Posts by Aodhhan

Once again... more examples showing why script kiddies and lazy people will never rule the world.

The west

The citizens in the western hemisphere are so focused on greed and political agendas, nobody cares Russia and China sits back while we fight amongst ourselves. They don't even have to bend over to pick up the pieces from our internal scuffles... we do it for them, handing them piece after piece with a smile.

We've killed manufacturing in the west, because we'd rather pay a little bit less; without worrying about the quality of the product... or the loss of our own local economies.

Fine...

Just don't ask us to pay for it.

There are certain laws in math which hold true... and there are certain security engineering laws which hold true. One being, more security equals less flexibility and slower throughput. You can alleviate it somewhat by spending copious amount of money, but this is the big question; whose paying for it?

Then there is the fact, you're doing the same thing as China and North Korea. Shutting down availability and only letting in what YOU want.

Stop trying to save people from being stupid. It's everyone's civil right to do so.

Just like all far left wingers... you think you're way will save the world, make everything better and safer.

First - Hutchins can be represented without having to pay anything at all.

--- A high profile grand jury indictment means the public defender would likely seek out a private lawyer for pro-bono representation

--- A high profile case where the evidence against the accused is questionable typically has lawyers jumping out trees to represent them. Here, the key is... the evidence has to be weak. In this case... it's not. The evidence is seemingly strong against him.

If all you can do is raise $15K for a case like this... you're only going to afford one lawyer, likely without a huge amount of experience to find ways to win on technicalities. This also doesn't afford specialized assistance or pay for good expert testimony. You might as well take a lawyer assigned by the public defender, where they pick up the tab and must ensure a competent defense for the accused.

A decent lawyer costs around $800 to $1500 per hour. You only want your lawyer working 5 to 6 hours on your case... when at least 5-10 hours of this will be time in the courtroom.

Based on the evidence in this case... assume he's going to be found guilty and will need to file for an appeal (in which case, you REALLY need to have a good lawyer, not to mention pick up the FULL tab), you better attempt to raise in excess of $150K. Look closer to $300K.

Do you realize...

President Obama considered WikiLeaks a non-state intel service. Especially since the majority of the leaks came during his time in office. Can't blame the man for this.

- Honestly, I think those who use WikiLeaks to dump information without identifying themselves are a bunch of wusses. If you believe so strongly, that leaking information is in the best interest of the people, then stand up and make your case in court. You only have to convince 1 person you're the one who is right. Just be prepared to have every bit of your life (good and bad) leaked. Turn-about is fair play.

- If Snowden would come back and do this... and win, then he'd be considered a hero. Otherwise, he's just a wuss who needs others to fight his battle.

Tom Scholtz is just trying to profit

This guy has been around for at least 5 years doing this and saying whatever he needs to in order to build a following; or should I say a congregation of the ignorant.

Another person taking advantage of presenting "cost cutting" seminars and webinars for profit.

In my view he's no different than a crooked TV evangelist or a phishing author.

5 years ago he was speaking about the need of InfoSec and putting the people at the center of security. Because at the time, this was the popular sermon to preach. Now, it's businesses looking for ways to save money so he's preaching a different verse. Just go back through the last 5-6 years of his messages and you'll see what I mean.

Where Tom fails on with this latest story is leaving out the victims... both organizational and customers.

What should be properly preached is how InfoSec is helpful and good for business; stop looking at security as a cost saver or some preventative measure like a simple padlock.

Implementing security properly into the SDLC along with proper risk management is good business and a HELPFUL means of deploying technology. Not a restrictive means of deploying risk management. Look at security as a marketing and investment tool... not a barrier to customers.

Tom, try filling your pockets by teaching these aspects of InfoSec and you just might garner respect from the InfoSec community as well as business. It's Tom who is being a barrier to InfoSec, customers and organizations. All to fill a bank account.

This is what happens

...when training and exercise funds are cut, along with people being promoted ahead of others because they suck up to the same thinking.

Thank you Obama, your dereliction of duty as commander-in-chief has cost more lives.

It will take the DoD around 3-6 years to recover from 8 years of neglect.

Yes yes we know...

most of the information is easy enough to get; however, you're missing the point.

Don't believe for a second its only name, address and age. There are other items, such as political party, when you voted, possibly items of interest to you, etc.

Not to mention the fact the work is already done... and possibly with your name on it!!

Then, if you're truly a InfoSec professional and not trying to spin this favorably for the democrat's in Chicago (which is likely the case in many posts)... you'd understand it's another database breach via AWS; once again... there is a failure in information security policy; oh yes... and another failure to protect private information by an organization primarily run and manned by democrats.

Hah... I'm an independent politically so I had to say this last bit.

I'd like to see...

I'd like to see the law enforcement agencies compile information to let us see how many arrests and convictions came from cases where they were awarded a warrant for cell phone monitoring.

Also the numbers where the cell phone history assists in proving an individual's innocence of a crime.

Hopefully the US government will never put up the same type of camera systems used in England. Most states here will not even allow cameras to be used to catch speeding drivers. So gathering the location history of a cell phone to prove someone's innocence or possible involvement of a crime isn't something which should be too hard to get.

Can you please....

Keep your political agendas out of the forum.

No matter how right or wrong the platform is, it doesn't belong here 99% of the time.

You may believe you're being clever... spinning something and shining it with a spotlight of clichés, but if you sat back and reread your writings 15 minutes later... you'd realize just how stupid it comes off.

Seriously, if you actually knew information security you could find a better way of being serious about a subject.

America sucks again, eh?

What? They don't have to tell their customers? Oh man, this American justice system sucks @xx. Oh wait... in the USA, the FFIEC and OCC requires all banks to notify customers within 48 hours of a confirmed breach. They must also prove they attempted to contact 100% of their customers using more than one method. So, this can't be in the USA.

Wait.. this can't be in England can it? All the people there believe their system is the best, fair and most protective of its people; while saying the USA is the worst system in the world.

BAH. Again, know your own system before blasting the system of others.

Have to laugh at ignorance

It's amazing how much people just rant and complain without having any detailed facts.

First off... I've lived in the USA and in several European countries, and spent time in a lot more. If you honestly believe your justice system is better than the US's, then you don't know a dang thing about yours.... especially those in England. BTW, I believe the rights of the accused now established in most European countries was copied from the US Constitution... so really, shut up. In this case, it was a grand-jury investigation... Most countries in Europe do not have anything comparative to this.. they operate solely on a law enforcement investigation.

---Yeesh, most don't even realize why the warrant is issued from Wisconsin, let alone any other fact.

--- I'm not saying he's guilty, I'm saying... most are too ignorant to spout even the dumbest statement.

Second... the keystone pipeline isn't about trains being a safer method of transporting oil. It's about protecting an underground reservoir (Ogallala aquifer) which is more than twice the size of England. In many places, the water table is just below ground. Overall the average depth is around 20 feet from the surface. So stop; realize how many people will be affected if the water is polluted by crude oil. Considering most farms in the middle of the US irrigate their crops with this water, even those in Europe will feel it. Cost of foodstuffs will go through the roof around the world if the water is contaminated.

Third... Yes, of course Trump is responsible for this. Just like the hospital you were born in is responsible for damaging your brain.

Fourth... and really. If you think the US justice system is so judgmental; listen to the judgmental attitudes of so many who make a comment. Judgmental about the US justice system, corruption, Trump.

The only thing people aren't judging is their own life. Something which is 'supposed' to be a primary act of the British. Being a gentlemen, only judging their own former self, being helpful to others, listening well, etc. Yeap.. B.S. isn't it Brits? :)

The ignorant run amok

Wake up... if you're innocent... you aren't taking a plea deal. This should let you know, 98% take a plea deal because they are guilty. Likely of something a lot worse than what the plea is.

When someone from a foreign country in the USA on a VISA is charged with a felony the consulate of this country is notified.

In this case where the FBI is involved and not local law enforcement, all evidence has been provided to his government's intel agencies.

Also, sending someone through a trial in the USA costs the government quite a bit of money in administrative expenses alone. Arrest warrants from a grand jury aren't handed out like candy. They are difficult to get and require a lot of evidence.

Yes the burden of proof is on the US Government; don't think for a moment they don't have this covered. He wouldn't be the first security professional who had a dark side to them.

So wait for the hearing... allow the discovery process to take place. I'm sure his lawyer will publish the information.

...and stop watching moronic TV law / police dramas and believing it's all real. Good grief.

It's not the company's fault.. yeeesh.

Yes, the company obviously had crappy InfoSec; however, this doesn't put them at fault. If you leave your home unlocked, this doesn't mean anyone can enter it and browse through your possessions.

It's illegal to access any system you are not authorized to use in all 50 states. Regardless of how poor information security practices are.

You can always tell those who don't have a lot of information security experience. Just because the company you work for does this or that... doesn't mean it should be done by all companies. It's a bit stupid for a small company to spend 9 million dollars a year to protect assets worth 4 million. Good InfoSec isn't cheap; all businesses have to conduct a risk assessment and spend accordingly. Especially small businesses. Just having 8 good information security professionals can cost over 1 million a year, before good security hardware and software is purchased. Have you seen how much ONE good security router costs these days?

In this case, it seems like there was likely an insider assisting him with gaining access. Not uncommon in a small business environment.

Everyone is so .... duh.

It's irritating when you know the truth and everyone else appears clueless. So I'm going to let you know where some of the worst malware comes from.

In a joint CIA/NASA venture which monitors signals from space. About 12 years ago, they began focusing on a system nearly 200 light years away which communicates heavily using narrow spectrum and light waves to transmit computer signals. The CIA has captured some of the worse malware used by this system and began using it for it's own covert reasons. However, it's been noticed, reverse engineered and also leaked to computer engineers and scientists throughout the world who are now using it for monetary gain.

It's also theorized, North Korea's leader is so large he can pick up these signals at mealtime, each time he opens his mouth. This is why their offensive cyber operations is so effective against other nations.

So now you know and can blame the system correctly.

Wow, a bunch of screaming lunatics

One of the funniest things I've seen is the ranting on this story.

He's been indicted by a grand jury not a simple police investigation and also provided opportunity for bond (and small amount considering the indictment). No they don't reimburse lodging and expenses if found innocent. They provide this to him while he's waiting trial.. it's called jail.

He hasn't been found guilty, he hasn't been sentenced. So quit screaming like a bunch of idiotic, uneducated 15 year olds. Doing this without complete knowledge of the crimes is just as bad as being falsely accused of anything. If your bank account was affected by these crimes, I'm sure you'd look at this differently.

Just because he didn't have a lawyer around during questioning doesn't mean crap. He must agree to the questioning and he can stop it any time he wishes. Also, every moment is captured on video -- including the explanation of his rights before questioning begins.

So, calm down... let the process work. If you're so convinced he's innocent, then open up your pocketbook and send him money for his defense and expenses. Don't worry, you won't feel too silly if he's found guilty.

NOBODY in the USA is worried

Apparently the author has very little knowledge of the USA's constitution, businesses or people.

I can come up with a huge list of technology from the 16th century to today criminals and terrorists use to circumvent, hide and conduct in-depth research of targets to make it easier for them and more difficult for law enforcement, intel agencies, etc.

No business in the USA has responsibility to the government when it comes to information security. Her rampaging ideas aren't new or earth-shattering in any way; in fact, they've been debated over and over again in Congress. Each time, the Constitution of the USA falls on the side of businesses.

Businesses only have the responsibility to it's customers and to their own self-interests. The USA calls it the free market. The government can't make a business use weak encryption, provide logs, share information or spend money.

There have been criminals and people who wish to do harm to people and the government in the USA since Plymouth Rock. Only the times and technology has changed.

Imagine how different things would be if President Clinton decided not to release GPS frequencies. People were worried then, how China and the Russian's could use this. What if the USA's government decided to go after companies who started to provide low earth orbit detailed satellite imagery? Again, Chicken Little was screaming about the sky falling.

So, you really think anyone in the USA is scared of a any official from another country? PAH.

.

This isn't RESEARCH its validating known work.

This isn't exactly new and cutting edge research items. Not only has this been studied and documented by various red teams, they've done a much better job of research without a PhD on the team.

There are a few items which aren't on his list which are huge. For instance "Curiosity"; as in appearing to have received an email & attachment (with 'juicy' info) meant for someone else.

Finally, how about the conclusion? Having a PhD is proof you can conduct in-depth ORIGINAL RESEARCH in order to present findings and objectives in a manner where others learn greatly from your efforts. To provide and prove NEW academic knowledge.

Going back over work which has been known for years without providing anything new isn't research... it's VALIDATION. This paper doesn't even present ideas to move forward to find new research or new views into psychology.

If you're truly a PhD in anything and value your own integrity... you wouldn't publish something like this and title it as "research".

Fighting this the wrong way

The freedom of a nation and national security will always outweigh individual freedom. This is why electronic surveillance has been going on over 100 years in many different forms without any success to do away with it.

The fight shouldn't be against the use of surveillance, it should be to increase penalties and sentences against those who misuse surveillance technology and the intel information from it. Ensure directors and supervisors are held responsible for any misuse (no matter how small) with prison sentences and you'll see strict policies and procedures in place to restrict, account and record any use just to cover their ass. You'll also see it will only be used when absolutely necessary.

Not to mention, it's difficult for a politician to tell their constituents they aren't a proponent of accountability and transparency.

That's it...

...bash the US Government for a right to choose; yet cheer on a country which sensors it's citizens and wants to end the use of TOR and other applications. Way to see the big picture with such a narrow mind.

Fact is, the US DoD and other five-eye nations long ago banned applications from non-NATO countries, to include banning applications from Israeli owned companies. So making the move to encompass all government agencies isn't a real shocker.

Sure, Kaspersky has done a lot of good and it's R&D matches up with any other; however, if the Russian government insisted nefarious code or backdoors get inserted into some copies of their applications destined for certain government agencies what do you think Kaspersky will do? Yeah... duh. The hardest lies to detect are those consisting of 99% truth.

Tourism Money

Interesting, so much said as if the United States' economy will collapse because people from the UK stop visiting. A larger effect will occur if college kids from New Jersey quit going to Florida on spring break.

Any business stating it's too much hassle to make a profit in the country with the largest economy in the world is either a fool or a liar who knows nothing about economics. Even so, WTF cares? There are plenty jumping at the chance to do so.

You know the saying about opening your mouth and removing all doubt that you're an idiot.

What's so shocking?

These numbers aren't far from what we should expect. Very few individuals will be ready to jump into InfoSec positions right out of college.

Don't forget to look at cybersecurity for what it really is: risk assessment. In order to properly conduct a risk assessment and analysis you must have experience with multiple computer disciplines. To simplify, if you don't have experience with a particular operating system as an operator and an administrator along with experience with networking (firewalls, routers, switches, VLANs etc.), it will be a bit difficult to properly assess risk and provide mitigation requirements when analyzing a new system.

Add to this the ability to adjust to new technologies, new attack vectors, etc. and stay on top of a constantly changing world. InfoSec analysts don't focus on one particular area, they must master many and then maintain proficiency in them all. This is a challenging undertaking not everyone can handle.

If this isn't enough stress, lets not forget InfoSec analysts must get it right every time. It's difficult for many CIOs to put trust like this into individuals who don't have 10+ years of experience in multiple computer disciplines.

Amazing

Yeah, we get it Trump bashers. You don't like him, and you love repeating the same stupid left wing racist-elitist talking points. Too bad you can't think critically and come up with original thoughts.

