* Posts by Cronus

55 posts • joined 4 May 2010

Page:

.UK domains left at risk of theft in Enom blunder

Cronus
FAIL

No doubt they'll claim that there's no evidence that this has been exploited in the wild. Which of course will be true as they weren't bloody logging anything!

8
0

Ex-Harrods IT worker pleads guilty to PC repair shop trip

Cronus

Guess I'm naive but I wouldn't have expected removing a computer from a domain to constitute a crime.

24
1

How does Apple chief Tim Cook's package look now? Like $89m

Cronus

Re: The continuing myth of trickle down

I'm no fan of the mega-rich greedy corporate types but I have to wonder, in the trickle up system, what exactly do you do once it's all trickled up to the corporate types again? Do you just keep giving it away? That doesn't seem very workable.

1
2

If there's a hole in your S3 bucket, data thieves will be sprayed by Macie

Cronus

Mixed opinion

Sounds interesting, I can definitely see a use for this to track rogue employees and the like. Though on the downside, I suppose, it could make life difficult for whistle blowers too.

In terms of unsecured S3 buckets being breached though, I'm not so sure. Putting aside the fact that companies that tend to have S3 leaks aren't the kind of companies that would make use of this, it does kinda feel like an automated tool for closing the stable door after the horse has bolted.

0
0

Got that syncing feeling? Cloud's client-side email problem

Cronus

Why the hate?

Star Trek: TNG was great; Microsoft could only dream of having something so good.

8
2

Uber, Twitter's legal eagles gather to wring claws about bro culture

Cronus

Re: where we can’t operate with integrity

and here I was thinking it was Twitter's users that spread fake news.

2
0

UK regulator set to ban ads depicting bumbling manchildren

Cronus

About bloody time. That is all.

10
8

Western Digital wins California court skirmish against Toshiba

Cronus

Re: Call me petty but...

Your analogy falls down in a few places:

1) Toshiba aren't trying to kick WDC out of the JV. They'd just have new 'house-mates'

2) Toshiba would probably have been fairly happy to sell to WDC if WDC could afford to pay a fair price but as has been reported on a few occasions now, they're too leveraged to make a decent bid

3) Not related to WDC/Toshiba but I have a friend whose dad is forcing their mother to sell the house so apparently that's perfectly legal.

1
2
Cronus

Call me petty but...

I won't be buying any WDC products in future given how they're acting at present.

0
8

Two-factor FAIL: Chap gets pwned after 'AT&T falls for hacker tricks'

Cronus

Re: Bah!

They didn't know the second factor, as per the article:

"This allowed the attacker to go to PayPal and use the service's two-factor authentication (which sends a one-time code via SMS) to reset the password on his account and take control of that"

4
0

The bloke behind Star Fox is building a blockchain based casino. No, really

Cronus

I fail to see how this stops the anecdote mentioned in the article. How can using blockchain stop admins from looking at player's cards etc?

13
0

Snoop Dogg swerves Glasto, plays Pure Storage gig #keepitreal

Cronus
FAIL

Snoop needs a better agent.

14
0

Labour says it will vote against DUP's proposed TV Licence reforms

Cronus

I never thought I'd support one of the DUP's policies but hey, waddya know.

87
67

Kali Linux can now use cloud GPUs for password-cracking

Cronus

The bar has been raised again

It's cool that they've added decent support for taking advantage of the GPU oriented instances in AWS. That said AWS have just announced that they're going to provide instances with dedicated Xilinx FPGAs connected to them (https://aws.amazon.com/about-aws/whats-new/2017/04/amazon-ec2-f1-instances-customizable-fpgas-for-hardware-acceleration-are-now-generally-available/).

I know before it went to ASICs people used to mine bitcoin using FPGAs so I'd say it's a fair bet you could get some pretty serious hashes/sec out of that for password cracking. Not sure it'd work well against things like bcrypt but would probably be great against SHA-X.

4
0

Have we got a new, hip compound IT phrase for you! Enter... UserDev

Cronus

Whilst listening to the customer and especially letting them loose on the system to find faults and inefficiencies is a good idea. I'm not sure letting them seriously influence the design is a good idea. You might end up with this https://i.ytimg.com/vi/Pw9gaEiQAxY/hqdefault.jpg

0
0

Hackers cook god-mode remote exploits against Edge, VMware in world-first

Cronus
Meh

A bit harsh

It's a bit harsh that they released security patches just before the event? Is that a common thing?

0
3

Freeze ...SCADA! Flaw lets hackers peel away Human Machine Interface

Cronus

Nitpicking but..

Is it really a DDoS? It doesn't sound like it requires a distributed attack since the vulnerability is about creating a high-resource-usage scenario which can likely be accomplished by just the one remote attacker.

0
0

Clueless s’kiddies using exploit kits are behind ransomware surge

Cronus

Re: low-skilled criminals continued

Until we treat computers like cars and make people learn to use them, pass tests and have a licence to operate them there will always be low hanging fruit.

2
0

UCLA shooter: I killed my prof over code theft

Cronus

Re: @Paul Crawford re: guns.

You know, historically, we've had wars where one side had guns and the other side had weapons quite a bit more deadly than the ones you listed... guess which side won

2
0

Q. What's the difference between smartphones and that fad diet you all got bored of? A. Nothing

Cronus
Thumb Down

On the contrary

We were consuming phones like like fat people go through fad diets. Now we're settled with phones that are good enough like a healthy person on a sensible diet.

9
0

'Contractual barriers' behind geo-blocking could breach EU rules

Cronus

Nice bit of Monday clickbait there.

0
8

Lincolnshire council IT ransomware flingers asked for ... £350

Cronus
Headmaster

Re: Observed truths were are told should be "wrong"

Hating on all BMW drivers and black people eh?

1
6

You've seen things people wouldn't believe – so tell us your programming horrors

Cronus
WTF?

Just why?

Why would you macro TWO to be ONE + 1 and not simple 2? It's far too contrived looking for me to believe you actually had sleepless nights over this. Please tell me you simplified the code for example's sake.

0
0

Periodic table enjoys elemental engorgement

Cronus
Alien

If you played the original X-COM game

115 should obviously be called Elerium-115

9
0

City of London cops in Christmas karaoke crackdown shocker

Cronus
Holmes

Why?

Why are they investigating if they tried to monetise it if it's immaterial?

11
0

JD Wetherspoon: A 'hacker' nicks 650,000 pub-goers' data

Cronus

Re: Public relations view of the universe

Is 0.000000000000000000000000000000000000000000001 a tiny number though? It's a lot bigger than 0.000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001

Surely it's relative to the kind of numbers you'd normally be talking about. Both your example and mine are tiny compared to the normal >1 numbers we use on a day to day basis. 100 out of 650,000 is pretty small and given that when companies normally get hacked you're not normally talking about hundreds of credit card details getting stolen. The number is usually quite a lot bigger.

Not that I'm excusing them.

0
0

Crypto cadre cloud-cracks SHA-1 with just $75k of compute cost

Cronus

Re: MD5 cracked?

Pre-image, no not that I'm aware of but chosen prefix? Yes. See this https://marc-stevens.nl/research/papers/EC07-SLdW.pdf for an attack on X.509 certificates and there has been limited success with collision attacks against executables.

2
0

Oracle pulls CSO's BONKERS anti-bug bounty and infosec rant

Cronus

It's not just about economically finding bugs...

Anybody with access to Oracle's software can discover vulnerabilities and I'm sure there's plenty of security researchers out there who'd be tempted to sell exploits to crimeware developers or worse, imo, to governments. Bug bounties at least offer another paid alternative.

1
0

Another death in Apple's 'Mordor' – its Foxconn Chinese assembly plant

Cronus

Re: Apples to Oranges

Whilst I'm certainly not part of this Apple witch hunt... How many US citizens live most of their lives "at the office"?

0
0

Sane people, I BEG you: Stop the software defined moronocalypse

Cronus

Leaky analogy

It's a good analogy except for the slight oversight that you don't tend to get fired for refusing to give someone the keys to their cars.

5
1

World's worst exploit kit now targeting point-of-sale systems

Cronus
Thumb Up

Re: Sandboxing

I've been thinking this for quite a while now. Being a developer with these kinds of tools running on my machine most of the time in the background just idling, I've probably avoided a whole heap of exploit kits.

0
0

Ashley Madison invites red-faced cheats to bolt stable door for free

Cronus

Re: Reprehensible

I'm curious how you feel about trade sanctions etc etc

4
1

Good luck displacing Windows 7, Microsoft, it's still growing

Cronus
Holmes

I'm sure it doesn't account for it all but...

It strikes me that the market share in XP can fall as a percentage without falling as an absolute number simply by an increase in the number of non-XP systems. Some back-of-the-napkin math:

To start you have:

10 XP,10 W7, 10 W8

That's 33% market share for XP.

Then increase the others:

10 XP, 20 W7, 20 W8

XP now only has 20% market share but nobody that was using XP has actually stopped using XP.

2
0

Death becomes it: Grim Fandango Remastered

Cronus
Happy

Dang now I want to play Lure of the Temptress!

1
0

UK official LOSES Mark Duggan shooting discs IN THE POST

Cronus
Unhappy

It's sad but...

I'd like to think they were encrypted and not the only copies but I know what these civil servant types are like. No doubt somewhere out there is a postman who now knows things he shouldn't.

11
0

Verizon sprints to crush FiOS account exposure hole

Cronus
Thumb Up

Lame that this vuln. existed but...

This guy didn't threaten to go public he just discreetly disclosed the bug to Verizon and they fixed the vuln. in 2 days. That's a damn sight faster than most companies patch bugs.

0
0

Video nasty: Two big bugs in VLC media player's core library

Cronus
Holmes

Anyone else notice that his posts lists the system he was testing on as XP SP 3?

17
0

ASUS router-popping exploit on the loose

Cronus
Linux

Quite so...

That's why you could use this http://asuswrt.lostrealm.ca/about as phuzz already mentioned.

I can't imagine there's too many closed-source systems that get patched by 3rd parties while the vendor delays patching it themselves.

2
0

UK cops caught using 12 MILLION Brits' mugshots on pic database

Cronus

Re: In other news...

Why? It says they are uploading custody photographs so presumably these are photographs taken of people while they are held in custody but not necessarily ever convicted of something. I suspect police are capable of taking off the disguises before taking the photographs...

0
15

Hackers pop Brazil newspaper to root home routers

Cronus
Trollface

Apple on the brain much?

Last I checked HTML had IFrames not iFrames. Methinks somebody has been writing about Apple products a tad too much lately.

3
0

How to marry malware to software downloads in an undetectable way (Hint: Please use HTTPS)

Cronus
Holmes

Perhaps some novelty but...

Many years ago I found myself with access to somebody open Wi-Fi router which had default passwords for the admin interface. With that in mind it seemed fairly obvious that manually setting the DNS server in the DHCP settings would allow me to redirect the owner of the router's traffic.

Whilst not as complex as the binder described here I was able to cobble together an infection tool that would essentially proxy requests and inject code into a binary as it was downloaded in about 2 days. I'd already written a tool years before that allowed for adding new sections to PE executables and it was only a matter of converting it to be able to work on-the-fly by buffering just enough of the PE header to know where to to the entry point for the program to before letting the rest pass through until it came time to tacking on the extra malicious code on the end.

I never actually used the code as it was more a proof-of-concept/I wonder if I could do it kind of thing but it worked in my own test environment.

3
1

Microsoft empties a can of BUG SPRAY on Visual Studio 2013, hands sticky result to devs

Cronus

Re: And the price for being able to develop for all MS products with support ?

Which tools and who do you get support from?

2
0

Cinnamon Desktop: Breaks with GNOME, finds beefed-up Nemo

Cronus

Re: Edge Snapping == Fail

You've completely missed the point of the feature.

10
0

Netflix dares UK freetards: Watch new Breaking Bad NOW or torrent it?

Cronus

Smart move

I think this is a brilliant idea. Having to wait so long to watch content you know is already out there but just not licensed for your country yet is really frustrating and definitely a temptation to just download it from other illegitimate sources.

17
0

Google blats bugs in Chrome - days before $560k hacking contest

Cronus

There's some unhappy folks out there now.

I'll be honest I didn't bother to check whether the fixed exploits were already publicly known but if they weren't then I feel sorry for anyone who independently found those exploits and were planning to use them at the contest. They've just wasted a whole lot of time.

1
1

Brit boffins GANG-RESEARCH tiny LEDs for 1Gbps network

Cronus
Coat

Re: Anyone else thinking...

Well yes, what with it basically putting that thought into the reader's mind in its closing paragraph and all...

5
2

Win7 hotspot hackers kick-funded - now they're network bondage pros

Cronus

Re: "with HTTP using multiple connections these days"????

Said browser would (I'm pretty sure) try and use the same network interface for all of those multiple connections. The connectify program seems to just make those connections happen over a range of NICs so you effectively get more bandwidth.

0
0

Only Kinect: Microsoft boffins build Minority Report-style tools

Cronus

Interesting news but wow there are a lot of typos in this article. Do you guys at the reg have editors?

2
0

Volunteers sought to see if anyone actually can hear you scream in space

Cronus
Headmaster

Two phones or a flawed experiment surely

I'm no physicist but surely the screaming being played through the phone's speaker will cause the phone itself to vibrate and thus make the microphone vibrate as well. Granted you don't get that kind of feedback during calls but I'm rather assuming you don't because of a bit of clever filtering. Does anyone with more knowledge of physics know better?

11
0

Google to axe IE 8 support, cuts off Windows XP lifeline

Cronus
Stop

Misleading as ever

Google has not abandoned XP users at all. It has abandoned all the numpties who are daft enough to be using IE. Anyone with the brains to have switched to another browser like firefox or chrome will be just fine.

29
10

Page:

Forums

Biting the hand that feeds IT © 1998–2017