Posts by Tom Paine 2206 posts • joined 19 Aug 2008
This, plus the generally cynical disinterest in security at most orgs*, is one of the main reasons I burned out after 20y in the trade.
* the ones prepared to employ me, anyway; obvious risk of sample bias... tho the list of employer logos branded onto my flesh includes some huge and systemically significant orgs. US mega bank, .org handling thousands of public and private sector megacorps’ data, fin servs big wheels.
Apart from refs to agile, Rust and so on, Every comment above could have been found on a bug related Reg story 20 years ago.
The attack marks the first occasion that a NATO country's defence ministry has fallen victim to the flaws.
Yeah, well, that’s just your opinion, man. And “...as far as we know”.
ION,
NATO have been pwned many, many times before. (Hint: NATO is not, *itself*, a military org. No, really, it’s not. Surprised me, too.)
...for forcing me to go read the actual science of climatology so that I /knew/ the denialist BS was BS, rather than merely strongly suspecting it.
I stopped reading El Reg for, what, 5? 6? years because it was so enraging. Delighted to find the new-old-Reg doesn't make me want to take bite out of my coffee mug any more.
PS ...but bring back the "Integrity? We've heard of it" and "YOUR PC is broken and I'VE got a problem?" schwag!
Too much salad, I mean sun cream? Whenever I feel lazy and go out without it I remember a bloke down my local with a literal hole in his head (he likes to whip his sunbhat off to show it around) resulting from skin cancer prob due to time in the forces spent in various sunny locales.
"...as safe as they could be, consistent with the provider's business model."
OVH were only starting to become an option last time I looked for hosting, what, a decade or so back but IIRC they were always a budget provider. Low margin business with a huge capital cost equals considerable effort to shave costs where possible. Nothing wrong with that as long as customers are aware that to some extent you get what you pay for.
The bit that slightly puzzles me is that there was enough flammable material to burn, once the source UPS had finished oxidising itself. Presumably the main fuel supply would be the plastic insulation on network and power cables, and obviously a DC will have a lot of both; then there are the little plastic trim panels on the front of servers, the handles of hot-swap PSUs and suchlike... but what else is there? Perhaps there's a tools cabinet with some ABS toolboxes or parts tidies... the wheels and grippy "rubber" mats on trolleys... cyanoacrylic light fittings? Does the material chip packages are formed from burn? Genuinely interested. I guess no-one here's got any personal experience of major DC fires because they seem to be so rare.
Had a text from my nearly-80 year old Dad yesterday. I'm copying this directly from my phone:
"I have bought an old vcr machinre to watch videos* on but have no leads to connect to the tv. Don't suppose you have any spare ones?"
(I have no idea what TV they have nowadays -- not been able to visit them for almost 3y, long story, but in normal times they visit me en-route for rellies three or four times a year -- and of course he'll have no idea what any of the sockets on the back of either appliance are anyway, so...)
...an insurgency against the financial establishment and the status quo.
Some of them (most of them, maybe) see it that way, and the general public are buying that line; but the majority of those insurgents are in the process of losing their shirts. It's called "pump and dump" for a reason. The regulators' single most important function is to maintain the operation of orderly markets. This has not been an orderly market. The "ha ha, some hedgies have blown up" angle has left a lot of small investors holding wildly overvalued stock. The next trading day or two are not going to be pretty.
Anyone else here old enough to remember when BBC2's Money Programme ran a fantasy share buying game with four random amateur investors? Before long, whatever they tipped on Sunday night was shooting up on Monday morning, regardless of fundamentals, just because it'd been tipped. The segment was hastily cancelled.
"The cabinet office is a ratsnest of warring fiefdoms, seething with distrust and mad policy ideas from undersocialised wonks. What could we do to make it even worse?"
"How about... /Digital Cabinet/. Quick, get the Trusted Providers on the phone!"
(With apologies to @SirBonar on Twitter)
Fail, because if it's not already, it soon will be.
Could have accessed sealed cases against Russian hackers? Yeah... yeah, there's that, too. From an espionage PoV, cases relating directly to intelligence matters would be another obvious target, ditto those against "politically exposed persons", especially those towards the top of the tree. Less obviously, all sorts of other cases could be useful for an attacker, for all manner of purposes, from blackmail, to getting better knowledge of investigator TTP (and therefore how to escape detection),.. I'm sure there are plenty of other use cases.
Whilst the "surgical strike" type attack is very rare, there's a big pressure to extract metadata ASAP to enable other analysts to ID material to exfiltrate. Trade-off between increased chance of detection if trying to exfiltrate petabytes, vs hanging around so long that they're discovered via other means (ie., the discovery of the SolarWinds trojan.) Must make for interesting discussions in whichever war rooms they have those debates.
Just to say thanks for not shying away from stuff that splatters, even when there's no obvious IT angle. This is why El Reg is still here whilst a myiad of other attempts at technology news sites have come and gone (or survived as a brand whilst the editorial teams were swept out like a dead mouse left overnight on the kitchen floor by a very proud puss.)
Given the unprepared and somewhat unpredictable mechanical properties of the lunar surface and regolith, how long a run on consecutive successful landings would you want to see before you got on one yourself? Obviously if a landing leg pad hits a rock, or they happen to hit an area with soft, loosely compacted topsoil, or.. various other things, and it tips over on landing, it's a TLV,TLC accident.
So the absolute latest and greatest mobile phone network technology, the one that (along with IPv6) was going to allow absolutely ubiquitous embedded systems in anything that moves (and a lot of things that don't move, or don't move after they've been bolted / screwed / nailed / welded into place),.. that technology... has well-known, long-standing weaknesses in the protocols and architecture? You could knock me down with a feather. It's almost as if the designers, architects and research engineers were subconsciously making sure there'd be a need for designers, architects and engineers to develop 6G at some point. Or something.
Perhaps they had enough canned lateral movement tools that, although they only had bandwidth to properly turn over (say) a dozen of the 18,000 and exfiltrate crown jewels, they were able to implant stealthy persistence agents elsewhere in those victims' networks. So, does "total rebuild" refer to every server in every customer org? Or "all the things"? (How about switches and routers? How about printers? How about bootkits -- shouldn't they chuck all hardware into skips the day after cutting over to the perfect replica of the entire network to known-good replacements?
And even that won't give assurance; supposing the restore data from backup step includes another downloader stage that's missed from AV?
Sometimes I'm very grateful for being unemployed. First when I wake up at 7:10am and remember I can have another 4h in bed if I want, and second when I remember what hell I'd be going thru rn of I was still at anywhere I worked on the last 8 years.
"..hackers, had penetrated FireEye's servers and made off with its crown jewels: the tools it uses to test other companies’ defenses. Armed with those penetration tools, hackers could potentially identify which of their methods will pass FireEye's gaze undetected."
No. The tools will be things like scanners, exploit frameworks and standalone exploits for vulnerabilities, which they use to find and exploit those vulns in their pentest customers' networks. They don't have anything (directly) to do with FireEye spotting other attackers in action.
Off the top of my head:
- nicking email or other docs that can be selectively leaked to give the impression the vaccine's unsafe, or was stolen from Russia, or contains Bill Gates' famous microchips or whatever.
- straightforward industrial espionage
- blackmail attacks
- to compromise part of the pharmaceutical industry via the supply chain for the same motives as anyone else attacks pharma targets (fraud, theft, blackmail etc); nothing to do with SARS-Cov-2 per se, it just happens to be what's going on RN so that's the angle they're using
- straightforward financial fraud or theft ("Hi this is China FreezerCo Inc, pls remit payment for latest deliveries in bitcoin to: ... ")
No doubt experts can suggest several others
...it would be unusual for an attack impersonating a Chinese company to originate in the West.
If you were planning a false flag op, wouldn't you twamt to pick an org least likely to be suspected to be a front? Nothing particularly secure about Chinese commercial IT ops, in terms of security. You'd need to know the language and some of the culture, of course...
*strokes chin, steeples fingers, reaches for the metaphorical bong
This may be a good time to note that Microsoft is planning to deliver an offline-capable version of Office toward the end of next year.
It's with astonishing innovation like this that Microsoft keeps driving technology forward to hithertoo undreamed-of heights. Next they'll be planning an AD that is physically located **in your actual offices!** Imagine how cool that will be!
1. Why does the Android version, at least, refuse to run without location services running? I leave GPS, WiFi triangulation and whatever other skullduggery is available for apps that want to know where I am. It shouldn't need location. How come? And why has that not been mentioned before? As I'm definitely a bit of a weirdo for turning it off, presumably 99.9% of Android users don't realise it's happening. What is the data used for? Does it ever leave my device? Why should I trust the a seers, in these circs?
Damn, that's six questions already.
2. What defences does it have against griefer attacks? Eg kids loitering near their school staff room, then falsely telling the app they have tested positove. There are probably others.
The Register - Independent news and views for the tech community. Part of Situation Publishing
Biting the hand that feeds IT © 1998–2022
