* Posts by Aodhhan

357 posts • joined 25 Apr 2008

Page:

Orland-whoa! Chap cops to masterminding $100m Microsoft piracy racket

Aodhhan

Re: Go big, or go home.

It's unfortunate you have tunnel vision.

There are a lot of smaller companies who will lose a large amount of money because of this. These companies may have to lay off people or keep from hiring new individuals. Let's hope your employer or the employer of someone you care about isn't one of them.

0
0

CCleaner targeted top tech companies in attempt to lift IP

Aodhhan

Re: I still don't understand how this happened

Good grief... where are the InfoSec professionals?

Stop being so lazy. You should at least be able to understand how to work a search engine to find out the details of what happened; without going, "Duh... I don't get it".

This was an attack on the supply chain. You may want to learn a lot more about these types of attacks. They aren't new. In fact, supply chain attacks on computers have been going on since the late 60s, and really took off during the 80s.

Image what you can do if you, as a hacker, can gain control of a third party download server which provides new applications as well as updates/upgrades. For instance, you can add your own malicious packages to the applications and libraries being downloaded. Very stealthy, and the consumer presses the "OKAY" button to let it run with system (or similar) permissions. The attack becomes even more deadly, because it's a well known and trusted application.

...get it yet?

There are many third party download server services available (for hire) which aren't owned or controlled by the actual software vendor. If you've downloaded an application from the Internet, it's very likely you've used one.

1
2

IT fraudster facing four years' bird time for $10k blackmail

Aodhhan

Re: Why did he do it though? Pure dicketry?

I agree with you...

Typical with reporters today... they provide a half-ass story because they're too lazy or too ignorant to do a bit of research in order to come up with questions and ensure all are answered.

A business doesn't hire a contractor unless the contractors has an excellent work history. So there must have been something which triggered this individuals dark sided motivation to maliciously attack his client's network.

However, no matter what this company did to him, it doesn't justify his actions. There are a lot of other things he could have done without putting his own freedom at risk.

0
0

Equifax's disastrous Struts patching blunder: THOUSANDS of other orgs did it too

Aodhhan

What a sad state of mind

Equifax has shown us there are plenty of executives in charge of technical operations who have no business being in these positions. Looking through the LinkedIn Resumes and Equifax web site information on their technical executives tells me the executive board is made from the 'good ole boy' network.

In addition to the CIO and security officer retiring, why isn't the CTO along with risk management and auditing executives cleaning out their desks? They failed to realize the importance of proper security policies and procedures. They also were a part of not understanding the threats facing their systems. Then there is the CEO... whose chief responsibility is to protect shareholders; obviously failed to do his job and should step down as well.

I've heard so many excuses when it comes to patching over the years. It takes an experienced and knowledgeable InfoSec professional to inform executives of the risks facing their systems. When the risk of a vulnerability is a 7+; along with the exploit score of 10 and can be EASILY executed remotely.. this is a huge red flag where the CIO must convince everyone the patching must be done immediately. Inside 48 hours. If other responsible executives do not get this... then they don't have the background to be in their position.

It will be interesting to finally see the entire InfoSec structure along with the experience and technical expertise of their personnel. Not to mention their policies and procedures in place to audit the established security policies; not just for patch management, but for all operations.

5
0

Equifax's IT leaders 'retire' as company says it knew about the bug that brought it down

Aodhhan

Re: admin/admin

Sure you have a lot of educated idiots with tech degrees when it comes to InfoSec, but you have a lot more when they don't have this background.

What we are beginning to see, is the lack of experience and practice in more disciplines than just InfoSec who are responsible for this breach.

For example, where was auditing, compliance, risk management and operations? These aren't InfoSec disciplines, these are straight up management disciplines designed to ensure everyone is doing whatever their job is effectively.

For this reason, it isn't just the tech bosses like the CIO who should step down. The top officers responsible for auditing, compliance, risk and operations should also step down.

The CEO should also step down, as his/her primary role is to protect the stock holders. Obviously this wasn't done, and he continues to fail in this regard.

6
0

Equifax mega-breach: Security bod flags header config conflict

Aodhhan

IT IS NOT DIFFICULT TO SET HEADERS.

Many header settings can be done by properly configuring the web server.

For instance, to set up "Content-security-policy" on an Apache server you can configure this via the .htaccess configuration file.

It is true many web sites don't properly configure their sites when it comes to headers. It's a matter of paying attention to detail and using all the available defense in depth techniques to make things more difficult for malicious hackers.

The Qualys site is good for ensuring encryption protocols and cipher suites; as well as certificate validation. Again, as a matter of attention to detail, you need to understand the limitations of your tools along with their purpose.

This is a good lesson to all InfoSec professionals. When there is a trend showing you aren't paying attention to detail... you will be nitpicked and harshly criticized; thus damaging your reputation further. This will continue to go on. Wait until all the discovery information comes out about Equifax's network, along with the training and knowledge of their InfoSec staff. The criticism has only just begun.

0
0

Crackas With Attitude troll gets five years in prison for harassment

Aodhhan

Re: American justice in action

First.. it was his choice to break the law.

Second... If he threatened you and your wife and kids, I bet you'd want him to spend a long time in a small box.

Third... The majority of crimes are non-violent.

Fourth... HE ACCEPTED A PLEA DEAL.

Fifth.. sure, go to another country and compare it to the US legal system. Ignorance isn't bliss in this case.

Sixth.. Don't like the USA, don't go. Hundreds of millions of people manage to live/visit the USA without having to deal with the justice system.. why you ask? Because they aren't criminals; g-grief.

Seven... Well, we can keep people in jail indefinitely. If you're worried about their employment. All honesty though, In the USA there are a lot of jobs for those who have served time in prison. It's a matter of the ex-con to take advantage of them.

Have you ever sat back and imagined what life would be like if we didn't punish non-violent offenders?

Unless you're a genius and/or well educated... it's likely you'd be taken advantage of quite a bit. Yeah, thanks for your credit card and other things stolen from your house while you're at work.

1
1
Aodhhan

Re: So being a dumbshit ...

Threatening someone isn't "harassment".

I doubt you'd be incline to think differently, if he sent you texts threatening you and your family. Blackmail exposure, etc.

No, appeals court will not have a field day with this... because HE ACCEPTED A PLEA DEAL.

Apparently there is a reading comprehension problem.

0
0

Apache Foundation rebuffs allegation it allowed Equifax attack

Aodhhan

Re: @Sane ...

Are you an Equifax InfoSec employee? You're definitely not a cypher-Sherlock.

Doing what you suggest doesn't protect a database breach. Just because you freeze your information, doesn't mean the database automatically erases all the information stored there.

It also doesn't protect the way access is gained to this database by other DBs, systems, employees, etc.

I think you're reading the wrong books there, Nancy Drew.

2
1
Aodhhan

Equifax... I recommend

...purchasing Hilary's book where she blames everyone but herself.

She too suffered a security breach by not following best practices... believing she was beyond all of this and only worrying about the bottom line.

She managed to get by without any charges or loss of money. Perhaps you can learn from her!

1
0
Aodhhan

Corporate Greed

Using an open source version of Apache was Equifax's choice.

What will most InfoSec professionals tell you about using open source when it comes to IA or IA-enabled software? Simple: DON'T Accept the RISK.

I'm willing to bet an InfoSec professional somewhere at Equifax provided this warning. Management Ignored it.

Or... Equifax decided to not hire InfoSec professionals with experience and training in penetration testing and/or software development testing. Because the open source item would have been addressed as a risk; especially where a web application uses/relies on security (for login and credential protection at a minimum).

Either way, Equifax is negligent. It's not Apache's fault; this rests square on Equifax's shoulders.

Credit organizations have more information on us than most people know. For instance: properties purchased/sold, vehicles purchased/sold, credit/debit card use history (location, amount, etc.), marriage(s)/divorce(s) information, organizational memberships, registered to vote and where you've voted history, where and type of hotel rooms you've used, on and on and on. It's a treasure trove of information for Intel and LE agencies to grab on you.

Credit agencies have had us all by the left nut for a long time, and more of them pop up each year... it's time we use this to reign them back a bit, and set an example to corporate greed executives who think they have a better money maker than a casino.

1
1
Aodhhan

Re: And here comes the thunder...

Whew. ok

0
0

Surprising nobody, lawyers line up to sue the crap out of Equifax

Aodhhan

Time to get CONTROL of credit agencies a.k.a For Profit Intel Organizations

It's about time we all wake up and start getting on our local and federal legislatures to reign in credit agencies. It seems every other month a new credit agency pops up. Why not.. it's HUGE business.

If you're worried about the typical PII items being released... this is nothing.

Consider everything a credit agency knows and collects about you, your family and lifestyle trends.. under the guise they use it to determine risk. This isn't information for the past 1-5 years, this is lifetime:

- Properties purchased, location, and type (2 bedroom, 3 bath, 2100 sq feet etc).

- Vehicles purchased, make, model, year etc. They can also interpolate your average mileage per year.

- Organizations you belong to.

- Donations, amount, etc.

- Hobbies

- Registered to vote, elections participated in

- Income, investments (type, to whom, active/passive, 401K, etc.)

- Insurance coverage, what you cover, specialty items covered

- Nearly every single monetary transaction monitored, classified into various things; i.e. from where, location, etc.

- Tax information

- Employment information

- Household expenses, gas/electric/heat bills... etc.

----On and on and on. These databases know you better than your mother, best friend and spouse.

With all of this, they can interpolate many of your lifestyle and professional choices and to what degree.

This isn't just a credit company... it's a FOR PROFIT INTELLIGENCE ORGANIZATION.

With all of this information, they sell it to those who gather it all in and sell it to businesses.

Places such as: InfoGroup, InfoUSA, YesMail, etc. Sell this information for big bucks and nearly every Fortune 500 company subscribes to MANY of these (not just one) for direct marketing and other overt/covert corporate greed schemes. It can also be used against you in court or by organizations like Scientology to discredit or publicly humiliate.

0
0

Everybody without Android Oreo vulnerable to overlay attack

This post has been deleted by a moderator

42: The answer to life, the universe and how many Cisco products have Struts bugs

Aodhhan

Seriously

This is a common occurrence on this site.

Someone trying to get cute with 'flashy' bi-lines or oversell and article so they become stupidly liberal with it; or are just too ignorant to understand and too lazy to do a bit of research before writing.

This is why it's best to go to reference (if they provide one) or do a search to find someone who does understand the story and puts some time into writing it.

1
0

Red panic: Best Buy yanks Kaspersky antivirus from shelves

Aodhhan
WTF?

Ignorance isn't bliss

A liberal who knows the Russian system very well and loved today by millions of Russians, whose name is Garry Kasparov can let you in on some of the things you likely believe is fine when you defend the Russian government.

Free speech - Does not exist in Russia

Freedom to assemble - Does not exist in Russia

Free and fair elections - Does not exist in Russia

You get the idea... so many values the west holds close doesn't exist at all in Russia.

What does exist in Russia?

Government thievery--when you have a great idea (unless you're already wealthy or part of the system), the government will take your idea, give it to one of their buddies... kick you in the balls and send you to work in a factory to tighten bolts.

Poverty--Most Russian families still do not live in nice homes with yards.

Like your car? Likely wouldn't have one in Russia. If you did, it would have all the features of a cheap Volkswagen.

Widespread dissent. Despite what most people are lead to believe... Putin isn't regarded highly by the working class.

So MI5 and FBI are spying on their own citizens... I have yet to hear a story where they are tossing people in Jail or taking away money and someone's livelihood because they spoke poorly of Nancy Pelosi or Chuck Schumer.

1
1

Wonder why Congress doesn't clamp down on its gung-ho spies? Well, wonder no more

Aodhhan

Re: My "representatives"* are Pelosi & Feinstein

These sort of intel operations are funded through an entirely different part of Title X (ten) where Congress can't really interfere with it. They set this up by law a very long time ago; and explaining it is a long and boring ordeal.

The problem isn't with the operational laws or funding... they are fine. The problem is the accountability of officials who misuse/abuse the information. There needs to be strict roles and responsibilities along with black/white consequences.

0
0
Aodhhan

Re: Constant war turns public opinion against democracy

Another leftist who doesn't understand the definition of democracy.

If the people want to allow something, no matter how odd it is to you...then this is the very definition of democracy.

People in England allow the government to manage and record public action on video. This isn't something against democracy, it's democracy in action. The English feel it provides more security and safety than privacy. They want it... they got it... they allow it. This is Democracy in action. You may not like it; you may think it's crazy. This doesn't change the fact it's still democracy at work.

Tracking/monitoring/recording is a two way thing. It can prove ones guilt, but it can also prove an individual's innocence. We've also learned, people today aren't as embarrassed about their actions as they once were [thank goodness].

I'm betting you don't really understand the definition of fascism either.

0
4
Aodhhan

Re: Shone

Who really fricken cares? If you want to play grammar police, or show off your self-centered egotistical knowledge on something you just googled, please do it somewhere else.

1
1

Dolphins inspire ultrasonic attacks that pwn smartphones, cars and digital assistants

Aodhhan

Guess this explains the long line of dolphins, bats and dogs outside the Apple store.

7
0

Mo' money mo' mobile payments... Security risks? Whatever!

Aodhhan

Working InfoSec for a bank, I'm aware of all the problems.

First... doing banking via a phone app is a lot different than say, using your credit card to buy an item online.

All features must be activated by the customer. Nothing is default "on/open".

Most banking apps have limitations on them. For instance... you can deposit and you can view balances, but you aren't allow to electronically withdraw in most cases.

You can make electronic payments, but only to reputable companies/organizations (your utility companies for instance), but not to individuals. You can opt to some others, such as ebay.

The customer must place limits on transactions; with the default being "0.00".

There are more but you get the picture.

2
0

Remember when Lenovo sold PCs with Superfish adware? It just got a mild scolding from FTC

Aodhhan

Liberal courts

This isn't uncommon for liberal courts to provide light sentences and penalties for acts like this.

There is a reason Microsoft and other tech giants headquarter themselves in states within in the 9th district court's jurisdiction, and then manufacture, develop, etc. in separate states where wages and other costs are lower.

1
0

Give staff privacy at work, Euro human rights court tells bosses

Aodhhan

Re: Which is exactly why it is higher on May priority list

Napoleon's way of law is far different from what is used today. It was an empire not a democracy. Where in the end, no matter how you sliced it the government had no accountability to the people. This also meant the social classes had laws applied differently.

Today, most countries in the west (yes, this includes Europe) use constitutional law where the rights and freedoms of individuals are laid out, as well as the role and responsibilities of government.

All other laws made must past a constitutional test... to ensure they do not go against anything laid out in the constitution. This is a HUGE difference from Napoleon.

This doesn't mean... you can do something as long as there isn't a law forbidding it. In nearly any case where possible damage is done against another, it will bump up against something within the constitution. Where there is questions and arguments... there are courts and juries to decide.

Right now... EU has legal arguments all over since each country has a constitution (which precedes the idea of the EU; so it's not written with it in mind -- and the amendments with EU in mind for the most part... are hideous) and now there is a EU constitution of sorts (again hideous to get all on board). Because of this, in all reality, each country has lost a lot of identity when it comes to the courts. Because as you have seen... a group of legal scholars in Belgium or France decides what's best without understanding an individual's culture, or what the people really want in a particular area. It's also costly for people to work within it.

1
1

Malware writer offers free trojan to hackers ... with one small drawback

Aodhhan

Once again... more examples showing why script kiddies and lazy people will never rule the world.

1
0

China's cybersecurity law grants government 'unprecedented' control over foreign tech

Aodhhan

The west

The citizens in the western hemisphere are so focused on greed and political agendas, nobody cares Russia and China sits back while we fight amongst ourselves. They don't even have to bend over to pick up the pieces from our internal scuffles... we do it for them, handing them piece after piece with a smile.

We've killed manufacturing in the west, because we'd rather pay a little bit less; without worrying about the quality of the product... or the loss of our own local economies.

21
1

ARM’s embedded TLS library fixes man-in-the-middle fiddle

Aodhhan

Re: CERT Number and disclosure ?

18 months ago by the NSA.

1
1

CyberRehab's mission? To clean up the internet, one ASN block at a time

Aodhhan

Fine...

Just don't ask us to pay for it.

There are certain laws in math which hold true... and there are certain security engineering laws which hold true. One being, more security equals less flexibility and slower throughput. You can alleviate it somewhat by spending copious amount of money, but this is the big question; whose paying for it?

Then there is the fact, you're doing the same thing as China and North Korea. Shutting down availability and only letting in what YOU want.

Stop trying to save people from being stupid. It's everyone's civil right to do so.

Just like all far left wingers... you think you're way will save the world, make everything better and safer.

4
8

Patchy PCI compliance putting consumer credit card data at risk

Aodhhan

Re: The report can be downloaded here

So don't put your real information in there. Good grief.

It's true, half the people you encounter are below average intelligence.

3
2

Best Korea fingered for hacks against Bitcoin exchanges in South

Aodhhan

Re: Next step: drop their routes?

I'd rather have a leader with ego, deep balls and isn't afraid of action; rather than a wuss sitting back drawing lines and ignoring the weak / poor. I'd also rather be a citizen of the USA, than a citizen of a country who expects the USA to pay for the majority of everything as well as bail the country out during a crisis... again and again.

It's easy to be critical and cynical. You speak of others and their political narrative. Did you ever sit back and reread what you write; noticing how political your narrative is?

3
25

Two million customer records pillaged in IT souk CeX hack attack

Aodhhan

Re: Stupid Is As Stupid Does

Yet your country has far more breaches per capita. Likely due to the lower educational standards of the public system.

0
4

Crowdfunding scheme hopes to pay legal fees for Marcus Hutchins

Aodhhan

First - Hutchins can be represented without having to pay anything at all.

--- A high profile grand jury indictment means the public defender would likely seek out a private lawyer for pro-bono representation

--- A high profile case where the evidence against the accused is questionable typically has lawyers jumping out trees to represent them. Here, the key is... the evidence has to be weak. In this case... it's not. The evidence is seemingly strong against him.

If all you can do is raise $15K for a case like this... you're only going to afford one lawyer, likely without a huge amount of experience to find ways to win on technicalities. This also doesn't afford specialized assistance or pay for good expert testimony. You might as well take a lawyer assigned by the public defender, where they pick up the tab and must ensure a competent defense for the accused.

A decent lawyer costs around $800 to $1500 per hour. You only want your lawyer working 5 to 6 hours on your case... when at least 5-10 hours of this will be time in the courtroom.

Based on the evidence in this case... assume he's going to be found guilty and will need to file for an appeal (in which case, you REALLY need to have a good lawyer, not to mention pick up the FULL tab), you better attempt to raise in excess of $150K. Look closer to $300K.

1
8

DJI strips out code badness, reveals some GPL odds 'n sods

Aodhhan

Don't compare drones with RC aircraft. There are huge differences in the capabilities and utility between RC aircraft and quadra-copter drones:

First, the controllability is very different -- even in the most stable conditions.

Second, is utility. Drones carry much more weight.

Third is another utility item... you don't have to put a lot of thought into weight and balance with a drone. With an RC aircraft, you can't just pack it anywhere with explosives or it will be uncontrollable, and even if you do manage to keep the center of gravity correct you will not be able to put much explosive on it.

I can mention at least 4-5 other items (software, automation, etc.) but you get the point.

3
10

Chinese chap collared, charged over massive US Office of Personnel Management hack

Aodhhan

Please don't comment again. You're obviously off your meds.

0
2
Aodhhan

If you're guilty of a computer crime then by all means you shouldn't come to the USA.

If you skip it just because you're ignorant and don't have the intelligence to really figure out the whole story.. it's okay too.

These conferences are already crowded enough.

0
2
Aodhhan

Re: He's not the only one that needs jailing

I agree. However, the Obama administration never held anyone accountable for poor management. Especially if they are the ones who appointed the person to sit in the position.

0
1
Aodhhan

Re: Why stop here?

Let me explain this at the 9 year old level so you can understand it...

He wrote the malware with the intent of causing harm. This malware has no use, other than to cause harm to others. Furthermore, he knew once he turned it over to someone else what it was going to be used for. This means he's an accomplice in every sense of the word.

Now, go back to your slinky.

0
2

Uncle Sam outlines evidence against British security whiz Hutchins

Aodhhan

His 6th amendment rights weren't violated.

In this case, Hutchins was given his Miranda Rights and he decided to answer questions without a lawyer present. All legal. It's also legal to use his answers in court, as long as he was provided Miranda. Again, he chose to answer questions without his lawyer present.

He wasn't questioned for 24 straight hours. He was never under duress. Good grief, do you dream this crap up? If this was the case, the US media would be all over it because he would be screaming about it.

He can refuse to answer any questions and end questioning at any time so he can consult a lawyer.

He's being afforded a quick and speedy trial; however, Hutchins' lawyer asked for a 60 day continuance. He will have a jury in court and only has to convince one of them he is not guilty.

In court, he has every opportunity to call witnesses. It's likely his attorney will ask for more time in order to gather them.

...so I don't want people yelling about Hutchins not being afforded a speedy trial, when it's his lawyer who will likely draw it out.

0
5
Aodhhan

Re: The land of the Free

So liberty in your country means criminals can legally break into homes to steal property or otherwise cause financial harm to people? Wait 10 minutes and you'll understand just why you aren't very clever.

0
5
Aodhhan

Re: Jus' thinkin'

I'm willing to bet you'd be pissed if someone broke into your house and damaged a lot of your things. I'll even go out on the limb here, and think you'd want this person thrown in jail. Maybe have 10 minutes alone with him in a room to show his nose the bottom of your shoe with a bit of force?

Even the fact there are many criminals out there, all using tools and knowledge gained from other people. You may even want to go after those who knowingly purchased the goods stolen from your house.

Just a guess tho.

0
5
Aodhhan

Re: Pride cometh....

I'm willing to bet your country prosecutes the same way the USA does.

If a crime is committed by a gang in the UK, but the master mind and recruiter of the crime never left his home country of BangGangAstan... you think this master mind can't be extradited to the UK to charged and tried?

I already know the answer to this... YES HE CAN. Same answer for nearly all western countries.

You can still violate the laws of another country if the victim is in another country. You can also be tried on similar charges in the country you are physically located for the same crime without being protected by double-jeopardy laws.

This is seen a lot involving the crimes with the black market, drugs, etc. ...and more so now with computer crimes.

0
3
Aodhhan

The Constitution of the US and each individual state applies to anyone who is in the United States (and respective state), not just citizens. Even those in the US illegally are afforded the same constitutional rights and due process.

At any time Hutchins could have ended questioning.

Given the evidence provided so far, it's likely he was originally held because there was evidence provided from multiple sources which provides contrary information to the answers Hutchins provided. Lying during questioning isn't a good thing.

I'm also betting, that even in the country you live in, statements made without an attorney present can be used as evidence in court.

I love the ignorance about Guantanamo. First of all, Guantanamo is legally a sovereign part of Cuba. The USA is leasing the land there. Also, you would be quite wrong if you think the respective intelligence agency of most NATO countries don't have a location outside their own country to detain/question [whatever] foreigners/terrorists. You think all the individuals being held on terror plots which have halted before the act by MI5 within the UK are sitting in British jails? LOL

3
6
Aodhhan

Re: It seems odd

If he provided statements without counsel it's because he agreed to do so after his Miranda Rights were provided to him. He has the power at any time to end questioning/interview.

You making the statement over and over and screaming how he answered questions without representation is a lot like saying a bank robber didn't have representation when he went into the bank and committed a crime; so there is no way he is guilty. Yeeesh.

This method of questioning is allowed in most western countries (without representation) with answers/statements to be used as evidence in court.

Instead of degrading the justice system, you might want to at least know the basic 101 facts.

It's seems you didn't read the court documents displaying evidence provided so far during the discovery process, because there is A LOT more evidence than just interview answers. Such as business statements, and evidence from a 3rd party arrest. Not to mention there is still more to come from multiple sources.

Given the evidence provided so far, it's likely the prosecutor asked him a lot of questions he already knew the truthful answers to. If Hutchins lied on a lot of these questions it obviously will not be favorable for him.

Because the arrest warrant was issued after a grand jury investigation and not just a normal police investigation... along with the fact there are multiple sources pointing to the defendant in this case... you may want to rethink your off the cuff, uneducated and ignorant arguments and thoughts.

You may also want to take note, the British Foreign Secretary isn't making any outcry about this situation. This in no way proves Hutchins is guilty at this point, but his innocence isn't a sure thing either.

0
8

GTFO of there! Security researchers turn against HTTP public key pinning

Aodhhan

Re: Still think DNSSEC gives us the better solution here...

You realize you're speaking of DANE. It doesn't exactly run with HTTPS; more specifically it works with the TLS protocol.

However there are some problems using this method on the client side of operations since most application APIs aren't coded to handle this method of adding security to TLS.

0
1

Banking trojan-slingers slip past Google Play's malware defences

Aodhhan

Re: Why ?

Are you new to information security or do you just like to judge people?

No matter how much you build something and make it idiot proof; someone finds a way to build a stronger idiot. Welcome to InfoSec.

0
1

WikiLeaks a 'hostile intelligence service', SS7 spying, Russian money laundering – all now on US Congress todo list

Aodhhan

Do you realize...

President Obama considered WikiLeaks a non-state intel service. Especially since the majority of the leaks came during his time in office. Can't blame the man for this.

- Honestly, I think those who use WikiLeaks to dump information without identifying themselves are a bunch of wusses. If you believe so strongly, that leaking information is in the best interest of the people, then stand up and make your case in court. You only have to convince 1 person you're the one who is right. Just be prepared to have every bit of your life (good and bad) leaked. Turn-about is fair play.

- If Snowden would come back and do this... and win, then he'd be considered a hero. Otherwise, he's just a wuss who needs others to fight his battle.

0
12

Disbanding your security team may not be an entirely dumb idea

Aodhhan

Tom Scholtz is just trying to profit

This guy has been around for at least 5 years doing this and saying whatever he needs to in order to build a following; or should I say a congregation of the ignorant.

Another person taking advantage of presenting "cost cutting" seminars and webinars for profit.

In my view he's no different than a crooked TV evangelist or a phishing author.

5 years ago he was speaking about the need of InfoSec and putting the people at the center of security. Because at the time, this was the popular sermon to preach. Now, it's businesses looking for ways to save money so he's preaching a different verse. Just go back through the last 5-6 years of his messages and you'll see what I mean.

Where Tom fails on with this latest story is leaving out the victims... both organizational and customers.

What should be properly preached is how InfoSec is helpful and good for business; stop looking at security as a cost saver or some preventative measure like a simple padlock.

Implementing security properly into the SDLC along with proper risk management is good business and a HELPFUL means of deploying technology. Not a restrictive means of deploying risk management. Look at security as a marketing and investment tool... not a barrier to customers.

Tom, try filling your pockets by teaching these aspects of InfoSec and you just might garner respect from the InfoSec community as well as business. It's Tom who is being a barrier to InfoSec, customers and organizations. All to fill a bank account.

1
1

US Navy suffers third ship collision this year

Aodhhan

This is what happens

...when training and exercise funds are cut, along with people being promoted ahead of others because they suck up to the same thinking.

Thank you Obama, your dereliction of duty as commander-in-chief has cost more lives.

It will take the DoD around 3-6 years to recover from 8 years of neglect.

1
8

Lottery-hacking sysadmin's unlucky number comes up: 25 years in the slammer

Aodhhan

Re: No code review??

Read the article and/or become a lot more familiar with how computers work.

He installed a ROOTKIT. It doesn't matter how good the application code review is, if you go after the RND generator on the OS.

This is why script kiddies will never rule the world.

3
0

Don't panic, Chicago, but an AWS S3 config blunder exposed 1.8 million voter records

Aodhhan

Yes yes we know...

most of the information is easy enough to get; however, you're missing the point.

Don't believe for a second its only name, address and age. There are other items, such as political party, when you voted, possibly items of interest to you, etc.

Not to mention the fact the work is already done... and possibly with your name on it!!

Then, if you're truly a InfoSec professional and not trying to spin this favorably for the democrat's in Chicago (which is likely the case in many posts)... you'd understand it's another database breach via AWS; once again... there is a failure in information security policy; oh yes... and another failure to protect private information by an organization primarily run and manned by democrats.

Hah... I'm an independent politically so I had to say this last bit.

0
0
Aodhhan

Re: It's Chicago - they all voted for Hilllary

...you forgot to say, they all voted for Hillary "twice".

HA!

4
0

Page:

Forums

Biting the hand that feeds IT © 1998–2017