* Posts by Aodhhan

687 posts • joined 25 Apr 2008

Page:

Ransomware scumbags leak Boeing, Lockheed Martin, SpaceX documents after contractor refuses to pay

Aodhhan

Why do people read something which was never stated.

No government classified information was stolen or leaked in any of these instances.

Don't assume, and don't read into things. Sensitive contractor information does not mean it's government classified information.

No security is fool proof. If you believe the security you put up can never be breached, then it's time to find another job.

InfoSec is mostly about MITIGATING threats, because you can never eliminate all of them. Even if you air gap your system.

Legacy laptops, shadow ware, poor user habits, etc. can always find their way onto a system. Providing a means for attackers to penetrate a network.

Trivial backdoor found in firmware for Chinese-built net-connected video recorders

Aodhhan

Only in England

...do the people deal with making bad decisions by pointing out the bad decisions of others.

Even after they were told by at least 3 other countries not to deal with this Chinese company.

Just how many really wealthy political donors in London, have a lot of investment in Huawei?

Must be a lot. Enough to screw the average English citizen.

Uncle Sam tells F-35B allies they'll have to fly the things a lot more if they want to help out around South China Sea

Aodhhan

This stuff is old news

Why is this story being released now?

Most of the information in this report is close to, if not more than a year old.

This actual document was released 5 months ago. It's not something which was released in the past week.

WannaCry ransomware attack on NHS could have triggered NATO reaction, says German cybergeneral

Aodhhan

It's all in history

As the left in Europe begin to move further left, the European leaders began to invest less and less money into their own militaries and NATO.

The Soviet Union was gone and the trouble in the Middle East and Africa was far away. At least, this is what they believed.

Over the years, only Canada, the UK and USA maintained their militaries to agreed standards. Although, during the Obama years, this level was barely met--even though the war in Afghanistan was at its worse.

China, for all the punch lines they have become, aren't stupid. They've always been great at taking advantage of opponent weaknesses... and if you aren't China--you are an opponent.

China figured out, the leaders in Europe spent their money on each other--enriching those who helped them get into power. If these leaders have to start rebuilding their military, they won't be able to continue to make themselves and their friends even wealthier than they already are. The same families are in power now in Europe, that have been in power for the past 20 years. This should tell you something. Especially when the middle and lower economic classes have remain stagnant--and it many instances, have become worse.

Kids used to leave the house when they were 17-20 years old with a decent job. Now it's closer to 30--maybe.

Today, look at the families in charge of each European nation parliament; not to mention party leadership.

It's not much different than 20 years ago. Except things for everyone but them have become worse. China has become stronger, and Germany has become Putin's lap cat.

The left screams about the corruption of the right. As if this would even be possible, since the left has owned all the power for 20+ years.

Today, people still listen to the left--as if they are the ones to follow, because the left has lied and use their friends to hide the truth. It's a sad state in Europe.

The UK started to see this a few years ago, and has started change. It's funny... look at how those who were in power, resisted the UK empowering it's people over the government.

The only way a country is going to become stronger, is by ensuring the people have the power. The more power you give to the government, the more you want the government to take care of you, the weaker the people become.

Free this, free that... is what imprisons you. It's what Communism is. The carrot of free things on the long end of a stick, that you never get to... because it's used by those in power to get you to jump through hoops.

Europe may have free health care, but it's poor health care. Really good medical personnel move the USA for better wages, equipment and standards.

All that is left, is the bottom of the medical pool, with a long waiting list. You wait weeks to find out the government will only do so much for you, before it tells you it's too expensive to treat you. You didn't think those in power with all the money, are going to let you take their cash away to treat your cancer, did you?

We need to make it even easier for UK terror cops to rummage about in folks' phones, says govt lawyer

Aodhhan

What do you expect from socialism?

This law is typical of a socialist government. Think China, Venezuela, Ecuador, Russia, Cuba, (modern) Germany, (modern) France, etc.

Socialist (left wing) leaders are so worried about keeping power, they do anything to ensure the general public has no power.

Don't blame Trump, it's his administration which got rid of a lot of Obama's invasive left wing stormtrooper ideas.

It appears, just like Obama, Theresa May and her minions in both houses of Parliament are doing everything they can to keep their power over the citizens.

I'm no criminal, but there are many things on my computer/phone I don't want others seeing. My personal writings, who I'm communicating with, my salary, chats with a loved one, etc.

You don't have to dig too far into history books to find how socialist governments take small innocent items of a normal citizen--only to spin and create HUGE stories on how any citizen is actually a spy, terrorist, general criminal. Hmm... why are you getting (spam) email from anti-government groups? You criminal!!

This should be the reason people support Brexit. To get away from all the left-wing craziness of most of Europe. Look at all of the laws their left-wing leaders are enacting in France, Germany, Belgium, etc. to ensure they remain in power.

Left-wing propaganda sure sounds good doesn't it. They pander to everyone, promising whatever to get your support--but does it ever truly work out in the long run? The only constant is higher taxes on everyone, with below average education institutions.

While it's fun to bash Trump... you can't deny the success his policies have had. While the rest of the world is dealing with recession, the USA's economy is strong--and getting stronger. Trump's administration is handing out HB1 visas like crazy, allowing people from other countries to come in and work--especially in the tech industry, because the unemployment rate is only 3%; many companies can't find people to fill jobs--this is creating higher salaries since companies are competing for talent.

So, UK... keep enjoying all of the policies and laws Theresa May's government enacted during her many... many years in power.

Or maybe start making t-shirts promoting Brexit and Megxit. :)

Crown Prince of Saudi Arabia accused of hacking Jeff Bezos' phone with malware-laden WhatsApp message

Aodhhan

Jeff Bezos hacked his own phone

It's been known for some time there have been various vulnerabilities within this application. Attempting to pin it on someone can get a bit difficult, unless you can also get records from the various ISPs being used by the phone.

The way Bezos acts--has acted in the past, particularly in how he uses his news paper reporters to target those he doesn't like... I wouldn't put beyond scope, that Bezos hired someone in Saudi Arabia to hack his phone so he can then have his paper (or leak it out to other reporters), that his phone was hacked. Bezos has a bit of a credibility, likeability and is a known cheater. He's looking for ways to make himself the victim, instead of the predator.

Let's get real, it's not like the images leaked were anything too compromising or made Bezos look bad. If you were out to hurt Bezos, you would have used the worst photos on the phone--and/or doctored some. Neither was the case.

Too often today, people believe everything the press (or anyone) when they say something a bit outrageous. Without taking the time to dig a bit deeper, and use some common sense.

What's that? Encryption's OK now? UK politicos Brexit from Whatsapp to Signal

Aodhhan

Re: Not encrypted whatsapp backups

This isn't shocking to most IT professionals. Most of the government's in the west didn't start getting serious about systems security until a few years ago. While the defense/intel departments started locking things down in 2007 and then even tighter after Snowden leaks, the rest of the govt's spent money on everything but. This includes personnel with talent and understanding on encryption.

When it comes to communication applications, the underlying routines are all similar. Most of the code is out on the Internet for anyone to use. When it comes to encryption, none of them create their own protocols or cipher suites. They use what's available. This comes down to someone who understands which cipher suites are secure, and which are not-so-secure.

...and for those out there who think FIPS 140 cipher suites are unbreakable, you need to think again. FIPS 140 only approves cipher suites up to and including the "SECRET" classification level (by US DOD definition). So they may or may not be good for TS/SCI classification level. There is a different publication for the cipher suites usable for higher classifications.

Aodhhan
Thumb Down

Snowden endorsement

This is laughable.

Snowden needed assistance (from J. Assange) on how to use a data scraper, keystroke recorder (to steal credentials) as well as other simple hacking tools.

Snowden isn't some fantastic hacker and definitely not a computer engineer. He was a below average consultant working for a defense contractor. Which means, you need some computer training and a security clearance to get the job. No need to handle responsibility, just an ability to follow written directions.

He's not exactly someone I'd count on to provide advice or an endorsement for anything regarding encryption.

Now, if I needed advice on how to run like a beotch--coward, then he's the one to seek out.

Tracking President Trump with cellphone location data, Greta-Thunberg-themed malware, SharePoint patch, and more

Aodhhan

Re: "Everyone is trackable, traceable, discoverable to some degree.”

The biggest problem isn't when an application honestly needs tracking to work... the problem is storing the data--especially for indefinite periods of time--and then selling this data to organizations who use it for nefarious purposes. This is what needs to be controlled.

Yes, there are other things which track your location. Security cameras, security badges, Amazon Fire devices, some laptops/tablets, e-watches, credit card use, even your car keeps a record of your movements. Again, how is this information stored and who is the information sold to?

You may be shocked to find out the biggest sellers of information isn't the telecos, it's credit companies. You apply for a loan, use a credit/debit card... almost all of the information is put into a database. What you bought, from where, etc.

Someone can find out your purchasing habits, approximate income, political affiliation, brand loyalty--on and on.

It's cool for Brit snoops to break the law, says secretive spy court. Just hold on while we pull off some legal jujitsu to let MI5 off the hook...

Aodhhan

It's just like being a spy in the US

You can break the law in the USA if you work for certain areas of the US Gov't.

For instance, you can sell weapons to Mexican drug cartels (even when they will be used to kill US citizens), not follow the law on recording and retention of government documents, lie to the American people about what really happened in Bengazi to name several.

Let's not forget the latest items. Such as overturn an election for POTUS, lie to the FISA court, leak confidential information to the press, etc.

If you want to break any law, get elected to the US House of Representatives. You don't even have to worry about the separation of powers clause, or the court system. You can even outright lie to the public, and say anything at all on the floor or committees of the House!

You leak our secrets? We'll leak your book sales, speech fees – into our coffers: Uncle Sam wins royalties fight against Edward Snowden

Aodhhan

If Snowden had balls, he wouldn't have ran. He would have stayed and faced a jury. It's not a sure bet, all jurists would vote to convict.

It doesn't take balls to be a snitch, and then run away from the consequences. This is what cowards do.

A US publisher was likely used, because of where his widest audience is--giving him the best deal in regards to money.

Going to a publisher outside the US doesn't restrict the US government from recouping royalties. In fact, it's likely the US would have had an easier time getting the money without going to court. Most western companies (where the audience for this book is), honor judgements for copyright, patents, etc. of other companies. So a judgement made in one country will be honored by others.

Then there is the "use your head" clause. This is the US government/tax payer money... nearly every western country receives assistance from the US government--even England. So there is little chance, any publisher outside the US is going to steal from the US gov't/tax payers.

Additionally, you likely will not see Snowden drop a sanctioned copy of his book out on the Internet free of charge. Doing so, will go against his agreement with the publisher, and leave him open to further legal action.

Last. I don't believe Snowden's statement about "...not doing this for the money". If this is true, he wouldn't have used a publisher. There are many sites on the Internet, who would have gladly published it for free--to get his story out.

Pack your bags, you're going to America, Lord Chief Justice tells accused Brit hacker

Aodhhan

Here is a thought...

If you don't want to get caught up in the USA's legal system, don't commit crimes.

...and please, no comments about innocent people being found guilty. Especially, since meeting the burden of proof is typically higher in the USA than other countries. Not to mention, no other country has protections as solid as the 4th amendment; not even England.

Video-editing upstart bares users' raunchy flicks to world+dog via leaky AWS bucket

Aodhhan

Re: I wonder if....

Securing data in the cloud, isn't the responsibility of the cloud provider (believe it or not)... even if they provide a database and leave it open to everyone. This is cloud security 101 stuff.

Just like: if you purchase an application and use it at home (especially cloud connected devices/software), it's your responsibility to ensure it's secure.

In the cloud, it's YOUR responsibility to ensure any CLOUD APPLICATION you are using meets security best practices/standards.

Common sense should tell you, if something is free or low cost, then chances are, they aren't taking a lot of security precautions.

Accept certain inalienable truths: Prices will rise, politicians will philander... And US voting machines will be physically insecure

Aodhhan

Seriously--security professionals!

It's funny how everyone gets nutty about the vulnerabilities of using electronic voting, and forget about the numerous vulnerabilities using paper ballots.

A true security analyst will look at everything without prejudice or passion. The majority of posts display a lack of discipline in these attributes. You don't just start using a new operating system, full of new features and bling without testing it--do you?

It's the number of controls required to mitigate the paper ballot vulnerabilities which is causing a need to look at electronic voting.

When you use simple InfoSec 101 processes to realize them all, you'll begin to see there are many problems with paper balloting. Chief among these is a lack of consequence when something does go wrong. The second biggest problem is the fact it's a manual system handled by very fallible humans. Think about the number of hands your ballot goes thru, other than yours. If you think all ballots are protected by equal number of individuals by both (or all) parties--you're naïve. There's too many people and too many steps to mitigate them all--every time.

This is the same whether you're in the UK or USA, and both have kept these problems quiet when they do happen, or come up with some method of covering it up. Such is the case when thousands of ballots seem to be missing and never make it to be counted from a district which leans heavily to one political side. If they do turn up, it's months after the election. Then there are the mechanical issues, It was less than funny a couple of years ago, when a majority of the 'ballot counting machines' broke down (at nearly the same time) in a Florida county. Basically delaying the counting of these ballots, in-which the losing side pushed to have all the ballots re-counted until these problems can be fixed.

Also be mindful of the different vendors who will create crappy voting machines. Just like any vendor application. There are good ones and bad. Since the media gets paid to provide a "story to get attention", they tend to only publicize the bad. Leaving out the fact, there are certification procedures in most states now if e-voting systems are used. Similar to Common Criteria and/or NIAP.

Get out of Huawei, it's an avalanche of news from everyone's favourite Chinese bogeyman

Aodhhan

So the technological score is

Based on everything China has accomplished vs. UK when it comes to intelligence and communications:

China: 1,512

UK: 24

Don't be shocked when China knocks out the UK at the next World Cup.

That is, if China allows the UK to participate.

