* Posts by FlamingDeath

331 posts • joined 30 Oct 2015

Page:

I found a security hole in Steam that gave me every game's license keys and all I got was this... oh nice: $20,000

FlamingDeath
Bronze badge

30 spies dead after Iran cracked CIA comms network with, er, Google search – new claim

FlamingDeath
Bronze badge
Holmes

'intelligence services'

Oxymoranic

1
0

Belgium: Oi, Brits, explain why Belgacom hack IPs pointed at you and your GCHQ

FlamingDeath
Bronze badge

Oxymoron

“Intelligence services”

There is nothing intelligent about deceit!

There is nothing intelligent about false flag terrorism

There is nothing intelligent about GCHQ

Oxymoron is accurate

0
0

Apple boss demands Bloomberg Super Micro U-turn, Russian troll charged, NSA hands out cash, and more

FlamingDeath
Bronze badge
Big Brother

You would not believe some of the absurd shit people will do to not get caught.

"All the world's a stage"

0
0
FlamingDeath
Bronze badge
Stop

Back to reality...

Tim Crook cares more about the stock value of CrApple than the security of its customers, and that is a 100% bankable factually correct and provable piece of information, you can even quote me on it. You can also apply this sound reasoning to every single publically listed company on the planet

So, with that bit of reality taken care of, PR guff IS expected of CrApple and every other shareholder infested organisation out there.

Hopefully I have given some insight into this money-centric-world

2
0
FlamingDeath
Bronze badge
Meh

One things for certain...

Madame Tussauds will have no issue with recreating Tim Cook in wax form

0
0

Now, watch this... Network time protocol bugs sting Juniper operating system

FlamingDeath
Bronze badge
Mushroom

"22 fixes announced today, two of which carry a “critical” rating"

Well they cant be that critical, if they were then they wouldnt have allowed it to happen in the first place

Is bug free code asking too much?

Take CrApple for example, a company "valued" at $1,000,000,000,000

Do they find the money to employ people to test their shitty code? do they fuck

They're all cunts the lot of em, and cant code, that much is fucking clear

Driverless cars in the future? errr, thanks but no thanks, maybe get the fucking basics right first

Am I the only one who feels this way?

Had a shitty day today and can squarely lay the blame on MicroTurd and CrApple

Just the attempt to enable 2FA on a O365 admin account was painful, their fucking shitty MicroTurd authenticator app, which only fucking works with Microturd

Great, so now I have to have 2 fucking 2FA apps now

The cloud is a terrible idea, and fucking slow

AAAAAAAAAAAAAAAAARRRRRRRRRRRRRRRRRRRGHHHHHHH

3
0
FlamingDeath
Bronze badge

Where are all of the quality devs?

They dont exist, because if they did, we wouldnt keep seeing this BS every fucking hour of every fucking day

3
0

Day two – and Windows 10 October 2018 Update trips over Intel audio

FlamingDeath
Bronze badge

Re: rushed

"Funny, they do the same thing (capitalization and punctuation for emphasis) over at El Reg. I've seen it on occasion."

So does the Daily Express, and I only know this because it keeps rearing its ugly head in my Google News aggregate feed, strangely their Planet Nibiru articles keep appearing in the science section. Apparently science means something different now...

Obligatory Bill Hicks Quote:

Marketing and Advertising types, KYS

1
0

Sendgrid blurts out OWN customers' email addresses with no help from hackers

FlamingDeath
Bronze badge

I think we can rest assured that in 50 years time, people will still be making these same mistakes

Remember, stupid is the default setting

1
0
FlamingDeath
Bronze badge
Facepalm

To err is to be human, but to really foul things up...

Will this muppetry ever come to an end?

1
0

The weekend starts here... right after you've installed these critical Cisco bug patches

FlamingDeath
Bronze badge

nailed it attitude

Constantly posting patches to plug software bugs created by its developers highlights a severe lack of attention to detail and lacking of a quality in-house testing regime. There are a lot of really awful devs out there and its only going to get worse with this drive to get more people into coding software.

Here's an idea, how about testing your code thoroughly before subjugating your end users into complete and utter despair. FFS sort your (software) houses out. They're all as bad as eachother, Microshit, CrApple, Cystco, the list is endless.

When software developers dont even know what their code is actually doing because the complexity is beyond their comprehension, then you know we're all in for a world of hell.

Obligatory Idiocracy quote:

Your floor is now clean!

