* Posts by rmstock

60 posts • joined 11 Sep 2012

Page:

Fed-up air safety bods ban A350 pilots from enjoying cockpit coffees

rmstock

fragile equipment

Sounds like Chinese made laptop (touchpad/mouse/keyboard) technology has entered the A350 cockpit

Sudo? More like Su-doh: There's a fun bug that gives restricted sudoers root access (if your config is non-standard)

rmstock

Re: There's more to this than meets the eye

$ tar xzpf sudo-1.8.27.tar.gz

$ tar xzpf sudo-1.8.28.tar.gz

$ diff -uNr sudo-1.8.27 sudo-1.8.28 > sudo.diff

$ ls -l sudo-1.8.27.tar.gz sudo-1.8.28.tar.gz sudo.diff

-rw-r--r-- 1 root root 3293178 Oct 16 15:18 sudo-1.8.27.tar.gz

-rw-r--r-- 1 root root 3309744 Oct 16 15:15 sudo-1.8.28.tar.gz

-rw-r--r-- 1 root root 3654730 Oct 26 19:08 sudo.diff

$ wc -l sudo.diff

92512 sudo.diff

$

So the diff file going from 1.8.27 to 1.8.28 is 92.512 lines long, I wonder what caused this .

rmstock

There's more to this than meets the eye

There's more to this than meets the eye. What was publicized was one of the longest living zero-days exploits out there. Apparently in only very peculiar sudo configurations this sudo zero-day exploit was able to run as root. To be honest i never had heard of sudo until i started installing ubuntu and debian based linux distros. These people most damned know more of the whole story. Also the diff file going from version 1.8.27 and 1.8.28 is suddenly more than a million miles of lines long. Why so ? There's more to hide within sudo ? Therefor here's my sudo contribution for older Linux versions :

for Mandrake 10.1 and RedHat 7.3

ftp://ftp.crashrecovery.org/pub/linux/sudo/RPMS/mdk101/

Mandriva 2011

ftp://ftp.crashrecovery.org/pub/linux/sudo/RPMS/mdv2011/

Google security crew sheds light on long-running super-stealthy iOS spyware operation

rmstock

iOS Exploit avalanche, full scale overseas attack on iPhone

Trump urged American companies, who operate overseas, to come home. Apple is the premier American company who is at the cross roads to either become a State owned China vehicle (which Google obviously has become) or move all operations back to US mainland and remain the corporation Americans expect Apple to be. Apple must have been pondering to do full return to America. Next Google plays the Project Zero card, which one can translate as the Chinese Peoples Party ordering Google to sink the Apple iPhone division in any way, shape or form possible. It is important to realize that Apple is foremost a hardware company and Google is still far away from reaching such a level. Rumors have it that Google is mainly a global company, facilitating IT services for the secret service branches of several countries.

My MacBook Woe: I got up close and personal with city's snatch'n'dash crooks (aka some bastard stole my laptop)

rmstock

Refrain from Computing in Sanctuary Cities

"A question flashed through my mind: how dangerous is this? And immediately discarded it: we were on a main road in the heart of San Francisco. Dozens of people were nearby. All I had to do was get him on the ground and someone would come help me pin him down."

Sorry dear but San Francisco is a Sanctuary city and as such has been condemned as failed territory :

San Francisco Supervisors Sanitize ‘Convicted Felon’ to ‘Justice-Involved Person’

https://www.breitbart.com/politics/2019/08/22/san-francisco-supervisors-sanitize-convicted-felon-to-justice-involved-person/

2001: Linux is cancer, says Microsoft. 2019: Hey friends, ah, can we join the official linux-distros mailing list, plz?

rmstock

What about her legal status as a Microsoft employee ? Anything she does on a keyboard is inherently and automatic copyright of Microsoft , is it not ?

Mystery Git ransomware appears to blank commits, demands Bitcoin to rescue code

rmstock

The Microsoft curse

This has been said many times in the past, but a lot of strategic purchases by Bill Gates and Microsoft somehow turned into dust and ashes.

Patch blues-day: Microsoft yanks code after some PCs are rendered super secure (and unbootable) following update

rmstock

Happy Death Day 2U

Are we sure it's not straight from the movie script ?

"an unfortunate user has downloaded "the thing"

[ .. ]

And of course Windows 10, to which Microsoft would dearly like users to upgrade, is not affected by the borkening.

Thanks to all the Reg readers who got in touch about this.

We feel your pain. ® "

It's raining patches, Hallelujah! Microsoft and Adobe put out their latest major fixes

rmstock

I'll take a rain check

I'll take a rain check, Mr.Patch Blue.

What happened in China? Got hooked with A.I. Missy ?

PuTTY in your hands: SSH client gets patched after RSA key exchange memory vuln spotted

rmstock

designed and maintained by a single individual

This is exactly why Putty was, has been and still will be highly successful. A screwup comes with a single persons responsibility, and not some corporate haywire mess, including fake semi-scientific pdf publications "delivering" hazy proof of concept for vulnerabilities.

