* Posts by Clausewitz4.0

116 publicly visible posts • joined 16 Apr 2022

Page:

Gone in a day: Ethical hackers say it would take mere hours to empty your network

Clausewitz4.0
Devil

Re: For the Crashing and Burning, Collapsing and Crushing of Dodgy Ethereal ...

See you at Sea. In uniform.

As Cybersecurity Week begins, Beijing claims US attacked Uni doing military research

Clausewitz4.0
Devil

Solaris 0-days

I would setup some new Solaris servers with dummy secrets to get those Solaris 0-days exploits into my hands.

Hopefully the Chinese did that before leaking the NSA op. to the press.

Feds freeze $30m in cryptocurrency stolen from Axie Infinity

Clausewitz4.0
Devil

Rewards of up to $10 million

With rewards of up to $10 million dollars to grab the heads of some hackers, stupid people may be inclined to do illegal, dangerous and silly things .

Looks more and more like the Wild West. But in the real-life Wild West - not the movies on the telly, where the USA is actually good at lawfare and warfare (only in the telly) - people die for real.

Mandiant links APT42 to Iranian 'terrorist org'

Clausewitz4.0
Devil

QUOTE: "Israel has between 80 to 400 nuclear warheads. It can vitrify Iran and all its neighbours."

Three words for Israel - SCO ( Shanghai Cooperation Organisation )

Let's be good global neighbors, ok?

Clausewitz4.0
Devil

Real Men Go To Tehran

If you are smart enough, you can see those Mossad puss1es coming from a mile away. Just carry your knifes and hopefully a gun. They try to kill a lot, but they fail a lot too. Been there.

Always remembering: Boys Go to Baghdad, Real Men Go to Tehran

Clausewitz4.0
Devil

Stuxnet, anyone?

So, is it ok to deploy malware to blow up nuclear facilities and to not expect retaliation?

Stuxnet

Strange times indeed...

DoJ charges pair over China-linked attempt to build semi-autonomous crypto haven on nuked Pacific atoll

Clausewitz4.0
Devil

Paraphrasing Sonny

Goddamned FBI don't respect nothin'

NATO investigates after criminals claim to be selling its stolen missile plans

Clausewitz4.0
Devil

Re: Mundane Espionage ?

Nothing to worry?

Those hackers are selling data of people whose daily job is to kill for a living.

Better to have some protection. If from local gov / mil, better.

Schematics of NATO missiles are very interesting. And valuable.

Ex-NSA trio who spied on Americans for UAE now banned from arms exports

Clausewitz4.0
Devil

Re: One for a Priti Patel and Supreme Court Justice Puppets to Ponder Prevaricating Pompously On

Had they worked for Russia, Iran or China, with a deal including passport, citizenship, nano microchips ( yes, those from remote torture some people I know have in their possession and cost a good amount of money $$ ), cyber tools and other exploitation software - which those folks also have, everything encrypted - those former NSA operatives would be happy at work.

Personally, I prefer to deal with my local military / government, also because it lowers your chance of being killed, but we know some government heads need to be changed to that happen. But in any case, there is the former alternative.

Their biggest mistake was to be an USA citizen.

PyPI warns of first-ever phishing campaign against its users

Clausewitz4.0
Devil

Phishing Campaign

QUOTE: PyPI announced it is giving away free hardware security keys to the maintainers of critical projects

New phishing campaign requesting login + password + address to send physical token in 3, 2, 1 ...

Shout-out to whoever went to Black Hat and had North Korean malware on their PC

Clausewitz4.0
Devil

Re: Malware at Black Hat?

I would likely bring a discardable laptop to connect to their network.

Given the high value of tools and exploits produced by the attendees of such conference, most likely a firmware exploit in the NIC would be deployed by a capable party.

Intel set to squeeze the flops out of Ponte Vecchio GPU

Clausewitz4.0
Devil

I saw the joke alert. But will post it anyway, to confirm your point of view.

https://www.blopeur.com/2020/04/08/Intel-x86-patent-never-ending.html

LockBit gang hit by DDoS attack after threatening to leak Entrust ransomware data

Clausewitz4.0
Devil

Re: Yeah...

US Homeland Security, Microsoft and the US Treasury are Entrust's customers.

I believe some people got angry their data was stolen / will soon be leaked in case of non-payment.

Lessons to be learned from Google and Oracle's datacenter heatstroke

Clausewitz4.0
Devil

Re: Climate change causes reduction in da Cloud

"Average annual temperatures at Iqaluit are around −9.5 °C (14.9 °F), compared with around 5 °C (41 °F) in Reykjavík, which is at a similar latitude"

The temperatures there are quite ok, but I believe there is no reliable power source. So, a nuclear plant would have to be installed as well - high cost.

Solaris is in maintenance mode – but Oracle added a significant feature anyway

Clausewitz4.0
Devil

Re: Before the bits run out

2034. And they will probably extend this support even more. A lot of big TELCOS running Solaris with a HUGE amount of data on those boxes.

Dutch authorities arrest 29-year-old dev with suspected ties to Tornado Cash

Clausewitz4.0
Devil

QUOTE: trying to invent a new anonymous method of currency transactions? But that problem has been solved for centuries with the physical transfer of fiat currency and/or fungible metals

No, Mr. You cannot make an anonymous transaction with a person you do not know, in the other side of the globe, and probably in a sanctioned country, using old bills or fungible metals. You can do that with cryptocurrency. You will stay anonymous. If you are intelligent enough, no 3-letter agency will ever touch you or extradite you - maximum they can do is to put 24/7 surveillance on your computer and house, make some jokes with you, nothing more than that. You will still take everything you earned with you.

Enough said.

China's 7nm chip surprise reveals more than Beijing might like

Clausewitz4.0
Devil

Re: It's also an ASIC crypto-miner, highly parallel, low complexity. A starter chip.

China supplies the world with a lot of chemicals to produce whatever the buyer intends to.

It is up to the buyer to produce illegal recreational drugs or life-saving drugs.

Suspected radiation alert saboteurs cuffed by cops after sensors disabled

Clausewitz4.0
Devil

Re: But ... why?

QUOTE:Apparently not ransomware or foreign spying

Due to the non-stealth nature of the attack, the most plausible explanation is either 1) Grudge or 2) Profit. In (1) they got really mad at someone from work, and in (2) a certain company will receive huge money to fix the attack.

If it the attack was stealth, in preparation for a major action, I would bet separatists.

Knotweed Euro cyber mercenaries attacking private sector, says Microsoft

Clausewitz4.0
Devil

Re: Microsoft

True. A lot of phishing pages jump from Azure -> AWS and vice versa, sometimes in round-robin. Probably to make the takedown harder / slower.

Ransomware less popular this year, but malware up: SonicWall cyber threat report

Clausewitz4.0
Devil

CVE and new exploits

QUOTE: The bad guys are just sitting there saying: 'I don't have to just go look anymore. I just need to pull up all the CVEs

Wrong. Every serious business are stockpiling vulnerabilities. Also Google. A 1-day vuln. is good, but a research lab for 0-day vuln. is way better, if offensive time comes. Meanwhile, we all hope not, because peace is better.

Cyber-mercenaries for hire represent shifting criminal business model

Clausewitz4.0
Devil

Re: Shadowrun

Inception movie (2010) was just a (bad?) way to advertise an expensive neuro-cyber interface.

It doesn't work with everyone, no influence can be achieved, specially in the ones who create resilience against such technology.

But it is indeed expensive, and can be resold.

Boffins release tool to decrypt Intel microcode. Have at it, x86 giant says

Clausewitz4.0
Devil

Re: Microcode Security

QUOTE: for the vast majority of cases a regular rootkit would be sufficient

I agree on that.

But a microcode-rootkit would be the most undetectable piece of nasty code, and could be activated remotely without triggering any alarm bells - actually, you could even submit a sample to any famous sandboxes, and they would not flag nothing malicious at all.

Probably the reason China and Russia insist on using home-made silicon for mil/intel/sensitive stuff.

Clausewitz4.0
Devil

Microcode Security

QUOTE: "microcode has an RSA signature for integrity protection."

In other words, a well-guarded(?) RSA key opens the doors to the kingdom

Russian Debian-derivative Linux slinger plans IPO

Clausewitz4.0
Devil

Re: Narratives

Sure. Let's not forget Yugoslavia, Afghanistan, Libya, Iraq, Syria, Somalia.

