* Posts by Wzrd1

2339 publicly visible posts • joined 7 Dec 2012

Pentagon declares war on 'outdated' software buying, opens fire on open source

Wzrd1

Re: Morons Are Governing America

"The use of personal phones and commercial apps introduces unnecessary risk. Signal is considered unclassified by the government for a reason. It's clear that US government systems are having a hard time keeping up with the required pace of business."

No, senior leaders are just having a hard time obeying their own orders.

The problem with Signal is, due to its cross platform operation, the protocol will negotiate with the highest level of encryption available in common between each participant. Hence, if one client can only receive in the clear, all traffic then can go in the clear.

Meanwhile, we use by default and operational necessity higher bit key escrow systems, keeping as much as possible within one's enclave for classified communications beyond CUI on each security domain's own double encrypted network.

And I've watched dumbasses compromise each domain serially, via unauthorized removable devices crossing security domains in a decidedly unauthorized manner, resulting in mitigation efforts that for the first remediation, cost $1 billion and the second remediation because they still couldn't follow directives and orders, remains classified in cost to this day. After all, if one's superiors ignore orders, why should oneself follow them? And no, the network I was responsible for remained uninfected, because I did follow the orders given. Which meant, while the scofflaws got to put in tons of overtime to clean up their own mess, I was happily in my quarters enjoying a fine tipple.

And the scofflaws called me a cowboy, for following lawful orders to maintain just basic security. No wonder the company lost its contract and since, was absorbed by a competitor.

New SSL/TLS certs to each live no longer than 47 days by 2029

Wzrd1

Re: Oh, fuck off

Classic ivory tower commandment. The cloud types pushing for it, hoping that everyone switches to cloud crap, even when they don't need it, so that they can rent the service for more, rather than utilize what they previously bought.

I'm waiting for the real estate market to catch up, buy a home, pay off the mortgage and then rent the home anyway. Oh wait, they have that with HOA's.

I remember the PIA it was when the US DoD switched to SSL/TLS only, no more plaintext HTTP for anything. I was information assurance by then, so I'd get the requests to forward to DISA to get the certificates. Had to give the entire LAN/WAN shop a class in SSL/TLS and certificates, due to alias vs hostname largely. And it'd just be a breeze for doing a few hundred webservers - if one's counting a tornado as a breeze.

This will turn into a massive goat screw over time, mark my words. It's not as if the server's going to ask for a replacement for an expiring certificate direct from the CA.

EU lands 25% counter tariff punch on US, Trump pauses broad import levy hike – China excepted

Wzrd1

Re: No feet left to shoot

Well, with China, Trump is indeed in a death spiral.

Review, US industrial output without Chinese input? Negligible.

So, his workforce industrial base are SOL, due to his pain his godship insisted his worshipers endure, with no help as it'll gain him nothing, so their young will literally go hungry.

The farming base, such a modest portion of the population, ignored while factory farms gobble up their farms, he neither wins or loses there, save a modest fraction of points.

Retirees, well, his DOGE recently implemented a Social Security fraud check that made all internal and external systems unavailable and checks held, that's gonna get popular as deposit dates pass for his faithful, who rely on their checks by mere days.

Frankly, given his penchant for misquoting films he obviously watched as factual, I wonder if he watched the film "Civil War" and entirely missed how the film ended.

Although, a real world civil war in a major nuclear power, that won't end well once the control of weapons is in question. Used to work in that field, yeah, preemptive strike would be assured.

Not that he could ever manage to wrangle through the OPLAN...

No bullet points or pictures.

Wzrd1

Re: Trump blinked

Impact on T bonds and likely, someone reminding him of who holds most of the US debt, which could be junk bonded in a New York minute by a mass dump.

So, a day or two of chaos, then he'll proclaim victory, his masses will hold worship, life goes on to the next emergency of his own making.

Wzrd1

Why, this is indeed a masterstroke of strategy. Right up there with the retrograde movement at Dunkirk.

Only to be exceeded by the defense of Dresden and Hamburg.

Want such further glowing reviews to continue, ethanol contributions can be sent to...

Supertankers need only apply - shallow draft supertankers.

Tech support session saved files, but probably ended a marriage

Wzrd1

Re: On, off and the other on ...