0
0

Facebook: Up to 90 million addicts' accounts slurped by hackers, no thanks to crappy code

FlamingDeath
Bronze badge

People love money, Facebook is no different, in fact they love it even more

Money is such a wonderful incentive, it incentives greedy little shitbags, to which there are many, to do all sorts of immoral shenanigans with little regard for consequences

Whoever invented money literally consigned humans to extinction, and that is no hyperbole

3
4

Couldn't give a fsck about patching? Well, that's your WordPress website pwned, then

FlamingDeath
Bronze badge
Facepalm

Re: No excuse really

CMS systems are attractive to businesses because it allows some PR bot and other departments to post/edit content without having to know how to use HTML/CSS and or object oriented programming.

The amount of lines of code to allow for this functionality far outstrips the amount of code needed to produce the same content if it was done by someone who knows how to code it. Straight away I can see that's a problem. It becomes even more of a problem when you factor in pluggins and the fact the popularity of them means they're going to be targeted by automated tools like wpscan and joomscan

5
0

What's that smell? Oh, it's Newegg cracked open by card slurpers

FlamingDeath
Bronze badge
Pint

Re: Content Security Policy

securityheaders.com

Thanks for the shout, I was a C, I am now A

Beers all round

2
0
FlamingDeath
Bronze badge
Thumb Up

Whats that smell?

This article definietly needs this scene from Fight Club as it appears to be lacking a picture

1
0
FlamingDeath
Bronze badge

This is clientside

With the way the world is going with CDN's serving god knows what, can you imagine end-users running outbound default DROP policies in their firewalls?

I tried that once a long time ago, and it was annoying then, this was before CDN's started becoming the norm

1
0
FlamingDeath
Bronze badge

Re: How did they get the code on the page?

I'll be honest, XSS is a little confusing for me, there are non-persistent and persistent XSS

This was a persistent XSS attack, so they would have had to store their code somewhere, DB?

To get their code on there, they are probably exploiting either some unpatched or 0day vuln or SQL injection, but I am just guessing here

2
0
FlamingDeath
Bronze badge

Re: Certificate does not equal legimitate - never has

That's not really relavant in this case, because the domain (new egg stats.com) was pointed to from within an embedded javascript and would not have been shown in the address bar, it might not have shown up in the Noscript blocked list either as a 3rd party script, showing the dodgy domain name, because the script is being served by the 1st party company website database, not a 3rd party, Noscript would very much likely have flagged it as a "Cross-site suspicious requests", whether or not an end-user would know its legitamacy or not is another question, it sounds like a domain owned by newegg, as opposed to some autogenerated domain name with random gibberish, but with hindsight we know it isn't.

I'm purely going by the information in this screenshot

2
0
FlamingDeath
Bronze badge

Re: 2FA

This was a persistent XSS attack AFAIK, some banks do carry out ad-hoc security checks for unusual transactions, for example phoning the customer. There is no ability as of yet to enter a 2FA OTP into a POS terminal

I fail to see how a bank can mitigate the failing of a separate business in securing their website, especially one which allows for financial data to be inputted. A better solution would have been for the compromised business to have at least some inkling what is going on in their infrastructure, but that costs money for staff to implement and carry out such a task. Unfortunately these business love money too much and dont want to properly invest in security

I have my own website, and while its not the most complicated by any means, I know evey single bit of code thats on there, can these businesses say the same about their websites?

One possible solution would be to cronjob a script which searches their DB's and code for :// and report back what it finds, but for that to work, they have to at the very least know what their estate looks like

I've seen this kind of clusterfuck before at a company I worked for briefly, they had no 2FA on their registra account but had a DNS record pointing vpn.TLD.com to a IP address which was a GoDaddy shared hosting webserver in the USA which had someting like 2,000 websites when checking reverse IP, they didnt have any offices in that region. Think about it, no 2FA on registra account, VPN pointing to shared hosting websites, in a country where they didnt have any presence. When I asked about it, nobody knew what it was. This company was a joke and was run by jokers

5
0
FlamingDeath
Bronze badge

Re: Barbarians!

Video

2
0
FlamingDeath
Bronze badge

Re: Optional

Looking at the whois data for that domain (new egg stats.com) it was created 13/08/2018, I suspect its not owned by NewEgg, and was registered by the crims, via a company in Panama no less, that place where all the criminals stash their ill-gotten gains

1
0
FlamingDeath
Bronze badge

That bastion of criminality

I did a whois on (new egg stats.com) out of curiosity, its been registered through a 3rd party, "WhoisGuard Protected" based in that bastion of criminals, Panama

Is this a national service that Panama offers, protecting criminals?

I wonder what the words are to their national anthem

It seems part of the chorus goes like this:

"It is necessary to cover with a veil from the past"

2
0

Now here's an idea: Break up Amazon to get more shareholder cash

FlamingDeath
Bronze badge

Another sociopath

Another money-hoarding sociopath opens their mouth

“I want more money, whaaaaa”

These people literally feel no shame about their greed

4
0

Amazon probes alleged bribery of staffers for data on e-tail platform

FlamingDeath
Bronze badge

Sociopaths

There are more around than you think there are, and they’re usually more successful in life than none sociopaths, and they breed

Evolution 101

5
0

Card-stealing code that pwned British Airways, Ticketmaster pops up on more sites via hacked JS

FlamingDeath
Bronze badge

pi-hole

I ran pi-hole for a while, I found it to be really buggy and was a little concerned it was running as root, considering the amount of buggyness I experienced

0
0
FlamingDeath
Bronze badge

Some call it lazy

I call it muppetry

“After several hours, Joe finally gave up on logic and reason, and simply told the cabinet that he could talk to plants and that they wanted water.”

0
0

Solid password practice on Capital One's site? Don't bank on it

FlamingDeath
Bronze badge
Pirate

Re: There's an addon for that

Interesting, and what is the privacy policy for said "addon"?

https://addons.mozilla.org/en-GB/firefox/addon/don-t-fuck-with-paste/

Permissions

This add-on can:

Access your data for all websites

Access browser tabs

https://blog.mozilla.org/addons/2018/02/01/understanding-extension-permission-requests/

"There is one permission in particular, “Access your data for all websites”, that we’ve gotten many questions about since the feature launched. The reason why it’s worded this way is because a web page can contain virtually anything, and some extensions need to read everything on it in order to perform an action based on what the page contains.

For example, an ad blocker needs to read all web page content to identify and remove ad code. A password manager needs to detect and write to username and password fields. A shopping extension might need to read details of the products you’re searching for.

Since these types of extensions wouldn’t know whether any particular web page contains the bit it needs to modify until it’s loaded, and neither does Firefox, it needs access to everything on a page so it can look for and modify the appropriate parts. This means that in theory, while rare, a malicious developer could tell you their extension does one thing while it actually does something else."

Thankfully, most people in this world are honest and upright. Unfortunately, a disingenuous monetary system means sometimes people will be tempted to defraud others.

1
0

Security procedures are good – follow them and you get to keep your job

FlamingDeath
Bronze badge
IT Angle

Too much HUBRIS in IT by people who think they know everything

Too many companies rely on their single antivirus offering heavily and they think just because its reported a binary as clean, that it is actually clean of malicious code. The amount of times I have uploaded binaries that have been downloaded from official website to VirusTotal and found them to be compromised is happening more often.

I only have to give the example of Shellter to prove my point, I've used this and tested it against Security Essentials and others, they do not fare well in detections

When you think you know everything, you're never going to improve your learning

I know I am smart, because I know I know nothing

1
0

Don't put the 'd' and second 'i' in IoT: How to secure devices in your biz – belt and braces

FlamingDeath
Bronze badge

NIST

“Use it to enforce the basics such as mandating a six-digit unlock code that has to be changed regularly”

I thougt we’d move on since that out-dated advice of making end-users change credentials often?

9
0

Activists rattle tin to take UK's pr0n block to court

FlamingDeath
Bronze badge

age checks

Well the likes of Pornhub dont seem to do age checks on user-submitted content

Not sure what is worse, children watching porn or children getting paid to do porn

1
0

Wannabe Supreme Brett Kavanaugh red-faced after leaked emails contradict spy testimony

FlamingDeath
Bronze badge

It was a September morning when America was tricked by sick men...

"Further, the process of transformation, even if it brings revolutionary change, is likely to be a long one, absent some catastrophic and catalyzing event – like a new Pearl Harbor." - PNAC

Remo Conscious - We Know

0
0

M-M-M-MONSTER KILL: Cisco's bug-wranglers swat 29 in single week

FlamingDeath
Bronze badge

Re: props for the Unreal Tournament reference

Well Cisco certainly is on a Killing Spree™

Killing security that is...

0
0
FlamingDeath
Bronze badge
Flame

Re: Cisco roaming privilege escalation vulnerability

"Why didn't Cisco pick up these vulnerabilities in the testing and debugging stage of these security devices"

Because doing the right thing, is inherently opposed to in the capitalist model, doing what profits is the only way in this economic model.

I'm giving humanity a confident and generous 10 years left on this rock before it burns

0
0

Official: Google Chrome 69 kills off the World Wide Web (in URLs)

FlamingDeath
Bronze badge

Re: Full URL

This is no different than those dickheads at M$ deciding their users dont need to see the file extensions, spawning all kinds of trickery, for example providing a file called evil.txt.exe and including a text file icon into the exe to convince users further that it is a text file

There is a unspecified prize for anyone who can figure out the thinking behind this.

Anybody?

6
0

FBI fingers the Norks it wants to pinch for Sony hack, WannaCry attacks

FlamingDeath
Bronze badge
Facepalm

Re: How long until a US Government hacker gets the same treatment?

