* Posts by Aodhhan

425 posts • joined 25 Apr 2008

Page:

Intel finds critical holes in secret Management Engine hidden in tons of desktop, server chipsets

Aodhhan
Bronze badge

Settle...

When it comes down to it, this is an injection attack via web services.

Something us penetration testers see all the time. Fuzz the web application to grab information, and then craft or intercept/edit HTML packets from information we gather.

Don't over think the problem and develop conspiracy theories about this. I doubt the NSA or anyone else purposely coded in weak routines which can be exploited in many of the applications I've tested in the past year with similar vulnerabilities.

This is just a common problem which needs to be addressed through better coding practices and better testing.

Don't be too rough on developers. You'd be amazed at the turn over rate at some companies. This means you have new developers getting placed into large development projects which have been alive for years. Pretty soon, nobody is an expert on the entire mess of coded inhumanity.

0
3

Some 'security people are f*cking morons' says Linus Torvalds

Aodhhan
Bronze badge

Security has become a buzzword for non security groups.

Linus.. first off, stop acting like you ran out of valium. Though I do get the emotion pointed towards certain developer factories.

Security people don't care if you call it a bug, *uck up, mistake, etc. No matter what, it's a vulnerability which must be weighed and mitigated. Getting hung up on nomenclature is parochial and should be beyond any developer or engineer's list of important things to consider.

Just because someone who has a long developer background or a degree in computer science and becomes a member of a security team, doesn't make them a true security person. He's still a developer or theorist who looks at things entirely different than an engineer who specializes in security.

A true security engineer doesn't give a rats @** how you fix the bug, mistake, *uck up, etc. as long as the resulting vulnerability is fixed and can no longer be exploited.

One last thing... when it comes to 'how it should be handled'. Don't forget... users (this includes some admins) are the true idiots. No matter how you develop something to become idiot proof... somebody somewhere will create a better idiot. So allowing 'buggy' processes to run, with the design of having the 'user' make the decision/choice of how to handle things, is actually worse than being an idiot.

0
9

DNS resolver 9.9.9.9 will check requests against IBM threat database

Aodhhan
Bronze badge

Re: Smut Blocker

OpenDNS is a service worth considering; however, if you read their terms of service (Paragraph 8 - User Data), you will see Cisco is collecting data on you. They don't stipulate any particular data... which means it can be anything, such as: behavior, habits and trends.

It doesn't matter which ISP's DNS you use, you're going to notice their terms of service include a section(s) on user data (or similar) indicating they will be collecting information.

4
1

Crouching cyber Hidden Cobra: US warns Nork hackers are at it again with new software nasty

Aodhhan
Bronze badge

Private Address

If you read the report, it provides an explanation in a note.

0
0

Does UK high street banks' crappy crypto actually matter?

Aodhhan
Bronze badge

The lesson here is...

Don't just take every report, article or presentation as the 'end all be all' for security. There are a lot of INFOSEC professionals who forget the basics and develop bad habits and bad logic.

INFOSEC isn't about stopping each hacker and closing down every vulnerability. THIS IS IMPOSSIBLE. Something taught in EVERY security certification.

INFOSEC comes down to identifying and managing risk. Just because someone says you must shut down something doesn't necessarily mean you should or even can. One minor security change in an information system can affect a lot of people, not to mention a businesses bottom line.

Kudos to Alister who has said all the right things for this article.

4
0

Estonia cuffs suspect, claims he's a Russian 'hacker spy'

Aodhhan
Bronze badge

Re: Round up the usual suspects

New to information security? There are plenty of reasons for being in country when attempting to infiltrate a systems network.

Regardless of what anyone thinks, he made the statement of being in the FSB. So take him at his word and add espionage charges along with hacking. Make an example of him. Whether or not the Russians admit to it, a signal will be sent.

3
0

How can airlines stop hackers pwning planes over the air? And don't say 'regular patches'

Aodhhan
Bronze badge

Parrots... shaddup!

Air gap, air gap, air gap... sqwaaaak. Bunch of parrots repeating crap, without any talent to quiet themselves for 5 minutes so they can think critically.

Experienced security professionals know air gap isn't necessarily the answer. There are plenty of ways to connect to an enclosed gapped network. Especially when 200+ people have access to a few of them on each flight.

The answer is early and proper security injected into the systems development lifecycle. An aircraft connected to a WAN or cloud can be perfectly safe provided security is considered from day one until they retire the plane.

Because loss of network/computer systems on an airplane is an obvious security concern as well as a target for terrorists... governments should get involved in protecting these systems with compliance standards.

Airlines and aircraft manufacturers may scream about cost and delays, but consider a worst case scenario... where malware is launched quietly into the systems of 10+ aircraft, placed by malicious insiders, staying dormant until a particular date/time.

4
3

Think the US is alone? 18 countries had their elections hacked last year

Aodhhan
Bronze badge

Funny...

I guess Germans and French are so highly educated they've become lazy; since, they've attributed a lot less to modern technology and assistance to other nations than the US, UK, and many other countries.

The Germans and French are so highly educated, their GDP, GNP, and most other economic indicators is less than US, UK and other nations.

I'm not sure what you're education is in, but it sure isn't in foreign studies, economics, military, technology or anything outside of the fast food industry; which by the way, is calling for you.

1
7
Aodhhan
Bronze badge

Think about it for several minutes...

If you're going to try to destabilize a county, you will do everything possible to help the least popular candidate gain office. This way, the majority of the people already distrust who is in office, and it becomes a powder keg just waiting for a spark.

1
0

Marissa! Mayer! pulled! out! of! retirement! to! explain! Yahoo! hack! to! Senators!

Aodhhan
Bronze badge

Let us not forget

Why isn't the US Congress, along with every state legislature not pointing fingers at themselves?

For years, information security bills have been killed because huge corporations contribute large amounts of money to their campaigns to make sure any security bill dies in committee.

While I enjoy these theatrics by those in Congress who put on a performance worthy of an Emmy nomination, we all know at the end of the day, you will waggle your finger... then when the lights go out, take more money from these corporations to maintain the status quo.

Bravo and shame on our elected officials.

2
0

Brit moron tried buying a car bomb on dark web, posted it to his address. Now he's screwed

Aodhhan
Bronze badge

Re: Judging a book by it's cover

We're all the same on the inside... this is a parochial method of thinking. I take it you're an adult now, and can stop repeating things you were taught when you were 8.

The problem is, the lungs, liver, [insert any organ] may be 'roughly' the same; however, how the brain is programmed and processes isn't the same. It's the brain, not any other organ which dictates your actions.

If you're poor and you grow up in crappy conditions, you're going to see life a lot different than someone who didn't want for anything. You're also going to have very different life experiences.

We don't need white people to 'help us', defend or pander to us. We definitely don't want white people going out of their way to show us they aren't racist. It's not shocking to us, when we invite these white individuals to come to our house to have an evening meal... they'll do everything to change the subject or wiggle out.

You want to lash out against racism then lash out at racism/prejudice, but do it without describing color, religion, jihad, etc. Stop pandering and whining, and start living and accepting ALL people the SAME.

If this kid was white, there wouldn't be any mention of race, religion, conspiracy, etc.

4
2

IETF moves meeting from USA to Canada to dodge Trump travel ban

Aodhhan
Bronze badge

If the travel ban really pisses you off...

Then why give into it by changing locations?

--Seriously...

Better to go through it and provide your real life horror stories to the world than to give into it...

By giving into a ban, you give it strength.

Now, if you don't want to go to San Francisco, because it's San Francisco... this I get.

0
0

Parity calamity! Wallet code bug destroys $280 MEEELLION in Ethereum

Aodhhan
Bronze badge

Re: This is when I know I'm getting old...

You're still young.

I grew up using smoke signals for emails.

To code, we used finger paint on walls.

To archive, we carved into the back of tree bark and tied them together.

...and WE LIKED IT!!!!

6
0

OpenSSL patches, Apple bug fixes, Hilton's $700k hack bill, Kim Dotcom raid settlement, Signal desktop app, and more

Aodhhan
Bronze badge

Re: I wonder what the Trump apologists' excuse will be this time?

I don't condone any government official using their private email, but keep things in perspective when you make a comparison. Hillary used her private server to maintain and distribute TS/SCI SAP classified documents.

1
2

Biggest Tor overhaul in a decade adds layers of security improvements

Aodhhan
Bronze badge

What wasn't noted...

The development help by the NSA.

Upgrading all existing onions the NSA owns.

...etc.

0
0

10/10 would patch again: Big Red plasters 'easily exploitable' backdoor in Oracle Identity Manager

Aodhhan
Bronze badge

I don't think anyone is shocked by this

Nearly all security professionals knows any Oracle product is a problem waiting to happen. Even more disturbing is how long it takes for them to fix something... if they do.

Thankfully, we've stopped allowing any new Oracle products onto our network. Those we still have must find a new non-Oracle solution prior to their refresh date.

2
0

Tor blimey, guv'nor: Firefox to try on privacy tool's Canvas gloves to leave fewer fingerprints

Aodhhan
Bronze badge

Back to 1994

Blocking information such as OS, client side scripting info (i.e. version of Java, flash, VBScript, Silverlight, etc.), cookies (session or otherwise), monitor resolution, encoding, etc. will likely take away all the fancy artwork and client side applications used by websites for rendering the web page.

This means, web sites will begin to look like they did back in the mid 1990s.

Let's hope they provide us with options to configure exactly what we want blocked and what we wish to allow, instead of an all or nothing configuration.

1
1

Mil-spec infosec spinout Cryptonite reveals its network-scrambling tech

Aodhhan
Bronze badge

Sometimes more devices doesn't mean more security.

So they're selling a device for people who don't know how to properly setup a defensive perimeter.

Sounds like it's just another house of mirrors for packets, which should already exist if you've correctly setup your perimeter and have your firewalls and proxies correctly configured. Using this device doesn't save you any money by removing multiple defenses already in place, and it doesn't provide any protection from malicious insiders, phishing attacks, etc.

Set up too many mirrors for packets, and somewhere... something is going to get misconfigured and allow something through. Or the product will shut some application down, so an exception will have to be made which will allow a hole for something to get through.

Keep it simple so it can be done correctly.

2
0

US voting server in election security probe is mysteriously wiped

Aodhhan
Bronze badge

Stop injecting your politics

Trump didn't 'narrowly' win in Georgia, he received 210,000+ more votes than Hilary.

The lawsuit isn't about recounting the votes. It's about changing the computer systems used for voting. Even if the votes were recounted, it's one district in Georgia. No way 200K+ of votes.

The lawsuit to upgrade voting equipment is being pursued by Republican's across many states. The Democrats are opposing these suits.

The GOP supports these suits because new systems support accountability and prevent voter fraud.

DNC is opposed to them, because they believe people's votes will go uncounted.

Both sides are upset in this case (at least appear this way), that data was wiped just after the suit was brought on. Funny, this happened before (Hilary's server), but the DNC wasn't very upset about it then. In fact, they did everything they could to make it a non-event.

3
9

NHS could have 'fended off' WannaCry by taking 'simple steps' – report

Aodhhan
Bronze badge

Welcome to gov't run health care

Wait time to:

- See your family physician 14-30 days

- Consult to a specialist 4-7 months

- Have a CAT Scan: 2-6 months

- Get a MRI Scan 5-10 months

- Patch server systems 18-32 months... maybe.

1
6

Assange™ says Trump's voter-targeting firm asked WikiLeaks for something

Aodhhan
Bronze badge

Re: It's funny

What's not funny is you have it all backwards and inside out.

The GOP was upset at WikiLeaks because of Snowden and wanted it shut down. Whereas the DNC was supportive of WikiLeaks because of this and because of course, they have to take an opposite stand.

Then Hillary decided she was above the law and nobody will ever see her in a bad light.

Suddenly, her email server was found, the DNC site hacked and documents hit the Internet.

Then the GOP loved WikiLeaks and the DNC hated WikiLeaks.

Typical politicians no matter which party or what side.

9
0

Dell forgot to renew PC data recovery domain, so a squatter bought it

Aodhhan
Bronze badge

Re: How do domain names expire?

Not a security person eh?

You don't register everything under the same domain, it's a security failure waiting to happen.

Then there is the difference between internal and external production systems and their protections.

On top of a company which likely has more than 10,000 individual internal servers and likely just as many if not more external facing systems.

If you have ever worked for a large corporation, the amount of internal VLANs alone can become confusing, let alone adding a bunch of external facing domains which all have to have their own protected databases.

Then just think of any one of these having a vulnerability allowing access to active directory or DNS or Web services.

You want to alias everything? This isn't just a DNS nightmare, its a web server nightmare attempting to port and forward everything. If you think troubleshooting one web system is a horror show, try having to troubleshoot 3000+ on the same domain. It would be stupid.

I can go on and on, but you get the picture.

There is also cost. The amount for a wildcard certificate to cover an entire domain is ridiculous, when you can get by with 10-20 individual certs. There is also a security issue with this as well, but why continue to explain.

C'mon; most of you are smart enough to figure this out. Just think through it for 10 minutes instead of spewing out silly things.

3
3

Hop on, Average Rabbit: Latest extortionware menace flopped

Aodhhan
Bronze badge

Re: 1dnscontrol[.]com

Tom,

The fast food industry is calling. Better get going.

7
1

Panic of Panama Papers-style revelations follows Bermuda law firm hack

Aodhhan
Bronze badge

Re: we have reviewed our cyber security and data access arrangements

You said, "Drupal is pretty secure"... are you kidding us?

3
0

Watership downtime: BadRabbit encrypts Russian media, Ukraine transport hub PCs

Aodhhan
Bronze badge

Outlawing cryptocurrency

You can't outlaw the currency but you can make the scheme illegal, and in-turn hold the sites supporting the scheme responsible.

However, if politicians do this then they will not be able to launder the big money they receive for their foundations and other dark money making ventures.

Rule 1 of being a politician: Never shoot yourself in the foot.

2
0

Legacy kit, no antivirus, weak crypto. Yep. They're talking critical industrial networks

Aodhhan
Bronze badge

ICSs are everywhere, including where you work.

Industrial control systems cover a lot more items than most get. It isn't just specialty items you find in electrical power plans. Rather it includes items in most commercial buildings/infrastructure.

Systems include:

- Elevator controls/monitoring

- Indoor/Outdoor lighting

- Fire sensor and suppression

- Alarm sensors and monitoring

- Security monitoring cameras/recording

- Physical security locks and door controls (access control)

- Electrical outlet control

- Manufacturing equipment cooling systems

- etc.

So reevaluate where you work. These items just aren't in HVAC, power, petroleum, water etc. plants. They are likely part of the very building you work in. All of these systems are likely in place where you work and you have no idea they're there, because it's never occurred to you to search for them, and building management didn't know they should tell you they installed them. Many of these systems go back to the Windows 3.x days. It isn't exactly brand new technology.

Being air gapped can bring extra problems because of the false sense of security and lack of patching. It should be looked at as a part of defense-in-depth, just like if you added a security switch/router. Air gapped systems are still open to insider threats, people hooking pwnd laptops into them, etc. So the same AV and other security software still needs to be applied and required. So test and assess accordingly.

0
0

'We've nothing to hide': Kaspersky Lab offers to open up source code

Aodhhan
Bronze badge

A bunch of comments on the obvious.

It's old news.

The only people still giving this any time is those who have a belief one way (for themselves--and those who think like them), and then oppose the same belief two sentences later (for everyone else).

0
0

Security pros' advice to consumers: 'We dunno, try 152 things'

Aodhhan
Bronze badge

Dont wast your time

20 minutes you'll never get back.

The entire structure of this 'survey' lacked proper form and research.

The conclusion of how varied the advice is... Of course. First off, you asked people who use the google security site. This wouldn't make my top 100 places to search for qualified security professionals.

Also... security professionals tend to put their time into only a few areas of security. It's impossible to concentrate on all areas. This alone is going to produce varied responses. Also, this is a very fluid and ever moving field of study. You will likely get responses on the last 3 big problems the professional worked to close down.

You will also get varied responses on any security response which will vary depending on if it's directed towards customers or employees.

Then there is no definition of what a "non-tech savvy user" is. I know system administrators who I may consider not very tech savvy because they still can't comprehend certain networking concepts.

Then again, I may consider a 12 year old tech savvy because he understands how to pair his Bluetooth enabled phone to his mom's car.

Then you look at the author's profession and where they work and you immediately shake your head.

So... don't waste your time.

3
1

Make America late again: US 'lags' China in IT security bug reporting

Aodhhan
Bronze badge

But why ?

Get your bugs in and indexed quickly or our finest tanks will drive over your house--at 2am.

- signed -

The friendly People's Government.

0
0

NetBSD, OpenBSD improve kernel security, randomly

Aodhhan
Bronze badge

For all of those who don't get it...

Live relocation; copy/update kernel; trampolines... doesn't it make you want to shake your head?

It will actually be easier and more efficient (not to mention less bugs) to halt input, complete processing (yeah, this could take a bit of time; so think about) clear cached inputs, archive data and reboot.

Now, if you think this is ridiculous then think about what you're saying to... routine out some 'random' locations/toss these into memory, pause input, halt processing, halt services, change memory locations, update pointers then start everything back up; oh every 15 minutes or 4 times a day (makes no difference). BTW, think about how this 'randomizing, updating, restarting' routine has to work while everything else is in limbo.

If you think rebooting is inefficient and will take time, think about a system which is likely running more than one application along with an underlying OS to go along with your silly scheme.

4
1

US-CERT study predicts machine learning, transport systems to become security risks

Aodhhan
Bronze badge

Re: I believe there is only one word in answer to this:

This isn't a report meant for information security professionals. It's written for higher level executives about the technology challenges ahead. Take the time to read through it all before you jump at the chance to publicly roll your eyes.

Also, the fact you 'dismiss' anything coming from Carnegie Mellon University displays your absolute ignorance towards information security. CMU is the #1 university in the world when it comes to information security and information technology research.

1
1

Europol cops lean on phone networks, ISPs to dump CGNAT walls that 'hide' cyber-crooks

Aodhhan
Bronze badge

What's really needed

is for law enforcement to get off their azz, and get out there and do real investigative work.

Knock on doors and a few heads to collect what is needed.

Silly millennials have been so spoiled and pandered they don't want to get out there and do actual police work. They've grown up having conversations via text messaging instead of learning how to talk face-to-face and build this type of trust and relationships with contacts and informants.

Too much tax payer money is spent on electronic surveillance and not enough on training officers to do in-depth investigations away from a keyboard.

0
0
Aodhhan
Bronze badge

Re: Fishing

No... they can still read what your chatting to your mates about (using filters). They just have a difficult time locating you and in some courts, providing evidence everything you chatted over multiple days is actually you.

0
0

BoundHook: Microsoft downplays Windows systems exploit technique

Aodhhan
Bronze badge

Yes, we get it... but

Sure, it's a post exploit technique I can write malware to exploit.

Which means after you 'finally' detect something and shut down the pseudo hacking applications put in to make yourself feel good after it's gone... the real malware is taking advantage of this 'feature' *cough* to continue to send me information and provide permissions to the now hidden malware.

Is anyone confident the servers at any of the recent breaches are completely free of malware?

...I doubt it.

0
0

EU: No encryption backdoors but, eh, let's help each other crack that crypto, oui? Ja?

Aodhhan
Bronze badge

How about this...

Spend money on training and hiring detectives who aren't so effing lazy to actually dig a bit to find other evidence? Stop coddling law enforcement and make them get off their azz.

There is more to solving a crime than pooling a huge amount of resources into breaking encryption. If it's all you have to go on, then the case is likely weak to begin with... move on.

Not to mention the fact... the more law enforcement gripes about this subject, the more it's publicized; motivating people to learn more about encryption. Thus in the long run, making the job a lot tougher.

If you can't think 3 moves ahead on this fact, how do you ever expect to solve complex crimes?

3
0

Yes, British F-35 engines must be sent to Turkey for overhaul

Aodhhan
Bronze badge

Lets see

UK has the sole avionics contract... I don't see 12 nations griping about this.

Of course, there could be multiple locations to overhaul the engines, which means the cost of paying for extra engine mechanics, location, building new facilities, etc. will be added to the cost of overhauling the engine.

Wow, I thought politicians in the USA were moronic when it comes to contracting maintenance of military equipment.

3
0

IRS tax bods tell Americans to chill out about Equifax

Aodhhan
Bronze badge

Talk about moronic thinking

I guess he wouldn't mind then, if someone put all of his information on Pastebin.

The difference about the information Equifax and other companies collect to determine risk is the HUGE amount of information they collect.

They typically have information such as political party, how often you show up to vote, make/model/year, etc. about the past several vehicle purchases you've made, home ownership information, some health data, where you travel, how you travel, your spending habits, where you shop... etc. The list is huge.

These companies collect so much information on an individual, that if something new comes up.. they create a new category immediately and start collecting.

So while hackers may have some of my information, they likely didn't have a lot until Equifax was breached. Fact is, we still don't know yet what was taken, and Equifax isn't letting anyone know.

The US Congress needs to step up and ask what information Equifax has on individuals. Then create laws to limit the information they can acquire and store.

4
0

NHS: Remember those patient records we didn't deliver? Well, we found another 162,000

Aodhhan
Bronze badge

Help me understand this

In a government operating healthcare system, people provide the government with all of their health information; arguably a lot more valuable and intrusive into one's life than many think. Yet, get absolutely mad upset about handing over a PIN to their phone.

Amazing.

Think of everything in your health records. Next of kin, employment, life choices, etc. Think about all the questions you get asked during a hospital or doctor visit. Sexual partners... the STDs you have, medication you take (which can say a lot), etc.

..yep, it's all in there, and available to your government when you have a health care system run by this government. Not only for them to abuse, but anyone else once it finds its way to Pastebin.

1
5

Sounds painful: Audio code bug lets users, apps get root on Linux

Aodhhan
Bronze badge

Re: Oh for FUDs sake

I was thinking the same thing..

Just another 'pud' to reinforce the concept, "half the people you come across are below average intelligence".

If you want to be closed minded enough to think one OS is superior to another, fine. Just don't try to throw your crap here. Most of us are professional enough to become proficient on more than one OS; as opposed to sticking to one, and attempting to belittle the rest.

11
2

'Open sesame'... Subaru key fobs vulnerable, says engineer

Aodhhan
Bronze badge

Re: This won't be addressed

Stop and think about it for just 5 minutes, instead of throwing in a comment which isn't even worth 2 cents.

Follow Suburu cars pulling into mall parking lots, movie lots or anywhere else around Christmas time with this vulnerability, and you'll gather up enough merchandise to make back your $25 easily.

Plenty of people drive older cars, and just because he published older car models, doesn't mean it doesn't work with newer models.

If you can't think like a criminal, then you're not going to do well in information security.

6
0

Swiss banking software has Swiss cheese security, says Rapid7

Aodhhan
Bronze badge

Re: How is SQL Injection Still a Thing?

SQL being roughly equivalent to COBOL

You know...

If you're not educated on a subject, please don't believe you're obliged to show the world how ignorant you are.

Your statement displays your closed mindedness towards learning. As if COBOL hasn't been through any changes since 1959.

I guess you probably believe Microsoft DOS or UNIX hasn't had any changes since 1980.

Not all is lost though; I do believe the food industry can still use you.

0
0

Malware again checks into Hyatt's hotels, again checks out months later with victims' credit cards

Aodhhan
Bronze badge

Who was the PCI auditor?

What company did Hyatt's PCI audit? Obviously the auditor was lazy or ignorant... or perhaps Hyatt lied about data protection measures. Don't rule out both being the case.

Having the CVV number is against PCI standards,

Requirement 3.2 - Storing sensitive authentication data after authorization. You can only do so if there is a business justification (not likely in this case) and if it is stored securely. Obviously this wasn't met.

Requirement 3.2.2 specifically states not to store CVV information after authorization.

Then there is Requirement 3.4 which goes into PAN data security and the use of STRONG encryption. Again, this obviously wasn't the case.

Requirements 3.5 and 3.6 goes into documenting procedures for key management. Here is where the PCI auditor should have caught the problem.

So when it comes down to it. Requirement 3.x in general was not implemented, nor was it properly audited.

The information security community deserves to know who the PCI auditor is who last signed off on internal safe keeping of customer data.

0
0

'Israel hacked Kaspersky and caught Russian spies using AV tool to harvest NSA exploits'

Aodhhan
Bronze badge

It's not bad enough...

It's ridiculous enough when people ignorantly and emotionally inject speculation into any story... but it's just downright moronic to inject inflammatory politics into a story.

The real thing to look at here is the New York Times. In the past year, they've been proven wrong so much, it's amazing anyone reads this rag... even if it's been left on a subway seat.

Then the story itself is written in such a way, they throw out things to get the imagination and emotion stirring.. yet in small print, they remark "speculation".

Then you see so many perpetuate the madness and crap here. The media has definitely mastered taking advantage of people's ignorance and emotion.

2
0

'There has never been a right to absolute privacy' – US Deputy AG slams 'warrant-proof' crypto

Aodhhan
Bronze badge

Horrible...

The title and underlying message of this story is false, wrong and a lie.

Do you only have a 3rd grade reading level?

The statement is, "There is no constitutional right to SELL WARRANT PROOF encryption".

This is true about anything and everything. So to make it a huge deal is moronic.

This applies equally to locks, safes, fences, pockets, cubby holes, etc. If a warrant is issued, the owner is obligated to provide access.

The message of the entire speech is, "Responsible encryption".

More ultra-far left wing lies to invoke emotion, because they know when people are emotional, they don't think through things. They only grab on to what someone says, whether it's true or a lie.

0
3

North Korean hackers allegedly probing US utilities for weaknesses

Aodhhan
Bronze badge

Where's the news story?

This isn't news... it's old information. This has been going on for years.

News would be, doing real journalism to find out something new.

Such as... China is getting around UN Sanctions, by contracting North Korea hackers to probe for weaknesses in the utility networks of USA, England, South Korea, etc. Thus, they are able to fund North Korean military and receive valuable information system information.

C'mon. Stop with the lazy reporting.

1
0

Dear America, best not share that password with your pals. Lots of love, the US Supremes

Aodhhan
Bronze badge

Re: What happens if...

In your example, the child was given access to the card by the OWNER of the card.

In this legal case, those who provided access to the defendant weren't authorized to do so. They WEREN'T the OWNERS of the data which was stolen.

So in your example, it's like the child passed on the credit card number and PIN to a friend.

Then this friend used the information to charge on the father's credit card. This friend wasn't given access by the OWNER, the friend was given access by the child who had access to the information.

It isn't about passwords, it's about trespassing and having authorized access.

From an information security perspective, this is an insider threat who is an accessory to data theft.

2
0

VPN logs helped unmask alleged 'net stalker, say feds

Aodhhan
Bronze badge

No such thing as absolute anonymity on the Internet

Anyone who believes a site's claim they maintain your anonymity is lying, and anyone who buys it is an idiot.

Of course logs are kept. If nothing else for maintenance, speed/efficiency and security reasons. The stories of ISPs and VPN companies cooperating with law enforcement should let you know this. Of course they are going to assist law enforcement when certain crimes are taking place. The only people who have a problem with this are those who break the law.

Someone talked about how the company should worry about their business for cooperating with law enforcement. No, a company should worry about their business if they cover up the identity of a sexual predator.

0
2

Video games used to be an escape. Now not even they are safe from ads

Aodhhan
Bronze badge

It's not about the obvious...

It's not about imbedding advertising in signs, stores, etc. which you walk by, drive by, etc.

It's about having to interact with the advertising in order to achieve something or keep yourself alive. For instance... if you don't take cover or interact with the advertising in some manner, you don't get credit to level or achieve something. "Your character is hungry so you must purchase a sandwich at subway" sort of thing; or perhaps you take cover behind a plain wall instead of an advertising sign so you die.

It's also talking about having to sit thru a 30 second ad between levels or when loading a new screen, level, etc.

In other words... it's about nuisance and control of the player.

1
0

Microsoft silently fixes security holes in Windows 10 – dumps Win 7, 8 out in the cold

Aodhhan
Bronze badge

Sure Microsoft is slow.. but,

Without knowing the extent of the problem it's difficult to know in real terms just how slowly Microsoft is addressing this.

However, there's no debate Google is irresponsibly advertising weaknesses in millions of individual's computers; in order to beat their chest like a bunch of gorillas.

If you want to beat your chest after all of the flaws are fixed... this is fine. Doing it while the vulnerabilities exist and then pointing them out in a loud parochial manner isn't exactly showing your superior knowledge of anything.

0
1

Russian spies used Kaspersky AV to hack NSA staffer, swipe exploit code – new claim

Aodhhan
Bronze badge

Wow... a lot of ignorance.

Just because the file was on his home system doesn't mean he was actively using it.

Show of hand all you developers...

How many of you have taken any of your work coding home so you can...

...reference from it in the future?

...keep a copy of 'your' work to show prospective employers?

...collect work you're especially proud of?

....etc.?

Yep, about what I thought, 100%

Just because someone works for the government, doesn't mean they're intelligent. Just Google, Hillary Clinton.

2
0

Page:

Forums

Biting the hand that feeds IT © 1998–2017