They would say that, wouldn't they
331 posts • joined 30 Oct 2015
I found a security hole in Steam that gave me every game's license keys and all I got was this... oh nice: $20,000
There is nothing intelligent about deceit!
There is nothing intelligent about false flag terrorism
There is nothing intelligent about GCHQ
Oxymoron is accurate
Apple boss demands Bloomberg Super Micro U-turn, Russian troll charged, NSA hands out cash, and more
You would not believe some of the absurd shit people will do to not get caught.
"All the world's a stage"
Back to reality...
Tim Crook cares more about the stock value of CrApple than the security of its customers, and that is a 100% bankable factually correct and provable piece of information, you can even quote me on it. You can also apply this sound reasoning to every single publically listed company on the planet
So, with that bit of reality taken care of, PR guff IS expected of CrApple and every other shareholder infested organisation out there.
Hopefully I have given some insight into this money-centric-world
One things for certain...
Madame Tussauds will have no issue with recreating Tim Cook in wax form
"22 fixes announced today, two of which carry a “critical” rating"
Well they cant be that critical, if they were then they wouldnt have allowed it to happen in the first place
Is bug free code asking too much?
Take CrApple for example, a company "valued" at $1,000,000,000,000
Do they find the money to employ people to test their shitty code? do they fuck
They're all cunts the lot of em, and cant code, that much is fucking clear
Driverless cars in the future? errr, thanks but no thanks, maybe get the fucking basics right first
Am I the only one who feels this way?
Had a shitty day today and can squarely lay the blame on MicroTurd and CrApple
Just the attempt to enable 2FA on a O365 admin account was painful, their fucking shitty MicroTurd authenticator app, which only fucking works with Microturd
Great, so now I have to have 2 fucking 2FA apps now
The cloud is a terrible idea, and fucking slow
Where are all of the quality devs?
They dont exist, because if they did, we wouldnt keep seeing this BS every fucking hour of every fucking day
"Funny, they do the same thing (capitalization and punctuation for emphasis) over at El Reg. I've seen it on occasion."
So does the Daily Express, and I only know this because it keeps rearing its ugly head in my Google News aggregate feed, strangely their Planet Nibiru articles keep appearing in the science section. Apparently science means something different now...
Obligatory Bill Hicks Quote:
I think we can rest assured that in 50 years time, people will still be making these same mistakes
Remember, stupid is the default setting
To err is to be human, but to really foul things up...
Will this muppetry ever come to an end?
nailed it attitude
Constantly posting patches to plug software bugs created by its developers highlights a severe lack of attention to detail and lacking of a quality in-house testing regime. There are a lot of really awful devs out there and its only going to get worse with this drive to get more people into coding software.
Here's an idea, how about testing your code thoroughly before subjugating your end users into complete and utter despair. FFS sort your (software) houses out. They're all as bad as eachother, Microshit, CrApple, Cystco, the list is endless.
When software developers dont even know what their code is actually doing because the complexity is beyond their comprehension, then you know we're all in for a world of hell.
Obligatory Idiocracy quote:
People love money, Facebook is no different, in fact they love it even more
Money is such a wonderful incentive, it incentives greedy little shitbags, to which there are many, to do all sorts of immoral shenanigans with little regard for consequences
Whoever invented money literally consigned humans to extinction, and that is no hyperbole
Re: No excuse really
CMS systems are attractive to businesses because it allows some PR bot and other departments to post/edit content without having to know how to use HTML/CSS and or object oriented programming.
The amount of lines of code to allow for this functionality far outstrips the amount of code needed to produce the same content if it was done by someone who knows how to code it. Straight away I can see that's a problem. It becomes even more of a problem when you factor in pluggins and the fact the popularity of them means they're going to be targeted by automated tools like wpscan and joomscan
Re: Content Security Policy
Thanks for the shout, I was a C, I am now A
Beers all round
This is clientside
With the way the world is going with CDN's serving god knows what, can you imagine end-users running outbound default DROP policies in their firewalls?
I tried that once a long time ago, and it was annoying then, this was before CDN's started becoming the norm
Re: How did they get the code on the page?
