* Posts by tachyonhorse

41 posts • joined 18 Jun 2018

NSS Labs sues antivirus toolmakers, claims they quietly conspire to evade performance tests

tachyonhorse
Mushroom

NSS Labs: Next Generation Firewall Test

Next Generation Firewall 9.0

NSS Labs is issuing a call for industry engagement from both enterprises and NGFW vendors to help shape and evolve the ninth iteration of our NGFW Group Test.” Read the full press release:

0
0

Sealed with an XSS: IT pros urge Lloyds Group to avoid web cross talk

tachyonhorse

Multi-layered security controls across our systems

I got a similar answer from EDF when I asked them why I needed to disable 'Auto remove overlays', 'uBlock Origin' and Safescript in order to access the site. So while I use these sites I'm totally open to click-jacking and running malware scripts. Are these sites run on a hacked together script based on some school project of ten years ago?

6
0

Python joins movement to dump 'offensive' master, slave terms

tachyonhorse
IT Angle

Parent/Child as a replacement for Master/Slave?

> Anyone suggesting Parent/Child as a replacement for Master/Slave has no idea of how likely a child is to obey.

How about a First-Superior Homies & Bitches Flip Flop ref

1
0
tachyonhorse
Facepalm

Open Source Diversity?

Like other open source communities, Python's minders have been asked whether they really want to continue using the terms "master" and "slave" to describe technical operations and relationships

Where, when, how, I've never heard it was an issue up to now. Yet another example of the intersectionality crowd finding something to be offended over. In this case potentially being triggered by a line of code. What are we going to call the Master-Slave JK Flip Flop after this, the Facilitor-Stakeholder J K Flip Flop

2
0

Back up a minute: Veeam database config snafu exposed millions of customer records

tachyonhorse
Facepalm

Cloud backup security concerns.

How about getting someone to write a script that periodically tests your cloud infrastructure for potential leaks and sends an email or text msg to someone who will notice?

0
0

When is a patch not a patch? When it's for this McAfee password bug

tachyonhorse
Terminator

Unsigned DLL side-loading vulnerability?

It was found that one of the True Key Service binaries loads a McAfee dynamic library in an insecure manner. An adversary could carefully craft an exploit to launch an Elevation of Privilege attack.” ref

How about designing the DLL loading routine to, by default, not allow unsigned DLL loading, that way any defect in the application would be rendered fail-safe. Presumably this flaw in the DLL side-loading mechanism can be exploited by any malicous application.

3
0

It's September 2018, and Windows VMs can pwn their host servers by launching an evil app

tachyonhorse
Terminator

Re: CVE-2018-8475

> *WHY* are image files loaded up (and apparently parsed) within the kernel again?

To speed up rendering else there's too much of a performance hit switching from kernel mode to user mode, hence any defect in the code can crash the entire system or lead to a security violation

6
1
tachyonhorse

Security feature bypass in Device Guard ..

KB4093111: Windows 10 April 2018 Security Update

I count thirteen memory violation errors, that's where the majority of security violations reside, in the Memory Management Unit?

3
1

US military chucks $2bn at AI, Google touts machine-learning data search, and more

tachyonhorse
Terminator

Re: Technology Favors Tyranny

I speak as one part of his "useless class" who can't even beat a normal chess program on my crappy computer.’

Can this ‘normal chess program’ write a program that can beat it in chess, I know I can. The reason the chess-program wins is it substututes speed over intelligence. If you could slow down or stop the clock between moves then you could most definitely win.

Apropos artificial intelligence, this whole AI thing is just so much hyped snakeoil, we're decades away from any real-world practical solution. In this case I guess it's a good a pretext as any to fling $2bn at the US military. A technological solution to a human problem, the problem being how to the ability to kill more of the enemy than he can kill yours. The snakeoil being the promise of fighting a war without taking human loses. Stalingrad and the Vietnam War would have demonstrated the falsehood of thinking technology could win against a tenacious and dedicated low-tech enemy.