Alphabet top brass OK'd $100m-plus payouts to execs accused of sexual misconduct – court docs

rmstock

$100m plus

Google-up your little daughter and become a G+ Millionaire.

The Trump women are chump change.

Who needs malware? IBM says most hackers just PowerShell through boxes now, leaving little in the way of footprints

rmstock

IBM X-Force Report

Big Blue: "In cases where networks were compromised by attackers, IBM X-Force saw a shift to cybercriminals abusing administrative tools, instead of malware, to achieve their goals. "

Are you sure the local Admin wasn't pressured/bribed to share admin passwords and credentials ?

Reliable system was so reliable, no one noticed its licence had expired... until it was too late

rmstock

Business Model

It's all about your business model, given that in the past you as a business owner bet on the right platform to run, which obviously was and is some PC UNIX i386 variant in the case of Unix/Linux. SCO OpenServer has been around since the days of the AT 80286 PC's. Today when looking for the latest you type in www.sco.com and arrive at Xinuos which no one knows. However your old SCO UNIX keys seem still to work or not ... If however you can get SCO OS5 to run on the latest hot x86_64 iron available, making your old applications available at todays cpu and disk speeds, you win. If applications which run on ScoOS5 follow the same business model no one will complain.

https://i.imgur.com/zcXYVmy.png

Core blimey... When is an AMD CPU core not a CPU core? It's now up to a jury of 12 to decide

rmstock

AMD wins all the way

AMD is clearly the winner over Intel these days, with its Ryzen Threadripper ripping Intel apart. On full load the CPU's Temperature doesn't exceed 50 oC (122F). Clearly the NORTHERN DISTRICT OF CALIFORNIA Judge has been pressured to allow this ridiculous class-action lawsuit, which is only a fight over words. When was the last time that happened ?

"At Just Over Half The Power…?!

Also, in that same test, it showed the system level power. This includes the motherboard, DRAM, SSD, and so on. As the systems were supposedly identical, this makes the comparison CPU only. The Intel system, during Cinebench, ran at 180W. This result is in line with what we’ve seen on our systems, and sounds correct. The AMD system on the other hand was running at 130-132W. If we take a look at our average system idle power in our own reviews which is around 55W, this would make the Intel CPU around 125W, whereas the AMD CPU would be around 75W." https://www.anandtech.com/show/13829/amd-ryzen-3rd-generation-zen-2-pcie-4-eight-core

Sacked NCC Group grad trainee emailed 300 coworkers about Kali Linux VM 'playing up'

rmstock

Oracle VirtualBox

The same NCC trainee should be given the opportunity to do the exercise again using a VBox image , the favorite version of Kali Linux used by Pro's from Eastern Europe, Middle and Far East :

Kali Vbox downloads : https://i.imgur.com/NvIn5FA.png

Kali iso downloads : https://i.imgur.com/XVK9DEk.png

Which scientist should be on the new £50 note? El Reg weighs in – and you should vote, too

rmstock

James Clerk Maxwell

His two volume set monumental work "A treatise on electricity and magnetism" (c)1873 has remained hidden in some drawer of the Gravitational Department of Berkeley CA (University of California) for decades. The only copy left ? The successful detection of Gravitational waves by Thorne et.al. was rewarded with the 2017 Nobel Prize of Physics. When glancing through the Gravitation bible https://archive.org/details/GravitationMisnerThorneWheeler and comparing the covered content like introducing e.g. Chapter 4 ELECTROMAGNETISM AND DIFFERENTIAL FORMS Box 4.2 ABSTRACTING A 2-FORM FROM THE CONCEPT OF "HONEYCOMB¬ LIKE STRUCTURE," IN 3-SPACE AND IN SPACETIME with that of Maxwell's 1873 work https://archive.org/details/electricandmagne01maxwrich https://archive.org/details/electricandmagne02maxwrich you know that the Berkeley professors were peeking in Maxwell's 1873 book set all of the time. He probably died premature because of his opinion on the instantaneous nature of E, the electric field, which was opposed by Einstein and the Berkeley professors, who imposed a general speed limit of c. Of course the speed of light was first calculated by Maxwell. In 1962 J.D. Jackson published Classical Electrodynamics 1st ed https://archive.org/details/ClassicalElectrodynamics probably the best book on its subject. It seems however that his first edition contained some inconsistencies in Chapter 11 Special Theory of Relativity, that it took only a few year before J.D. Jackson was berglarized to join Berkeley in order to publish his famous 2nd edition, in which Chapter 11 on Special Theory was totally rewritten https://archive.org/details/ClassicalElectrodynamics2nd .

Official: IBM to gobble Red Hat for $34bn – yes, the enterprise Linux biz

rmstock

Re: "DON’T FOLLOW THE RED HAT TO HELL"

I sense that a global effort is ongoing to shutdown open source software by brute force. First, the enforcement of the EU General Data Protection Regulation (GDPR) by ICANN.org to enable untraceable takeovers of domains. Microsoft buying github. Linus Torvalds forced out of his own Linux kernel project because of the Code of Conduct and now IBM buying RedHat. I wrote the following at https://lulz.com/linux-devs-threaten-killswitch-coc-controversy-1252/ "Torvalds should lawyer up. The problems are the large IT Tech firms who platinum donated all over the place in Open Source land. When IBM donated with 1 billion USD to Linux in 2000 https://itsfoss.com/ibm-invest-1-billion-linux/ a friend who vehemently was against the GPL and what Torvalds was doing, told me that in due time OSS would simply just go away.

These Community Organizers, not Coders per se, are on a mission to overtake and control the Linux Foundation, and if they can’t, will search and destroy all of it, even if it destroys themselves. Coraline is merely a expendable pion here. Torvalds is now facing unjust confrontations and charges resembling the nomination of Judge Brett Kavanaugh. Looking at the CoC document it even might have been written by a Google executive, who themselves currently are facing serious charges and lawsuits from their own Code of Conduct. See theintercept.com, their leaked video the day after the election of 2016. They will do anything to pursue this. However to pursue a personal bias or agenda furnishing enactments or acts such as to, omit contradicting facts (code), commit perjury, attend riots and harassments, cleanse Internet archives and search engines of exculpatory evidence and ultimately hire hit-men to exterminate witnesses of truth (developers), in an attempt to elevate bias as fabricated fact (code) are crimes and should be prosecuted accordingly."

rmstock

"DON’T FOLLOW THE RED HAT TO HELL"

Certain Hollywood stars seem to be psychic types : https://twitter.com/JimCarrey/status/1057328878769721344

rmstock

Pwnie for Lamest Vendor Takeover

The 2018 Pwnie Award for Lamest Vendor Takeover goes to ..... IBM. But remember, the true power is with the source and keep the source not exclusively at github and the cloud, but also on local storage. Don't allow BS to destroy good working software.

Congrats from 123-Reg! You can now pay us an extra £6 or £12 a year for basically nothing

rmstock

Re: Your Domain Robbers Paradise

Rule Number 1 : The bad guys always operate under secrecy. Rule Number 2: The good guys never operate under secrecy.

How it came about that today the EU and ICANN.org appear to work hand in hand to cast a dark shade of secrecy over all Domain Registry's across the world is a good question.

rmstock

Your Domain Robbers Paradise

I think two new developments got mixed up here. 1 The impact of The European Laws on General Data Protection Regulation (GDPR) as ICANN.org has enforced them upon all Domain Registry's across the globe :

Temporary Specification for gTLD Registration Data

Adopted on 17 May 2018 by ICANN Board Resolutions 2018.05.17.01 2018.05.17.09

https://www.icann.org/en/system/files/files/gtld-registration-data-temp-spec-17may18-en.pdf

and

2. the special case of Great Britain and The United Kingdom who are in a process of leaving the EU called BREXIT. For instance kernel.org today has its Organizational Information masked (involuntary or enforced by Statutory Rule ?) :

whois -h whois.gandi.net kernel.org :

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Domain Name: kernel.org

Registry Domain ID: D169413-LROR

Registrar WHOIS Server: whois.gandi.net

Registrar URL: http://www.gandi.net

Updated Date: 2018-01-22T17:44:05Z

Creation Date: 1997-03-07T00:00:00Z

Registrar Registration Expiration Date: 2019-03-08T05:00:00Z

Registrar: GANDI SAS

Registrar IANA ID: 81

Registrar Abuse Contact Email: [email protected]

Registrar Abuse Contact Phone: +33.170377661

Reseller:

Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited

Domain Status:

Domain Status:

Domain Status:

Domain Status:

Registry Registrant ID: REDACTED FOR PRIVACY

Registrant Name: REDACTED FOR PRIVACY

Registrant Organization: The Linux Foundation

Registrant Street: REDACTED FOR PRIVACY

Registrant City: REDACTED FOR PRIVACY

Registrant State/Province:

Registrant Postal Code: REDACTED FOR PRIVACY

Registrant Country: US

Registrant Phone: REDACTED FOR PRIVACY

Registrant Phone Ext:

Registrant Fax: REDACTED FOR PRIVACY

Registrant Fax Ext:

Registrant Email: [email protected]

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

My own domain is now "protected" by the EU General Data Protection Regulation (GDPR) as well :

whois -h whois.networksolutions.com stokkie.net :

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Domain Name: STOKKIE.NET

Registry Domain ID: 68885803_DOMAIN_NET-VRSN

Registrar WHOIS Server: whois.networksolutions.com

Registrar URL: http://networksolutions.com

Updated Date: 2018-03-20T03:30:56Z

Creation Date: 2001-04-05T22:00:27Z

Registrar Registration Expiration Date: 2019-04-05T22:00:27Z

Registrar: NETWORK SOLUTIONS, LLC.

Registrar IANA ID: 2

Reseller:

Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited

Registry Registrant ID: Statutory Masking Enabled

Registrant Name: Statutory Masking Enabled

Registrant Organization: Statutory Masking Enabled

Registrant Street: Statutory Masking Enabled

Registrant City: Statutory Masking Enabled

Registrant State/Province: NB

Registrant Postal Code: Statutory Masking Enabled

Registrant Country: NL

Registrant Phone: Statutory Masking Enabled

Registrant Phone Ext: Statutory Masking Enabled

Registrant Fax: Statutory Masking Enabled

Registrant Fax Ext: Statutory Masking Enabled

Registrant Email: [email protected]

Registry Admin ID:

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Of course i don't want Network Solutions LLC to mask my information, it is however overruled and enforced by ICANN.org :

KA-02358

General Data Protection Regulation (GDPR) FAQs

https://knowledge.web.com/subjects/article/KA-02358/en-us

"[ ... ]

How will Web.com manage WHOIS masking for EU residents?

In order to comply with GDPR, and protect personally identifiable information (PII), Web.com will mask certain fields in the WHOIS output for EU residents. A sample of this output is detailed below:

Domain Name: sampledomain.com

Registry Domain ID: 142700135_DOMAIN_COM-VRSN

Registrar WHOIS Server: whois.register.com

Registrar URL: http://www.register.com

Updated Date: 2017-12-04T08:00:03Z

Creation Date: 2005-02-16T23:28:11Z

Registrar Registration Expiration Date: 2019-02-16T23:28:11Z

Registrar: Register.com, Inc.

Registrar IANA ID: 9

Reseller:

Domain Status: clientTransferProhibited http://icann.org/epp#clientTransferProhibited

Registry Registrant ID: Statutory Masking Enabled

Registrant Name: Statutory Masking Enabled

Registrant Organization: Statutory Masking Enabled

Registrant Street: Statutory Masking Enabled

Registrant City: Statutory Masking Enabled

Registrant State/Province:

Registrant Postal Code: Statutory Masking Enabled

Registrant Country: BE

Registrant Phone: Statutory Masking Enabled

Registrant Phone Ext.: Statutory Masking Enabled

Registrant Fax: Statutory Masking Enabled

Registrant Fax Ext.: Statutory Masking Enabled

Registrant Email: [email protected]

// --- // (etc,)

Will Web.com be implementing tiered access for its WHOIS database?

At this time, Web.com does not plan to implement tiered access for its WHOIS database. However, ICANN and its Stakeholders are actively working toward a uniform solution which will help meet the needs of the broader global community.

How will domain transfers work in a post-GDPR environment?

Web.com will comply with its obligations under the ICANN 2013 RAA (Registrar Accreditation Agreement) with regard to intra-registrar transfers as well as the Temporary Specification for gTLD Registration Data which can be found at this page.

The information contained herein in no way constitutes legal advice. Any person who intends to rely upon or use this information in any way is solely responsible for independently verifying the information and obtaining independent expert advice if required."

rmstock

registered letter

£6 a year for : Safeguard against theft , Hiding your personal information. These two options seem to contradict each other. When hiding personal information, the domain robbers can operate from any address. When not hiding , the simple requirement of demanding registered mail from and to your address, e.g. 2610 Rutherford St Westminster, London, SW1P 2LT , UK as part of the transfer of your domain makes it nearly impossible for third parties to hijack/steal your domain.

Microsoft Windows 10 October update giving HP users BSOD

rmstock

Genuine HP Keyboard

HP Devices seem to be HP Computers, where a HP Keyboard can be attached. Did anyone experienced in Microsoft Logic, try to boot their HP Device without a HP Keyboard attached, and check if that circumvents the blue screen error WDF_VIOLATION ? If so, you might get a clue whether you have a Genuine HP Keyboard or Chinese import version with keylogger inside.

Microsoft yanks the document-destroying Windows 10 October 2018 Update

rmstock

apt-get install testdisk

When you see this happen, all your files getting deleted, pull the plug and or battery. Next boot from a Ubuntu 16.04 installation or live usb stick : http://installion.co.uk/ubuntu/xenial/universe/t/testdisk/install/index.html

when booted live do : sudo apt-get install testdisk

The manual for this tool, which works - i rescued a company's crown juwel files with it, after a accidental quick NTFS format had happened - is here https://crashrecovery.org/testdisk.pdf

an instruction video : https://www.youtube.com/watch?v=jhWbSM-630E

Linux kernel's Torvalds: 'I am truly sorry' for my 'unprofessional' rants, I need a break to get help

rmstock

Linus : your doing just fine.

Without Linux there would not have been the Internet as we know it today. Many have cursed you over its GPL license, because then conventional business plans become impossible. IT Sharks during the Millennium bubble took down or have taken over many good and reputable software companies, where then only 2 or 3 years later all was vanished including these IT Sharks themselves. You and Linux are still here today, which is a blessing. Don't get mad, your code has the largest installed platform base in the Universe.

Trump wants to work with Russia on infosec. Security experts: lol no

rmstock

Where is the server Mister FBI ?

Why does everyone toss Trump's suggestion in the Trash can here ? The dailybeast article about the missing server that never was missing etc. holds no validity in debunking the complaint by Trump. "Both the DNC and the security firm Crowdstrike, hired to respond to the breach, have said repeatedly over the years that they gave the FBI a copy of all the DNC images back in 2016. The DNC reiterated that Monday in a statement to the Daily Beast."

What matters is that the FBI was halted at the doors of the DNC and that none other than The FBI is supposed to secure the evidence. So yes Crowdstrike would have had to ask persmission at the FBI to make images. Otherwise any ex-infiltrated Russian SVR operative within Crowdstrike could have tweaked these DNC images.

Microsoft commits: We're buying GitHub for $7.5 beeeeeeellion

rmstock

github licensed ?

The new EULA of github.com no doubt will ensure that Anyone submitting code to github, has to agree that Microsoft will become the sole owner of your code. Second Linus Torvalds will be visited by the Microsoft Lawyers and forced to sign an agreement that any further use of the github protocol on other venues than github.com like e.g. linuxhub.com, can only occur when signing the Microsoft owned github protocol license, which comes at a hefty price for Multiuser Microroost Enterprise Environments. Not knowing anything further, i would suggest that Linus has had a massive brain aneurysm.

rmstock

Frontal assault on Linus Torvalds and open source

https://en.wikipedia.org/wiki/Git "Git (/ɡɪt/[7]) is a version control system for tracking changes in computer files and coordinating work on those files among multiple people. [ ... ] Original author(s) Linus Torvalds[1]"

GitHub - torvalds/linux: Linux kernel source tree

https://github.com/torvalds/linux

GitHub is where people build software. More than 27 million people use GitHub to discover, fork, and contribute to over 80 million projects

In December 2015 the same happened to the founder of Debian, Ian Murdock. On 28 December 2015 the founder of Debian Linux, Ian Murdock, was killed in his apartment under suspicious circumstances. The next year early spring, on 9 Mar 2016 Linux hackers were kindly summoned to put their coffees down and listen up as Microsoft had just launched a Debian Linux-based switch operating system. The story of Hans Reiser, whose journaled computer file systems ReiserFS has become a integral part of Microsoft NTFS is even more graveling. See also the movie "The Adderall Diaries (2015)"

Equifax reveals full horror of that monstrous cyber-heist of its servers

rmstock

Equifax CEO Collected $90 Million

Equifax wiki : "Equifax Workforce Solutions is one of the 55 contractors hired by the United States Department of Health and Human Services to work on the HealthCare.gov web site.[15] [15] USAtoday, front page October 24, 2013, “Hot seat for stealth website builders" So this was one of the IT companies which designed and runs Obamacare, hired by the Obama Administration. Next a single member of the company's security team misses to apply a patch for Apache Struts security vulnerability CVE-2017-5638 which landed in March 2017. Equifax CEO Rick Smith was forcibly retired for this later "Equifax CEO Richard Smith Who Oversaw Breach to Collect $90 Million" http://fortune.com/2017/09/26/equifax-ceo-richard-smith-net-worth/ . This stinks from high heaven. All this happened while President Trump was trying to fix health-care in US Congress. This has all the hallmarks of a secret service job attempting to bring American Healthcare in serious trouble.

Twitter: No big deal, but everyone needs to change their password

rmstock

something is way off here

Why does this sound like twitter this time finally will get things right for their 3rd party investors ? I have never had any troubles with twitter and passwords. There have never been such problems reported at twitter. So how far off does it sound that the claim "On Thursday, Twitter revealed that a bug caused the platform to store user passwords in unmasked form." is only meant for prominent people on Twitter, like Donald Trump, who are getting setup by this "engineering trouble" ?

Hacks Fifth Avenue: Crooks slurp bank cards from luxury chain Saks

rmstock

The Victims-exposure-heatmap.jpg according the Fin7 Syndicate Hacks website is drawn in nasty WaPo compost Democracy dies in darkness style , a nasty campaign launched by the owner, that truck driver resembling Rusty Nail inside the movie Joy Ride, who nowadays is accompanied with a.i. killer dog robot. This has become a commie versus capitalist street fight in cyberspace. Meanwhile the FBI is still busy cracking custom made Canadian Blackberries confiscated in Mexico.

'WHAT THE F*CK IS GOING ON?' Linus Torvalds explodes at Intel spinning Spectre fix as a security feature

rmstock

What about the SPARC processor ?

Maybe its time that SPARC64 processors are getting deployed in PC's and laptops. This might wake up the correct department of Intel to really fix their design flaws. Or was Spectre inserted by design ? A new CPU branch and line of computers is what would be welcome here. It's not that we are talking about oldie tech here : https://en.wikipedia.org/wiki/SPARC There's the SPARC M7, SPARC S7 and SPARC M8 from Oracle running at 5000 MHz and the SPARC64 XII from Fujitsu running at 4250 MHz.

As Apple fixes macOS root password hole, here's what went wrong

rmstock

A Glitch by Apple ?

"Latest release‎: ‎10.13.1 (17B48) (October 31, 2..."

So hackers or related entrepreneurs had a possible four weeks of fun. Normally I would call this a glitch by Apple. But then again, the timing is interesting, where in other news it was reported that US Marines raided the CIA and the FBI was "neutralized" ...

Dell forgot to renew PC data recovery domain, so a squatter bought it

rmstock

refurbished hardware

If you go to a PC and Laptop stores these days, the sales people put a truckload of refurbished laptops on display without any display of shame on their faces, with prices only slightly less than 100 bucks below brand-new laptop editions. The real reason behind this seems to have been that with the start of Windows 7 and above, built-in back-doors for national security were demanded by the NSA which in part were also implemented in hardware. In addition in the opensource kernel developers scene several strange things could be observed, like the inserting of kernel patches enabling entire backdoor suites inside the Linux kernel, where at the same time strangely enough inside major Linux distributions, like Ubuntu, openssl packages were lacking support for SSLv3 in contradiction with OpenBSD and FreeBSD. To play it safe I then would routinely install older editions of popular Linux distro's, which of course require older hardware. In turn the refurbished marketplace was given a significant boost. Then again, Why would someone NOT purchase a refurbished laptop which can run Windows 7 ?

--

Robert M. Stockmann - RHCE

Network Engineer - UNIX/Linux Specialist

crashrecovery.org [email protected]

Fox News fabricated faux news with Donald Trump, lawsuit claims

rmstock

Re: Cover-up by Brad Bauman and the DNC

Alex Jones has the info, 4chan /pol/ and Reddit have the latest, but in this case Seymour Hersh has become so extremely pissed off that he leaked a audio of a phone call he had with Rod Wheeler, where Rod tells an entire different version of events : http://www.zerohedge.com/news/2017-08-02/seth-rich-investigator-accusations-debunked-own-interviews-seymour-hersh-leak-kills- https://www.youtube.com/watch?v=giuZdBAXVh0

rmstock

Re: Cover-up by Brad Bauman and the DNC

Jerome Corsi, George Webb and Jason Goodman analyze about how Seth Rich did two leaks. According Corsi, Seth Rich somehow got hold of John Podesta's Apple ID which was also Podesta's gmail account information ... https://www.youtube.com/watch?v=XUo7KzrURJA

rmstock

Cover-up by Brad Bauman and the DNC

The original story published by FOX News was 100% true, but was swiftly pulled because the DNC intervened "on behalf" of the parents of Seth Rich, because it was slandered that Seth Rich had stolen DNC e-mails ... here's an archive of that story : Seth Rich, slain DNC staffer, had contact with WikiLeaks, say multiple sources by By Malia Zimmerman . Published May 16, 2017 . Fox News https://archive.is/o/sEnDV/www.foxnews.com/politics/2017/05/16/slain-dnc-staffer-had-contact-with-wikileaks-investigator-says.html ( https://archive.is/HvAIv )

A discussion which ensued is archived here http://archive.is/sEnDV , the archived Reddit discussions are here : http://archive.is/sOhSh http://archive.is/j9Bmu http://boards.4chan.org/pol/thread/125912863/4th-year-surgery-resident-here-who-rotated-at-whc

A good analysis by Stefan Molyneux : https://www.youtube.com/watch?v=ioBiYxZReTo

A good introduction of what really happened : https://www.youtube.com/watch?v=hSO6EEzQby4

Firefox doesn't need to be No 1 – and that's OK, 'cos it's falling off a cliff

rmstock

Opera 44 on Linux

And here's the test results of Opera 44 on Linux :

http://i.imgur.com/wt8d1eZ.png

http://i.imgur.com/G6WJ02v.png

Opera 44 on Linux needs nspr4.12, nss-3.21.1, sqlite3-3.10.2, openssl-1.0.2e-2, glibc-2.14.1 (or higher), libxcb-1.11.1 libx11-1.6.3, python-2.7.9, curl-7.28.1, glib2.0-2.32.1 , gtk+2.0-2.24.5, cairo-1.10.2, libpng-1.2.46, pango-1.28.4, GConf2-2.32.5, curl-7.28.1 , gdk-pixbuf2.0-2.22.1 , freetype2-2.4.5. But not gtk3 and python3 like the newest Mozilla Firefox 54.0+ and Thunderbird 52.2.1 need. In addition Opera uses flash-player-ppapi-25.0.0.171 and ffmpeg-extra and can activate widevine from the Chrome browser for your platform. Currently i'm using opera-widevine-58.0.3029.110.

