* Posts by muninsfire

16 publicly visible posts • joined 6 Dec 2010

NATO members warned over Anonymous threat

muninsfire

Not only that, but...

It's not merely that they couldn't secure their servers, but the CEO of HBGary Federal, if you recall, specifically called Anonymous out as being a target for his investigations.

A noted American comedian proceeded to declare that action, when the story broke, as equivalent to placing one's genitals in a nest of hornets--and I must agree.

Given the information that came out during that whole mess, it's likely that a half-blind limbless dog could have broken their security, but given that someone on whatever comittee issues these sorts of declarations at NATO was looking for a reason to justify the declaration, they needed to find somebody associated with Government who's been affected by Anonymous' actions--and HBGary Federal is more or less it.

muninsfire
Black Helicopters

The 16-year-olds serve a purpose as well

On another board I frequent--not one of the ones associated with Anonymous--some of those of us following these stories have taken to noting the stark divisions between various Anonymous factions and referring to them as the 'Talents' and the 'Drones'

(Those of you who remember the Sid Meier game, Alpha Centauri, will likely understand the point of this right away; feel free to skip on to the next comment)

The 'Talents' are those who have the skills required to maintain full anonymity and to perform actual, purposeful cracks. They're typically the ones who do the infiltrating of servers, the compromise of various networks, etc.--as in the Westboro case some time ago (though, as thejester claimed credit, that was more an action on behalf of Anonymous than one by Anonymous).

The 'Drones' are the 16-year-olds running LOIC, filling up IRC networks, and the like. They provide not only a recruitment pool of interested persons for any Talents paying attention to that sort of thing, but also serve as a smokescreen for the Talents' actions. By providing such a large noisy mob of shouty persons, they not only shield the Talents from the attentions of the police and government types but also each other--the very volume of activity that they engage in means that only distinct outliers are likely to be culled.

Those, at least, are the divisions that I think I've seen--I can't exactly participate in Anonymous actions myself, mind, so I admit to having very little first-hand knowledge of how these things work.

Google to sell subscriptions to Chrome OS notebooks?

muninsfire
Happy

Not a bad idea

Provided that the 3g access is bundled into the price, getting the hardware and the service to use it isn't such a bad idea. Good for Grandma and her emails to family, anyway; saves tech support hassles and virus issues, too.

Google Apps battle spam with auto email signing

muninsfire
Alert

That's sort of the point, innit?

If it's got a forged 'from' address, it won't get verified by the DKIM scheme. Thus, it's not a legitimate email and can be safely tagged as 'spam'

muninsfire
Thumb Up

Well, that was easy enough

I enabled that for my domain, and it works. Now let's see if it catches on...would make business reputations easier to chart, if it does.

Microsoft 'maintenance' blocks Hotmail

muninsfire
WTF?

Weren't they trying to position themselves...

Wasn't Microsoft trying to position Hotmail as something suitable for business use? Four days of inability to access it is rather antithetical to proper business operations, in my mind...

Skype adds video calls to iPhone app

muninsfire
Thumb Up

Fits in nicely with new regulations

The recent FCC regulations that specifically prohibit carriers from blocking competing telephony services work nicely with this new expansion by Skype.

Skype is also a large enough brand that Apple can't really go blocking it without cause.

Hopefully, this is enough of a wedge to open up the wireless markets to more competing telephony implementations, and begin the process for mobile connections becoming just another data pipe.

Groupon to raise $950m in massive funding round

muninsfire
Go

No such thing as bad publicity

I suspect that, if it was not deliberately cultivated, the overtures from Google to Groupon were at least taken advantage of to raise the company's profile to attract this sort of funding.

A good example of publicity in action.

4chan hit by DDoS assault

muninsfire
Happy

FOAF secondhand info tells me

That allegedly, someone turned the LOIC tool to point to 4chan--likely 'for the lulz', as I heard it. Sounds rather like business as usual over there.

I heard (from a different source) that some rather less-than-intelligent netizens took this to mean that 'Anonymous was going to be tracked down and brought to justice'--if nothing else, this 'cyberwar' schtick is certainly good for bringing drama to the Unwashed.

Microsoft wades into interwebulator chat about Hotmail

muninsfire
FAIL

Proprietary "solutions" are no solution at all

Just because you think your "ActiveSync" is somehow "better" than IMAP does not mean people will not use IMAP.

If you want to convince people to switch, then offer IMAP and allow them to choose which "experience" they prefer. And yes, of course, they'd be likely to slow down IMAP functions; that's just expected from a joint like Microsoft.

The spam thing is also complete bollocks; their filtering has light-years to go before I'd even consider signing in. Hotmail is for throwaway addresses--which leads to another point:

WTF chose 'hotmail' and thought it would be a 'professional' address?

Now, granted, gmail isn't exactly the most professional of domains to email from, but I can mitigate that for $5/yr by buying a domain name and pointing the mail DNS to their servers--bingo, instant credibility and, as a bonus, no spam to speak of.

"Hotmail" on the other hand has no such functionality--at least, none I've ever seen advertised. "Hotmail" even -sounds- like a porn spam address. If they want people to use it as a serious domain, then try rebranding it, upgrading the servers, and putting a low paywall or something in.

Changing the UI to something that's not actively painful to use would also help.

As far as I've seen, with the notable exception of Internet Explorer (probably because it comes packaged with the OS), just about everything that Microsoft has ever done, internet-wise, has been second-rate and unuseful. It's a small wonder that they get dinged with antitrust laws all the time; making clueless users use their stuff as a default is the only way they get any use out of it at all.

Google sees printing in the cloud

muninsfire
Alert

@David Griffin -- I find your confidence disturbing

You may want to take a look at the security concerns aspect.

"Hacking the print queue" is a simplistic way to look at it, but it can be accomplished in a number of different ways.

#1 is, of course, good ol' social engineering. Bob's left his password written on a sticky note under his keyboard; Eve takes a look and, because she has a better memory than Bob, logs into his CatBlog account with "k1ttyc@" as the password. She can then make configuration changes to the print queue, look at recently printed documents, etc.

#2, same, but phishing. Phishing still works. 'nuff said.

#3, man-in-the-middle attacks. Your fancy cloud printer is wifi enabled, but sits on an open access point. Whoopsie! Packet-sniffing, sidejacking, and other tomfoolery ensues. (Though this one's not exclusive to 'cloud' devices, I admit.)

#4, A 0-day vulnerability is found in the firmware for the printer; the malware is encoded into, say, a PDF containing that poem about the girl who died from a drink-driver smashing into her on her 16th birthday. Hundreds of office ladies who read that kind of glurge print it out; hundreds of printers now phone home to Moscow or Minsk or wherever the Russian Mafia hangs out these days, echoing its print queue with lovely bank statements or credit card bills or whatnot.

Those are off the top of my head; I'm sure there's any number of other ways to compromise 'em. The point is, if there's a device on my network, I don't want it to be controlled from outside the network without my explicit say-so. There's too many opportunities for failure that I cannot myself mitigate.

muninsfire
Badgers

...but do you have the nuts?

From an IT perspective, printer drivers are a huge pain in the ass. Every model from every company requires new and different drivers which have a separate upgrade and update path from every other piece of software out there.

It's needless complexity, especially since they all do about the same thing--take the document and put it on paper. Granted, some of them do fancy things like automatic stapling, but in the end 90% of the work is to spit out documents just like they are on the screen.

Putting the interface software to make the printer go whoom-whoom-gazoop and fart out a powerpoint presentation on the computer is stupid. For shared printers, that means there's 20 different points of failure that need to be updated for each printer.

As I pointed out above, printers these days have enough oomph to do all manner of interesting and nefarious things on their own; harnessing this such that a standard interface exists for -all- printers, to remove this needless complexity of diddling with the drivers, only makes sense.

I know it'd save me a few hours a month...

So the whole notion of removing the need for drivers is a good thing, for both the consumer (because, honestly, most consumers can barely put paper in the damn things) and for the poor bastard supporting corp users. If it weren't for the whole externally-controlled-device-on-my-network aspect, I'd be cheering for this in the streets, waving my hands in a mattter indicative of lack of caring.

muninsfire
Boffin

From a security angle, this makes me nervous

I'm willing to try working with the cloud for things like data processing and the like. Further, I'd -love- to stop with the whole "printer driver" bullshit (we've had printers for -how- long and there's no standard interface?).

However, there are some issues at hand here that I think need to be addressed.

A 'cloud aware' printer is one which, presumably, has enough smarts in it to negotiate its place on the network and to transmit and receive instructions from some outside location.

So already it has the base kit required to set up a nice little bug on an internal network.

This already exists today: there are printers, usually the big jobs in corporate offices, that have been (at least theoretically; I've never actually run across one in the wild--yet) compromised into, for instance, echoing the contents of print jobs to some other location. Sniffing packets requires only a little more sophistication.

If you're willing to go so far as to alter the hardware (like that recent story where the 'hack' was detected due to dual power cables [which was about the stupidest implementation of that idea I've seen yet {honestly, it's not like printers are that tough a form factor to cram an extra board into}] which revealed the surreptitious hardware addition of a small computer) then there's a lot more you can do with a printer.

That the printer is controlled by some agency outside your network only serves to further disguise any traces of suspicious traffic.

I'm not going to bother with the comment in the article about 'punching through the firewall'--it's too ambiguous to say if that's intended to echo a security concern or indicate a vpn setup--but I think Google has a lot of work to do to ensure that the proper documents get sent to the proper printers.

I've noticed, while working in IT, that the further the disconnect between the action taken by the user and the result, the harder it is for the bog-standard user to figure out what's going on. Most users can manage a CD tray OK enough; they hit the button, and the tray pops out. Immediate result.

However, there is already a problem with the existing disconnect between the action between hitting the "print" button and receiving a printout. How often, those of you who (like me) work in IT, have you witnessed a user filling up a print queue with dozens of print requests to a printer that, say, requires a toner change?

Introducing a further disconnect (and I predict approximately ten minutes' use before the first "it must have got lost in the cloud" comment shows up from a clueless user) will only serve to make matters worse.

US Air Force studies fruit-flies to build killer insect swarm drones

muninsfire
Happy

Countermeasures?

So I take it that shipments of novelty electric flyswatters to the middle east will be going up, then?

Does anyone know if Zap-O Novelties is listed on a stock exchange somewhere?

Walmart falls in with Washington's war on terror

muninsfire
Big Brother

Agree?

@Pirate Dave

What do you mean "agree"? Walmart has -always- played up the patriot angle, just like they've always played up the 'quality' and 'value' angles--all of which are approximately equal, when you think about it.

So there's zero surprise here that they'd buy in to the whole Homeland Security angle. Hell, they'll probably start advertising it--half the TSA drones would otherwise work at Walmart anyway; it's one of the only other places you can get a job without a degree these days.

White House forbids feds from reading WikiLeaked cables

muninsfire
Alert

More red tape than anything else

It's not really so much 'comedy' or 'closing the barn door after the horse has gone' even though it looks ridiculous to the casual observer.

Instead, it's really more red tape. When you gain a security clearance, you sign what amounts to a general-purpose NDA saying, in essence, keep your eyes and hands where they belong.

The fact that those who are cleared cannot then access classified information that leaks into the public domain is more a side-effect than anything else; the White House's statement is merely a clarification of that.

Part of the reason for this is to prevent accidental disclosure--if you're cleared for certain related projects, for instance, to one which was leaked, you might find out information that should have been compartmentalized and which, combined with what you know, would give you insight into things you aren't cleared for; this presents a security risk as, if you're not cleared for that level, you're not judged to be quite trustworthy enough to handle it.

So yes, out of context, it's absurd and frankly rather funny. In-context, it's just more dreary bureaucracy.