* Posts by Maelstorm

123 posts • joined 14 Jun 2015


Cyber-insurance shock: Zurich refuses to foot NotPetya ransomware clean-up bill – and claims it's 'an act of war'

Maelstorm Bronze badge

Oh yeah

An act of war? Really? So far all we know it was Russian hackers. They were probably state sponsored, but the insurance company is going to have to prove that in court. I agree with Big AI 23, they are trying to see what they can get away with. That and they probably want to hold out on the payment for as long as possible to get all the interest they can from the banks.

Steamer closets, flying cars, robot boxers, smart-mock-cock ban hypocrisy – yes, it's the worst of CES this year

Maelstorm Bronze badge

Robot on robot crime is now a thing...

There is one other thing that isn't showing that the article didn't mention because in other news, a robot that was supposed to be shown at CES suffered major damage when it was run over by a Tesla in autopilot mode. Granted, it is suspected that this was a publicity stunt. But still, robot on robot crime? We don't have laws for that here in the U.S.A (Surprise!). You can read about it here:


Wanted – have you seen this MAC address: f8:e0:79:af:57:eb? German cops appeal for logs in bomb probe

Maelstorm Bronze badge

Technical Details

The MAC address (Media Access Control) is the hardware address that is in the ethernet frame header at layer 2. ARP (Address Resolution Protocol) binds the MAC address to an IP address that we all know and love. MAC addresses are hardware specific and can be changed. If the perpetrator is reading this, then they have either changed their MAC address or disposed of the device.

In case you are wondering, the first three octets describes the manufacturer.

Linus Torvalds opts for the scream test: Linux kernel syscall tweaked to shut data-leak hole – anyone upset, yell now

Maelstorm Bronze badge

The manual page for mincore for FreeBSD just shows if a page is allocated and if it has been modified by the calling process or otherwise. I've never really found a use for it as paging is handled by the operating system. What I have used those is madvise, mlock, munlock, mmap, and munmap when I wrote a pooled memory manager some years ago.

Perhaps some libraries use it.

FreeBSD Manual: mincore

The D in SystemD stands for Dammmit... Security holes found in much-adored Linux toolkit

Maelstorm Bronze badge

I use FreeBSD, and for good reason.

SystemD is a total piece of shit. In fact, Linus was so fed up with the antics of one of the developers that he banned the guy from contributing to the Linux Kernel. This is why I use FreeBSD for my servers. Fast, reliable, and shit free.

SystemD violates the Unix way of doing things: Have one tool to do one thing and do it well.

This is why we have tools like chmod, chown, chgrp, ls, mv, cp, rm, mkdir, rmdir, cd, etc... All those tools do primarily ONE thing, and they do it well. The login tool handles user logins. Cron handles timed start of tasks (think Task Manager in Windows). SystemD just gobbles up all the startup tools for the sake of a faster, parallel boot strategy. Unix systems do not restart every 5 minutes, so it's a useless endeavor for a non-problem...aka a waste of time.

It'll soon be even more illegal to fly drones near UK airports

Maelstorm Bronze badge


And here in the good ole U.S.A., we have a regulation issued by the FAA that drones must be registered, a fee paid, and the drone must have an ID number on it. This rule was established in 2015. However, in 2017, the rule was amended so that this only applies to drones that fly for commercial use. Drones that fly for fun do not need to be registered.

Er, we have 670 staff to feed now: UK's ICO fines 100 firms that failed to pay data protection fee

Maelstorm Bronze badge


If this ICO is supposed to be a regulatory body, then why isn't it being funded by the government? Here in the U.S., a regulatory body is funded from the government, and its funding is budgeted. There are taxes (sales tax, income tax) and fees, but nothing like the structure of the ICO in the U.K.

More nodding dogs green-light terrible UK.gov pr0n age verification plans

Maelstorm Bronze badge
Big Brother

This will not work.

This will not work, and here's why. The law only applies to sites in the UK. What about U.S. sites like pornhub and xnxx? Any enterprising individual who knows anything about how the internet actually works can just switch their DNS servers to something in the US and bypass any blocks. You can also contact the IP address directly without going through DNS. So DNS based blocks won't work. You will have to have something like the Great Firewall of China to actually block it, and even that is problematic because many porn sites now use HTTPS which is encrypted, so deep packet inspection at the ISP won't work either.

So yeah, this is very doable, very feasible, and it will work well. So you don't believe my smiling face? I don't believe it either.

Staff sacked after security sees 'suspect surfer' script of shame

Maelstorm Bronze badge

How stupid can people be? Very, apparently...

Seriously people, here in the US, the employer is providing you with a PC and a network connection on their dime, and they expect you to do work on their behalf while on the clock. Not sit there and flap to porn all day. They will usually tell you that they are watching.

There was an incident back in the 1990's at my old employer which caused a bit of a ruckus. What happened was a group of technicians was watching porn on one computer, creating a hostile work environment. One employee told a supervisor and nothing happened. The they told that supervisor's boss and nothing happened. Finally, that employee told the boss's boss's boss and something finally happened. An investigation ensued and twelve people were sacked, and several others were suspended. After that, the entire company got a mandatory course in how to avoid sexual harassment in the workplace.

Seriously, how stupid can people be? Apparently very stupid.

Uncle Sam fingers two Chinese men for hacking tech, aerospace, defense biz on behalf of Beijing

Maelstorm Bronze badge

One sure fire solution to cyber security is to air-gap the networks. If you have to be physically present in the building to access it, then that makes it so much harder for someone to break into a network. Furthermore, these corporate idiots should be encrypting their data before sending it to the cloud. If you store it in plaintext, then you are just asking for it to be stolen.

Maelstorm Bronze badge

In my experience management has low to no interest because it costs and that may lower executive bonuses.

Well, there has been talk at the federal level to institute civil and criminal penalties for executives who fail in data protection. You cannot regulate stupid, but you can put them under the jail for it. Now I'll be taking my jacket and I know my way to the door.

You wait for one IT giant to show up with its sales figures, then two come at once: Red Hat, Oracle

Maelstorm Bronze badge

Screw Oracle...

Big Red and Larry can go F themselves after the lawsuit against Google for Java on android. On top of that, they are screwing Java developers with new licensing terms. I will not shed a tear for Larry and Co.

That and what they did to people with Sun hardware (you are not allowed to download Solaris unless you have a support contract). Probably why places like eBay is flooded with Sun hardware.

Poor people should get slower internet speeds, American ISPs tell FCC

Maelstorm Bronze badge

Here's the thing...

Here's the thing, I used to work for a major telephone company in the USA. I worked there for many years. Basically, under heavy regulation, business wireline telephone service subsidized residential service, generally speaking. However, everyone paid a fee called universal lifeline. What that is, it's a subsidy that allows the phone company to provide basic service to people who cannot afford it or are on low income...such as my 89 year old grandmother who just gets Social Security.

This system has worked for many many years. So I can see this happening with internet access. I am old enough to remember, and I'm sure many here are as well, during the 1990's dialup is all we had. If you had a 9600pbs modem in 1991, you were smoking. 14,400 or 28,800 in 1995 or so, and the 56k modems in the late 1990's. If you were willing to shell out some money, you could get bonded ISDN service for a whopping 128k speed, metered of course. If you wanted faster, then you could get multiple ISDN lines, or pop for a T1 for $995.00/month for 1.536 megabit service. But in the late 1990's, ADSL came out and it started a feeding frenzy that continues to this day with various implementations and advancements. For 10 years through the 2000's, I had 6 mbit ADSL and it was fine for me. Cable modems from the cable company came out in late 1996 or early 1997. For a long time, my mom had 384k internet, and that was considered broadband.

So, you will understand when I say that anything faster than dialup I consider broadband. The 10/1 minimum for people who cannot afford it otherwise is actually a good idea. The people who can't afford it otherwise probably don't have computers that can handle the applications that use the high bandwidth network anyways. I'm talking about streaming video, games, and other applications. General web browsing is fine.

In this day and age, I call it high speed network access. A 10 mbps datalink was a standard LAN speed back in the day, and it will suffice for most things, especially for someone who has nothing at all. With the things that I do, I can bury a 100 mbps network connection. So I can see ISPs such as AT&T, Verizon, and Qwest charging a little extra to subsidize those who cannot afford internet access, and still turn a profit.

No taxpayer dollars needed.

It worked for regular POTS phone service, and I see no reason why it wouldn't work for internet access. Companies are for making money, and asking for taxpayers to help foot the bill is just being plain greedy.

Disclaimer: I own sock in one of more of the companies that have been mentioned.

Maelstorm Bronze badge

Re: Municipal cable companies

About 22-24 years ago, a cable company known as Century Communication Corp replaced ALL the cable in my town with fiber optics and served our TV service from that. Then they got bought out by AT&T broadband, which was eventually sold to Comcast...affectionately known as Comcrap or Crapcast. Since the technology was still relatively new, there were problems with the fiber optic terminals that converted the fiber signal to the 75 ohm coax cable. I don't know what they spent to wrap the town in fiber, but I know it was a pretty penny to do so.

For fax sake: NHS to be banned from buying archaic copy-flingers

Maelstorm Bronze badge

Re: Is internet as reliable as legacy 'phone system?

"My experience is that POTS outages are rare, but internet outages are common.

Does anybody have any (non-anecdotal) data about outages?"

I used to work for AT&T in wireline service (aka POTS). The outages causes by hardware failure in telephone switching equipment is rare, and usually only affects a small number of customers (usually people within a block of ports or something like that). The really big outages were caused by drunk drivers taking down a pole or some construction crew with a backhoe ripping a cable out of the ground.

One memorable event took place in the early 2000's where someone was drilling sideways under US101 here in California, USA in Marin County. They snagged the fiber optic cable with the auger and took down a whole bunch of things. The highway patrol closed the freeway so repair crews could jackhammer the pavement to get at the cable to fix it.

Maelstorm Bronze badge

The last time that I checked...

The last time that I checked, you cannot hack a fax machine and a filing cabinet remotely.

Medical records? "Secure" email? Single point of failure?

What can possibly go wrong?

If you ever felt like you needed to carry 4TB of data around, Toshiba's got you covered

Maelstorm Bronze badge

Since nobody has said it yet...

Since nobody has said it yet, then I will...

That's a lot of space for a pr0n collection.

On a more serious note, I would like to say that any sensitive data on a portable device must be encrypted so that our government overlords...err law enforcement...can't access our deepest and darkest secrets.

Wow, what a lovely early Christmas present for Australians: A crypto-busting super-snoop law passes just in time

Maelstorm Bronze badge

At least our Congress is intelligent enough to realize that you cannot legislate science.

Funnily enough, China fuming, senator cheering after Huawei CFO cuffed by Canadian cops at Uncle Sam's request

Maelstorm Bronze badge

"At the request of the US side, the Canadian side arrested a Chinese citizen not violating any American or Canadian law. The Chinese side firmly opposes and strongly protests over such kind of actions which seriously harmed the human rights of the victim,"

I'm sorry, for China to claim that this is a violation of her human rights is just laughable...especially when you look at China's human rights violations over their history. Pot, meet Kettle.

If the United States wasn't so damn arrogant and sticking their nose where it doesn't belong all the time, then these other countries wouldn't be so keen on acquiring weapons to defend themselves against us. It's a game of control. Look at North Korea. The only reason why they want nuclear weapons is to counter the United States. So take a look: The axis of evil is Afghanistan, Iraq, Iran, Syria, North Korea, Cuba, and Libya. Two of those were invaded. Syria in in a civil war, and Libya disposed of their dictator. So looking at that, I can see why Kim Jong Un want's nuclear weapons. I would be nervous too.

Giraffe hacks printers worldwide to promote God-awful YouTuber. Did we read that one right?

Maelstorm Bronze badge

One must always question the intelligence of the people who watch YouTube.

High Court agrees to hear full legal challenge of Blighty's Snooper's Charter

Maelstorm Bronze badge
Big Brother

At least in the UK...

At least in the UK, you can challenge mass surveillance. Here in the United States of America, fat chance. People have tried and have had their cases dismissed because of 'State Secrets Privilege' which caused necessary evidence to be withheld in court. There have been criminal convictions where the evidence used in the prosecution was withheld from the defense because it was 'classified,' which is a blatant violation of The Constitution. But of course, any dissident voices are routinely silenced so the public at large doesn't know what is going on.


3ve Offline: Countless Windows PCs using 1.7m IP addresses hacked to 'view' up to 12 billion adverts a day

Maelstorm Bronze badge


In Soviet Russia, you don't view and click on the ads, the ads view and click on you.

Washington Post offers invalid cookie consent under EU rules – ICO

Maelstorm Bronze badge

The EU vs US?

The problem here is that you have an EU entity trying to enforce its laws on a US company. The quote "Given that US law doesn't really address consent for cookies and the FTC is kind of wishy washy on it, the MoU would be about as much use as a chocolate teapot in this case." pretty much sums it up in this case. A case could be made for reputation, but they have to pay the bills somehow. Besides, EU law does not apply inside the US just because the EU says so, especially if laws conflict. This was more or less resolved in previous cases (Yahoo!, France). The same thing applies the opposite way as well (Well, it should). Although nobody could blame you for thinking otherwise with recent developments like the CLOUD act here in the US where US Law Enforcement can force a company to turn over data which is stored on foreign soil (Microsoft, Ireland), which in my opinion, is a violation of the foreign nation's sovereignty. Time for me to grab my jacket and hit the door.

One other thing... From a technical perspective, you *MUST* have cookies if you log into the site. As a developer, HTTP/HTTPS is a stateless protocol. So you have to have cookies to maintain user state on the server. So basically, if you don't agree to having cookies set on your browser, then you are not going to be logging into a website. That's the short and long of it from a technical aspect. PHP doesn't really give you any other option, unless you handle the session state yourself, but you will still need to have cookies to keep track of it.

We asked the US military for its 'do not buy' list of Russian, Chinese gear. Surprise: It doesn't exist

Maelstorm Bronze badge

There is...or used to be...

There is or was a federal law on the books that goes something like this: "Products purchased for government user must be bought from US companies." or something to that effect. So a list like this is probably classified, which means el Reg can FOIA it till they are blue in the face and they response will always be "We can neither confirm nor deny that any such list exists."

Frankly, I'm quite surprised they didn't outright ignore your request.

'Pure technical contributions aren’t enough'.... Intel commits to code of conduct for open-source projects

Maelstorm Bronze badge

Respect is given where earned

I am from the school of thought that respect is earned. In general, I respect people until I have a reason not too. If this offends someone, then they can go kiss my hairy white ass. The whole feminism and SJW special snowflake thought police leaves a bad taste in people's mouth. Before it was about bullying...now it's against people who hurt other people's feelings.

Well, I say get used to it. That's life. There are always going to be assholes out there. In places like California, we are growing people who cannot function unless they are wrapped up in bubble wrap. Any slight to their fragile egos and they start crying "Whaaah. You hurt my feelings. I want my safe spot." I'm sorry, but in this world there is no safe spot, which means that these people will be facing a very harsh reality.

The mysterious life of Luc Esape, bug fixer extraordinaire. His big secret? He's not human

Maelstorm Bronze badge

But can it fix coding bugs that cause security holes?

Alexa heard what you did last summer – and she knows what that was, too: AI recognizes activities from sound

Maelstorm Bronze badge
Big Brother

Not too far off....

I can imagine that in the not too distant future, when you are getting frisky with your significant other, a package gets delivered which contains...adult...play toys. Or, have a telemarketer call you to pitch some new IoT connected 'stimulating' device. Um...no thanks. The knowledge of some activities should not be leaving the bedroom.

Leaked memo: No internet until you clean your bathroom, Ecuador told Julian Assange

Maelstorm Bronze badge


Considering that this guy published STOLEN documents belonging to the United States Government (confidential, secret, top secret), I support the move to have him brought here to the US to stand trial under espionage charges. He published over 250,000 diplomatic cabals between the State Department and our embassies, now there's the whole Vault 7 thing which consists of communications, documents, and source code that was stolen from the CIA's internal, air-gapped network. This guy needs 'el Chappo' Guzman as a cell mate.

Personally, I welcome his current accommodations. A self imposed prison sentence at the hands of a foreign nation. If more criminals could be like him we wouldn't need jails.

One other thing. The UK says they will arrest him if he leaves the embassy. The question becomes what if Ecuador grants him diplomatic immunity? Or if they sneak him out? Surely the UK is not searching diplomatic vehicles. They could smuggle him out to an undisclosed airport and send him to Ecuador.

In the two years since Dyn went dark, what have we learned? Not much, it appears

Maelstorm Bronze badge


What really needs to happen is a complete redesign of how networking works. Many of the protocols that we currently use were developed in the 1960's and 1970's. In that period, ARPANET as it was called back then, connected universities and military installations together. Because of the caliber of the users back then, security wasn't a forethought, or an afterthought, for that matter. Fast forward to today, and much of the security that is now in place is patch after patching patch of bolt-on fixes for newly discovered vulnerabilities. DNS is no different. So we need a redesign of networking protocols which implement security from the start. However, 40+ years of code will have to be scrapped for that to work, which I do not see happening any time soon.

It's October 2018, and Microsoft Exchange can be pwned by a plucky eight-year-old... bug

Maelstorm Bronze badge

As a developer...

As a developer myself, it's nearly impossible to ship software that is bug free. The best that you can do is just check your input and make sure that it makes sense. I write operating systems, so there is a level of expertise that is required that most other developers do not have, and the security implications are more serious. For an app developer, a security hole can compromise a user. For a system software developer like myself, a security hole can compromise the whole system.

Microsoft yanks the document-destroying Windows 10 October 2018 Update

Maelstorm Bronze badge

In Soviet Russia...

In Soviet Russia, you do not perform Q&A on the software, the software performs Q&A on you.

Oracle? On my server? I must have been hacked! *Penny drops* Oh sh-

Maelstorm Bronze badge

Downgrade to Oracle...

"If so, the hackers had seen fit to install a full version of Oracle too, which struck me as a little cruel and unusual, even by the low standards of your average cybercrook."

Well now, looks like I'm not the only one who considers Oracle a downgrade.

California cracks down on Internet of Crap passwords with new law to stop the botnets

Maelstorm Bronze badge
Big Brother

The problem...

There are several problems with this. Let's go down the hit list, shall we?

1. As the first commentor stated, trust in IoT is dead, and for the reasons given.

2. IoT devices are made to be cheap, get flung out the door quickly, with security as a second though.

3. The reason behind #2 is every manufacturer wants to be first to market with a device, so the software people don't have enough time to fully test and secure the product before it is shipped.

4. The average lifetime of an IoT device is about (guestimate) 18 months before manufacturers no longer support it.

5. This bill, although it is a step in the right direction, is misguided for several reasons. Those are enumerated below:

5a. Most of this hardware is manufactured oversees, which means that the law won't even apply to most.

5b. For those who do manufacture the hardware here in California, you are going to significantly increase the costs to the manufacturer. They will need someone to program a password into each device (or generate one automatically), and then print more, unique documentation because now the passwords between the devices are different.

5c. Hope that the person who is typing in all these passwords gets it right.

6. How are you going to enforce this? Have the state become a nanny? More so than it already is? Sorry, I'm tired of the nanny state. I don't need Big Brother telling me what I need to do to improve the security of my devices.

A much better way to do this is to educate the public on the security issues. Make it part of the public school education curriculum. That way, everyone will at least be aware. However, that will not help when you have a IoT Tea Pot with a default password of 000000 that cannot be changed...

Want to get Serverless into production? Spend a few days with us

Maelstorm Bronze badge

Serverless huh?

Serverless huh? For who? That is just the current industry buzzword that is floating around. There is nothing new to see here folks. What the buzzword really means is that you have to pay money to host your data on the cloud. That's where the server is.

Sunny Cali goes ballistic, this ransomware is atrocious. Even our IT bill will be something quite ferocious

Maelstorm Bronze badge

It was the Russians.

It was the Russians I tell you, the Russians did it!!!! They are getting back at us for the election hack...wait...they did that to us... Nevermind.</joke>

Probably not, but it was still fun.

Oracle pours a mug o' Java 11 for its addicts, tips pot of Binary Code License down the sink

Maelstorm Bronze badge

#1 Programming Language? Think again...

Our programming language is still number one, insists database goliath.

I disagree. Java is a piece of shit language with delusions of grandeur. It thinks it's a real programming language like C++, but when in fact it's the schoolyard bully, and it fails even at that. It's slow and cumbersome. It's only saving grace is that it is platform independent.

Open-source software supply chain vulns have doubled in 12 months

Maelstorm Bronze badge


I'm more interested in the fact that hackers were caught installing vulnerabilities directly into the source code and very few people are noticing. The ones that have been reported are probably the tip of the iceberg. That is one of the big issues with open source, when everybody is working on it, who is vetting these people and making sure that they are not doing something nefarious? Brings to mind "too many cooks...."

Couldn't give a fsck about patching? Well, that's your WordPress website pwned, then

Maelstorm Bronze badge

Re: These scammers do not like me.

Oh, it's hilarious. It's been my new form of entertainment for about 3 months now. I learned how to do it by watching youtube videos. Some have links to the tools that they use too.

Maelstorm Bronze badge

These scammers do not like me.

Why? Because one of my hobbies is to trick them into thinking that I am in need of their 'services' when in actuality, I am scamming them. The longer they stay on the phone with me, that is time they can't scam someone else. In some cases, they downloaded and ran programs off my VM that they were connected to and ended up destroying their computer. WannaCry anyone? Hey, if they were legit, they wouldn't be downloading fake word documents titled banking_details.doc.exe with the extension hidden and a word doc icon.

These fake tech support scammers will syskey your machine and then you have to pay $200-300 to to get the password to unlock your machine. That is how they make money. And a lot of them use iTunes gift cards, and they are mostly out of India...at least that's been my experience.

No, that Sunspot Solar Observatory didn't see aliens. It's far more grim

Maelstorm Bronze badge

Maybe, just maybe...

Maybe, just maybe he was using the telescope to spy on naked kids taking a bath through their bathroom windows. With a telescope that big, you could almost see through walls.

DraftKings rides to court, asks to unmask 10 DDoS suspects

Maelstorm Bronze badge


I second the concerns raised here. Malware is rampant on computers these days, especially Windows PCs. Yes, the IP addresses that they have are the ones that attacked them. However, was it the person who is actually sitting at the computer doing it, or was the computer commanded to do so because it belongs to a botnet.

These guys do know what a botnet is, right?

A valid defense is that when the machine is examined, if malware is found, then what? Are they going to continue to sue an innocent person who had no idea that their computer was infected?

"You were complacent in the attack because you allowed your computer to participate in it, even if it was without your knowledge and/or consent."

That will go over real well in the courts and the media.

Security bods: Android system broadcasts enable user tracking

Maelstorm Bronze badge

They failed again...

What the?

So why is it the application developer's responsibility to mask this information?

Netowrking is system level information that only the system should be aware of. Giving the responsibility to keep it private to the apps guys is like putting the personal details of government employees on the web and hoping that China/Russia won't steal it. Because as we all know, not app developers are created equal. This is a big glaring security hole if you ask me.

No do-overs! Appeals court won’t hear $8.8bn Oracle v Google rehash

Maelstorm Bronze badge


There's been some cases dealing with similar issues that have already been decided. The cases are as follows:



A copyrighted file is a copyrighted file regardless of what it contains. However, APIs are key for interoperability and should not be copyrightable. As someone else said, if SCOTUS rules that APIs are copyrightable, then all software development will be driven out of the country which will bring the country down. There are literally hundreds of thousands of independent software developers out there whose livelihoods are being threatened by this decision.

Windows 0-day pops up out of nowhere Twitter

Maelstorm Bronze badge

Microsoft's *REAL* Response

That Microsoft Guy:

You are all mistaken. What is referred to as the ALPC bug is actually an obfuscated feature that we put in at the request of the NSA. It allows a user to gain system level privileges without having the the password to the Administrator account. It is to be used by users to perform admin tasks on the machine without actually bothering the admin. Eventually, we plan on expanding this feature so that the end users will be able to administer the networks they are connected to without needing a password. Therefore, lazy system administrators will be rendered redundant and can be laid off saving the company the unneeded expense of paying a dedicated person to administer the network.

So what can possibly go wrong?

Fire chief says Verizon throttled department's data in the middle of massive Cali wildfires

Maelstorm Bronze badge

What will it take?

What will it take to reign in these greedy corporate bastards? Someone dying because of their action or inaction. Granted, in THIS case, Verizon owned up to their mistake and made a public apology. Thank God nobody was hurt as a result of their screwup though.

However, during the late 1990s, US West (before they were bought out by Quest Communications) had a work stoppage (aka strike). During that strike, 911 service went down and a 9 year old child died as a result. The next day the FCC told both US West and the Union (Communications Workers of America) that the strike was over and ordered the workers to return to work. US West was almost fined into the ground for that because ultimately, it was their responsibility to maintain service.

So phar, so FUD: PHP flaw puts WordPress sites at risk of hacks

Maelstorm Bronze badge

This smacks of a security flaw caused by a lazy programmer. In fact, either it's someone who is lazy, doesn't care, or they do not know how to fix the problem since it was first reported to Wordpress Feb 2017.

The simple fix is do not allow regular users to upload. Leave that for an administrator. Problem solved.

SentinelOne makes YouTube delete Bsides vid 'cuz it didn't like the way bugs were reported

Maelstorm Bronze badge

Streisand Effect?

Interesting, if anyone downloaded it, it should be popping back up pretty soon. Now that they have done this, they will never be able to take it off the net.

Bitcoin backer sues AT&T for $240m over stolen cryptocurrency

Maelstorm Bronze badge

Stinking Stocks

AT&T stock has been stinking lately. Now it's going to stink even more regardless of the outcome of this case. Time to move my investment somewhere else. Oh, and stinking is not a city, county, or state in the USA.

Seriously though, AT&T has had problems with employees in the past who took bribes or did not follow procedures which then enabled further security breaches. The person who did this will most definitely lose their job, and may even face prosecution if it can be proven that they took a bribe. ASSet Protection (also known as Corporate Security) is staffed with former FBI agents who conduct these investigations internally.

I have a few stories if anyone is interested.


Biting the hand that feeds IT © 1998–2019