Linux-using mates gone AWOL? Netflix just added Linux support

rmstock

Re: Well they'd gain more Linux users if they dropped DRM

Opera Stable 44, 45 and now 46 on Linux (Ubuntu 14.04 and higher), does DRM nicely

when installing the Widevine component from the Chrome Browser for Linux :

[acer20:stock]:(~)$ rpm -q -a | grep opera

opera-widevine-58.0.3029.110-1-mdv2011.0.x86_64

opera-stable-45.0.2552.881-2-mdv2011.0.x86_64

[acer20:stock]:(~)$ rpm -q -l opera-widevine-58.0.3029.110-1-mdv2011.0.x86_64

/opt/google/chrome/libwidevinecdm.so

/opt/google/chrome/libwidevinecdmadapter.so

[acer20:stock]:(~)$

and of course make sure chromium-codecs-ffmpeg-extra_58.0.3029.81 is installed as well : /usr/lib/chromium-browser/libffmpeg.so

Google ships WannaCrypt for Android, disguised as Samba app

rmstock

TheReg gets infected by Fake News

The headline is Fake News #1 :

"Google ships WannaCrypt for Android, disguised as Samba app"

Google ships a SMB client for Android which does SMBv1. WannaCrypt should be called WannaCry, which is a Microsoft Windows only virus exploiting the EternalBlue, a zeroday exploit which only does Widows. Android is not a Windows platform OS.

Lie# 2 :

SMBv1 is known to be exploitable. (WannaCrypt and NotPetya both leveraged insecure SMBv1 shares to infect vulnerable Windows machines).

SMBv1 is not vulnerable when running a Samba Server on Linux configured for SMBv1. The whole WannaCry news thread is a Microsoft Widows only exploitation.

Lie# 3:

"Last year, Redmond's Ned Pyle put it simply: Stop using SMBv1."

Not when running a Samba Server on Linux configured for SMBv1. The problem is the SMBv1 implementation of Microsoft on its Windows platform.

Verizon!-owned! Yahoo! bins! AT&T! IDs! for! Tumblr! logins!

rmstock

Fishing attempt ?

Nearly two weeks ago on june 18 i had severe troubles getting access to my yahoo email through thunderbird/imap/ssl/ . So i started looking for a support phone number. If I recall correctly it was through a search inside the Yahoo! forums that i eyed this phone number :

Yahoo Customer care!

Yahoo! Inc

Sunnyvale, California, U.S

@1-855-777-1707 Toll Free Helpline.

A young man from India seemed to answer this number. I told him i couldn't login at my Yahoo! email. He asked my account details and told through the phone he had set a new password. I tried his password but was not able to login, both on the website or imap. After complaining to him about this he asked if I could give him my old password. Stunned by this request i tried my old password again and was able to login on the website. I told him that it worked again. "So what was your old password Sir ?" "Ehh well you see, it works now, so there's no need to voice my access details through the phone, i guess .. " <click>

rmstock

Yahoo! Europe only ?

$ nslookup www.yahoo.com

[ ... ]

Non-authoritative answer:

www.yahoo.com canonical name = atsv2-fp.wg1.b.yahoo.com.

Name: atsv2-fp.wg1.b.yahoo.com

Address: 188.125.80.145

Name: atsv2-fp.wg1.b.yahoo.com

Address: 188.125.80.144

$ whois 188.125.80.145

% This is the RIPE Database query service.

% The objects are in RPSL format.

%

% The RIPE Database is subject to Terms and Conditions.

% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: this output has been filtered.

% To receive output for a database update, use the "-B" flag.

% Information related to '188.125.80.0 - 188.125.87.255'

% Abuse contact for '188.125.80.0 - 188.125.87.255' is '[email protected]'

inetnum: 188.125.80.0 - 188.125.87.255

netname: IR2-YAHOO

descr: Yahoo! Europe

country: IE

admin-c: YEU-RIPE

tech-c: YEU-RIPE

status: ASSIGNED PA

mnt-by: YAHOO-MNT

created: 2010-11-26T08:30:34Z

last-modified: 2015-06-25T15:54:34Z

source: RIPE

role: Yahoo Europe Operations Department

address: Yahoo Europe Operations

address: 125 Shaftesbury Avenue

address: London

address: WC2H 8AD

remarks: trouble: [email protected]

admin-c: NA1231-RIPE

tech-c: NA1231-RIPE

tech-c: IG1154-RIPE

nic-hdl: YEU-RIPE

mnt-by: YAHOO-MNT

created: 2005-02-21T10:54:13Z

last-modified: 2014-03-25T20:11:11Z

source: RIPE # Filtered

abuse-mailbox: [email protected]

% This query was served by the RIPE Database Query Service version 1.89.2 (BLAARKOP)

however the domain yahoo.com is still located at :

Registry Registrant ID:

Registrant Name: Domain Administrator

Registrant Organization: Yahoo! Inc.

Registrant Street: 701 First Avenue

Registrant City: Sunnyvale

Registrant State/Province: CA

Registrant Postal Code: 94089

Registrant Country: US

The email service of yahoo.com through the website (https) Yahoo! Europe located at 125 Shaftesbury Avenue, London seems to work still fine. However the email service through IMAP over SSL (imaps 993/tcp) has more downtime as uptime, which has become a nasty burden.

My question would be, does Yahoo! Inc. at 701 First Avenue, Sunnyvale, CA still have a website service and or IMAP service running? And where did the Yahoo! Inc ip-addresses disappear to ? Are there only UK ip-numbers now ?

Why Firefox? Because not everybody is a web designer, silly

rmstock

Sliverlight ohhh gimmi Moonlight not ? Well let it be Pipelight with wine .... that was the verdict of Firefox on ubuntu 14.04 ... the problem was and is that flash is dead. Adobe refuses to release flash 64bit on Linux. Enter the new alternative, which became the standard : Adobe Flash Player PPAPI 25.0.0.148 and HTML5 . Add your chrome browser , and everything is up and running. Firefox is dead in the Desert sand. On my own favorate platform, a tweaked Mandriva 2011, which on a brandnew iron runs like that Dodge Challenger 69 hotrod with no CIA/NSA surveillance hookups, i recently managed to get Opera Stable 44.0.2510.1218 running. On the about page :

Version information :

Version: 44.0.2510.1218 - Opera is up to date

Update stream: Stable

System: Pretty Unknown (x86_64; default)

Browser identification :

Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36 OPR/44.0.2510.1218

See https://crashrecovery.org/opera/RPMS/mdv2011/ for details, which includes HTML5 Encrypted Streaming using Widevine DRM (VIA CENC)

: https://crashrecovery.org/opera/RPMS/mdv2011/images/opera-44.0.2510.1218-2-Widevine-s.png

Mysterious Gmail account lockouts prompt hack fears

rmstock

a mobile phone issue ?

I explicitly have no email on my mobile phone ...I do have several public email accounts, i.e. yahoo, gmail etc. which store your private emails on their servers. The problem with gmail so far has not occurred on my computer using Thunderbird with imap.gmail.com and SSL/TLS.

That could mean that the email client on your mobile phone has been compromised inside Android / iOS , or as the hack involves ponying up a new telephone number, that a couple of mobile telecoms providers are invaded on their side with malicious hacks.

'Webroot made my PCs s*** the bed' – AV update borks biz machines hard

rmstock

Re: LinkFixer Advanced - AutoDesk[tm]

see also : http://urlquery.net/report.php?id=1486066865092

rmstock

LinkFixer Advanced - AutoDesk[tm]

The Windows Root based community decided to earn some extra cash through some Hegelian dialectic based process on the Windows server based platform. Thats a bad omen, which might foretell that also the Windows 10 installed base is lacking in numbers and revenue. A good Administrator does a clean reinstall and only adds needed data afterwards .. A lot of fancy AV software nowadays pretend to also guard against CyberSecurity Identify Theft, Foreign and Domestic. Strange to see that on my Linux laptop, when playing YouTube Videos, Adds pop-up like `install the right Win32 driver' and why don't you install `LinkFixer Advanced' here : http://s29.postimg.org/bnu8j4r7b/Link_Fixer_Advanced.png

Landmark EU ruling: Legality of UK's Investigatory Powers Act challenged

rmstock

a decent reason ...

Want to do a gender change or a regime change in some Middle East country : You need a decent reason, should require legal proceedings and acts of probation. The materials and means for completing, for gender change hormone medication and for regime change weaponry and mercenaries, should be made criminal offenses when obtained without legal consent. In the absence of legal consent the acts of gender change and regime change without the knowledge or awareness of targeted persons and regimes, should be labeled high crimes.

And so we enter day seven of King's College London major IT outage

rmstock

is this Mayoral issue as well ?

What does former London Mayor Boris Johnson have to say on this? Could this be one of these sneaky Jihadist ICT Cyber attacks under auspices of new London Mayor Sadiq Khan ? Remember that attacks on infrastructure like with Stuxnet in Iran have been announced to be retaliated. Also the Pentagon has been rumored to commence a cyber offense at China and Russia. Watching all this, its nothing less than to be expected that new Job ad asks for 'detrimental' sysadmins. Just my two pennies here.

GlobalSign screw-up cancels top websites' HTTPS certificates

rmstock

Re: It's not only the browser

With above changes i am also able to run google-earth : http://s18.postimg.org/asmbo68eh/google_earth_7_1_7_2606_mdv2011.png which is the rpm for Fedora 64bit : google-earth-stable_current_x86_64.rpm

rmstock

Re: It's not only the browser

i also upgraded glibc from glibc-2.13-6 to glibc-2.14.1-8

see ftp://ftp.crashrecovery.org/pub/linux/glibc/RPMS/mdv2011/

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020