I'll be honest, XSS is a little confusing for me, there are non-persistent and persistent XSS
This was a persistent XSS attack, so they would have had to store their code somewhere, DB?
To get their code on there, they are probably exploiting either some unpatched or 0day vuln or SQL injection, but I am just guessing here
Re: Certificate does not equal legimitate - never has
I'm purely going by the information in this screenshot
This was a persistent XSS attack AFAIK, some banks do carry out ad-hoc security checks for unusual transactions, for example phoning the customer. There is no ability as of yet to enter a 2FA OTP into a POS terminal
I fail to see how a bank can mitigate the failing of a separate business in securing their website, especially one which allows for financial data to be inputted. A better solution would have been for the compromised business to have at least some inkling what is going on in their infrastructure, but that costs money for staff to implement and carry out such a task. Unfortunately these business love money too much and dont want to properly invest in security
I have my own website, and while its not the most complicated by any means, I know evey single bit of code thats on there, can these businesses say the same about their websites?
One possible solution would be to cronjob a script which searches their DB's and code for :// and report back what it finds, but for that to work, they have to at the very least know what their estate looks like
I've seen this kind of clusterfuck before at a company I worked for briefly, they had no 2FA on their registra account but had a DNS record pointing vpn.TLD.com to a IP address which was a GoDaddy shared hosting webserver in the USA which had someting like 2,000 websites when checking reverse IP, they didnt have any offices in that region. Think about it, no 2FA on registra account, VPN pointing to shared hosting websites, in a country where they didnt have any presence. When I asked about it, nobody knew what it was. This company was a joke and was run by jokers
Looking at the whois data for that domain (new egg stats.com) it was created 13/08/2018, I suspect its not owned by NewEgg, and was registered by the crims, via a company in Panama no less, that place where all the criminals stash their ill-gotten gains
That bastion of criminality
I did a whois on (new egg stats.com) out of curiosity, its been registered through a 3rd party, "WhoisGuard Protected" based in that bastion of criminals, Panama
Is this a national service that Panama offers, protecting criminals?
I wonder what the words are to their national anthem
It seems part of the chorus goes like this:
"It is necessary to cover with a veil from the past"
Another money-hoarding sociopath opens their mouth
“I want more money, whaaaaa”
These people literally feel no shame about their greed
There are more around than you think there are, and they’re usually more successful in life than none sociopaths, and they breed
I ran pi-hole for a while, I found it to be really buggy and was a little concerned it was running as root, considering the amount of buggyness I experienced
Some call it lazy
I call it muppetry
“After several hours, Joe finally gave up on logic and reason, and simply told the cabinet that he could talk to plants and that they wanted water.”
Re: There's an addon for that
This add-on can:
Access your data for all websites
Access browser tabs
"There is one permission in particular, “Access your data for all websites”, that we’ve gotten many questions about since the feature launched. The reason why it’s worded this way is because a web page can contain virtually anything, and some extensions need to read everything on it in order to perform an action based on what the page contains.
For example, an ad blocker needs to read all web page content to identify and remove ad code. A password manager needs to detect and write to username and password fields. A shopping extension might need to read details of the products you’re searching for.
Since these types of extensions wouldn’t know whether any particular web page contains the bit it needs to modify until it’s loaded, and neither does Firefox, it needs access to everything on a page so it can look for and modify the appropriate parts. This means that in theory, while rare, a malicious developer could tell you their extension does one thing while it actually does something else."
Thankfully, most people in this world are honest and upright. Unfortunately, a disingenuous monetary system means sometimes people will be tempted to defraud others.
Too much HUBRIS in IT by people who think they know everything
Too many companies rely on their single antivirus offering heavily and they think just because its reported a binary as clean, that it is actually clean of malicious code. The amount of times I have uploaded binaries that have been downloaded from official website to VirusTotal and found them to be compromised is happening more often.
I only have to give the example of Shellter to prove my point, I've used this and tested it against Security Essentials and others, they do not fare well in detections
When you think you know everything, you're never going to improve your learning
I know I am smart, because I know I know nothing
“Use it to enforce the basics such as mandating a six-digit unlock code that has to be changed regularly”
I thougt we’d move on since that out-dated advice of making end-users change credentials often?
