* Posts by Aodhhan

286 posts • joined 25 Apr 2008

Page:

Chrome dev explains how modern browsers make secure UI just about impossible

Aodhhan
Bronze badge

Re: HTML5 can do WHAT?!

Did someone forget to take their manic medicine? ...relax, the sun will rise again tomorrow. With the amount of odd-ball things which are developed and used in this world (on and off computer systems), losing your mind to a browser idiocy isn't worth it.

Think about this fact, nearly anytime you use an application you're forced unwillingly to comply with something, you just don't realize it or you go along with it; and yet, here you are using your computer over and over again.

Hmmm... on second thought, don't think about this... it just may send you over the edge.

0
2

Hacker: Lol, I pwned FBI.gov! Web devs: Nuh-uh, no you didn't

Aodhhan
Bronze badge

Waiting on...

The FBI hasn't commented yet because they are waiting for the approved talking points (lies/untruth) from the White House on what to say. Along with some ridiculous back story to put the blame somewhere else without taking any responsibility for the vulnerability.

...that is, unless they convince the majority of the media to not cover this story, or bury it way back on page 21. They wouldn't want the POTUS to look bad...errr... worse than he already does, with 2 weeks left to go in office.

1
3

Chinese boffins: We're testing an 'impossible' EM Drive IN SPAAAACE

Aodhhan
Bronze badge

Re: "The Chinese might only be claiming they will test this drive in space"

No. A few 'cube' satellites is not enough to test the device.

To make it viable, along with fueled propulsion, you need to get it to go over 25,000mph and maintain this speed.

This is the speed required to break away from the Sun's gravitational effects. Otherwise, it will slowly lose speed and curve back towards the Sun like a comet.

It takes approximately 18,000mph just to maintain an orbit around Earth without falling back. To break Earth's gravitational effects from its orbit, you need to push out over 20,000mph.

0
6

2016 just got a tiny bit longer. Gee, thanks, time lords

Aodhhan
Bronze badge

Laughable

It's amazing to see how people think when it comes to time... and how they believe computers handle it. Even more, when I see people think that the only operating systems are Linux and Microsoft.

Just because a new minute or new hour goes by, doesn't mean the extra second of time put into place goes away... it's there, forever. Computers don't see time in seconds, hours, minutes, etc. They typically see everything in milliseconds, and then people write code to translate it so it makes it easier for users to understand.

Time is linear, not circular. You have to go back to the simple math days and think of one long (infinite) math line marked off in milliseconds. When you tell a computer to go back to a certain point in time, it doesn't automatically know where to go. It subtracts a certain amount of time from the current time.

Insert a full second into this time line, it's like having multiple 1s, 12s, 15s, etc. in there. So subtract 8 from 12, and it doesn't land at 4, it will land at 7 for instance. So 12 - 8 = 7. The logic breaks things.

It's not a simple thing to code, because the math only hiccups if it crosses the point where you inserted the extra numbers (time). And you can't just 'highlight' or point at this marker... computers don't work this way.

The point is exacerbated by those who think you can insert a millisecond slowly into the time line. Think about it.

Those who think there isn't anything which marks time so precisely, I beg to differ. Many money transactions are based on the time money is requested, transferred, processed etc. Especially when these transactions are done over many different computer systems. They are marked by time precisely so they can be reconciled. This is done because it's possible you shop at one spot, at the same time your order at Amazon is processed at the same time your spouse uses the same bank card/credit card at another location. All at different amounts, all at nearly the same time, at different locations, on different computer systems, yet use the same banking account.

Yeah, so... those who think they know computer systems... just realize why some people go to school for 4+ years to earn a compE and others pick up an MCSE class for 6 months.

You might be a master of one operating system, but in the larger world of computer systems, you've only graduated the 2nd grade.

0
0

Banks 'not doing enough' to protect against bank-transfer scams

Aodhhan
Bronze badge

Don't blame the bank

This isn't talking about breaches into banking system. It's about people not performing due diligence before they give their money to someone.

If you write a check out to a fraudulent or criminal enterprise, it isn't the fault of the bank. Transfers should be no different.

If you're going to perform a fund transfer, it's worth taking 30 minutes of your time to do a bit of background research first. It isn't difficult to validate a real corporation, individual or charity. Don't use any of the information they provide to you in an email, phone call or message. Get the information from phone books, call information, etc. Then use what you find to contact them and validate.

