* Posts by Aodhhan

520 posts • joined 25 Apr 2008

Page:

Schneier warns of 'perfect storm': Tech is becoming autonomous, and security is garbage

Aodhhan
Bronze badge

Re: ahum, dumb fucks ?

Calling an entire generation of individuals, in which a good majority haven't been given the skills to think about and look at 2nd, 3rd and 4th order effects, "dumb fucks" isn't entirely out of line--especially when it comes to information security as a whole (not just a profession).

So yes, it is a security problem for those who download the latest 'game preview' only to find out it's actually an application spreading malware. Yes, it's a security problem, when the generation doesn't learn from such actions and repeats these insecure acts in a habitual manner--then continues to spread to family devices on their home network or via email attachments.

Offensive security should NOT be contained to only the lab. Not to mention, offensive security has very little to do with the SDLC. Code review and offensive security is two different things; not to be confused with penetration testing.

So, before you begin harping at people about what the 'problem with security' is--you should first spend about 7-10 years in the field so you completely understand it.

Calling people dumb fucks is not the reason for poor security, or responsible for a society in fear and uncertainty. Nor is it responsible for poor patching practices. Good grief. If you really believe this, then you're a snowflake who will never thaw out. Would you like your crayons in a box of 8 or 16?

14
2

Fraudster admits she was OPM dealer: Leaked US govt staff files used to bag cash, car loans

Aodhhan
Bronze badge

Pseudo statisticians

I love people who come up with false narratives and stats which are so far off, you can only assume, they don't have the brain power and patience to do 20 minutes of research and cross checking to get it right. ...rather, they'd prefer to spout out numbers and false figures in an attempt to make themselves seem more superior than others. Fact is, it only displays their own ignorance.

Using once source, especially something you just heard, or figured out on your own... isn't going to make you look smart.

...and bundling "YANKS" and all citizens of the USA as one is really asinine. ...but it's understandable many Europeans do this, as they don't really understand the size of the USA, and cannot begin to imagine what it is like to live there. As if, what works in England can transfer to the USA; when most of the states alone are larger and more populace than England; let alone 50 put together.

The EU bundled together, is only half the size and population of the USA, and look how screwed up it is.

0
0

Citation needed: Europe claims Kaspersky wares 'confirmed as malicious'

Aodhhan
Bronze badge

Ahh the ignorance.

It's amazing how many people don't understand how Russia works.

If you're a citizen or a company in Russia, and the government asks you to do something; don't consider it 'asking'. Consider it as an order; or find yourself out of business.

Russia is also known for imbedding agents in companies to conduct covert acts. This has been proven.

Finally, we also know, Kaspersky products were copying files and sending them home. This is unacceptable. yes, I heard their excuse on this... and of course I don't believe it.

Sure, Kaspersky labs has done a lot of good things for cyber security, but we all understand what a wolf in sheep's clothing is. Even the Mob built schools, parks, etc. for the local communities.

Let your heart bleed all it wants, but it's now at least 5 different independent reviews of the application which determined this is a dangerous product.

Kaspersky would be wise to let this go. Although Russian's don't fully understand the concept of 'free choice', they should understand... the more people hear about this, the less likely the general public will purchase their product.

0
0

Cisco Talos reveals inner depths of now-patched Windows disk image security flaw

This post has been deleted by a moderator

UK! watchdog! slaps! Yahoo! with! £250k! fine! for! 2014! data! breach!

Aodhhan
Bronze badge

Laughing!! !! !!

What a small fine considering the damage.

From a risk management perspective, it's cheaper to receive a fine from the EU than it is to integrate defense-in-depth measures on your commercial systems.

GDPR is great, but it still doesn't put enough responsibility on cloud service providers or 3rd party application vendors. You know, those with the most expertise who employ the least amount of people.

It's one of those political things which sounds good, but if you send enough money to us in Brussels, we'll ensure your fine isn't damaging; and we'll put the blame on the regular joe type company which employs 80% of the population.

I still don't get why the EU is still together. Sure, it makes a boat load of money for the elite and wealthy, but the average individual gets hosed over many times. Whenever rich and powerful people are for something... the rest of us should be very scared.

1
1

Youth crime falls as kids stay inside to play Grand Theft Auto instead of going out to steal cars

Aodhhan
Bronze badge

This so called study is hogwash.

It's not a study, it's an opinionated observation. There are so many things left out and unobserved, that to call this a study is an insult on anyone who is educated.

People do what they do based on opportunity, knowledge of something and whether or not it's 'cool' vs responsibility/irresponsibility.

In the 70s kids did one thing, in the 80s another and so on. To attribute it to one main thing or another is ridiculous.

Also, these horrible tragedies whether they involve kids, college campuses, alley ways, belt ways, etc. have been going on for many decades. The only thing which changes is the number of people who are made aware of it.

Today, EVERYTHING makes national if not international news. The Watts riots in the 60s didn't make the news in London, and its significance didn't even make it to Orlando. Today, it would be an entirely different story.

...and then there of course is ignorance. What people are told, because it's easy to sell them on... or it's what they've been led to believe. Especially if they don't have any idea at all. Such as the right to own firearms. There is no 'gun culture' in America the way people are led to believe it in Europe. Gun use comes down to the same thing nearly everything else does... responsibility or irresponsibility which is mainly placed on us by our community. Not a video game, music, etc.

1
1

Have you heard about ransomware? Now's the time to ask: Are you covered?

Aodhhan
Bronze badge

This is why INFOSEC people shouldn't work directly with insurance companies.

This is something which should be handled by the legal department and the chief of risk management.

With the CISO providing input and technical advice.

An insurance company is still at heart a business. It's going to get away with and profit from anything no matter what. So if you let them get away with being vague, it's on you. Don't expect an insurance company to be light hearted and friendly... no matter how heart wrenching their commercials are.

Everything is risk management and cost benefit throughout the company and the insurance underwriter.

As an InfoSec professional, you need to understand your limitations.

Also, your wrong about small companies having short attention spans. I guess we know you've never been an executive or even a manager at one.

0
0

Yahoo! merc! hacker! Karim! Baratov! gets! five! years! in! the! clink!

Aodhhan
Bronze badge

I'm sure his sentence was lightened quite a bit since he pleaded guilty. If he was found guilty in court, he likely would have received 15 years. This is federal court, so there is no early release or early parole. He'll serve the entire 5 years then be sent back to Canada... who then, will likely boot him out of their country.

0
0

Court says 'nyet' to Kaspersky's US govt computer ban appeal

Aodhhan
Bronze badge

It's the USA.

Nobody has to buy anything they don't want to. This includes the US Government.

A company has the right to create/enforce policy. Even the US Government.

Individuals, unions, corporations has the right to endorse or refuse products. As long as it isn't because of race, religion, etc.

Then lets look at Russia.

Not exactly the best track record with spyware--although, this goes for most countries.

Doesn't allow a lot of British, American, Australian applications/devices.

Known for forcing companies to do its bidding or face ... well, anything up to death.

Known for placing FSB operatives in software companies, to covertly code in backdoors, etc. to allow the Russian government access without the corporations knowledge.

Has been caught attempting to plant FSB agents, or using FSB agents to coerce/pay off employees to code in backdoors, scrape email, etc. Remember YAHOO! email?

Russia doesn't quite understand the concept of freedom of choice.

For the Trump haters: Yeah, everyone gets it. He's an ass. But consider what this makes you, if your blinded by hatred.. and you can't objectively provide comments without bashing someone. Besides, you'll stroke out if you don't relax a bit. Also understand, Trump only runs 1/3rd of the US government. He doesn't control it all. Even then, he can't do anything he wants; read the 2nd amendment.

4
2

Trio indicted after police SWAT prank call leads to cops killing bloke

Aodhhan
Bronze badge

Re: Yank Culture Issues

Apparently you like to comment without researching the entire facts.

The police didn't just shoot him when he walked out the door and there was resistance--likely based on the fact he wasn't exactly an innocent in the eyes of the law. Might want to find out why he was resisting and not following directions.