Did you really just use the words intelligence and military in the same sentence?

1
0
FlamingDeath
Bronze badge
Big Brother

UMBRAGE

"a section titled “Umbrage” that details the CIA’s ability to impersonate cyber-attack techniques used by Russia and other nation states."

https://www.wired.com/2017/03/wikileaks-cia-dump-gives-russian-hacking-deniers-perfect-ammo/

Nuff said...

Apparently, Eternal Blue was "stolen"

That's the best alibi ever, my dog ate my hacking tool and shat it out in NK

0
0

Tesla's chief accounting officer drives off after just a month on the job

FlamingDeath
Bronze badge

I found the 2hr+ podcast far more interesting than the brief toke on the spliff

3
2
FlamingDeath
Bronze badge

Re: Tough times

To be fair, Thailand is a magnet for paedos, and just because he has a wife, it doesn't mean he isn't a paedo

Hopefully a PI is looking into this

Sometimes people just give you the creeps, and I suspect this guy gave Elon the creeps.

0
7

HTTPS crypto-shame: TV Licensing website pulled offline

FlamingDeath
Bronze badge

Re: TV licensing agency

Do you mind telling the TV licensing gang of that little detail?

They seem to equate "no tv license" with "they need a tv license" irrespective of how someone uses their TV

Anybody who disbelieves this, I highly recommend you to cancel your TV license, remove all BBC channels from your tuned TV, and then watch the highly threatening letters roll in from the BBC tv licensing gang.

By all means vote down, it wont change this little fact

4
1
FlamingDeath
Bronze badge

Re: scrap tv licence

No idea why you have so many downvotes.

The BBC are happy enough to pay Gary Lineker, Chris Evans and Graham Norton, a ridiculous sum of cash for what is questionable talent.

If anybody has seen Idiocracy, it should be fairly obvious why TV is the way it is

Love Island?

Big Brother?

Celebrity get me out of here?

If these programs are not the result of an ever increasingly stupid population, I dont know what it

9
0
FlamingDeath
Bronze badge
Facepalm

Fucking Crapita

Who knew

2
0
FlamingDeath
Bronze badge

Re: redirecting HTTP to HTTPS

Well, from my observation many of the university types do certainly think that once they completed their degree, that the learning is done and finished, and they can then start looking down their noses at us other self-educated types who didn't pay £9k PA for a "rarely present tutor" and are interested enough in the subject to be motivated to self-learn

I guess the overpriced degrees in university, breeds a kind of hubristic elitism

A bit like when people buy an overpriced product, and they wrongly equate high price with high quality

“The good work for all education is interest. Until there is interest there is no response"

3
0

Ever wanted to strangle Microsoft? Now Outlook, Skype 'throttle' users amid storm cloud drama

FlamingDeath
Bronze badge

Re: Ever wanted to strangle Microsoft?

Do you get paid enough though, for said misery?

9
0
FlamingDeath
Bronze badge

Probably already been said before

Office360?

7
0

Brit teen pleads guilty to Minecraft-linked bomb and airline hoaxes

FlamingDeath
Bronze badge

Muppetry

By hacking crew, you surely mean scriptkiddy crew

Not sure why Minecraft is even mentioned, except to give it a bad name by associating it with this morons antics. Feuds happen in lots of different games, sometimes resulting in Swatting. The games are not at fault, its the low IQ idiots playing it with no idea how to behave in a society, that's the problem!

Are you sure that photo was taken when he was an adult?

He looks about 12

6
1

Cybercrooks home in on infosec's weakest link – you poor gullible people

FlamingDeath
Bronze badge

But I.T is a utility, like a toilet

When companies employ IT staff, in their minds, they're employing janitors

11
0

5G can help us spy on West Midlands with AI CCTV, giggles UK.gov

FlamingDeath
Bronze badge

“is it really worth spending that many millions of pounds on 5G?”

But, but... SHINEY!!’

8
0

Fourth 'Fappening' celeb nude snap thief treated to 8 months in the clink

FlamingDeath
Bronze badge
Thumb Up

Re: Gymnophobia:

The Greek "gymnasein" (to train naked)

This is interesting, and my next visit to the gym will be too

1
0

Uni credential-swiping hack campaign linked to Iranian government

FlamingDeath
Bronze badge

Good luck trying to convince people to use 2FA, most people dont like to be inconvenienced and they get quite angry if something doesnt work in the way they demand

You only have to look at how many people pick bad passwords and recycle them across multiple websites, or increment them with number suffixes

Surey this is just technological natural selection and we should just let it run its course.

The result is, we will be left with less muppets and then it wont be such an uphill struggle and less time IT admins have to piss into the wind

Win win

1
1

Page:

Forums

Biting the hand that feeds IT © 1998–2018