No doubt they'll claim that there's no evidence that this has been exploited in the wild. Which of course will be true as they weren't bloody logging anything!
55 posts • joined 4 May 2010
Guess I'm naive but I wouldn't have expected removing a computer from a domain to constitute a crime.
Re: The continuing myth of trickle down
I'm no fan of the mega-rich greedy corporate types but I have to wonder, in the trickle up system, what exactly do you do once it's all trickled up to the corporate types again? Do you just keep giving it away? That doesn't seem very workable.
Sounds interesting, I can definitely see a use for this to track rogue employees and the like. Though on the downside, I suppose, it could make life difficult for whistle blowers too.
In terms of unsecured S3 buckets being breached though, I'm not so sure. Putting aside the fact that companies that tend to have S3 leaks aren't the kind of companies that would make use of this, it does kinda feel like an automated tool for closing the stable door after the horse has bolted.
Why the hate?
Star Trek: TNG was great; Microsoft could only dream of having something so good.
Re: where we can’t operate with integrity
and here I was thinking it was Twitter's users that spread fake news.
About bloody time. That is all.
Re: Call me petty but...
Your analogy falls down in a few places:
1) Toshiba aren't trying to kick WDC out of the JV. They'd just have new 'house-mates'
2) Toshiba would probably have been fairly happy to sell to WDC if WDC could afford to pay a fair price but as has been reported on a few occasions now, they're too leveraged to make a decent bid
3) Not related to WDC/Toshiba but I have a friend whose dad is forcing their mother to sell the house so apparently that's perfectly legal.
Call me petty but...
I won't be buying any WDC products in future given how they're acting at present.
They didn't know the second factor, as per the article:
"This allowed the attacker to go to PayPal and use the service's two-factor authentication (which sends a one-time code via SMS) to reset the password on his account and take control of that"
I fail to see how this stops the anecdote mentioned in the article. How can using blockchain stop admins from looking at player's cards etc?
Snoop needs a better agent.
I never thought I'd support one of the DUP's policies but hey, waddya know.
The bar has been raised again
It's cool that they've added decent support for taking advantage of the GPU oriented instances in AWS. That said AWS have just announced that they're going to provide instances with dedicated Xilinx FPGAs connected to them (https://aws.amazon.com/about-aws/whats-new/2017/04/amazon-ec2-f1-instances-customizable-fpgas-for-hardware-acceleration-are-now-generally-available/).
I know before it went to ASICs people used to mine bitcoin using FPGAs so I'd say it's a fair bet you could get some pretty serious hashes/sec out of that for password cracking. Not sure it'd work well against things like bcrypt but would probably be great against SHA-X.
Whilst listening to the customer and especially letting them loose on the system to find faults and inefficiencies is a good idea. I'm not sure letting them seriously influence the design is a good idea. You might end up with this https://i.ytimg.com/vi/Pw9gaEiQAxY/hqdefault.jpg
A bit harsh
It's a bit harsh that they released security patches just before the event? Is that a common thing?
Is it really a DDoS? It doesn't sound like it requires a distributed attack since the vulnerability is about creating a high-resource-usage scenario which can likely be accomplished by just the one remote attacker.
Re: low-skilled criminals continued
Until we treat computers like cars and make people learn to use them, pass tests and have a licence to operate them there will always be low hanging fruit.
Re: @Paul Crawford re: guns.
You know, historically, we've had wars where one side had guns and the other side had weapons quite a bit more deadly than the ones you listed... guess which side won
On the contrary
We were consuming phones like like fat people go through fad diets. Now we're settled with phones that are good enough like a healthy person on a sensible diet.
Nice bit of Monday clickbait there.
Re: Observed truths were are told should be "wrong"
Hating on all BMW drivers and black people eh?
Why would you macro TWO to be ONE + 1 and not simple 2? It's far too contrived looking for me to believe you actually had sleepless nights over this. Please tell me you simplified the code for example's sake.
If you played the original X-COM game
115 should obviously be called Elerium-115
Why are they investigating if they tried to monetise it if it's immaterial?
Re: Public relations view of the universe
Is 0.000000000000000000000000000000000000000000001 a tiny number though? It's a lot bigger than 0.000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001
Surely it's relative to the kind of numbers you'd normally be talking about. Both your example and mine are tiny compared to the normal >1 numbers we use on a day to day basis. 100 out of 650,000 is pretty small and given that when companies normally get hacked you're not normally talking about hundreds of credit card details getting stolen. The number is usually quite a lot bigger.
Not that I'm excusing them.
Re: MD5 cracked?
Pre-image, no not that I'm aware of but chosen prefix? Yes. See this https://marc-stevens.nl/research/papers/EC07-SLdW.pdf for an attack on X.509 certificates and there has been limited success with collision attacks against executables.
It's not just about economically finding bugs...
Anybody with access to Oracle's software can discover vulnerabilities and I'm sure there's plenty of security researchers out there who'd be tempted to sell exploits to crimeware developers or worse, imo, to governments. Bug bounties at least offer another paid alternative.
Re: Apples to Oranges
Whilst I'm certainly not part of this Apple witch hunt... How many US citizens live most of their lives "at the office"?
It's a good analogy except for the slight oversight that you don't tend to get fired for refusing to give someone the keys to their cars.
I've been thinking this for quite a while now. Being a developer with these kinds of tools running on my machine most of the time in the background just idling, I've probably avoided a whole heap of exploit kits.
I'm curious how you feel about trade sanctions etc etc
I'm sure it doesn't account for it all but...
It strikes me that the market share in XP can fall as a percentage without falling as an absolute number simply by an increase in the number of non-XP systems. Some back-of-the-napkin math:
To start you have:
10 XP,10 W7, 10 W8
That's 33% market share for XP.
Then increase the others:
10 XP, 20 W7, 20 W8
XP now only has 20% market share but nobody that was using XP has actually stopped using XP.
Dang now I want to play Lure of the Temptress!
It's sad but...
I'd like to think they were encrypted and not the only copies but I know what these civil servant types are like. No doubt somewhere out there is a postman who now knows things he shouldn't.
Lame that this vuln. existed but...
This guy didn't threaten to go public he just discreetly disclosed the bug to Verizon and they fixed the vuln. in 2 days. That's a damn sight faster than most companies patch bugs.
Anyone else notice that his posts lists the system he was testing on as XP SP 3?
That's why you could use this http://asuswrt.lostrealm.ca/about as phuzz already mentioned.
I can't imagine there's too many closed-source systems that get patched by 3rd parties while the vendor delays patching it themselves.
Re: In other news...
Why? It says they are uploading custody photographs so presumably these are photographs taken of people while they are held in custody but not necessarily ever convicted of something. I suspect police are capable of taking off the disguises before taking the photographs...
Apple on the brain much?
Last I checked HTML had IFrames not iFrames. Methinks somebody has been writing about Apple products a tad too much lately.
Perhaps some novelty but...
Many years ago I found myself with access to somebody open Wi-Fi router which had default passwords for the admin interface. With that in mind it seemed fairly obvious that manually setting the DNS server in the DHCP settings would allow me to redirect the owner of the router's traffic.
Whilst not as complex as the binder described here I was able to cobble together an infection tool that would essentially proxy requests and inject code into a binary as it was downloaded in about 2 days. I'd already written a tool years before that allowed for adding new sections to PE executables and it was only a matter of converting it to be able to work on-the-fly by buffering just enough of the PE header to know where to to the entry point for the program to before letting the rest pass through until it came time to tacking on the extra malicious code on the end.
I never actually used the code as it was more a proof-of-concept/I wonder if I could do it kind of thing but it worked in my own test environment.
Re: And the price for being able to develop for all MS products with support ?
Which tools and who do you get support from?
Re: Edge Snapping == Fail
You've completely missed the point of the feature.
I think this is a brilliant idea. Having to wait so long to watch content you know is already out there but just not licensed for your country yet is really frustrating and definitely a temptation to just download it from other illegitimate sources.
There's some unhappy folks out there now.
I'll be honest I didn't bother to check whether the fixed exploits were already publicly known but if they weren't then I feel sorry for anyone who independently found those exploits and were planning to use them at the contest. They've just wasted a whole lot of time.
Re: Anyone else thinking...
Well yes, what with it basically putting that thought into the reader's mind in its closing paragraph and all...
Re: "with HTTP using multiple connections these days"????
Said browser would (I'm pretty sure) try and use the same network interface for all of those multiple connections. The connectify program seems to just make those connections happen over a range of NICs so you effectively get more bandwidth.
Interesting news but wow there are a lot of typos in this article. Do you guys at the reg have editors?
Two phones or a flawed experiment surely
I'm no physicist but surely the screaming being played through the phone's speaker will cause the phone itself to vibrate and thus make the microphone vibrate as well. Granted you don't get that kind of feedback during calls but I'm rather assuming you don't because of a bit of clever filtering. Does anyone with more knowledge of physics know better?
Misleading as ever
Google has not abandoned XP users at all. It has abandoned all the numpties who are daft enough to be using IE. Anyone with the brains to have switched to another browser like firefox or chrome will be just fine.