8
5

Snowden: Donald Trump could get pal Putin to kick me out of Russia

Aodhhan
Bronze badge

Snowden, you idiot; make a stand.

Yes you did personally release classified information... to the press.

It's the public who will sit in the jury seat and judge you. If you truly believe you did the right thing for the USA, then go back and plead your case in court. You only have to convince 1 juror.

Those who've made a stand against the government and won by getting the people behind them, never did it from outside the country. They were brave enough to keep their chin up. They didn't run like a coward and shout insults from a distant land.

0
1

A single typo may have tipped US election Trump's way

Aodhhan
Bronze badge

Re: legitimate/illegitimate

Sort of like Hillary hearing the word, "ignore" at the start of every government regulation.

0
0

CIA: Russia hacked election. Trump: I don't believe it! FAKE NEWS!

Aodhhan
Bronze badge

Obama... the idiot

President Obama's statement is an admission of how his administration has failed to protect the American people against cyber attacks.

I do believe this is the first time he's admitted to something!

Perhaps the new administration will budget proper funds towards the defense of the country.

1
3

Silver screen script hacker and dox douche gets 5 years in US cooler

Aodhhan
Bronze badge

This wasn't a genius hacker

Let's face it. He didn't subvert a vulnerability or fuzz software to find a weakness, or even use injection techniques to download username and passwords from a database and then crack them. He simply used one of many script kiddie applications to get people to fill out their username and passwords using email. Something anyone who can follow simple directions and has 10 spare minutes can do.

So to think he's going to put any time into brainstorming a well conceived plan to sell this information privately or via a 3rd party is probably stretching realism to Hollywood levels.

Speaking of Hollywood...

This just shows you the idiocy of actors. Most are not well educated and have never been in a position where they need to protect anyone's property... so they are going to be clueless when it comes to InfoSec. Besides, for most... there is no such thing as bad publicity. You still watch movies right, and purchase products which sponsor them on TV. ENABLER!

1
0

Ugh! Is that your security budget? *Sucks teeth and shakes head*

Aodhhan
Bronze badge

HORRIBLE ARTICLE

1) don't write an article which references a report where you have to pay out almost $200 to read.

2) find someone who is known. Perhaps a well published individual so you have more than one piece of reference to use.

3) What he stated is DUH. Nothing new or impressive.

4) Spending depends on more variables than can be put into this article. Many MORE. Again, what is stated isn't new or impressive.

5) What does he mean by "misuse IT security spending"? What an idiotic statement. This alone should let you know he's someone who will be disregarded by the InfoSec community.

6) I assure you, most organizations know their security budget. I assure you it's all based on risk and accepting the fact nothing is totally secure. It comes down to whether an organization can afford something vs the risk. Not a difficult subject to work.

Some organizations accept more risk than others. Some organizations can accept a huge amount of risk, others cannot accept much at all. This largely depends on the type of industry IT is supporting.

In short... making the statement on what percentage of the IT budget should be spent on InfoSec is moronic. Putting together a sound risk management strategy to allow a business/organization to still make money is where this article should focus... not some stupid range of numbers.

0
1

Real deal: Hackers steal steelmaker trade secrets

Aodhhan
Bronze badge

Re: Trade Secret Wars

I love it when some idiot can't take 5 minutes to do research... and instead spouts off like they're an expert in metallurgy. There is a huge difference in the way steel is processed, and there are many different types of steel and alloys for the different type of steel. The technology has changed a lot in just the past 10 years. So NO; steel manufacturing hasn't been done the same way for the past 100 years... or past 5 years.

Some of the most sought for alloys are difficult and expensive to process. Methods have come a long way to make it easier and less expensive. Just get 1.5% carbon wrong in steel while adding [choose your metal] into the mix, and it's been a waste of money, as the alloy will not pass strength, flexibility or weight requirements.

It's not just about chemistry, there are methods of aligning molecules in certain patterns as well. Something not done 100 years ago. So... next time, just keep your mouth shut... you may just learn something.

3
2

Wow. What a shock. The FBI will get its bonus hacking powers after all

Aodhhan
Bronze badge

Really? Making this about Trump?

This happens to be something the Obama administration wants. They're the ones who are implementing the policy through the Justice Department and Federal Communications Commission.

Congress has given powers to the executive branch to implement policies such as this in order to streamline certain processes and defer to experts in many of the different fields comprising the executive branch. So the only way to reverse it, is for Congress to pass a law restricting some of this power it turned over to POTUS (so to speak).

