* Posts by Aodhhan

464 posts • joined 25 Apr 2008

Page:

S for Security is Google owner Alphabet's new favorite letter

Aodhhan
Bronze badge

Great... just what we all need, one more company calling us and interrupting our day to deliver a sales pitch.

1
0

UK Army chief: Russia could totally pwn us with cable-cutting and hax0rs

Aodhhan
Bronze badge

WTF

Did this guy just wake up from a 30 year coma?

Many of these risks existed in the 1980s and were worries then.

So don't give us a left wing scare tactic... how about letting us know what you're going to do about it and how you will go about it.

1
0

'WHAT THE F*CK IS GOING ON?' Linus Torvalds explodes at Intel spinning Spectre fix as a security feature

Aodhhan
Bronze badge

Rocks... glass houses... c'mon Linus.

Once again Linus is off his meds and ranting as if his creation was perfect from the start.

Oh.. the stories I can tell about hacking into systems using the early versions of UNIX and Linux. All attacking the OS itself and not software. The input points, the early libraries were all such easy targets, than in less than 30 minutes you could teach an average person how to successfully hack systems.

0
17

Electronic voting box makers want kit stripped from eBay – and out of hackers' hands

Aodhhan
Bronze badge

Ahh yes the old paper voting system.

The argument goes, there's no way you can hack the voting system using this method right and of course you can recount them.

There is absolutely no way to hack the voting system using this 'old fashion' method.

Pfftt... c'mon. A security professional should know better.

The old paper, pen, write in, mark a box, fill in an oval etc. has been hacked for HUNDREDS of years.

Someone grabs/casts more than one ballot. Someone who has access can 'lose, add or change ballots.

With the added number of people involved when it comes to paper ballots, it's open to a lot of fraudulent activities. I.e. the original hacker.

There is good and bad to all methods. Along with strengths, weaknesses, vulnerabilities and risks to ALL methods. This is something all computer security professionals should realize.

So I'm assuming, those who want to damn the use of computerized voting systems are ignorant to

4
5

Optimus multi-prime is the new rule as OpenSSL transforms crypto policies again

Aodhhan
Bronze badge

Errors all over this

This article should be removed.

The author fails to properly provide exact information. In fact, it changes what is actually stated by OpenSSL Management Committee.

I'm not a huge fan of OpenSLL "Management Committee", since all they do is jump on to an encryption standard, instead of actually creating an algorithm themselves. Sort of like, building a radio for a car and then attempting to tell the world they are an expert on cars.

So, I don't have any real skin in this game, but c'mon... this is really bad reporting.

Stop trying to create something which has already been created or spread the word using your own agenda, spin or artistic flair. Just the facts man.

1
5

Sili-spurned Valley! No way, San Jose! Amazon snubs SF Bay Area in search for HQ2 city

Aodhhan
Bronze badge

Labor is the key.

You really have to look at the available labor pool, both technical and nontechnical. Technically, heavy cloud experience is a must. So the talent must exist or be convinced to move to the chosen location.

Labor cost, as well as cost of living will be shared with this. Taxes, taxes, taxes... states willing to make a special deal on tax rate will get a boost in points. Legal political kickbacks for officials will likely be available in some locations. If you're in a conservative leaning city, don't count on winning this.

Weather

Some of the obvious...

Austin or Dallas - Hah, really, Texas? Asterisk politics here.

Chicago - High Taxes. High technical labor turnover.

Denver or anything west of the Mississippi River is probably out. Probably needs to be somewhere a bit closer to the east coast. Denver also has the risk of heavy snow closing airport and ground travel more than 5 days a year.

Boston, Neward, New York City, DC/Maryland. High labor cost and living costs.

Canada has different laws. New set of laws and lawyers. Not to mention those pertaining to cloud ops.

So I'd look at Columbus, Atlanta (just barely), Northern VA as well as both PA locations as the top 5, in no particular order.

Business friendly, has workforce, can attract talent and cost of living is reasonable. Airports can handle the extra workload and plenty of ground routes available.

