* Posts by Gordon Fecyk

395 publicly visible posts • joined 20 Apr 2006


Huge ransomware outbreak spreads in Ukraine and beyond

Gordon Fecyk

Make me.

Extra-sincerely, me.

Seriously, this attitude doesn't help any.

Do we need Windows patch legislation?

Gordon Fecyk

Vendors, do your fucking jobs and fix your shit.

I'm torn on this one. I've been doing this crap for over twenty years and I've seen a lot of shit product from vendors that aren't Microsoft. Yes I've seen a lot of Microsoft shit too, but everyone else makes themselves a much easier target. And then we have this shit used to keep people alive and maintain "people will die if this doesn't work" systems.

Remember Java's EULA? "You acknowledge that Software is not designed, licensed or intended for use in the design, construction, operation or maintenance of any nuclear facility." And if you search that phrase, you'll see it on a lot of software EULAs, including Symantec's.


And who remembers "Windows for warships?" El Reg here even referenced the USS Yorktown a few times here.

Sad to say, but maybe Windows for desktop PCs shouldn't be used in these environments. The SE Linux folks have a place here, or maybe Windows long-term servicing branches if it really has to be Windows.

But really: This is 2017 and Vista's been out for ten years; longer if you include preleases that vendors are supposed to be testing their shit against. What are all of these vendors doing? At least locally I'm seeing hospitals and clinics using some version of Windows 7, and that's not including the places that handle money that are using Windows 10.

I've had to drag vendors kicking and screaming into running their shit on Server 2012 R2 and Windows 10, assuming support responsibility when they won't do what we pay them for support agreements. This is unacceptable.

(Wow, it took some bullshit like this to bring me out of lurking for five years.)

MySpace zaps millions of teens' tearful rants, causes wave of angst

Gordon Fecyk

And people wondered why I rolled my own

This is why.

More than half of Windows 8 users just treat it like Windows 7

Gordon Fecyk

It's still early.

Seven months. Of course the early users are going to spend more of their time in the desktop.

And who needs "classic shell" when one can put a toolbar on their desktop taskbar that points to %allusersprofile%\Start Menu? (OK, %allusersprofile%\Microsoft\Windows\Start Menu then.) No extra software needed.

Congress asks Google to explain Glass privacy policies

Gordon Fecyk
Thumb Down

Aww, privacy not eroding fast enough for you?

"old institutions, like the law" weren't keeping up with the pace of [s/war/tech].

I wonder how many dictators shared this sentiment.

And talk about selling one's eyeballs to advertisers.

German govt DUMPS 170 NEW PCs riddled with Conficker

Gordon Fecyk
Thumb Down

So this is the "Digital Pearl Harbor" Jesse Hirsh was raving about?

So the destructive power of Conficker resulted in almost $250k (wild guess US$ value) in loss.

Jesse Hirsh of the CBC asked if Conficker was a "digital Pearl Harbor." I've read guesses as to the damage, of...

...four U.S. Navy battleships (two of which were raised and returned to service late in the war) and damaged four more. The Japanese also sank or damaged three cruisers, three destroyers, and one minelayer, destroyed 188 aircraft, and caused personnel losses of 2,402 killed and 1,282 wounded.

A single US frigate would cost about US$63million today. I'm too disgusted to do the math.

And it took three years for the Germans to come up with that cost amount?

I called it an April Fool's joke in 2009 and got downvoted for it. I was also downvoted for daring to complain about idiots cheapening the memory of Pearl Harbor, September 11th, Armageddon, and a few others with the preface of "cyber."

On a lighter note, haven't the Germans heard of Sysprep? Ghost? Imagex? System Center? Give me that money and I could transform their IT department. Anyone over there hiring?

Not cool, Adobe: Give the Ninite guys a job, not the middle finger

Gordon Fecyk

This is why he's mister "I hate everything."

Adobe's products are a security nightmare.

Adobe's products are a nightmare, Oracle's products are a nightmare, Microsoft's products are a nightmare. And yes, even CentOS can be a nightmare in the wrong hands.

I've said it before, and I'll say it again: Stop complaining about the weather and start doing something about it.

Reg hack to starve on £1 a day for science

Gordon Fecyk

Northern Manitoba.

I'm willing to bet that other first world western countries have worse water quality than Spain.

Like over here.

You hear that, Mr Cook? Samsung's profits have gone UP

Gordon Fecyk

Where have you been?

I'm just waiting for someone to release a Shoecake

Plenty of shoe cakes available.

Vulns, exploits, hacks: Trusteer touts tech to terminate troubles

Gordon Fecyk
Thumb Down

Why blame MSIEXEC for Java exploits?

Disable windows installer service so s**t can't be installed willy nilly by users who don't know any better

Great, yet another pundit who thinks they can maintain Windows better than Windows can. Do you even know what the Windows Installer (MSIEXEC) service is? It's not Windows Update. You disable Windows Installer then you can't install anything made by anyone made anywhere. That includes built-in components.

And what the hell does MSIEXEC have to do with Java exploits? MS abandoned their Java implementation yonks ago, and modern Java runs in user-space exclusively.

If you want to stop users from installing stuff willy-nilly, do this.

Gordon Fecyk

Hey Apex: Make this product instead

Apex will automatically stop applications from performing sensitive operations while in an unknown application state.

I can do that already.

If I could somehow sell a product that does this safeguarding for you... Hey Apex: Would you work on a product that does this instead of wasting CPU time analyzing running processes? I'd buy it, promote it, prostrate myself extolling its virtues, if only you'd produce it.

Google tells Microsoft IE shops: We can help you with those 'legacy apps'

Gordon Fecyk

No thanks, we're good here.

Binned the "legacy" web apps or made sure they worked in Intranet Zone.

Windows 8 has put the world's PC market to sleep - IDC

Gordon Fecyk

Good: We can stop using Origin then.

Along with PC games that insist on making us compute recklessly just to play them.

Gordon Fecyk

We've had multi-threading since 1995 and this is the progress we've made?

some of the performance increases have been blunted by a lack of applications that have been coded to really get the most of multicore systems.

Twenty years and we don't know how to write an application that uses threads? Even Quake II was multi-threaded. If an app uses multiple threads it's supposed to use multiple cores transparently.

Here, devs: read. Specifically, always treating threads like they're running on different cores even if they're not.

Microsoft squashes 9 bugs with Patch Tuesday fixes

Gordon Fecyk

Privilege escalation is a larger target now

Previously labeled "important" because the average user used to run with escalated (admin) privileges anyway, these should become "critical" as we finally can run as non-admins without badly designed applications getting in the way, and this will become the way to hack Windows without social engineering.

If I can only get parents not to cave in to kids screaming for Mommy's password... sometimes I feel like a doctor trying to tell their patient to stop smoking.

Now I'm not only recommending non-admin for daily work and play, but I'm finding myself recommending pro editions of Windows to homes, because of SRP.

German ransomware threatens with sick kiddie smut

Gordon Fecyk

Sucks to be in your family then.

A applies. B, well, that's not my fault.

Gordon Fecyk

Is the scary part just a page in a browser?

That's all the screen shot example shows.

Even if this were a redo of the FBI scareware, SRP and non-admin accounts would go a long way to prevent it and anything like it.

(I have room for lots of downvotes. :-p)

Microsoft to slap 9 patches on Windows junkies on Tuesday

Gordon Fecyk

Where were you the past thirteen years?

If they split the OS into admin space and user space and denied write access to anything in admin unless logged in as admin, then windows would be a fook sight more secure.

Windows had this since NT 3.1, but didn't really support "non-NT" applications until Windows 2000. UAC on Vista took this further. Don't blame MS for people not using it, or vendors not respecting it.

Here's how it's done on Windows 8.

Gartner: RIP PCs - tablets will CRUSH you this year

Gordon Fecyk

I'll believe that when Apple stops selling the Macintosh.

Let's see Apple take the first step by discontinuing the Macintosh, and sell iDevices exclusively.

How I nearly sold rocket windows to the crazy North Koreans

Gordon Fecyk

I'm pretty sure MacArthur thought this in 1950, and look at what happened

Oh sure, that Nork army unleashed would do a great deal of damage, would make a hell of a mess of Seoul and such places. But it wouldn't actually win, it would be beaten back and that would be the end of the State.

This might be one of those "classic Leftie / Rightie style" oft-repeated "truths," but if North Korea is as weak as the commentards here say, why did MacArthur have his ass handed to him by Truman shortly after the Incheon landing in 1950?

(Disclaimer: Not a military expert. Learning from history, though.)

Review: Intel Next Unit of Computing barebones desktop PC

Gordon Fecyk

OK let's try this again: It's Intel hardware though

I also tried Windows 8 Pro, but despite installing all of Intel’s driver updates, I was still unable to get a realistic score out of Futuremark’s PCMark 7. Windows 8 itself refused to give me an Experience Rating, bailing out on the video part of its tests.

So 8 wouldn't give a rating without a supported video driver, then. This is Intel we're talking about, so this will get sorted in a hurry. Does the 7 driver work in a pinch?

Wouldn't be the first time with driver problems. Intel's latest Win7 HD driver (March 2013) introduced mouse pointer lag on an HP Elite 6200 desktop PC. Had to revert to their December 2012 driver to undo it. Other commentards would blame IE10 for that.

Gordon Fecyk

You need some Win8 consulting then?

The bottom line: I can’t recommend installing Windows 8, and a long list of Windows Update failures, not just on the NUC but on other Windows 8 machines I’ve tried, including Lenovo’s otherwise gorgeous ThinkPad X1 Carbon, makes me even less likely to do so.

I must be the only Windows 8 user on the entire internet that isn't having problems running the thing. Heck, I can run it on a VM on a HP Microserver. Would you like some consulting?

IT Pro confession: How I helped in the BIGGEST DDoS OF ALL TIME

Gordon Fecyk
Thumb Down

Then SANS needs to stop cheapening Armageddon. And Pearl Harbor. And September 11th.

Catch phrases that invoke disgust:

"Digital Pearl Harbor."

"Digital Armageddon."

"Digital 9/11."

No one died due to any event reported using these catch phrases. Real people died in the real events. That is my problem: Cheapening the memory of real life events that killed real people.

If they want to stop disgusting me, SANS needs to stop using them.

Gordon Fecyk

Re: Trevor, "I hate Windows/Java/Flash/PDF/QT/TheWorld," Pott

That was the impression I got here and here. Who in these forums brought up the impact of first impressions?

Gordon Fecyk
Thumb Down

Ugh, "Cybergeddon."

Just the link makes me cringe in disgust: "The great DDoS Cybergeddon of 2013." We're still here, aren't we? No one was hurt, right? Maybe spam increased for a few nanoseconds while Spamhaus was unreachable for a short time? Do I need to warm up my snow blower to deal with the deluge of junk e-mail?

Seeing as I'm posting this to a Europe-connected network that was supposedly strongly impacted by this, I'd say this was a storm in a teapot. But SANS has a history of sensationalizing internet events. They want to be the weather.com of cyberspace and it's embarrassing.

Gordon Fecyk

Here's a workaround on Windows Server

This was unexpected; Thanks for coming forward. It made me brave enough to come forward with a similar workaround I did on my Windows Server setup.

I publish a small handful of domains on that HP Microserver I bragged about a few weeks ago. One of those domains is an Active Directory domain as well as a publicly visible domain, and they handle internet e-mail and other internet things, so the domain controllers and dependent servers need to do recursive queries on the DCs running DNS, as well as host the DNS zones that make AD possible.