1
0

Epyc fail? We can defeat AMD's virtual machine encryption, say boffins

Aodhhan
Bronze badge

Re: The attack can only be partially mtitigated

I call BS on your claim of being a security researcher.

Exploiting the virtual NIC. Do you understand the concept of targeting the resources in memory? If you did, you'd laugh at what you are saying.

Also, this isn't an attack, per se. It's a peep hole which isn't plugged.

1
0

ISP popped router ports, saving customers the trouble of making themselves hackable

Aodhhan
Bronze badge

This is what happens when you hire individuals to do information security and networking with nothing but a bit of schooling behind them.

I also pin this on management, who obviously do not have proper change management + testing policies and procedures being enforced.

1
0

Advanced VPNFilter malware menacing routers worldwide

Aodhhan
Bronze badge

Wow, really people; where is the common sense?

Resetting to factory default FIRST REMOVES THE MALWARE which may exist on your appliance. No patch in the world works against firmware if the malware is allowed to stay.

Then update to the latest version, and apply the new patch when it's released.

Stop whining. Doing this takes approximately 5 to 10 minutes.

1
0

AWS won serverless – now all your software are kinda belong to them

Aodhhan
Bronze badge

Knowing Amazon...

The numbers aren't due to satisfaction among developers, but rather vendor lock in (unable to get out of the contract) and longer required contracts.

There is no doubt Lambda has its good characteristics, but lets not go crazy with numbers yet.

Remember, you lose control of the environment when moving to Lambda and you don't have nice easy calls. Don't forget, you get charged for each of these calls (this is Amazon). So if you use this for a web app, and there are a lot of customers using it... be ready!

Don't forget all the features aren't well documented. This can be a nightmare for your security analysts. Especially when they want to go through errors. Wait, how does Amazon provide you with error information? HAHAHA. They don't want you to know the problem is on their end, not yours!

So before jumping into Lambda. You may want to do some in-depth research, and try it for at least 10-12 months before committing a large portion of one of your dev teams to it.

0
0

We've found it! A cloud-and-AI angle on the royal wedding

Aodhhan
Bronze badge

To be expected...

This is England... where everyone is on video all the time.

Rumor has it, if you are captured on video not watching the royal wedding festivities, you will be placed on the terror watch list. There is an exemption for those who were on a cricket pitch.

Not only is facial recognition being done, but they are also using software which does lip reading.

So those who appear to be pro-Brexit will also be put on a permanent watch list. Due to the limited amount of software licenses for this, it will only be used on cameras in middle to lower income areas.

Rich, elitists everywhere are exempt from any sort of camera spying technology, as long as they are against Brexit--which of course, most are.

Remember the large sunglasses used in the 1970s? Anticipate a widespread return. Soon, many in England may begin to wear burkas.

0
0

Microsoft's Azure green-lit for use by US spies

Aodhhan
Bronze badge

Re: Check for the undeclared payments between the JEDI contractors and dump.org

Apparently, as a businessman, you don't do proper research. There are plenty of reasons Microsoft has a leg up on everyone else.

1- Microsoft works well with the US Gov't. In comparison to other vendors, they don't attempt to add/change anything in an attempt to renegotiate contracts or milk extra money. Amazon's MO is to offer you just a bit more of something you must have, at a huge increase in cost. You should know this... "mr. real" businessman. *eye roll*

2- Amazon already has the internal search engine contract. Has had this, will continue to have this. So stop it with the Amazon whine.

3- Microsoft's technology tends to be compatible with many other products -- unlike Amazon, Oracle, etc. Decreasing the chances of vendor lock in.

4- Microsoft met FEDRAMP guidelines earlier than most other vendors; primarily because they didn't put up a fight against the stringent security requirements. *cough* Amazon bitched the whole way.

...and you think the gov't has no real businessmen? True in some instances, but It's a lot better now, than it was 2-5 years ago.

I'm betting you are one of the elitist jerk contractors who was recently fired because someone figured out you didn't understand the importance of attention to detail and research.

Don't worry... Oracle is always looking for your type of 'real businessman'.