1
0

F-35 'incomparable' to Harrier jump jet, top test pilot tells El Reg

Aodhhan
Bronze badge

I'm sure I'll get plenty of down votes, considering the amount of people shouting out things without using much thought or because they place their own prejudices into it.

Terrorists using drones against modern forces is pretty much a waste. Due to the technology they use and resources required, it's actually a negative force multiplier. Primarily because their signals can be tracked and you can't just make one from garage parts. Then there is the fact, they run by line of sight and are easily jammed and shot down.

The USA was able to become a country based on the warfare technology they were able to create along with manpower from the French. Technology wise, the USA found technology to make their small arms much more accurate, quicker to load, and much more reliable. This wasn't something they stole from the UK.

80s and 90s Technology and Japan. Yes, Japan flourished during this time, but not with actually creating the technology but rather manufacturing it. Cheap labor was the biggest factor here.

Technology during this time came from all over. For instance the Dutch had quite a few advancements which spawned off into other items. The USA developed magnetic research (which they didn't steal), and continued with creating most of the processors used by nearly every technology during the day. Again, it wasn't stolen. The USA also declassified a lot of technology they alone developed and didn't steal. Such as high resolution imagery/lenses, fine microwave tech, GPS, lasers, etc.

I'm willing to bet no matter what country you live it, you've taken this technology for your own use.

F35 is what it is. Based on early mock live competitions as well as simulator combat the F35 is far superior to the F18 hornet. Not quite as effective as the F22, but you have to look at the role differences. The F35 can do things the F18 simply cannot, and this goes beyond the VSTOL capabilities.

It's easy to look at things from a narrowed view and repeat things others (who have their own agenda) say.

Seeing this is a forum full of IT professionals, you have the intelligence to take a few minutes and critically think about things and be objective; so try it out. This... we are better and smarter than anybody else attitude is ridiculous; not to mention... how often has this 'attitude' gotten you anywhere?

4
1

Wanna motivate staff to be more secure? Don't bother bribing 'em

Aodhhan
Bronze badge

Re: Dont' name and shame persistent offenders

...removing employees also removes good talent.

Remember, it isn't security which drives business; quite the opposite. It's the business needs which drives security.

Ensure proper security policies, procedures and mechanisms are in place.

Ensure proper monitoring is in place, even if it means monitoring individual employees (who raise risk) in order to provide focused individual training and implementation of security mechanisms.

Monitoring 'at risk' employees will often provide a lot of insight into the problem. It also provides proper justification if it does come down to removing the employee from their position.

2
0

Brace yourselves for the 'terabyte (sic) of death', warns US army IT boss

Aodhhan
Bronze badge

Grammar Police

Iain,

Whenever you write an article, don't criticize anyone's grammar. You have no leg to stand on. I counted at least 12 different grammatical errors by you, and this isn't counting your improper use of passive voice, and lack of active voice. It appears you have little understanding of subject, verb and objects when writing as well.

A real journalist sticks to the facts about the subject itself, without attempting to belittle anyone associated with the subject.

2
4

Teach citizens IoT dangers, engineering students cybersecurity, Uncle Sam suggests

Aodhhan
Bronze badge

20 minutes I'll never get back

This report is another example of taxpayer funds wasted. This is a snowflake report written by individuals who apparently believe each corporate community should follow best practices and create common standards.

I believe this sort of thing has been in just about every OMB information security report since 1999.

More so... it addresses the obvious without any mention of risk assessment.

Get a clue guys. Every company with a network pulse would love to have a common guideline to go with and purchase the latest/greatest technology. Here is the problem... 1: This is the USA. You can't force a business to do something without creating law. Since companies own politicians... good luck with this. 2: Pocketbooks aren't unlimited. 3: While corporations have been held accountable, the penalties and punitive damages haven't been costly enough to change risk assessments yet. Target, Google, etc... has just been slapped on the wrist while consumers pay huge costs.

