* Posts by Destroy All Monsters

14991 posts • joined 3 Jun 2008

Kaspersky Lab denies tricking AV rivals into nuking harmless files

Destroy All Monsters
Silver badge
Paris Hilton

Somebody is talking fast here.

It is claimed Kaspersky engineers took harmless Windows operating system files, manipulated them to appear as though they contained malware, and uploaded them to VirusTotal. The aim was to deceive non-Kaspersky antivirus engines into treating those system files as dangerous

I fail to see how this is possible. If you "manipulate Windows operating system files", they no longer ARE Windows operating files. And how does this deceive other antivirus engines? Does one mark certain strings in those files and tell the other engines "if you see those strings, quarantine the file"? And they do it? In the age of polymorphic virus, no less?

If you start getting false positives on OS files, then you have a big problem, and it has nothing to do with someone poisoning your well. It's more along the lines of being lazy or not having the right conduit to Microsoft.

8
0

Larry Page was held back by Google execs from flooding world with new dot-word domains

Destroy All Monsters
Silver badge

Re: Why alphabet?

No

0
0
Destroy All Monsters
Silver badge
Gimp

Re: TLDs should have been abolished.

There is no technical reason or excuse for the end of domain names to be limited.

Please read the recent articles on El Reg about the moronocalypse.

2
0
Destroy All Monsters
Silver badge
Paris Hilton

Re: Oh dear

Are you the wife of $DEAR_DEPARTED, rebel leader of the somalian insurgent group of upper mallfuck, with 40'000'000 (FORTY MILLION US DOLLAR) in an undisclosed storage box?

1
0
Destroy All Monsters
Silver badge

Re: Oh dear

I'm hurredly off to reserve .moneygrab and blog about it in financial and IT publications. #moneygrab NOW!

2
0

Skills crisis? Not for long: More and more UK kids gain STEM quals

Destroy All Monsters
Silver badge

Re: A-Level results

The chance of the above happening are at Kim Dotcom levels.

1
0
Destroy All Monsters
Silver badge
Trollface

The Telegenic Snowden effect

"Mom, I want to UNDERSTAND this cryptography stuff!"

"Don't you rather want to become a laywer? Or get employed at GDS?"

"NOOOOooooo!"

4
0

Riddle solved: Do bears crap in the woods? No – they're stressing out over drones instead

Destroy All Monsters
Silver badge
Alien

The right to arm bears etc..

Well, ok. So you are being chased by a hovering UFO making noises generally ascribed to FUCKING MONSTER INSECTS OF THE CARBONIFER, so what's a honest-to-God mammal not reading "IEEE Spectrum" and rather certain that he's not currently on the Presidential Kill List going to do?

Probably act nonchalant and tweet about it...

5
0

Facebook hands hackers $100k for breaking browsers

Destroy All Monsters
Silver badge
Thumb Up

In this exercise, we re-inject type checking that should have been left there in the first place...

Very cool.

An important OOP feature is type casting that converts one object type to another. Type conversions play an important role in polymorphism. It allows a program to treat objects of one type as another so that the code can utilize certain general or specific features within the class hierarchy. Unlike other OOP languages—such as Java—that always verify the safety of a type conversion using runtime type information (RTTI), C++ offers two kinds of type conversions: static_cast, which verifies the correctness of conversion at compile time, and dynamic_cast, which verifies type safety at runtime using RTTI. static_cast is much more efficient because runtime type checking by dynamic_cast is an expensive operation (e.g., 90 times slower than static_cast on average). For this reason, many performance critical applications like web browsers, Chrome and Firefox in particular, prohibit dynamic_cast in their code and libraries, and strictly use static_cast. However, the performance benefit of static_cast comes with a security risk because information at compile time is by no means sufficient to fully verify the safety of type conversions. In particular, upcasting (casting a derived class to its parent class) is always safe, but downcasting (casting a parent class to one of its derived classes) may not be safe because the derived class may not be a subobject of a truly allocated object in downcasting. Unsafe downcasting is better known as bad-casting or type-confusion.

Yes, we are still in the Middle Ages of Coding, with barely adequate programming languages, EULAs, witches, "here be dragons" and mandragore sprinkled all over everywhere, and bad reflexes (performance >> security) are still prevalent. But we are slowly getting there.

4
0

Have an iPhone? Mac? Just about anything else Apple flogs? Patch now

Destroy All Monsters
Silver badge
Paris Hilton

Re: *raises snout

MBPr

Some kind of new STD?

8
0

CAUGHT: Lenovo crams unremovable crapware into Windows laptops – by hiding it in the BIOS

Destroy All Monsters
Silver badge

Re: FUCK CHINA!!!!

> Nuke 'em!!!!

Very inwise, grasshopper.

2
0
Destroy All Monsters
Silver badge
Trollface

Re: Linux v Windows

The reason the average user won't swap to Linux is the difficulty of finding drivers for their peripherals.

As opposed to here where you get drivers you didn't want for peripherals you didn't know you had delivered DIRECTLY FROM THE BIOS.

2
0
Destroy All Monsters
Silver badge
Mushroom

This is the year of the crapocalypse

LENOVO.... OUT!

Built into the firmware on the laptops' motherboard is a piece of code called the Lenovo Service Engine (LSE). If Windows 7 or 8 is installed, LSE is executed before Windows is launched.

Presumably, if Windows 10 is installed, YOU are executed before Windows is launched.

11
2

Huge explosion kills 44+ in China, blasts nearby supercomputer offline

Destroy All Monsters
Silver badge
WTF?

Re: Talk about risky locations..

Depending on the river flow, the build-up of water will take about 24-48 hours to reach the point that the dam rubble gives way, at which point the resulting flood sweeps chemical factory and noxious contents into the nearby city.

CALVIN STOP PLAYING

2
0
Destroy All Monsters
Silver badge

Efforts to search the premises and treat the injured are a priority

Should be "search for the premises"?

20
1

ZUCK OFF: Facebook nixes internship after student embarrasses firm

Destroy All Monsters
Silver badge
Big Brother

Re: Facebook, ethics????

Doing the ethical thing == Doing the thing you can get away with

(Also "Slavish following the law, in particular bad law", depending on context)

1
0
Destroy All Monsters
Silver badge
Paris Hilton

Re: Guess Zuck really is a boy genius!

Isn't the issue that he made freely available the tool to exploit the problem

I thought it was a feature?

Think of how much money the world could save on security if we just made it against terms and conditions, why did no one come up with this brilliant idea before Zuck?

I hate to tell you, but legislators perform this feat of high intelligence about every 48h.

4
2

Two weeks of Windows 10: Just how is Microsoft doing?

Destroy All Monsters
Silver badge

Re: Damned by faint praise

You know, there are actually people who think that Obama ordered the pullout from Iraq.

You can sell anything these days. Karl Rove was absolutely right.

2
2
Destroy All Monsters
Silver badge
Coat

Re: Bob Dole

And he was seen driving off with a productivity juggernaut!

0
1

Rise up against Oracle class stupidity and join the infosec strike

Destroy All Monsters
Silver badge
Mushroom

Re: Your vehement invective is pointless; there is only one fix for this malaise...

And the cause? The FSF, and OSS. Whilst Richard Stallman can not just exist; but live a lucrative and privileged lifestyle whilst commanding exorbitant fees on the international after-dinner speaker circuit; 97% of those contributing long hours in their evenings and weekends -- having completed a long and underpaid day job -- to OSS; are burning themselves out to produces the flawed and endlessly forked OSS products that allow Richard Stallman to live the high life.

Thank you fucking arsehole for dismissing work that may be done for fun and learning and not necessarily for profit (though some OSS work IS done for profit) and reducing it to the catchy "you are performing unpaid work for Stallman" meme. Congrats. You are the cancer.

If you want to understand what happens when creative works are distributed for free; ask a journalist; or a musician.

Journalists and musicians are not working for free (well, sometimes thy are, same thing really). They may be working in a branche that rewards mediocrity, works on bad model or in which it is hard to make a living but that is another problem entirely.

No-one forces you to use OSS of any quality level whatsoever. You are free to shell out maximum dollar for any software you like, for a quality level you can set. Only getting Windows from a company that has golden teeth of the X-Box kid but that disclaims reponsibility in an EULA? Tough. Then order bespoke. Not enough money? Sucks to be you.

Now Fuck Off And Die in an Orlowski thread.

11
1

Stop taking drug advice from Kim Kardashian on Twitter, sighs watchdog

Destroy All Monsters
Silver badge
Windows

The feel when!

Am I reading excerpts from "Stand on Zanzibar" again? Goddammit, John!!

0
0

FAIL: Windows 10 bulk patch produces INFINITE CRASH LOOP

Destroy All Monsters
Silver badge
Holmes

Re: Been there - Done that...

For someone with so much insight, pray tell us, which year will be "TYOL"

Does anyone really care? Just keep on *nixing.

I would post a SHIGGEDY-DIGGEDY Costanza reaction image if I could.

5
1
Destroy All Monsters
Silver badge

Re: good for you

And there lies the problem, multiple hardware platforms.

Removing dud users from the Registry helps

Implying this has anything at all to do with "multiple hardware platforms"

0
0

Mozilla-Microsoft spat latest: Firefox yanks Cortana away from Bing

Destroy All Monsters
Silver badge
Mushroom

I'm Mullah-levels of mad

Dear Microsoft.

Stop your shit. Stop it. Did you utter idiots look at "patch Tuesday"? Yes. That Tuesday. Are there any comments about forceful, uncalled-for upgrades to Windows 10? You know what I'm talking about. What's that you say? I need "WSUS"? I need "Mcrosoft inTune?" I need Microsoft Cruddy Directory of unwanted Complexity? Yes, that. The thing that needs a telephony directory by O'Reilly to be "explained". Do you nethermost dumbfucks think you are in a position to play games with your Cortina shit and forcefully collect user data per fas et nefas? STOP IT. Guess what's crawling onto my shitlist? Yes, Microsoft "Enterprise" (more like "play-doo" amirite?) solutions. I knew a few people who want to close the sale before end of year. We will see about that.

Did I mention that your helpdesk seems to be populated by people who are recuperating from crack addiction and have difficulty concentrating for 5 minutes? START INVESTING YOUR BILLIONS WISELY.

38
8

It's 2015, and someone can pwn Windows PCs by inserting a USB stick

Destroy All Monsters
Silver badge

It means it's from the same roll of toilet paper.

16
0

'WOMAN FOUND ON MARS' – now obvious men are from Venus

Destroy All Monsters
Silver badge

Re: Judi Dench

More like Chronicles of Reddit, amIrite?

0
0
Destroy All Monsters
Silver badge
Thumb Up

Alia on the Shield Wall?

FANTASTIC!

An excellent cover image for the next edition of Children of Dune!

0
0

Oracle pulls CSO's BONKERS anti-bug bounty and infosec rant

Destroy All Monsters
Silver badge
FAIL

I remember "Unbreakable Linux" from this club of gentle(wo)men

An appropriate frenchism: Fart Higher Than One's Arse

Common sense says to move away from official Java as fast as possible.

8
0

Intel left a fascinating security flaw in its chips for 16 years – here's how to exploit it

Destroy All Monsters
Silver badge
Alien

Re: We've got our FBI on you

Another software disaster as David Cameron hatched unobstructed.

2
1
Destroy All Monsters
Silver badge
Windows

Re: a ha ha ha ha ha :(

I throw myself into the dust as to your wisdom, Oh Anonymous Sage!

17
1

HTC caught storing fingerprints AS WORLD-READABLE CLEARTEXT

Destroy All Monsters
Silver badge

Re: I wonder how many people will be bitten by these biometric shenanigans

Biometrics seem a neat idea for security, but we don't know how to make good security on the Internet

Biometric data is your NAME.

What is your PASSWORD??

2
0

Beaming boffins feel the rhythm as neutrinos oscillate over 500 miles

Destroy All Monsters
Silver badge

Re: Speaking of Physics at school...

I wonder whether soldiers should be trained in the fine art of japanese sword wielding for these kinds of jobs.

2
0
Destroy All Monsters
Silver badge
Thumb Up

Re: Aiming the beam

The NuMI beamline then continues about 450 miles through Earth on toward the MINOS far detector in the Soudan mine in Minnesota. By the time the beam reaches the far detector, it is about 20 miles in diameter!

So .. atan(20/450) / (2*Pi) * 360 or about 2.6° of spread.

That's pretty shotgun!

Reminder that future muon colliders will blast out neutrino beams that will be a radiological hazard. I can't wait!

4
0
Destroy All Monsters
Silver badge
Holmes

specially-built Fermilab ... based in Ash River, Minnesota.

That would probably be "an annex of Fermilab", as Fermilab is known to have high probability of being found in Batavia, Illinois.

Plus:

The neutrino event had an energy of more than 2000 trillion electronvolts

Okay, that's like a chiuaua morphing into tibetan mastiff. How does one pump that much energy into a neutrino?

that will claim neutrinos have been detected beneath the Earth's crust

Naturally occurring neutrino emissions from radioactive decay? Yes we detect!

6
0

Hack a garage and the car inside with a child's toy and a few chips

Destroy All Monsters
Silver badge

Re: Too cheap to put in some crypto

To reiterate on the above comment

1) Put SoC with appropriate code and radio interface into door controller, all nicely hardened (but updateable via USB stick should a problem appear in any case)

2) This will cost $$$ but it's going to be "The Right Thing"

3) ???

4) PROHIBITIVE COST, MARKETING APOPLECTIC, BOSS BLOWS A GASKET, FIRED!

0
0
Destroy All Monsters
Silver badge
Holmes

Re: Too cheap to put in some crypto

You must be one of the "vision" guys.

