Really good and interesting write up
Reminds me of the Wolf of Wall Street book.
89 posts • joined 11 Apr 2007
Reminds me of the Wolf of Wall Street book.
Find a vulnerability on the machine that will allow remote code execution (Scanning with Nessus/OpenVAS whatever floats your boat) and set meterpreter as the payload within Metasploit...Done
Escalate privs if required, dump hashes, have fun.
It doesn't change the problem but it likely increases the scope, the ability to monetise financial information without these kind of forums in a safe way is more difficult.
When it comes to purposefully installing malware it again it removes the requirement to handle the end to end engagement as well as plausible deniability.
I think it's a significant shift.
I'd be really surprised if the weaknesses that are public with the D-Link products are forced on them by government organisations. I suspect occams razor, it's more likely a lack of focus on security.
Why bother forcing someone if there are plenty on table just through incompetence?
Hacking is a pretty broad term these days, many people including social engineering/phishing within hacking.
That or he has been arrested a LOT
I get your point but I think it's over egged. A statement to say they are secure would be meaningless I agree, but that wasn't what was proposed, industry best practice salted and hashed is different from the statement 'they are secure', but it's also a huge improvement on not giving any details in that area.
Recommendations to change if re-used elsewhere would be issued anyway as you point out, why not?
As we know it's all about time and effort to crack rather than it being impossible to break.
Agreed, technologies such as this:
Will help IoT explode.
I think the GDPR will change the priority, the stick is now pretty large.
Application whitelisting seems like a no brainer here. These things must be pretty static so well suited to that kind of control.
Ok replying to a REALLY old thread here but I'm reading up on this in general.
I agree you aren't attacking the AP as such but you would be denying anyone connecting to it, so is it no longer functioning? Are you denying service? Yes, obviously that is the point of the Deauth.
So it is kind of a DoS on equip you don't own but for the greater good...I think it's grey at best.
Yes and no, you could reset and get it but you couldn't read the password and re-use on another site.
Though in this case with MD5 hashing, no salt you can do both ;)
This is changing with things like self service in the UK, we have a greater exposure to the user.
Also these machines don't exist in a network vacuum as such depending on how the network is configured there is exposure here.
With regards to prevention, it seems like a no brainer candidate for application whitelisting.
True there are different motives but the only motive here is money, Stuxnet isn't really comparable it was also low and slow trying to hide itself and the damage it was doing for as long as possible.
It's a profit exercise, as another poster points out sometimes to stop these kind of things as a government you would need to show your hand in terms of tooling and control. It doesn't always mean they couldn't stop the attackers just that it's a balance.
It could be a government but I think it's way less likely than an organised crime group.
Unlikely to be state sponsored generally they are after information and so are low and slow. The last thing a state sponsored attacker would do is raise a flag.
This is classic organised crime, lots of these gangs are moving from drugs into malware because of better margins and less chance of getting caught.
I'm working this space at the moment and enjoying the challenge of securing this approach. It's going to be a new adventure for a lot of folks, more tools and rules/pattern driven and less time to directly interact.
Kudos on the regular reporting of EMET it seems a big undersell on a nice bit of software.
We have been using it for over a year in the enterprise and it's low maintenance and a good layer of additional protection. It doesn't get enough coverage.
I agree with AC, Google don't shove the data they gather in your face.
It's a smart move but at some point a drive for profits will cause Google to play the cards they so carefully gather in a more overt way. I think if/when they overstep the mark people will finally think about the broad amount of data they are gathering and that may drive some competition in the search space again.
I dont get how these creatures are described as 'glowing' but they only glow under UV light...bloody useless! We need the nightlight monkeys and we need them now.
Admittedly they could be useful for working in nightclubs as glowing waiters.
Now this really is good news, not good for the UK though we need to do something similar. Investment is Science will bring serious financial benefits in the future if directly correctly.
It may just be a stunt and short lived re: 29p tracks but I've used amazon a fair bit for MP3s and they have been V. competitively priced with no DRM and high quality.
No DRM and cheap, why would you use iTunes again? I think Apple needed some serious competition to kick them into gear and this might do it.
Regardless of how it happened the facts are Amazon is generally cheaper (albums from £3 songs from 59p) and DRM Free, it doesn't seem a hard choice really.
Fair enough upgrade your old albums on iTunes then buy everything from Amazon from now on ;)
Mmmm flames, I don't own an Xbox but it is more powerful and has a wider range of games. I don't know anyone who has owned a wii for more than 6 months who is still using it.
They get Wii fever and then they get over it. Wow special controllers quirky games big whoop.
Yes it can do PDFs and its not 'late to market' its 'late to this market' been out in the US for longer than the kindle. They previous version has been out for well over a year.
I bought one from the US and its one of my fav gadgets.
Not just in the article:
I assume the article blanking is a joke with reference to the linked PDF as simply copying the text or images in the PDF reveals what is blacked out.
I think the £800 was a joke about a probably property crash... :)
I think thats what the article is saying, the the area used least is generally blank space especially on something as large as the iPhone.
If it constantly puts it in blank space then the deleted files are rarely overwritten until the whole 16GB is used.
They already shoe-horn in images in the normal search results. Anyone remember google being quick and image free once upon a time?
I hate the YouTube vids they shoe-horn in (Who owns YouTube again?) with thumbnails.
But now ads in image search, another fine way to slow down your searching and bloat your bandwidth.
Thanks google for 'improving my experience'
Someone recommend and competitor I wont feel dirty using.
Well I've wasted my time contacting Gordon Brown and Jacqui Smith and my local MP just to see what they will say.
I don't care what classification Cannabis is as long as its done fairly and its well researched and is sound policy. But they go and waste my money getting a report only to ignore it, not good.
To contact GB asking him why he said cannabis is lethal when the lethal dose its 1500 pounds consumed orally click below :)
Google is automated, this was as they said 'An editorial decision' so its very different.
Whether is right or not is another matter.
Why do I have a feeling this is going to be more irritating than useful?
Also what happens when companies forget to renew their domains and the naughty people get hold of them? Can we expect PS3 Targetted malware? or just porn ads on our Blu-Ray discs?
No mention of the *small* business corporation tax rise then?
"While business was pleased to see the main rate cut, there was dismay among smaller firms that the rate they pay would rise from 19% to 22% in 2009"
The PS3 has standard laptop HDs user upgradeable, and accepts USB HDs, who cares what comes as standard?
'The writer is a former professional seafarer...He was also for some of those years an RYA-qualified sailing instructor.'
I dont believe you lewis, upload your certificate :)
Seriously bad company, took them 3 months to delivery my PS3 that was supposed to come with my contract and that was after much hassle.
Why would you keep that brand? oh right Phones4u is mildly more hated, I see.
This is a great idea, we can bomb anyone we want and with a nuke there is no need to find any WMDs as we've blown the enemy's weapons to dust!
I bet Tony wish he thought of that one.
I know many people who have got interested in the wii purely because they have heard about the stock shortages, it creates intrigue and its great marketing.
If you get plenty in stock in early/mid December you gain sales not lose them.
So Coventry is the only city with stock, all my stores locally seem to have it in stock. I thought it was a normal Nintendo 'get it in stock just before Christmas' scam.
Anyone else seem them in stock? or should I be buying them all and flogging on ebay?
Ok it may not be the strangest thing about this story but surely anyone who likes WoW that much is going to already have a copy of the bloody game?
Rioting in the streets please, or at the very least more people donating to no2id.
Glad the No2ID campaign called the pledge in. Also a godsend taking paypal :o)
Maybe they will help look after/limit our data.
This machine is HUGE and ugly, I have to say though my PRS500 (sonys baby) is the best gadget I have ever bought (and thats a lot!)
Eink displays are pretty damn cool I much prefer reading books on my Sony reader than in paperback as its easier to handle I can carry hundreds with me and if you have a small attention span you can flick between any of them instantly.
Personally? Scared shitless. I just think they are not thought of as dangerous and so may end up being used 'routinely'
Also Dan, those are pretty good ideas on making police more accountable.
Nice excuse for a Paris icon at the last minute there! didnt see it coming.
As for the terrorism comments, I have to agree terrorism barely exists in the UK. I'd like to see the statistics I bet more people die from 9 Volt batteries.
It might not make a difference but I dropped them an email and I will avoid traveling with them in future.
A serious lack of common sense is more hazardous to my health than the likelihood of any terrorist attacking me (What are the actual odds of a terrorist attack? I think people have lost their way...)
Yes in answer to the HD questions I've upgraded my PS3 to 160 Gb and it doesnt invalidate warranty in fact they have made it really easy to do.
Joe you yankie lover, those conversions are very favourable considering the current exchange rate! :)
Isn't their tag line -Internet prices to take home today?
Biting the hand that feeds IT © 1998–2017