Start chanting accountability and punitive damages along with large legal suit dollars and you just might begin to make traction. Until consumers can overcome political greed from corporate contributions, you will not see a lot of change.

0
1

Leaky credit report biz face massive fines if US senators get their way

Aodhhan
Bronze badge

Political crap

Elizabeth Warren has been tossing out a lot of useless bills in an effort to get her face in front of a camera, and this proposed bill is no exception. Don't be shocked if she claims to have 'computer geek' heritage.

Anyone with more then 2 years experience in IT can see it's a bunch of crap done half-hazardly. It's missing far too many things and doesn't hit details required and powers needed for a true "Information Security Tsar" office covering consumer information by businesses and organizations.

Also, this bill addresses two very different things. An office and a penalty; with no policy in place.

How about we first create the office/organization, then create policy, and finally create penalties.

This way, experts who know what they are doing put something together. Not some lying politician who hopes to be president some day.

0
1

Everything running smoothly at the plant? *Whips out mobile phone* Wait. Nooo...

Aodhhan
Bronze badge

ICS Fun

Industrial Control Systems is an area which started taking advantage of networking in a very quiet and shadowy manner. Wireless technology makes installing sensors and other items much quicker, easier, cheaper and more convenient than drilling holes between walls and floors and pushing wires through conduit.

So this unsecure technology was grabbed and purchased by many organizations to control lights, security cameras/devices, electrical outlets, elevators, alarms, fire sensors, HVAC, etc.

Building maintenance and information technology had never interacted in the past, so both are ignorant of each other's existence and requirements. It's not uncommon for ICS products to be the biggest shadow-ware out there.

For anyone who has never administered, installed or tested ICS applications and equipment... you're in for one heck of a shock once you do. Then you're in for a fight when you have to secure it and possibly remove all wireless devices.

Good luck!

7
0

Once again, UK doesn't rule out buying F-35A fighter jets

Aodhhan
Bronze badge

People who don't understand national defense shouldn't write an article on it

Once again, the Register has a complete lazy and ignorant author on a subject.

I could go into many specifics, but it will take too long to write it all out.

I will say this... having a carrier group is the number one way to extend your country's military offense or defense and attack an enemy at any time and any where. In terms of strategy, this is a threat and counter-threat which isn't easily defeated.

Most of our enemies don't respect our way of life, but they do respect the Navy and its capabilities. When it comes to war and peace... it all boils down to capability and who has more.

0
0

This post has been deleted by a moderator

Your connection is not Brexit... we mean private: UK Tory party lets security cert expire

Aodhhan
Bronze badge

blah blah who cares?

Let me know when your government starts using private servers, deletes e-communications, has your top law enforcement agency look the other way, makes underhanded deals with your top investigation personnel, allows national security leaks from servers, convinces half of parliament that security is secondary and finds plenty of people negligent in all of these acts but believes the people are not smart enough to catch on or care. Finally, think Hillary Clintion is a goddess in training.

...then you have a story.

2
0

SCOLD WAR: Kaspersky drags Uncle Sam into court to battle AV ban

Aodhhan
Bronze badge

Re: BestBuy

You seem to be either closed minded or too lazy to do a simple web search.

Kaspersky has had plenty of times where it's been responsible for system problems.

Here is just one of the latest patches released by Kaspersky:

https://forum.kaspersky.com/index.php?/topic/356039-patch-%E2%80%9Cb%E2%80%9D-for-kav-kis-kts-kfa-2017-kfp-60-ksos-50-ksec-10/&tab=comments#comment-2625138

If you understand how IDS and AV applications work, you'll begin to understand they will ALL have occasional problems with the underlying OS and detection.

0
0
Aodhhan
Bronze badge

LOL @ Russia

This suit perfectly shows how Russia doesn't understand the concept of freedom of speech and choice. In the USA, you don't need a reason to boycott any product. Even if this hurts your business or reputation. This is one of the most powerful outcomes of a free economy. Good products tend to do well, and crappy or harmful products die out quickly because people do boycott them.