0
1
Destroy All Monsters
Silver badge
Paris Hilton

Are you sure you are posting in the correct thread?

1
0
Destroy All Monsters
Silver badge
Trollface

Re: Known technique

But it's very easy to implement with a 12-bit shift register, simple AND/NOT logic and a wire...

0
0
Destroy All Monsters
Silver badge

Re: Well...

Neighborhood watch or not someone will look out the window.

UFOS!

2
0

Update Firefox NOW to foil FILE-STEALING vulnerability exploit, warns Mozilla

Destroy All Monsters
Silver badge
Gimp

Fedora 20?

Argghhhh... no updates.

Stuck at 38.0.5.

meanwhile let's just disable it...

0
0
Destroy All Monsters
Silver badge
Holmes

Re: Sandboxing

Browsers ought to be 100% sandboxed.

Someone downvoted this?

Some people really need to be "marched to the door of the oven", to inappropriately cite Huckabee the Huckster.

0
0

Death to DRM, we'll kill it in a decade, chants EFF

Destroy All Monsters
Silver badge
Mushroom

Copyright meme peddling

As less and less people pay for stuff, you need more and more ways to protect content.

Stuff your whiney irrelevant "MUH CONTENTS" shit and keep it for an Orlo thread. (Hey wait, tons of studios are demanding money on the street because they are dying on the vine ... ? WOW, ACTUALLY NOT! Anyway ... )

We are talking about opening up things that MUST be inspected. Medical devices. Car MCUs. Voting machines. IoT crap. Network devices. That's what we are talking about. Not the "but I'm losing money on sales that never would have made anyway" talking point.

(Reminds me that I still have to hand over a few bucks to soma.fm)

12
0

Carphone Warehouse coughs to MONSTER data breach – 2.4 MEELLION Brits at risk

Destroy All Monsters
Silver badge
Holmes

mega data breach.?

With 90'000 customers affected, it's more like a kilo data breach.

Eagerly waiting for the song "summer of breaches" by some nu metal band. "BreeeAACHHESSS!! RoooROOORrrooo"

4
1

Windows 10 is FORCING ITSELF onto domain happy Windows 7 PCs

Destroy All Monsters
Silver badge
Paris Hilton

The thought occurs that there must be a global uptick in data transiting through the last mile(s) and possibly the backbones (unless it is just noise in the Netflick/Spotify global heat engine)...

0
0

Boffinry breakthrough: Bullied bumble bot bolts brutal brat beatdowns

Destroy All Monsters
Silver badge
Thumb Up

Re: 3 Laws

Dave Langford's version...

That's a pretty good set, very actionable too.

It's beyond me why Wikipedia labels these tongue-in-cheek. They WILL be implemented. With law "4) Classified" added.

2
0

It's incredibly easy to bump someone off online, and here's how to do it – infosec bod

Destroy All Monsters
Silver badge
Devil

Film at 11

Controlling everything centrally via inept civil serpentry for "social benefits fraud", "tax avoidance", "illegal immigration" and "terrororoorism" will lead to Brazil situations.

Indeed.

9
1

Sane people, I BEG you: Stop the software defined moronocalypse

Destroy All Monsters
Silver badge
Thumb Up

Re: Bah!

Headlines of history:

Measurer of angles and explorer Charles Babbage invents "Sumerian Writing"! Locals can now write down the cows owed on pottery! Marketplace proclamation at 11. Praise Urdu!

Charles Babbage was recently seen consulting with the NSA on quantum cryptography. More on this at 11 - Next: The role of Kim Kardashian's arse in the Iran negotations. After this message!!

1
0
Destroy All Monsters
Silver badge
Headmaster

Re: Is there a standard to aspire to?

Meaning an ISO standard for writing code/managing projects

1) Yes, there is a whole library of those.

2) No, it all depends on what the end product is supposed to look like. On what "quality indicators" to spend the most effort. What efforts to avoid. How risk management should look like.

3) Speaking of which, maybe ISO/IEC 16085:2006 Systems and software engineering -- Life cycle processes -- Risk management is the keystone of it all. ISO/IEC 9126 Software engineering — Product quality most assuredly isn't.

4) Always start with the SWEBOK (Software Engineering Body of Knowledge) list-of-pointers.

1
0
Destroy All Monsters
Silver badge
Trollface

Re: Completely daft article

IoT = "software defined accidents"

0
0
Destroy All Monsters
Silver badge

For example, I know nothing about SQL injections

Just use the correct library which will do the escaping for you. The delta between OUCH and GOOD is sometimes very narrow and just needs a bit of coaching.

0
0

Forums

Biting the hand that feeds IT © 1998–2017