Let adware be treated as malware, Canuck boffins declare after breaking open Wajam ad injector

Aodhhan

Technology out paces and out wits lawyers and law makers

Most don't understand how stealing bandwidth and affecting availability is harmful to information systems, and of course, to a company's bottom line.

Most law makers are just now beginning to understand the value of information being stolen from everyone. Unfortunately, once they do figure it out, those in government use it to their advantage--so I wouldn't expect any laws to shut information collection down any time soon.

Information collection makes the financial industry more powerful, just like a Vegas casino getting their hands on a secret football injury sheet.

Soon we InfoSec professionals will have to make a decision. Whether to support the collection of personal/private data or to stand against it.

Any time a large corporation with deep pockets can explain to law makers and government officials, how beneficial their technology is to their own power, the harder it is to call something malicious or damaging to the public. Just look at Huawei as an example. Countries whose population values freedom and liberty are standing against them. Those who only pretend to value these principles--to place profit above principles, are turning a blind eye.

Freed whistleblower Chelsea Manning back in jail for refusing to testify before secret grand jury

Aodhhan

Almost humorous reading the posts

..especially from non-citizens who think they know the USA's legal system. What posts show, is they don't know much about it at all.

A grand jury isn't just used to determine if a trial should be held, it's also used to determine if a trial SHOULD NOT be held.

Many times, a grand jury investigation shows the innocence of those connected with the case.

So you may think she's brave--many believe she isn't upholding her duty as a citizen.

Something you may think of, when you're an innocent bystander in a crime, a witness knows this beyond a doubt but refuses to testify (maybe they don't like you, or are afraid, or hate the government, etc.). So now, investigators start ripping through your life looking for evidence; talking to friends, family, coworkers, bosses, etc. Even if you're eventually absolved of any crimes, you'll go thru hell and perhaps lose a good job and/or good friends, etc. Certainly if it becomes public, people will judge you and look at you differently. You may never find good work again.

Just look at the posts. If you think courts are unfair... look at how fair public opinion is. So many people making comments without knowing the whole truth.

Aodhhan

Re: What happened to the 'right to silence'?

Manning can't get away with a lot of the "not remembering" things, when she spurts and tweets out comments referring to the past. Also, it's likely... many items are about clarifying evidence--such as emails. A bit tough to say you don't remember.

Finally, if you don't remember something... and then have an interview or tweet out something about the incident at a later date, you'll then be subject to lying before a grand jury which comes with a hefty sentence if convicted. Realistically, if you don't fess up something in a grand jury, you're basically gagging yourself on the subjects for the rest of your life. Or if the individual(s) later confesses or another witness provides information which then implicates you, you've lost a huge chance to defend yourself; perhaps even lost the ability to cross examine.

Aodhhan

Nobody close to Trump refused to testify before a grand jury. If you're referring to someone refusing to testify before a Congressional committee; this is something completely different. Perhaps you should reread the Constitution, and learn about the different authorities between the 3 branches of government.

MI5 slapped on the wrist for 'serious' surveillance data breach

Aodhhan

Re: The real probelm is a legal system that rewards illegality.

Hate much?

LOL Good grief.

White House issues Executive Order on cybersecurity, including hacker Hunger Games

Aodhhan

Where are the cyber security professionals?

All I see posting, is a bunch of political drabber without any intelligent thoughts about information security.

I don't give a rats ass about your political beliefs or short sighted bitching.

I have to laugh though, imagining how drab your life must be--and where it's going.

Aodhhan

Re: Invented?

Yeesh... where were you educated?

The article states the USA BUILT the Internet, not created, not invented, or any other misleading thought in your brain.

Built in a sense, the USA invested hundreds of millions of dollars in the late 80s to mid 1990s to begin the initial infrastructure everyone uses today. The taxpayers in the United States were even kind enough to invest in other countries as well to assist them with coming 'online'.

I'm willing to bet, whatever country you come from needed to put money into a failing educational system, designed to increase reading comprehension and distribution of dictionaries.

Oh dear. Secret Huawei enterprise router snoop 'backdoor' was Telnet service, sighs Vodafone

Aodhhan

I think there was a bad interpretation

The Chinese actually meant to say,

We are now aware, that you are aware of our maintenance access points installed in 2012.

You can rest easy, as the Chinese government has no ambition to use this for any purpose

because we have newer, faster, and quieter interfaces to use now.

This information of course, has been passed on to the Chinese military for investigation purposes.

If you're using Oracle's WebLogic Server, check for security fixes: Bug exploited in the wild to install ransomware

Aodhhan

No problem

We have all of our web servers protected by Cisco, right?

Julian Assange jailed for 50 weeks over Ecuador embassy bail-jumping

Aodhhan

Assange better fight extradition

If he ends up going to federal prison in the USA, the prisoners will see him as a child molester and make his life hell.

Unfortunately, he won't get the same protections as child molesters and be segregated, since this isn't what he was sentenced for.

Karma buddy... karma.

Hey, those warrantless smartphone searches at the US border? Unconstitutional, yeah? Civil-rights warriors ask court to settle this

Aodhhan

Re: they need "reasonable suspicion"

I love it when morons comment.

It's actually more difficult to become a BPA than a typical police officer. Standards are higher along with the pay.

A good percentage are military veterans, and about half the force claims Hispanic heritage.

--perhaps you're just racist; to borrow a phrase from closed minded left wingers.

You're definitely ignorant.

Sinister secret backdoor found in networking gear perfect for government espionage: The Chinese are – oh no, wait, it's Cisco again

Aodhhan

Re: Keys

Hey genius...

American's were intercepting communications and conducting counter-intelligence during the American Revolutionary war. If you need a history lesson, this is when the USA handily beat Great Britain.

One of the most well known stories was following and capturing Benedict Arnold.

Intercepting communications and manipulating communications is one of the reasons the USA was able to kick the crap out of an overwhelming force--which had better training and more resources.

There is plenty of books and other resources outlining George Washington's deployment of spies, both locally and in England.

What's interesting is your display in ignorance and lack of gratitude for a country which saved the UK in the 1940s. The USA sacrificed more than 400,000 lives, and provided nearly a billion pounds in cash to assist in rebuilding so you can be a complete idiot today.

Yet, I'm willing to bet, you get upset if someone doesn't notice and/or appreciate you at your job.

'I do not wish to surrender' Julian Assange tells court over US extradition bid

Aodhhan

Re: The USA wants Assange for what he did

It's great when people who have never faced a weapon being aimed at them, or having shells and RPGs land near them criticize those who have on many occasions. Ive seen attitudes change and boys grow up when witnessing the first time they hear the whiz of a bullets passing near them before the noise of the actual shot can be heard. Or witness someone suddenly dropping to the ground next to them before hearing shots.

Yet, how they enjoy the ability to criticize veterans beneath the cover of freedom they so enjoy each day. To ensure, the worst thing in life they have endured is waiting in line for an electronic device.

You need to do a bit more research, and also understand... there is also video of the same attack which shows the danger the helicopters were under. Yet of course, these videos weren't published--even though they were known to exist.

The narrow mind, often can't understand how sound tracks can be added, how videos can be edited. That, the press is never wrong--well, unless they are showing something the narrow mind doesn't agree with, right?

Something tells me karma is affecting you in ways you don't understand or see--or perhaps I'm wrong, and everything in your life is going great right now.

FYI: Yeah, the cops can force your finger onto a suspect's iPhone to see if it unlocks, says judge

Aodhhan

Can't stop laughing

Just read comments from this site, and you'll begin to understand why good InfoSec professionals are hard to find.

- some are so self centered, they talk about themselves in a post.

- some are inexperienced, so they guess or say something bizarre about a given situation.

- many are unable to logically work through mildly complex tasks to come to a concrete conclusion (or handle algebra).

- some can't think for themselves--so they bark out some unoriginal political statement they heard from someone else.

- some have inferiority complexes, so they find the need to belittle or put someone or something down.

- some are so ignorant, they believe they know more about the US Constitution and laws than judges and lawyers.

- quite a few people --in the future-- will be tossed in jail for obstruction of justice, because they refuse to listen to judges/lawyers.

- few bring up additional complex facts to discuss.

- few ask additional follow up questions to stir talking points.

- few bring up or point out 2nd and 3rd order effects from both sides.

InfoSec professionals need to have a good understanding on these items. Not everything is protected by the 4th/5th amendments.

Did you ever stop to think why law enforcement can take your fingerprints or DNA samples? Why wouldn't this be protected by the 5th?

Do you understand when an action can be considered obstructing justice? This is an answer all InfoSec professionals better know.

We've read the Mueller report. Here's what you need to know: ██ ██ ███ ███████ █████ ███ ██ █████ ████████ █████

Aodhhan

Does anybody understand what "Critical Thinking" is?

There are no "Piss tapes". They don't exist. It was a made up thing. It's amazing how people just repeat what left wing media presents to people.

The Mueller report basically confirms how the DNC and media was lying to everyone for 2 years. There was never any evidence against Trump. If anything, it shows the DNC colluded with Ukraine.

It also confirms Trump is a huge ass; however, I wonder how many of us would become a huge ass if we were falsely accused of committing crimes.

Wannacry-slayer Marcus Hutchins pleads guilty to two counts of banking malware creation

Aodhhan

Stop Whining

Here's how any just system works...