Does the rule need to be tweaked and reigned in a bit... yes; however, the underlying purpose does need to be an option for law enforcement. I'm thinking you'd change your mind on this a bit once your identity is stolen, along with account information and find your bank account is zero on payday.

Instead of whining like a little nine year old; why not take 15 minutes and email your representative to effect change? Instead of blaming Trump and the entire right wing... you might want to stay in school a bit longer and pay attention to how the government works, who is responsible, and what you can do about it.

Right now all 3 branches of government are okay with this addition to rule 41. Throwing a fit and being ignorant is no way to get it changed.

2
2

IETF plants privacy test inside DNS

Aodhhan
Bronze badge

DNS doesn't use...

This is really simple, don't make it difficult.

DNS doesn't use HTTPS (port 443) or your VPN. It runs over a separate unencrypted channel.

DNS typically uses a high number UDP port to send and UDP port 53 to receive. However, it can also use TCP under certain circumstances.

If someone is sniffing, they can see all the information in the packet... which includes who is asking, where it's asking and what it's asking about in plain text.

0
0

The solution to security breaches? Kill the human middleware

Aodhhan
Bronze badge

Incredible

This article has a lot of merit, but does miss some things as well.

First: any security device be it physical or logical is a tool, not a solution. Left to its own devices without monitoring, upgrading and replacing on schedule, will become an injection point for a malicious hacker. There are many other points, but you should know these along with proper defense in-depth, to include internal network security lockdown methods; such as proper VLAN creation/enforcement.

Second: system admins are the most dangerous users on a network. Most are not properly trained, don't have a 4 year degree in systems/computers, are overworked, are understaffed, and therefore try to get through things as quick as possible. They don't have security in mind, and rarely follow installation instructions as prescribed by engineers. Many will use their accesses to get around policies, procedures etc. Finally, most SAs use email with an account with admin privileges.

Third: Management is ignorant.Proper policies and procedures for security are often ignored or worse... don't have proper security engineers trained to do a complete and skillful risk assessment of the policies and procedures... let alone network tools.

As an experienced red team member for nearly 30 years, I typically take these 3 things into account when attempting to breach network systems. It's not just people, but the policies and procedures along with improper risk assessment/mitigations which provides attacking points.

How many system items can any organization within a company order without knowledge of security personnel? A LOT. Not just USB sticks, but keyboards, KVMs, mice, adapters, etc.

How many people touch a newly ordered router before it gets to network engineers, and are there procedures to ensure nothing was tampered with along the way? It doesn't take a genius to get into the supply chain of IT equipment and add malicious technology into the stream.

Yes of course, as security people you get the obvious; however, malicious hackers don't often work the obvious. You also don't hear about many breaches, such as supply chain tampering... because this type of breach is usually not handled by local authorities. Also, don't believe each and every report you hear about. Just because an particular attack method is publicized, doesn't mean it this is actually what happened.

Don't just read a book about security, you need to be critical thinkers and work outside the box. Follow your instincts and experience. Take the time to do it right.

0
0

Search engine results increasingly poisoned with malicious links

Aodhhan
Bronze badge

Pretty shotty reporting and research.

Sure, you can say there are a lot of malicious links, but the study doesn't bring up whether or not they cut off research after the first 2 or 3 pages of links.

I can do a search on some really simple things and come up with 10,000+ links. Obviously, I'm not going to look at this much, so lets use some granular techniques to bring this number down, and not use all 10,000. Which of course, will cause the number of malicious links on a search way down.

Common sense, and proper research techniques please.

0
0

DMCA updated – toaster penetration testing gets green light in America

Aodhhan
Bronze badge

Re: I have a fundamental problem with the whole concept...

You're a bigoted idiot.

I'm not a fan of Budweiser, nor is most of the USA; however, it's amazing at how well Budweiser does in Europe. It's one of the highest selling major beer brands there.

You're also closed minded, and not well versed in critical thinking.

Sure, England has thousands of micro-breweries, but this concept isn't unique to England. Imagine how many micro-breweries there are in the USA. There are probably 30 individual states in the US which have more micro-breweries in them than in England.

And finally... and biggest fact. You're not a beer miser, guru or expert. In fact, you're a beer idiot and should never bring up anything related to beer or brewing.

..as Budweiser is a "LAGER" not an "ALE". Pretty big difference there.

0
2

'Hacker' accused of idiotic plan to defraud bank out of $1.5 million

Aodhhan
Bronze badge

Re: Well, no one ever said crooks had to be smart...

Apparently, you're the idiot here. Showing you cannot read the article or display any common sense.

It didn't take the FBI a month to track him. They monitored him for a month.

This is done to BUILD A CASE, and find all tracks which can be used.

They also want to ensure there isn't anything else he's doing.

If you just go in and bust someone immediately, there could be other criminal acts going on, like pulling money out of YOUR bank account.

..and the 7 people who gave you a thumbs up, are equally unprepared for life after age 21.

5
1

US govt straight up accuses Russia of hacking prez election

Aodhhan
Bronze badge

Wait...wait, wait.

So, the US Government states Russia is trying to interfere in elections by hacking into systems; yet it has no problem with a bunch of other governments purchasing favors and God knows what else, by sending a bunch of money to the Clinton's via their foundation?

...and second. The only way to be sure with HIGH CONFIDENCE a group or government is attacking you, is to have access inside their network to witness what is going on, by whom, and under what control or (likely classified) documents or other official message/voice traffic stating the fact.

Either way, it's hypocritical.

0
0

London cops charge ATM malware hacker

Aodhhan
Bronze badge

ATM Machines

The money in the ATM machine is pretty well protected. It's not easy to access, especially with newer systems.

Likely these ATMs are the smaller, thinner and older type. Newer systems will shut down if tampered with, and send an alarm to either a private company or the bank itself. Newer systems have multiple sensors now, so if the machine is even moved or rocked a bit it will alarm. If a panel is opened inside and a few other goodies. Security software to monitor MD5 hash changes on library and executable files and some other standard file system checks.

0
0

Crooks and kids (not scary spies paid by govt overlords) are behind most breaches

Aodhhan
Bronze badge

Targeting

The laugh test for most breaches is all about the data. State sponsored attacks don't hit retail stores or go after money. Think about it for 2 minutes, and you'll get why.

State actors go after technology, military, large business products for intelligence and to reverse engineer/steal and copy, and huge business assets/powerful individuals to gather inside information for investment. Attacking Google, Yahoo, Target, etc. doesn't provide this.

8
0

Feds collar chap who allegedly sneaked home US hacking blueprints

Aodhhan
Bronze badge

Re: Coincidence or something serously wrong here...

Why should Booz Allen be removed as a defense contractor? While they may have hired him, it is the government (not BAH) who provides security clearances. It's only BAH's responsibility to ensure an employee is qualified for clearances. On top of this, once hired and put to work, a government representative, along with a government security manager verifies an individuals clearance and is responsible for reading them into particular programs (if appropriate).

To say Booz Allen is responsible is ignorant.

The coincidence is BAH is often contracted to find the cyber professionals to put in very sensitive positions. If you want to blame anyone, blame the current White House administration... who, instead of providing proper training to military and civilian cyber professionals, would rather pay substantially more for a contractor to find people. This is the real problem; because even after they're hired... they aren't provided with training to upgrade and maintain certifications, get the latest training, etc.

..and finally, because contracted work isn't permanent, and the pay isn't comparable to the same commercial positions, the best cyber professionals stay far away from contracted government work, because they can get paid 2 to 3 times more and have permanent employment working for a commercial company.

So again, blame the Obama administration. While they have published and updated a lot of cyber security regulations, etc. They don't provide the country with the best professionals available.

1
2

Russia reports RAT scurrying through govt systems, chewing data

Aodhhan
Bronze badge

Re: After reading the description of the malware...

Based on the fact the malware is after commercial industry and not government military services, it's unlikely the US government is involved. The US doesn't stand much to gain by honing in on Russia's commercial industry, as it lags behind the US and most of western Europe.

Based on the targets, I'd say China is highest on my list. It's no secret, China spends a lot of money building resources for information theft rather than research & development.

My second pick is contracted hackers in India. Many new industries and a government which is growing; it's a lot quicker to learn by stealing and selling the information.

Third is Ukraine... don't need to say much here. Motivation is obvious.

1
0

Yahoo! Answers used to cloak command and control networks

Aodhhan
Bronze badge

...and useless

OMG, I sniffed the packets and they all showed abc.waalsx.bobafett.wxoidgyd!!!

Just kidding. Good grief.

