* Posts by gr00001000

62 posts • joined 8 Jul 2013


Global pandemic was good for business, say UK infosec pros – but we're still burning out


pivot to cyber



Says infosec.

Hospitals cancel outpatient appointments as Irish health service struck by ransomware


Red team tools

Red team tools have been turned on targets for profit worldwide. No pent-test, just using pen-test tools to breach any target, any company, any system.



A CRIMINAL!!!!!!!!!!

Do you expect me to talk? Yes, Mr Bond, I expect you to reply: 10k Brits targeted on LinkedIn by Chinese, Russian spies


Recruitment/eCrime 'businesses'

Ties in nicely to the Combi/FIN7 incident.

Notorious FIN7 gang Cybercrime gang posed as penetration testing firm to recruit hackers

35-year-old Ukrainian national Fedir Hladyr worked as the sysadmin for the FIN7 gang, realised it was actually an eCrime unit after joining.

Beware those startups!! Its all starting to fall in place, gangs such as PYSA leave notes about 'better security' and improving posture after payment.

The attackers have sys admin skills as well as pen-testing skills, they are converted IT workers some of them. They are operating as business units, with targeted BUs, organised reconnaissance, front end correspondence helpdesks.

Just 2020 things: Miscreants hit remote desktops 700% harder as world's IT teams try to support locked-down staff


Yes. It has been that bad, 2020.

Absolutely this rings true for me, I have personally witnessed it. What is missing from the RDP explainers is that: RDP is AKA terminal services gateway a command line authentication medium. It can be authenticated against in non-GUI command form with repeated password brute force tooling easily. I think that would help folks understand. Threat actors absolutely went after all these new RDP setups, +768% is certainly what I would expect from my CERT position.

Also, some genius MSPs decided to leave Administrator as an option over RDP. Administrator does not have a default lockout as standard. So they get smashed first.

Hackers love recon. They pull usernames from that recon, start using these gleaned usernames on the available RDP services, they get smashed next.

Sites don't restrict GEO or remote access to their RDP. Any IP in the globe can attempt access for full desktop control. Madness. But thats the pandemic.

People have been very slow to learn, Windows O/S and RDP is not a secure or workable soluton for remote working. At all. Firewalls and web servers are things designed to face the internet, not RDP. RD Gateway will still be an easy win with a phishing creds steal.

I have seen over a dozen institution ransomware cases 90% started with pandemic induced RDP. Most had alternating actual malicious tooling/binary delivery methods/TTPs - thats different groups attacking via the same initial vulnerability.

After 11 years, Australia declares its national broadband network is ‘built and fully operational’


surely a typo?

The plan was said to >>>>>>>>>>retard<<<<<<<<< wide adoption of digital services such as telemedicine or videoconferencing.

Well, on the bright side, the SolarWinds Sunburst attack will spur the cybersecurity field to evolve all over again


Is the punchline that

The FTP update server hardcoded credentials was shared with SolarWinds and Twitter and all the researcher got was a tame thanks..

COULD that have been what they used

US nuke agency hacked by suspected Russian SolarWinds spies, Microsoft also installed backdoor


Worst case scenario

I used to ponder whats the worst multi-nation cyber attack that could happen, within the remits of commercial infosec? A supply chain attack against a major U.S. systems supplier. In the mould of Not Petya M.E. Doc update alteration(was that a practice run)?

Well its happened and they try to keep a lid on this. So since March/April high profile companies with large CERT teams nevertheless have been compromised and who knows how many have had this threat actor floating in their network yet not caught until December. Plenty of time to implant further beacons. Microsoft, Lockeed, Nuclear weapons agency, U.S. Treasury, FireEye, where does the list end..

Garmin staggers back to its feet: Aviation systems seem to be lagging, though. Here's why


decryption key FTW

What a bunch of cynics some of you are. They may not have paid. There are cases working with CERT teams where decryptor keys have been created and tested and supplied to sites. Don't forget all the malware and ransomware reverse engineers out there folks.

REvil ransomware gang publishes 'Elexon staff's passports' after UK electrical middleman shrugs off attack


Log all the things

Increase your logging to centralised logging including PowerShell if Windows and perform widespread backups to offline/segreagated backups. Also ensure you are using LAN segmentation with VLANs, not flat LANs!

Investigate the intrusion and restore from backup. Some extra security steps mean no payment needed.