0
0
tachyonhorse
Big Brother

Baidu and Intel team up to monitor Internet

Banks such as China Union Pay, AI Bank and the Agricultural Bank of China are using MLK-DNN Baidu’s Cloud for fraud detection. iQiyi, commonly referred to China’s answer to Netflix, will use OpenVINO to flag up videos for dodgy content.”

Does this mean that a company from the freedom loving west is teaming up with a communist dictatorship to spy on its own citicizens, for money?

0
0

MPs' proposal to cash in on public-private algos given a solid 'maybe'

tachyonhorse

MPs call to monetise public sector data

How about instead, they make our Public Records available on the Internet, instead of having to pay-per-page to see it through multiple Freedom of Information applications, which will then only be returned to you in the form of photocopies and by surfacemail.

1
0

Email security crisis... What email security crisis?

tachyonhorse
Big Brother

Microsoft announces threat intelligence service?

How about an email service that transparently verifies that an email is really from the name appearing in the FROM: box and full -end-to-end encryption to be sure no third party is snooping on your emails.

Introducing Address Verification and Full PGP Support

0
1

AI beats astroboffins at sniffing out fast radio bursts amid the universe's clutter

tachyonhorse
Alien

AI beat astroboffins at detecting fast radio bursts?

This isn't Artificial Intelligence (AI) beating astroboffins, what it is, is a pattern recognition engine based on a convolutional neural network (CNN), detecting seventy two new sources of fast radio bursts (FRB) after being trained by humans. As for signs of extraterrestrial technology, since FRB 121102 is three billion light years away, and assuming we detect an artificial signal three billion years old, does anyone think humanity will still exist in three billion (3,000,000,000) years ?

4
0

Dust off that old Pentium, Linux fans: It's Elive

tachyonhorse

Best live distro to run from a USB

As someone else pointed out "OS haven't actually got quicker over the last few decades", bigger isn't necessarly better. What is the best distro for running from a USB device?

0
0

Cisco smells a RAT in Breaking Security's Remcos PC wrangler

tachyonhorse

Talos says Remcos is a Remote Access Trojan (RAT)

Is the the same Cisco that impliments SSL decryption on its switches, through the use of fake PKI certs. Basically implimenting a man-in-the-middle attack.The client browser has to be configered to accept such fake certs and not just the Cisco ones.

Cisco “Talos says that it is classifying Remcos as a Remote Access Trojan (RAT) software

There are any number of remote desktop solutions that do the exact same thing, why aren't these also deemed RAT software. How does Remcos get installed on the target system in the first place, without root access and the end-user not noticing? Lets consult the Remcos Manual: “Deploy the agent file on your system to be controlled and execute it”.

2
0

SUSE and Microsoft give enterprise Linux an Azure tune-up

tachyonhorse
Terminator

Re: SUSE Linux

> SLES will end up being digested somewhere in the bowels of MS's beasty clouds ..

SuSE Linux being the only one that comes with a Microsoft covenant-not-to-sue. Microsoft also extracting a license fee from Android phone makers. If I was paranoid I would sense something sinister in the force.

0
1

London's Gatwick Airport flies back to the future as screens fail

tachyonhorse
Facepalm

Cloud-based flight information display system ..

The Flight Information Display System (FIDS) at Gatwick Airport was the result of a project that kicked off back in 2015 to replace legacy systems that required a separate PC running behind the majority of the airports’ screens

Running the screens from the one 'cloud' solution through a single fibre cable sounds like some bean-counters idea of saving money. Multiple devices running multiple screens with multiple data paths is the correct solution. You could do it with Raspberry Pis connected in a banyan-tree topology.

5
2

Software that predicts whether crims will break the law again is no better than you or me

tachyonhorse
Terminator

Northpointe Compas Core ..

Fully web-based and Windows compliant. COMPAS is applicable to offenders at all levels from non-violent misdemeanors to repeat violent felons. COMPAS offers separate norms for males, females, community and incarcerated populations.” ref

A recent investigation by ProPublica showed that this predictive technology was operating with significant racial biasesref

0
1

Medical device vuln allows hackers to falsify patients' vitals

tachyonhorse
Terminator

Re: Bit of a bummer.

> spare a thought for the poor sods developing this stuff 14 years ago.

March 2008: “a team of computer security researchers plans to report Wednesday that it had been able to gain wireless access to a combination heart defibrillator and pacemaker.” ref

1
0

Microsoft gets edge on AWS with Azure Stack for government

tachyonhorse
Mushroom

Intelligent edge hybrid cloud infrastructure environment

use cases for an on-prem Azure cloud would include things like field offices or government embassies where officials would not want sensitive information to be travelling over potentially tapped internet connections.”

If yer local cloud is connected to your hybrid cloud through the Internet then ...

This is possible because Azure Stack extends the best of our intelligent edge and cloud innovation and delivers those services anywhere in the environment through a hybrid approach.”

What?

4
1

Grubby, tortuous, full of malware and deceit: Just call it Lionel because the internet is MESSY

tachyonhorse
Mushroom

Internet designed to survive a major nuclear war?

"The internet originates from the US government's interest in creating a communications system which could reliably survive a major nuclear war."

No no no, despite no matter how many time that inexactitude is repeated, the Internet wasn't designed to survive a nuclear war. The Arpanet was about time-sharing expensive computing.

It was from the RAND study that the false rumor started claiming that the ARPANET was somehow related to building a network resistant to nuclear war.

This was never true of the ARPANET, only the unrelated RAND study on secure voice considered nuclear war. However, the later work on Internetting did emphasize robustness and survivability, including the capability to withstand losses of large portions of the underlying networks.”

3
1

BGP hijacker booted off the Internet's backbone

tachyonhorse

Whois Bitcanal aka Ebony Horizon?

Domínio: ebonyhorizon.pt

Registered Trademarks - INPI 411476

Person: Joao Silveira

Phone: +351220915985, Portugal: 707 450 060, UK/Europe: +44-2035143750, USA/Canada: 1-877-379-2127

Data de Submissão: 05-08-2013

Data de Expiração: 04-08-2022

Titular: EBONYHORIZON TELECOMUNICAÇÕES, S.A. Rua 28 de Janeiro 350 - Edificio X, Vila Nova de Gaia, Praceta da Geminação, N.º 19, 1º Dto, Tras., 4400-335 Vila Nova de Gaia, PT jcs@bitcanal.com

2
0

Oracle wants to improve Linux load balancing and failover

tachyonhorse

Linux remote direct memory access (RDMA)

What mitigations did the designers build in to prevent RDMA being used in security exploits.

0
0

US military manuals hawked on dark web after files left rattling in insecure FTP server

tachyonhorse
Facepalm

Routers default FTP password is susceptible to attack?

"Two years ago researchers warned that Netgear routers with remote data access capabilities were susceptible to attack if the default FTP authentication credentials were not updated .. Recorded Future identified more than 4,000 routers susceptible to attack."

Describing accessing a device using the default credentials as an 'attack' is stretching it.

12
0

Insurers hurl sueball at Trustwave over 2008 Heartland megabreach

tachyonhorse
Facepalm

Trustwave portal requires Adobe Flash Player?

Click to enable Adobe Flash Player

0
0

Thomas Cook website spills personal info – and it's fine with that

tachyonhorse
Facepalm

GDPR requires reporting of data leak except when it doesn't :]

"the controller shall .. notify the personal data breach to the supervisory authority .. unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons."

So, no sanctions for such leaks and no requirement to report such leaks to the leaked-on. The only practical effect I've seen is multiple click-boxes on websites and some US websites blocking access in Europe.

0
8

Another data-leaking Spectre CPU flaw among Intel's dirty dozen of security bug alerts today

tachyonhorse
Facepalm

Re: So what? CPU Errata exist since the first products hit the market...

'Clearly AMD has been spinning this crap .. AMD is the one hiding and spreading fake info against its competitors.'

Actually it was AMD on the receiving end of such speculative crap, mainly by CTS that "may have, either directly or indirectly, an economic interest in the performance of the securities of the companies whose products are the subject of our reports."

24
2

I think I'm a clone now: Chinese AMD Epyc-like server chips appear in China. What gives?

tachyonhorse

Two people standing by a water cooler?

Regarding the shutterstock illustration titled 'Two people standing by a water cooler'. Shouldn't that be: Two people, not a member of the Caucasian patriarchy, standing by a water cooler :]

2
2

Nissan 'fesses up to fudging emissions data

tachyonhorse
Facepalm

Unauthorised technicians to blame?

'The carmaker instituted an internal review, and in September 2017 found it was using “unauthorised technicians” to carry out final vehicle inspection tests for vehicles sold in Japan.'

I call baloney on that, senior management instructed the technicians to fake the results as the equipment was unable to conform to emission standards.

"the company also re-checked safety records for cars produced at the affected plants, except GT-R models (for which there weren't enough sold to make a statistical assessment)"

We fraudulently alter vehicle inspection tests and the GT-R models we sold have no safety issues as we didn't sell a lot of that model.

1
0

Big contenders in the broadband chart this week, but who will be #1? Well, not Britain

tachyonhorse

'Toxic' Whitehall power culture fingered for GDS's fall from grace

tachyonhorse

Oracle tells court: Boss man Mark Hurd didn't have docs relevant to HPE spat over Solaris

tachyonhorse

Naughty tech boss a frat boy to the end

Sep 2010: Naughty Tech Boss a Frat Boy To the End

0
0

A fine vintage: Wine has run Microsoft Solitaire on Linux for 25 years

tachyonhorse
Linux

Wine exposes the underlying Linux operating system?

Software running under Wine is restricted to the current users privileges as such any Windows malware is contained in the current “bottle" under ~/.wine, and doesn't persist between reboots.

Of course none of this would matter if the software was cross-platform, which is how software was built a long time ago. If I recall correctly the one source code file would compile for different platforms depending on certain #pragma directives in the listing.

3
1

IBM Cloud TITSUP: Techies investigate troubling storage underperformance

tachyonhorse

A tear in the network fabric architecture?

'Storage systems in several of IBM's European data centres have been down since the small hours, with engineers battling to fix an unspecified "network-related" problem'

Would these network-related problems be in the underlying software defined routers, switches and storage such that there's a tear in the cloud fabric?

3
0

Ding dong! Dell about to go public again – report

tachyonhorse

Re: Dell about to go public again.

> You mean the low-margin stuff that has forced other manufacturers out of the business? Sounds like a winner!

No, I meant high end stuff like the iPad, the iPhone and a high end set top box combined with services such as high-def movies and games piped directly into your living room. You sell them the boxes and then make even more money selling them services.

Additionally, if even Dell can't make money out of the IBM PC, what hope is there for the rest of us?

0
3
tachyonhorse

Dell about to go public again.

Why didn't Dell diversify into other markets such as mobile space, set top boxes, multimedia centers etc., such that they could ride out dips in the PC market.

3
3

Amid 'idiotic blockchain phase,' EY and Microsoft tout smart contracts

tachyonhorse

Ubisoft the Microsoft partner

Not to be confused with this one:

https://www.eviscerati.org/comics

0
0

What's all the C Plus Fuss? Bjarne Stroustrup warns of dangerous future plans for his C++

tachyonhorse
IT Angle

why not simply have a 'foreach' ?

> why not simply have a 'foreach' ?

Because computer programming is an esoteric art form not to the shared with the hoi polloi :]

5
2
tachyonhorse
Facepalm

Who can find the glm::rotate() function?

> For example, I present to everyone the GLM challenge. Who can find where the glm::mat4 glm::rotate() function is actually implemented in 1 minute?:

Interesting .. I've also wondered why, for such a high level language, you need to help C++ keep track of its variables using the Namespace feature. For another example, it's perfectly obvious that :: is the scope resolution operator and does different things depending on the context. It would be like creating a human language that the key words could be overloaded with ever changing meaning <sarcasm>

Human brains don't work like this, C++ a high level computer language written for computers :]

2
2

Forums

Biting the hand that feeds IT © 1998–2018