* Posts by elDog

1157 publicly visible posts • joined 23 Oct 2013

Page:

So you paid a ransom demand … and now the decryptor doesn't work

elDog

Re: Backups!

If you're working in the financial sector, many clients will demand proof of backups, off-site storage, penetration testing, etc. Large customers won't do business without due diligence and the ability to enforce compliance with best practices and fiduciary requirements.

Tired of airport security queues? SQL inject yourself into the cockpit, claim researchers

elDog

I'm sure FlyCASS considers safety and security as its highest priority.

"Carroll says that the first port of call would ordinarily have been to alert FlyCASS, but the researchers opted against this since "it appeared to be operated only by one person and we did not want to alarm them."

The sole proprietor quickly notified his CSO who worked with the QA teams and ran extensive red/black tests.

Amazing that the US DHS and other federal agencies don't vet their vendors very well.

Feds claim sinister sysadmin locked up thousands of Windows workstations, demanded ransom

elDog

He could of farmed it out to some group in Saint Petersburg or Shanghai

and maybe taken up a life on the lam - or more likely a mysterious death.

Ex-Microsoft engineer resurrects PDP-11 from junkyard parts

elDog

Thanks to that reference to Wiley. I have/had hundreds ot their titles.

Ashamed to say, lots of Wrox Press and many, many others.

The days of pressed pulp in my hands have slipped away...

SolarWinds left critical hardcoded credentials in its Web Help Desk product

elDog

And how many organizations are going to pull their off-line backups to fix this?

I'll take any wagers over 0.

Anyone know how hard it is to process many daily/weekly/monthly/yearly backups and selectively update one or more files on these?

I'm guessing everybody is going to say "Well they are in a vault and encrypted. And we'll probably never have to do a real disaster recovery."

(Says those who have never really had to roll-back full systems.)

NASA pushes decision on bringing crew back in Starliner to the end of August

elDog

Pretty soon you'll be able to pick up a shitty adapter at the local convenience store

Apple or USB, sir? Would you like a slurpee with that?

Microsoft tweaks fine print to warn everyone not to take its AI seriously

elDog

I would just add - Don't Use Microsoft Products in a Production Environment If At All Possible

Fine for XBox and Clippies and lots of eye candy.

Of course, the US (and other) governments have bought into the idea that a mega-corp is trustworthy. Perhaps the mega-corp actually bought their way into these governments?

80 years ago, IBM gave Harvard University one of the world's earliest computers

elDog

Fortunately Bill Gates wasn't even a twinkle in his dad's eye at that time.

It would take several more decades until we were introduced to DLL Hell and BSODs.

My first "computer" was a series of collators, sorters, and printers that read and punched cards that were fed between the beasts. All programmed with plugboards (https://en.wikipedia.org/wiki/Plugboard). Well, it wasn't "mine" but once I saw the setup at the American Management Association in upstate NY, I knew that's what I wanted to do. Still plugging the bits even now.

Under-fire Elon Musk urged to get a grip on X and reality – or resign

elDog

Xpecting Musk to respond with his characteristic dung heap emoji

Just to show them how grown up he has become.

Twitter tells advertisers to go fsck themselves, now sues them for fscking the fsck off

elDog

I wouldn't limit his faced-ness to two - more like a bunch of silly putty

that seems to droop from the left or right. Probably influenced by whatever cocktail of drugs the 'loon consumed in the last hour or so.

Bad apps bypass Windows security alerts for six years using newly unveiled trick

elDog

Sounds like Microsoft stopped doing red/blue team security testing

That non-standard path altering one in Explorer sounds way to easy to exploit.

Bugging out: 53 years since humans first drove a battery-powered car on the Moon

elDog

I remember taking some French technologists on a tour of the Smithsonian

Right after the Bi-Centennial Exhibition

First we went to the Old Castle which housed artifacts from the mid-1800s and earlier. I remember everyone being particularly impressed by the fine craftmanship of the items, especially the medical equipment and the telescopes and microscopes. Someone said "They just don't make things like this anymore."

Then we walked over to the Air and Space Museum and saw a replica of one of the rovers - tin foil and plastic and tape holding it all together. Quality suited for the purpose.

Latest update for 'extremely fast' compression algorithm LZ4 sprints past old versions

elDog

Watch out when it spews diarrhAI

Nasty bug going around right now.

How did a CrowdStrike file crash millions of Windows computers? We take a closer look at the code

elDog

Re: So why was table lookup done in pspSystemThread?