Windows doesn't have an IP access list saying who can do recursive queries and who cannot. But nothing stops you from copying the zones to another non-DC DNS server and disabling recursion on that.

I already have a reverse proxy server for various things; I just added DNS to it and port-forwarded DNS connections to it instead of to one of the DCs. Then I set up secondary copies of all my zones on it, and disabled recursion. I now have an edge DNS server that doesn't allow recursive queries and still acts authoritatively for my zones. I can still permit zone transfers from it to authorized servers outside as well, and do notifications of zone changes.

Sure, this is, 'duh, captain obvious' stuff for some. Who would have thought DNS would be used as a DDoS vector though? If Trevor, "I hate Windows/Java/Flash/PDF/QT/TheWorld," Pott can come forward with this, so can I.

Relaxed Windows 8 rules hint at smaller slabs to come

Gordon Fecyk
Thumb Down

1024x768 was a minimum for MS Store apps since launch

This rule change was for OEMs, not for the OS, PCs upgraded with it, or for applications using the new UI.

I hit the vertical limit when trying to find a resolution to record my Windows 8 Safeguarding series; At 1280x720 the UI would run, but apps designed for it would not, telling me the res was too low. Desktop was still OK. 1280x768 worked though, as did the oddball 1262x768 I ended up filming the series in.

Say what you want about the UI but don't say it's in alpha. The OS still hasn't crashed on me and it works as they designed it. Maybe not how you would design it. Of course, I don't run it on garbage hardware.

Security damn well IS a dirty word, actually

Gordon Fecyk

I was waiting for this...

Actually, the sheer irony here is that Internet Explorer has had TLS 1.2 support since IE8

...actually, IE depends on the crypto suite of the host OS. On XP, only TLS 1.0 and previous SSL versions are supported. To do TLS 1.1 and 1.2 in IE, you need Vista, 7 or 8, or corresponding server version.

And there are too many banking sites that don't have TLS 1.1 or 1.2 support in their servers. I can't cite any one bank out of good conscience, but I can say that Symantec doesn't enable it on their MessagelabsSymantec.Cloud pages. I had to argue with a support droid about that. (ugh, you know I used to like Messagelabs).

Adware-flinging Yontoo yahoos target Mac users: You like trailers, right fanboi?

Gordon Fecyk

"Windows" Adware?

Windows adware hasGreedy advertisers have been a problem for years.

Low hanging fruit, easy target, cheap shot. Un-called for.

By the way, Mac users, easy way to protect yourself against greedy advertisers: Don't download stuff willy-nilly from the internet, and don't use an admin account for your daily work.

Win8 Safeguarding series critiques wanted

Gordon Fecyk

Looks like I need to crack the message of keeping malicious software at bay

A running theme I'm seeing in the feedback, is I need to make sure other defences (outbound firewall especially, but also turning off UPnP) are working in case malicious software somehow runs on a PC.

My problem is I'm trying to prevent malicious software from running in the first place.

At the risk of sounding like I'm from space, if I can stop unwanted software from running in the first place, I don't have to worry about unwanted software communicating outbound, or requesting open ports from UPnP routers, or using raw sockets, or taking over my display and trying to extort me for money, and so on.

It sounds deceptively simple, and perhaps that's what's confusing the mainstream computer user.

Gordon Fecyk

Target audience

My target was more the, "You can't secure Windows no matter what," crowd, to show it can be done, but up to the SRP stuff this is all noob-capable. I think. I ramble on in spots, so I might tear this all down, write some monologues and do it properly.

About the firewall. Just like raw sockets, UPnP and outbound connections in general, my aim is to keep unwanted software at bay. If I can't keep unwanted software off, the firewall is the least of my worries.

In that example I deliberately installed Oovoo with the intent of connecting to its network through the internet. Having a firewall ask me if I want to let this thing connect outbound when I know it's an internet instant messaging application is redundant, at least in my opinion. It was the inbound connection that caught me off guard.

WFAS does let you change the default for outbound connections, so it's like the behaviour you're describing. Maybe I'll touch on that in an advanced video.

WD on Windows 8 is just another after-the-fact virus product. I treat all such products as security blankets; make the user feel good. The before-the-fact stuff takes care of the real security.

The running theme, again, is keeping unwanted software at bay. If I can do that, I don't need to worry about UPnP-capable apps, outbound connection-capable apps, or apps that use raw sockets. Because they will be apps that I chose to use.

This is good feedback; thanks for all of this. If I could do the geek and the pint icons I'd have them both up.

Gordon Fecyk
Thumb Up

British sophomoric humour aside...

...I made some adjustments per recommendations right now, and will make further refinements.

Bold statement, perhaps: "Better security than you can buy." After twenty years of after-the-fact garbage from the leading computer security firms, I believe it's correct, though. I take the approach of stopping the bad software before the fact and then it can't turn off the firewall or signature-based virus detection.

Gordon Fecyk

Win8 Safeguarding series critiques wanted

I know... this is throwing myself at the wolves here. I figure along with the chewing up I'm about to get, some useful criticism will come up and I can improve on this series.

Think what you want about Windows 8, but people are going to deal with it. So I tossed together a video series on safeguarding home desktop PCs running it, all about using what's included and nothing added. Please take a look, and consider offering some feedback I can use.

EA Origin vuln puts players at risk

Gordon Fecyk

Does Origin rely on root / administrator / system for anything?

One thing I noticed about Steam was that its client and attached games run completely in user-space on Windows. Even if I believe it is a bad idea to make a folder in Program Files user-writeable, at least any Steam exploits would be limited to the Steam environment and not leak out to the host OS, provided the user only runs it in user-space. A user can defeat any exploit with CTRL-ALT-DEL and logging off.

By comparison, does Origin work in kernel-space (using drivers) or otherwise require admin or kernel level access to run? I don't run any Origin games and from what I'm reading here I don't want to, either.

Even Java, for all of the hate Oracle's received this year, stays in user-space.

Deja vote: Iran blocks VPN use ahead of elections

Gordon Fecyk
Big Brother

"[s/When/If] the ports open again..."

The article mentions blocking L2TP and PPTP VPN ports (and more specifically protocols) but what about TOR restricted to ports 80 and 443 - does that still work?

Application filtering for HTTP and HTTPS exists, as does transparent proxying. If a US business can do it, you can bet Iran is doing it, and very likely with software authored in the US despite export controls.

1 in 7 WinXP-using biz bods DON'T KNOW Microsoft is pulling the plug

Gordon Fecyk
Thumb Down

They keep saying that...

A great Redmond plan to get Linux on the desktop?

Then it hasn't worked in twelve years. Wasn't the Windows 95 Start Menu the first thing that was supposed to make people move to Linux? Or was that product activation on XP? UAC on Vista? The Start Screen on 8?

I'm still waiting.

Yet another Java zero-day vuln is being exploited

Gordon Fecyk

Non-admin accounts, Software Restriction Policies, etc etc etc etc

McRAT ensures its persistence by writing a copy of itself as a DLL and making registry modifications

Lather, rinse, repeat.

Architect pitches builder-bothering 'Print your own house' plan

Gordon Fecyk

Including fifteen different building codes? Hostile contractors?

Open source DIY domicile project to 'do for building what Linux did for software

(OK, perfectly fine article if not for this secondary headline. Venting speen in 3... 2... 1...)

So now I'll have to choose which distro of house I want before I can build it, there will be inter-distro feuding over building codes, and crowdsourced contractors consisting of a mix of maybe friendly and mostly hostile geeks, each deriding each others' designs.

"No one builds a wall with studs sixteen inches on-centre anymore."

The paranoid ones will use "NSA House" like they use NSA Linux, only to later speculate about gaping holes in the walls. There might not be any holes, and it might be the strongest house you could build, but who would trust it?

Someone else might build a friendlier house, only to have other contractors deride them because they'd insist on being paid first.

Who am I kidding? If Microsoft made a house, people would complain about the door locks. Come to think of it, my wife would complain about the door locks and not use them, and then she'd wonder why the TV was stolen.

McAfee dumps signatures and proclaims an (almost) end to botnets

Gordon Fecyk

I have. Right here.

Has anyone considered what it *really* takes to go completely malware free?

Part 1. More parts are following, along with using Software Restriction Policies in coming parts.

Gordon Fecyk

McAfee rewrites history?

Signature-based malware identification has been around since the dawn of the computer security industry


Stiller's Integrity Master, a profile-based virus detector, existed before John McAfee sold a cheap and lazy media on Virusscan:

I love it! I have been a fan of integrity checking (IC) ever since my first big software conflict trashed small parts of a few files of the 2,000 + files on my disk in … 1986

(Sadly, that article is only on Google's cache now.)

CERT formed before McAfee did, in 1988, to combat the Morris Internet Worm. McAfee opened his doors in 1989.

Over 100,000 sign White House petition for handset unlocking

Gordon Fecyk

Someone better explain that to Canadian cellcos

Supposedly this a loan and not a subsidy.

Obama's new cyber-security tactics finger corrupt staff, China

Gordon Fecyk

Like, say, anti-virus firms?

So, they're going to do something about that unpatriotic group of American companies that have their manufacturing done in China? I skim read it; have I understood this correctly?

I sure hope so.

Clarkson: 'I WILL find and KILL the spammers who hacked me'

Gordon Fecyk
Thumb Down

"Classic leftie style?"

Classic leftie style[...] It's really rather frightening how often that a lie or inaccuracy is repeated a few times and then becomes effectively an incontrovertible fact.

Like, say, "Obama is a muslim?" That's not exactly "leftie style" yet it is incontrovertible fact among certain sects of non-lefties.

Where's the foot-in-mouth icon?

BlackBerry squashes W-TIFF-F bug that's ripe for malware squirters

Gordon Fecyk
Thumb Down

I guess the JPEG GDI+ exploit was so last decade...

This is a bit of a twist on normal exploitation simply because the malicious code is actually inside of an image, something that hasn’t really been done before.

Set the WABAC machine for 2004, Fred: Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution.

We really do have short memories in this industry.

Ubuntu? Fedora? Mint? Debian? We'll find you the right Linux to swallow

Gordon Fecyk

The even like / dislike count suggests there's some truth and some exaggeration to this

It's nice to know I wasn't the only one scared away from Linux by hostile technical support.

Now you just need the nice ones to get on the cases of the not-so-nice ones and make them stop biting the n00bs.

Software update knocks out Space Station communications

Gordon Fecyk

Weren't they running NT4 SP7, the only known installation ever?

NT 4.0 SP7 available, but not on planet Earth

You can help fix patent laws … now!

Gordon Fecyk
Thumb Up

Complain about the weather...

...or do something about it.

Seems like a sensible approach. Or is BlueGreen asking for too much in this place?

Get up, shake off the hangover: These 57 Microsoft holes won't fix themselves

Gordon Fecyk

There's vigilance, and there's paranoia

And this: "...that you know of..." is paranoia. Lovely technique to sell security products. Not so lovely a technique to do actual security.

Understanding how Windows really works goes a long way to preventing exploits. I've said many times before that there's better security built into modern versions of Windows than any security product you can buy for it. Even a non-security product can prevent malware before so-called security products can; in that case, it was Microsoft word, which could stop Word macro viruses before anti-virus products could.

Give the fellow credit for doing something pro-active. If you really are trying to sell something, it's better than blasting them for not using the popular security-blanket-of-the-day.