* Posts by MissingSecurity

218 publicly visible posts • joined 10 Feb 2012


Women devs – want your pull requests accepted? Just don't tell anyone you're a girl


Re: Somehow I doubt it.

I think a cursory read of the comments about it would make sense, in particular, read the comments section:

"...The more relevant problem is that in gendered considerations, insider men receive less a lower acceptance rate than women. On the other side of the graph, gendered representations show no statistically significant difference, as Randal Olson points out.

In other words, the hypothesis is that gendered women are discriminated against, but what you actually show from looking at the graphs is that any gender identified person is discriminated against and you further show that men are more likely to be the recipient of this than women.

You're also missing an important piece about modern software practices: Most software now uses automated tests and profiling when someone submits a pull. Some go even further and even automate the pulling process, using Rultor or similar software to automate the merging process, no humans involved. ..."

This is a pre-print which to be honest, Reg is doing a dis-service to suggest this is anything more than an interesting possibility, which after reading the actual PDF, I came to the same conclusion as the comment on the site.

So if Reg actually gives a shit about this, and isn't just panning for sensation, we should see a updated article when/if the researchers actually can conclude something more definitive and peer reviewed.

Louisville says yes to Google Fiber. Funny story: AT&T, TWC didn't want that to happen



...make TWC mark their lines?

Solved that issue, huh.

De-anonymising data should be a criminal offence, says MPs report


Re: Interesting idea

I was thinking this too. How much of this is probability based on anonymized data, and how much is some actually reconstructing someone profile based on the data, The former is just maths, the later sounds like it was Annoymized to being which maybe that should be a crime?

Microsoft herds biz users to Windows 10 by denying support for Win 7 and 8 on new CPUs


Ah, my good IT firends...

I think I've hit that moment when I stop pretending things are going to happen because I want them too and start accepting things as they are.

Here's why Linux isn't really going to take over the market:

1) Windows 10 is good, I'm not even a windows fan, but it's definitely a good OS. MS has issues, but saying W10 is bad is like saying Linux is too technical for the average person. Their both fallacies.

2) Windows Server is still easier to use, manage, and connect systems than Linux. Sorry that's the case. I may be able to run an LDAP system for little to know cost on Linux, but I don't need to know all the intricacies of LDAP, KERBEROS, and NFS and SAMBA to have a working network. I know IT admin should be able to do this, but hell, I see Linux admins have trouble with this.

3) The operating system that takes over Windows in business will not be Linux (maybe a derivative), but I think the best a company like Red Hat and Canonical can hope for is making progress on the server front such as Web Servers and Application Server (Weblogic, Tomcat, etc).

4) Without developing cross platform, we're not moving forward on Linux. As Dev's we still suck at this, and pretend that also as we just build web platform is "cross-platform". The two main choices in business are .NET and Java, and to be honest neither are bad, but their also old had and this whole section of programming is what people call "mature" IE boring.

UK.gov plans to legislate on smut filters after EU net neutrality ruling


All I can do it laugh...

least I start to cry.

My government wants to stare at my privates without me knowing and your government wants to prevent perfectly good privates from being stared at.

Microsoft previews cloudy Active Directory Domain Services


Re: Interesting development in the cloud tug of war

Yes, why did we spend the last two decades trying to get out of vendor lock in, when we should just be locking ourselves in.

I think you'll find that companies aren't building their own data centers. Their renting space (either physical or virtual) in data centers operated by third parties. Their quality can vary but I guarantee if you're in a sector where this matters, there are plenty of options.

I don't see why I'd move an entire infrastructure from one data center to another, especially if I am a large enough customer to get lucrative deals with the third party.

I love how you think that innovation has somehow been impeded, The standards, protocols, and technology for doing this has been around FOREVER, in fact a form of this is being done, at large corporations everywhere. The real question is will the use a service like MS/Google (cause what your really getting at is SSO) or "likely the case" will there still be a mix of services just your AD instance may or may not be in the cloud.

You want a 6% Google Tax? Get lost, German copyright bods told


Re: The Internet is global

This is dumb. News companies (and any sane website) are likely saving tons of money by designed SEO websites to take advantage of Google Indexing and not spending it on advertising their website articles 24/7.

Won't the more sensible thing be to limit the summary piece? If I can get all the content I want from readying a summary than your content is shit. Taxing Google (or any other company on similar grounds) is a waste. Taxation on Ad revenue is one thing (probably already happens). but if google wanted to play that game, they could just as easily make any taxing up in charging more for Analytics, selling data to Ad companies, etc. with it all being pushed back on the site owner regardless.

3D printer blueprints for TSA luggage-unlocking master keys leak online


Re: Remember kids ...

30sec? Damn, them some high quality luggage locks. It seems like two or three scrapes and I can get them to pop.


Rise up against Oracle class stupidity and join the infosec strike


Hence my username ...

We seem to spend a lot of time playing a chess game of responsibility in infosec. This is definitely an executive level fight, and if I get there I'll have no issue fighting it, but since I can merely point it out, I play the cover my ass so I can play the "I told you so" card.

FireEye intern nailed in Darkode downfall was VXer, say the Feds


Re: Internships

That's a little disingenuous. The kid had the smarts to build a C&C infrastructure for mobile malware so it's not like they hired a slouch to come in and do security. If your thought was, "

they should have hired a full time more experienced person", I'd say you are severely overestimating the talents of the general Information Security populace.

In my experience, IS teams are mostly made up of Book Smarts, people who understand the theory, the terminology, and the concepts (they are intelligent people), but few actually have the ability to adapt to persistent threats, and adapt their companies to it.

Shit, 50% of them I've met think they can put down programming skills on their resume because they can write"SELECT * FROM users;" I think it why IS is in such "demand" right now.

Microsoft starts switching on paid Wi-Fi service with latest Windows 10 preview


What is feels like...

This is a completely base less comment, but it feels like an MS Exec's manifestation of frustration, because MS had a hard time competing the in the Ad business and pushing views to their avert platform and some snobbish exec said "If we can't get them to our websites, we'll force them to pay to get them to our competitors".

I will in all likeliness never use this (Linux User) but if MS can make pay-by-minute internet more easy to use, than good luck. If I am using Windows and work is willing to pay for the time, than I might not care, but than again, they are more likely to provide hotspot access on my mobile (which I can use with the Linux Laptop).

Amazon just wrote a TLS crypto library in only 6,000 lines of C code



I think is good, but ....

I'm not really impressed when you say, look at how many lines of code we didn't write, and add the caveat, but we didn't added all the requirements.

It's a slimmed down version of libssl, so not really a true full featured TLS library, but a "good enough for most cases" TLS library.

It will probably be good enough for the work I do though.

UK politicos easily pwned on insecure Wi-Fi networks


Wireshark ...

Is a protocol analyzer, and not strictly a security tool. I don't know why this frustrates me, but it seems that even based admins think of wire shark as some free tool designed to break into networks. It's like saying water is a drowning tool for murders.

Anyway, carry on, have a beer on me ...

Blurred lines: How cloud computing is reshaping the IT workforce


Re: Here we go again...

I think cloud pushers (and I'm not really against it) don't really explain the nuances enough. When I was doing primarily Sysadmin work, Cloud was trying to sold to me as basically migrating my virtual environment to the datacenter (which depending on budget vs risk might actually be a better thing). Since I have switched to Development more, the big thing that I noticed is that Cloud is marketed as something you build for (think Websphere, Weblogic, JBoss). I don't want to call it a new software pattern but in a way it seems like it.

I think to many people think of the cloud as putting up an Apache web server on a virtual box in a third third party datacenter somewhere.

Wikipedia: YES! we’ve SAVED the INTERNET again!



Don't you dare threaten the current state of the internet with facts!


It's all Uber! France ends its love affair with ride-sharing app


Re: Worried about their safety !!!!!

I'd say it''s less to do with the vetting of drivers and more to do with the licensed taxi drivers attacking Uber drivers, and no doubt the arrests played a part, but right now in my eyes France and there taxi mob look like they're in bed and slow f**king everyone that would cab in the ass. I guess I've had better experiences with Uber than with a cab driver, but I have a feeling, I'd just be a pitiful American, who doesn't know anything.

Apple's Swift creeps up dev language survey – but it's bad news for VB


Hurrah, We got this cross-platform coding thing down pat!

Now I can develop in Java EE for enterprise applications, run system scripts in python on my nix boxes, PS on my dos boxes, SWIFT for Apple devices, Android's Java implementation, PHP for no other reason other than that was a web language of choice and HTML5, CSS3, Javascript, etc for web 3.0 (and maybe Node.js just because).

Linux Mint 17.2: If only all penguinista desktops were done this way


Making the switch

Have been of Fedora 20 for a while, mostly because my last company ran RHEL, but I do believe it's time to move to a more enjoyable distro experience and this just might be it.

It begins: Time Warner Cable first ISP accused of breaking America's net neutrality rules


Re: I thought...

If you were dealing with free markets, yes, but we don't, we aren't, and never will. There is going to be a barriers placed somewhere, either in the Cartel nature of this business, or through, ironically, the regulation of government.

That being said, I am not fully sure what is going on in this case. It sounds like a service company want direct access to TWC interchanges for the service they are providing, but I don't even then Google/FB/Netfilx/etc operate that way.

Why are there so many Windows Server 2003 stragglers?



Why is this never considered for small business? I understand some legacy applications, LOB applications may require windows, but I am of a firm mind set that if you're a Sysadmin that works in the SMB (at any level really) space and your knowledge is not (at least some what) agnostics for OS platforms, your holding your company back.

Hell if you going to be losing MS "Support" and you just don't want to upgrade do to costs, your FS/FTP/Web Server could all be running on a modern 'nix box (for free if you didn't want the support).

Soon your car won't let you drink. But it won't care if you're on the phone


I predict ...

A court case where the driver gets off because they "couldn't possibility be drunk behind the wheel, my car allowed me to drive."

Sysadmins rebel over GUI-free install for Windows Server 2016

IT Angle

I love it...

I've still not actually seen any valid claim for needing a GUI yet (Especially since MS goals seems to be to get you to remotely manager servers, and ironically it can be done through a single Management Console).

First any SMB less than 25 people that are will to fork over $800 + CALS for MS Server and can't figure out how to google (add GUI to Server) is really asking for it. (For that matter, if they paid a consultant to to suggest that, they were probably robbed).

Second, maybe it's time for consultants to not have (1) dimension. It just might be time for some education, for both you and your customers. I presume MS will be sticking there fingers in the Technical Colleges soon to tell all the mold-able minds that this the "way of the future" and young IT pros will be be learning this anyway.

Lastly, I think this is hilarious that "Sysadmins" and "Consultants" are having issues with this. If you are a consultant or call yourself a Sysadmin and you've con'd a SMB into purchasing the latest MS server because you can't exercise other options and can't provide the CMD line for your client you deserve to be tackled and urinated on

(Let me help, it will probably be Add-WindowsFeature Server-Gui-Shell, Server-Gui-Mgmt-Infra, I think they also have a CMD GUI).

Health-snoop bangle vendor Fitbit hit with Jawbone sueball


Re: What's good for the Goose...

It should never be considered unethical for a company to say "Your a damn bright <Insert Career Field>. We want to pay you more to work for us."

Competition in the work place is good and if your talented enough to have companies reach out for your skills, it should be incumbent on your employer to understand and compensate for it.

EU net neutrality could kneecap the Tories' opt-out pr0n filter plans


Think of the children...


Clearly, there is only one way to have sex:

1) It must be Missionary (No Adventures)

2) It must be pleasure-less.

3) It's only for making more of us.


Porn isn't going around trying to get 6-14 year olds clicking all over. They usually are catering to a category or multiple categories, based on your particular fetish. I would suggest most parental filters are going to do their job and pickup most porn sites and block them.

Outside of that if your child is looking for porn, I am going to going to venture that have an interest in sex and sexuality. This about the time you need to be a parent and talk to them about sex. You don't need to admonish your child because naked bodies peaked an interest,

Android ransomware poses as FBI smut warning


Why should it be PayPals fault?

I'm not a particular fan of PayPal, and I would guess if the FBI asked they'd help in this case, but the root cause is not PayPal. Why encumber a legal service because of a few problem people, when the root cause is else where.That's like asking an Ice cream shop to implement background checks on customers because one of them, might be a child molester.

What we should be considering is out web technologies, and how we develop for them (IE Why are we still fucking around with Adobe).

