* Posts by JCitizen

860 posts • joined 16 Jul 2012

Page:

Video encoders using Huawei chips have backdoors and bad bugs – and Chinese giant says it's not to blame

JCitizen Bronze badge
Megaphone

Re: "The hardcoded password is a deliberate backdoor."

I know for a fact some limited number of chips made or developed in the Pacific rim were deliberately changed at the manufacturing level to piggy back circuit design as a permanent back door, no matter what code was used. The person that witnessed this was thrown out of a laboratory when my friend asked what they were doing. They were so arrogant that they even screened in logos in the photolithography films. They may be more discreet now, but I'm not convinced it isn't still happening. I'd wager that they still at least salt shipments of random modifications from the foundry in every sale overseas.

Astroboffins reckon evidence of Martian life has probably been destroyed where liquid acid flowed on the Red Planet

JCitizen Bronze badge
Devil

What!? No drill?

I was hoping we'd see more better drilling this time; maybe strike oil er sumpin'!

Microsoft open-sources fuzzing tool it uses in-house to keep Windows so very secure

JCitizen Bronze badge
Devil

Re: Fuzzy Blue Screen of Death

Shoot if you want to brick a PC, just upgrade to Windows 10 v 2004 and you will enjoy the vagaries of crashworthiness!

Good: US boasts it collared two in Chinese hacking bust. Bad: They aren't the actual hackers, rest are safe in China

JCitizen Bronze badge
FAIL

Re: Bogeyman du jour

All I know as far as my personal experience, is that the Chinese were trying to ruin the lives of several of my clients that had IP to protect - These folks(victims) were ultra smart, but didn't know anything about computer and/or phone security, and they got run over like a truck. It took a while to ID who these bad actors were, and even though they were so arrogant they left notes on the computers of the organization's network assets so they could track their ingress; we still waited to see who we thought really did these egregious operations. It turns out in the early times of these crimes, the IP addresses were easier to track, and they always pointed to several addresses in China. This was in early 2005.

Later they got smart and obfuscated where their attacks were coming from by routing through so many compromised networks you would take forever finding out where the true end point was. Common sense tells me it was the same teams that were originally attacking my clients. In this process they realized who was helping the victims and tried to penetrate my network, but I had a very good CheckPoint UTM appliance that not only prevented this, but also tracked where the attacks were coming from, and you guessed it. Same IP addresses we saw before.

Eventually I had to give up on these poor people and one of them was ruined, and is living in poverty now with relatives, and one other was so late jumping off into marketing their ideas, that I'm not sure how they are doing now - although their web site is still up. I wasn't totally untouched however, because the criminals managed to hack into the local ISP who was my phone provider and block all external calls into my business. That took me a while to find out also, because I had to learn face to face, from other witnesses that said people couldn't call me, even though I never heard the phone ring - so I contacted the ISP and asked them to flush all routers and switches and re-image them from backup - and - you guessed it - that worked! The ISP was flabbergasted, but that is just how long a reach these deep state bad actors have on the whole world. I have nothing but contempt for all of them, and not just the Chinese.

0ops. 1,OOO-plus parking fine refunds ordered after drivers typed 'O' instead of '0'

JCitizen Bronze badge
Coffee/keyboard

Re: And this ladies and gentlemen...

This harks back to something we did early in the computer days, where you were required to write a zero with a diagonal cross in it to eliminate the confusion with capital O's. We also had to put a horizontal dash across any 7s, so they wouldn't be confused as the number one (1). I kept that habit for decades afterward, and it actually came in handy when I ended up in military supply, and using coded entries so the computer could read the difference as well.

Ah the memories of those good ol' days! First it was to help keep from confusing the keypunch operator, and later the optical computer reader - either way, it helped end the confusion - Oh and the numeral one looked like an upside down capital T! Ah yesss!

Court hearing on election security is zoombombed on 9/11 anniversary with porn, swastikas, pics of WTC attacks

JCitizen Bronze badge
Trollface

I was reading about one of these..

incidents on Krebs on Security, and one look at the face of the prosecutor when seeing the porn coming on the screen was priceless! I was definitely rolling on the floor laughing out loud!

Don't be BlindSided: Watch speculative memory probing bypass kernel defenses, give malware root control

JCitizen Bronze badge
Coat

A comment ignorant of all things said so far..

I'm ignorant of both low kernel level science and the silicon infrastructure that runs it; but even I can maybe comment on crazy ideas on how to mitigate it, at least some more. Maybe they need a section of the CPU, or perhaps even something placed at a tactical bus monitoring all digital traffic, that runs a read only AI program that checks all logic results running in the CPU, and maybe even I/O ports, that looks for activity that could change the state of root privileges. Or maybe something similar to steady state invented to prevent compromise of disk memory; only it would be a steady state architecture that monitored the CPU to keep it at one state of permissions and only that one state. It would be the changes that would suck - because it would naturally have to be difficult to manually change administrative permissions at that level. Maybe the AI chip could keep a read only snap shot of the true state, and when it changes, reset the CPU to the former state, so that operations could continue normally.

Bear in mind, I'm ignorant, but I like to brainstorm none the less - it would seem like such a scheme - when under attack would show evidence not only to the AI chip but to anyone using the machine or services. They would hopefully be nothing more that blips in operation, but plenty noticeable enough that IT personnel could react to the attack. Perhaps the introduction of a laser programming device plugged into the machine would be the only way to change the kernel level permissions in the AI as a singular way to rewrite the permissions at that level, and from then on, it would only be necessary to detect a change in that state - maybe using the term "Advanced Intelligence" is overkill, it might not have to be that advanced at all.

I remember when protecting the state of recorded memory of spinning magnetic discs was done with steady state boards plugged into the mother board to control snap shots of the former state of memory in the disc - if users noticed an attack or compromise any time during operation, they could simply reboot and recover back to the former state, and no malware or subsequent changes to memory were in existence any more. Microsoft invented Steady State for 2000 and XP using only code operations, I assume at the master boot record level, or perhaps a partition created for such duty, with no need of hardware. But it wasn't perfect and could be compromised, so they abandoned it when Vista came out. There are still coders out there that claim they can still do it right, but I've not tested any of their claims, but one made by Faronics(years ago), and it met the claims at that time. I'm not even sure they work on the new UEFI scheme and/or Windows 10 now. Libraries still used something like it - last I checked. Faronics used to use "Deep Freeze" successfully for years doing the same thing.

My coat is the one with the pocket protector in the breast pocket.

China’s UK embassy calls for probe into 'hack of Ambassador’s Twitter account'

JCitizen Bronze badge
Devil

Re: haha

I love your nom-de-guerre Spasticus! I shall LOL every time I see you post!

Ireland unfriends Facebook: Oh Zucky Boy, the pipes, the pipes are closing…from glen to US, and through the EU-side

JCitizen Bronze badge

Re: FB are pretending FISA 702 don't apply to them. It's called lying

I'm more worried about Google than FB; and I have one eye on the way MS has starting acting like Google too. However FB needs security settings that are tailored to EU rules so the individuals can select them, and it should be simple to do and transparent. For those that refuse to set privacy levels on FB, then who cares what happens to their data - they sure don't!

I also believe that FB should allow all users to set up under EU guide lines; that way if users feel they are getting better protection that way, then they can get it. I see no reason why FB couldn't still make enough money off their site that way. I see more ads than ever before they way they have it set up now. I've noticed they aren't as cagey as Google/AWS though - those two get deep in your knickers!

I can 'proceed without you', judge tells Julian Assange after courtroom outburst

JCitizen Bronze badge
Megaphone

Forgotten..

Commentators here on El Reg seem to have forgotten that Sweden dropped the inquiry to Julian's rape charges. Interviews of the victim became foggy and disjointed enough they realized they didn't have a case after all.

JCitizen Bronze badge
Trollface

Re: Assange

@Sed Gawk

"Her" time being commuted by the President - but yeah the little time was served.

JCitizen Bronze badge
Meh

Re: Blackmailed

Well, at least Snowden has a District court case in his favor so far. I'm wondering if it will go to the SCOTUS next.

Ghost of Windows past spotted haunting Yorkshire railway station

JCitizen Bronze badge
Go

Re: supposed to be upgraded

Why not simply patch with Opatch? The yearly fee is very reasonable, and it also patches over 600 applications on the PC, if they are present. I've been using it for some time now, and haven't been pwned yet! I'm not a shill for Opatch, just a Windows 10 hater. I have to fix all my clients problems with Win 10, and can't get them to go back to 7, which for some reason they liked, but are fixated with the "latest and greatest" Windows OS.

Oh, well, at least 10 is more secure; but at what cost? Every feature update borks the entire device and makes it unusable. I've even had people who bought a new machine, just so the latest update would work, when they already had a machine that was only 2 years old. Talk about masochism!

Like Uber, but for satellite launches: European Space Agency’s ride-sharing rocket slings 53 birds with one bang

JCitizen Bronze badge
Trollface

Re: Great!

Holy crap! So you are saying that these cube sats are above the ISS orbital path and could end up crashing into it on the way down? I shudders the thought!

Snowden was right: US court deems NSA bulk phone-call snooping illegal, possibly unconstitutional, and probably pointless anyway

JCitizen Bronze badge
Megaphone

Hopefully...

I hope this gives Snowden a leg up during any trial he might undergo. I'm not really a fan, but I support his cause if not his personal intentions.

JCitizen Bronze badge
FAIL

Re: What is the point of the court ruling ?

I've said it before, and will over and over again, that the law was stupid as well as unconstitutional; and was totally not needed in the first place.

We had all the information needed to stop the 911 attacks, but we simply didn't share information between agencies, so investigators could put two and two, together. The only law needed was to relax (but not completely, as abuse in the 1970's proved), data sharing rules between investigatory agencies. That was ALL they needed, not this ridiculous tripe! More time has been wasted following this stupid tactic, that could have been better served through regular old fashion gum shoe work!!! [and possibly a whistle blower law to protect lower agents when reporting information that could prevent attacks] The latter which would have also prevented the 911 attacks.

Autonomous robots that can be injected? Not as far off as it sounds, say boffins, thanks to new ion-powered silicon legs

JCitizen Bronze badge
Go

Star Trek..

Used to love watching 7 of 9 injecting her "nano-bots" into people to aid in whatever mission they were in. Well, let's face it - I liked watching 7 of 9 no matter what.

DDoS downs New Zealand stock exchange for third consecutive day

JCitizen Bronze badge
WTF?

Akamai

Shouldn't Akamai or similar reputable DDOS blocking provider be able to take care of that? Or are they just too cheap to wake up and realize this is the real world now?

'My wife tried to order some clothes tonight. When she logged in, she was in someone else's account ... Now someone's charged her card'

JCitizen Bronze badge
FAIL

Re: Encouraging diligence

I'd say less than a month, as it happened to a retailer I was doing business with, and VISA slapped then with the punishment of not allowing storage of card details after that. They ended up selling out to another company that didn't mind doing business that way.

JCitizen Bronze badge
Go

Re: Credit card? What credit card?

I had one of those, before the company quit using it; worked great! I see where it can be picked up again by almost any card company now, but signing up for it at a special secure website, and then you get a browser "app" that applies the special account number to each merchant you do business with online.

I should have wrote the URL down, as I've forgotten it already. Maybe a web search will put me back on track.

JCitizen Bronze badge
Megaphone

Re: step one: ring your card provider

Totally correct! I once suspected a legitimate company had been hacked, or had a rotten egg insider, that was using my information to buy 3 months of server space from a dodgy provider, so I knew it had to be likely an outsider, who was simply hiding his tracks to pay for bot herder server farms.

The next time I purchased from them, I used one of those cards that allows you to relegate a unique card number to each merchant you buy from; and sure as heck, it happened again, except VISA got wind of it without my intervention, and took the web site's card holding privileges away! I disrupted the company so bad they fired their foreign customer service, and sold out to a company that only used US service centers. I personally don't think that is anymore secure, but I haven't had trouble with them since.

The truth is, honest people need willpower to cheat, while cheaters need it to be honest

JCitizen Bronze badge
FAIL

Funny thing about piracy; I had more than one friend tell me that when they went to a legitimate store and bought movies or music from them, the DRM or Digital Rights Management failed, and they weren't allowed to play the premium content on their machines!!!

Now that would make me VERY angry, even though I stopped buying either movies or music years ago, and I don't "steal" either one either. However, they solved the "problem" by using illegal copies of each disc or USB thumb drive file along with the legal content they had bought. That way they were covered if anyone wanted to make an argument. So I don't feel sorry for the MPAA, because they have only damaged the industry with their idiot DRM policies, and they only have themselves to blame for a decrease in sales.

Crack this mystery: Something rotated the ice shell around Jupiter's Europa millions of years ago, fracturing it

JCitizen Bronze badge
WTF?

I wonder..

if anyone has done a full orbital computer study of all the moons there, so that they could rule out any near miss or other local gravitational effects? Of course a large body plunging into the host planet could barely miss the moon, and no one would be the wiser, as all evidence was destroyed by the gas giant.

Space station update: Mystery tiny but growing air leak sparks search for hole

JCitizen Bronze badge
Angel

Re: how to find the leak though.

Canadarm2 with a camera on it..

JCitizen Bronze badge
Trollface

Re: Leaky Space Station....

You beat me to it! I was going to suggest spraying soapy water on suspect areas, and then use the Canadarm2 crane with a camera to watch for bubbles coming out of the station.

Warehouse management software biz SnapFulfil hit by ransomware: It's not just the big dogs getting KO'd

JCitizen Bronze badge
FAIL

I get so tired of reading about these attacks..

Especially when I see it as a simple proposition to prevent it. Any good MCSE could set up Active Directory and use all the MMC settings, snap-ins, and permissions to prevent such attacks, and when I tested these settings against malware in my honeypot lab, I never had a variant that could penetrate these settings to encrypt critical files on the target machine.

There was also a free batch file that was available at bleepingcomputer called CryptoPrevent that was easy to setup, and much cheaper for the paid version, than hiring a Microsoft Certified Software Engineer to do the same thing; maybe even better. It always came with some code that Bitdefender made resident; but I never bothered to find out what exact product that was. Foolish-IT has been bought out since then, so I have no idea if the new company can be trusted now or not.

Breaching China's Great Firewall is hard. Pushing packets faster than 1Mbps once through is the Boss Fight

JCitizen Bronze badge
Holmes

So maybe...

IF you are a top tier subscriber you get the whole picture, with a minimum of censorship. Seems like this would be necessary for the industrial giants in China, as you cannot make accurate business decisions without accurate information. I often wondered how they'd go about that, and now I think this article solves my problem.

Experian says it recovered and deleted data on 24 million South Africans after giving it to random 'marketing' person

JCitizen Bronze badge
FAIL

This is nothing...

A few years ago some guy in / or from Vietnam did the same thing but way bigger; he absconded with data from the US and maybe several other countries, I don't remember the details, but the story was published on Krebs on Security.

Good news: NASA boffins spot closest near-Earth asteroid ever. Bad news: We never saw it coming. Good news: It's also really small

JCitizen Bronze badge

Re: Arecibo is borked

What? There are thousands of radio telescopes all over the world; why would that one be that much different? It may not have the latest gadgets but radio(radar) it is. I drove by one of the largest arrays on the way to LA once. They have them on tracks that change position depending on the mission. They were huge!

US senators: WikiLeaks 'likely knew it was assisting Russian intelligence influence effort' in 2016 Dem email leak

JCitizen Bronze badge
Megaphone

It seems to me..

That the last thing Julian would want to do is help Trump or any Republican to get into office. I figure his motivations were completely out of that particular subject area. He obviously had friendly relations with Russia, but that was only because he was a thorn in the side of the West, and Putin liked that.

I might as well repeat over again my belief that anything the Russians did, could not possibly change the minds of US voters. I saw no difference of opinions on social media between Democrats or Republicans, and I have friends in both parties. We all laughed at the fake news, but we published it on our walls so folks could get a good chuckle. Americans don't even believe the political advertisements, what makes any non US citizen think we believe the fake news or give it any more weight that other pandering publications? It is just natural to be skeptical when free speech makes so much lying possible. We US citizens know that you can't believe all you read or see on the news or anywhere else. It is just too easy to fabricate false realities. and we know that - we are not nearly as stupid as folks from other countries take us to be. Unfortunately the US news media loves to parade idiots from both sides of issues on TV and everyone from other countries think that is the way all Americans think. NOOooo! The news media only care about one thing, that that is ratings, ratings, ratings - anything else they could care less. Putting on a zoo every day is what they love! Trump was like a gold mine for them, and they could scream all day long every day and still get ratings for their side shows.

JCitizen Bronze badge
Thumb Up

@Jellied Eel...

Exactly!

I've seen things you people wouldn't believe. Winking red supergiants sneezing hot gas 650 light years away

JCitizen Bronze badge
Coat

Re: we get the fart jokes - enough allready !

@John Jennings

Just what I was thinking; but then I'm trying to formulate a joke about dark matter.

Mine is the one with the iron filings in the pockets!

China now blocking ESNI-enabled TLS 1.3 connections, say Great-Firewall-watchers

JCitizen Bronze badge
Go

Re: Satellite broadband?

Some satellites transmit and receive in regular RF, and can be easily used by free loaders, because they are not encrypted. I don't know if you could upload encrypted data to them or not. I forgot the details, but it was in either an article here on the Reg or ZDNet, and I was surprised to hear any unencrypted traffic was on satellite any more. The article didn't say if it was C band or Ku band, and that used to make a big difference in the past.

If your antenna was directional enough, detecting the upload signal might just be difficult enough to avoid CCP police; and the Great Firewall of China cannot control all Pacific Rim traffic like that. Coverage over most of the coastal Chinese state should be pretty evident. The article wasn't clear how much of this "hacking" is totally free - of course all of the download side is. The equipment was amazingly cheap and easy to find amongst junk electronic enthusiasts. It wouldn't surprise me that jammers are setup by the PRC government though; just like the Russians used to attempt when Radio Free Europe was in operation.

Pay ransomware crooks, or restore the network? Guess which way this city chose after weighing up the costs

JCitizen Bronze badge
FAIL

Cryptoprevent..

There are a lot more things you have to do to prevent ransomware attacks, and yes they can be prevented. There is no excuse in my book that every dagone one of these situations could have been prevented, although not easily, I'd be willing to say even one IT person could have done it for a city that small. The cost is more than affordable as well. Until they make it illegal to pay; this madness is just going to keep going on and on and on.

USA decides to cleanse local networks of anything Chinese under new five-point national data security plan

JCitizen Bronze badge
Go

Re: I thought this was more or less known to be the case?

You guys beat me to it on the sea cable spy mission. As an interesting side note - the mission data indicated the Russians were not as bellicose as the US thought they were; and it resulted in more peace talks with the Russians that resulted in very positive treaty initiatives. So for once, the skulduggery paid off in peace dividends!

National Crime Agency says Brit teen accused of Twitter hack has not been arrested

JCitizen Bronze badge
Alert

Still not arrested...

Some folks here on the ol' Reg seem surprised their is still no arrest. That is nothing in the US, where perps, who were never arrested, but still ended up in jail for life for murder. If the court thinks they are a low risk for flight, no bail will be set, no arrest is necessary. Now if you lose your case, and are booked into the system, THAT is more permanent than any arrest ever could be.

JCitizen Bronze badge
Devil

Re: Walk in to a zoom meeting just like that?

I imagine the bombers got their lulz from the pictures I saw on Brian Krebs story on KOS. To anyone that wants to look, I can promise the look on one of the court members during the proceeding is priceless and will have you rolling on the floor laughing out loud in seconds!

Austria astroboffins shed a little light on how we might track orbital junk hurtling at spacecraft during daytime

JCitizen Bronze badge
Go

It would be great..

to see what plans they had for actually removing the space junk from orbit. I've seen a lot of hair brained ideas from clear back in the sixties, that never came to be! Perhaps it is time for a space tax, where by any launch provider pay a minimum, per launch, tax to help clean up the pathways they do business in. Even though today's launch companies are doing something about it to prevent more junk, it would still be in their best interests to remove the old debris too.

Chinese debt collectors jailed for cyberbullying under ‘soft violence’ laws

JCitizen Bronze badge
FAIL

Re: Debt Collector scams in the US

All I can say is debtor harassment is illegal in my state, and the Attorney General has successfully prosecuted several of them.

China slams President Trump's TikTok banned-or-be-bought plan in the US

JCitizen Bronze badge
Coffee/keyboard

Re: This is just thin skin Trump revenge

Blueshirts?

Ever wonder how a pentest turns into felony charges? Coalfire duo explain Iowa courthouse arrest debacle

JCitizen Bronze badge
Megaphone

Oh, an arrest record is serious in the US.

Especially if you ever expect to purchase a firearm; just the arrest record will stop the process right there, and it doesn't have to be a felony, if it is related to domestic violence. I agree with this procedure as long as it isn't false arrest, and if charges are dropped in the case of domestic violence the suspect should be allowed an expungement after a set amount of time. How many states have this system I wouldn't know, but I'm in favor of people being able to clean up their records at a minimum time factor.

A big case that comes to mine is New York City vs. Kalief Browder; which was a particularly egregious act of the state, and he should be the poster child for the Black Lives Matter movement.

JCitizen Bronze badge
Devil

Re: Perfect shit storm

I can just hear it now, " Yo's in a heap a trubba boy!"

JCitizen Bronze badge
Stop

Re: legislation??

The only new law I see in this instance that may be wise, is an expungement right to those who fall victim of false arrest.

JCitizen Bronze badge
Meh

Re: Firewalls needed

Currently in the US is a polarizing mistrust between state entities because of the political climate now. I'm big on pen-testing, so don't get me wrong, but it is just common sense to alert as many of the heads of each level that the testing is going on, and document it; which they admit should have been done.

Many of our friends across the pond may find this climate distasteful, but in America we find it healthy to trust the powers that be only so far and so much. It is the historical way in the US. I do believe there should be a law allowing persons that are victims of false arrest to expunge such records, and some states may have that in place already.

Days after President Trump suggests pausing election over security, US House passes $500m for states to shore up election security

JCitizen Bronze badge
FAIL

Re: The way it will pan out

I think it is silly that any politician will think Republicans will avoid the polls because of the Corona virus. Especially when most of them believe the whole pandemic was just a plot to ruin the golden economy that Trump supposedly built.

I'd wager that Republicans will be the only ones to show up at the polls, what with all the fear mongering the Democrats have placed on the pandemic. They are the ones that should be trying to "pause" the election. However, with all the protests, I doubt anyone will avoid the polls, as obviously a lot of folks could care less about COVID-19!!

What goes up, Musk come down... and up and down and up and down: NASA details followup Dragon pod trips to orbiting station

JCitizen Bronze badge
Go

Also..

I look at it this way; not only does Dragon carry more passengers, but the money is going into our economy and not an oligarchy that is barely friendly to us in the 1st place. The Russians kinda shit in their own kitchen though, as NASA had plans to still use them for other types of launches as well as backup; but that cry baby over there ruined that possibility for now. So they crapped in their own mess kit, as far as I'm concerned.

MI6 tried to intervene in independent court by stopping judge seeing legal papers – but they said sorry, so it's OK

JCitizen Bronze badge
FAIL

Across the pond..

What gripes me, is that the Wiki Leaks proved that many things that are tagged as super secret, don't even deserve that status, but on the other hand, the news media regularly air details on things that get our operatives and soldiers killed because of their twisted 1st amendment excuse that the pubic has a right to know. Know what? How to get our troops killed by blabbing our mouths off!

We just can't win.

We're suing Google for harvesting our personal info even though we opted out of Chrome sync – netizens

JCitizen Bronze badge
Flame

Re: Google records everything and deletes nothing.

Gmail probably had a massive failure, and covered with backups, and that is where you deleted emails came from. There is just no way to win. Fortunately I've only used GMAIL as a backup account, so there is almost no critical information there. I haven't logged on but maybe once every two years, to change the password or do other upgrades to security. I refuse to give them my SMS phone number though.

JCitizen Bronze badge
Meh

Re: Too late

Yup! They just camp on cooperating web sites and they get you there and probably even set the analytics tracking cookies, unless you block it with DuckDuckGo.

JCitizen Bronze badge
FAIL

It's the McAfee

McCr@ppy will drag you down into the ditch every time. The only reason I ever used it in the last 10 years was the Site Advisor extension, but they started making me put up with all the other cr@pware they had, and my PC just kept getting more dysfunctional as time went on. I tell any of my clients, that if they insist on using absolutely ANY of that cr@p on their devices, then I refuse to support them.

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020