I am not so sure they were bombed by Russia, though.

Clausewitz4.0
Devil

Re: Narratives

Paraphrasing Michael Corleone:

"Politics and Crime, They are the Same Thing".

Clausewitz4.0
Devil

Re: Narratives

QUOTE: Complete bollocks. The Russian backed separatists ignored the first Minsk agreement, launching an offensive before it was even implemented

When your neighbors are being killed (ethnic Russians in Ukraine) for 8 years in your country (Ukraine), you tend to strike back.

QUOTE: Don't forget that this whole thing stretches back to the treaty that Russia would honour Ukraine's borders in return for the Soviet era nuclear weapons stationed on Ukrainian territory being given to Russia.

Let's stretch a bit more, to the point NATO said it wouldn't expand an inch more. NATO did expand. A lot more.

QUOTE: The second mistake was not fast tracking Ukrainian membership of NATO

Ukraine was good dealing both with USA and Russia pre-2013. But USA was not happy with this situation. It was a win-win for Ukraine.

Then, NATO decide Ukraine should be west-only backing the 2014 Ukraine maidan coup - part of the not-expand-an-inch-more NATO broken promise.

Clausewitz4.0
Devil

Narratives

>so something positive could come out of this unjustified invasion of Ukraine

The Minsk 2 accords, which was agreed by both Kiev and Russia and would pave the way for peace, was not implement by Kiev. Kiev chose war instead of peace.

The "unjustified invasion narrative" seems a bit off.

Global financial stability regulator signals crypto rules are coming soon

Clausewitz4.0
Devil

Re: How?

Honestly, they cannot.

NSA/FBI cannot tap in EVERY fiber. NSA/FBI cannot make a MiTM in EVERY VPN connecting brokers to an exchange in another country, converting to fiat currency in pre-paid cards of another country.

They can put some millions in the pockets of a few politicians, hoping their goal will be achieved in-between the election cycle, but politicians tend to change every 4-6 years, so... no !

Clausewitz4.0
Devil

Re: First of all who is the

I also saw FSB and thought what the heck !

UK's Ministry of Defence awards Boxxe multimillion Microsoft license deal

Clausewitz4.0
Devil

MoD and Boxxe

I am sure Boxxe has top-notch security to expose (advertise) themselves as working with the UK MoD in .... WINDOWS.

RSA for sure had, while supplying Secur-ID tokens also for military contractors.

US military contractor moves to buy Israeli spy-tech company NSO Group

Clausewitz4.0
Devil

Cyber Capabilities

Do they realize its not just buying a company? The most important assets are the guys behind the R&D. Will they be able to keep the quality?

US floats framework for international crypto regulations that cement its power

Clausewitz4.0
Devil

Re: All your Crypto and NFTs

No, they are not.

USA / other countries cannot regulate cryptocurrency, they can just TRY within its own borders - but cryptocurrencies are borderless.

Microsoft rolls back default macro blocks in Office without telling anyone

Clausewitz4.0
Devil

VBA legacy applications

In the old days, I had an entire federal department managing thousands of assets via an Access file + VBA application.

Using VBA significantly lowered the time I would spend setting up servers, databases, etc.. to create the application in a few days, and once you showed some workers they "just had to open a document" and the application would start to run, things became really simple and speedy in the office.

Now it makes me wonder how many of these legacy systems are still in use nowadays.

IT reseller giant SHI International knocked offline by cyberattack

Clausewitz4.0
Devil

No reason for embarassment

QUOTE: The incident is an embarrassment for an IT services giant such as SHI.

If even the Russian bears can penetrate the Pentagon, DHS and others - and I mean, those guys have billions of budget and their daily job is to kill people for a living - there is no reason to be ashamed for having your systems compromised by an skilled adversary.

FBI and MI5 bosses: China cheats and steals at massive scale

Clausewitz4.0
Devil

Thief Crying Thief

Some spying agencies and the FBI complaining about [ Insert any country here that is getting better than them in the game ] ?

Really?

Here today, gone to Maui: That's your data captured by North Korean ransomware

Clausewitz4.0
Devil

Re: I wonder why

QUOTE: hit one of the major cloud providers

If you get to the core of a major cloud provider, source code for the tools or the orchestrating tools itself are a much more valuable target.

It enables a shy business to deploy REDIS / NOSQL / MongoDB / etc clusters in an amazon-like-way, with a nice control panel - a shy business can potentially become a major player itself.

Hive ransomware gang rapidly evolves with complex encryption, Rust code

Clausewitz4.0
Devil

Making analysis more challenging

QUOTE: Since all strings are encrypted, it makes finding the parameters challenging for security researchers."

Not at all, since the decryption key is embedded in the executable.

Storing only the hash of the command line parameters, would make analysis more truly challenging.

Germany unveils plan to tackle cyberattacks on satellites

Clausewitz4.0
Devil

Re: File this under 'Aye, right'

Interesting, if true. I wonder if the attackers have changed the keys so the original owners could not take control back, if this attack scenario was possible on the platform.

Google updates Chrome to squash actively exploited WebRTC Zero Day

Clausewitz4.0
Devil

Re: Could not have happen with HTTP/1.0

QUOTE: One of the first jailbreaks for the iphone was a bug in an image rendering library

So was one of the last bugs used by NSO / Pegasus to silently penetrate iPhones with a zero-click exploit. But Google do not care / look too much into exploits being actively used by some friendly government agencies.

Dutch University retrieves Bitcoin ransomware payment and makes a profit

Clausewitz4.0
Devil

Cryptocurrency anonymity

Bitcoin isn't anonymous, but you can use mixer / tumblers, quickly convert to ETH and then use TornadoCash. Or swap for Monero.

Google location tracking to forget you were ever at that medical clinic

Clausewitz4.0
Devil

Some of those people in the retirement homes where thugs, whores and gangsters :-)

Damn... I will never look again into the eyes of a grandpa / grandma the same way I used to..

Clausewitz4.0
Devil

Re: "Google Account Level Enhanced Safe Browsing"

Search for Pi-Hole and add Google's safebrowsing domains into that list. I advise to also add ads.google.com, and see how many websites actually hosts FONTS/JS/CSS into google infrastructure. A LOT. People just grab a bootstrap code half hosted on google and keep spreading it. Sad.

The App Gap and supply chains: Purism CEO on what's ahead for the Librem 5 USA

Clausewitz4.0
Devil

The App GAP

A way to stop the App GAP is to pay coders to use the web version of the most common apps and to automate the command line version of those.

As an example, Signal has a desktop version, that, with some voodoo, allows you to use the command line to register, and then to talk, message over the web app. Others might work also this way.

Clausewitz4.0
Devil

Re: SoC to old-skool

You cannot trust anything "made in USA", because of their security agencies and the secret subpoenas industry.

Clausewitz4.0
Devil

Re: Asterisk @sergio

Is that really important that members of the British Parliament sometimes might frequent gay saunas? Nowadays you can't blackmail them with that anyway... because it's so common...

TikTok: Yes, some staff in China can access US data

Clausewitz4.0
Devil

Data Owners, Capitalism

QUOTE: Trump administration two years ago tried to have the app banned from the US in an effort to force its China-based parent company to sell to a US-based owner

It is all about collecting data and who are the owners. Lets stop pretending it is something else.

The old owners just get mad when there is an attempt to sell the business to someone else. But that's capitalism and we all love it, right?

Crypto sleuths pin $100 million Harmony theft on Lazarus Group

Clausewitz4.0
Devil

Regulations vs. Proper Security

Instead of focusing on the regulation of what cannot be regulated (crypto currency), the focus should be to secure systems - including against state agencies, from USA or North Korea.

Iceotope: No need to switch servers to swap air-cooled for liquid-cooled

Clausewitz4.0
Devil

Water and Electricity in a Datacenter

Call me old school, but I am not a fan of mixing water, electricity and datacenter in the same sentence/room.

Old-school editor Vim hits version 9 with faster scripting language

Clausewitz4.0
Devil

Re: What's Vi?

..Vim is the standard version of the classic vi text editor on most Linux distros, and if there is one xNix editor that every xNix user should know, it's Vi."

I believe jake is making fun of the writer for not addressing vim in the correct case-sensitive manner.

Clausewitz4.0
Devil

Re: never knew

Agree. Also a hater of the mouse interface enabled by default.

Page: