing field can be level instead of only of use for governmental and industrial espionage.

2
0

Page:

Forums