...I can go on. But it just goes to show, how many people 'jump' to conclusions, and pass on the rhetoric of others without having the capacity to critically think.

0
0

Lawyers for Marcus Hutchins: His 'I made malware' jail phone call isn't proper evidence

Aodhhan
Bronze badge

Wake up

Being drunk or under the influence of anything DOES NOT provide an excuse to commit a crime. If this was the case, DUI wouldn't be a crime.

Not all evidence acquired after arrest requires waiving Miranda.There are cases, where it's been proven Miranda wasn't provided after arrest, but evidence collected after the arrest was still allowed.

It depends. For instance, if it was from direct interrogation, it likely isn't going to be allowed, but if it was a recorded call or conversation to a friend... it's likely will be allowed. Not to mention, the friend will likely be called as a witness against the defendant.

Imagine the rock the defendant put his friend under.

0
0
Aodhhan
Bronze badge

Re: Signed a Miranda waiver form after being read his rights

BTW...

They don't have to record the signing of Miranda.

Apparently he was coherent enough to remember someone's phone number, use a pay phone and conduct a collect call; yet too incoherent to understand Miranda... right--get real.

I'm sure if you were one of the individuals who lost their life savings because of malware he assisted in creating, you'd look at this a bit differently. Hopefully, you never have to find out.

0
3

DOJ convicts second bloke for helping malware go undetected

Aodhhan
Bronze badge

Apparently, if you make crowbars and a crook uses it, you're liable.

Obama era judges. They take a whole different approach to the 4th and 5th amendments. It will take years before many of them are out of the system.

I get the wire fraud charge, but this is the only one which makes sense. The other two just don't make sense, unless they can, without a doubt, prove the intent was only for use by criminals and not security research and/or academia.

0
1

Signal bugs, car hack antics, the Adobe flaw you may have missed, and much more

Aodhhan
Bronze badge

Re: 'White House was going to do away with its cyber security advisor role'

Getting rid of the White House cyber czar is a good thing.

repeat: IT"S A GOOD THING.

1 - It cuts down on the number of layers and red tape to get something accomplished

2- It provides power, decision and policy making to someone who is actually skilled in cyber security.

3- Saves $20 million per year.

4- Cyber Security is now added to the daily security brief from the NSA. Allowing POTUS to interject on info security if needed.

Just more left wing lunacy -- taking something good, then spinning it to make it look like something else.

2
1

Kaspersky Lab's move from Russia to Switzerland fails to save it from Dutch oven

Aodhhan
Bronze badge

No evidence?

I seem to remember a US government contractor who took classified files home to work on them... and Kaspersky code identified these files, scraped the entire file and uploaded them onto their databases. Then "somehow", these same files made their way to a covert Russian system.

Coincidence?? LOL NOT likely.

So maybe you don't care if Russia steals your game strategies, but many people put a lot of hard work into something and then store this on their private systems. I don't want a lot of the things I work hard on stolen by anyone.

Really.. feel sorry for Kaspersky? What are you, 9 years old? Unable to critically think for yourself, so you buy into anything a false victim says; because we all know... companies never lie.

Kaspersky will be just fine. They don't need NATO governments to make a profit. No brainer here, really.

...and I just love how you empathize with a corporation from a country which does some pretty messed up crap to their own citizens. Your empathy should be more focused on these victims.

1
3

New law would stop Feds from demanding encryption backdoor

Aodhhan
Bronze badge

BS Politicians

This is another one of these bills introduced to bring everyone who is up for re-election this year to get on board knowing those senators who aren't up for re-election for another 2 and 4 years will vote against it... so they will keep their power.

...in short, it's a publicity stunt for politicians.

Let's get real, a government, no matter which country, isn't going to give up power it already has.

5
0

Shining lasers at planes in the UK could now get you up to 5 years in jail

Aodhhan
Bronze badge

Negligence outweighs intent

Without a doubt, whether you intend to or not, using a laser can result in eye damage and loss of life. Therefore, the individual with the laser must be held responsible during its use.

A hunter may intend on shooting elk or some other game animal, but if the bullet goes through the animal (or misses) and the bullet continues to travel and hits a dairy cow or a person... the hunter is held responsible.

Intent provides the level of prosecution and penalty, but it DOES NOT absolve responsibility, nor does it diminish negligence.

Risk can be considered into the law as a preventative measure. For instance, it can become illegal to use laser pointers outdoors for any reason, within 3 miles of an airport without permit.

2
0

Hands off! Arm pitches tamper-resistant Cortex-M35-P CPU cores

Aodhhan
Bronze badge

Re: Smart streetlight? FFS, why?

Thank you for opening your mouth, and removing all doubt.

Smart street lights can do more than turn on or off.

They can also:

- Alert to electrical/mechanical problems (light will not come on for some reason)

- Change the color of the light (for celebrations, holidays, etc.)

- Be used to repeat other radio signals

- Provide outlets etc. for items such as cameras and signs

- Yada yada.

Now, guess what we're all thinking about you.

0
0

AWS sends noise to Signal: You can't use our servers to beat censors

Aodhhan
Bronze badge

Good Grief

Do you ever notice, after someone provides a decent explanation on something, 20 other people have to give their 2 cents worth; because of course, they're smarter than everyone else... BUT the explanations of these people get gradually worse until someone starts blurting out something which is offline from the original point.

Remember, it's better to have people think you may be an idiot, than to open your mouth and remove all doubt.

3
0

Who will fix our Internal Banking Mess? TSB hires IBM amid online banking woes

Aodhhan
Bronze badge

Yes, I'd rather do all of this. It's known as:

- Responsibility

- Being forward thinking

- Someone who isn't going to support poor business practices

- Taking care of my financial future and my family

- Oh, and this will strike at the heart of many snowflakes... NOT BEING LAZY.

Taking several hours out of my life to deal with switching banks will likely save me many days of headaches and late payment fees in the future.

Anyone who isn't willing to do this, only perpetuates poor business practices. Someday, this is likely going to bite you in the backside.

Finally... when all this is over, TSB is going to look for ways to cut costs to cover the large expense this muck-up is costing them. It doesn't take a world class seer to figure out how the effects will eventually fall back onto the customer.

4
2

Yahoo! fined! $35m! for! covering! up! massive! IT! security! screwup!

Aodhhan
Bronze badge

FINE??

A $5 billion company is fined only 35 million for failing to notify investors. Not much of a fine.

This fine comes out to 0.07% of the companies value.

This isn't a fine, it's a punch-line.

5
0

Apple debugs debugger, nukes pesky vulns in iOS, WebKit, macOS

Aodhhan
Bronze badge

Re: Why not scan properly?

[Insert here, why you'd toot your own horn and bring attention to your 'apparent' knowledge of grammar on an InfoSec site]

I imagine you berate children who make mistakes in order to display your superiority.

You really need to get over yourself.

3
2

British Crackas With Attitude chief gets two years in the cooler for CIA spymaster hack

Aodhhan
Bronze badge

Re: Another Perspective....

Autistic my ass, and it irritates me beyond belief his defense paid off some 'expert' to provide this opinion. It demeans and sheds a bad light on those who are truly autistic; as if autistic children are one look away from doing criminal acts.

All the court did with this light sentence is affirm such thinking, and displays the judge's ignorance and laziness to actually do some minor research.

An autistic teenager wouldn't attempt to make contact and leave messages. Doing so is a display of authority, and a willingness to abuse this authority. Entirely different from someone who cannot comprehend right from wrong.

0
0

Oracle whips out the swatter, squishes 254 security bugs in its gear

Aodhhan
Bronze badge

Oracle...

Among the worst vendors from a security standpoint.

Oracle manages to ensure their customers pay them to increase the number of vulnerabilities on their own network.

3
0

You're a govt official. You accidentally slap personal info on the web. Quick, blame a kid!

Aodhhan
Bronze badge

Laws and Lessons

There is little doubt what he did was against the law. Just because a web site is poorly secured or coded, doesn't provide a excuse to gain access to information stored on the system. The application provided "some" controls around access and he used a tool to circumvent these.

If I used a common tool to eavesdrop on your communications (MitM attack), this doesn't make it okay; even if the communications were done using public equipment and you didn't employ encryption.

The question isn't about whether he broke the law. He did. There are a lot of things in life I didn't mean to do, but I was still held responsible for them. Starting when I was 11 and broke a window with a baseball.

The questions now revolve around intent as well as damages. He stated he wanted to download government documents, but to do what (exactly) with the information? What damage was done with the information he did gather? Did he send it off to others?

It will take some investigating to determine all of this, and we don't yet have the entire story.

0
32

Pentagon sticks to its guns: Yep, we're going with a single cloud services provider

Aodhhan
Bronze badge

Oracle... don't make me laugh

Oracle... the worst vendor in the world from an InfoSec prospective, and yet they want to provide their 2 cents worth. BTW Oracle, this decision makes fantastic sense.

- This is a private cloud system. So you want to manage it differently.

- Looking for one vender only, DOES spur competition. The best deal wins. Taxpayers like this.

- Choosing multiple vendors allows them to increase prices incrementally together. The costs will mainly be fixed, and the format will be such that, at the end of the contract, the DoD isn't subject to vendor lock in.

- One vendor means simplicity. Don't have to send personnel to a variety of vendor training courses. Again, great for the tax payer.

- One solution makes it much easier for patching and maintenance.

- One solution makes it easier to secure. MUCH easier to secure.

There is more, but you get the point.

Oracle is obviously isn't looking out for the tax payer or the security of DoD cloud data. It's only out for its own bottom line.

Oracle, get your security together before you start telling others how silly their ideas and solutions are.

15
2

Security? We've heard of it, say web-app devs. 31 in 33 codebases have at least one big bad vuln

Aodhhan
Bronze badge

Stop blaming developers for poor policy

Developers ARE accountable in one form or another. This comes down to policies and procedures laid out by management.

I've said this a few times on this forum. As an information security professional, you better first point the finger at yourself; because it's likely your risk assessment is the point of failure.

Code review and penetration testing the application is vital to risk assessment. If you fail to point out vulnerabilities and their effects (costs) due to bad development policies/procedures, then the fault is on you.

Risk assessment is the foundation of InfoSec. If all you do is look for vulnerabilities, you will be very frustrated at your job, wondering why things are done the way they are (where you work).

1
0

GCHQ boss calls out Russia for 'industrial scale disinformation'

Aodhhan
Bronze badge

Re: ""blurring the boundaries between criminal and state activity" "

Stop.

There is a HUGE difference between stuxnet and what Russia is doing.

Stuxnet (arguably) purpose was to delay a dangerous nation state from creating a very dangerous product.

Russia's purpose is to denigrate democracy as a whole. To attack and steal from other nation states, corporations and individuals. Not to mention take the lives of anyone who oppose what they are doing.

Don't confuse the tool with how it's used.

You're smart enough to critically think through something without throwing your politics into it. Start doing so. You'll find your whole view on the world will change... and I don't mean politically.

6
6

AWSome, S3 storage literally costs pennies

Aodhhan
Bronze badge

Re: Meh.

Thank you for the obvious. There is one thing, you have to compare the benefits of selecting this over other cloud services, not compare it to on-prem solutions; as you point out.

This solution is based purely on the storage of data. It doesn't include movement of data, security, encryption, etc... all which of course will cost more, and you can bet they will increase these prices.

Remember, access can include adding more data, not just pulling.

This solution is purely archival in nature. For instance, regulation states you need to keep documents for 5+ years. So you keep it for one year on another cloud or on-prem solution, and the rest of the duration on a solution such as this.

0
0

Furious gunwoman opens fire at YouTube HQ, three people shot

Aodhhan
Bronze badge

Dont you love...

3 people are critically hurt. Instead of focusing on these individuals and their families... everyone wants to provide their political opinion.

This isn't the time for your opinion. The fact you give one without focusing on those who are hurt only proves your heart and brain isn't where it should be. ...and you want the rest of us to believe you have the wisdom and foresight to provide an answer? ...get real.

2
6

Intel admits a load of its CPUs have Spectre v2 flaw that can't be fixed

Aodhhan
Bronze badge

Re: So since Intel have now confirmed that are unwilling to fix...

Another way to get a lot of down votes is to point out 2nd and 3rd order effects people don't want to hear.

Sure, Intel can put a lot of resources into fixing 8+ year old chips, which are probably used by less than 3% of the market... but doing so will likely stop Intel from providing good raises or other benefits for its employees, and/or raise the cost of the next computer you purchase by a couple of hundred dollars.

As security professionals, you should all understand and identify risk management based decisions; and be intelligent enough to understand it. This is done by all corporations all the time. Including the one you work for.

6
20

1 in 5 Michigan state staffers fail phishing test but that's OK apparently

Aodhhan
Bronze badge

Too quick to judge on phishing

Those of us who are penetration testers aren't shocked by the number of individuals who fall victim to phishing. With moderate training, 20% rate is right at the norm with a medium complexity phishing email.

Depending on how the mail is formatted, you can get a much higher rate.

Don't judge too harshly. At work, it's quite likely I can send you a phishing email you'd click on or open an attachment. If I catch you at a very busy time, and get everything on the mail just right to entice you or to fortunately provide information you're working on... you'd fall victim.

It's about the complexity of the phishing email. Shockingly, you find those age 20-30 will fall victim in higher numbers than those over 30 or even those over 50 years of age.

Younger individuals are easier to catch with a phishing, which is "mistakenly" sent to them and contains an attachment with what appears to be confidential information. The younger you are, the more likely you will give into your curiosity over security.

0
0

Facebook confirms Cambridge Analytica stole its data; it’s a plot, claims former director

Aodhhan
Bronze badge

More of the same

So apps are mining Facebook... if you didn't figure out this was happening, then you really have no business using a computer. If you input anything which is then stored in the cloud, you better understand, somebody somewhere is going to leak, mine or hack your information.

When it comes to the majority of data points... these are already being gathered in by credit agencies, credit card companies, mortgage companies and data services such as INFOGROUP.

They trade this information and sell it out. Make/model cars you've purchased, where you purchase/shop, what brand/model of washer/dryer you purchase, if you voted, mail ads you respond to, type of deodorant you use, etc. You use a credit card, look how detailed the information on your receipt is. Credit card and retail outlets just sell out everything you do.

Even local governments sell out information, such as whether or not you showed up to vote and what dates you voted... i.e. do you show up to vote for more than just national elections? How often has the cops been called to your house? What upgrades you've done to your property, etc.

Until we can vote in people who will not sell out to the corporate data miners and sellers, and will clamp down on the amount of data which can be collected, stored and sold... this will remain a problem everyone should be aware of.

1
2

Take that, com-raid: US Treasury slaps financial sanctions on Russians for cyber-shenanigans, 2016 election meddling

Aodhhan
Bronze badge

The odd thing is

We're finding out it wasn't Trump working with the Russians, but rather it was the Democratic party.

While Russia meddled with the elections, it didn't really impact it.

Also, it appears they didn't necessarily do it on their own accord; we're starting to see the Democratic party provided a conduit to do so.

With this coming to light, I don't expect to see the USA do much about this when it comes to offensive cyber ops.

3
3

FYI: There's a cop tool called GrayKey that force unlocks iPhones. Let's hope it doesn't fall into the wrong hands!

Aodhhan
Bronze badge

Okay, why is there shock here?

A phone isn't a vault located in a military bunker. Phones should be looked at as the last place you keep sensitive information.

It's long been known, if someone gains physical control to your computer/device, etc... then they own it.

If not by using some 'secret killing box', then by another method.

So if you're a criminal conducting incriminating actions via your phone... don't be shocked if law enforcement uses it against you.

If you keep GPS active along with other 'features' active on your phone, don't be shocked when Google records your every move, puts the information into a database and then sells this information to Equifax; who then loses it when their database is breached. You chose to accept the risk. A phone shouldn't be looked at as being a secure safety deposit box located at Fort Knox.

