* Posts by razorfishsl

955 publicly visible posts • joined 27 Feb 2014

Page:

Boffins snap X-ray closeup of single atom – and by closeup we mean nanometres

razorfishsl

The paper ill be keeping an eye out for..

Anal probing on a Nanometer scale..

Alpine Linux 3.18 fixes DNS over TCP issue, now ready for all the internet's problems

razorfishsl

The whole UDP case was for SPEED.....

over TCP, you have to setup a formal connection , do your communication , verify the data, hold it open until you get it all, then tear it down.

as a result it is easier to DOS in tcp than over UDP ,as regards to taking hte DNS down..., then there is the issue with FIN packets...

Microsoft will upgrade Windows 10 21H2 users whether they like it or not

razorfishsl

it's started already in Asia.....

all the 21H n are updating to 22H2 in the last few days..., caused all sorts of problems and required the rapid purchase of extra ram...

Alien rock causes cosmic disturbance in New Jersey home

razorfishsl

it's clean on one side, which means it exploded after getting burned, so there are likely other pieces nearby...

Red Hat layoffs spark calls to unionize, CEO wades in

razorfishsl

Ahhh yes.... IBM

No more feature updates for Windows 10 – current version is final

razorfishsl

For Christ sake finally.

you aught to see this win 10 Crap in asia.....

There is adverts all over the menus and some damned cat or girl appears, just like clippy used to...

It is absolutely pounding our leased lines with the continual GARBAGE, that dose nothing to add value to a business.

More ads in Windows 11 Start Menu could be last straw for some

razorfishsl

Sadly it is IMPOSSIBLE to move from windows, when many of your customers insist that they can only use office .

We have tried a number of times with trial migrations and have always had them destroyed by the customers insistence of using MS office.

There is a set of "copy" windows programs by a Chinese company "Kingsoft" that run on linux, but after taking a look at the network traffic from these programs we decided against using them.

Until someone comes up with a 100% viable way to GET OFF office, migration to another platform is impossible for many companies...

Microsoft stumps loyal fans by making OneDrive handle Outlook attachments

razorfishsl

Actually them splitting out the "attachment" is potentially fraud...

Since they also handle business & legal emails for client storage, they are changing the email contents, to strip out the attachments.

Thereby tampering with the emails and changing the content...

since that content is no longer "inline" but extracted from the actual email.

in the real world an attachment to an email is NOT an attachment but inline text..., which they are both removing from and converting from the verbatim copy that went thru their systems.

there is no guarantee the email they reconstructed , is IDENTICAL to the email sent.

so in-effect they are fraudulently changing the contents of emails and misrepresenting the actual copy sent., specifically it is fraudulent ,because they do not state it is reconstructed and a misrepresentation of the actual email...

It's like me taking a 50 pound note, scraping off the ink, grinding the paper down, then reconstructing a new 50 from the material, then claiming it is genuine...

that is even before we get into are they storing the base 64 content of the email in one-drive , deliberately chewing up storage, or are they converting it back to binary, thereby potentially corrupting the verbatim copy..

UK.gov bans TikTok from its devices as a 'precaution' over spying fears

razorfishsl

They need to replace the equipment

Microsoft delivers 75-count box of patches for Valentine's Day

razorfishsl

Yep... just like they screwed over virtually Evey SYS admin.. a few months ago..

by preventing Computers from re-registering into AD using the SAME computer account.

so if you have machine "A", there are situations where it will not be allowed to register back into the AD if it disconnects...

they shout "Security fix" and "hardening"

Really...

so if it is "security hardening" , why is it only CLIENT side & not AD side?

What a crock of shit.... a "Security fix that any hacker can bypass locally on the machine... and no i'm not talking about the registry bypass.

They are deliberately throwing rocks in the road, to force people onto Azure... and off inhouse authentication.

Scammers steal $4 million in crypto during face-to-face meeting

razorfishsl

Re: The entire operation used a clone phone

Yep... I keep telling HSBC about this in HK that thier shitty SMS messages about all the bank transfers can be listened into...

they say it is for security of their customers...

more like they are providing a feed to the HK government...

but they insist phones are secure devices if they have not been rooted....

razorfishsl

They must have done it by intercepting the WIFI traffic....

bet they have found a way to merge data into a transaction to redirect it...

China's Yangtze Memory reportedly lays off staff, evicts them from company housing

razorfishsl

Ah yes....... no matter how advanced they claim to be.... their main business is corruption...

Microsoft swears it's not coming for your data with scan for old Office versions

razorfishsl

Re: Strange way to respect user privacy

LOL you are really funny......

AV programs are the biggest offenders of Telemetry....

Go see the amount that their cloud front end offers , every false positive & every file scanned that has malware is squirreled up into their cloud , including the users name...

when a virus is found a complete path is uploaded to their cloud.. which includes ur name folder and path... such as "big coloured girls" as was recently seen on our cloud av solution... along with the directors name...

So much for the rule for our stock market listing requiring all security risks files to be identified to the board & CEO in writing in a monthly report........

sometimes i really love my job..

Go to security school, GoTo – theft of encryption keys shows you need it

razorfishsl

The other company to watch is those arrogant clowns over at 1password....

LastPass admits attackers have a copy of customers’ password vaults

razorfishsl

I think we are about to see this whole thing go sideways... very badly...

TikTok confirms it tracked journalists' locations as part of leak investigation

razorfishsl

And if you believe this... i have some highly valuable FTX Crypto currency to sell you.

Apple accused of censoring apps in Hong Kong and Russia to maintain market access

razorfishsl

You have to laugh that a homosexual who demands freedoms & runs accompany is then prepared to strip others of the same freedoms he demands...

What a hypocrite......

China declares victory over teenage video game addiction

razorfishsl

Hurray ... Communism wins again...... until the restrictions are lifted , and then it starts all over again....

Mind you they did build the pyramids and found Egyptian civilization, so clearly they know they are right...

Just like their laws communism is retroactive, it invented EVERYTHING and was responsible for all learning in the world ... long before it was even considered an idea.

Tech companies in the crosshairs as China proposes antitrust law revisions

razorfishsl

Let's also not forget..... that many Chinese laws are "retro-active".

so it's not about what you do after the law passes, but what you did before...

DraftKings gamblers lose $300,000 to credential stuffing attack

razorfishsl

This is what happens when you let retard addicts use computers....

Biden administration earmarks $13b to modernize electric grid

razorfishsl

Re: IT does not matter

you have had 2 years of illegally pissing the US down the drain... only now do you try and blame the republicans...

razorfishsl

Spend spend spend... like there's no tomorrow....

could have done this 2 years ago.....

Federal bans aren't stopping US states from buying forbidden Chinese kit

razorfishsl

Re: Perhaps the buyers

That is incompetence ,not malice.

Microsoft's Lennart Poettering proposes tightening up Linux boot process

razorfishsl

So basically the start of caging linux... putting it under the control of MS

Canonical makes Ubuntu Pro free for up to five machines

razorfishsl

It's a trap... just like red hat

Linus Torvalds to kernel devs: Grow up and stop pulling all-nighters just before deadline

razorfishsl

Simple reduce the merge window to a week for submitters., and use the last week for Linus.

FYI: Microsoft Office 365 Message Encryption relies on insecure block cipher

razorfishsl

it's enough for the plebs....

We were audited for accounts, during that time i had to sit an listen about being audited for IT,

Specifically being told that a Data center is actually the cloud.

Then watching them twist and turn when I called them out on it, only to be told by top management "it does not really matter"

How the hell can anyone act as a "professional auditor" for IT, with this level of understanding.

Boss of Chinese memory maker Yangtze departs for no obvious reason

razorfishsl

So they can keep their hands clean and still get to hte U.S to do "collaborations" & research.....

China upgrades Great Firewall to defeat censor-beating TLS tools

razorfishsl

The google.com, is not blocked in china.....

it is blocked by google, we ran some tests outside of china looking the the DNS resolution and how it was blocked

we found we could get a computer outside of china blocked by google, if we triggered a DNS lookup inside of china.

The addresses returned resolved to addresses inside google over in calafornia data center , but access to google was blocked.

Even for a non China based computer....

So er let's not be blaming China on this one.....

US border cops harvest info from citizens' phones, build massive database

razorfishsl

The fact that it's just been disclosed that the FBI has been tagging parents with a Monika used to identify terrorists

means that these people would be on that potential target list every time they fly.

Funny how the pieces fit together is in ton?

