* Posts by Mainway

8 posts • joined 13 Aug 2016

White hat hacker AI bots prepare for DARPA's DEF CON cyber brawl

Mainway
Devil

A case of when

If you have Windows 10 or OS 10 or even Android across any part of your enterprise, then your already fucked! If you have Linux or BSD on INTEL or AMD CPU's then once again your already fucked, its not a matter of if - only and matter of when!

Mainway
Devil

Re: Makes no real difference to the machine

Makes no real difference to the human element either, thanks largely to the security apparatus wanting to hack your PC there efforts have weakened security across the board, I dont need Heart-bleed, Drown, Beast or Freak, I just need a copy of CA's from Firefox and to be piggy backing on your connection when you login to the local online bank and the password - regardless of encryption along with most of the online session can be hijacked very simply. Golden master-keys they can keep em, a small cluster of 50.100 Ghz aught to be more than enough to break most types of encryption relatively easily, more so with de-random and de-crypt and a word-list filled with rainbow tables!

Mainway

Re: Entertained...

Yes incredibly!

To quote other more experienced developers:

"GNU is, and always has been, a political movement that writes software as a means to an end!"

Dynamic Linking is an infinite source of complexity, security leaks, incompatibility, unreliability etc. and yet many perceive it as "good" or even "necessary".

Dynamic linking allows fixing bugs in libraries / updating libraries in one place.

It also allows introducing new bugs whose cause might be hard to find.

Programs are not self-contained, complicating debugging and deploying.

Versioned symbols don't allow fixing bugs in one place.

Most programs don't benefit from library updates.

Dynamic linking is secure.

Few have provided a viable model how dynamic linking is supposed to be secure. But many exploits are actually possible just because of dynamic linking, just look at your favourite exploit site.

"Open Source doesn't magically make anything good. Many open source people are idiots!"

Gnu/Linux:

Linux for the most part tries to adhere to Unix principles, this is good. But it also keeps stuff from Unix which should have long been replaced. (terminal madness, anyone?)

And it follows POSIX and all open source best practices.

Clipboard handling totally sucks so incredibly much. Not even lobotomized monkeys on crack could fuck up this badly.

Distributions are incompatible. Most Software has a Windows binary, an OS X binary and a Debian binary, a Ubuntu binary, a Fedora binary, ...

Countless duplicated folders, binaries in /bin, /sbin, /usr/bin, /usr/sbin, /usr/local/bin, /opt/bin, ....

There is no canonical way, ever.

Backwards Compatibility, what's that? Compare running twelve year old Windows 98 software on today's Windows to running two year old software on today's Linux.

Linux people love to replace working solutions with giant broken cluster-fuck solutions (see also: Network Manager).

Dynamic linking, even worse than usual.

Linux Desktop Environments usually try to emulate Windows which sucks. Compare that GNOME's thing to the Windows registry.

GNU shit like Auto-tools all over the place.

Cross compilers, what's that.

How does /dev work today?

OSX:

So far I wasn't able to stand this long enough to seriously comment on it.

/Library/Framework/OpenGL/2.0/Framework/lib/OpenGL/2.0/lib/Framework/lib/GL/libGL.so

hostname is stored in xml in /System/Libraries/Something/Computer/Buttfucking/Documents/Properties.plist

[obj-c sucks]

That GUI. What the fuck. You can't maximize windows reliably? No task bar or anything (lolexpose)?

Fucking menubar at the top. Trying to avoid locality as much as possible.

I have to start the file manager to start programs? What the fuck fuckedy fuck fuck fuck?

Windows:

Everything is giant, rigid, monolithic block.

There is no simple way to combine two things.

In Unix you solve problems by combining existing programs.

In Windows you just add another monolithic block.

Shitty GUIs all over the place. Seriously.

As a result, it's hard to automate things.

Naming sucks. Always. C:\Users and Settings, seriously? (Yes, it has been fixed)

As a hilarious example: syswow64 contains x86 DLLs, system32 contains amd64 DLLs.

Special cases abound.

Compare Unix daemons to Windows services.

Compare Unix X11 programs to Windows magic graphical programs.

Compare Unix text config files to the Windows registry.

The system as a whole is insanely complicated and impossible to understand.

The whole system is impossible to debug. For many problems the only solution is "reinstall".

Swapping out the kernel. Etc..etc..etc

Eye of Sauron-themed trojan targets Russia, Sweden

Mainway

9fans

Taken from the wiki:

"Reads and writes to mordor will inevitably cause the front to fall off!"

Stealthy malware infects digitally-signed files without altering hashes

Mainway
Thumb Up

Re: Something started to smell...

Yes an don't you just love how these Black-Hat miscreants give there tool to all and sundry to download off the web so that any thirteen year old twerp with zits can sit in there bedroom doing the same!

EasyDoc malware adds Tor backdoor to Macs for botnet control

Mainway

eh Firewall?

Do any of the Mac fanbois actually use the BSD firewall, it came included, not like it's worth much considering all there Crypto is already suspect thanks to INTEL "ME" and AMD "PSP" and they probably never even took the time to turn it on or install the "XCode" code-base to be as up-to date as possible against vulnerabilities.

A Russian cyber-gang, the Oracle MICROS hack, and five more POS makers in crims' sights

Mainway
Pint

POS

I've never quit understood why people insist on calling it a Point Of Sale system, the word Cashier presumably doesn't conjure up the same Buzz..

Google password fill effort could kill Android malware's best tricks

Mainway

Re: Oh yes, way to go Google..

Did you love the bit about how they fail to mention that people with a cheap non-android phone don't suffer from the same vulnerabilities? I'm very happy with my "Ken-Xin-Da" M3 Chinese Mobile phone, with no MMS, APN or WAP settings, but VOIP settings to dial IP to IP as standard and the option to password protect everything including your SMS and contacts from snoopers and no encryption is required because it's built into the firmware so to bypass it presumably they'd have to re-write the firmware, destroying said information in the process, as sold to Arabic countries world-wide hence the Arabic keypad!

Biting the hand that feeds IT © 1998–2019