* Posts by gubbool

17 publicly visible posts • joined 5 Dec 2013

Snowden 'more helpful than dangerous' says ex-Colin Powell aide

gubbool

I saw the movie, Citizen Four, twice - and paid good attention. Clearly he knew the eventual outcome of his actions and was fully prepared to live with the long term consequences. Without saying the words himself, he found himself caught between his signed NDA and his oath to 'defend... against all enemies, foreign and domestic'.

Not necessarily my hero, but he is a man with which I'd enjoy sharing a bit of idle conversation over a beer.

Windows 10: THE ULTIMATE GUIDE to Microsoft's long apology for Windows 8

gubbool

Elimate the GET Windows Ten icon

How to permanently shutdown Windows 10 upgrade notification

● http://winsupersite.com/windows-10/disabling-windows-10-upgrade-notification

● "GWX" - Get Winows 10

● HKLM\SOFTWARE\Policies\Microsoft\Windows\GWX

○ DWORD value DisableGWX set to 1

gubbool

M$ account - NOT required

demo-ed on TWIT... M$ account is not required - BUT - you must look hard for the option to by-pass it. It's there but obscured

gubbool

Re: Anyone know 100% that it's not a one way trip to windows 10???

Installation was demo-ed at TWiT last Saturday... there were some issues, but I think they all based on 'what's happening, now' as the network was a bottleneck. They did back out and return to 8.1 - a 30 day option.

Malvertising campaign hits 10 MEELLION users in 10 days

gubbool

SandBoxie, Anyone?

I've been using SandBoxie off and on this month.... it has some overhead but for free ranging on the net the overhead is probably worth the extra parts of a second.

Popular crypto app uses single-byte XOR and nowt else, hacker says

gubbool

funny

First off, several encryption methods been written and tested so there is no longer any reason to invent a new method. The App needs only the GUI. So then, that the writer is stupid is established.

Does anyone remember the copy program for Apple disks called LockSmith? That program protected itself by XOR-ing it's sector data with its byte position in the sector. Pretty simple to see the scheme when you look at a sector that should have been all zero's.

Firefox, Chrome, IE, Safari EXPLOITED to OWN Mac, PCs at Pwn2Own 2015

gubbool

false security

That Apple takes fewer hits in these contents gives false since of security. These good-bad guys, like any hungry hunter, simply hunt 1) the easier game; 2) in a land which with they are familiar; 3) with tools they have; 4) with ambition to garner the most meat per kill.

Windows 10: The Microsoft rule-o-three holds, THIS time it's looking DECENT

gubbool

Oh boy... imagine, an office full of talking people and talking computer.

I can't see where ANY of the new features are going to sway the business environment - BIG or small. If user experience was a factor in the business world MS would be have years ago; especially considering its early BSOD reputation.

I hope to be dead in 2020 which is the proposed end of life for Win7.

Reg HPC man relives 0-day rootkit GROUNDHOG DAY

gubbool

Re: Perhaps

Thanks for pointing that out. I had failed to consider "air-gapped" computers - though I doubt it in this case because of the low-level target.

Still, a good point.

BTW, was the laptop connected to the same speakers as the desktop during 'testing/evaluation"?

gubbool

Poorly Solved

And you put all your 'stuff' back on the same disk and moved on. Good luck with that!

It appears that few are reading about today's rootkits, bootkits, BIOS kits, and router kits - or M$'s declaration that once infected, a computer can not be considered safe/clean EVER again - you may remove the (or a) vandal, but no one can account for what other apps may have been installed during the exposure which go undetected. [segway: And then, there's that whole problem of factory installed holes, ie Absolute Software's Computrace (anti-thief ware) installed during manufacturing at the BIOS, aux BIOS (requiring an external chip be physically cut from the mother board), or MBR level - which can not be removed and which are not secured by encrypted access.

As to the random sounds, I had this problem twice - well, I could be wrong, so maybe this IS a different problem.

There's a phenomenon (called audio rectification) where loose, twisted, curled wires will tune-in and pick up signals from a nearby broadcast radio station and with various results, play on a nearby speaker.

I had this happen once around a computer. And I had this once from a portable radio which was powered ON with volume muted. At the time of discovery, both cases were repeated to confirm and to amaze co-workers.

Adobe goes out of band to fix frightful Flash flaw

gubbool

Thanks to Steve Jobs, I have always been afraid of anything Adobe.

I wonder how many machines being used to watch the Super Bowl got bit by the NSA (or better) .

Trojan-laden FileZilla clone slurps data, sends it to the UNKNOWN

gubbool

Double Check

I double check everything by running new files thru www.virustotal.com

Someone else usually has already done the work for me, so I need only to use the cached results and not have the program re-checked which can be time consuming.

Unlocking CryptoLocker: How infosec bods hunt the fiends behind it

gubbool

Re: Sensible to Suggest Ways of Blocking The Spread?

EMET

Enhanced Mitigation Experience Toolkit

Free from Bill.

Two million TERRIBLE PASSWORDS stolen by malware attackers

gubbool

Re: All I can say is this...

Read the article found on the following link to understand how passwords are cracked. It's not one user password at a time. User passwords are stored within an encrypted hash. Steal the hash and test words against it until you get matches.

Easy passwords are quickly solved; repeat test with a better algorithm for more passwords; repeat again until the return (resolved passwords) on investment (time) is no longer worth the effort.

The log into site with username and cracked password.

http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/

Various nuances are discussed within the article.

gubbool

RE: 16 lower case a's

RE: 16 lower case letter a's

And the equivalent 16 characters from a md5 hash comes in at

23ca472302f49b3e

63 million years

I wonder which is found in a brute force dictionary.

gubbool
Unhappy

Password Scheme

Care to know a password generating scheme that works?

The password checker at https://howsecureismypassword.net/ say that my passwords are pretty good.

<quote>

It would take a desktop PC about

501 nonillion years

to crack your password

</quote>

I use a md5 hasher to create a password; I need only remember the method used to create the root word used for all sites. The md5-er will make it different and significantly more complex.

example:

my root word for the password for 'The Register' is two parts. A ' short secret pattern' used at all sites and several characters from site name; ie. 'The Register' = happyregister. The md5 hash is 589c4d4e1f9bf29a16fd66fb385ea351 and The Register likes long passwords :)

For the few sites that don't like long passwords or requires special chars, I reduce the password length until the site is happy and add the special characters as needed. For some sites, I do have to keep up with the length and special chars, but very few; and I have a simple 'tag' based on a common pattern for all such needs. example 589c4d4e1f9bf29a16fd66fb385ea351 plus the tag 'N!'

So I copy & paste the md5 hash and type the tag...

Every site has a different password because I am using the site name as part of the root password.

I never write down a password. I use the md5 hash maker to generate it as needed.

I am never 'without' my password because I know the pattern for the root word and this site will gladly give me the md5 hash. http://www.miraclesalad.com/webtools/md5.php

If you can spot a flaw with my method, please point it out to me.

gubbool

Re: Sick and tired of remembering hundreds of passwords

There is a flaw in thinking that 'open source' means secure.

Once upon a time, a western firm provided controllers to the then USSR for the operation of their pipe line. This was at a time the the USSR could make a microprocessor from stolen technologies, but the device was 5 times the size with twice the inefficiencies in power and speed.

The US gov't inserted a backdoor into the compiler and decomplier used to create new firmware. The resulting binary always had the backdoor and available decompliers always hid the backdoor. I think that was in 1970-ish. I am old and forget what I have done.