The US Government as a whole is beginning to follow the same software guidelines the DoD has been using for years. DoD has never allowed Kaspersky products on their systems. Don't feel shunned though, many applications from allied nations aren't approved for use either.

0
0

UK Foreign Sec Bojo to tell Kremlin: Stop your cyber shenanigans... or else!

Aodhhan
Bronze badge

What's happened to the UK?

Time to get rid of this prime minister and the rest of her party toadies. It's time to find people who understand good ole British strength. Tired of seeing England in such a yellow light. You wouldn't catch Churchill or Thatcher acting in this manner. They weren't scared to stand up to a bully in order to protect British interests.

You can't just waggle your finger at Putin and expect he'll do anything but laugh, kick your (now tiny) balls, and walk right over you.

Don't waggle and warn, DO SOMETHING ABOUT IT.

1
4
Aodhhan
Bronze badge

Re: Madness. Madness everywhere

Yes, let's all believe anything published in the New York Times.

I would rather buy a tabloid paper with the latest news on UFOs, as it has more credibility.

2
4

Former US State Department cyber man: We didn’t see the Russian threat coming

Aodhhan
Bronze badge

A perfect example of how ignorant Hillary's State Department was.

There is no doubt in my mind (due to where I worked) that the NSA, USSTRATCOM and a couple of other government letters reported to the State Department about the cyber threats from not just Russia but going back to the Soviet Union in the 80s.

From 2007 through 2015 I know there are a variety of different cyber intel/threat reports directly addressed to the US State Department regarding activities from many unfriendly countries... including Russia. Some were provided for action for the Department to follow to increase information security, and some was provided due OCO/DCO activities within various countries.

What we noticed, is most of the time, the State Department didn't care or follow strictly cyber security guidance. This was noted many times in annual IA reports for State Dept. systems. THis department would just accept or ignore many identified risks.

So... if this guy thinks TECHIES aren't providing information to those setting and enforcing policy and procedures.. then he is just part of the system who ignored what is put together for them. I can point to many policies regarding cyber security from OPM to State Department regulations not to mention laws such as FISMA which have been in place for many years covering information security.

So... this man is an ignorant fool to blame anything but himself for not knowing what is and has been in place for many years. Wait, he's not being ignorant, he's simply trying to make an excuse for how poorly the State Department followed guidelines, policy and laws regarding information security.

0
0

NiceHash diced up by hackers, thousands of Bitcoin pilfered

Aodhhan
Bronze badge

Yeah, sure, right...

Probably another scam where they hacked themselves and hid the money away to be retrieved later.

It doesn't make sense for a business to have an outward facing wallet containing a companies entire cryptocurrency capital. A company will typically 'bleed' the outward facing wallet into a central wallet which isn't available to the world. Much like a store will bleed the cash out of all of their registers and put the money into a safe until they deposit it into a bank.

1
0

Sloppy coding + huge PSD2 changes = Lots of late nights for banking devs next year

Aodhhan
Bronze badge

Another crappy article

I think I've read at least 15 articles this year regarding this.

Amazingly, this article doesn't provide any real references or links.

Most of all, there is nothing new or unique.

Not shocking is providing any background into exactly what systems in the financial industry still uses low level language development, and providing perspective into how much of the financial industry has upgraded to systems developed with managed code.

Perhaps an article should be written about the development updates, changes, etc. around financial services. I won't hold my breath... too many lazy column writers.

3
0

Security industry needs to be less trusting to get more secure

Aodhhan
Bronze badge

Has she been under a rock?

This is how it has always been. In nearly every security certification the mantra is, "Absolute security is impossible". Therefore, there should always be a plan to ensure when a system is owned, it fails 'gracefully', and if necessary it fails over to a backup/COOP system.

Then there is prioritizing criticality. The scale used for this can get a bit complicated, but broken down into the simplest form, it's about paranoia.

Once again, we have someone who is relatively new to security trying to make a name for themselves... without taking 15 minutes to really think about what they are saying.

Rule is.. if it appears to be the obvious, then it probably is; therefore, someone else has already figured it out.

3
0

Brit bank Barclays' Kaspersky Lab diss: It's cyber balkanisation, hiss infosec bods

Aodhhan
Bronze badge

Re: All as bad

I can tell you have no access to intelligence or understand exactly what happened. All you are typing out is what you 'think', without doing much if any research.

There is a large difference between an AV application taking piece of code positively identified as a threat (from memory), and downloading an entire file stored on a system. In short, downloading the entire file is going too far. Imagine the information an AV company has to gain if they believe word processing files are infected; and download the entire file full of personal and corporate secrets.

Then with terabytes of information, they are able to search for tags in files such as "Secret", military terms, engineering terms, and other key words to sift through more thoroughly.

An AV which downloads the entire file instead of just the positively identified code isn't being friendly or acting in your best interest.

0
2
Aodhhan
Bronze badge

Re: ARPANet survivability wasn't the initial goal.

Look...

Nobody cares about how you interpret what you read on WikiLeaks or heard from your uncle Joe about Arpanet.

Your incessant need to show your cut and paste skills isn't impressive. Especially when it contributes very little... if at all to the actual story.

0
1

Prison hacker who tried to free friend now likely to join him inside

Aodhhan
Bronze badge

Re: Yup

If you're convicted on felony charges in federal court you serve the entire time in prison. Good behavior, early parole, etc. is only considered for convictions handed out by state court systems.

Once the FBI gets involved, so does a federal prosecutor. No early release to look forward to, which is why federal prosecutors get more plea bargains than state/county/district prosecutors.

1
0

SEC's cyber-cops cyber-file cyber-first cyber-fraud cyber-charges

Aodhhan
Bronze badge

Re: Idiots and their gold will soon be parted...

Absolutely agree with you.

However, it only takes reading through some of the forums on this web site to make you realize more than half the people you meet or hear from are below average intelligence.

1
0

International team takes down virus-spewing Andromeda botnet

Aodhhan
Bronze badge

NSA rants

It amazes me how many people arrogantly assume they are so important the NSA gives a rats ass about them.

Must be nice to be a snowflake, so you can criticize everything no matter what the outcome is. To live in your own little world... where everything is as you think it is.

However, most people know doing these two things will ensure you never make it this world... because you never develop the skills to think critically and see through the BS.

0
9

Guilty: NSA bloke who took home exploits at the heart of Kaspersky antivirus slurp row

Aodhhan
Bronze badge

One of the funniest threads ever

This thread ranks in my top 10 for the number of trolls spilling out information which makes me laugh.

Wish I could just yell out stupid things without first putting some thought into it.

1
0

UK government bans all Russian anti-virus software from Secret-rated systems

Aodhhan
Bronze badge

Conspiracies

People coming up with outlandish theories and accusations without any proof about how anyone is being spied upon is what makes the intel community go around as well as laugh. It only takes someone to sit back and think about things for 10 minutes to see some of the idiocy, because far too many people don't think about anything for 10 seconds and/or just repeat something they've heard.

What does shock me, is the amount of people who unleash hate on governments which change every 4-10 years who must answer to their people in one form or another. In the same breath they protect and talk up governments which are tyrannical, toss people in jail for saying the wrong thing, are far more corrupt the any government in the west, and the government stays the same for years and years.

If we in INFOSEC, have so many people who think off the cuff without stepping back to think things through, then there will be a lot of organizations who spend far too much money on things and will be a lot more vulnerable than need be.

Only in Hollywood, do hackers and security defenders come up with solutions in a second. Only in Hollywood do all solutions come exactly when they need to.

0
1

AI taught to beat Sudoku puzzles. Now how about a time machine to 2005?

Aodhhan
Bronze badge

This isn't new

A group of us put together a computer program back in 2003 when I was a computer engineering student to do this.

The processing operation isn't much different from those used to crack passwords. Mathematics and tossing in stored data into entry points is what computers excel at.

Thinking this is new, is pretty boring and lazy reporting.

1
3

Russia threatens to set up its 'own internet' with China, India and pals – let's take a closer look

Aodhhan
Bronze badge

DO IT!!

Then we can shut these countries out of the original WWW, and watch crime on the Internet go down, as well as cripple their economy more.

I'm sure this will go over well with large businesses in these countries.

4
6

Uber hack: EU data protection bods launch taskforce

Aodhhan
Bronze badge

Typical backass governments

Politicians...

Time to hold yourself responsible for some of this. INFOSEC professionals have been harping on you for years to come up with laws and methods of regulating information of private citizens, yet you've balked and pocketed money from lobbyists and other business representatives who have urged you not to get involved.

To me, you're just deflecting all blame onto business after the fact, and won't change as long as big business is tossing money at you.

0
2

Google Chrome vows to carpet bomb meddling Windows antivirus tools

Aodhhan
Bronze badge

Yet other risky apps still run

The browser will still run Java, Flash, anything Oracle.

Thanks Google for being stupid, yet again.

3
0

Accused hacker Lauri Love's extradition appeal begins

Aodhhan
Bronze badge

Seriously all?

It isn't 99 years for one or two crimes, it's a series of many attacks and breaches.

Not to mention, if you can't do the time then don't do the crime. Besides, where similar crimes have been committed, the individual was given less than 8 in prison. Most will likely be let out around 4-5 years.

If he is truly diagnosed with Asperger syndrome, he's likely to be sentenced to a mental facility and not a prison. Which means he'll serve even less time.

I guess we should not hold Equifax and Uber...etc. responsible for their actions in England. Especially since they didn't outright try to defraud or attack anyone like this individual did.

Let's ensure everyone everywhere is held accountable.

0
1
Aodhhan
Bronze badge

Re: Weid Legal System

Phil W...

Your assessment of the United States is entirely WRONG.

A "state" as defined as one of the 50 states in the USA is different from the definition of a "nation state". USA is a federalist nation (like many other countries). Perhaps this is what you should read up on.

Each state in the USA may have its own constitution and set of laws; this doesn't change the fact the USA's constitution as the law of the land. This is no different than most countries who have provinces, county, city laws.

If you were given a middle school civics test on the US government, you'd score about 35%.

0
0

As Apple fixes macOS root password hole, here's what went wrong

Aodhhan
Bronze badge

Re: Two stupid things happened

Don't go around saying someone has upset the INFOSEC community when they haven't. This is just irresponsible nonsense; especially coming from someone who posts anonymously.

6
0

US intelligence blabs classified Linux VM to world via leaky S3 silo

Aodhhan
Bronze badge

Don't make too much of this

First off... equipment/software used for encrypted communication isn't classified as long as the keys aren't valid. The keys are changed quite often or valid for one use, so the chance they are still valid isn't likely.

It also doesn't make sense this is placed in a cloud, and not installed on a laptop.

Don't rule out the chance this is a honeypot of sorts. Run the applications at your own risk.

1
0

Seek 'passion' and tech skills will follow, say recruiting security chiefs

Aodhhan
Bronze badge

Thom Langford at Publicis Groupe is a LAZY IDIOT--Here is why

Can't believe this guy is a CISO. Apparently, he has connections somewhere.. because it cannot be on merit and management skills.

There are so many different areas in INFOSEC, that to be so narrow when it comes to hiring professionals is idiotic (to say mildly).

For instance, to conduct penetration testing and red team skills for a person without at least 3 years security experience will take 2-4 years to become proficient. This doesn't include the huge amount of costs associated with training. On top of salary, you can expect to pay in excess of 60K.

I don't mind providing individuals right out of school a chance to prove themselves; however, I wouldn't make an entire INFOSEC organization full of them. Even so, I want to see some background displaying computer skills beyond OS configuration and administration.

Now the LAZY PART--Let's not forget one of the jobs of a CISO... and this is to ensure those who work in INFOSEC are motivated to accomplish a common goal.

If you have an expectation, then ensure employees have the resources (training, systems, etc.)required to do the job in an efficient manner. Don't expect them to become overly creative and find ways to apply Band-Aids.

If as a CISO, you find a good percentage of INFOSEC employees aren't meeting your expectations, then first look in the mirror... and ask yourself, if you're doing everything you should.

If you're unable to motivate and provide leadership, then it's time someone else fill the CISO role. Because you're spending too much time on the golf course or trying to impress those in the corporate board room.

0
0

Intel finds critical holes in secret Management Engine hidden in tons of desktop, server chipsets

Aodhhan
Bronze badge

Settle...

When it comes down to it, this is an injection attack via web services.

Something us penetration testers see all the time. Fuzz the web application to grab information, and then craft or intercept/edit HTML packets from information we gather.

Don't over think the problem and develop conspiracy theories about this. I doubt the NSA or anyone else purposely coded in weak routines which can be exploited in many of the applications I've tested in the past year with similar vulnerabilities.

This is just a common problem which needs to be addressed through better coding practices and better testing.

Don't be too rough on developers. You'd be amazed at the turn over rate at some companies. This means you have new developers getting placed into large development projects which have been alive for years. Pretty soon, nobody is an expert on the entire mess of coded inhumanity.

0
4

Some 'security people are f*cking morons' says Linus Torvalds

Aodhhan
Bronze badge

Security has become a buzzword for non security groups.

Linus.. first off, stop acting like you ran out of valium. Though I do get the emotion pointed towards certain developer factories.

Security people don't care if you call it a bug, *uck up, mistake, etc. No matter what, it's a vulnerability which must be weighed and mitigated. Getting hung up on nomenclature is parochial and should be beyond any developer or engineer's list of important things to consider.

Just because someone who has a long developer background or a degree in computer science and becomes a member of a security team, doesn't make them a true security person. He's still a developer or theorist who looks at things entirely different than an engineer who specializes in security.

A true security engineer doesn't give a rats @** how you fix the bug, mistake, *uck up, etc. as long as the resulting vulnerability is fixed and can no longer be exploited.

One last thing... when it comes to 'how it should be handled'. Don't forget... users (this includes some admins) are the true idiots. No matter how you develop something to become idiot proof... somebody somewhere will create a better idiot. So allowing 'buggy' processes to run, with the design of having the 'user' make the decision/choice of how to handle things, is actually worse than being an idiot.

0
9

DNS resolver 9.9.9.9 will check requests against IBM threat database

Aodhhan
Bronze badge

Re: Smut Blocker

OpenDNS is a service worth considering; however, if you read their terms of service (Paragraph 8 - User Data), you will see Cisco is collecting data on you. They don't stipulate any particular data... which means it can be anything, such as: behavior, habits and trends.

It doesn't matter which ISP's DNS you use, you're going to notice their terms of service include a section(s) on user data (or similar) indicating they will be collecting information.

4
1

Crouching cyber Hidden Cobra: US warns Nork hackers are at it again with new software nasty

Aodhhan
Bronze badge

Private Address

If you read the report, it provides an explanation in a note.

0
0

Does UK high street banks' crappy crypto actually matter?

Aodhhan
Bronze badge

The lesson here is...

Don't just take every report, article or presentation as the 'end all be all' for security. There are a lot of INFOSEC professionals who forget the basics and develop bad habits and bad logic.

INFOSEC isn't about stopping each hacker and closing down every vulnerability. THIS IS IMPOSSIBLE. Something taught in EVERY security certification.

INFOSEC comes down to identifying and managing risk. Just because someone says you must shut down something doesn't necessarily mean you should or even can. One minor security change in an information system can affect a lot of people, not to mention a businesses bottom line.

Kudos to Alister who has said all the right things for this article.

4
0

Estonia cuffs suspect, claims he's a Russian 'hacker spy'

Aodhhan
Bronze badge

Re: Round up the usual suspects

New to information security? There are plenty of reasons for being in country when attempting to infiltrate a systems network.

Regardless of what anyone thinks, he made the statement of being in the FSB. So take him at his word and add espionage charges along with hacking. Make an example of him. Whether or not the Russians admit to it, a signal will be sent.

3
0

How can airlines stop hackers pwning planes over the air? And don't say 'regular patches'

Aodhhan
Bronze badge

Parrots... shaddup!

Air gap, air gap, air gap... sqwaaaak. Bunch of parrots repeating crap, without any talent to quiet themselves for 5 minutes so they can think critically.

Experienced security professionals know air gap isn't necessarily the answer. There are plenty of ways to connect to an enclosed gapped network. Especially when 200+ people have access to a few of them on each flight.

The answer is early and proper security injected into the systems development lifecycle. An aircraft connected to a WAN or cloud can be perfectly safe provided security is considered from day one until they retire the plane.

Because loss of network/computer systems on an airplane is an obvious security concern as well as a target for terrorists... governments should get involved in protecting these systems with compliance standards.

Airlines and aircraft manufacturers may scream about cost and delays, but consider a worst case scenario... where malware is launched quietly into the systems of 10+ aircraft, placed by malicious insiders, staying dormant until a particular date/time.

4
3

Think the US is alone? 18 countries had their elections hacked last year

Aodhhan
Bronze badge

Funny...

I guess Germans and French are so highly educated they've become lazy; since, they've attributed a lot less to modern technology and assistance to other nations than the US, UK, and many other countries.

The Germans and French are so highly educated, their GDP, GNP, and most other economic indicators is less than US, UK and other nations.

I'm not sure what you're education is in, but it sure isn't in foreign studies, economics, military, technology or anything outside of the fast food industry; which by the way, is calling for you.

1
7
Aodhhan
Bronze badge

Think about it for several minutes...

If you're going to try to destabilize a county, you will do everything possible to help the least popular candidate gain office. This way, the majority of the people already distrust who is in office, and it becomes a powder keg just waiting for a spark.

1
0

Marissa! Mayer! pulled! out! of! retirement! to! explain! Yahoo! hack! to! Senators!

Aodhhan
Bronze badge

Let us not forget

Why isn't the US Congress, along with every state legislature not pointing fingers at themselves?

For years, information security bills have been killed because huge corporations contribute large amounts of money to their campaigns to make sure any security bill dies in committee.

While I enjoy these theatrics by those in Congress who put on a performance worthy of an Emmy nomination, we all know at the end of the day, you will waggle your finger... then when the lights go out, take more money from these corporations to maintain the status quo.

Bravo and shame on our elected officials.

2
0

Brit moron tried buying a car bomb on dark web, posted it to his address. Now he's screwed

Aodhhan
Bronze badge

Re: Judging a book by it's cover

We're all the same on the inside... this is a parochial method of thinking. I take it you're an adult now, and can stop repeating things you were taught when you were 8.

The problem is, the lungs, liver, [insert any organ] may be 'roughly' the same; however, how the brain is programmed and processes isn't the same. It's the brain, not any other organ which dictates your actions.

If you're poor and you grow up in crappy conditions, you're going to see life a lot different than someone who didn't want for anything. You're also going to have very different life experiences.

We don't need white people to 'help us', defend or pander to us. We definitely don't want white people going out of their way to show us they aren't racist. It's not shocking to us, when we invite these white individuals to come to our house to have an evening meal... they'll do everything to change the subject or wiggle out.

You want to lash out against racism then lash out at racism/prejudice, but do it without describing color, religion, jihad, etc. Stop pandering and whining, and start living and accepting ALL people the SAME.

If this kid was white, there wouldn't be any mention of race, religion, conspiracy, etc.

4
2

Page:

Forums

Biting the hand that feeds IT © 1998–2018