At least initially, there has to be a call out to a particular server. Not too tuff to drop these packets, then sit back and wait for back/forth communication. You can also set up a lab server with a firewall to prohibit a class of IPs at a time and see which fires off and gets dropped (there are scripts for this, or at least, it's easy to write one). Change it the next day, and narrow it down. C'mon, this isn't brain surgery.

0
0

Fingerprint tech makes ATMs super secure, say banks. Crims: Bring it on, suckers

Aodhhan
Bronze badge
FAIL

2 factor (multifactor) Authentication... To clear things up.

Authentication: is the act of confirming the truth of an attribute of a single piece of data (a datum) claimed true by an entity.

Identity: is the act of stating or otherwise indicating a claim purportedly attesting to a person or thing's identity, authentication is the process of actually confirming that identity.

So, the article is correct. Because it didn't talk about a fingerprint or iris itself, it referred to the method of authentication; in this case which uses fingerprints or iris, etc.

Don't read into something just to make a point.

0
0

Microsoft lets Beijing fondle its bits in new source code audit hub

Aodhhan
Bronze badge

The Chinese

They aren't as worried about back doors as they are other things. For instance, The Chinese, like other governments do most of their classified work on non-public connecting networks. So they aren't too worried here. However, due to their tireless efforts hacking into corporate and other government systems, they may be more concerned something is coded in Windows allowing the US government to trace malicious packets back to them, to identify them definitively when they commit such acts.

...not that US Intel agencies really need this technology }:>

0
0

Brits: Can banks do biometric security? We'd trust them before the government

Aodhhan
Bronze badge

Of course 2/3rds say this...

Most of the public is ignorant to the pitfalls of using biometrics. They see Hollywood movies depicting the US government using biometrics to access the most secure places (which of course, isn't the case), so they believe this is the way to go.

Once Hollywood comes out with a movie showing how hackers can take advantage of biometrics, then perhaps things will change. :)

0
0

It's OK for the FBI's fake hacks to hack suspects' PCs, says DoJ watchdog

Aodhhan
Bronze badge

Re: Old trick works

This is why most hackers will use links to a malicious site rather than pictures or a variety of other methods.

0
0

Remote hacker nabs Win10 logins in 'won't-fix' Safe Mode* attack

Aodhhan
Bronze badge

Re: At the AC, Security 101:

Unless the hard drive is encrypted. Then booting up Linux and mounting the system's hard drive doesn't help you grab anything.

The subject of the article allows you to get around this, since as a user with local administrative privileges, you'd have the encrypted keys.

0
0
Aodhhan
Bronze badge

Re: Remote???

Insider threats... which are approximately 18% of attacks corporate networks face.

0
0
Aodhhan
Bronze badge

Unless the hard drive is encrypted. Then booting up Linux and mounting the system's hard drive doesn't help you grab anything.

The subject of the article allows you to get around this, since as a user with local administrative privileges, you'd have the encrypted keys.

0
0

Sniffing your storage could lead to sensitive leaks, warn infosec bods

Aodhhan
Bronze badge

Re: I'm starting to get tired of these ...

This is because you haven't done a lot of research.

Gathering information via electromagnetic signals from computer systems was being done by various intelligence agencies back in the 70s, without having to have internal access to the building which housed the computer system.

Today, computer devices are everywhere. Most concerning are point of sale and point of interaction devices, ATMs, etc. They also give off EM signals, and I can stand in line next to you while you use them and pick up the signals. I don't need to be 50 feet away.

At the bank, while a teller enters your information I can be in line, and again, pick up EM signals or at the ATM. While you're tapping away at Starbucks, etc. Laptops are made to be light weight, and have nothing which interferes with EM signals. Picking up keyboard signals can provide a malicious individual with a lot of information. Like credit card numbers, passwords, etc.

Automatically discounting something without conducting research on it doesn't make a lot of sense. Just because you "believe" or "think" something cannot happen, doesn't make it true.

3
1

33 million CLEARTEXT creds for Russian IM site dumped by chap behind Last.FM mess

Aodhhan
Bronze badge

Why are we talking about passwords

The best password in the world doesn't matter if the site storing them doesn't properly take care of it.

The subject of this article is more about poor password storing, which affects a lot of users. If an individual decides to use a crap password, then it only affects them (for the most part).

Lets face it, this application isn't exactly high risk if someone manages to guess or dictionary attack a simple password. So, focus needs to be on web sites which are negligent in their responsibility to protect your information.

It doesn't take a genius to setup an encrypted database and route to and from the web service.