The problem in the Government, and how the RMF has been implemented is in those who are "ACTUALLY" responsible for each network's security. Currently this lies with individuals who are 0-7 or SES-1 level (or above). You aren't going to hold a general officer accountable; and there are very few flag officers who are deeply knowledgeable in information security. Not to mention the fact, many times these officers aren't physically located at the same base or city the network is. Just stupid, right?

They need to go back to allowing O-6 and GS-15 level officers and perhaps even O-5/GS-14 level officers take responsibility for networks. They need to increase the number of cybersecurity red teams, as well as ensure RMF standards are implemented and organizations are funded properly to meet certification and accreditation standards. Holding commanders responsible for networks which do not meet RMF standards, or have a POAM in place to correct deficiencies.

Don't you hate it

John,

It's ridiculously selfish, not to mention stealing... when you don't provide direct references to the original blog/article etc. you are paraphrasing or copying. Especially, when you provide only 20% of the original article, which can be found at Kaspersky's Securelist blog here:

https://securelist.com/blog/research/77403/fileless-attacks-against-enterprise-networks/

..effing thieves.

Let's all bash the TSA.

I wonder.. for those who bash the TSA, how well can you perform a job where you must make 20-200 decisions an hour, 40 hours a week and get each of these tasks done correctly. Where, if you make one mistake and miss something, lives are put in danger.

Yes, it's easy to bash TSA when you're ignorant. However, I'm willing to bet you make at least 2 to 3 mistakes a week at your job.

Let's not forget. The ACLU doesn't exactly have the best reputation when it comes to credibility. It obviously doesn't have all the information here (by their own admittance). Also remember, there is no expectation of privacy when travelling.

I've been pulled aside at an airport TSA checkpoint many times for additional screening, patting down, etc. Along with having to open my carry on luggage many times. I'm clean cut, usually wearing a suit and give them no reason I know of to search me. Hmm... perhaps the TSA has a problem with penetration testers. Or maybe, it's because I usually carry on two to three laptop computers along with some Ethernet cables and a SOHO router. No, that's not it... I should ask the ACLU...I'm sure they could come up with a frivolous reason.

Of course you come to the conclusion anyone who carries onto an aircraft this much electronic equipment should be looked at a little closer.; However, it can easily be spun into saying the ACLU doesn't trust penetration testers, and therefore they are profiled for extra scrutiny.

The leadership of the ACLU gets paid a lot of money. The more they spout out and the louder they are towards issues the elite left support, the more money they get from the filthy rich left. So don't think for one moment the ACLU cares about anything but donations to their bank accounts.

Aerospace Ignorance

To say the Harrier has any chance against an F-35 is ignorant.

The Harrier wasn't built for 1:1 engagements against fighter aircraft. It's primary duty is sea interdiction and support/protection of ground troops. For this role, the Harrier works very well. When used, Harriers typically have fighter aircraft flying cover above them.

The Harrier has a relatively low thrust to weight ratio which means slow acceleration. Speed and height is king along with being able to make fast, tight turns and maintain energy. Against the F35, the Harrier falls far behind. It's not even a close contest.

More ignorance

The USA is filled with people who emigrated from European countries because they were tired of putting up with your s**t. [insert ushered applause]. So stay away from the USA, they'll somehow manage to get by.

Objecting to researching immigrants from 7 countries in this way is entirely logical since there isn't any government which keeps records, or have the infrastructure to support normal investigation operations. You object to investigating social media accounts, but do you have any idea what most countries investigate before someone immigrates into the country YOU live in? Giving up social media information is nothing compared to typical items which are investigated.

Stop shouting out racist left wing talking points. Stop being an ignorant parrot who just repeats what they hear. Take 10 minutes and research and ask WHY something is being done. Be a bit more critical when it comes to left wing crying points.

Waiting on...

The FBI hasn't commented yet because they are waiting for the approved talking points (lies/untruth) from the White House on what to say. Along with some ridiculous back story to put the blame somewhere else without taking any responsibility for the vulnerability.

...that is, unless they convince the majority of the media to not cover this story, or bury it way back on page 21. They wouldn't want the POTUS to look bad...errr... worse than he already does, with 2 weeks left to go in office.