Guessing out of hubris and laziness.

Many a neophyte programmer thought it would be much easier to write code to stay in one protection level (kernel) than go through the hoops of having another process handle the real work.

Remember when everything we wrote was at level-0 on the early micro-PCs?

I grew up with IBM-360s and learned to love the GE-600 series master/slave levels. Then they build the Multics machines from whence (somewhat) Unix was spawned. I love having the hardware tell me that I f'd up without having to read through a full kernel dump.

Brace for new complications in big tech takedowns after Supreme Court upended regulatory rules

elDog

No surprise. This is just a way for the corporate camel to put its nose under the justices robes.

In the last few years the corporatists have been flooding the courts with amicus briefs - really just lobbying for their positions. This removes the impediments of the expertise of the regulatory staff to point out problems in these briefs.

There are so many good discussions about how this will eviscerate almost all regulation in the US. One has to wonder who is hoping for a totally non-functional government.

Change Healthcare finally spills the tea on what medical data was stolen by cyber-crew

elDog

Obligatory: We care deeply about our clients privacy. We will be giving everyone affected

a coupon to their local pharmacy for a year's supply of aspirin.

Much better than the shitty credit-watch agency gimmicks. They are all controlled by the same people/organizations.

Microsoft bigwig says the Feds catching Chinese spies in Exchange Online is the cloud working as intended

elDog

These attack vectors have been known and warned about for years.

Microsoft values capturing customers far more than caring about security.

https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers

They are now just the typical company saying "Your security is our top priority" while actively (and I mean actively) not trying to secure your data.

The US and any other country should be ashamed of themselves for falling for these sales spiels. I'm sure there are lots of multi-$$$ kickbacks involved.

I stumbled upon LLM Kryptonite – and no one wants to fix this model-breaking bug

elDog

And it really ain't "brand new"

Re-branded perhaps, as usual. Still capable of falling on its face.

US Army doubles down on laser tag with $95M for prototyping

elDog

Wonder if the new super-high charge capacitors are part of the equation

Very quick discharge rates and good recharge. Coupled perhaps with the newer flywheel energy storage systems that have been tested in ship-borne weapons.

Not sure I want to live in a world where we can all be fricasseed in a split second versus one where several grams of high-velocity kinetics are necessary.

Uncle Sam to inject $50M into auto-patcher for hospital IT

elDog

I'm going to take a short position on this program

While it makes some sense to totally circumvent the behemoth legacy purveyors of the health-care infrastructure, it is this very huge mess of pasta that masquerades as a "system" that will make the "patching" so difficult.

I'll just hypothesize that some of these systems are built using Oracle and perhaps PeopleSoft or SalesForce. All of these have so many installed versions that are somewhere on the updated software spectrum. Oracle, as an example, is infamous for making its software interfaces opaque - even after spending many $$ to get access to them.

I've used the dynamic patch technologies for 30+ years and it has become more and more difficult to make them work as the underlying hardware and software become more complex.

Europol confirms incident following alleged auction of staff data

elDog

One might wonder if there aren't many more of these escapades that aren't being reported

If, for example, a state actor stole a bunch of NATO information but wasn't planning on selling or bargaining for it --- just waiting to use the information when the time was ripe.

Microsoft's Brad Smith summoned by Homeland Security committee over 'cascade' of infosec failures

elDog

But we want a change to the Ribbon. And demand that Clippy be freed!

We want features, more features. We want pretty themes with too much white space and choices of mauve and fuscia.

We want animations everywhere and AI assistants so all we need to do is press the Start button (where is it now?) and the AI will take over for the rest of the day.

Security is for the IT department (who are vastly overpaid and are not in the next budget cycle anyway.)

US faith-based healthcare org Ascension says 'cybersecurity event' disrupted clinical ops

elDog

Ascension - a "faith based" healthcare organization must have better protections than most

I'm sure that their trust in some omnipotent CEO will prove redeeming.

No need for virus protection (biological or cyber).

I'm not sure I can totally trust The Register's parroting of:

Over the course of 2023, it was responsible for 599,000 surgeries, 349,000 urgent care visits, and 79,000 births. Ascension is driven by the Catholic faith and places special attention to serving the poor and otherwise vulnerable.

But if they want to open their books for audits, perhaps that would be a blessing.

FCC slams banhammer on 5G fast lanes with final net neutrality text

elDog

Agree with most of your comment. The "press" doesn't write about how things really work

because most of the press doesn't understand any more than what the suppliers PR is telling them.

And most of the public won't understand/care about the technicalities. It's sort of like how we buy cars (as an example). If it looks pretty and sharp and I can afford it today, then let's go! A year or so down the road it is crap - restart the process.

Rivian crawls out covered in $1.5B of red ink, panting that it's still alive

elDog

An acquaintenance ordered one of these almost two years ago - finally got delivery

People with too much money and lusting after some new glitzy thing.

Looks like another large SUV in our small parking lots. Gets dirty on our mountain roads. Apparently has loudspeakers in its carriage to make it sound like a mean machine.

Perhaps if they install the coal smokers and beef up the sound system, they can convince the 0.1% of locals who are MAGAts to buy one - but those 0.1% can't afford them.

UnitedHealth's 'egregious negligence' led to Change Healthcare ransomware infection

elDog

Well stated. Also the separation of silos and lack of coordination

make it easier for the upper-level management to assign blame to some technical lead in the silo and take punitive action.

The punitive action should be going up the chain - all the way to the CEO and the Board of Directors.

Consultant charged over $1.5M extortion scheme against IT giant

elDog

Re: Taking the article at face value

No, he didn't get the short term gain.

But the labor pool for these types just improved a few notches.

elDog

I'm glad to see the US justice system start to be used as it is intended.

Not just as a punishment against enemies but as upholding the laws of the land. Still lots of room for improvement but I'll take what I can get.

That consultant sounds like he was operating in a self-delusional bubble - one where he was so important that everyone would accede to his wildest/stupidest whims. I, and I'm sure many who read/comment here, have had access to and control of extraordinarily important government and corporate information. It takes a off-kilter brain to go to the steps that this person did. But once he started his slide, it was all the way to the bottom.

CISA says 'no more' to decades-old directory traversal bugs

elDog

I like the idea of using a "ransom identifier" when storing files

Makes it much easier for the crooks to mark what belongs to them.

Apparently CISA has a sense of humor:

"Instead of relying on user input when naming files, developers should consider using a ransom identifier for each file and storing the associated metadata separately"

US Chamber of Commerce to sue FTC for banning noncompetes in most jobs

elDog

Didn't take long for the corporatists/capitalists to strike against this rule. They've been waiting.

And this is why they've fought so hard to have a Republican majority at the FTC.

This will definitely go all the way to the Supreme Court which has 6 out of 9 justices aligned with the Republicans and against the common people

Rarest, strangest, form of Windows saved techie from moment of security madness

elDog

Yup - thems were the days. When the news articles had to explain what viruses and worms were

along with analogies to those pesky things that infect our bodies.

I actually worked on Windows NT on a DEC Alpha - trying to port a graphics editing program to that hardware. The big/little-endian stuff was a complete nightmare.

US Air Force says AI-controlled F-16 fighter jet has been dogfighting with humans

elDog

Oh, no. Just think about all those poor F-16 pilots that will need to find a new job!

In addition to not needing other pilots with the take-over of drone warfare.

Life (and death) just aren't what they used to be...

Ransomware feared as IT 'issues' force Octapharma Plasma to close 150+ centers

elDog

Guessing the ransomware knows not to attack it's bosses in the Kremlin, Beijing, NORK

There may be occasional lapses in IP mappings, etc. We call that "friendly fire."

The biggest problem in the US, at least, is a totally wild-west capitalist system where the biggest Vulture Capitalist can buy multiple health-care facilities and strip them of any costly IT departments that may try to deter these attacks.

I've witnessed two of my health-care providers in the little state of Vermont be rendered helpless by these attacks - in one case causing multi-week denial of services. These small (by international norms) organizations just don't have, and don't want to pay for, the resources to protect themselves.

Pity the small practices/practioners across this poor country (the US).

MGM says FTC can't possibly probe its ransomware downfall – watchdog chief Lina Khan was a guest at the time

elDog

Oh, wow. If the head of the EPA bought bottled water from Nestle

then the EPA could never take action against that company?

If the head of the FBI once flew on an airline owned by United and manufactured by Boeing, then the FBI could never investigate those two companies?

Lewis Carrol - more material for you!

CISA in a flap as Chirp smart door locks can be trivially unlocked remotely

elDog

Since most of this content seems very similar to Krebs On Security

I wanted to make sure that your readers can see his posting.

https://krebsonsecurity.com/2024/04/crickets-from-chirp-systems-in-smart-lock-key-leak/

Attribution is always welcome.

German state ditches Windows, Microsoft Office for Linux and LibreOffice

elDog

The damn buttons and ribbons in MS products change all the time

They spend more time with focus groups of fashion designers than looking at how real people get real work done.

elDog

Maybe just give Linux and open-source apps to those wiith nimble brains and aptitude

Leave the old codgers in the dark world of Microsoft.

What if AI produces code not just quickly but also, dunno, securely, DARPA wonders

elDog

And probably an improvement over devs looking at 100,000 line packages

and trying to figure out if a single change will impact thousands of other lines of code, and given this is usually DoD - how it would impact our national defense.

I've spent too many years looking at huge projects with so many dependencies and hundreds of devs that come and go and don't understand the entire code-base - they can't!

I understand that fears of AI failures are real and have been seen. But the same/worse happens with a developer who doesn't have the mental bandwidth to be perfect (that's me.)

Rust developers at Google are twice as productive as C++ teams

elDog

Yup - a fresh set of eyeballs is always worthwhile.

Hard to get some new whiz-kid to look at a COBOL-68 program, though.

I'm guessing you could ask some AI engine to examine the whole corpus of a mainframe inventory/billing/HR system and have it spit out at least the basic functions that the system was supposed to provide written in some high-level pseudo code to be turned into Rust, Go, whatever.

elDog

Re: Rust really is easier to write and maintain

Totally agree with your points. I have written way too much code in B (predecessor to C), C/C++, and Perl (along with many years of various assemblers.)

All of the languages that require a separate set of definitions that are independent of the implementations are a real PITA.

I'm writing mainly Python now because of the very rich ecosystem. When I see most of the libraries/frameworks available in Rust, I'll start my move.

elDog

Re: How much of the improvement in the conversion to Rust is because it's a re-implementation

That's possible also, but I think and hope that much of the original code has been refactored many time over the past years.

I know one of my more pleasant tasks (really!) is to go back and look at my older code base that is still in use and see if I can make it cleaner, more effective, more error-proof.

elDog

How much of the improvement in the conversion to Rust is because it's a re-implementation

of an existing package?

Assuming that much of the conversion is using translations of existing functions, algorithms, and methodologies. Which would have been well debugged in the earlier implementation.

I'll still guess that Rust may be slightly easier to develop for new projects given its very good error checking during compilation.

Microsoft defends barging in on Chrome with pop-up ads pushing Bing, GPT-4

elDog

Microsoft's actions remind me of a past romance that really, really wants you to come back

At first it's just cute little emails and then it becomes stalking.

Boeing paper trail goes cold over door plug blowout

elDog

Sorry - the documentation was either never existant, blew out the 737 door, or was eaten by the dog.

""With respect to documentation, if the door plug removal was undocumented there would be no documentation to share. We will continue to cooperate fully and transparently with the NTSB's investigation.""

I'd forbid Boeing to sell any more planes into the commercial market until they come up with the documentation.

Military/black programs - we'll never know.

YouTube workers laid off mid-plea at city hall meeting

elDog

Good that this was being actively aired. Shame on Google, Alphabet, Cognizant

Corporautocracy.

Cyberattack downs pharmacies across America

elDog

Oh dear. Some malfeasants are hacking the corporates that are already ripping off the US customers

This just happens to be related to PhRMA which is the major player in gouging pharmacies and their customers.

Of course, the only ones really hurt are those that need their meds - now!

Air Canada must pay damages after chatbot lies to grieving passenger about discount

elDog

Can't wait until Air Canada replaces all of its C-suite high-priced suits with AI

That will totally solve the problem of humans in decision-making positions making bad decisions.

Right?

Chinese Coathanger malware hung out to dry by Dutch defense department

elDog

Re: Puzzled!

Yeah - the gratuitous addition of "accelerate" seems a bit word salad. How about just sticking to doing your advertised job: security?

elDog

The Register contacted the Chinese Embassy for comment on this matter

but so far has not heard back. We expect them to be completely open about their involvement.

Mozilla adds paid-for data-deletion tier to Monitor, its privacy-breach radar

elDog

The genies have escaped the bottles; the crap is everywhere

Just like trying to rein in "AI" it's impossible to stop the flow of data/information once it is in the wild.

Huge penalties might work if you can catch the perps. But many of these types live in countries that don't exactly care what other nations think.

We need to look towards a future where all known data points are public. Every person, every location, every bank account, every personal interaction, etc. If it isn't this, then it'll be massive state firewalls blocking data transfers.

What will our world look like then?

Page: