* Posts by Aodhhan

297 posts • joined 25 Apr 2008

Page:

But how does our ransomware make you feel?

Aodhhan

This isn't RESEARCH its validating known work.

This isn't exactly new and cutting edge research items. Not only has this been studied and documented by various red teams, they've done a much better job of research without a PhD on the team.

There are a few items which aren't on his list which are huge. For instance "Curiosity"; as in appearing to have received an email & attachment (with 'juicy' info) meant for someone else.

Finally, how about the conclusion? Having a PhD is proof you can conduct in-depth ORIGINAL RESEARCH in order to present findings and objectives in a manner where others learn greatly from your efforts. To provide and prove NEW academic knowledge.

Going back over work which has been known for years without providing anything new isn't research... it's VALIDATION. This paper doesn't even present ideas to move forward to find new research or new views into psychology.

If you're truly a PhD in anything and value your own integrity... you wouldn't publish something like this and title it as "research".

1
6

Dutch Senate votes to grant intel agencies new surveillance powers

Aodhhan

Fighting this the wrong way

The freedom of a nation and national security will always outweigh individual freedom. This is why electronic surveillance has been going on over 100 years in many different forms without any success to do away with it.

The fight shouldn't be against the use of surveillance, it should be to increase penalties and sentences against those who misuse surveillance technology and the intel information from it. Ensure directors and supervisors are held responsible for any misuse (no matter how small) with prison sentences and you'll see strict policies and procedures in place to restrict, account and record any use just to cover their ass. You'll also see it will only be used when absolutely necessary.

Not to mention, it's difficult for a politician to tell their constituents they aren't a proponent of accountability and transparency.

0
1

Uncle Sam says 'nyet' to Kaspersky amid fresh claims of Russian ties

Aodhhan

That's it...

...bash the US Government for a right to choose; yet cheer on a country which sensors it's citizens and wants to end the use of TOR and other applications. Way to see the big picture with such a narrow mind.

Fact is, the US DoD and other five-eye nations long ago banned applications from non-NATO countries, to include banning applications from Israeli owned companies. So making the move to encompass all government agencies isn't a real shocker.

Sure, Kaspersky has done a lot of good and it's R&D matches up with any other; however, if the Russian government insisted nefarious code or backdoors get inserted into some copies of their applications destined for certain government agencies what do you think Kaspersky will do? Yeah... duh. The hardest lies to detect are those consisting of 99% truth.

0
0

Crackas With Attitude hacker 'Incursio' gets two years in the clink for embarrassing CIA boss

Aodhhan

You really expect ISPs to put millions into securing customer email accounts?

0
0

America throws down gauntlet: Accept extra security checks or don't carry laptops on flights

Aodhhan

Tourism Money

Interesting, so much said as if the United States' economy will collapse because people from the UK stop visiting. A larger effect will occur if college kids from New Jersey quit going to Florida on spring break.

Any business stating it's too much hassle to make a profit in the country with the largest economy in the world is either a fool or a liar who knows nothing about economics. Even so, WTF cares? There are plenty jumping at the chance to do so.

You know the saying about opening your mouth and removing all doubt that you're an idiot.

0
7

Roses are red, you're over the moon, 'cos you work in infosec, and you're retiring soon

Aodhhan

What's so shocking?

These numbers aren't far from what we should expect. Very few individuals will be ready to jump into InfoSec positions right out of college.

Don't forget to look at cybersecurity for what it really is: risk assessment. In order to properly conduct a risk assessment and analysis you must have experience with multiple computer disciplines. To simplify, if you don't have experience with a particular operating system as an operator and an administrator along with experience with networking (firewalls, routers, switches, VLANs etc.), it will be a bit difficult to properly assess risk and provide mitigation requirements when analyzing a new system.

Add to this the ability to adjust to new technologies, new attack vectors, etc. and stay on top of a constantly changing world. InfoSec analysts don't focus on one particular area, they must master many and then maintain proficiency in them all. This is a challenging undertaking not everyone can handle.

If this isn't enough stress, lets not forget InfoSec analysts must get it right every time. It's difficult for many CIOs to put trust like this into individuals who don't have 10+ years of experience in multiple computer disciplines.

5
0

Trump's cybersecurity strategy kinda makes sense, so why delay?

Aodhhan

Amazing

Yeah, we get it Trump bashers. You don't like him, and you love repeating the same stupid left wing racist-elitist talking points. Too bad you can't think critically and come up with original thoughts.

The problem in the Government, and how the RMF has been implemented is in those who are "ACTUALLY" responsible for each network's security. Currently this lies with individuals who are 0-7 or SES-1 level (or above). You aren't going to hold a general officer accountable; and there are very few flag officers who are deeply knowledgeable in information security. Not to mention the fact, many times these officers aren't physically located at the same base or city the network is. Just stupid, right?

They need to go back to allowing O-6 and GS-15 level officers and perhaps even O-5/GS-14 level officers take responsibility for networks. They need to increase the number of cybersecurity red teams, as well as ensure RMF standards are implemented and organizations are funded properly to meet certification and accreditation standards. Holding commanders responsible for networks which do not meet RMF standards, or have a POAM in place to correct deficiencies.

0
0

Revealed: Malware that skulks in memory, invisibly collecting sysadmins' passwords

Aodhhan

Don't you hate it

John,

It's ridiculously selfish, not to mention stealing... when you don't provide direct references to the original blog/article etc. you are paraphrasing or copying. Especially, when you provide only 20% of the original article, which can be found at Kaspersky's Securelist blog here:

https://securelist.com/blog/research/77403/fileless-attacks-against-enterprise-networks/

..effing thieves.

1
0

Revealed: 'Suicide bomber Barbie' and other TSA quack science that cost $1.5 billion

Aodhhan

Let's all bash the TSA.

I wonder.. for those who bash the TSA, how well can you perform a job where you must make 20-200 decisions an hour, 40 hours a week and get each of these tasks done correctly. Where, if you make one mistake and miss something, lives are put in danger.

Yes, it's easy to bash TSA when you're ignorant. However, I'm willing to bet you make at least 2 to 3 mistakes a week at your job.

Let's not forget. The ACLU doesn't exactly have the best reputation when it comes to credibility. It obviously doesn't have all the information here (by their own admittance). Also remember, there is no expectation of privacy when travelling.

I've been pulled aside at an airport TSA checkpoint many times for additional screening, patting down, etc. Along with having to open my carry on luggage many times. I'm clean cut, usually wearing a suit and give them no reason I know of to search me. Hmm... perhaps the TSA has a problem with penetration testers. Or maybe, it's because I usually carry on two to three laptop computers along with some Ethernet cables and a SOHO router. No, that's not it... I should ask the ACLU...I'm sure they could come up with a frivolous reason.

Of course you come to the conclusion anyone who carries onto an aircraft this much electronic equipment should be looked at a little closer.; However, it can easily be spun into saying the ACLU doesn't trust penetration testers, and therefore they are profiled for extra scrutiny.

The leadership of the ACLU gets paid a lot of money. The more they spout out and the louder they are towards issues the elite left support, the more money they get from the filthy rich left. So don't think for one moment the ACLU cares about anything but donations to their bank accounts.

1
10

USMC: We want more F-35s per year than you Limeys will get in half a decade

Aodhhan

Aerospace Ignorance

To say the Harrier has any chance against an F-35 is ignorant.

The Harrier wasn't built for 1:1 engagements against fighter aircraft. It's primary duty is sea interdiction and support/protection of ground troops. For this role, the Harrier works very well. When used, Harriers typically have fighter aircraft flying cover above them.

The Harrier has a relatively low thrust to weight ratio which means slow acceleration. Speed and height is king along with being able to make fast, tight turns and maintain energy. Against the F35, the Harrier falls far behind. It's not even a close contest.

2
8

Want to come to the US? Be prepared to hand over your passwords if you're on Trump's hit list

Aodhhan

More ignorance

The USA is filled with people who emigrated from European countries because they were tired of putting up with your s**t. [insert ushered applause]. So stay away from the USA, they'll somehow manage to get by.

Objecting to researching immigrants from 7 countries in this way is entirely logical since there isn't any government which keeps records, or have the infrastructure to support normal investigation operations. You object to investigating social media accounts, but do you have any idea what most countries investigate before someone immigrates into the country YOU live in? Giving up social media information is nothing compared to typical items which are investigated.

Stop shouting out racist left wing talking points. Stop being an ignorant parrot who just repeats what they hear. Take 10 minutes and research and ask WHY something is being done. Be a bit more critical when it comes to left wing crying points.

0
17

Chrome dev explains how modern browsers make secure UI just about impossible

Aodhhan

Re: HTML5 can do WHAT?!

Did someone forget to take their manic medicine? ...relax, the sun will rise again tomorrow. With the amount of odd-ball things which are developed and used in this world (on and off computer systems), losing your mind to a browser idiocy isn't worth it.

Think about this fact, nearly anytime you use an application you're forced unwillingly to comply with something, you just don't realize it or you go along with it; and yet, here you are using your computer over and over again.

Hmmm... on second thought, don't think about this... it just may send you over the edge.

0
2

Hacker: Lol, I pwned FBI.gov! Web devs: Nuh-uh, no you didn't

Aodhhan

Waiting on...

The FBI hasn't commented yet because they are waiting for the approved talking points (lies/untruth) from the White House on what to say. Along with some ridiculous back story to put the blame somewhere else without taking any responsibility for the vulnerability.

...that is, unless they convince the majority of the media to not cover this story, or bury it way back on page 21. They wouldn't want the POTUS to look bad...errr... worse than he already does, with 2 weeks left to go in office.

2
3

Chinese boffins: We're testing an 'impossible' EM Drive IN SPAAAACE

Aodhhan

Re: "The Chinese might only be claiming they will test this drive in space"

No. A few 'cube' satellites is not enough to test the device.

To make it viable, along with fueled propulsion, you need to get it to go over 25,000mph and maintain this speed.

This is the speed required to break away from the Sun's gravitational effects. Otherwise, it will slowly lose speed and curve back towards the Sun like a comet.

It takes approximately 18,000mph just to maintain an orbit around Earth without falling back. To break Earth's gravitational effects from its orbit, you need to push out over 20,000mph.

0
6

2016 just got a tiny bit longer. Gee, thanks, time lords

Aodhhan

Laughable

It's amazing to see how people think when it comes to time... and how they believe computers handle it. Even more, when I see people think that the only operating systems are Linux and Microsoft.

Just because a new minute or new hour goes by, doesn't mean the extra second of time put into place goes away... it's there, forever. Computers don't see time in seconds, hours, minutes, etc. They typically see everything in milliseconds, and then people write code to translate it so it makes it easier for users to understand.

Time is linear, not circular. You have to go back to the simple math days and think of one long (infinite) math line marked off in milliseconds. When you tell a computer to go back to a certain point in time, it doesn't automatically know where to go. It subtracts a certain amount of time from the current time.

Insert a full second into this time line, it's like having multiple 1s, 12s, 15s, etc. in there. So subtract 8 from 12, and it doesn't land at 4, it will land at 7 for instance. So 12 - 8 = 7. The logic breaks things.

It's not a simple thing to code, because the math only hiccups if it crosses the point where you inserted the extra numbers (time). And you can't just 'highlight' or point at this marker... computers don't work this way.

The point is exacerbated by those who think you can insert a millisecond slowly into the time line. Think about it.

Those who think there isn't anything which marks time so precisely, I beg to differ. Many money transactions are based on the time money is requested, transferred, processed etc. Especially when these transactions are done over many different computer systems. They are marked by time precisely so they can be reconciled. This is done because it's possible you shop at one spot, at the same time your order at Amazon is processed at the same time your spouse uses the same bank card/credit card at another location. All at different amounts, all at nearly the same time, at different locations, on different computer systems, yet use the same banking account.

Yeah, so... those who think they know computer systems... just realize why some people go to school for 4+ years to earn a compE and others pick up an MCSE class for 6 months.

You might be a master of one operating system, but in the larger world of computer systems, you've only graduated the 2nd grade.

0
0

Banks 'not doing enough' to protect against bank-transfer scams

Aodhhan

Don't blame the bank

This isn't talking about breaches into banking system. It's about people not performing due diligence before they give their money to someone.

If you write a check out to a fraudulent or criminal enterprise, it isn't the fault of the bank. Transfers should be no different.

If you're going to perform a fund transfer, it's worth taking 30 minutes of your time to do a bit of background research first. It isn't difficult to validate a real corporation, individual or charity. Don't use any of the information they provide to you in an email, phone call or message. Get the information from phone books, call information, etc. Then use what you find to contact them and validate.

8
5

Snowden: Donald Trump could get pal Putin to kick me out of Russia

Aodhhan

Snowden, you idiot; make a stand.

Yes you did personally release classified information... to the press.

It's the public who will sit in the jury seat and judge you. If you truly believe you did the right thing for the USA, then go back and plead your case in court. You only have to convince 1 juror.

Those who've made a stand against the government and won by getting the people behind them, never did it from outside the country. They were brave enough to keep their chin up. They didn't run like a coward and shout insults from a distant land.

0
2

A single typo may have tipped US election Trump's way

Aodhhan

Re: legitimate/illegitimate

Sort of like Hillary hearing the word, "ignore" at the start of every government regulation.

0
0

CIA: Russia hacked election. Trump: I don't believe it! FAKE NEWS!

Aodhhan

Obama... the idiot

President Obama's statement is an admission of how his administration has failed to protect the American people against cyber attacks.

I do believe this is the first time he's admitted to something!

Perhaps the new administration will budget proper funds towards the defense of the country.

1
3

Silver screen script hacker and dox douche gets 5 years in US cooler

Aodhhan

This wasn't a genius hacker

Let's face it. He didn't subvert a vulnerability or fuzz software to find a weakness, or even use injection techniques to download username and passwords from a database and then crack them. He simply used one of many script kiddie applications to get people to fill out their username and passwords using email. Something anyone who can follow simple directions and has 10 spare minutes can do.

So to think he's going to put any time into brainstorming a well conceived plan to sell this information privately or via a 3rd party is probably stretching realism to Hollywood levels.

Speaking of Hollywood...

This just shows you the idiocy of actors. Most are not well educated and have never been in a position where they need to protect anyone's property... so they are going to be clueless when it comes to InfoSec. Besides, for most... there is no such thing as bad publicity. You still watch movies right, and purchase products which sponsor them on TV. ENABLER!

1
0

Ugh! Is that your security budget? *Sucks teeth and shakes head*

Aodhhan

HORRIBLE ARTICLE

1) don't write an article which references a report where you have to pay out almost $200 to read.

2) find someone who is known. Perhaps a well published individual so you have more than one piece of reference to use.

3) What he stated is DUH. Nothing new or impressive.

4) Spending depends on more variables than can be put into this article. Many MORE. Again, what is stated isn't new or impressive.

5) What does he mean by "misuse IT security spending"? What an idiotic statement. This alone should let you know he's someone who will be disregarded by the InfoSec community.

6) I assure you, most organizations know their security budget. I assure you it's all based on risk and accepting the fact nothing is totally secure. It comes down to whether an organization can afford something vs the risk. Not a difficult subject to work.

Some organizations accept more risk than others. Some organizations can accept a huge amount of risk, others cannot accept much at all. This largely depends on the type of industry IT is supporting.

In short... making the statement on what percentage of the IT budget should be spent on InfoSec is moronic. Putting together a sound risk management strategy to allow a business/organization to still make money is where this article should focus... not some stupid range of numbers.

0
1

Real deal: Hackers steal steelmaker trade secrets

Aodhhan

Re: Trade Secret Wars

I love it when some idiot can't take 5 minutes to do research... and instead spouts off like they're an expert in metallurgy. There is a huge difference in the way steel is processed, and there are many different types of steel and alloys for the different type of steel. The technology has changed a lot in just the past 10 years. So NO; steel manufacturing hasn't been done the same way for the past 100 years... or past 5 years.

Some of the most sought for alloys are difficult and expensive to process. Methods have come a long way to make it easier and less expensive. Just get 1.5% carbon wrong in steel while adding [choose your metal] into the mix, and it's been a waste of money, as the alloy will not pass strength, flexibility or weight requirements.

It's not just about chemistry, there are methods of aligning molecules in certain patterns as well. Something not done 100 years ago. So... next time, just keep your mouth shut... you may just learn something.

3
2

Wow. What a shock. The FBI will get its bonus hacking powers after all

Aodhhan

Really? Making this about Trump?

This happens to be something the Obama administration wants. They're the ones who are implementing the policy through the Justice Department and Federal Communications Commission.

Congress has given powers to the executive branch to implement policies such as this in order to streamline certain processes and defer to experts in many of the different fields comprising the executive branch. So the only way to reverse it, is for Congress to pass a law restricting some of this power it turned over to POTUS (so to speak).

Does the rule need to be tweaked and reigned in a bit... yes; however, the underlying purpose does need to be an option for law enforcement. I'm thinking you'd change your mind on this a bit once your identity is stolen, along with account information and find your bank account is zero on payday.

Instead of whining like a little nine year old; why not take 15 minutes and email your representative to effect change? Instead of blaming Trump and the entire right wing... you might want to stay in school a bit longer and pay attention to how the government works, who is responsible, and what you can do about it.

Right now all 3 branches of government are okay with this addition to rule 41. Throwing a fit and being ignorant is no way to get it changed.

2
2

IETF plants privacy test inside DNS

Aodhhan

DNS doesn't use...

This is really simple, don't make it difficult.

DNS doesn't use HTTPS (port 443) or your VPN. It runs over a separate unencrypted channel.

DNS typically uses a high number UDP port to send and UDP port 53 to receive. However, it can also use TCP under certain circumstances.

If someone is sniffing, they can see all the information in the packet... which includes who is asking, where it's asking and what it's asking about in plain text.

0
0

The solution to security breaches? Kill the human middleware

Aodhhan

Incredible

This article has a lot of merit, but does miss some things as well.

First: any security device be it physical or logical is a tool, not a solution. Left to its own devices without monitoring, upgrading and replacing on schedule, will become an injection point for a malicious hacker. There are many other points, but you should know these along with proper defense in-depth, to include internal network security lockdown methods; such as proper VLAN creation/enforcement.

Second: system admins are the most dangerous users on a network. Most are not properly trained, don't have a 4 year degree in systems/computers, are overworked, are understaffed, and therefore try to get through things as quick as possible. They don't have security in mind, and rarely follow installation instructions as prescribed by engineers. Many will use their accesses to get around policies, procedures etc. Finally, most SAs use email with an account with admin privileges.

Third: Management is ignorant.Proper policies and procedures for security are often ignored or worse... don't have proper security engineers trained to do a complete and skillful risk assessment of the policies and procedures... let alone network tools.

As an experienced red team member for nearly 30 years, I typically take these 3 things into account when attempting to breach network systems. It's not just people, but the policies and procedures along with improper risk assessment/mitigations which provides attacking points.

How many system items can any organization within a company order without knowledge of security personnel? A LOT. Not just USB sticks, but keyboards, KVMs, mice, adapters, etc.

How many people touch a newly ordered router before it gets to network engineers, and are there procedures to ensure nothing was tampered with along the way? It doesn't take a genius to get into the supply chain of IT equipment and add malicious technology into the stream.

Yes of course, as security people you get the obvious; however, malicious hackers don't often work the obvious. You also don't hear about many breaches, such as supply chain tampering... because this type of breach is usually not handled by local authorities. Also, don't believe each and every report you hear about. Just because an particular attack method is publicized, doesn't mean it this is actually what happened.

Don't just read a book about security, you need to be critical thinkers and work outside the box. Follow your instincts and experience. Take the time to do it right.

0
0

Search engine results increasingly poisoned with malicious links

Aodhhan

Pretty shotty reporting and research.

Sure, you can say there are a lot of malicious links, but the study doesn't bring up whether or not they cut off research after the first 2 or 3 pages of links.

I can do a search on some really simple things and come up with 10,000+ links. Obviously, I'm not going to look at this much, so lets use some granular techniques to bring this number down, and not use all 10,000. Which of course, will cause the number of malicious links on a search way down.

Common sense, and proper research techniques please.

0
0

DMCA updated – toaster penetration testing gets green light in America

Aodhhan

Re: I have a fundamental problem with the whole concept...

You're a bigoted idiot.

I'm not a fan of Budweiser, nor is most of the USA; however, it's amazing at how well Budweiser does in Europe. It's one of the highest selling major beer brands there.

You're also closed minded, and not well versed in critical thinking.

Sure, England has thousands of micro-breweries, but this concept isn't unique to England. Imagine how many micro-breweries there are in the USA. There are probably 30 individual states in the US which have more micro-breweries in them than in England.

And finally... and biggest fact. You're not a beer miser, guru or expert. In fact, you're a beer idiot and should never bring up anything related to beer or brewing.

..as Budweiser is a "LAGER" not an "ALE". Pretty big difference there.

0
2

'Hacker' accused of idiotic plan to defraud bank out of $1.5 million

Aodhhan

Re: Well, no one ever said crooks had to be smart...

Apparently, you're the idiot here. Showing you cannot read the article or display any common sense.

It didn't take the FBI a month to track him. They monitored him for a month.

This is done to BUILD A CASE, and find all tracks which can be used.

They also want to ensure there isn't anything else he's doing.

If you just go in and bust someone immediately, there could be other criminal acts going on, like pulling money out of YOUR bank account.

..and the 7 people who gave you a thumbs up, are equally unprepared for life after age 21.

5
1

US govt straight up accuses Russia of hacking prez election

Aodhhan

Wait...wait, wait.

So, the US Government states Russia is trying to interfere in elections by hacking into systems; yet it has no problem with a bunch of other governments purchasing favors and God knows what else, by sending a bunch of money to the Clinton's via their foundation?

...and second. The only way to be sure with HIGH CONFIDENCE a group or government is attacking you, is to have access inside their network to witness what is going on, by whom, and under what control or (likely classified) documents or other official message/voice traffic stating the fact.

Either way, it's hypocritical.

1
0

London cops charge ATM malware hacker

Aodhhan

ATM Machines

The money in the ATM machine is pretty well protected. It's not easy to access, especially with newer systems.

Likely these ATMs are the smaller, thinner and older type. Newer systems will shut down if tampered with, and send an alarm to either a private company or the bank itself. Newer systems have multiple sensors now, so if the machine is even moved or rocked a bit it will alarm. If a panel is opened inside and a few other goodies. Security software to monitor MD5 hash changes on library and executable files and some other standard file system checks.

0
0

Crooks and kids (not scary spies paid by govt overlords) are behind most breaches

Aodhhan

Targeting

The laugh test for most breaches is all about the data. State sponsored attacks don't hit retail stores or go after money. Think about it for 2 minutes, and you'll get why.

State actors go after technology, military, large business products for intelligence and to reverse engineer/steal and copy, and huge business assets/powerful individuals to gather inside information for investment. Attacking Google, Yahoo, Target, etc. doesn't provide this.

8
0

Feds collar chap who allegedly sneaked home US hacking blueprints

Aodhhan

Re: Coincidence or something serously wrong here...

Why should Booz Allen be removed as a defense contractor? While they may have hired him, it is the government (not BAH) who provides security clearances. It's only BAH's responsibility to ensure an employee is qualified for clearances. On top of this, once hired and put to work, a government representative, along with a government security manager verifies an individuals clearance and is responsible for reading them into particular programs (if appropriate).

To say Booz Allen is responsible is ignorant.

The coincidence is BAH is often contracted to find the cyber professionals to put in very sensitive positions. If you want to blame anyone, blame the current White House administration... who, instead of providing proper training to military and civilian cyber professionals, would rather pay substantially more for a contractor to find people. This is the real problem; because even after they're hired... they aren't provided with training to upgrade and maintain certifications, get the latest training, etc.

..and finally, because contracted work isn't permanent, and the pay isn't comparable to the same commercial positions, the best cyber professionals stay far away from contracted government work, because they can get paid 2 to 3 times more and have permanent employment working for a commercial company.

So again, blame the Obama administration. While they have published and updated a lot of cyber security regulations, etc. They don't provide the country with the best professionals available.

1
2

Russia reports RAT scurrying through govt systems, chewing data

Aodhhan

Re: After reading the description of the malware...

Based on the fact the malware is after commercial industry and not government military services, it's unlikely the US government is involved. The US doesn't stand much to gain by honing in on Russia's commercial industry, as it lags behind the US and most of western Europe.

Based on the targets, I'd say China is highest on my list. It's no secret, China spends a lot of money building resources for information theft rather than research & development.

My second pick is contracted hackers in India. Many new industries and a government which is growing; it's a lot quicker to learn by stealing and selling the information.

Third is Ukraine... don't need to say much here. Motivation is obvious.

1
0

Yahoo! Answers used to cloak command and control networks

Aodhhan

...and useless

OMG, I sniffed the packets and they all showed abc.waalsx.bobafett.wxoidgyd!!!

Just kidding. Good grief.

At least initially, there has to be a call out to a particular server. Not too tuff to drop these packets, then sit back and wait for back/forth communication. You can also set up a lab server with a firewall to prohibit a class of IPs at a time and see which fires off and gets dropped (there are scripts for this, or at least, it's easy to write one). Change it the next day, and narrow it down. C'mon, this isn't brain surgery.

0
0

Fingerprint tech makes ATMs super secure, say banks. Crims: Bring it on, suckers

Aodhhan
FAIL

2 factor (multifactor) Authentication... To clear things up.

Authentication: is the act of confirming the truth of an attribute of a single piece of data (a datum) claimed true by an entity.

Identity: is the act of stating or otherwise indicating a claim purportedly attesting to a person or thing's identity, authentication is the process of actually confirming that identity.

So, the article is correct. Because it didn't talk about a fingerprint or iris itself, it referred to the method of authentication; in this case which uses fingerprints or iris, etc.

Don't read into something just to make a point.

0
0

Microsoft lets Beijing fondle its bits in new source code audit hub

Aodhhan

The Chinese

They aren't as worried about back doors as they are other things. For instance, The Chinese, like other governments do most of their classified work on non-public connecting networks. So they aren't too worried here. However, due to their tireless efforts hacking into corporate and other government systems, they may be more concerned something is coded in Windows allowing the US government to trace malicious packets back to them, to identify them definitively when they commit such acts.

...not that US Intel agencies really need this technology }:>

0
0

Brits: Can banks do biometric security? We'd trust them before the government

Aodhhan

Of course 2/3rds say this...

Most of the public is ignorant to the pitfalls of using biometrics. They see Hollywood movies depicting the US government using biometrics to access the most secure places (which of course, isn't the case), so they believe this is the way to go.

Once Hollywood comes out with a movie showing how hackers can take advantage of biometrics, then perhaps things will change. :)

0
0

It's OK for the FBI's fake hacks to hack suspects' PCs, says DoJ watchdog

Aodhhan

Re: Old trick works

This is why most hackers will use links to a malicious site rather than pictures or a variety of other methods.

0
0

Remote hacker nabs Win10 logins in 'won't-fix' Safe Mode* attack

Aodhhan

Re: At the AC, Security 101:

Unless the hard drive is encrypted. Then booting up Linux and mounting the system's hard drive doesn't help you grab anything.

The subject of the article allows you to get around this, since as a user with local administrative privileges, you'd have the encrypted keys.

0
0
Aodhhan

Re: Remote???

Insider threats... which are approximately 18% of attacks corporate networks face.

0
0
Aodhhan

Unless the hard drive is encrypted. Then booting up Linux and mounting the system's hard drive doesn't help you grab anything.

The subject of the article allows you to get around this, since as a user with local administrative privileges, you'd have the encrypted keys.

0
0

Sniffing your storage could lead to sensitive leaks, warn infosec bods

Aodhhan

Re: I'm starting to get tired of these ...

This is because you haven't done a lot of research.

Gathering information via electromagnetic signals from computer systems was being done by various intelligence agencies back in the 70s, without having to have internal access to the building which housed the computer system.

Today, computer devices are everywhere. Most concerning are point of sale and point of interaction devices, ATMs, etc. They also give off EM signals, and I can stand in line next to you while you use them and pick up the signals. I don't need to be 50 feet away.

At the bank, while a teller enters your information I can be in line, and again, pick up EM signals or at the ATM. While you're tapping away at Starbucks, etc. Laptops are made to be light weight, and have nothing which interferes with EM signals. Picking up keyboard signals can provide a malicious individual with a lot of information. Like credit card numbers, passwords, etc.

Automatically discounting something without conducting research on it doesn't make a lot of sense. Just because you "believe" or "think" something cannot happen, doesn't make it true.

3
1

33 million CLEARTEXT creds for Russian IM site dumped by chap behind Last.FM mess

Aodhhan

Why are we talking about passwords

The best password in the world doesn't matter if the site storing them doesn't properly take care of it.

The subject of this article is more about poor password storing, which affects a lot of users. If an individual decides to use a crap password, then it only affects them (for the most part).

Lets face it, this application isn't exactly high risk if someone manages to guess or dictionary attack a simple password. So, focus needs to be on web sites which are negligent in their responsibility to protect your information.

It doesn't take a genius to setup an encrypted database and route to and from the web service.

1
0

Meet the malware that screwed a Bangladeshi bank out of $81m

Aodhhan

Re: Your teacher told you that proper spelling and grammar are important

Perhaps you mean, "...proper spelling and grammar IS important"?

Have to love grammar-police who lack skills.

0
0

Apple is making life terrible in its factories – labor rights warriors

Aodhhan

There's more to China than meets the government approved pictures/videos

Yep, China has grown in huge leaps and bounds for about 20 million Chinese citizens, who live in the 4 largest cities. Unfortunately, these 4 cities don't encompass or reflect China as a whole or the other 2 billion citizens who live in very poor conditions.

Stop and look at the forest through the trees, and only the pictures you are allowed to see by the Chinese government. People there are still very controlled by the government, who also controls what and where there is wealth. You can work hard there, build a very successful corporation... yet if someone in power doesn't like you for some reason or another, you likely won't own your business very long.

1
0

Russia MP's son found guilty after stealing 2.9 million US credit cards

Aodhhan

Just because his crime isn't violent doesn't mean he/she wouldn't do anything to stay out of jail. There are plenty of times when non-violent offenders have taken hostages when faced with arrest or claim to hold an explosive device. In today's environment, law enforcement around the world isn't taking chances... since they would like to make it home safely every day after work.

5
0

NewSat network breach 'most corrupted' Oz spooks had seen: report

Aodhhan

Re: ISP's are the keyholders

Trevor... you're obviously not well versed in encryption; which means you couldn't hack your way out of a "hello world" statement.

2
2

French submarine builder DCNS springs leak: India investigates

Aodhhan

What is deployed operationally and what is available are two entirely different things.

A ship can be in port for crew rest and or training. Or to save money.

Why have half of your fleet out and about doing nothing if there isn't a mission for them to do? This would be a huge waste of money and resources.

You guys are smarter than this. Before engaging your mouth prematurely, stop and think for 5 minutes why something is the way it is... believe it or not, you're not the smartest person on the planet. Especially when it comes to naval deployments/operations.

0
0

French, German ministers demand new encryption backdoor law

Aodhhan

Let's face it...

This isn't a high priority item for most people, so they aren't supporting or not-supporting politicians based on their encryption stance. Most politicians, once they get into office are going to want controls on e2e encryption.

Toss out statements all you want; it isn't going to change things in the near future.

0
0

Update your iPhones, iPads right now – govt spy tools exploit vulns

Aodhhan

The SKY IS FALLING

Don't you just love those who over do worrying in an above and beyond means to display drama?

Lets say the NSA is using this, do you really think they are looking at YOU? Or... perhaps using it against terrorists and not so friendly nation states?

Let's face it, you're not really THAT important.

0
2

Page:

Forums

Biting the hand that feeds IT © 1998–2017