The domain amyca-dev-node.azurewebsites.net now has a Web page that says "Comming Soon." Not sure if it was placed there by the miscreants or by PwC, but somebody certainly can't spell!
616 posts • joined 17 May 2007
Now we know what the P really stands for in PwC: X-rated ads plastered over derelict corner of accountants' website
Cloudflare family-friendly DNS service flubs first filtering foray: Vital LGBTQ, sex-ed sites blocked 'by mistake'
It's good to know that in these trying times, Cloudflare is pleased to serve malware droppers, carder sites, and C&C servers for malware...but draws the line at sex ed sites.
I once had a Twitter exchange with a guy calling himself the head of Cloudflare security. I asked what his policy was on serving kiddy porn. He said something along the lines of "report it to the FBI, not us. It's not our problem. We don't censor." But, you know, a sex ed site? That's a whole 'nother kettle of fish!
You'll never guess what US mad lads Throwflame have strapped to a drone (clue: it does exactly what it says on the tin)
Yes, the batteries are technically replaceable...
...but I bet it's still more expensive and requires greater technical expertise than just bringing your phone round to the shop.
"Good news: The battery in your phone can be replaced! Bad news: The battery is half a million dollars, not including shipping, and takes two people in special clothes several hours to swap."
Fire icon because hey, Li-Ion.
Re: Not as Unreasonable as It May Seem
Eh, there's plenty of out-and-out criminal content that Cloudflare is more than happy to serve and protect as well. They're notorious for shielding carder sites (they protected rescator.cc, the site where the information from the Home Depot hack some while back was sold) and malware sites, and they're quite content to do so.
Much as they like to say they're champions of "free speech" and they're interested in protecting odious but legal content and whatever whatever, they do seem to throw their chips behind content that is in no way legal under any circumstances, and the way I see it, that speaks volumes about their character.
Re: MS & security in the same breath?
"MS still manage fewer vulnerabilities than any enterprise alternatives though"
It's 2017, are there still people who think you can simply count the total of vulnerabilities and learn anything meaningful?
There are vulnerabilities and vulnerabilities. I'll take a dozen local DoS vulnerabilities over one remote code execution any day, kthx.
Still going strong...
...in the movie theatre near where I live, whose POS systems and ticket self-serve kiosks all run Vista.
Well, I say "going strong." That's not really quite true. They both crash often, which is how I know they're running Vista.
An end-of-life operating system that connects to a credit card reader. What could possibly go wrong?
Re: Don't Just Blame Users
One of my banks has the same idiotic policy. Passwords are required to be exactly seven--no more and no fewer--numbers.
And it gets worse. Your username is always the last 8 digits of your debit card number. So if someone lifts your debit card, they know your username and exactly what format your password is.
This is a large Canadian bank.
I weep for humanity.
"The data that they were threatening to take from us was priceless, we couldn't go one day without it greatly impacting the team's future success. What we did know was that if we didn't get the files back, we would lose years' worth of work, millions of dollars. However, we can't be arsed to go to Costco and spend $40 on a backup drive, or even keep our files on a USB stick."
Re: law enforcement?
"If there was an open police case, then why were these guys still going about their business?"
One of them was a cop.
They had a pattern: The cop would drug women and film his friend raping them. Eventually, word would get back to the police force he worked for. He'd be quietly fired, and go to work somewhere else.
At one point in 2009, he was finally charged with rape. He was arrested, booked, and released on bail...during which time he committed additional rapes.
Re: The thing is…
I get about a dozen of those spam emails a day. And on those occasions where I've Googled the spammy SEO companies, I tend to notice that their companies don't appear on the first page of Google results.
It's a bit like those psychics who claim to tell the future but can't seem to tell what tomorrow's lottery numbers will be; if an SEO company can't get their own business on the first page of Google, why on earth would any rational person think they could do it for someone else?
Maybe large biz needs to invest in some educational posters. I'm thinking something like the "Loose Lips Sink Ships" propaganda posters from WWII, perhaps a bold color with a cartoon sketch of a USB drive with shark teeth over a witty slogan that rhymes, posted in hallways and employee break rooms.
I will leave the witty slogans to someone far cleverer than I.
Who serves whom?
"That enormous loss in trust between the American people and the intelligence services that serve them was in large part responsible for the creation of the new council."
Shouldn't that read "That enormous loss in trust between the American people and the intelligence services they serve"? Not that I'm suggesting the intelligence apparatus has anything at heart save what's best for the people; perish the very thought.
Math is math
One of the fundamental problems I see here is that the FBI, and many people who argue in favor of the FBI's case, don't really get that math is math. Math does not distinguish between bad guys and good guys. Math doesn't know about due process or judicial oversight. Math is math.
Encryption is math. If there's a way to break or circumvent an encryption system, that's math. Because math is math and knows nothing of good guys and bad guys, any system that allows bypassing or otherwise circumventing encryption is an equal-opportunity tool. (Do we assume that China doesn't have mathematicians? Russia? Organized crime?)
In the past, it has been possible, at least to some extent, to partition law enforcement abilities by making--to greater or lesser extent--the tools they use available only to the "right" people. You can't do that with math. Math is just...math.
Re: Bullet proof
Yep, CloudFlare is definitely the bulletproof service provider of choice for large-scale ROKSO spammers, malware distributors, and Eastern European organized crime.
I track all the spam I get. Right now, I'm receiving an average of 37 spam messages a day that evade my spam filters, 31 (about 84%) of which Spamvertised domains protected by Cloudflare. Cloudflare does nothing at all about spam or malware domains--their "security head" has told me on Twitter point-blank they don't care, so piss off--and phish and malware sites served by Cloudflare tend to remain active on Cloudflare's network forever.
I'm not sure how folks who started out as spam fighters ended up in the pockets of spammers, but it's a sad thing.
I stumbled across Immersion while Iwas doing a patent search for a haptic system not related to cell phones or video games.
They (or rather, he--the patents seem to originate from one person) file for zillions of patents, all nearly identical to one another, on "technologies" that seem blindingly obvious. One of them gets invalidated? Fifteen get invalidated? No problem, there's a thousand more behind them!
A patent for a haptic interface involving a video game controller containing a motor with a counterweight to create vibration. A patent for a haptic interface involving a video game controller containing two motors with counterweights to create vibration. A patent for a haptic interface involving a video game controller containing two motors with counterweights to create vibration, wherein said motors can be controlled separately. A patent for a haptic interface involving a video game controller containing two motors with counterweights to create vibration, wherein said motors can be controlled separately and are oriented differently. A patent for a haptic interface involving a video game controller containing two motors with counterweights to create vibration, wherein said motors are controlled by a single controller. You get the idea.
These guys are (this guy is?) the McDonald's of patent trolls, mass-producing zillions of low-quality patents on an assembly line basis to keep a constant flow of lawsuits in the pipeline. I keep waiting to see their logo changed to a giant stylized M with the slogan "Over 42 billion sued!"
Re: So now flying a kite...
There are situations in which flying a kite can indeed get you in hot water with the FAA; I went to school with a fellow who landed in trouble when he flew a kite about a quarter mile from the runway of a local airport.
The specific situation of being that close to an airport aside, yes, the FAA thinks it can, and occasionally does, get testy about kite-flying.
A design patent isn't the same animal as a utility patent. A design patent is only a patent on the exact look of something, and it has to be on a look with no practical utility to the underlying thing.
Which makes me believe that had Corel put the + and - widgets at the end of the slider inside squares rather than circles, or made the design of the slider bit look different, they wouldn't have this mess.
Not that the patent is anything but bonkers, but still.
It's 2015, and there are still far too many hardware manufacturers that naively trust anything that can be plugged in, read from, or sent to their devices. We live in a world where all developers from the low-level device I/O guys to the top-level app developers need to assume that someone somewhere at some point try to send malicious data to them, and code appropriately.
It's a bad bad world out there. Assume malicious intent from any data you receive.
Dunno about masturbation, but I did get one of these and an Arduino with a Bluetooth and a motor control shield, wrote some software for my laptop, connected the Arduino to a vibrator, and made a gesture controlled sex toy. It's kind of fun, winding up a girlfriend just by gesture, though in fairness I doubt it will ever be a killer app.
Re: Looks like the Thieves Support Assocation is going to get some competition.
I will confess, my first thought was "Oh, look! Now when TSA steals my stuff, they'll have an excuse. 'It wasn't us! It must have been an evil 3D printer owner who made a copy of our key.'"
I've never been particularly worried about some Random Evildoer(tm) stealing my stuff at an airport, to be honest. I've always been far more concerned about TSA staff doing that. And now, TSA staff have greater plausible deniability.
They already do this with cars. An old friend of mine who's a firefighter has plenty of stories about people who park their cars in front of fire hydrants. Firefighters will ram them out of the way with their trucks (or, in one case where she responded to a fire and there was no way to clear a BMW from in front of a hydrant) simply smash the windows and run the hoses right through the car.
Re: Year 7 = 11 years old
11 years old was when I got my first computer, a Radio Shack TRS-80 Model I (that ought to date me!). It didn't take long before I was tearing it apart and soldering new ICs to it--back in those days, if oyu got a computer, as often as not the schematics and PCB layout came with it.
I reckon at least some 11-year-olds will have an absolute blast with this. I know I would have. Hell, I probably still could! Where can I get one?
Re: Based on an El Reg comment post earlier this week...
Maximum Overdrive! There's a stinker of a film and no mistake. I saw it in the theaters with some friends of mine, and we were absolutely rolling with laughter, until about midway through when we realized that (a) nobody else was laughing and (b) the actors all seemed deadly earnest. I recall looking at my friend Henry and saying "this movie isn't a parody, is it?" and he shook his head and said "no, I don't think it's supposed to be funny."
Re: The hacker spirit...
I definitely get the appeal of the hacker spirit, but I don't think it's dead, I just think it's gone in another direction.
Adding RAM to your computer hardly qualifies you as a "hacker" any more. I mean, hell, my mother added more RAM to her computer last year and she's 74 years old and the farthest thing from a hacker it's possible to be, fer Chrissakes! The days when computers were so ultramodern and new that a person who could put in another battery or swap a hard drive was qualified to call himself a "hacker" are long gone.
I'm typing this on a Macbook Pro. Is my hacker spirit dead? Naah, it just has another outlet--I don't hack this laptop, I do my hacking on the Arduino Uno and the DF Robotics Beetle board it's connected to.
Cycbot and Zbot are both executables, not malware that hide inside doc files. It seems likely that if there's an .exe sitting in a specific subdirectory on an external drive, it's because someone put it there, not because it copied itself there from an infected computer or hitched along with a Word file.
Well, no, we don't believe we know everything. That's kind of the point. If we believed we knew everything, we wouldn't be launching satellites to make observations and see how well those observations line up with what we think we know.
The universe is a vast and tricksy place, and our intuition evolved to make sense of only a small sliver of it. The universe is in no hurry to reveal its secrets and in any event is under no observation to conform to our expectations. Hence, science, which is always observing, making predictions, and asking questions.
Re: There is plenty of both.... we just have to get over the..
"Instead of sending it through the sewer system into the lakes and rivers, it needs to get sprayed on the fields along with the animal manure. Rain runoff can be minimized by proper tilling of the land with an eye to the direction of the furrows.
Voila, ALL the NATURAL ORGANIC fertilizer one could ever want and Dupont and Monsanto (or other chemical companies) aren't involved. No anhydrous ammonia, no phosphate mining."
Mammals do not fix nitrogen. We just don't. Not pigs, not cows, not humans.
All the nitrogen in our poo comes from nitrogen in our diet. We do not fix nitrogen. We just pass it along through our digestive tracts. Animal manure, human or otherwise, is not a SOURCE of nitrogen, it's a CARRIER of nitrogen.
We, like cows and pigs and any other mammals, have nitrogen in our waste from the nitrogen we ingest in our food that has been fixed somewhere else. That "somewhere else" is either chemical fertilizer or from rhizomes, filamentous bacteria, or to a lesser extent some other bacteria.
I've read at least one report that states the total amount of crop-available biological nitrogen fixation on earth does not meet the total amount of nitrogen we need to grow food for the entire population. That leaves chemical fertilizers.
If we apply chemical fertilizers to plants that are grown for animal consumption, then feed those plants to the animals and use the animal's poo to grow other crops, we've done what one bloke I know calls "nitrogen laundering"--but I trust you can understand why getting your nitrogen to grow animal feed from animal poo doesn't actually work, given that animals do not actually fix nitrogen.
Re: They're suing the wrong company
Yours is the first cogent description of the problem I've actually seen. I keep hearing about how "Apple wiped out non-iTunes music!!!111!1!" but I've had an iPod for quite some time and have never experienced this issue. I've never downloaded music from RealNetworks, either.
"The US transaction market has always seemed pretty "quaint" to much of the rest of the world."
Yeah. One of my girlfriends lives in Canada, and I feel like a barbarian when I visit her and pay for anything with my debit card. There's always this awkward moment when the cashier looks for the chip, then looks at me like "what is this primitive stone-knives-and-bearskins payment technology you've provided me with? How does this archaic thing even work, anyway?"
"Pick the least evil one?"
Given the difficulty in gauging the relative evil of, say, Apple vs. Walmart vs. Google vs. any of the other players, I'd rather say "pick the more secure one."
Given that both Apple and Google system involve exchanging a single-use token that's necessary for the retailer to hook the cash out of my bank account, whereas (as I understand it, anyway) the CurrentC scheme allows the retailer direct access to my bank account, I know which of the two I prefer...