You didn't see his interview after scolding European governments. There, at the podium during a presser, he kept pulling tumbler after tumbler with two fingers of some brown liquid that had the movement suspiciously like a whiskey. He'd guzzle one down and an identical tumbler would be procured from within the podium, I stopped counting after the third tumbler.

And trust me, I know quite intimately what whiskey in a glass looks and moves like, it is my poison of choice when off hours and not on call. And oddly, my liver function is actually above normal.

The difference between he and I, I never tried to get on stage with a stripper, be accused of inappropriate behavior while drunk with coworkers and subordinates or inebriated on duty and those few times I do drink deep are only once per month at most.

Saw a cute political cartoon on SecDef Lampshade, calling him "Whiskileaks".

But, his OpSec is excellent, ignore the Pink Panther round the corner...

And the pink elephants.

Wzrd1

Re: Tyrant sounds familiar

Never fear though, that fearful - erm, fearless misleader - erm, leader was always sabotaged by those with inferior skills than he, I'm sure.

Which he told everyone, near and far about...

Yeah, worked for a few of those myself. Oddly, they all ended up seeking employment elsewhere in short order, some odd event occurring that seemed almost BOTF like.

While I was lunching with someone from HR...

Or in one case, eating dinner with a judge.

DOGE helps Veterans Affairs end IT contract run by service-disabled entrepreneurs

Wzrd1

Re: Valued Veterans

Any veteran alive today is almost certainly a veteran of a war which actively made the USA less safe.

Interesting take. So, do you also blame victims of rape for the crime against them too?

Or are you stupid enough to want military coups replacing governments if they deem a war is ill advised?

Critical PostgreSQL bug tied to zero-day attack on US Treasury

Wzrd1

"He could be right: all their systems could predate SQL..."

OK, then this bug couldn't happen, since it involved SQL.

Some systems do indeed predate SQL, they use a fair number of mainframes. Many other systems do use various SQL databases, from Postrge to Oracle and others in between. Wouldn't be shocked to see some old btrieve ones too. The magic trick is making sure everything is up to date in software update patches.

Guide for the perplexed – Google is no longer the best search engine

Wzrd1

Re: Not bad...

Heh, plugged in my full name, got three hits, the two closest included one mention of me in my father's obituary, the other totally off target.

My name being rather unusual, with Google and this toy returning only three hits that are entirely not me.

And I still maintain social media accounts, which are secured to not spew information far and wide and don't contain a ton of PII to begin with.

I've secured things in part for an example for those I advise on guarding their PII, but also because of a desire for peace and quiet, which there is a modest chance of losing were I not reasonably cautious, due to a former occupation I've since retired from.

So, I've achieved my goal in remaining obscure and below the radar of some of the brighter terrorists out there, the rewards remains my pension and peace and quiet.

And the occasional gig to advise and largely be ignored on information security matters, to the client's eventual loss.

Microsoft security tools questioned for treating employees as threats

Wzrd1

Re: Public Danger

Or even, via their data mining externally, plus trend data at work, "voting for the wrong candidate" becoming an issue...

Wzrd1

Re: Don't fret people

"Why would a company that is paying to implement this, move to an OS where they can't do this? That makes no sense."

What makes you think this would be impossible under another OS? Having monitored other vendors security monitoring software, I was quite capable of reproducing an entire screen, terminal and buffer session, both from the console itself and via packet monitoring.

In one case, a binary was buffered and pasted into a binary capable text editor, saved, had another software tool tag it as executable and then ran it to compromise crypto keys. Suffice it to say, the matter was related to an APT's actions and law enforcement was extremely interested in the copy of the updated tools the stinker was utilizing.

Related to that APT's actions, suffice it to say that recovering from a golden ticket compromise is a royal PIA for a large enterprise.

Wzrd1

Re: Limited scope...

But lunch thieving is acceptable.

Russia tells citizens to switch off home surveillance because the Ukrainians are coming

Wzrd1

Re: This attack was brilliant strategy

Isn't really manpower, why go for a nuclear station and essentially only hamper civilians lives? The idea is to tie up Russian resources and routes, channelizing them into other routes that concentrate them for destruction.

