* Posts by something_or_another

82 posts • joined 14 Jun 2015

Page:

WikiLeaks a 'hostile intelligence service', SS7 spying, Russian money laundering – all now on US Congress todo list

something_or_another

Re: yeah,,,,

"Exposing criminal activity by the US government (mine) will get you killed or worse."

Snowden is still alive .... Drake is still alive. I harass them all the time, I'm still alive.

You've just bought what they WANT you to believe. #FuckTheNSA .... #FuckTheCIA. Grow a set and stand up to them, instead of being a pussy!

0
1

Hua-no-wei! NSA, FBI, CIA bosses put Chinese mobe makers on blast

something_or_another

China trash.

For all you assholes that down vote me for saying, "Fuck China, Fuck Huawei", fucking buy that shit and be owned, LOSERS!

2
45

Here we go again... UK Prime Minister urges nerds to come up with magic crypto backdoors

something_or_another

Just sprinkle on a little pepper.

They'll just push everyone to become a little more creative.

Take GPG. Shuffle the cipher text in a manner than the g-men would have to take into account. For instance, encrypt it several times, with different Algos, then remove the GPG header footer from the final cipher (that means they have to account for all the various GPG/PGP headers) ... then have a script that'll omit any line that contains an "=" or is less than x # of characters. Take the remaining lines, you + recipient agree on a daily changing pepper, and shuffle the remaining characters with it. Say today's #s are 3 and 8 .... run the script to swap every 3rd character line with every 8th. Sure, you'll/they'll get a CRC error, but they'd have to solve for all the shuffling 1st....and how long will that take, assuming that they don't have quantum computers cracking it? Then they'll have to solve all the different layers.

Why do they think that we can't solve for that? Remove a line, post that line, encrypted, elsewhere. There are plenty of ways around compromised crypto, if you're not lazy. Time would not be on their side.

0
0

Uncle Sam's treatment of Huawei is world-class hypocrisy – consumers will pay the price

something_or_another

FŬCK HUAWEI & CHINA!

Huawei's success was built off the theft of Nortel's IP, and who knows how many other companies. China can piss off.

1
15

Intel finds critical holes in secret Management Engine hidden in tons of desktop, server chipsets

something_or_another

What is, Not New News?

We were warned.

https://www.theregister.co.uk/2015/12/31/rutkowska_talks_on_intel_x86_security_issues/

16
0

Equifax mega-breach: Security bod flags header config conflict

something_or_another
Thumb Down

El Reg -n- HTTPS.

It only took them years to figure out https ..... don't tax them with getting SPF right.

0
0

So, FCC, how about that massive DDoS? Hello? Hello...? You still there?

something_or_another

Ajit Pai and his DSLs

He just can't wait to wrap his big ole DICK SUCKING LIPS around Drumpf's cock to curry favor. Like he has any other motivation. FUCK I HATE REPUBLICANT'S!!!!

0
0

US Secretary of State: I will work with Russia on cyber security issues

something_or_another

Being played the fool!

What a load of shit. China and Canada, US and Russia, and the halting of cyber attacks. It's just Bullshit. What incentive does China have to stop robbing orgs of IP. NONE!. The fool of these agreements will be the loser - Canada, US.

How about building and maintaining secure infrastructures, gear and apps; instead of meaningless agreements.

Step one, fire 90% of devs. Step two, stop buying Chinese hardware. Step 3, FUCK RUSSIA.

1
1

Why I just bought a MacBook Air instead of the new Pro

something_or_another

Re: Solder not Socket...

Chaining monitors has been around way longer than USB-C. And speaking of USB-C - so nice of Apple to make their use of it proprietary. Can't just get ANY USB-C cable and use it with a MAC.

Fuck that!

9
0
something_or_another
Thumb Down

Re: Surface is nice and all

"I'm giving Devuan a try."

LOL ... talk about planned obsolescence (yours and Duvuan whiners)! Linux with concrete shoes. "Let's do the opposite of the industry".

Way to inform the world that you're going to stick with yesterday's skills, aging out, while everyone else is maintaining relevance. Don't get irritated when nobody wants to handhold you as to why you can't find the SysV init scripts.

1
21

Heads roll as Qihoo 360 moves to end WoSign, StartCom certificate row

something_or_another
FAIL

Nananana na na na na NO!

No Chinese anything TRUST!

1
0

FBI wants to unlock another jihadist’s iPhone

something_or_another
WTF?

Re: FBI needs to stop "the lazy" and do REAL police work

"Or maybe they just need to ASK NICE...."

Yes, I'm sure that will change Timmy's mind. WFT - so they should betray their customers? For that Sir Bombast, Go Fuck Yourself.

0
0

Never explain, never apologize: Microsoft silent on Outlook.com email server grief

something_or_another

Re: SSL authentication

"Like Google and Apple, MS has shown that they are perfectly willing to chop off legacy services no longer considered tactically important."

YES! That's what you do with legacy. You never want to utter the word legacy. Like, "I'm so proud I support legacy systems." Or, "There's nobody left who knows how these legacy systems were built, so we hope they don't go down.

0
0

Microsoft preps defence against the dark arts for enterprise customers

something_or_another

Re: Yay

> A downvote? Seriously?

Wear it as a badge of honor, given by UK's dimmest.

0
0

Swagger staggered as hacker drops dapper code execution cracker

something_or_another
Holmes

Users can do little but "carefully inspect Swagger documents" for ......

language-specific escape sequences....

Users can do little when coupled with little imagination centers. Devs should ALWAYS code for just this sort of thing. Correct me if I'm wrong, but REST should be no different than any other user input mechanism - YOU SCRUTINIZE EVERY PIECE OF THAT USER TRASH. (not treat it as a shitty task - unless you feel you have a shitty job - which is more likely an assessment of yourself rather than your employer).

If the expected user input is [a-zA-Z0-9], how is it that escape sequences even get through. And if your API is that sensitive and/or requires dangerous characters (that for some reason the lazy dev didn't bother to encode), why not use mutual auth?

Whether a component of your web app is written well or shitty (you probably don't know which, it isn't your code), but it is your app in the end, and with it having been built with quality will save your ass. Now, are you the quality design type, or someone that relies on others to keep you getting paid.

0
0

FBI's iPhone paid-for hack should be barred, say ex-govt officials

something_or_another
Mushroom

Good for both, Goose and Gander.....

So, US citizens are authorized to use exploits against other US citizens - Glad to hear it. Time for some fun.

5
1

Sophos U-turns on lack of .bat file blocking after El Reg intervenes

something_or_another
FAIL

WCE anyone?

When will they detect the publicly available WCE? Seriously, how long as that tool been around and it just ignores it.

0
0

Destroying ransomware business models is not your job, so just pay up

something_or_another

Re: Just as well this is only for people...

How about format that child and DON'T start again.

0
0

Google, Honeywell put away Nest patent knives

something_or_another

Re: And it all works until...

Who the hell needs to touch a server to fix it. Step out of yesterday!

0
0

$17 smartwatch sends something to random Chinese IP address

something_or_another
Thumb Down

Have you MITM'd your phone?

All you "I don't worry" losers ... you'd better be PERFECT government, compliant, 'do-as-you're-told' citizens.

I am not, nor do I intend to be. Fuck NSA, FBI, GHCQ, Mossad, खुफिया विभाग, ASIS, and the rest of them! I know I'm on a list; couldn't give a shit less.

0
0

Lenovo: China biz down, PC and mobile down

something_or_another
WTF?

Re: How could Windows 10 help?

Vaio's aren't cool, they never have been. They're bloated trash. And Lenovo? Let's see ... a computer, manufactured in China, who is its biggest customer, that LOVES denying privacy, yeah - I trust that ... let me pay money for something that is already compromised; not that everything isn't already compromised. FUCK YOU NSA!

We actually have an HP contractor with a Huawei phone - SERIOUSLY?!? Fuck China! I told him to get that piece of shit outta the building - Not that I have any authority in that matter.:)

0
0

Cops hate encryption but the NSA loves it when you use PGP

something_or_another
FAIL

Re: " I'm already looking at tunnelling my home connection through a dedi in a DC "

What he means is that he's already busted. He's gonna access it from his home? LOL. FUCKING RETARD.

1st, if you going to use your own proxy, are you paying for it?? PayPal or Bank Account (Busted). You're going to use it from home (Busted). Are you going to use it @ Starbucks (Busted - they're called cameras). Do you have your Smart Tracker (phone) - (Busted). Did you drive their in your car (Busted). Did you order the same Mocha Shit-Latte (Busted). Do you know what a MAC address is, and how to change it? No (Busted). Are you doing anything that you'd do at home? (Busted).

Chances are you're not smart enough. That doesn't mean your dumb ... it just means you're not smart enough. I could have kept going on and on and on. You're going to do something that leads them right back to you. Even Gene HACKman couldn't remain anonymous enough. Sure it's a movie, but you'd better be more paranoid than that....and he was playing paranoid. Chances are, you're not that paranoid. You're going to jail, loser.

0
7
something_or_another
FAIL

Re: " I'm already looking at tunnelling my home connection through a dedi in a DC "

What he means is that he's already busted. He's gonna access it from his home? LOL. FUCKING RETARD.

1st, if you going to use your own proxy, are you paying with it?? PayPal or Bank Account (Busted). You're going to use it from home (Busted). Are you going to use it @ Starbucks (Busted - they're called cameras). Do you have your Smart Tracker (phone) - (Busted). Did you drive their in your car (Busted). Did you order the same Mocha Shit-Latte (Busted). Do you know what a MAC address is, and how to change it? No (Busted). Are you doing anything that you'd do at home? (Busted).

Chances are you're not smart enough. That doesn't mean your dumb ... it just means you're not smart enough. I could have kept going on and on and on. You're going to do something that leads them right back to you. Even Gene HACKman couldn't remain anonymous enough. Sure it's a movie, but you'd better be more paranoid than that....and he was playing paranoid. Chances are, you're not that paranoid. You're going to jail, loser.

0
7
something_or_another
FAIL

RE: Start encrypting every bit of Internet traffic

Not 'El Reg-Tards. TLS to Hard. These fucks' refusal to implement TLS is totally for fellating their PM. TLS is 1st grade skill. Why 'El Fucktards? Why do you FLAT OUT refuse to use TLS? Is it that the Queen will look unkindly you? Not knight you? *** FUCKING TLS!!!! ***

1
6

Ban internet anonymity – says US Homeland Security official

something_or_another

Re: "ignored most of the time"

Cars should? Cars do. Buy a BMW M-whatever, and floor the 'gas' pedal, and KNOW that it phones home to daddy. They know who you are, they know how you drive, and are itching to cancel your warranty. You're already on lockdown dumbass!.

0
0

PGP Zimmermann: 'You want privacy? Well privacy costs MONEY'

something_or_another

Re: 'You want privacy? Well privacy costs MONEY'

Tell Cameron that!

0
0

Bounty hunters won't blink until you dangle US$1500 bug reward

something_or_another
Flame

Re: Broken window fallacy?

Yeah, great .... but does anyone call out the moron that committed the shitty code? NO, THEY DON'T, because Dev manager are too busy protecting their own ass to point it out!!

And that would be in a perfect world. More than likely, Dev Managers are just as dumb as the Devs. They just want their $$$check$$$ - they don't give a shit ... seriously, they don't care at all!! No pride of ownership!!!

Down-vote it if you want, but it doesn't change truth .... it just shows you're one of them.

0
1
something_or_another
Megaphone

WHY NOT?!?!

If they find a shitty little XSS or Session Management issue because the company cheaped-out on over-seas-low-$$$ devs, that are probably being paid by a 3rd party to code in vulns, or have absolutely no idea about input validation/sanitation, then yeah - PAY UP bitches!!!

(Disclaimer: I am not a bounty hunter, I can just spot some shit code when I see it. I see shitty code, it's everywhere)

1
0

Security bod watches heart data flow from her pacemaker to doctor via ... er, SMS? 3G? Email?

something_or_another

Vendors ....

> "As a patient I am expected to trust that my device is working correctly and that every security bug has been corrected by the vendor, but I want to see more testing and research [because] we can't always trust vendors."

You can never trust vendors.

0
0

How long is your password? HTTPS Bicycle attack reveals that and more

something_or_another

Re: Optional

> One simple way to counter this ground-breaking attack is to use clientside scripting to hash the username and password on the browser before transmitting it.

Yes - Let's use clientside security. Nothing has ever gone wrong with that mental-fuckery.

DAMN-IT there are some dumb fucks in this world!!!

2
0
something_or_another

Re: Down with 2FA

Until you loathe having to piece your financial life back together. Let me guess, a millennial?

It's probably been around longer than you have:

http://www.cs.cornell.edu/Courses/cs513/2005fa/NNLauthPeople.html

0
0
something_or_another

Re: Bah!

> Bah!

> Blast!. Now I must protect my blog by adding more headers

OH, it must be terrible - adding a header. Typical L'User web-wannabe.

0
4
something_or_another

Re: El Reg

> El Reg

> What's HTTPS?

LOL ... I always get down-voted for asking the same question.

0
2

Security industry too busy improving security to do security right

something_or_another
Thumb Down

Re: Too Hard?

- Yep, many businesses here give you a better price if you pay cash

Which is complete BULLSHIT! I assume total risk of being mugged (go ahead and walk around Oakland or Baltimore with a wad of cash in your pocket).

These fucking businesses allow themselves to be slaves for outrageously priced machines (vice Square), then mark up product 20% and then discount it 20% if they can force you to give them your Name, Address, Phone# and Email Address for their piece of plastic, then complain about needing to keep up with tech. FUCK THEM! If their shit isn't up to standards, they can keep their card and lose my business.

Lastly: EVERYBODY FRAUDULENTLY FILES PCI RESULTS/FINDINGS!! And the dumb fuck auditors don't know the difference.

0
2
something_or_another
FAIL

Re: Too Hard?

Apparently it is too hard for El Reg to implement @ all!!

0
0

Canadian live route map highlights vulnerabilities to NSA spying efforts

something_or_another
Thumb Down

And this anonymous app......

Maybe we're helping the NSA find any 'missed' routes.

1
1

Free HTTPS certs for all – Let's Encrypt opens doors to world+dog

This post has been deleted by a moderator

something_or_another
FAIL

Re: So...

Lazy FUCKS!!! Fuck your "ad" networks. We're talking about credential exposure. Cameron holding your balls?? I block your ad network(s) - Next objection?

0
3
something_or_another

Re: So...

I get down-voted for the question. LOL

0
0

Putin's Russia outlaws ECHR judgments after mass surveillance case

something_or_another
Megaphone

See, Russia is a Democracy.......

They're just quicker to the anti-law law than UK, AU, FR, DE and the US.

0
0

Obama calls out encryption in terror strategy speech

something_or_another
FAIL

RE: Obama calls out encryption in terror strategy speech

> [Not that Tramadol even works.]

It does in fact work, just not on everything. My girl stockpiles it for when she needs it. That said, since moving to Cali, she swears by Skywalker OG as the [temp] cure for her crushing, way-beyond migraine headaches (since the Johns Hopkins provided 2 brain surgeries did nothing but make it worse).

Back to encryption: Did I read someone state Key Escrow - Not with something like GPG. They might be able to twist the arms of Symantec, GoDaddy, etc .... but not everything comes from them. Some are generated from hosts like my never connected to the Internet crypto systems. I'll generate 10,000 Lorem Ipsum messages that are randomized 100,000 times to 1 valid message. Split them all up into smaller chunks, spray them in various directions and the recipient reassembles them based on a One-Time out-of-band key sequence.

Now multiply that by a several million people doing the same. Does it sound taxing, sure. But my part is shell scripted over what, a couple of hours, maybe. Let them chase the ghosts. The only people caught are the lazy. You can't backdoor a piece of seemingly random data surrounded by pieces of junk random data.

This will be the next drug war - an epic failure, except for maybe SSL from the "Trusted" chain providers, where they've escrowed all the keys for the G-Peeps.

1
0

New edition of Windows 10 turns security nightmares into reality

something_or_another

RE: New edition of Windows 10 turns security nightmares into reality

The only place to test is in prod. Devs do it all the time.

1
0

Final countdown – NSA says it really will end blanket phone spying on US citizens this Sunday

something_or_another
FAIL

TAKE A STAND PUSSIES!!!

Yer all whining like little bitches, ya bitches!!!!! Take a stand! Fuck off until you DO something. And FUCK OFF UK. You think you're this grandiose voice .... grow a set and do something, unless Cameron has got ya worried. Down thumb me all ya want, you're still PUSSIES!!!!

0
2

Want to defend your network? Profile the person attacking it

something_or_another
Stop

Enumeration - not sexy, but.....

.....it is so much fun. "How far can I get without a single malicious packet.

"However, try to pull 2TB worth of data off of that network and alarms will go off everywhere" - probably not. Maybe 10 years ago, yeah I can see that. If you do it over SSL, it will probably never be noticed. A little rate limiting + companies being too scared of their own employees to dare MITM, bye bye data.

Case in point:

- Company I work for now - "Yeah, we're gonna MITM @ the Palos", but it never gets gone.

- Previous company: "Well, we must socialize it", and it never got done (AND NO DON'T SOCIALIZE IT, JUST DO IT!!!! It's not up for a vote).

- Company before that - We don't give a shit.

- Company before that - Though the Chinese have PWNd us, we're not going to do that (and their tech is in every piece of military communication gear).

2
1

Facebook! You've got 48 hours to stop tracking people

something_or_another
Mushroom

Re: You do not need to click "Like" to be FB tracked

I also recommend Self Destructing Cookies plugin.

1
0
something_or_another
Stop

You do not need to click "Like" to be FB tracked

I personally use Ghostery browser on Android, and add the Ghostery plugin + Disconnect and associated plugins for it on my desktop browsers. As an example, www.cnn.com has anywhere from 16 to 18 trackers on every page - FUCK THAT!!!!

From "Facebook Disconnect" plugin for Mozilla:

Facebook is notified whenever you visit one of the more than one million sites on the web that use Facebook Connect and has a history of leaking personally-identifiable info to third parties.

Turn off the flow of your data to them!

Facebook Disconnect blocks all traffic from third-party sites to Facebook servers but still lets you access Facebook itself.

2
0

Page:

Forums

Biting the hand that feeds IT © 1998–2018