1
0

Meet the malware that screwed a Bangladeshi bank out of $81m

Aodhhan
Bronze badge

Re: Your teacher told you that proper spelling and grammar are important

Perhaps you mean, "...proper spelling and grammar IS important"?

Have to love grammar-police who lack skills.

0
0

Apple is making life terrible in its factories – labor rights warriors

Aodhhan
Bronze badge

There's more to China than meets the government approved pictures/videos

Yep, China has grown in huge leaps and bounds for about 20 million Chinese citizens, who live in the 4 largest cities. Unfortunately, these 4 cities don't encompass or reflect China as a whole or the other 2 billion citizens who live in very poor conditions.

Stop and look at the forest through the trees, and only the pictures you are allowed to see by the Chinese government. People there are still very controlled by the government, who also controls what and where there is wealth. You can work hard there, build a very successful corporation... yet if someone in power doesn't like you for some reason or another, you likely won't own your business very long.

1
0

Russia MP's son found guilty after stealing 2.9 million US credit cards

Aodhhan
Bronze badge

Just because his crime isn't violent doesn't mean he/she wouldn't do anything to stay out of jail. There are plenty of times when non-violent offenders have taken hostages when faced with arrest or claim to hold an explosive device. In today's environment, law enforcement around the world isn't taking chances... since they would like to make it home safely every day after work.

5
0

NewSat network breach 'most corrupted' Oz spooks had seen: report

Aodhhan
Bronze badge

Re: ISP's are the keyholders

Trevor... you're obviously not well versed in encryption; which means you couldn't hack your way out of a "hello world" statement.

2
2

French submarine builder DCNS springs leak: India investigates

Aodhhan
Bronze badge

What is deployed operationally and what is available are two entirely different things.

A ship can be in port for crew rest and or training. Or to save money.

Why have half of your fleet out and about doing nothing if there isn't a mission for them to do? This would be a huge waste of money and resources.

You guys are smarter than this. Before engaging your mouth prematurely, stop and think for 5 minutes why something is the way it is... believe it or not, you're not the smartest person on the planet. Especially when it comes to naval deployments/operations.

0
0

French, German ministers demand new encryption backdoor law

Aodhhan
Bronze badge

Let's face it...

This isn't a high priority item for most people, so they aren't supporting or not-supporting politicians based on their encryption stance. Most politicians, once they get into office are going to want controls on e2e encryption.

Toss out statements all you want; it isn't going to change things in the near future.

0
0

Update your iPhones, iPads right now – govt spy tools exploit vulns

Aodhhan
Bronze badge

The SKY IS FALLING

Don't you just love those who over do worrying in an above and beyond means to display drama?

Lets say the NSA is using this, do you really think they are looking at YOU? Or... perhaps using it against terrorists and not so friendly nation states?

Let's face it, you're not really THAT important.

0
2

Californian gets 50 months in prison for Chinese 'technology spy' work

Aodhhan
Bronze badge

Re: Heaven Preserve Us From Overzealous Agents

Yes yes, what in-sight. We all know how they work. Like there is no difference between the engine in your car and the engine in a formula 1 series car. Right? This is what you're saying.

Just as formula 1 teams closely guard the engineering secrets to creating more horsepower and torque with lighter materials to last at high RPM; there are large differences between a typical commercial jet engine, and that of a jet fighter.

..and thinking any jet mechanic understands how everything works is silly. They don't engineer or tweak the parts, they inspect, repair, replace and test. Most military jet engine schools last less than 10 weeks; this includes basic and specific engine courses.

Anything outside their basic skills is typically handled by contracted engineers for the respective company who created the engine.

0
0

Tech support scammers mess with hacker's mother, so he retaliated with ransomware

Aodhhan
Bronze badge

Don't get too happy

The fact the scammer immediately hung up is because he became wise on what was happening. Likely due to malware/virus protection on his end. This means the attack was halted.

If the attack was successful, the scammer wouldn't have noticed and gone on with business as usual.

Also, these guys aren't completely stupid. The system likely didn't allow any changes in most files/directories or registry, so a quick reboot and the system is back to normal.

1
6

White hat pops Windows User Account Control with log viewer data

Aodhhan
Bronze badge

Can you all quit spewing out the obvious?

We get it... to those who don't work in the seemingly unexcited world of computer science, this seems like a pretty idiotic thing... bypassing UAC while already having the keys to the kingdom.

