Posts by Pascal Monett

"it isn't that large – as you can see."

No, I can't see how large it is. There isn't a single thing I can use as scale on that first picture. The second one has apparently some fleshy bit on it I interpret as a hand, but I'm not sure. As far as I know, that iThingy could well be sitting on a regular 1 meter diameter kitchen table, which would make it frikkin' huge.

The next time you want us to "see", chuck a ruler next to it.

“[..] the attack prevented [..] users from actively engaging with the [..] Website,”

In other words, the DDoS prevented DraftKing users from . . gambling.

Come on, if your site gets DDoSed and all you do is publish rankings, then your users are going to wait it out patiently until your site is online again and you're not losing money from users that are temporarily not "actively engaging".

If you're loosing wads of money for a "sports" site because you're offline for half an hour, then your site is a gambling site.

“Funding this key cybersecurity program through piecemeal, short-term contracts..."

is exactly how the true amount of funding can be obscured to the public eye, so I really doubt much will change there.

And while on that kind of funding, does the White House still buy $1,000 toilet seats ?

Inside job / 8 bitcoin per record

I smell a guy who had the data and got the bright idea to add another line to his revenue stream.

Anybody else think that 8 bitcoin is a tad expensive for info on one ID ?

That is going to be one hell of an expensive failure

So let's see, what is the UK Gov history on hardware accomplishments ?

Oh yeah, they built a new aircraft carrier, but forgot the catapults.

Yep, great indicator of confidence there. They'll send up GPS satellites and forget the communication system, or something like that.

This is the start of a looong popcorn era.

"UEBA baselining with machine learning can adjust its worldview of a user's behaviour"

So all a hacker needs to do is ensure that his package can shift the pseudo-AI's worldview bit by bit and then he will be right at home.

Given that there have been Tesla buyers stupid enough to think that their car was self-diving, marketing any technical solution with the notion of AI is a surefire way to ensure a catastrophe. Complacency and habit means that when this so-called "AI" security will be in place, as long as it doesn't squeak, admins will just take care of the daily panics and not worry about whether or not the machine is working right.

Hackers of the future will have a lot of fun with these toys, I think.

Okay, so where are law enforcement students ?

What should be done is that law enforcement should have some personnel sign up to these courses and learn the techniques.

Shouldn't be difficult and I don't see the crooks doing any reputation checks from their home base.

Once we have officers fully trained and up to speed (because $1,100 for 40 days seems a pretty good deal to me), then our Cybercrime units will know what to look for and how to fight it.

If that isn't being done, then our governments are even stupider than I thought - which, of course, is quite possible.

"if I see someone of high status drinking coffee, I'll want coffee too"

Um, no. I don't drink coffee. Ever. Not interested.

I respond quite politely when offered, but the answer is always no thank you.

And forgive if someone "of high status" having something I don't does not make my brain go into dumb mode and want the same thing.

"This fake website was spam-vertised using bogus emails"

What is it about the human mind that pushes people to a) blindly accept what a completely unknown person sends them, and b) click on a link that they haven't the faintest idea where it will end up.

Especially at work.

Okay, this time it was a test. Fine. There will be a next time. And a next.

Until we all, collectively, understand that if someone you don't know sends you a mail, the only proper thing that can be in that mail is either a request for information or an introduction from a work colleague that has just taken his post, so you know you'll be working with him.

And you should check to be sure.

Anything else is spam and should just be binned.

The only person who can legitimately send you a URL is someone you already know. And that person had better have a good reason.

These posts are very interesting

Most of them point to patching issues with large or very large user bases.

I am self-employed. If a patch borks my system, I am good for a full day of reinstalling everything to be able to work again. Who's going to pay me that time ? Nobody.

If my system is bricked, then I am good for an emergency trip to the nearest quality hardware dealer and a hefty ticket price to get a new machine, which I then have to spend the day cleaning, removing stupid vendor-installed cruft I couldn't care less about, and getting the stuff I need to start working again. So a day lost again, and a big expense that I have not budgeted. Who's going to pay me for that ? Nobody.

If my system should be hacked (has never happened), then at worst, I'm good for losing a day reinstalling.

So my threat profile tells me that I can wait a while before patching, to see if there are any howls of pain from the latest batch of Windows updates. If I don't hear anything for a few weeks, then I put Windows Update back into Auto and patch, reboot, finish the patches and reboot again. Then WU goes back to Disabled, where it belongs.

The humans won because strategy - no surprise there

I have played my fair share of Battlefield and other multiplayer mayhem fests, and if there is one thing I learned it is that the team that has a strategy is the team that wins.

Most humans go into these games thinking and acting as if they were alone. If everyone plays like that (most common case), then the win is just chance to the team with the more efficient killers. But play a team that has no cohesion and find that the other side has a group that are actually playing together, and they will wipe the map with your corpse.

Had these tests been against the regular human bozo, humans would have been squashed, no question. It is good that they play these matches against human players who do have team cohesion. That way we see that programming strategy into a statistical analysis machine is not an easy thing to do.

I wish those programmers all the luck. Or do I ? Did I just hear the whine of a phased plasma ri<no carrier>

Oh for God's sake

There is no AI. There is statistical analysis, and vast amounts of data, but we do not have a machine to which we can ask : "tell me what is working".

There are highly intelligent people who understand statistics and can fine-tune these statistical analysis machines, but AI it is not.

I would really like for the media to drop the "AI" in their articles, but that is obviously never going to happen because . . marketing. Ai is sexy, and because we don't have it, it is the perfect fantasy.

"we’re doing all we can to resolve the matter"

Short of actually putting any money into infrastructure that is . . .

Supermicro

That hasn't filed for Chapter 13 yet ?

Wow.