The usual ways: smurfing, money laundering, and mules.
Posts by Charles 9
16605 publicly visible posts • joined 10 Jun 2009
Page:
- ← Prev
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- 115
- 116
- 117
- 118
- 119
- 120
- 121
- 122
- 123
- 124
- 125
- 126
- 127
- 128
- 129
- 130
- 131
- 132
- 133
- 134
- 135
- 136
- 137
- 138
- 139
- 140
- 141
- 142
- 143
- 144
- 145
- 146
- 147
- 148
- 149
- 150
- 151
- 152
- 153
- 154
- 155
- 156
- 157
- 158
- 159
- 160
- 161
- 162
- 163
- 164
- 165
- 166
- 167
- 168
- 169
- 170
- 171
- 172
- 173
- 174
- 175
- 176
- 177
- 178
- 179
- 180
- 181
- 182
- 183
- 184
- 185
- 186
- 187
- 188
- 189
- 190
- 191
- 192
- 193
- 194
- 195
- 196
- 197
- 198
- 199
- 200
- 201
- 202
- 203
- 204
- 205
- 206
- 207
- 208
- 209
- 210
- 211
- 212
- 213
- 214
- 215
- 216
- 217
- 218
- 219
- 220
- 221
- 222
- 223
- 224
- 225
- 226
- 227
- 228
- 229
- 230
- 231
- 232
- 233
- 234
- 235
- 236
- 237
- 238
- 239
- 240
- 241
- 242
- 243
- 244
- 245
- 246
- 247
- 248
- 249
- 250
- 251
- 252
- 253
- 254
- 255
- 256
- 257
- 258
- 259
- 260
- 261
- 262
- 263
- 264
- 265
- 266
- 267
- 268
- 269
- 270
- 271
- 272
- 273
- 274
- 275
- 276
- 277
- 278
- 279
- 280
- 281
- 282
- 283
- 284
- 285
- 286
- 287
- 288
- 289
- 290
- 291
- 292
- 293
- 294
- 295
- 296
- 297
- 298
- 299
- 300
- 301
- 302
- 303
- 304
- 305
- 306
- 307
- 308
- 309
- 310
- 311
- 312
- 313
- 314
- 315
- 316
- 317
- 318
- 319
- 320
- 321
- 322
- 323
- 324
- 325
- 326
- 327
- 328
- 329
- 330
- 331
- 332
- 333
- Next →
FOURTH bank hit by SWIFT hackers
Hacked in a public space? Thanks, HTTPS
"And without that there's no way on the network of reliably telling who's who, and without that we're doomed to have a network pretty much like the Internet currently is."
In other words, the Internet is going to become a doom zone no matter what because it can either be stateless (and eventually a zone of anarchy) or stateful (and eventually a police state). It's Pick Your Poison with no third option available because "they know you" and "they don't know you" is a strictly binary state.
LinkedIn mass hack reveals ... yup, you're all still crap at passwords
Re: Advice please
WHY do people need to change their passwords periodically if people follow the best practice of using a different password for each and every site? If the password's been breached, it won't work anywhere else, and odds are the password gets breached before ANYONE knows about it, making the while "change the password" exercise moot as odds are the criminal will change the password THEMSELVES once they have it--to block backhacking.
IOW, with password managers and different passwords for every site, it's either too early to worry about or too late to do anything to fix it, with no middle ground.
"Passwords are not a good way to enforce security. Like democracy, they are the least bad way we have now."
Only thing is, we're realizing all these "least bad" solutions are not acceptable. So we need an alternative that is better than the least bad solution out there, and we need it soon before the whole house of cards collapses in on itself.
Re: Attitudes to risk
"Your common-or-garden cybercriminal, much like your common-or-garden house burglar, will go for the easiest targets. They're after quick money not some convoluted identity theft."
But you could always have motivated enemies out to target you specifically or one who just feels like putting forth extra effort, like you say, so as to steal an identity and milk it for all its worth (one big haul versus many little ones) much like sociopathic stalkers who groom their victims over time.
Re: I didn't expect this.
"In years to come, the proof that passwords are a good way to enforce security will be that some bloke pointed out how shit they were and didn't provide an alternative."
What if someone produced a true reductio ad absurdum that showed that anything other than passwords is provably worse than passwords, which we know to be unacceptable because people can have bad memories. Then I have to wonder where we go from there...
Re: Attitudes to risk
But the problem is, what if you ALSO accidentally dropped a bit of a bill or something else that can identify you more completely. Then that shoddy shed lock just became an inroad to social engineering or even identity theft. That's why ANY site with a bad password can be risky. ANY information they can glean from it can be used to reconstruct your identity, at least to the point they can employ social engineering to get more information and then eventually they have enough to compromise or steal your identity.
Victims stranded as ID thieves raid Aussie driver licences
"Why are credit agencies etc using the licence number if they are a target for identity thrives?"
Probably because they need a permanent ID number to be able to report to the government for whatever reason. It's one reason US Social Security numbers are still used sometimes even though the government discourages its use: because some aspect of their business requires it (say an employer or a medical provider).
Re: circumvent
"I do think the zero alcohol limit for new drivers is a good idea though"
You can't set the bar lower than .02 BAC because that's about the NATURAL level for your average human (are there really people like Vimes who have a naturally low BAC that makes them a bit knurd by nature). And a low bar would really suck for a person with a high natural BAC or who regularly uses mouthwash...
Pointless features add to browser bloat and insecurity
Re: Study fails to consider one thing... Flash
"I'd also like to see as much effort going into fixing the web advertising as has gone into these seldom-used features. Not killing it, fixing it, as that publishers get paid, users are not tortured, , privacy is respected, advertising ceases to be a malware vector, sites are not slowed to a crawl, and we no longer need an ad-blocker just to have a usable browser. I'd like to see a serious effort to impose a code of conduct and technical guidelines on advertisers, and war waged on those that don't fall into line. Something along the lines off this - audio/video ads only allowed to be delivered with audio/video content, otherwise static header and sidebar ad only, all ads to be surrounded by an advertisement border or watermark, etc. We've got to reach an end to the advertiser arms race, and, ans sites that break those and use abusive practices rules should start finding themselves in the malware blacklists."
You can't fix it. The ad arms race has been going on for OVER A CENTURY now. Heck, the scourge of ads has been in literature since at least World War II (read First Lensman, for example: written during World War II). Advertisers are like roaches; they'll survive nukes. And net-goers are too conditioned to freebies to go back to the old CompuServe walled garden business. Bad guys will ALWAYS be able to infect ad networks simply because they now have the resources to perfectly mimic legitimate businesses, operate out of countries that won't extradite but disguise their origins, and can change identities like a chameleon changes colors. With this kind of "anything goes" environment, how can you expect to keep things clean? Especially when ad agencies are getting big enough to essentially hold small sites hostage? I'm sorry, but all this sounds to me like wishing for unicorns...
No, I expect them to be led by the hand into a trap. As a comedian once said, "You can't fix Stupid," yet Stupid happens to comprise a significant portion of your customer base. So you're surrounded by hopeless idiots in search of unicorns, and you're pretty much stuck in a "The Customer is Always Right" situation as your job depends on it.
I just had a thought. What if someone coded a browser Dilbert-style, ignoring the stupid who demand this and that bloat and instead of telling them honesty what is happening simply lying to them every time they try to do something stupid. Say they want to go to a site that wants Flash to start an exploit, the browser can say, "I'm sorry, but the site you're trying to reach doesn't speak Internet correctly and cannot be reached. Recommend looking somewhere else. And yes, there IS another place to find it; this is the Internet, after all." IOW, you can't fix Stupid, so the best thing you can do is deflect it like you would with a PHB.
Re: Don't Block it, Dump it.
"Allow the "Blocker" to simply Remove (or never download in the first place) the code that the User objects to."
How are you going to know what the code is you need to dump unless you download the code to inspect it in the first place? And due to perverse motivation, you can't expect the server to do this for you.
"I kinda wish Mozilla had stuck to this philosophy, which is what I think they started out with."
Stupid struck. As in stupid users who demand their content yet aren't smart enough to find the needed extensions, leaving them with a dilemma: accommodate them and bloat your code or see your customer base defect to the competition. When the customers demand bloat, damn the consequences, what do you do?
Re: Dubious
"Leaving aside considerations about the cloud being a good or bad thing, if you need a network aware app that also provides rich interactivity, that leaves you with a few options. Locally-installed software, apps a la iOS/Android. Or a browser-based app with JS and SVG/Canvas support."
