The paper ill be keeping an eye out for..
Anal probing on a Nanometer scale..
955 publicly visible posts • joined 27 Feb 2014
The whole UDP case was for SPEED.....
over TCP, you have to setup a formal connection , do your communication , verify the data, hold it open until you get it all, then tear it down.
as a result it is easier to DOS in tcp than over UDP ,as regards to taking hte DNS down..., then there is the issue with FIN packets...
Sadly it is IMPOSSIBLE to move from windows, when many of your customers insist that they can only use office .
We have tried a number of times with trial migrations and have always had them destroyed by the customers insistence of using MS office.
There is a set of "copy" windows programs by a Chinese company "Kingsoft" that run on linux, but after taking a look at the network traffic from these programs we decided against using them.
Until someone comes up with a 100% viable way to GET OFF office, migration to another platform is impossible for many companies...
Actually them splitting out the "attachment" is potentially fraud...
Since they also handle business & legal emails for client storage, they are changing the email contents, to strip out the attachments.
Thereby tampering with the emails and changing the content...
since that content is no longer "inline" but extracted from the actual email.
in the real world an attachment to an email is NOT an attachment but inline text..., which they are both removing from and converting from the verbatim copy that went thru their systems.
there is no guarantee the email they reconstructed , is IDENTICAL to the email sent.
so in-effect they are fraudulently changing the contents of emails and misrepresenting the actual copy sent., specifically it is fraudulent ,because they do not state it is reconstructed and a misrepresentation of the actual email...
It's like me taking a 50 pound note, scraping off the ink, grinding the paper down, then reconstructing a new 50 from the material, then claiming it is genuine...
that is even before we get into are they storing the base 64 content of the email in one-drive , deliberately chewing up storage, or are they converting it back to binary, thereby potentially corrupting the verbatim copy..
Yep... just like they screwed over virtually Evey SYS admin.. a few months ago..
by preventing Computers from re-registering into AD using the SAME computer account.
so if you have machine "A", there are situations where it will not be allowed to register back into the AD if it disconnects...
they shout "Security fix" and "hardening"
Really...
so if it is "security hardening" , why is it only CLIENT side & not AD side?
What a crock of shit.... a "Security fix that any hacker can bypass locally on the machine... and no i'm not talking about the registry bypass.
They are deliberately throwing rocks in the road, to force people onto Azure... and off inhouse authentication.
Yep... I keep telling HSBC about this in HK that thier shitty SMS messages about all the bank transfers can be listened into...
they say it is for security of their customers...
more like they are providing a feed to the HK government...
but they insist phones are secure devices if they have not been rooted....
LOL you are really funny......
AV programs are the biggest offenders of Telemetry....
Go see the amount that their cloud front end offers , every false positive & every file scanned that has malware is squirreled up into their cloud , including the users name...
when a virus is found a complete path is uploaded to their cloud.. which includes ur name folder and path... such as "big coloured girls" as was recently seen on our cloud av solution... along with the directors name...
So much for the rule for our stock market listing requiring all security risks files to be identified to the board & CEO in writing in a monthly report........
sometimes i really love my job..
Hurray ... Communism wins again...... until the restrictions are lifted , and then it starts all over again....
Mind you they did build the pyramids and found Egyptian civilization, so clearly they know they are right...
Just like their laws communism is retroactive, it invented EVERYTHING and was responsible for all learning in the world ... long before it was even considered an idea.
it's enough for the plebs....
We were audited for accounts, during that time i had to sit an listen about being audited for IT,
Specifically being told that a Data center is actually the cloud.
Then watching them twist and turn when I called them out on it, only to be told by top management "it does not really matter"
How the hell can anyone act as a "professional auditor" for IT, with this level of understanding.
The google.com, is not blocked in china.....
it is blocked by google, we ran some tests outside of china looking the the DNS resolution and how it was blocked
we found we could get a computer outside of china blocked by google, if we triggered a DNS lookup inside of china.
The addresses returned resolved to addresses inside google over in calafornia data center , but access to google was blocked.
Even for a non China based computer....
So er let's not be blaming China on this one.....
They did not "discover" anything..... Been dealing with this since jan 2022 with multiple MS reports.... took them until June to admit they could duplicate it.
There is another interesting caveat to all this...... where even resetting the users PW will not return the account to normal & remove this setup. (even account shows no other authentication systems)
Had some MASSIVE arguments with both MS engineer staff and our so called support provider.
MS was at one stage INSISTING we give control to our service provider to come in as super admin above our organization so that they could insert other users to
manage our instance.
When that failed the blocked our ability to place support requests, other than via the service provider , and THEN they refused to act upon their service requests unless they were filed from OUR MS instance, basically they wanted any excuse to NOT deal with what we found.
Then when we pointed out that it was possible to log into other instances that were NOT allocated to our Admin PW or even domain name!!!, they almost shit the bed shouting its not possible.... actually yes it is.
needs certain conditions to exploit it, but doable.
Esp. when we refused to tell them how.. in view of them treating our business with such disrespect, why should we...
so for over 8 months not only do they have this shitfest.....but also a way to exploit admin login into other instances.
Their whole front end for security is a JOKE.
Becasue MS is deliberately trying to destabilize the security market so they can insert their own business & user offering.
They have gone out of their way to try and subvert any companies security tools as regards web links and redirects into AZURE masked by cloudflare..
Theri latest offering "microsoft-authenticator" which goes live next month with all MS accounts requiring 2FA is a literal GPS dog collar up every users ass...
it includes full GPS & BLE geo-location... under the guise of "security", not just when you want to 2FA but CONTINUOUS
DELL SONICWALL
also has something similar due to their marketing dept
using the front page as a fucking advertising banner......
you can request a load of images from URLS without even logging into the firewall...
it works out at about 600-6000% amplification.
send a 40 byte request and get 400-600k of reply.
The issue is much of this crap is NOT field tested in Asia, even it is made there.
The result is the "water detectors" turn red even if it has never been near real water, and the units. are ALWAYS throttling in a factory env.
where >40Deg back ground is the norm.
It is a complete pain in the ass to not have any sort of cooling, unless ur an Eskimo.
it's a nonsense argument, it presupposes that the people you elect actually know & have control of the agencies.
Just take a look at the current things the civil service is doing, with left wing propaganda that benefits less than 2% of the population, all it requires is one radical in a position of power.
iut is a deliberate policy, ready for the new microsoft protection systems they are selling.
they have DELIBERATELY removed critical functionality from 365 & azure then put it behind a pay wall.
A bit like inserting a DELIBERATE exploit into win10, that they did.
basically making it almost impossible to block the MS store in a business unless you are running the enterprise version... whilst still leaving in a policy for blocking the store, that actually does not work if it is enabled.
Then adding in a system for users to bypass any store block put in place ,by making the store accessible from 365 webmail & finally adding in a "linked in back door
it is all leading up to them selling "security services" in the cloud and them trying to force users into azure.
Then we have the dirty business of the MS authenticator
that PHYSICALLY track ANY user that has it on their device, providing telemetry data every 5 minutes back to MS!!!!
yep you thought it was just a random number+salt generator..... nope...... it is a GPS dog collar up your ass.
Yep.. there is an "exploit" in the login systems of Microsoft. for azure & 365,
it is possible to login as the admin of someone else's 365 instance, if you "catch it right"
nope i'm not going to explain how to do it.
and also an attack exploit against accounts....
MS are NOT interested., they are even LESS interested once i told them i'm not here to work as a "free Q.A staff" for their company, have a massive long running case with them over another of their policies., where they are REFUSING support requests.
Basically this is part of the attack for 365:
You use azure to run your attack systems INSIDE MS azure & in some cases a 365 instance, now becasue you are running these attacks from inside they same system cloud as Ms 365 , most of the traffic is NOT SEEN externally.
you then run desktop instances of clients to leverage the attack(inside azure), get a user to click on a link and get an authentication token, ONCE YOU HAVE THIS YOU DO NOT NEED to log in again.
since MS azure sees the "fake" account as never moving or changing the security status. *(its running inside azure from MS data centers)
The login will NEVER appear inside the azure back end. under the normal authentication systems.
Futher more MS is totally unable to track & resolve TCPIP v6 addresses, there is NO WAY to filter the traffic or set any kind of triggers, country & other filters are useless.
(most mobile phone networks use tcpip v6)
once you have this login, you then leverage dummy email zones to match the users you are attacking, by using "names cheap" and google email re-directors
and start setting up filters to put ALL the users email into the ARCHIVE SPAM folder, at this point the hacker goes thru, reads the email , replaces or deletes the content & marks it as NOT spam, putting it BACK into the user email box.
they also setup dummy businesses with VERY similar names on "namescheap" but set the mx records to google.
They also POISON your address book, removing the "genuine" email addresses" and replacing it with poisoned ones. (same contacts , slightly different domain spelling)
Start typing an email address & you get the poisoned address, which redirects to their dummy domain so they can add "wares" before sending to the real recipients.
It is a highly efficient attack strategy, and they can run inside your business for months , gradually leveraging into customers & suppler systems using the same methods.
They are VERY VERY careful and become highly proficient on the running of the business & financials ,plus all systems related to money relases.
I have a very angry "support partner" who is spitting blood because i wont give them or allow Admin support in our tenant.
Even MS says "we have to" so that they can file "support" against any problems we might have....
apparently they have to go into your tenant and press the support button from INSIDE to get proper support from MS.
Seems like bullshit to me....
This was after finding that one of their staff had made an admin object that they "did not know what it was for or when it was made or by whom"
keeping in mind we are a publicly traded company... and "admin" has the rights to read every email.