Wzrd1

Re: This attack was brilliant strategy

Not quite long cuttings. Short sections of rail, alternating sides being removed or blown at a junction between rail sections for a decent length delays far more than a long section being fully dismantled. The more twisted steel to remove, the better. Cut bridges, not at stringers and beams, but the trestles at varying heights from the top and unevenly again delays reconstruction.

There are dozens of dirty tricks to be applied, trained in most of them over the decades in the US Army.

Wzrd1

Re: This attack was brilliant strategy

"...and they will _not_ try to 'liberate' that area any time soon."

Probably not, what is being sent is a token really. They can't spare the manpower and equipment and historically, Russia has traded land for time many times over their history. It's one upside of being so vast, one can trade a lot of real estate to be retaken much later.

Wzrd1

Re: This attack was brilliant strategy

Whenever the Ukrainians withdraw, leaving some fine cratering charges under the roadbed on the way out would also be a good harassment and delay move. Big plus if the timer is set for long delay and it craters the road while the Russians are using that section, even missing vehicles in the middle of a convoy would disrupt the movement of Russian forces and generate more confusion and well, present a really, really nice bunch of parked Russian vehicles for drone and missiles to greet.

Wzrd1

Re: This attack was brilliant strategy

It'll also tie up Russian forces that otherwise could be sent to reinforce attacking forces, as they're now en-route to Kursk.

If one action can be leveraged to achieve multiple goals, that action becomes far more economical than for single goals like just grabbing some land.

This far, they've grabbed some land, achieving a morale boost, a major PR shot in the arm, got Russia to dismantle their own video surveillance network, got Russia to "suggest" major alterations of online behavior in their civilian and military populations, destroyed multiple Russian supply line bridges and tied up columns of Russian troops that otherwise would've been available for frontline reinforcement and instead are scrambling to catch up with Ukrainian forces.

Plane tracker app FlightAware admits user data exposed for years

Wzrd1

Re: Feeder

"...they've had DDoS type attacks before but no data breaches so far?"

How would you know? Until the data is capitalized upon, it could still be out there waiting until just the perfect in opportune time to be utilized to your disadvantage.

Wzrd1

Re: Passwords?!

I wonder if they've finally adopted that highly advanced security practice, you know, locking the doors after they leave for the evening.

Storing password hashes, rather than passwords is only as basic.

But, they're offering the same wonderful deal that OPM gave when they exposed every detail of every cleared DoD person, from SSN to well, the most intimate details of their lives and their fingerprints. Maybe next blunder, our entire genetic code can get leaked as well... Omitting one upside to the OPM debacle, with OPM at least I could apply for a PRC security clearance.

And one upside for me at least, this one doesn't impact me, as I never got an account with these children of unacquainted parents.

Hopefully, the fertility clinic cleans their test tubes better after these defectives were born.

Still, never fear. The CEO will get the golden parachute and a new career opportunity to move onto another company to perform a similar disservice, like the locusts that still plague crops in some parts of the world. If only we had the corporate version of DDT...

Wzrd1

Re: SSN?

"The semi-literate chap didn't know what to do and looked to his boss, who -- luckily (for me? for them?) -- seemed to know it was sufficient."

Of course, you needed to provide your social security number to acquire that driver's license.

Brit tech mogul Mike Lynch missing after yacht sinks off Sicily amid storms

Wzrd1

Re: Conspiracy Theories

"The conspiracy theory is that some large tech company that lost a recent fraud case might have been out for revenge ;-)"

Because the ROI on revenge is extremely high, right?

Wzrd1

"I suppose a nameless tech company have enough resources and private security to arrange a disappearance..."

And fake multiple nation's weather service records, as well as radar and satellite photo and radar imagery. Yep, must be the company owned by the space aliens at it again.

Damned Vogons!

Wzrd1

Re: Lifestyles of the rich and famous...

"Anchoring in 50m? I doubt it."

Yeah, beyond unlikely.

Although, a sea anchor might've been in order and alas, with a sudden blow, unlikely to have been able to be deployed in time. Many think of waterspouts under the standard of tame Floridian waterspouts, watching recreational craft blow through them, but some can be nearly as fierce as a land based tornado.

And boats around as robust in the end as a house trailer.

I'm quite a strong swimmer, infamous for treading water recreationally for an entire afternoon and those kind of conditions would make me quail.

Wzrd1

Re: Biggest Helicopter [was: Coincidence or what !!!]

Naw, the Russians have only been sending things to Ukraine that sort of, or kind of work. Anything somewhat functional and fit for purpose is entirely omitted from the theater.

Seriously though, I'd be entirely unsurprised to see some excess inventory from WWII rust its way into Ukraine soon.

Wzrd1

Re: Biggest Helicopter [was: Coincidence or what !!!]

The V-22 Osprey has around 6000 shaft horsepower and some spare change.

Having been around them a fair bit, including witnessing the class' first horizontal flight that was entirely absent VIP's, suffice it to say that it cannot be mistaken for a waterspout.

Wzrd1

Re: Coincidence or what !!!

Well, Orcas are known to hunt by spiraling around their prey to herd them into position... Some really energetic jumps to stir the winds, perhaps?

Or cooperation by water nymphs...

Or, having exhausted good fortune, was only left with the other kind and made the mistake of going to sea.

Palo Alto Networks execs apologize for 'hostesses' dressed as lamps at Black Hat booth

Wzrd1

Re: When will oxygen become offensive ?

"Ah, yes, the milk snatcher. Who initiated the flogging off of public goods, services and properties on the cheap to the capitalists who funded (and still fund) the Conservative Party."

Ah, but it worked out ever so well, what with railroads having shattering rails due to experienced workers being made redundant until they could not recognize that rails were worn out and about to fail and innumerable infrastructure failures for the same reason.

Then, still blame everyone but the corporate types that make Dilbert's pointy haired boss look competent.

Nope, gotta be commies and not the guys in the white hats and orange hats in the US, because they have the signage that says that they're the good guys, ignore the swastika armbands.

Meanwhile, shiny gets held up by the press for all to admire, all to distract from the latest outrages, as more bread to accompany the latest circus while ignoring the decay of one's society. After all, it worked well in Rome's final years. It'll work out well until a certain island can be renamed Airstrip One.

And it works out well for every other pickpocket in the land, a distraction and your wallet is in the rubbish bin and quite empty.

Wzrd1

Re: "Dude Looks Like a Lady"

More like a transmission, to judge by the stick playing comment.

Under-fire Elon Musk urged to get a grip on X and reality – or resign

Wzrd1

"They really need to find a way to remove him from the board of Tesla and X, he's wrecking them both and wiping out shareholder value."

I recommended that SpaceX board stick him on a one man colonization mission to either Mars or Venus, with a suggestion of Venus as a first option. Alas, the board seems content to watch money go out the window.

Wzrd1

Re: I wishhe'd just stick to building stuff

He's never built a thing himself, he's not designed anything. He hires those that do.

His only talent and that's swiftly fading is being a showman.

Remember his great ads for coming robots? Didn't have anything working, so he hired dancers in body suits.

Self driving cars? More like guided missiles, given their habituation of either ramming barriers at high speed or slamming into fire trucks and ambulances sitting stationary with around a terawatt of lights warning Helen Keller that they're there.

Neuralink? Had that level of tech quite literally in the 70's, remember seeing it reported when I was a kid.

Real winner with that launch too - launched the launchpad into his own tanks and buried a town and wildlife refuge with dust because Musk himself refused to have the required reinforcement work done, resulting in the launchpad being shredded.

For the majority of his product line, it's the sweet Fanny Adams product shop.

As for xitter, I closed my account when he told his advertisers to fuck off. Gonna turn it into a cesspool, that's fine, don't expect me to jump in and swim in it.

CrowdStrike file update bricks Windows machines around the world

Wzrd1

Re: Who releases software updates on a Friday?!!

The idiot desperately seeking a new village.

Besides, everyone knows that updates are best properly installed at COB on a holiday weekend Friday. Then, pour the petrol onto the floor on the way out for the holiday.

Although, it is a bit worse. The defective file is full of 0's, rather than the data that the kernel driver is anticipating and in an epic additional failure, no sanity or boundaries testing of that data when the driver loads, causing it to perform a double-reset of the same memory address space, resulting in a kernel panic.

As nice as their platform is and I've used it to solve a literally intractable problem, the implementation is beyond weak and their software got better. One can schedule to various testing groups before just thrusting their updates into production - save when they override, which they also did.

Yeah, poured the fuel on the floor on the way out.

I suspect there's gonna be a fire sale for high end servers in Austin soon.

Big Tech's eventual response to my LLM-crasher bug report was dire

Wzrd1

"(and no, I refuse to call lies "hallucinations")"

I agree. That's why I call them what they are. Confabulations. Confabulation is common in dementia patients, where their brain basically tells them that it has a memory, then cannot access that memory and literally tries to shoehorn something that's wrong into that response.

It's not a "memory not available, access next memory", it's more like accessing parts of memories and stringing those parts together randomly, no intent present, just a malfunctioning brain. Save in the AI's, where it's a feature, not a bug.

Reminds me of the ancient joke, "A bug with seniority is a feature".

Wzrd1

Re: Well free the prompt, then

I remember NT4 and Win95, the ping of death. Microsoft ignored complaints of crashing their software, they then began threatening litigation on those who contacted them about it, they denied there was a problem and that their brand spanking new NT4 servers were simply overloaded so badly it necessitated their upgrading them with Solaris boxes.

Then, they eventually fixed their problem. Sporting a black eye the size of Redmond. After a couple of months of threats after ignoring the initial reports. That, on the heels of the SYN flood attacks...

They brought the problem back and patched it in 2011...

Then in 2013. Then in 2020.

Sounds like time is flowing backward at Microsoft.

Mozilla is trying to push me out because I have cancer, CPO says in bombshell lawsuit

Wzrd1

Re: I've heard this song someplace before.

"What happened? Capitalism? Profit, C-suite bonuses?"

And what happens a while after? Office equipment and furniture available for super cheap.

Wzrd1

Re: I've heard this song someplace before.

Geeks with power, so they punch down in the only direction that they can, those aging and those infirm.

Then, hiring additional security because for some reason, people are angry with them and they don't want to return to swimming inside of the toilet again.

NASA finds humanity would totally fumble asteroid defense

Wzrd1

Re: Blind optimism at it's worst.

Well, there was one hero in Don't Look Up.

The bronteroc.

VMware by Broadcom warns of two critical vCenter flaws, plus a nasty sudo bug

Wzrd1

The most common VM software on the planet is now some random software, which by such a daffynition would be of minimal concern?

Why does anyone examine software for vulnerabilities with or without pay, obviously it's the space aliens, not out of interest in security.

Nanu nanu.

Wzrd1

"Who paid Matei from Romania to invest all this time to "check" for flaws ?"

The space aliens, of course!

Stupid questions get stupid answers, since it's a stupid game with a stupid prize.

Cops cuff 22-year-old Brit suspected of being Scattered Spider leader

Wzrd1

"There should always be due process and fair trial rights, no matter the crimes."

Interestingly, for arrests within the US and extraditing nations, the SCOTUS agrees with you and disagrees with some that think he should be shipped to GITMO.

Unlawful combatants in a war zone are substantially different from people arrested as a routine matter of law enforcement. Otherwise, all laws become optional, including the Constitution itself.

Two cuffed over suspected smishing campaign using 'text message blaster'

Wzrd1

Re: TIWWCHNT

Well, at least they'll not be banning SDR or unmasting blokes.

Although, I'm certain there will be an attempt by political types to ordain only half-mast for commoners...

Command senior chief busted for secretly setting up Wi-Fi on US Navy combat ship

Wzrd1

Re: An IT lesson

"Hope they never have to handle the nuclear codes."

It's a littoral combat ship, Independence Class, aka being retired faster than they're still building them due to cracks in the superstructure and corrosion problems. They're by definition non-nuclear capable.

Now, what's more likely, along with a one grade reduction would go a loss of her security clearance and well, there ain't many billets for E-7's without a security clearance. Her career is spectacularly over.

Wzrd1

Re: Radio silence?

"if a crew member dies, the ship will go river city to give the navy time to formally notify the family instead of risking them finding out 3rd hand from a Facebook post."

Yeah, had to implement that for our base twice. Sad time.

Wzrd1

Re: Radio silence?

"A military vessel needs to be able to order radio silence on demand."

Yep and the military Starlink is called Starshield, with full DISA blessing and the ability to immediately shutter operations.

My question remains, where was their IA shop, as a rogue device should've immediately popped up on the ship's IA console as well as their higher echelon monitors.