Who not just make a protocol specifically for the purpose? Or why not use something specifically built for interactivity like VNC? Then again, these require persistent connection and the current Internet spec only allows for ~65,000 ports in use at a time, a fair chunk of which are already reserved.
The thing is, as others have noted, HTTP was intended to be a non-interactive protocol to start with. Why did it get usurped into a two-way protocol?
Until the LACK of a module loaded opens a security hole (which is a problem in and of itself). Or they find another exploit that enables them to ENABLE the module they want willy-nilly. The only way to block THAT is for the module to not exist AT ALL. And even then, they'll probably just drop them using whatever secure channels they've been able to usurp. For some adversaries, money and technology are no objects.
And yes, flabby and lazy is the way to go, because you learn the "one thing" you're expected to do...is EVERYTHING.
As for Linux, NO until they can get their gaming act together better. Tried it. Ended up with headaches.
Google to kill passwords on Android, replace 'em with 'trust scores'
Re: Just curious ... how many commentards here
"But 'something you know' is likely to remain the strongest element of any 2FA system. I for one am not ready to give up my password."
But what about all those people with bad memories for whom "something they KNOW" is likely not an option? That's the big bug-a-boo about passwords: it relies on something that for many people is very finicky and at plenty of times may not be reliable enough.
Re: Just curious ... how many commentards here
"Passwords however cannot be forcibly extracted from your brain by any means short of torture. They are easily changed if you suspect a breach."
Unless you're TRICKED, and the trickster changes the password ahead of you to block you regaining control...
Re: Lack of Common Sense
"which really means they want technology that is sophisticated enough to be magic. consumers want to be able to have their phones, financials and abodes only open to themselves and those they allow without having to do anything or know anything. That last might make a good metric of customer acceptance."
That's pretty much what they want because for many people what they ARE is ALL THEY HAVE. They have poor memories so don't KNOW anything and all they HAVE is the phone so they don't have anything else to authenticate with.
Re: Once again...
But for many people that's ALL THEY HAVE. So they're all you have to work with. If you say that's not acceptable, then you're saying these people CAN'T be secure and that they're a lost cause. Sounds like you need another idea that doesn't rely on memories or things that may not be present.
Republicans move to gut FCC and crush its net neutrality crusade with paralyzing budget rules
Re: GOP throws hissy fit, tries to end party
"Is there a country without this BS? Without restrictions on what Internet sites can be visited, without nasty taxes, without stupidity and the power-mad running it? One with reasonable and intelligent lawmakers? I'm looking to move."
You won't find it. What you're witnessing is the basic human condition at work. ANY form of government ultimately degenerates into some corrupt cesspit given enough time.
Re: Someone explain to me...
There are 435 Representatives in Washington, each representing a certain chunk of the country. Each one gets directly elected by those constituents, and it's an election year, meaning ALL of them need to stump for their votes. Meanwhile, each district has their varying concerns on which their elections will pivot, so these Representatives ask their more influential friends to help. The basic formula went, "I'll help you get this done if you vote for the greater bill that enables everything."
The House tried to establish rules limiting this practice since other voters noted it to be an element of corruption, but they found it to be a necessary evil. Those lesser representatives had no motivation to vote for controversial bills otherwise, putting important bills in jeopardy and lowering Congress's approval rating as a whole due to a climate of nothing happening because of the lack of corruption (of course, this never influences the local elections much--there it's always Somebody Else's Problem).
You see, that's the thing about governing by committee like this. Each member has its own motivations and rarely do they honestly come together when the motion to be passed is a "necessary evil" one (structurally necessary but very unpopular--tax reforms, for example). About the only time they come together is when some kind of crisis (like 9/11) hits. 200+ years of experience seems to indicate this is just basic human condition at work. It's not something that can be easily solved which is why corruption tends to show up in ANY form of human government imaginable.
Your pointy-haired boss 'bought a cloud' with his credit card. Now what?
Re: Missing the real point
"Most PHB's don't have the technical understanding to realize that, and most IT staff aren't good at explaining complex problems to people who don't have a technical background."
No, it's more that PHB's aren't willing to listen. All they care about is, "We need X, Y, and Z--of which at least one is a Unicorn--done, yesterday--and yes, he DOES mean yesterday." The instant you say "here's why" your speech is auto-DEtranslated into something like Xhosa, meaning they never hear or understand the why of it, and it's like that everywhere so jumping ship may just mean jumping into a worse situation.
Your next server will be a box full of connected stuff, not a server
Renewable energy 'simply won't work': Top Google engineers
Re: Currents
Yeah, the same problem wind turbines generate: once you suck out the power from that current, there's less down the line. I don't think the UK would be too thrilled if Florida's experiment with the Gulf Stream sucks most of the energy out of it, leaving little to warm the English waters...
GM crops are good for you and the planet, reckon boffins
Re: An argument for some regulation and oversight...
"It seems to me that somebody somewhere should be reviewing these on a project by project basis. Especially when it becomes such a common technique that everyone is doing it."
OK, now who PAYS for it? The customers won't because they're penny-pinching as it is, and the companies won't do it because they have investors to please, plus if anything does hit the fan they can cut and run before they're caught.
Want a better password? Pretend you eat kale. We won't tell anyone
Re: 67 per cent figured a 50,000-gruess-strong password was good enough
You forget social engineering and identity theft. They can use data from the less-valuable sites to make inroads into the more-valuable stuff. So since just about ANY site can be a stepping stone, you may have to assume your least valuable site is as important as your most valuable one (since breaking the former can lead to breaking the latter).
Modular phone Ara to finally launch
Re: Hmm.
Compared to the phones of the time it was pretty big. Before the iPhone came along, iPhones tended to have small screens with those jog wheels. Plus most phones on the market were feature phones. Finally, the other touch screens were single-touch resistive where the iPhone was the first mass-market phone with multi-touch capacitive, meaning they set the trend for things like two-fingered scroll and touch-to-zoom.
To those who are downvoting: show a way you can do with with an ARM architecture (such that you can swap out eveything INCLUDING the CPU, GPU, memory, and screen, and STILL maintain much-needed power efficiency. Oh, AND not break existing compatibility, which last I checked on ARM relies on initramfs which in this case is closely tied to the hardware which on an ARM-based system is usually on fixed, non-standardized memory map?
Page:
- ← Prev
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- 115
- 116
- 117
- 118
- 119
- 120
- 121
- 122
- 123
- 124
- 125
- 126
- 127
- 128
- 129
- 130
- 131
- 132
- 133
- 134
- 135
- 136
- 137
- 138
- 139
- 140
- 141
- 142
- 143
- 144
- 145
- 146
- 147
- 148
- 149
- 150
- 151
- 152
- 153
- 154
- 155
- 156
- 157
- 158
- 159
- 160
- 161
- 162
- 163
- 164
- 165
- 166
- 167
- 168
- 169
- 170
- 171
- 172
- 173
- 174
- 175
- 176
- 177
- 178
- 179
- 180
- 181
- 182
- 183
- 184
- 185
- 186
- 187
- 188
- 189
- 190
- 191
- 192
- 193
- 194
- 195
- 196
- 197
- 198
- 199
- 200
- 201
- 202
- 203
- 204
- 205
- 206
- 207
- 208
- 209
- 210
- 211
- 212
- 213
- 214
- 215
- 216
- 217
- 218
- 219
- 220
- 221
- 222
- 223
- 224
- 225
- 226
- 227
- 228
- 229
- 230
- 231
- 232
- 233
- 234
- 235
- 236
- 237
- 238
- 239
- 240
- 241
- 242
- 243
- 244
- 245
- 246
- 247
- 248
- 249
- 250
- 251
- 252
- 253
- 254
- 255
- 256
- 257
- 258
- 259
- 260
- 261
- 262
- 263
- 264
- 265
- 266
- 267
- 268
- 269
- 270
- 271
- 272
- 273
- 274
- 275
- 276
- 277
- 278
- 279
- 280
- 281
- 282
- 283
- 284
- 285
- 286
- 287
- 288
- 289
- 290
- 291
- 292
- 293
- 294
- 295
- 296
- 297
- 298
- 299
- 300
- 301
- 302
- 303
- 304
- 305
- 306
- 307
- 308
- 309
- 310
- 311
- 312
- 313
- 314
- 315
- 316
- 317
- 318
- 319
- 320
- 321
- 322
- 323
- 324
- 325
- 326
- 327
- 328
- 329
- 330
- 331
- 332
- 333
- Next →