Don't get me wrong, implement Defence in Depth and next-get Anti-virus capable of heuristic detection of process injections and Firewalls capable of detection unusual session traffic, but good security can use accept breach and handle the unknown threats.

Cyber attack against UK power grid middleman Elexon sparks in-house IT recovery efforts


Vector identified

RDP lockdown solution or email. Secure both extensively and get that RDP behind VPN. Plain text email, Mark all external emails as external, mail filtering solution too. All public IP resources such as pulse VPN endpoints must have absolute priority in patching.

If it’s another vector such as chain supply attack, your isolated backups, VLAN segmentation and segregated endpoint logging will help.

Pervasive digital surveillance of citizens deployed in COVID-19 fight, with rules that send genie back to bottle


Also South Korea:


The Ministry of the Interior and Safety developed a mobile phone app, “Self quarantine safety precaution”, to keep tabs on “super spreaders” of the infection. The app monitors the GPS coordinates of those under home quarantine, and alerts the government if they step out.

China WeChat Apps enforcement:


Italy was mentioned as tracking on Sky News live, but no record of it on the Internet seen.

We regret to inform you there are severe delays on the token ring due to IT nerds blasting each other to bloody chunks


University taught courses

I was at University in those cusp years of x.25, Toekn ring, TCP/IP, Ethernet. They were teaching us both at once how confusing.

Since then I mastered TCP/IP networking via Cisco CCNA and glad I did.

Internet world despairs as non-profit .org sold for $$$$ to private equity firm, price caps axed


Re: Alternate Internet - Sounds good to me

How can I join for a useful on-going alternative to COMMERCIAL NET © what used to be known as the Internet. After all the writings on the wall for wikipedia.ORG and useful free sites.

I would like to submit my application to your alternative Internet and offer the possibility of extending it in the future through a local Wifi MESH.

Brexit bad boy Arron Banks' Twitter account hacked: Private messages put online



Twitter has quickly taken down accounts. File.io taken down link. This story has legs...

Worldwide Web wizard Tim Berners-Lee sticks wellington boot into Worldwide Web's giants: Time to break 'em up?


Re: libreMESH

There is no UK representative of Libremesh we need to change that


Guifi.net Iberian peninsula http://guifi.net

FreiFunk Germany http://freifunk.net

FunkFeuer Austria https://www.funkfeuer.at

Ninux.org Italy http://ninux.org

AlterMundi Argentina http://altermundi.net



I'm all for banding together and creating a MESH network of inter-connected national WIFI points and locally adminstered server content and services. We don't need these giant ISPs, CDN bohemoths and Internet giants. The corporate commercial Internet can be left by householders and non-commercial pioneers.

The tech is there now, just need some good long distance beaming between towns.

A separate Internet can be formed, just band together and do it........ I'm waiting for it to happen. The only global firm i'd want to be part of it in some way would be a wikipedia.



Cathay Pacific hack: Personal data of up to 9.4 million airline passengers laid bare


which nation state would seek such data?

Let me think

Ex spy bosses: Cyber-warfare needs rules of engagement for nations to promptly ignore

Big Brother

The Internet battle

Yes the Internet is the new battle space, and also the arena for influencing hearts and minds.

So witness now how it is being ring fenced with favoured tech giant providers in national geographies, chiefly by the search provider/service provider:




In the years to come we could withness the regionailisation of the Internet and barriers put up around TLDs and address space.

Ugh, of course Germany trounces Blighty for cyber security salaries


Going freelance

Well if you have any tips on getting started freelance in InfoSec do share them..

Surely theres an initial big risk without a big starting contract/customer or a large contact book?


Analyse all the alerts

The shortage in cyber security skills is the requirement of large amounts of people to perform alert analysis, threat hunting, security posture compliance analysts and incident triage and response. Theres lots of work in these.

Did somebody say Brexit? Cambridge Analytica grilled: Brit MPs' Fake News probe


Cambridge Analytica are relevant to LeaveEU, Darren Grimes is relvant

A large donation of campaign money was donated to Darren Grimes 'social media campaigner' who passed that money on to Aggregate IQ -- AggregateIQ had just been a short-term “contractor” to Cambridge Analytica.

Robert Mercer of Cambridge Analytica is good friends with Nigel Farage, who does seem to spend a lot of time in the states these days... with these Trump aides. "Andy Wigmore, Leave.EU’s communications director, told me that it was Mercer who had directed his company, Cambridge Analytica, to “help” the Leave campaign."