Crooks target top execs on Office 365 with MFA-bypass scheme

razorfishsl

Re: Unbelievable

DO NOT use the MS authenticator

it is a dog collar GPS up your ass.

it reports geo-location of any one using it , back to MS every 5 minutes....

They are building a massive tracking system of personal information... just like Apple & google.

razorfishsl

They did not "discover" anything..... Been dealing with this since jan 2022 with multiple MS reports.... took them until June to admit they could duplicate it.

There is another interesting caveat to all this...... where even resetting the users PW will not return the account to normal & remove this setup. (even account shows no other authentication systems)

Had some MASSIVE arguments with both MS engineer staff and our so called support provider.

MS was at one stage INSISTING we give control to our service provider to come in as super admin above our organization so that they could insert other users to

manage our instance.

When that failed the blocked our ability to place support requests, other than via the service provider , and THEN they refused to act upon their service requests unless they were filed from OUR MS instance, basically they wanted any excuse to NOT deal with what we found.

Then when we pointed out that it was possible to log into other instances that were NOT allocated to our Admin PW or even domain name!!!, they almost shit the bed shouting its not possible.... actually yes it is.

needs certain conditions to exploit it, but doable.

Esp. when we refused to tell them how.. in view of them treating our business with such disrespect, why should we...

so for over 8 months not only do they have this shitfest.....but also a way to exploit admin login into other instances.

Their whole front end for security is a JOKE.

Hiding a phishing attack behind the AWS cloud

razorfishsl

Re: checking url is bad advice when using outlook cloud shite

Becasue MS is deliberately trying to destabilize the security market so they can insert their own business & user offering.

They have gone out of their way to try and subvert any companies security tools as regards web links and redirects into AZURE masked by cloudflare..

Theri latest offering "microsoft-authenticator" which goes live next month with all MS accounts requiring 2FA is a literal GPS dog collar up every users ass...

it includes full GPS & BLE geo-location... under the guise of "security", not just when you want to 2FA but CONTINUOUS

razorfishsl

And Azure

Indian military ready to put long-range quantum key distribution on the line

razorfishsl

It will get stolen by China within 6 months to a years.

They have Hwawei kit all over china data centers....

Palo Alto bug used for DDoS attacks and there's no fix yet

razorfishsl

DELL SONICWALL

also has something similar due to their marketing dept

using the front page as a fucking advertising banner......

you can request a load of images from URLS without even logging into the firewall...

it works out at about 600-6000% amplification.

send a 40 byte request and get 400-600k of reply.

AI-friendly patent law needed 'as a matter of national security', ex-USPTO boss says

razorfishsl

Patents should be for Humans only,

This prevents greedy bastards entering all man kinds knowledge then using AI to mine it bare all for the sake of a $

Same with DNA, no one should be allowed to "patent " it, it would be like patenting chess moves.

Apple forgoes cooling systems in M2 MacBook Air

razorfishsl

Yep.. just like the filthy perverts in HK sitting on the MTR watching porn with school children about.....

I was walking behind a guy the other day that had a tablet showing full gay on gay porn.

That is shit that is going to be with me for the rest of my very short life.

razorfishsl

The issue is much of this crap is NOT field tested in Asia, even it is made there.

The result is the "water detectors" turn red even if it has never been near real water, and the units. are ALWAYS throttling in a factory env.

where >40Deg back ground is the norm.

It is a complete pain in the ass to not have any sort of cooling, unless ur an Eskimo.

British intelligence recycles old argument for thwarting strong encryption: Think of the children!

razorfishsl

Re: "govern"

it's a nonsense argument, it presupposes that the people you elect actually know & have control of the agencies.

Just take a look at the current things the civil service is doing, with left wing propaganda that benefits less than 2% of the population, all it requires is one radical in a position of power.

Outlook email users alerted to suspicious activity from Microsoft-owned IP address

razorfishsl

cannot be done......

and even on E3, it DOES NOT work wit tcpip v6 addresses!!!!!!

it ONLY works with TCPIP v4.

razorfishsl

iut is a deliberate policy, ready for the new microsoft protection systems they are selling.

they have DELIBERATELY removed critical functionality from 365 & azure then put it behind a pay wall.

A bit like inserting a DELIBERATE exploit into win10, that they did.

basically making it almost impossible to block the MS store in a business unless you are running the enterprise version... whilst still leaving in a policy for blocking the store, that actually does not work if it is enabled.

Then adding in a system for users to bypass any store block put in place ,by making the store accessible from 365 webmail & finally adding in a "linked in back door

it is all leading up to them selling "security services" in the cloud and them trying to force users into azure.

Then we have the dirty business of the MS authenticator

that PHYSICALLY track ANY user that has it on their device, providing telemetry data every 5 minutes back to MS!!!!

yep you thought it was just a random number+salt generator..... nope...... it is a GPS dog collar up your ass.

razorfishsl

Yep.. there is an "exploit" in the login systems of Microsoft. for azure & 365,

it is possible to login as the admin of someone else's 365 instance, if you "catch it right"

nope i'm not going to explain how to do it.

and also an attack exploit against accounts....

MS are NOT interested., they are even LESS interested once i told them i'm not here to work as a "free Q.A staff" for their company, have a massive long running case with them over another of their policies., where they are REFUSING support requests.

Basically this is part of the attack for 365:

You use azure to run your attack systems INSIDE MS azure & in some cases a 365 instance, now becasue you are running these attacks from inside they same system cloud as Ms 365 , most of the traffic is NOT SEEN externally.

you then run desktop instances of clients to leverage the attack(inside azure), get a user to click on a link and get an authentication token, ONCE YOU HAVE THIS YOU DO NOT NEED to log in again.

since MS azure sees the "fake" account as never moving or changing the security status. *(its running inside azure from MS data centers)

The login will NEVER appear inside the azure back end. under the normal authentication systems.

Futher more MS is totally unable to track & resolve TCPIP v6 addresses, there is NO WAY to filter the traffic or set any kind of triggers, country & other filters are useless.

(most mobile phone networks use tcpip v6)

once you have this login, you then leverage dummy email zones to match the users you are attacking, by using "names cheap" and google email re-directors

and start setting up filters to put ALL the users email into the ARCHIVE SPAM folder, at this point the hacker goes thru, reads the email , replaces or deletes the content & marks it as NOT spam, putting it BACK into the user email box.

they also setup dummy businesses with VERY similar names on "namescheap" but set the mx records to google.

They also POISON your address book, removing the "genuine" email addresses" and replacing it with poisoned ones. (same contacts , slightly different domain spelling)

Start typing an email address & you get the poisoned address, which redirects to their dummy domain so they can add "wares" before sending to the real recipients.

It is a highly efficient attack strategy, and they can run inside your business for months , gradually leveraging into customers & suppler systems using the same methods.

They are VERY VERY careful and become highly proficient on the running of the business & financials ,plus all systems related to money relases.

Ex-Coinbase manager charged in first-ever crypto insider trading case

razorfishsl

Ahhh yes "coinbase" again.....

Funny how they can never seem to get clean......

Amazon sues 10,000 Facebook Group admins for offering fake reviews

razorfishsl

No...

becasue you get Chinese supplier giving away products for free as "purchases" to get round this situation.

or sending out "fake" products as sales

it's an old game.

remember all the seeds they were sending out to get postal tracking data.

Is the $10 billion James Webb Space Telescope worth the price tag?

razorfishsl

Re: And the answer to the question is

video tape was invented.....

he did not need to watch them live....

Health trusts swapped patient data for shares in an AI firm. They may have lost millions

razorfishsl

Yep.. so they sold their patients out to get personal profit & then got ripped off

but then that company can sell the data on

Microsoft gives its partners power to change AD privileges on customer systems – without permission

razorfishsl

I have a very angry "support partner" who is spitting blood because i wont give them or allow Admin support in our tenant.

Even MS says "we have to" so that they can file "support" against any problems we might have....

apparently they have to go into your tenant and press the support button from INSIDE to get proper support from MS.

Seems like bullshit to me....

This was after finding that one of their staff had made an admin object that they "did not know what it was for or when it was made or by whom"

keeping in mind we are a publicly traded company... and "admin" has the rights to read every email.

Alibaba joins rivals in offering tool for those under pressure to reduce carbon emissions

razorfishsl

When they close down face book & twitter, THEN I will think about looking at my carbon footprint

But i'm damned if I'm going to worry about something whilst large % of the population is posting fucking cat pictures...

and lecturing me about being "green" and saving the planet.

Page: