Properly, *.bat is command.com, *.cmd is cmd.exe.
Any *.bat or *.cmd I wrote over about 5 lines included copious comment lines for the unfortunate souls tasked with maintaining them. Even my obligatory "hllowrld.bat" had comment lines.
115 posts • joined 2 Jul 2014
I find it hard to believe a modern smartphone app will have "...a big green button..." in this world of flatso with no fricking way to tell where one is to tap/click. It makes one think this is some sort of fantasy app. Do modern developers even know how to make "...a big green button..."?
You are correct in pointing out the article made no mention of classified material.
Having previously worked for a defense contractor, I can say it was a definite possibility.
I had said when ransomware first emerged, that it should be considered a data breach. If an outsider had enough control of your systems to encrypt some or all of your data, then you lost control of said data. They could do anything with the data not just encrypt it. They just found another way to monetize their break-in.
As was alluded to in other comments, trying to secure a system built for frequent business transactions against malicious transactions requires monitoring for and knowing the difference between legitimate and not. You also must be able to block the illegitimate before significant damage can be done. Sometimes this calls for blocking some legitimate. Too much blocking causes pushback and an ordered lowering of security.
I don't see what a browser has to do with it.
I still have to guess at exactly what you are describing, but it sounds to me like more of a VPN client misconfiguration. It also may be referring to using an unmanaged machine as a VPN client. In both instances, the point of the corporate VPN IS negated.
A proper corporate VPN will only allow connections from corporate managed VPN clients. Those clients will have the same or likely better hardening as the internal corporate network clients. They will require additional protections on the initial Internet connection during VPN tunnel establishment. No traffic outside the VPN is permitted, save authenticaton/consent to the AP/gateway. This traffic denial is bi-directional. A corporate VPN implementation has to include the very same level of perimeter protection on the VPN clients as the corporate network gateway. Anything less will not do.
My first experience with unreliable power was at a small office move where they added a few outlets to accommodate the Novell server, phone system, and AT&T Unix voicemail server and associated network equipment. I was trying to keep related equipment on related circuits so a circuit outage would only affect one service instead of everything. It was not quite possible to do it that cleanly, the network switch had to be on the telecom circuit. I was seeing connectivity issues all over. Troubleshooting was a bear. I also had new Cat3 drops to suspect. I for some reason checked the grounds between the circuits for potential. The multimeter showed about 50VAC between the telecom circuit and the computer network circuit. The electrician confirmed and corrected the grounding issue, apparently there were multiple grounds for the building but they were not bonded. Connection issues disappeared.
At the same place one of the user's monitors (CRT) had an annoying "waviness" which was also suspected of causing headaches. When I saw the "waviness", I could see the possibility of headaches. I found the building's electrical feed was directly opposite the wall of the problem monitor. I first suggested rearranging the office to move the monitor, which was declined. I then attempted to shield with a large steel panel both in grounded and ungrounded states. The grounded steel panel diminished the waviness greatly but not completely. They decided to rearrange.
At another job there was a "computer lab" setup in a former cubicle farm space. Fifty or so stations were setup in a very long and narrow space with a server located halfway. This location had better than average policies which included periodically testing the building UPS systems. On the first test after full build out of the lab, half the lab went down, including the server. I had to inform project managers, facilities dept. and others that half the lab was not on the building UPS. The facilities dept. had to admit they knew that but the cost to add was prohibitive. The consensus decision driven from higher up was not to fix the issue. I moved the server to the half that was on the UPS.
At that location I was once volunteered as the escort for the UPS tech for a repair of one of the units. I asked what he was fixing. He replied, replacing the positive battery buss. I walked back across the room to the doorway. I said I wanted to be able to summon help in case of a short circuit. The battery cabinet footprint was about 3ft by 15ft, probably enough energy to blow me through the doorway and he would have been beyond help.
"Through routine and proactive web scanning, we recently discovered information related to your jcrew.com account," customers are being told.
So, they do not routinely and proactively review their own network security. But, all is good they can detect a data breach by way of the intertubes. I wonder, do they use the security tech of a google or bing search?
I haven't found a good replacement for my preferred text editor on the PC . . . Wordstar.
I just use whatever is available now.
Even Ubuntu offering suggested packages is too much, brought to you by systemd Iguess. Linux is beginning to feel like the parts of Windows I was trying to get away from.
Most discussion of VPN currently identifies hiding your IP. I agree a proxy is what is needed for that. For some odd reason people think of VPN as secure encrypted proxy whether they know it or not. VPN's capability of blocking tracking is minimal at best.
But a VPN traditionally provided the service of a leased line over the much cheaper public net. It mattered not if both ends were controlled by the same entity. Another traditional term used for VPN was an encrypted tunnel. Use cases of VPN were never limited to just a secure interconnection. The focus on proxying using a VPN is relatively new though,
I use a VPN to obscure my data from my ISP when home, and when travelling from public WiFi operators and users.
I do not expect any tracking protection except from my ISP. I am more concerned about traffic blocking. Ironically, some servers I am trying to reach block access from VPN for security reasons.
I am looking into establishing my own VPN server with a hosting service strictly for my own use.
Not at all surprised with AT&T. I think they have at least four separate databases containing an email field. They are not all updated upon changing your e-mail, via one of the many ways to change your e-mail. One of them does not work with plus addressing aliases from gmail. I think it is the paperless billing, but part of it does. I could register and verify and receive email from the paperless billing except for the last step where I would receive paperless bills, but I would get other notifications pertaining to paperless bills at the plus address. I eventually created an att alias email on my domain.
On a related note with AT&T, They plastered another layer of security over their insecure ad-hoc system. They implemented 2FA via SMS, but only to AT&T numbers, and only to an AT&T number on the account. High fives and adjourn for beer after that meeting, eh. So, when I find myself working out of town where there is no cell coverage but I can get wifi, I cannot login to my account. Of all the 2FA options available SMS is the most vulnerable to interception. The backend TOTP generation is the same as used with tokens without the swiss chees SMS. They refuse to acknowledge that the 2FA they implemented keeps me out, but not a determined hacker.
I think the Win9x functional memory limit was lower. I bought a PIII 64MB system with Win98SE which came with a free upgrade to WinMe. I also bought two 128MB memory sticks to max out it's memory capacity at 256MB. WinME was crashing due to a memory leak, downgraded back to 98SE and it was too. I know they ran at 128MB without the memory leak, I don't know about 64+128. I installed Win2k on it and used it that way for 10yrs.
I cancelled my paypal after they tried to pull a payment from my checking account when I provided a credit card for payment. I was subscribing to a service which used paypal for payment processing. It was $10 per year. I provided the credit card details for payment. I did not receive a notice from the credit card for the transaction, instead I received notice of overdraft from the bank where the checking account was held. I was maintaining it as a sweep account which is why $10 over drew the account. I immediately contacted the bank to dispute the transaction. They reversed the transaction and cancelled the overdraft fee. The very next day paypal tried it again. I contacted the bank again, they reversed and cancelled again. This time though I asked about putting a stop in place. They said there is a stop fee, I said fine, paypal will continue, and so will I. They put a special stop in place since paypal was changing the id of the transaction and no fee for me.
When I cancel or close an account online, I purge or change as much information as possible before closing or deleting.
Why are these emails coming from "noreply"? Why do we have to jump through hoops to contact these companies to answer an email from a "noreply" address? They should be outlawed.
There is so much wrong with all the "current" password guidance out there. First, the PHB types don't bother to check the timestamp presenting generation(s) old guidance as current. Then you have the lazy dev types only implementing the minimums but leaving out select special characters because their input checking is non-existent and have to avoid SQL injection, but technically current guidance. All the stupid rules only allowing this, disallowing that. So I type "WTF?RuStup1d!?" only to be presented with password too long, getting my answer. You gotta love those password strength gauges, a strong password in as little as six characters. There's too many chefs in the kitchen, the good password guidance soup is overloaded with ingredients; it is both watered down and over spiced at the same time with no real substance. But hey, it's an acquired taste.
On a visit to my dad's cousin's farm, I was asked to look at the issue with their modem. They would lose connection periodically. The phone company had already checked their lines. I was forewarned and came prepared with a spare modem and cables, including a 50 foot long RJ-11 POTS cable. When I started, it was not acting up. We chatted perused the net and such. My dad's cousin said he had to get some chores done out at the barn and went. We still saw no issues. We noticed the horses were out in the pasture and then the connection was getting flaky and dropped. I proceeded to troubleshoot, using my modem, my serial cable, using my 50 foot cable to connect directly to the outside phone box to eliminate the house wiring as the issue. No change, connections still failed. As I was disconnection the 50 foot cable from outside, I noticed their overhead POTS service line crossed the pasture diagonally on two poles. When I came inside I asked about the pasture fence, and when it was electrified. We shut off the fencer and modem connection was fine, problem found but not solved.
Dad's cousin was an electrician. Instead of re-routing the service line around the pasture, he added a ground line to the poles about a foot below the service line. It worked like a charm.
"If you put it out there as OPEN SOURCE, you're GIVING IT AWAY. when you GIVE something, and you try to CONTROL HOW IT IS USED, it's NOT A GIFT ANY MORE. You are CHARGING RENT."
I believe you are confusing Open Source with public domain. Public domain has no restrictions and can be used by anybody for any purpose in any way they wish. Open Source and the closely related Free Software put restrictions (non-monetary) on your use and distribution of the software. Using an OPEN Source license is not akin to giving it away, the restrictions must be followed according to copyright laws.
When using public domain, it is common courtesy to attribute the author, but not required. Not doing so is plagiarism, but is not illegal in regards to public domain. Some of the least restrictive Open Source requires attribution, not doing so is illegal under copyright laws.
There is a point where restitution does not make the victim whole again. Somebody losing their life savings for years until the restitution is made has likely accumulated other financial damages due to the lack of said life savings. In some instances opportunity lost can never be regained or compensated. In this case determining this additional damage is a monumental task. Being fair and just is not easy.
I'm not defending this guy's actions, but how is it that full restitution is laid in his lap? I'm all for getting the victims their money back. I'm afraid that the system may look at the case as "this is all we can do, so that's what we get". Somebody does have to pay the bill for investigation and prosecution. Even with a conviction not all those costs are covered.
Even using a conservative estimate of my daily average consumption is staggering compared to these records. I will not do that again (calculate my annual beer consumption). When tempted to do so, I vow to have a beer instead. If that doesn't work, I'll have another and repeat until I simply cannot do the math. Since I did it, I will have to do penance. Oh man, my personal beer inventory is low, off to the pub then.
There are levels of security for items mailed. The lowest is a post card, then in a plain envelope, then in a security envelope, then add a security insert, double envelope with inner security sealed, the possibilities are endless before you even upgrade the trustworthyness of the carrier. Things were sent securely before they were digital.
This mail run should have used the security envelope. I say should because even things which were secured prior to PCs on every desk are now not and not just in the PCs.
I have received a piece of mail which should have been in a security envelope but wasn't... It was the information I needed to login to the secure patient portal being sent via a separate channel for security. It had the password and username and patient name and URL of the portal all in a plain windowed envelope. I complained to all the right places but to no avail. They are now seeing the advantages of going digital but still getting it wrong. By security policy, they now are rejecting access from VPN. So now I am forced to choose the digital equivalent of the plain windowed envelope or the actual plain windowed envelope.
There is an awful lot of suspicious material, how can they find it all? We must report it to them. I believe Disney has a site and movie dedicated to Alladin. Being middle eastern themed, it must be terrorist related. I know there is alot of youtube videos on making things go boom. There is a group out there calling themselves the mythbusters that has a bunch of them, they seem very experienced at it. Another larger amateur group calling themselves rednecks show how to do this in your own back yard. You don't have to look far to see evidence of terrorist preparations. As they say see something, say something.
"Wireless charging for phones is still a solution in search of a problem as far as I'm concerned."
Problem: Having to replace the charging (and primary connection) port in the lifetime of one battery and twice in the useful life on the last phone.
Solution: Current phone wirelessly charges, charging port still going strong due to not being used as often. Charging cables are lasting longer as well.
Distant wireless charging is doable, but the power losses are great with current tech. We haven't progressed much beyond where Nikola Tesla left off. He was focused on wireless power transmission over a distance for use as you go, not so much for charging which requires more power.
Data leaked to a contractor, contracted staff getting additional training, updated contracts; sounds like all actual FEMA employees do is manage contracts. Contractor systems are to meet federal privacy/security guidelines due to updated contracts, watching the horse gallop towards the sunset as you close the barn door. Are FEMA systems meeting these guidelines? We may never know if the situation is like that of the EPA where it's vulnerability assessment report has a gag order.
I am waiting for the underfunded IRS to reveal it has leaked all taxpayer info; tax IDs (aka SSNs), bank account info (for direct deposit of refunds), addresses, earnings, names of course, occupations, marital status, etc. Of course, certain records under audit scrutiny are better protected such as a certain NYC real estate mogul.
They might as well just say "oops, our bad" via twitter and go about doing whatever it was they were up to.
Best: Proper physical destruction, choose your favourite method, just be thorough.
next: Any secure erase function built-in, fastest possible overwrite, may overwrite bad "blocks", use hdparm to access it
next: single pass overwrite ones or zeroes or preferably random bits, use dd with random or zero, slower than built-in due to interface bottlenecks
next: overwrite software like dban, blancco, or whatever with one or more passes to meet regulatory requirements including certificate, slow as molasses at the north pole
Format was never meant to erase, only prep for use. The same goes for "Low-level" or "Full" or "Guaranteed complete thorough better than new" format which may or may not overwrite all accessible blocks, it usually is used when there is no existing format or changing to a different format.
Windows cipher command is a good try, but it fails on multiple levels.
Delete, trash, recycle, hide, forget, ignore, store in vegetable drawer, will also not properly dispose of sensitive digital bit patterns.
I like to disassemble and apply a propane or mapp gas torch to the bit holding parts. For the really sensitive stuff I would use a microscanning microplasma torch or microsharks with microlasers.
1) The Insolvency Service has the authority to act on a known banned Director, but must be informed.
2) And, the Companies House can only publish such information publicly even being specific as to request the Director to terminate, but not act.
3) Then should not somebody(ies) job(s) at the Insolvency Service be to review the public information published by the Companies House?
Sorry, makes too much sense; goes against business lobbyists desires; and a law or rule will then be passed concerning this very loophole.
I don't see why a corporate CA has to be limited to internal use either. Properly managed (I know fanatsy world) corporate CAs can be used to vet comms between partners, more trustworthy than common TLS or even some EV TLS certs issued by traditional third-party CAs.
Take a browse through the certificate store in a default Windows install. Allow your paranoia to interpret the names of some of them. Is there a five eyes CA in there? How about an FSB? Don't leave China out of consideration nor North Korea, Isreal, Iran; all of their spy groups have entertained the idea of gaining a foothold this way. If not, they do not deserve to have Intelligence in their names.
"Not much they can do about that one...."
They can implement their own DNS client in Chromium/Chrome instead of using the one from the OS. This can then ignore the "/etc/hosts (or whatever it is on your O/S)" and always resolve anything google.com. They can even decide to encrypt it so a network based filter cannot interfere with google.com hosts name resolution.
BTW it was mentioned earlier in the comments - DNS over HTTPS.
Not at all surprised. The scheduler must have been to simple and reliable and dull. These days everything must have every feature under the sun and then some.
The further expand on the cron analogy. It too may see a similar push to the wayside by the systemd crowd. This is not isolated to Azure or Microsoft.
Why can't we follow the "if it ain't broke, don't fix it" mantra? Sure it may have a few issues, but they have been worked around. A simple modular system tends to work much better than a single complex gargantuan system.
No, we need to reinvent the wheel, and axle, and bearing, and drive linkage, and differential, and braking, and engine, and steering, and lighting, and chassis, and cab, ad nauseum just because we want to create a new car radio, then do it all again to add mp3 playing into the new, new car radio.
I don't know why everyone is being so harsh on @Pascal Monnet. He has a point, even comparing by numbers, the playing field of cybersecurity is vastly more complex than chess. The full set of chess is definable. We have chess programs, we have chess playing programs able to defeat top human players. If it was as easy as chess, then where are our programatic weapons to defeat even the average cybercriminal?
The real problem is, thinking it is possible. It is a similar problem as making something foolproof.
DSL is not an option for the rural coverage, only cable and fibre. Satellite already serves rural areas. The material used is not the major cost, the labor to run it is. The best value and bang for the buck is fibre. But it does cost more than copper. So the savings of sticking with the lower speed copper is turned into profits.
If the rural ares get higher speeds, then suburban and urban areas will demand increases. Can't have that, all that investment eats profits.
I'm a USian with better than average knowledge of the electrical systems here, enough to make me dangerous. My direct experience is with the radial circuits, primarily in the residential electrical. I have also worked with industrial 3-phase delta and wye tapped circuits over 480 volts.
I think a fuse integrated into the plug is proper engineering whenever the wire beyond the plug is rated for less current than the outlet and building circuit. I see the fused plugs here in holiday decorative lights and a few other applications. But, most of the daily use appliances have cords rated for 10 amps or less plugged into 15 amp outlets/circuits, most without a plug fuse. Many of those appliances have a fuse in their power supply, leaving the cord as a weak link.
Keep in mind when talking of fuses or circuit breakers, it is concerning overcurrent protection. There is also GFCI for ground fault protection when the current flowing through the hot is greater than that returning through the neutral and/or ground. The goal of GFCI is to cut the circuit when the current is finding another path besides the neutral or ground since that may be a human providing the circuit path lethally. Then you have the more recent arc-fault circuit protection. It's goal is to break the circuit when a prolonged arcing is occurring. Why? Prolonged arcing causes high temperatures suitable for igniting flammables or melting metals just like arc welding.
This has direct relevance to the "one plug to rule them all". Take USB for example, is has variations for differing power levels through different combinations of volts and amps in the range of 2 to 100 watts. Combine that with backward compatibility either directly or through adapters with older spec cables of lower current capability and no fusing of the wires at the plug and you can see temperatures reaching ignition levels. I know the specs usually cover handshaking to negotiate higher power levels, but various low cost cables and adapters seem to find workarounds to those nasty safety limits. 100 watts may not seem like a lot, but it is more than enough to cause ignition temperatures for a lot of common materials.
Those running the Chinese Cannon will have no trouble performing a MITM attack on a HTTPS session. If you don't believe that, then go crawl back under the rock. In fact, you don't have to be a "state level actor" (TM) to MITM a HTTPS session.
The Verizon Supercookie works at a lower layer in the network stack and HTTPS aint gonna help. Your ISP is by definition a MITM and can attack your session in a variety of ways. In the US the big ISPs are the only offering so you cannot find another. They also have a friend at their regulatory agency the FCC who will rule to their liking like killing net neutrality. So side gigs like supercookies, and ad injections are not frowned upon.
Encrypting/decrypting a time query/answer will occur at a known interval, adjust accordingly.
Aren't you supposed to use a relatively local ntp server? for multiple reasons, think it through.
It's all relative, I like that one.
My system clock may be off, I think it's beer-thirty.
Biting the hand that feeds IT © 1998–2020