You're InfoSec professionals. You're smart enough to look at this from the correct perspective of risk management. Don't get caught up in the emotion of this. Don't let the press or politicians twist your thinking. Keep your perspective true and remember, nothing is hack proof. So the loss or misuse of a box isn't any worse than someone not correctly securing information.

4
1

Samba settings SNAFU lets any user change admin passwords

Aodhhan
Bronze badge

YAWN

People will never collect SAMBA alerts, because there will always be a high number of them.

Samba is to network services as Flash is to web services. A different solution should have been implemented YEARS ago. You can put brand new siding on a sod house and make it look better, but it's still the same old pig with lipstick. Eventually, something will take advantage of the weak underlying architecture.

2
3

Ex-GCHQ boss: All the ways to go after Russia. Why pick cyberwar?

Aodhhan
Bronze badge

Nothing new here, move on.

You can be from England, Russia, China, USA, Zaire, etc. One thing all have in common is a hate for traitors. You think England hasn't knocked off a few traitors in other countries?

Publicly England will beat its chest, threaten some sanction, expel diplomats etc.

Behind the scenes they'll move on as if they expected it.

Do you really think it's good for England to go to war over a turn-coat Russian? Wake up.

Do you think Russia will go to war over the suspicious death of Ed Snowden? Hardly think so.

They'd beat their chest, rattle saber, wag a finger, etc.

Realistically they'd probably wonder what took so long.

8
6

Russian anti-antivirus security tester pleads guilty to certifying attack code

Aodhhan
Bronze badge

Re: Jurijs Martisevs

Yes, because nobody ever names their child with a name originating from another country.

...where do these people come from?

2
0

Surprise: Norks not actually behind Olympic Destroyer malware outbreak – Kaspersky

Aodhhan
Bronze badge

Re: Which country was banned from the 2018 Winter Olympics?

What a fantastically brave conclusion.

...don't forget to stop by the hospital pharmacy and pick up some epi-pens along with other anti-toxins.

2
0
Aodhhan
Bronze badge

Re: I don't think computers work the way you think they do.

Thank you for your post, but it seems you don't know a lot about development.

You can't just cut/paste from a binary. Especially when using a different dev environment.

0
3

Unidentified hax0rs told not to blab shipping biz Clarksons' stolen data

Aodhhan
Bronze badge

Yes it's difficult to find out who is behind attacks.

It's not difficult though, to hire experienced InfoSec professionals and support them adequately to provide a sufficient defense in depth architecture, patch management and monitoring to ensure it's difficult to get in, and just as difficult to get data out.

Since it is so difficult to identify hackers, you may want to keep this in mind when it comes to your risk management. Can I get a palm thump to the head?

10
1

CryptoLurker hacker crew skulk about like cyberspies, earn $$$

Aodhhan
Bronze badge

Re: "If the user tries to stop the process, the computer system reboots."

Isn't if a bit funny when an ignorant Windows user feels the need to be noticed, that they actually post and rave about how bad Windows is? :)

One day my friend, you'll become knowledgeable and experienced; then realize how bad ALL operating systems are.

1
0

Audit finds Department of Homeland Security's security is insecure

Aodhhan
Bronze badge

Be careful about calling the kettle black.

...just saying.

3
0

IBM's homomorphic encryption accelerated to run 75 times faster

Aodhhan
Bronze badge

Re: It's the future given the eagerness of TLA's to spy on people.

By itself, it doesn't keep anyone from 'spying' on you or intercepting and attacking the encryption.

HE is about not having to decrypt the data in-transit and then re-encrypting; like when data is passed through perimeter security devices. Or when data is stored at rest, an application doesn't have to decrypt the data before processing it.

You still have to maintain a small modulus to noise ratio (in the key-switching matrices) and manage the field for security.

Switching to low-dimensional fields speeds up the homomorphic process at the cost of security/increased risk. Something we are all familiar with already. We can switch from TLS to SSL, but we also increase risk.

1
0

Page:

Forums

Biting the hand that feeds IT © 1998–2018