* Posts by CrysTalK

10 posts • joined 10 May 2013

You'll never guess what you can do once you steal a laptop, reflash the BIOS, and reboot it


Use of digest and or checksums

I also shutdown after each use, and everytime I bootup I need to enter 4 different passwords to get a working environment. First is HDD BIOS password, then BIOS System password, then GRUB menu password (SHA512), then Windows logon password, then some private archives were also encrypted. This is just a personal laptop with nothing to protect except my daughters photos and some banking PDF files which are also password-protected by the bank itself.

On the othe rhand, I think any type of encryption used by the owner on his/her documents and private stuff would make this types of cold b oot attack useless. Even zip encryption or .7z compression with strong crypto would defend against this cold boot attack, as long as the password is not stored in any plaintext documents sitting on the filesystem.


Patch Tuesday heats up with pair of exploited zero-days squashed – plus 58 other vulns fixed


Infinity and beyond

Just like our to do list and things we need to do, bugs are also infinite. Maybe due to human error, negligence or intentional those bugs just keeps on flowing in infinitely. Humans might be wiped out on Earth, but software bugs would still be there.


We need to talk about mathematical backdoors in encryption algorithms


Re: AES Backdoor...

I thought that AES was chosen since it was the best performance vs security, but was not chosen to be implemented on small devices due to its low processing requirement.


I seem to recall that Elliptic Curve encryption is the chosen encryption for small devices since it is relatively secure and requires minimal processing to encrypt.

AES = symmetric cipher (would use just a single key for encryption and decryption)

Elliptic Curve =assymmetric cipher (uses 2 keys, a private and a public key)

Wonder why you mixed and compared both when they're not the same.


Hey girl, what's that behind your Windows task bar? Looks like a hidden crypto-miner...


Block js.miners via hosts file on your router or OS


on linux OS or routers powered by linux OS just edit: /etc/hosts

if on windows then just edit: windows\****\drivers\etc\hosts

Restart your machine after applying changes on your hosts file.

You're welcome.


It's 2017 – and your Windows PC can be forced to run malware-stuffed Excel macros


Legit bugs

More than 130 bugs? So how many of those were intentional backdoors? Patch the old bugs and open new ones to protect our children.


‪WannaCry‬pt ransomware note likely written by Google Translate-using Chinese speakers


Cheap Translators online

Except anyone can have a bunch of translators online these days who would charge you for peanuts. Maybe true that the keyboard used was Mandarin or Cantonese setup, but could have been requested by a different citizen in a 1st world country.


While Microsoft griped about NSA exploit stockpiles, it stockpiled patches: Friday's WinXP fix was built in February


Re: Silly analogy <indeed>

<i>With software, it takes a little bit more and considering MS wrote the code and left the bloody hole then they should have supplied a fix for zero day exploits regardless of the age of the software. Yes, even for DOS.</i>

With software, it would be impossible for a third party to create a fix and sell them. First, creating a fix requires disassembly which is illegal, and selling fixes for a software you don't own is illegal too. Very different in the world of automobiles where any third party can create a fix or a performance kit for profit.


German govt DUMPS 170 NEW PCs riddled with Conficker

Thumb Up

Re: just distribute scripts for cleaning


@CrysTalK "just distribute scripts for cleaning"

apt-get install LinuxMint

20 minutes later - perfectly good, fast and secure PC.

// -Eadon

I agree Eadon, use Linux instead.


1. we need to download LinuxMint and burn it into CD or USB stick, I don't think we can just apt-get install Mint from within another distro : )

2. LinuxMint is too bloated for my taste. All unnecessary stuff is loaded, I prefer the leanest distro where I load the firmware/driver myself and install those browser plugins I require, on my own. Mint has 3 browsers, 4 players, and a dozens of plugins. Not my taste. : )

I agree that you'll be safer with Linux though.

IT Angle

just distribute scripts for cleaning

would take an average .js programmer just 1 hour to build a cleaner script which could be deployed on all those machines. And conficker will be removed right away. True the startup files and malware binaries might have random characters, but just build a script to check legit file names and delete those random programs not in the list of legit programs inside the script file.

so yes, just $200 USD for the script and all of those can be cleaned, by even NON-techie teachers after they double click the script.



Biting the hand that feeds IT © 1998–2018