* Posts by dhcp pump

29 publicly visible posts • joined 14 Dec 2011

Oz privacy comish says breaches could double this year

dhcp pump

Irony

The irony of this new " governing body is that its all after the fact,after all the information is slurped!.

Fines are required if they do not pass the regulatory standards and a A breach of standards

is required, if there were any for private companies who don't fit into the existing standards framework,which is really thousands of AU businesses and websites.

More emphasis is required in the pre-emptive policies of the infosec industry standards for AU and a Governance and Audit framework ( not SOX or COBIT -slight fail) for Australian Companies ,small and large who hold or present Internet data to the public.

As with vehicle manufacturing and AU regulation safety standards a new Governing Standard is required for all Internet hardware imported or manufactured in AU,there is none at present.

Imported routers as we know are riddled with issues ,even the best of them ( Cisco) but a look at all the others shows shellcode,dns and insecure wireless OOT Box along with other issues which pose a massive instant risk of data disclosure when powered on and a business network is connected.

Specific standards ( regulations)are required in the AU place for all SQL and DB's that are Internet facing ,there should be a minimum standard NOW ,with bi-yearly reviews or testing executed as is done for high risk vehicles such as trains,buses,and the trucking industry.

The DOD regulation standard should be a minimum regulation standard,with higher standards for data retention companies ,and those storing full profiles or information on persons ,such as the health Industry ,CPA's and the private company loan market.

.

Aussie builds contactless card cloner app, shops at Woolies with fake card

dhcp pump

tool

The tool hopefully approached the banks or disclosed correctly to the authorites before he disclosed publicly,what does he want a friggin job with the crims ! or a medal ,its not new except he did it on new hardware.

Lock the prick up till he finds the solution,no foil hat for this wank.

Rin Tin Tin foil bloddy hat for my cards now.

Your tapped now buddy ,watch those packets !.

BlackEnergy crimeware coursing through US control systems

dhcp pump

lockit

most !,: cough industrial control systems have a hardware lock and physical lock on the processor ,if this is applied and the controlling code has safeguards then it near impossible to change the actual control system unless the cs parameters are modified.

As mentioned the gui or win interface is only that ,able to control and monitor ( hmi ,scada) of the actual plant which isnt controlled by windows ,ie : if the windows box goes down the system wont stop or change.

if the systems integrator has the code on the scada for the plc etc and doesnt lock the processors then that could be trouble if the PMI /win box is comprimised ,now who would do that ???.

NSA Sentry Eagle placed spies in private companies

dhcp pump
FAIL

@ Franklin

If someone ten years ago had written this into the plot of a sci-fi novel, I'd have thought it was too implausible. Live and learn.

Its been on since arpa was born ,in the 80's its really go into its swing ,---...

Australia's metadata debate is an utter shambles

dhcp pump
Paris Hilton

Cough Up

IF they want/need this service why should the isp pay for it ?,the gov will have to pay .

This requirement is like another tax if passed onto the consumers,when we pay out enough

already.

the ISP's have already estimated the cost which will grow each year !.

Cough Up for the extra work and equipment required!.

On top of this what form of security governance framework will exist to allow this ?, the costs just keep growing as each ISP will have to engage in a secrecy agreement .

Who the $ can guarantee the security of this data when transmitted through the existing internet ?.

This will cost a substantial amount ,have the governement budgetted for the $Billions this will cost ?

in the current budget for the agencies ,i bet you they havent .

They cannot even provide the roads,hospitals and education system for the people that have elected them !.

This concept of the ISP again storing and providing the data is hogwash and is wasting too much money on this when transmission interception for overseas routes is simpler,technology is already there ,3-5 major points from AUS plus satellite feeds to be monitored.

Meh

Writing about an Australian Snowden would land Vulture South in the clink

dhcp pump

Lest We Forget !

Take a step back in time before the overwhelming surveillance we have now.

Reasons for surveillance increase .

1 - Massive import of "freedom" seeking persons from terrorist states ,or from breeding grounds for said terroristista,eventaully leading to a groundswell of "like minded " individuals emerging as what would have been termed in ww2 as sleepers,and even then categorised as a threat to the country.

Said persons dont seem tio like the peace and freedom and must create chaos or rebellion in their new country ,which they think they have the right to do ,well they dont !.

2 - Increase in terrorism events ,911,Bali , and recent.

Over-surveillance is the result of knee jerk reactions to past events unfortunately,and often miscalculated,over cooked and often are not as effective as a long term strategy, of educating the people as to the "why's".

If you have nothing to hide then you have nothing to worry about !.

It'll make you think.

Henry Ford : "If you believe you can do a something or if you believe you cannot ,you are right !.".

Security audit finds dev outsourced his job to China to goof off at work

dhcp pump
FAIL

Repetition

Not new ,enterprising ,but not real smart ,doesnt make a profit ,exposes his companies IP to the opposition ,stupid ,will get caught and be taken through the ringer and either serve time or pay back lots of $ ,or both .

Most people have heard of the enterprising manager who hires subcontractors ( firm) to provide

a service to the firm he is employed in ,but he actually owns ,or his wife or cat and then gets caught ,

goto : above & line 2.

DOH !

AMD uncloaks 4GHz-and-up FX Series 'enthusiast' chippery

dhcp pump
Pint

Linux Benchmark AMD fx8350 whips the Intel i7 Extreme

http://www.phoronix.com/vr.php?view=18051

So what does this make the ms winbloze operating system ?.

dhcp pump
Childcatcher

True Lies

And wheres the linux benchmarks ,as the specs show ,the amd has it all over the intel processor ,in theory ,so it must the piece of crap winbloze operating system .

do the math !. and some linux benchmarks .

Gaping network port with easy-to-guess password? You ARE the 79%

dhcp pump
Linux

Re: Get attacks at SSH all the time...

open the address in a browser (mime) bet it still shows ssh server ...:) no matter what port it is open on.

sshguard is a better idea.

Boeing zaps PCs using CHAMP missile microwave attacks

dhcp pump
Thumb Down

conducting

Most likely to be used on citizens ?,as what modern military doesnt have self healing high grade networks ,not above ground or in emp shielded environs?,with no cabling,or cabling that is not emp susceptible.

Used within a laser beam and it could be interesting,otherwise not.

Google finds MORE slurped Street View data down under

dhcp pump
Linux

Dear Gov

1 - Dear Gov ,We ask permission for the sins we committed in the past to be now approved ,of course gov that letter of approval will be expedited by the (cough) copy of the quarantined gdrive we found behind the sofa ,,sent directly to you at a cost of ( in QLD dollars) of 1c per open network ..ahh.

2- Dear gov ,we are so glad you still support us in lobbying for all wireless router manufacturers to ship all routers in default mode,ie no protection.

Tanks a million

hee hee

Giggle Inc

Anonymous turns on 'one man Julian Assange show' Wikileaks

dhcp pump
Angel

Re: Challange

Re: Challange

"governments that allow them the freedoms"

That sounds like an oxymoron to me.

Time to take the red pill.

+1

ROFLING -along ,oxmorons stick together -like a gay marriage !.

Congress report warns: drones will track faces from the sky

dhcp pump
Mushroom

Scotty beam me up .

Tin foil hat ( with lidar absorbing surface paint -available )paint gun with laser and lidar jamming ,lock onto drone ,blast it .

Summer job - Paint house with lidar absorbing material ,paint car ,paint everything - LOL.

Sales of lidar absorbing paint ---->

The perfect CRIME? New HTTPS web hijack attack explained

dhcp pump
Unhappy

ether reality ..sniff :('

Now how did our border router wan interface move to promiscuous mode with those fake snmp controls,oh snmp must have been enabled with a blank write pwd,must look at that .

Anonymous stalking Australian spooks

dhcp pump

Optional Righteousness

Self righteous arrr-holes,sitting there typing on your porn ridden pox boxes paid for by your mumma.

Bet you have piles from sitting on your arrs @t your help desk all day.

Lying in your beds many years from now ....& ...

They (you) may take our lives but they will never take our freedom....

"Alba gu bra"

Microsoft, Adobe throw fire blanket over blaze of security flaws

dhcp pump
Happy

Re: Linux

Where did Linus quote this ,please provide .

Why would you do this ( except in a vm on linux) ,it would like trying

to mate a chevy with a volvo and see what pops out :).

dhcp pump
Unhappy

PLS Fix It Redmond

As the OP mentioned most of the exploits are rehashed OLD ( 10 years +) ,yes the year 1985-2002.

Somewhat strange that MS hasnt heard of regression testing,and ffs normal release testing.

And due to the entwinement/entrapment of the OS with the stupid browser nobody uses anymore,

most of the bloated apps are affected by the exploits in a roll on affect.

For crying out loud the browser was the cause of most of the issues for the last 10 years ,remove it

or make it an add-on for those who need to use it :?.

Unless they get off on the media attention and mayhem of patch Tuesday .

The policy that helped Anonymous hack AAPT

dhcp pump
Flame

Re: El Reg a bit slow

http://www.theregister.co.uk/2012/08/12/anonymous_data_digging_downunder/

Must have the dirt first and then the tools first before you digg.

And what disclosure policy do you think they have ? ,its not like the public domain,and

its all after the fact by a lead time of 30 days at a minimum,if at all.

Much like the LTPT and the private keys previously lifted from the company that generated

and protected the keys,how many sites and secure areas do you think that affected ?,and

the question again is what was the disclosure period ?.

dhcp pump
Mushroom

El Reg a bit slow

El Reg ,no mention of the fact that these hosting servers were also hosting cough SIO and Police Records .

Security 542 ( & 101) for the feds is required .

Although self righteous ,those anon crowd are making a point with the pathetic security of the publics

information.

Most of the public service dont understand how the could works ...

Sack em .

Researchers find backdoor in milspec silicon

dhcp pump

All good ,most of the graphics controllers and bios chips for the last 10 years have them ,your in safe hands girls and boys ,:),for your own protection of course :(. ,now where was i ,thats it ,i lost my keys ,when i find them i can decrypt that spurious low level traffic that isnt firewalled .

New satellite will blow your socks off - and spot them from spaaaace

dhcp pump
Thumb Up

Re: Tinfoil hats on standby...

had this resolution since the 70's...?

Thats an affirmative Houston ,foil hat also spotted and pin holed ....ROFL

Guiding missiles since 1968 ! ,accuracy 1m +- 0.38 inches.

Congress warned that military systems may already be pwned

dhcp pump
Thumb Up

Morpheus -Inside the matrix

pwned : Sad ! and apathetic.

With most of their hardware made in the ch ,and back doors being placed in this hardware

at board level since the 90's ,remember the motherboards and other hardware which flash installed a windows app ?,and that was 10+ years ago.

This places said ":green zone" equipment through a fw like a dose of the salts ,elimating any perimeter defenses.

What the blazes is the mil net doing near the www anyways ; | ffs

The game of misinformation is a good one ,and watch it being played is like a slow game of poker .

+1 ; Levente Szileszky

" Re: The National Socialist Pride Gap

The basic problem is that a PhD could mean a lot or nothing, it really depends on the subject "

We need to down greed and start manufacturing again ,other wise we will permanently transfer the skills and dollars offshore ,which is whats happening .

That MYSTERY Duqu Trojan language: Plain old C

dhcp pump
Mushroom

The Sauce be with you -Luke

Encrypt compile :hash ; yes .

Proprietary Siemens DTE lab required to determine proprietary payload ,without source or decompile availability.

AV vendors will have a time de-mangling encrypted code w/o said keys,even with a rs485 sniffer

on some of the end points.

If the AV vendor can disassemble the code,they can find out the author ,now who wishes this to happen ?,nobody ,so AV vendor wont ,all they can do is look for the network signatures,ie payload .

MYSTERY programming language found in Duqu

dhcp pump
Holmes

Most likely written and compiled on with the same proprietary platform that the siemens drive software is written,assembler derivative ,so that any other payloads which the av vendor,i doubt the av vendor knows what the payload is ,unless they have a lab full of siemens drives and controllers and the closed source code they are trying to work out .

Read proprietary compiler /;..and where did the authors get that from ? ,reeks of .

As with symantec the source is the key ,and if the av vendors have the source ,or they are playing dumb ?and have the source .....

Hidden Dragon: The Chinese cyber menace

dhcp pump

I somewhat agree..

Agree +1,

Subnet blocking can be required if you are running a service on a port ,most spi firewalls are set to block.,not very useful for half open connections and scans that are usually not done via the interested parties actual position /source country.

As anon mentioned $ billion of business are carried out with legitiamate CN businesses,most of which are external countries with MF bases in the CN.

Either way its hard to prove that it actually eminated from their subnet,although dns A' records

show it to some CN uni etc .

Where dns poisoning has been used in the past and a LOT of dns records showed ownership from cn suubnets ,doesnt mean cn were carrying out the attacks.

To accurately determine that ip is attacking your system requires more investigation and other parties involvement outside of your subnet.

Attacks appearing to be from the uk can be made via others in any country and vis versa,whether botnets are used or not .

Public internet needs a revamp on the old arpanet,isp's need to allow people to configure their service for in traffic and out ,some have gone this way as it does save the isp data $ as you mentioned ,and also protects the end point customer .

Most decent ' corporate services also provide this form of sla .

Cheers & Merry Christmas & NY .

SCADA vuln imperils critical infrastructure, feds warn

dhcp pump
WTF?

WTF

So they have finally found these default passwords.

And what idiot put the plc & scada near a wan connection .

These devices like any system are prone to physical access issues

from someone with knowledge .

Layered security model required ,which includes physical security application & monitoring .

So what happened to SOX & COBIT for critical infrastructure in the US ?.