Anything untoward, I saw the alerts, got a message from our RCERT and usually, from the NSA. I'd then CC them on my report, as usually, it was Mischief Managed by the time their e-mail or phone call arrived on the VOSIP.

Cracks in the hulls, now cracks in the command structure...

Wzrd1

Re: Radio silence?

Unless she used a civilian Starlink terminal, they'd be on the Starshield network, Starlink's military constellation and they do have the ability to go into the proper EMCON levels instantly.

Not really enough information to tell which happened, but then, not my monkey, not my circus. I am quite certain a Rear Admiral or two are asking the Skipper some extremely difficult to answer questions though.

And that entire ship class has its own special set of problems with corrosion and cracked hulls, don't need someone endangering the damned ship that's already a danger to itself.

Wzrd1

Re: Should be given a medal

"Maybe the one running the illegal wifi network was also the one responsible for comms security?"

Shouldn't be, for IASO, that's typically an O-4 equivalent billet. I know, as after I retired, I had that very job and equivalent rank.

Effectively advancing from Corporal Punishment to Major Malfunction overnight... ;)

She had a non-commissioned officer rank, so wouldn't be in that billet. Especially, now, given it's also possible that she'll lose her security clearance, hence billet and trust overall.

This isn't what one would call a burst of intracranial flatulence, this is two orders of magnitude worse.

And one has to consider how permissive an environment that the commander created to invite this in the first place.

Wzrd1

Re: Should be given a medal

"let's just say that the people responsible for location security there were both very much on the ball and less than subtle"

Yeah, waving hello, that would be me. Unauthorized anything popped up in multiple alert channels, both in Arcsight and other consoles - even when some enterprising soul would try to mac clone an authorized device. Entertaining is when they'd unplug the MFC printer and clone it's MAC and IP, as printers were on an isolated vlan and alerts on that were vanishingly rare. Their first hint was that their managed switch port suddenly shut down, then the knock on the door ensued. Usually didn't have to escalate it, just reported it and it wasn't repeated, which was all everyone really wanted in the first place. There already was the contracted local ISP network that was open to residential usage.

Wzrd1

Re: Should be given a medal

"The technology needed to keep WiFi safe exists but there'd be insurmountable government bureaucracy to get it working. I'm betting it was simply plugged into the LAN."

Not really, the paperwork is a bit dense, but achievable - I was involved in just such a project. Loads of moving parts, as one has to get encryption devices, get keys issued for them and those keys have to be rotated on a regular basis, there are compliance measures for configuration, all were part of my job.

But, I'm damned sure it was just plugged into the LAN, which makes me ask what their IASO was doing - other than their damned job.

What she did in this case, placed a 2.4 and 5 GHZ flag on her own ship in an environment where no such signals should exist.

So, where was the IA shop, for that matter, what was the commander doing, other than not supervising and educating the personnel?

As a senior NCO, if a mission went sideways, my first question I asked myself is how did I set up a winning team to fail so horribly. It was always some stupid oversight that I never repeated and thankfully, grew rarer and rarer as time went on. But boy, did I lead some winning debacles in my early days! The most common problem, a lack of communication. And I took proper credit for the debacle, which actually engendered trust from the commander and men.

Wzrd1

Re: Should be given a medal

"Freedom - only recently and still not in every country"

Well, freedom in and of itself is a rather variably considered thing. Most people, even under rather oppressive regimes consider themselves free.

But in this context, WiFi on a naval vessel is like my rifle, inherently dangerous if misapplied and one's neighbors won't like what can fly in through the window when it's misapplied.

Which is why my pistols and rifles are locked up and my WiFi is locked down. And I've got an advantage in that nobody is in a hurry to waste a missile on me.

Wzrd1

Re: Should be given a medal

"What on earth is your point, apart from shoehorning in a bit of dodgy Koran?"

I'm guessing that they're missing the wonderful opportunity to be invited to show their religion up their arse sideways.

I get way too much of that in the fascist states of America, where the Christian Taliban are trying to misrule, while violating every one of their own commandments.

Years ago, I referred to them as the Amoral non-Majority to their faces. Now, I simply refer to them as zero targets to their faces. Largely because, they just love to bring up discussion of firearms first, most inappropriately and that's a mistake with me - I'm a competition shooter as a hobby.

Talk of firearms belongs in firearms shops and firing ranges and very few other places.