If you screw around and delay things for two years, the police is likely going to find more crap to pin against you.

Also... you're likely to get more time in prison, because for two years... the justice system spent resources on you.

Hutchins should have just pleaded guilty right off the bat. Then he'd have only faced the original charge with little or no time in prison.

But no, so many people wanted him to fight it--which is just stupid if you did it, as in this case.

The NSA and the rest of the G-acronyms have plenty of talented people who don't use their skills to hurt people. Reverse engineers are a dime a dozen in the USA. They don't need a criminal to help explain to them how computer systems work. Think they got this. The only time the government has worked with hackers is as informants to set up other criminals.

If not too much damage was done, then he'll likely get 6-18 months. If a good deal of damage was done, 12-36 months. Either will come with 12 months of probation afterwards.

US-Cert alert! Thanks to a massive bug, VPN now stands for 'Vigorously Pwned Nodes'

Aodhhan

Re: Malware would need to know where...

Scraping cookie information isn't difficult to do. Most browsers cache them.

If your browser has developer tool features--you can pull the session cookies from it as well.

Most malware built to spy/watch what's going on with a browser is going to collect all cookies--not just session cookies.

US: We'll pull security co-operation if you lot buy from Huawei

Aodhhan

You think journalists know IT better than IT professionals? Get effing real.

What's amazing to me, is how a bunch of security professionals actually listen to obviously left wing columnists over common sense risk assessment practices.

I mean, I get why the overwhelming public believes the press all the time. They don't know any better; however, InfoSec professionals should understand the basic concepts of risk assessment.

So lets just play along for a moment with what the press is selling you... and the NSA/CIA spies and steals your secrets and money as much as China's military.

Would you rather it go to China, who has published their goal of crushing capitalism, or to a country who has bailed your ass out several times?

Also, there is a big difference between a Government mandating something NOT be used... and a government which mandates something you MUST use.

It isn't like the USA, UK and Australian governments say you must use one thing out of many. It's saying, there are many choices, but don't use THIS ONE thing.

Good grief. Stop letting a journalist with no international or technical expertise what so ever tell you how to think and do your job.

Client-attorney privilege? Not when you're accused of leaking Vault 7 CIA code

Aodhhan

Re: Pedantic

If you're going to play the moronic grammar police role, you should at least have your own grammar correct. First, you should use "Can" instead of "could". Then of course, since you're asking a question, the sentence shouldn't end in a period.

Then most importantly--take 25 seconds out of your life and use a search engine to validate what you improperly believe is correct.

Dumbass.

Uncle Sam charges Julian Assange with conspiracy to commit computer intrusion

Aodhhan

Re: Is this the best that the USA can come up with ?

It's amazing. Something comes out, and it appears the educational system in the UK is below standard.

First, you can't compare numbers at a 1:1 ratio between the UK and the USA because of the population difference. Second, just saying something doesn't make it true--also, because someone you trust says something doesn't make it true.

If you do some actual fact checking yourself (with CDC and NIAID), you will see per capita--the UK has a far greater problem with salmonella than the USA.

Also, the overwhelming majority of Salmonella poisoning isn't due to poor processing of the food--but rather with not properly cooking food.

No matter how much or what methods are used to clean poultry (for example), Salmonella still survives. For those with no common sense, salmonella doesn't just live on the surface or skin. Believe it or not, salmonella does live within the tissue/muscle.

But what's even more ridiculous, is how poultry processing is brought up when talking about a pedophile, liar, feces smearing, thief. Heh, maybe not!

Ethiopia sits on 737 Max report but says pilots followed Boeing drills

Aodhhan

Re: Birds

You do realize, Airbus has had it's share of negligence suits. For instance the Fairfax incident in Canada, AirAsia Flight 8501, and lets not forget the Paris Air Show... and of course there are others. This doesn't include those which are due to weather or pilot error.

Yes, an airline and/or manufacturer can be sued; however, there is typically a 'ceiling' for the amount of payout per person who was killed. This differs on whether negligence, deliberate act, pilot error, technical fault, willful misconduct, etc. is found as the reason behind the disaster.

This latest crash can be a result of technical fault, act of god (bird strike), and even willful misconduct--in allowing someone with less than 300 total flight hours as a pilot operate a sophisticated aircraft such as the 737, or someone not repairing/reinstalling a flight system and/or aircraft part properly.

And before you damn Boeing too much. Better think about how air travel was changed under this company, and how many innovations were created by Boeing--that even Airbus uses every day and in the Airbus systems. Finally, lets not forget, Boeing is an independent company. It doesn't receive funding from any governments. Boeing must maintain a profit to stay alive. Unlike Airbus, which is supported quite a bit by European tax payers.

Ex-Mozilla CTO: US border cops demanded I unlock my phone, laptop at SF airport – and I'm an American citizen

Aodhhan

C'mon, seriously?

I'm no fan of Trump, but if you turn back the time-machine a bit, you'll remember just how hard the Obama administration worked to allow searches of electronic equipment, and FOUGHT FOR the installation of backdoors for law enforcement / FBI. There are plenty of electronic 4th amendment cases from 2009 to 2016 involving the Obama government.

Since Trump has been in office, the electronic 4th amendment cases have gone way down; perhaps because Trump himself is a victim of the government using illegal spying on his own electronic equipment.

This person, being an employee of Apple would know this well... if this is who they say. Plus, I'm always a little skeptical, when someone spouts out things and brings Trump into the picture. Seems every time some 'victim' wants injects politics into the mix the story turns out false.

I'm a USA citizen, and have traveled to and from many countries in the past 15 years--including China, Pakistan, Taiwan and Ukraine (even the dangerous UK, France and The Netherlands--where I lived for 4 years). As a pen tester and InfoSec consultant, I usually travel with at least 2 laptops, a cellphone, and sometimes an iPad; along with various equipment for forensic investigation.

While going through customs, I've been stopped many times and questioned about my equipment while USA custom officials are going through my baggage.

NEVER have I been asked to unlock or provide credentials to my phone or computers. REPEAT------NEVER have I been asked to unlock or provide credentials to my phone or computers.

Don't believe every victim story until there is an independent investigation.

There have already been quite a few 'fake victims' -- people claiming to have been treated poorly by USA custom officials, and it turns out to be a bunch of BS.

Especially when they happen to bring up "Trump".

Brit founder of Windows leaks website BuildFeed, infosec bod spared jail over Microsoft hack

Aodhhan

Interesting

They have a good enough coding and reasoning skills to find malware, but not enough to understand how VPN applications are coded.

Obviously Microsoft uses VPN software (web based or client app) allowing employees to connect remotely.

VPN software pretty much searches to ensure your computer is safe, has AV software, etc. Gathers IP address history, among other basic info from registry.

If you're unwilling to install the VPN application, along with any other required applications then you're not allowed to connect.

Then if a connecting computer is suspect, it isn't difficult for the company and/or law enforcement to add other code/apps to get nearly anything from an intruder's computer--particularly if this person is using an account with elevated privileges--which most likely they will be.

A good thing to know; if you're going to work remotely--use a company laptop instead of your personal home computer.

Huawei's half-arsed router patching left kit open to botnets: Chinese giant was warned years ago – then bungled it

Aodhhan

Funny

Oh sure, just disable, disconnect, and remove.

Except.... if you're using legacy applications and one-off home grown systems requiring it.

Then there are some industry apps which are so specialized they don't have competition... so they say FU to security requirements.

Oh, and let's not forget Apple's video need for it.

on and on.

It's great you just learned the IP stack, but wait to damn everyone after you have about 10 years of commercial experience first.

Sitting in mom's basement on your laptop, reading security magazines and attending a conference here and there doesn't teach you everything.

The fact you came up with an 'obvious solution' in less than 3 minutes should clue you into something.

Huawei savaged by Brit code review board over pisspoor dev practices

Aodhhan

Re: Real point here

Actually you do.

Ever heard of Common Criteria or NIAP?

Look at host which have been tested to EAL4+, and then read the report to find out how each did during the test. Just having the certification isn't enough, you should read the report as well.

So where are all of the Euro-Brats who thought the USA and a few other countries thought were Bat-s-Crazy for bringing this up? Now, England will spend a fortune, because they refused to do research when they were first warned.

Don't worry... China will still trade with you, they have no choice.

Security storm brewing for Oracle Java-powered smart cards: More than a dirty dozen flaws found, fixes... er, any fixes?

Aodhhan

Not Shocked

Oracle...

The best application you can buy to lower your stock value.

The best decision you can make to ensure many coworkers are laid off.

Oracle really should change their name. The only thing they can see in the future is the lowering of consumer trust in their products.

Yet another Oracle application is crap because of Java--because of Oracle.

I wouldn't hold my breath to see a fix for this before July; based on how Oracle assesses risk.

Nah, National Cyber Security Centre doesn't need its own minister, UK.gov tells Parliament

Aodhhan

Don't meddle.

You'd probably be shocked by just how many American's are involved in not only training British cyber spooks, but working along side them--in various areas of the world.

Adding greater oversight than there already is, will only make things more difficult in handling situations. Further, based on who is allowed to do what doesn't need any more bureaucracy than there already is--focusing mainly on offensive cyber operations, where discussing too much in a committee will only add more problems--not solve them.

In short: for the most part what's established is working. Meddling will only break things.

Jeez, what a Huawei to go: Now US senators want Chinese kit ripped out of national leccy grid

Aodhhan

Man you're gullible

An article gets over dramatic, uses wild and crazy words, and spins in some hysteria in order to make a story out of nothing, and so many buy into it.

I will sell you some land in Louisiana, and even throw in a bridge.

There are no legislators wanting to "RIP" out inverters, as if they contain a virus which will plague the states.

For those who think there isn't any direct threat, then you don't understand industrial control systems. Nearly every piece of hardware is now controlled by some sort of software. Oh yeah, and many of the protocols used by ICS hardware wasn't exactly designed with security in mind--including wireless.

So yes, the concern is valid, and banning future purchases of the product as well as looking into where the dangers are most critical is in line with due diligence. Especially when electrical power is everything these days.

Given this, nobody is in a panic or demanding wholesale changes.

Stop letting someone with a typewriter, a thesaurus and an over active imagination turn you into an idiot.

Who needs malware? IBM says most hackers just PowerShell through boxes now, leaving little in the way of footprints

Aodhhan

The article didn't suggest the attack vector is new. Heck, it's been available long before your phrack 2004 article.

However, PS makes it very easy to do.

For instance: with one line of PS code you can load into memory and run mimikatz--with various options, or run your favorite script(s).

Perhaps you should take some time to learn PowerShell, instead of thinking there is no way it can be better than Linux.

Think about it... if all you can do is Linux, then you're half the hacker of someone who can do both!

Accused hacker Lauri Love loses legal bid to reclaim seized IT gear

Aodhhan

Pitty the English

Just another example of someone who willingly jumps off a cliff--in hopes the world sees them as a victim.

What's equally moronic, is how people buy into it.

The "woe is me" attitude of the English. So self-absorbed, they have no idea just how good their life actually is.

The press and politicians have the general population believing the worst. So much so, that they once again control the people.

The country's wealth is being squandered--making the people and country over all weaker. All while, making the press and politicians more powerful.

Look at yourselves. Blaming everyone else--while becoming too lazy to effect change.

What's next, you call out to the USA for help (yet again)? Don't be silly... do you help someone who wrongly points fingers at you?

Bad news for WannaCry slayer Marcus Hutchins: Judge rules being young, hungover, and in a strange land doesn't obviate evidence

Aodhhan

Re: No Good Deed Goes Unpunished

Stopping a computer virus you helped unleash isn't exactly a good deed. More like, a selfish need to get yourself into the spotlight.

First they came for Equifax and we did nothing because America. Now they are coming for back-end systems and we're...

Aodhhan

Really? Do you not read your own local news?

American's understand you having an inferiority complex--giving you the need to bash something else to make you feel big and mighty (especially on the Internet); however, at least have the brains to think about it for 30 seconds beforehand... to keep your own shoe from flying towards your mouth.

One click and you're out: UK makes it an offence to view terrorist propaganda even once

Aodhhan

What's next, we start burning books again?

A country which makes laws like this is likely to find their citizens emigrating in droves to another country which doesn't stymie experience or attempt to burn their books.

Then suddenly, this country everyone left for suddenly kicks the hell out of the old country in just about everything.

You'd think the UK would have learned this lesson the first time around.

If the UK keeps it up, you'll soon be thrown in jail for witnessing a crime because you were in the wrong place at the wrong time.

ACLU: Here's how FBI tried to force Facebook to wiretap its chat app. Judge: Oh no you don't

Aodhhan

Read what is going on, not what you assume or want to read into the story.

Granted, the author of this story didn't do the best job interpreting what's going on, but this is the norm today. Not to mention, using the ACLU (or any petitioner) as the main--if not only source, doesn't exactly make it good journalism.

This has nothing to do with encryption or privacy, and obviously a search warrant was granted.

The problem comes down to techniques currently employed or under research to (legally) monitor potential crimes. It's pretty much this simple.

It's a bit hypocritical to demand your own privacy without allowing a law enforcement agency some of their own--within reason. In this case, it does the public more harm than good to expose how law enforcement goes about using the Internet to catch criminals.

Yeah, I get it... it allows the FBI to possibly abuse this power. Nobody knows this more than Trump himself. Yet, funny the same people who have a problem with this in general, are cheering the FBI for abusing their power against Trump, and cheering the DoJ -- allowing Mueller to dig for evidence in search of a crime which doesn't seem to exist. Which is basically what the USSR did and China still does against their people.

Accused hacker Lauri Love tries to retrieve Fujitsu lappie and other gear from Britain's FBI in court

Aodhhan

Re: "Britain's FBI"

You actually think anyone in the USA gives a rat's ass about the law enforcement agencies in lil ole England? LOL It's almost a criminal act of humor.

That's like saying England cares about the different law enforcement agencies in Andorra.

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020