Well the likes of Pornhub dont seem to do age checks on user-submitted content
Not sure what is worse, children watching porn or children getting paid to do porn
It was a September morning when America was tricked by sick men...
"Further, the process of transformation, even if it brings revolutionary change, is likely to be a long one, absent some catastrophic and catalyzing event – like a new Pearl Harbor." - PNAC
Re: props for the Unreal Tournament reference
Well Cisco certainly is on a Killing Spree™
Killing security that is...
Re: Cisco roaming privilege escalation vulnerability
"Why didn't Cisco pick up these vulnerabilities in the testing and debugging stage of these security devices"
Because doing the right thing, is inherently opposed to in the capitalist model, doing what profits is the only way in this economic model.
I'm giving humanity a confident and generous 10 years left on this rock before it burns
Re: Full URL
This is no different than those dickheads at M$ deciding their users dont need to see the file extensions, spawning all kinds of trickery, for example providing a file called evil.txt.exe and including a text file icon into the exe to convince users further that it is a text file
There is a unspecified prize for anyone who can figure out the thinking behind this.
Re: How long until a US Government hacker gets the same treatment?
Did you really just use the words intelligence and military in the same sentence?
"a section titled “Umbrage” that details the CIA’s ability to impersonate cyber-attack techniques used by Russia and other nation states."
Apparently, Eternal Blue was "stolen"
That's the best alibi ever, my dog ate my hacking tool and shat it out in NK
I found the 2hr+ podcast far more interesting than the brief toke on the spliff
Re: Tough times
To be fair, Thailand is a magnet for paedos, and just because he has a wife, it doesn't mean he isn't a paedo
Hopefully a PI is looking into this
Sometimes people just give you the creeps, and I suspect this guy gave Elon the creeps.
Re: TV licensing agency
Do you mind telling the TV licensing gang of that little detail?
They seem to equate "no tv license" with "they need a tv license" irrespective of how someone uses their TV
Anybody who disbelieves this, I highly recommend you to cancel your TV license, remove all BBC channels from your tuned TV, and then watch the highly threatening letters roll in from the BBC tv licensing gang.
By all means vote down, it wont change this little fact
Re: scrap tv licence
No idea why you have so many downvotes.
The BBC are happy enough to pay Gary Lineker, Chris Evans and Graham Norton, a ridiculous sum of cash for what is questionable talent.
If anybody has seen Idiocracy, it should be fairly obvious why TV is the way it is
Celebrity get me out of here?
If these programs are not the result of an ever increasingly stupid population, I dont know what it
Re: redirecting HTTP to HTTPS
Well, from my observation many of the university types do certainly think that once they completed their degree, that the learning is done and finished, and they can then start looking down their noses at us other self-educated types who didn't pay £9k PA for a "rarely present tutor" and are interested enough in the subject to be motivated to self-learn
I guess the overpriced degrees in university, breeds a kind of hubristic elitism
A bit like when people buy an overpriced product, and they wrongly equate high price with high quality
“The good work for all education is interest. Until there is interest there is no response"
Re: Ever wanted to strangle Microsoft?
Do you get paid enough though, for said misery?
Probably already been said before
By hacking crew, you surely mean scriptkiddy crew
Not sure why Minecraft is even mentioned, except to give it a bad name by associating it with this morons antics. Feuds happen in lots of different games, sometimes resulting in Swatting. The games are not at fault, its the low IQ idiots playing it with no idea how to behave in a society, that's the problem!
Are you sure that photo was taken when he was an adult?
He looks about 12
But I.T is a utility, like a toilet
When companies employ IT staff, in their minds, they're employing janitors
“is it really worth spending that many millions of pounds on 5G?”
But, but... SHINEY!!’
The Greek "gymnasein" (to train naked)
This is interesting, and my next visit to the gym will be too
Good luck trying to convince people to use 2FA, most people dont like to be inconvenienced and they get quite angry if something doesnt work in the way they demand
You only have to look at how many people pick bad passwords and recycle them across multiple websites, or increment them with number suffixes
Surey this is just technological natural selection and we should just let it run its course.
The result is, we will be left with less muppets and then it wont be such an uphill struggle and less time IT admins have to piss into the wind