Cambridge Analytica has data points such as social media, financial, residential, employment and connections on many millions of people. They can target individuals using tracking in browsers as well as social media. They can understand who are vulnerable and target them. They can influence voters with online targeting and media targeting to smear opposition to encourage voters to stay at home. The Guardian has done some top notch investigative journalism on this.


Australian central bank says 'speculative mania' and crime fuel Bitcoin


The value of US dollar is heavily based on confidence and reserve currency status based on US Gold reserves, rather than the IOU value of gold in the vaults.

The value of Bitcoin is based on confidence in proven cryptographic hash calculations and the confidence in the difficulty of such.

The US dollar is heavily transacted digitally.

Bitcoin is entirely digital.

The US dollar is preserved by US hegemoney, some gold reserves, currency float valuation and US Securities.

Bitcoin is preserved by CPU power and limited supply.

Tired of despairing of Trump and Brexit? Why not despair about YouTube stars instead?


Nathan Barley. Idiocracy.

Teenagers taking out loans to invest in bitcoin.

Idiots bragging materialistic slap stick brainless twaddle on Youtube.

These things will pass.

Vlad the blockader: Russia's anti-VPN law comes into effect

Big Brother

Re: Ooops; Now El Reg is Blocked

Hey look its one of the famous Russian Trolls! Typing in anti-Western views from their troll factory.

Tech firms take down WireX Android botnet


Widespread infection

Surely the next big thing is the malicious actors sussing out the 'Bouncer' system wholesale and creating bots that grow within 6 months to hundreds of thousands.

I'm thinking apps such as the face swap apps and these sorts of crazes, with seemingly low numbers of face swap apps from large coding houses, instead many curious little coding houses offer them.

Because very few people run AV or have MDM full lock down on their Android phones....

Homeland Security: Putin’s hackers tried to crack electoral networks in 21 US states



Could the hack and known stealing of personnel data as the https://en.wikipedia.org/wiki/Office_of_Personnel_Management_data_breach of up to 21.5 million been used to register votes used for one certain president??

'We should have done better' – the feeble words of a CEO caught using real hospital IT in infosec product demos


Re: What is it with next-gen AV?

Yep including:

Slagging each other off behind closed doors in conferences

CEOs calling out other NextGen InfoSec companies tech and strategy in press articles

Poaching each others staff, with younger non-public companies offering large options.

Undercutting each other at tenders

Shameless job hopping around NextGen InfoSec by SEs and Sales leaders

That sound you hear is Splunk leaking data


Re: Splunk

Send all your syslogs to one place and correlate for SIEM.

Send all your user transactions to one place and compute correlations in the big cloud.

Seems their Schtick, they're quite successful don't you know.

Three-commas Thiel expresses love for himself, Trump and downtrodden millionaires


He reminds me of those slightly distopian yet glossy films of the 90s like Robocop, running man and Total Recall where wealthy powerful businessmen tread on the normal guy, like some kind of black and white world.....

Oz infosec spooks: ease back on the “cybers”, this is serious


error in report?

Your report mentions "The Bureau of Meteorology's woes in August get a mention" then links to the online Census failure. I think the wording needs to be changed to "Australian Bureau of Statistics (ABS) woes"

Security man Krebs' website DDoS was powered by hacked Internet of Things botnet


sites down again

26-Sept-2016 18:55 site is saying 503 Service Temporarily Unavailable. I was navigating to read it but suspected something was up then found this story.

Microsoft axes 2,850 more Windows Phone, sales staff – a week after Justin Timberlake sang on stage for them



IMAGE IS EVERYTHING. unfortunately.


Re: Honestly how clueless a comment

3rd largest cloud hosting company with their own data centres

O365 drive going very well, Outlook the most advanced and favourite email client, Word and Excel dominate

Microsoft Active Directory still the favoured enterprise user catalogue and authentication system

Still the favoured corporate OS

Microsoft shares are at their highest in 10 years and 4 x what they were in 2008.

They have a place in the corporate computing world, but maybe not in the home anymore!

Kotkin on who made Trump and Brexit: Look in the mirror, it's you


For Kotkin, at the heart of Brexit was the calculated decision to respond to low birth rates by importing cheap labour :

Yes, it was lazy economics, Gov don't fix the issues, instead allow migration to give us economic growth.