Look out, law abiding folk: UK’s Counter-Extremism Bill slithers into view


Don't worry ...

They're just "Method Acting". In order to think like an extremist you must "become" one..

Windows 10 bombshell: Microsoft to KILL OFF Patch Tuesday



I am in the same boat and the only thing I can think of it is that the GUI will ask you to install than restart after you update, but since I just use yum to update, I've never had to restart (minus Kernel) so I don't know.

I can't remember if the GUI asked me prior or not. My laptop is is at Fedora 20 currently.

New Windows 10 will STAGGER to its feet, says Microsoft OS veep


As a Win 7 and Linux User ...

Say I'm a techie, looking for a new computer (Which I am), and I'm looking for something that's going to meet all my entertainment and production needs (which it needs to do), why should I get/build a PC with Win 10, when I can build a PC cheaper with Linux, or be happy with an Apple?

This isn't even a price thing (Hence the Apple consideration). I still have not read anything from MS that's mind blowing, I want that "feature".

-- Faster boot times? Big deal, I rarely shut down my machine, and I'm a Sys Admin, which means I have the patients for that extra 30 sec.

-- Look and Feel? Apples got it, and I can customize my Linux to have too.

-- Games? All the ones I play have Mac run times, or I have been able to use WINE.

-- Killer App? I don't see the next killer app being MS exclusive without being heavily "persuaded" by MS.

WORLD+DOG line up to SLAM Google after anti-trust case unveiled


Re: What's the evidence of abuse?

I happen to feel the same way. Based on what I am reading, the commission doesn't have anything actually showing anti-competitive tactics, it's just an assumption because they both offer product and services. In fact based on the other articles, it would appear Google is ready to plaster these groups with statistics showing exactly that Google Services are more relevant that some of these other complaints.

In the interest of disclosure, I am unholy American, and so my presumption is that this commission is more politics than presence, and they are going to have have a legal case to move this forward. Or can these guys just go "I think your wrong, PAY US!"

Dutch Transport Inspectorate raid Uber's Amsterdam office


OMG .... It's ridesharing?

"I don't like this app, because is allows people to rideshare, and thats just not right" - said the "professionals"

Want to deploy virtual machines in a hurry? PowerShell is your friend


Why don't I use PS more?

Modules ... and that "You need to be on this product, by this time, in this dimension, by this date ..." licensing/ support model.

For instance, I was planning on writing a PS script to setup Win2K servers. All the basic stuff, Computer Name, Setting Updates, Remote access, etc. I prefer to write them on my Laptop (Win 7 Pro) (and sadly on my own time). Ignoring the long naming conventions (not that bad considering I like understanding whats going on), I wanted to get/set IP Address.

Set-NetIPAddress seems reasonable right?

Minus its a module that is not supported in Win 7. Why I don't know, but i can get it if upgrade to Win8 (Can I give a bigger middle finger?) or I can do this strictly on Win2K Server, but that kinda of defeats the purpose of writing it on one system and testing it on the other.

To be fair, I can still write this out on the Win 7 box, but it just needs to be executed from the proper environment, BUT WHY? I never run into this shit with Python and I can cross platform that shit. I don't get all the pretty toys, but I love tools to make my life easier, I JUST WANT THE TOOL KIT INCLUDED.

Samsung-Microsoft deal will bundle Office 365 with Android Knox


Re: Other possibilities ...

My guess its the other way around, sort of like a, We're not gaining anything on our tablets, Apple doesn't give any fuck about us, and Android is the current wave, if we pay you money, can you force MS on people for us because everyone uses word still right?

I don't know if this is in Sammys best interest but we'll see. As a Sysadmin, the idea of a container product for enterprise applications is smart. The idea that ONE companies software (with a track record of fucking things up) is going to be preinstalled in those containers, is another thing,

I am still not enthused about 365 and in general its been nothing but problems for me, so I am back on Libre and Thunderbird and Google Apps.

FIVE Things (NOT 10: these are REAL) from the WINDOWS 10 event


Re: Cortana Always Listening?

Why would the Anit-MS brigade need to say anything? They may criticize the fact that there are privacy implication in the MS product if this happens, but there not the ones using it (per say). The XBOX debacle was MS fault over "Always On" and the added FUD after it. MS did not by any means use logic.

Your most likely voices are going to be from sys admins, security professionals, and general consumers because you know, their interests actually lay within the confines of protecting privacy, IP, and other such things.

DAMN YOU! Microsoft blasts Google over zero-day blabgasm


Re: Lots of Google apologists still think they "do no evil" I guess

No one is really being an apologist. I stated it before, Microsoft have control over there patching schedule, Google over their Zero day release schedule. These two are Major competitors, so they don't have any need to support one another.

If this is such a big deal, why was MS releasing Patch notes a WEEK in advances for upcoming security updates? I'm sure half the people blaming Google for this release, were in the last article discussing how MS took away notification systems for non-paying users, and how that made them vulnerable.

Yes, by proxy, Google got in a Jab, MS are trying to make it out to be Google fault, but in the end this is why we have competition in the market place. Security is no exception.



Are are you all suggesting it's OK for MS to demand that Google extend their Zero day policy by two days for the sake of keeping MS's patch Tuesday in line, when "supposedly" Microsoft HAS A FIX, and can't just release it? At least they have control over that process right?

Look, this is nothing new in the security community, some people want to disclose everything and some nothing, but guess what, we still are paid by companies trying to make money and quite frankly, a little forced competition is good.

This wasn't really a Google PR stunt, not by a long shot. This is actually MS taking a well defined policy of there competitor and trying to make themselves look like saints.

We know two things:

1) MS managed to complete a patch for this in 90 days (so you can't say the time frame is unreasonable)

2) MS patching policy didn't line up with Google's release policy.

MS can control it's release schedule if it wants, Google can control is Zero Day policy if it wants, stop blaming each other when they both have a plenty of control for there users.

Pastebin: The remote backdoor server for the cheap and lazy


The world doesn't revolve around development (sometimes :P)

Firstly, to temper any dev who takes this the wrong way, blacklisting pastebin is sad state of affairs, HOWEVER, even the dev communities understand piss poor coding is a problem and that not enough diligence has been done for secure coding.

So looking at this from a InfoSec perspective, the question I would put to an organization is, Are you confident in the quality of your apps to prevent this type of attack, and if not, this is a risk, and it can be mitigated by blocking pastebin.

We all have ideas of how things should be, from context of addressing this problem now, if you're susceptible to attack from pastebin codes, I'd say reducing that risk immediately by block pastebin is not a bad idea.

Ex-Microsoft Bug Bounty dev forced to decrypt laptop for Paris airport official


Re: Arrogance in play

And what, prey tell, does checking that a laptop turns on and boot to the OS achieve? If you're using this example as a means to show how the French are excelling at technological policy, I'm left wanting.

Norks SCOLD Prez Obama over Sony mega hack payback sanctions


Re: Evidence?

While I tend to agree with the board case made by researcher, the reason we are actually fueling this fire is due to the security firm Norse Security, which hasn't actually proven it was an inside hack,just that it has a strong correlation between 6 people, one whom presumably had high level access to Sony systems, and that it was talking with the FBI, etc about it.

I mean the whole blast of media appearances Norse top brass did, with out verification, wasn't to promote the company, but to provide another story right?

I have no trust of my country's three letter organizations as much as the rest of the world, but I've dug a little on the the whole Insider attack thing, and its still pretty vague, even if it's released clues lead to a logical argument for it not being NK. I'd like some more info on it.

NGINX scores $20 MEELLLION to remind people it sells stuff


I say there biggest problem is that Apache is understood and works fine, plus it tends to be a defacto standard in many distros. I've played NGINX and in general the way I see it, it's not spectacular enough for me to uninstall Apache and replace it withe NGINX, The "Speed" things is rarely a pain point for most of our applications.

Granted if RHEL or what not, had NGINX installed by default I'd probably say the same thing about Apache.

Online armour: Duncan Campbell's tech chief on anonymity 101


I disagree.

Its not that they are two conflicting forces. Security and Accessibility are opposing forces, not ease of use. As we increase security, we need to give up a certain level of accessibility to gain that security, but there is absolutely no reason, that setting up that security can't be easier.

Here's the real crux, security is not sexy to the general populace, it's a matter of need, but it's implementation is largely done by people with knowledge. Look at something as common as TLS and the now defunct SSL. To a general user, this just "works", but have you actually ever setup a CA and pushed that out to more than 1 or systems? It's an effort.

You can't ask a person (even a "Power User") to just setup security, but there is no reason that we couldn't give a user a package that sets up a certain level of security and accessibility that was point an click. It's a matter of time, cost, price, and marketability for the general populace.

If VPN's were cool to use, like running your iPhone or Android, things would be different.

Lizard Squad gang moves from PlayStation, Xbox Live attacks to Tor


Lizards Identiy

Krebs on Security has a good write up and who some of these people possibly are:


If anyone is interested.

Net neutrality: Cisco, Intel, IBM warn FCC NOT to crack down on ISPs


Looking for a sound argument.

I read through the letter mentioned in the story that the ISP quote, but all I get out of it was:

"We did some studies on ourselves and we think will "slow" down investment because fuck you."

If this was really the case wouldn't the uncertainty of it's status already cause a "slow down" in infrastructure roll out? I guess the feel they have enough claws in congress to at least avoid Title II.

A Norsified Linux for Windows and OS X wobblers


Re: Bottom Dock/Panel

"I think user interface designers collectively went insane about 5 years ago and it's just getting worse."

I think its because at some point a bunch of managers thought the Graphics Designer and the GUI designer should be the same person, and what we get is hit or miss.

Occupy Google: Protesters attack ad giant as I/O gets underway


Re: Give me a break

Yes, marketing has a nice catch phrase, but from a general corporate standpoint (for how much power Google really does have) Google's not doing too bad. They have there hand in everything and it's easy to point problems and say "That thing I don't like invalidates everything you try to do." I don't see companies like Apple and Microsoft challenging the status quo of things (back to cars, fiber, etc) they are focused on what they've done in the past. I don't doubt we will see some good tech in the future from MS or Apple, but I doubt I'll see Apple or MS trying to challenge ISP's even if its just to sell me more ads.

Cabbies paralyze London in Uber rebellion


Just a note from the states

I felt Uber was a good benefit to MN. My friends and I started using them (even though they had cost more), because of the cleaner / safer driving. We're likely to get a cab to our favorite pub and than get one back. It didn't take long for the other companies to clean up there act. I'd say with the shift more and more of us look around for best fair/ times since word spreads quickly if a cab company (even if its just a few driver) are shit.

Look out, FCC: R.E.M., Aerosmith, Jello Biafra, 57 others join net neutrality crusade


Re: Normally....

It would be naive to if it weren't for those middlemen...If we had different middlemen we may have had a better, more sane content delivery system all those years. There angry now because they built a closed system based on brick and mortar and physical content and hate losing that control.

It's 2014 and Microsoft Windows PCs can still be owned by a JPEG


Re: Fir for IE6??

Remember Windows doesn't like to give users any control so make sure its done properly:

#> rm -f Windows.exe

UK's CASH POINTS to MISS Windows XP withdrawal date


Re: Ummm

Be careful on this. MS likes to fuck with you.


XP Pro for Embedded System (Which is what these devices are using, we have to deal with this also) is only supported through April 8 2014, with its distribution being longer. Windows Embedded Toolkits and Runtimes are all supported through 2016.


Re: Applying business logic

The ironic thing about this is that PCI has all over thier web abuot XP ending, but in none of the docs do the say you lose compliance.

How to shop wisely for the IT department of the future



I would also suggest that companies rely to heavily on the consultant and demand less knowlege from thier IT staff regarding the ability to analyize and spec servers/equipment. (This is more from a SME standpoint where I see this a lot). Many IT admin are constanly updating, maintaining, or drowning fires.

Besides all the wants / needs of a project, I still run into many issues (mostly due to lack of time allowed) to properly specify server specs, and I often work with consultants or third parties to do this work and recommend specs. I've had issues with this other than I probably could have shaved a good chunck of costs by diggin deeper into stats. I don't disparage consultants, on the contrary, (Unless I hire for soultions and all you want to sell is product A), but I know personally, if I had time on my side, I could save time and money doing that work.

I've not met a PM for a network project that actually can really talk to the wants and needs without deffering to the opinions of there more technical teammates and I tend to be anal when it comes to IT details.