To computer engineers and scientists, this represents a very large hole in the processes of the operating system, and also displays being able to do a few things out of the ordinary while bypassing UAC. In simpler terms, while digging in the sand a buried chest was found. Now someone needs to be able to work a little harder to get it out and see what is inside.

0
0

DIY bank account raiding trojan kit touted in dark web dive bars

Aodhhan
Bronze badge

You mean, why isn't the US Gov't getting into the hackware business in the same manner as when they took over the original TOR network?

...what makes you think they don't have a dog in this fight?

There is a lot of malicious tools available on the darknet. This one offers a lot of things all rolled into one, and is getting media attention.

0
0

McAfee outs malware dev firm with scores of Download.com installs

Aodhhan
Bronze badge

A great training site

download.com and others are fantastic sites for training reverse engineering. You can always find applications which have been screwed with and hand them out as assignments.

Companies who allow their freeware applications to be downloaded from these sites are just asking for trouble. They'd serve the public better by hosting it on their own site, require registration/validation and ensure an MD5 hash is provided.

2
0

Boffins' blur-busting face recognition can ID you with one bad photo

Aodhhan
Bronze badge

Privacy concerns

Use of these systems are for protection and safety; which trumps privacy in nearly every instance when you're out in public or on commercial property.

Don't get shocked when you find out there is a database of facial recognition data which is shared among those who use these applications. Las Vegas casinos have been doing this for years now.

In most cities, mug shots of criminals are posted and these pictures are available to download and put into facial recognition systems. So, if you commit a crime in Nowhereville, Idaho you could set off bells and whistles when entering a store in another part of the country.

You can bet your life, facial recognition will start to be used when you go in for a job interview. So, you think it's bad now... you have no idea.

1
0

Linux malware? That'll never happen. Ok, just this once then

Aodhhan
Bronze badge

How good of an admin are you?

Instead of staying on topic, almost everyone jumps into the ridiculous argument of UNIX vs Windows.

Really guys? If you're distracted by such idiocy, just how good can you be at administrating an operating system? I would hope you'd be more professional and not let some post agitate you.

You'd serve yourself better by taking these articles and using them as "lessons learned" to ensure your systems are secure. Just because you believe your systems are securely configured doesn't make it so.

2
0

Big Red alert: Oracle's MICROS payment terminal biz hacked

Aodhhan
Bronze badge

Another Oracle failure

Oracle has been in charge of this company long enough to be held responsible for this.

It's just another in a line of failures for Oracle. A company who states they prize security, yet continue to have problems which shouldn't happen.

When failures happen with this frequency and magnitude you cannot blame coding or personnel; you must point the finger directly to management and policy.

We stopped using Oracle products nearly two years ago. It makes me shake my head whenever I see an organization using Oracle applications of any kind.

When I notice an organization using any Oracle product, it makes me wonder just how competent the CIO and information security management team is.

1
0

How many zero-day vulns is Uncle Sam sitting on? Not as many as you think, apparently

Aodhhan
Bronze badge

What crap and an epic math fail.

Given the different operating systems involved on many different systems throughout the world, I would guess there is A LOT MORE than 50 zero days available to the US Government. However, we'll never know as these fall into special access programs; and those who work on Apple do not know what those who work on Microsoft have. Those who work on CISCO applications will not know what those who work on firewalls will have. Etc. etc.

It's always interesting when someone makes a claim about being with some agencies program, yet fails to really put 2 and 2 together.

So Professor Healey... I'd say give your students a pass, but give yourself a big fail... because you didn't adequately provide a good background for them to use. It also seems your background in JTF-GNO (as it was properly referred to when founded) is questionable.

If you were part of the organization then... just what exactly did you do? Because it seems you're way off base. You don't even have the wisdom to realize just how many different applications and OS's are researched.

0
0
Aodhhan
Bronze badge

Re: Except that the NSA is supposed to be in charge of America's cyberdefense too

You're wrong, but nice job of BSing... not really. You'd think with 3 minutes of research, any idiot can figure this out... apparently not!

NSA is not in charge of the nation's cyber defense. This is the job of USSTRATCOM, who delegates much of the responsibility to USCYBERCOM.

0
0

Broken BitBank Bitfinex shaves 36% from all accounts

Aodhhan
Bronze badge

Come on, this is almost comedic

The Hillary Clinton business model.

Have poor information security and blame it on the hackers. Then tax the heck out of everyone to pay for her salary and the 'problem'.

It works, because there are a lot of suckers and idiots.

1
0

Page:

Forums