But now, our population will not get to the 80 million with no space on the roads and STEM jobs handed to immigrants with degrees. Its the one potential hope that comes from the mess of Brexit. Fix the STEM shortage by funding STEM degrees. Promote and train staff to advanced positions.

Quick note: Brexit consequences for IT



My hope is, we follow and are seen to be similar to the Switzerland model.

We still have the vast city of London with its global outlook, Tech hub.

The new government surely realise trade and commercial continuity are key and will keep many agreements in place. Its possible they even negociate a deal that keeps much of the EU policies as they are, after all, most MPs dont want to sever links with europe.

Otherwise, Dublins going to get a second Celtic tiger revival.........

Intel told Irish council all was well just before 12k job cuts announced



I'm starting to see a lot of parallels between the IT industry and the banking industry.

Huge size, employing large amounts of employees in cities.

Beholden to shareholders somewhat for most.

Global industry employing the brightest of certain specialists plus others in company running.

Leading edge adaptation of new working methodologies and restructuring.

Ruthless cost cutting.

Twitter at ten: The social network designed for 2006 struggles into a second decade


Amazing how, by being closed off, Facebook creates it's own ecosystem for users with approved friends, creating a world in which to exist that advertising can be injected into. Twitter just doesn't seem to have gone in the right direction.

Amazon UK boss is 'most powerful' man in food and drink


the geeks shall inherit the earth

Its beyond most peoples comprehension that Amazons original market was Geeks buying heavy expensive technical books and manuals, Cisco and Microsoft press books. From there they conquered the book world and beyond.

The web was orginally a document sharing service populated by computer operators and universities and now is critical to business and most commercial businesses consider launching primarily as a website.

Geeks favoured Apple devices and these days they are the prominant mobile and premium business laptop.

When machines replace workers in site automation and self-learning AI automation robots, the geeks will be kings.

So why exactly are IT investors so utterly clueless?



Amusing read. Whats happened in the 20-teens is the marketing industry has blown up and jumped on/attached itself to the IT industry. People are paid thousands and thousands to hype apps/advertise in the channel/run stands at infosec/Perform SEO for industry giants/viral marketing.

Successes like Uber and AirBnB encourage it, but those are Californian digital disrupters. it doesn't seem very English to create such things. We are more liekly to succeed with purposeful Apps and leave the guff to California.

If MR ROBOT was realistic, he’d be in an Iron Maiden t-shirt and SMELL of WEE


episode names

Kudos to the makers to name each episode as a filename and format: eps1.43xplo0its.wmv eps1.9zer0-daY.avi must give the downloaders some fun. Although they can rename the files easy enough.

The series has much depth and intregue to follow, including the Kali screenshots.

Carders fleece $4.2 million from Victoria's MyKi transport agency


Re: Nah, don't pay them that's the game!

Having lived in Melbourne, the trams were practically free for many people, cheapest PT in the world!

But they cracked down, at the very time Miki came in and it was impossible to pay for your journey on the tram.

Huge hack attack: UK data cops to probe Carphone Warehouse breach



Or they hacked the central network of the company using an APT with targeted malware and exfiltration.

Because their CIO and senior admins haven't learnt about APT protection providers.

Five data centres you can't live without


Ireland cr*p weather win!

Cold climate = more data centres + jobs

SDN: It's living the dream – and just using what you've got



While the central management is the number 1 plus point on SDN networking, the Openflow langauge used by vendors such as ARISTA is an new complex language used for scripting that must be learnt. So there is additional pressure on IT pros when moving to this kit.

The slow strangulation of telework in Australia


Re: 10MB/s in North Sydney?

I bet thats not cheap...............

To think in the UK houses and apartments are already having their sale value affected by internet speeds..... Oz is a bit behind


Re: "Competition I think it was called."

But even in the cities of Australia they don't have much fibre!

SDN's dream: Use what you've got, not what you're promised


SDN and NFV - outsource your systems to India...............................!

An IBM employee informed me in 2012 that he was depressed at where the industry was heading. Software defined networking was going to allow outsourcing of all I.T. to India where lower wage I.T. staff could create entire Server/network/database structures for the business by request at the press of a button.

Once all I.T. is virtualised and off-shored, what I.T. is needed in house?

That IBM employee is now a teacher trainer at a large University.



Biting the hand that feeds IT © 1998–2022