* Posts by GnuTzu

378 posts • joined 1 Feb 2015

Page:

Use an 8-char Windows NTLM password? Don't. Every single one can be cracked in under 2.5hrs

GnuTzu Bronze badge
Headmaster

Re: The Usual Response... -- Grammatically Correct

Note that it's possible to have nonsense phrases that are grammatically valid, which might help with memory, as in: "Colorless green ideas sleep furiously." But, don't use that one, as it's a quote of a certain famous linguist. (And no, I wouldn't include the spaces either.)

US man and Brit teen convict indicted over school bomb threat spree

GnuTzu Bronze badge

Extradition works too.

GnuTzu Bronze badge
Unhappy

To rephrase: another sick perpetrator is about to be set free, possibly with no oversight or mental health treatment. Maybe this one needs to go to Broadmoor instead.

Network kit biz Phoenix takes heat as flaws may leave industrial control system security in ashes

GnuTzu Bronze badge
FAIL

It's Not Like This is a New Topic

Did they think we'd been crying wolf all this time.

Leaky child-tracking smartwatch maker hits back at bad PR

GnuTzu Bronze badge

Re: "regular" people wouldn't be able to do it, and if they did, it didn't really matter.

"...but disgruntled relations are probably more of a danger."

Yeah, I'll buy that. Family ties are a highly motivating factor and those ties get pulled on far more often.

GnuTzu Bronze badge
FAIL

Re: "regular" people wouldn't be able to do it, and if they did, it didn't really matter.

The issue is a matter of pervs who shop the dark web for kiddie pics who will eventually create a market for hackers to sell certain kinds of services. And, don't forget nanny cams have already been hacked and exploited by pervs, so there's no reason to think these products are immune. Finally, anyone who thinks that pervs always work alone is a fool. Think ahead product makers; you are contributing to the creation of a whole new kind of dark and sick market.

Mumsnet data leak: Moaning parents could see other users' privates after cloud migration

GnuTzu Bronze badge
Childcatcher

Future Headline

Futhure headline: Mumsnet reports a sudden and staggering growth of new members. Critics ask how they know whether all those new members are all actually real parents... {Fill in usual disastrous results prediction here.}

Why do I so badly want to see people who fail to protect children raked over the coals, broken glass, and other such materials?

I won't bother hunting and reporting more Sony zero-days, because all I'd get is a lousy t-shirt

GnuTzu Bronze badge
Stop

Re: A little shortsighted

"It would be as if a mechanic walked up to your car to do an inspection..."

O.K. but, it's by regulation that inspections and emissions tests are mandated (under various circumstances).

And, when (or if) we get self-driving cars, are their going to inspection requirements to make sure the code is appropriately patched to insure that other cars and passengers on the road are not endangered.

The more that we come to depend upon software, the more there will come to be a mandate for safe software that does not endanger others. It will be interesting to see what happens to the bug-hunting market then.

London's Met police confess: We made just one successful collar in latest facial recog trial

GnuTzu Bronze badge
Facepalm

Re: Join the Insane Clown Posse

And then, will we see some of the new wave makeup styles from the 80's, or might we see some David Bowie styles and others from glam rock? What about cosplay?

Mobile network Three UK's customer details exposed in homepage blunder

GnuTzu Bronze badge
Unhappy

So Many Web Sites...

So little oversight. Isn't it fun to just be a statistic?

You think election meddling is bad now? Buckle up for 2020, US intel chief tells Congress

GnuTzu Bronze badge

Re: I'm not quite sure why this is surprising...

Yes, as Eddy Ito says, we are aware that many see us as the "World police", and there are a whole lot of us that are very unhappy about that pejorative view. Yet, we understand where it comes from. Insert concepts like Military Industrial Complex here.

Mozilla security policy cracks down on creepy web trackers, holds supercookies over fire

GnuTzu Bronze badge

Re: So.. what's a supercookie?

That's been my thinking. If corporations can have the DMCA here in the states, than we should have similar protections against hacks tracking us.

GnuTzu Bronze badge

Re: So.. what's a supercookie?

Generally a combination of techniques to make it so that you can't delete a cookie. But, what that really means is if you delete the cookie, some other mechanism will bring it back, so they might also be called zombie cookies. This includes the use of Flash cookies. Yes, Adobe decided that Flash needed it's own cookies. Wasn't that nice of them :( Sesame Street's Cookie Monster surely does not like these.

Q. What do you call an IT admin for 20-plus young children? A. A teacher

GnuTzu Bronze badge

Chipped, Right Hand --> Apocalypse

Yeah, this is where it starts. They'll chip kids in the their writing hand so that all they have to do is wave it over a device. Sorry, this and AI will cause a new evolution in which we plain old humans will go the way of the neanderthals, whether you believe in the Apocalypse or not. Frankly, I'm a skeptic, but I don't need a supernatural explanation for the Apocalypse to know that we will surely either cease to be human or simply cease.

Did you know? Monday was Data Privacy Day. Now it's Tuesday. Back to business as usual!

GnuTzu Bronze badge

Re: When did that leak out?

That was worth a chuckle.

But, would a big convention like CES or DEFCON get as much attention?

White-listing Azure cloud connections to grease your Office 365 wheels? About that...

GnuTzu Bronze badge
Mushroom

When Marketing Determines Security Policy

Beware, they've got some kind of secret strategy to get buyers to sign up for their crap--without security reviews, feasibility studies, or risk assessment. And, it seriously sucks when that happens because then you're forced to implement things that you know are just plain wrong.

Got a Drupal-powered website? You may want to get patching now...

GnuTzu Bronze badge

Re: Yeah...

"For example, Windows has far more security issues reported, yet it's still used."

There is merit to the point, but it's so much more complicated than that. Marketing and a near-monopoly status have so much more to do with this.

Lowjax city: Researchers crack open notorious Fancy Bear rootkit

GnuTzu Bronze badge
Coat

Infecting Security Tools

Of course it's sick; it's also to be expected.

Yes, you can remotely hack factory, building site cranes. Wait, what?

GnuTzu Bronze badge

Re: Not good -- Battling Cranes

O.K. But, something in me wants to see two cranes go at it.

Poland may consider Huawei ban amid 'spy' arrests – reports

GnuTzu Bronze badge
Unhappy

Re: RFC... -- Damned if you do; damned if you don't.

Yup, either allow anonymity or impose standards that increase the ways your system can be profiled and reduce privacy. And, then there'd be a whole new level of anonymization on the market.

Damned if you do; damned if you don't.

*taps on glass* Hellooo, IRS? Anyone in? Anyone guarding taxpayers' data from crooks? Hellooo?

GnuTzu Bronze badge

Re: There's a simple solution to this -- Recipe for Failure

Recipe for Failure:

1. Treat workers like crap.

2. Good workers go elsewhere.

3. Security policy ignored or not understood by those who remain.

4. Breach.

5. Repeat above.

If you wanna learn from the IT security blunders committed by hacked hospital group, here's some weekend reading

GnuTzu Bronze badge
Mushroom

Not a Fan of Citrix

It's too damn difficult to enable Citrix services over the Internet through a web proxy--without mucking up security, and no one ever seems to have Citrix support to address that garbage--so I'm always having to reverse engineer that crap. No wonder that was part of the problem. Yeah, I'm a proxy admin, and Citrix is a serious thorn in my side, and I wish policy out-and-out forbade it. Time to grow up and get your sh*t in order Citrix.

No plain sailing for Anon hacktivist picked up by Disney cruise ship: 10 years in the cooler for hospital DDoS caper

GnuTzu Bronze badge
Trollface

Re: What a hero

Our pigeons can do TCP/IP.

Medical advice app Your.MD could have been tampered with by anyone, alleges ex-veep

GnuTzu Bronze badge
Unhappy

"I was being neutered from discussing [the problems] publicly"

"Neutered" is an apt way to describe what it feels like to try and address security questions in most organizations. "Castrated" (regardless of gender) would be even better.

Jeep hacking lawsuit shifts into gear for trial after US Supremes refuse to hit the brakes

GnuTzu Bronze badge

Faraday Cage

Has anyone determined if these things run inside a Faraday cage? Maybe there's a market for aftermarket shielding kits.

GnuTzu Bronze badge

Re: So... -- Market Prices

Still wondering how much the price of per-networked vehicles is going to go up.

Great, you've moved your website or app to HTTPS. How do you test it? Here's a tool to make local TLS certs painless

GnuTzu Bronze badge

minica

I found minica to be a little too minimal. It was a good starting place, but there are just things about OpenSSL configurations that are just too weakly documented, which of course is why minica and other projects exist.

Senator Wyden goes ballistic after US telcos caught selling people's location data yet again

GnuTzu Bronze badge

Re: Re-seller

You're right. The presumption was that the budget rate was fortified by selling the data, but surely paying a premium rate doesn't change the value of the data or the willingness of a for-profit company to use it. Points to you.

GnuTzu Bronze badge
Unhappy

Re-seller

I'm using one of the budget services, and I just realized how likely that makes it that my data is being sold. And, since they are a re-seller, it makes me wonder if my data is being sold twice over. I feel like lining them up like Larry and Curly and double slapping them the way Moe used to do.

Cops: German suspect, 20, 'confessed' to mass hack of local politicians

GnuTzu Bronze badge

"acted out of annoyance"

With all the anger in the World, one might think this was a bit of an understatement.

FYI: Twitter's API still spews enough metadata to reveal exactly where you lived, worked

GnuTzu Bronze badge

Chaff

I'd like a tool that makes it appear if I'm randomly changing my location every 5 seconds by over 10 miles.

Aussie Emergency Warning Network hacked by rank amateurs

GnuTzu Bronze badge
Joke

Emergency, Emergency

Emergency, Emergency: fake emergency notifications sent.

LA Times knocked out, HackerOne slips up and – amazingly – router security still sucks

GnuTzu Bronze badge

Re: Did the drone(s) even exist?

Surely, someone took pics, and/or they showed up on security cameras. It'd be sad if no one bothered to capture evidence.

It's the end of 2018, and this is your year in security

GnuTzu Bronze badge
Mushroom

Equifax -- Penalties

Fill in rant about how hand slaps are just not enough and how over-sized objects need to be stuffed into certain little holes.

London Gatwick Airport reopens but drone chaos perps still not found

GnuTzu Bronze badge

Re: Cost?

Well, I was talking about the cost to the airport and the victims. But, I do think we are going to see drone-hunting drones--though I think there's a discussion about that earlier in the comments.

GnuTzu Bronze badge

Cost?

This little air-space denial exploit must be expensive as crap. I know authorities have been talking about this, but I think we're going to see some serious controls put in place--along with some serious penalties--much more than has so far been considered--including labeling this crap as terrorism.

Uncle Sam fingers two Chinese men for hacking tech, aerospace, defense biz on behalf of Beijing

GnuTzu Bronze badge
Thumb Down

Re: Another anti-globalisation stunt from the anti-semites in the US govt

"...stealing American IP is a win-win?"

It's clear from other comments on this that people are having trouble wrapping their heads around this, but I'm going to take a stab at making sense of this non-sense--for what it's worth.

I'm all for voluntary open source and a market that supports or even encourages it; yeah, that would really be nice. But I just can rationalize stealing tech as some kind of justifiable civil disobedience to force tech to go open source--especially when China isn't sharing that tech any more than American companies.

Anybody else have any thoughts on what the hell that guy was thinking? Or, was the anon. coward just being facetious and failing to make that obvious?

France next up behind Britain, Netherlands to pummel Uber with €400k fine over 2016 breach

GnuTzu Bronze badge
Meh

Re: Stolen ?

In some places, it's illegal to leave your keys in the car. Such laws don't make leaving your keys in the car an advertisement for a free car. Anyone taking a car with the key left in the ignition is still a felon.

This is why blaming the victim is a fallacious defense against an accusation of felonious attack.

Chill, it's not WikiLeaks 2: Pile of EU diplomatic cables nicked by hackers

GnuTzu Bronze badge
Meh

"...the hack "also revealed the huge appetite by hackers to sweep up even the most obscure details..."

Um, yes. It's the nature of the beast. They sniff around, slurping up pretty much anything, and then decide what to do with it later. And, they'll sell them selves on the claim that they can get all kinds of information--even stuff that most would not consider all that sensitive--because massive gobs of data has more value than most think.

Fraudster convicted of online banking thefts using… whatever the hell this thing is

GnuTzu Bronze badge

"Devotional postcard?"

I'm always puzzled by the religiosity of criminals. Surely, there must be studies done on such things.

US bitcoin bomb threat ransom scam looks like a hoax say FBI, cops

GnuTzu Bronze badge
Headmaster

Terrorists Also Need Funding...

Yes, by definition they are extortionists. However, that does not mean that terrorists would never demand money, because they need funding as any group does.

But, that leaves the question: can a funding campaign also be a terror campaign? And, for that, I'm going to go with: not so much. Yes, one could fear that terrorists have found a new way to raise funds, but, well, that's still not a terror campaign.

Will the feds want to declare it terrorism? Oh, hell yes. That way they get to use special terrorism laws to get special snooping rules and tools and nail them to the wall stiffer punishments.

US elections watchdog says it's OK to spend surplus campaign cash on cybersecurity gear

GnuTzu Bronze badge
Megaphone

Re: Whaaaaaaaaaat? -- The Political Dream World

Outrage absolutely justifiable. How was this ever a question? They should have said: "if you thought you couldn't spend campaign funds on cyber security, then you were in serious danger of having your asses sued to the wall." This is absolute proof that politicians are living in a dream world where reality has no representation--and therefore, politicians are utterly unable to represent anyone that lives in reality.

Taylor's gonna spy, spy, spy, spy, spy... fans can't shake cam off, shake cam off

GnuTzu Bronze badge

Creepy yes. To defend against creepy stalkers, they've become a whole new kind of creepy stalker. Oh wait, it's not that new is it; it's just automated now.

UK white hats blacklisted by Cisco Talos after smart security code stumbles

GnuTzu Bronze badge

Re: It wasnt a mistake...

Funny as that is (voted up), categorization services generally do have ways to submit URL's for re-categorization--which means that humans still--at least for the time being--get to override the AI.

Bulk surveillance is always bad, say human rights orgs appealing against top Euro court

GnuTzu Bronze badge

Re: Symbol of the philosophy behind it

Surely, there is "laziness and incompetence" (up voted), but there is also zeal and patriotism--which is ill founded in the free world when violating rights, and there is the fundamental problem of results and limited budget, which is the most legitimate argument--though still inadequate. Yet, they (you know who) don't admit to these things, so there is also a fundamental dishonesty and hypocrisy.

It is with a heavy heart that we must inform you hackers are targeting 'nuclear, defense, energy, financial' biz

GnuTzu Bronze badge
Megaphone

Now That We Know About It

If they've gotten anywhere before this discovery, that will be news. If they get anywhere after this bit of news, then somebody's going to really have to answer for it.

Nice phone account you have there – shame if something were to happen to it: Samsung fixes ID-theft flaws

GnuTzu Bronze badge
Stop

No No No -- Not The "Referer" Alone

First, yes, "Referer" is actually spelled that way in the HTTP standard--not my fault. They'd better be doing more than just relying on that header, as it's spoof-able. Like "User-Agent", it's simply not a strong security control.

Lenovo tells Asia-Pacific staff: Work lappy with your unencrypted data on it has been nicked

GnuTzu Bronze badge
Unhappy

Re: news

Yup. When people go numb and acclimate to it, vigilance will fade. Only wide-spread pain will bring people to action, but how great will the pain need to be to prevent a cascade that will accelerate into a landslide of catastrophe?

Linux.org domain hacked, plastered with trolling, filth and anti-transgender vandalism

GnuTzu Bronze badge

Re: Windows vs Linux

I keep saying: Linux has been around and proliferated successfully enough to become a target. It's no longer just a patch Tuesday World.

Wow, what a lovely early Christmas present for Australians: A crypto-busting super-snoop law passes just in time

GnuTzu Bronze badge
Trollface

Re: In other news...

Yes, and the Earth is clearly flat.

I fear this disease will spread, as it is clearly contagious.

Page:

Biting the hand that feeds IT © 1998–2019