* Posts by awood-something_or_another

110 posts • joined 14 Jun 2014


Adobe to hire security auditor to prevent repeat of password SNAFU


Re: Well, cool.

No, they're hiring someone to finger all the people that need to be arrested for identifying gaping holes in the warez of an ORG that is still alive despite being completely inept at writing a decent app. WHY THE FUCK IS JS EMBEDDED IN PDFs ..... lame fucking marketers, that's why.


US Navy wants 0-day intelligence to develop weaponware


Re: 0 day...?

RE: So, El Reg, why use a picture that was taken over 50 years ago in 1964?

Cause that's how old their tech is!

China's hackers stole files on 4 MEELLION US govt staff? Bu shi, says China


Re: Jeez

The victim is absolutely to blame! Everyone today is so fucking worried about how the l'users will feel about a change, instead of forcing the users to comply. You want a fucking benefit - YOUR JOB. Everyday I'm told how implementing best practices will inconvenience the user and therefore that sound architecture WILL BE SHELVED. WHAT?!?

You can't handle sensitive information and visit snaptwitter and facetube ON THE SAME FUCKING HOST! And yet, still you have compromise after compromise. If you take China's repressive network policy and apply it where it needs to be - @WORK, maybe that shit wont leak.

Everyone out here is like, "OMG, this place is so awesome to work. We get free this and free that, and I can bring in any device I want and connect and waste all day long planning my wedding that will last 2 years.....and my brats love the new retina display on my work PC, so I give it to them to play with to keep them outta my hair, and it's so awesome". TAKE A FUCKING BREATH!

So, EE. Who IS this app on your HTC M9s sneakily texting, hmm?


If you think ..........

...... that the only thing your Smarter-Than-U phone is doing is calling home to China you'd better learn to look again. How about you develop a skill called MITM and watch what your phone really does. As in YOU ARE ALREADY PWN'd!!!!!!

POST /userlocation/v1/reports/1605150082?devicePrettyName=SAMSUNG-SM-N900A........

Host: www.googleapis.com..................







Naked cyclists take a hard line on 'aroused' protest participant


Just don't go 'round sniffing seats.......

..... oh yeah, there's that side of it.

PCI council gives up, dumbs down PCI DSS for small business


Re: Disabling security to allow security tests

Obviously you don't get it, Keith. An IPS or WAF protection cannot and most definitely SHOULD NOT EVER be used as a solution to mask shit code, by shit coders.

Sure, WAFs are great to provide 'additional' protection, or virtual patching, but they can be turned off, leaving bad code exposed. You might think, "OH, but those are edge scenarios" - they're not. Waaaaa .... I can't push JS to my CMS cause the WAF is blocking it. "Sorry, did you tell me about that IP which should be whitelisted or do you want me to just disable the WAF entirely??"

CODE has be able to stand on its own. You can't say, "Hey, you have a SQL injection vuln, we'll just use the WAF ..... CAUSE YOU STILL HAVE A SQL INJECTION VULN!

Relying on IPS or WAF to mask a dev's lack of knowledge means 2 people should be fired, the dev and Security Engineer that suggested it!

Sorry Keith, you're fired.

Get paid (airline) peanuts with United's new bug bounty program


They have to try something to fill seats......

Who-T-F wants to fly United? Welcome to United. Our seats are plywood with a thin pleather covering.

Heartbleed, eat your heart out: VENOM vuln poisons countless VMs


If you're debating "remediate"..........

........you're late to the game. This shit was over yesterday. Why are you still talking about it today?

Enjoying the Spring? Microsoft has 13 ways to fix that


They're not MS-9xx they're MS-0xx.

Come on dumb-ass Register posters. Have someone QA your inaccurate posts!

That DRM support in Firefox you never asked for? It's here



I'm sorry .... I don't recognize that name.

Adobe required = Adobe not seen They are a criminal organization. I'll view a PDF, in a non-Adobe viewer, without JavaScript. Adobe is dead; at least to me.

$7500 DDoS extortion hitting Aussie, Kiwi enterprises


Re: 400Gbps

400? Chump bandwidth. Ya better start at a 1TBPs if ya wanna be considered a DDoS contender.

Carders crack Hard Rock casino


They continue to lie, we buy it!

They picked off CC#s, Names and addresses, but not Pins or CVVs? Laughable. You can't have an initial transaction and NOT get the golden 3 (or 4 for AE).

What I love best is these criminals (the casinos) are getting what they deserve, and cannot beat down the offenders. I don't promote theft, but I do promote getting over on the man. These assholes only let you play if you're not smart enough to win. As soon as you are, you're blacklisted.

TAKE THE $$$ and run. There are certainly enough camera that we should be able to catch the look on their face when they've been beat! [Laughing my ass off!!!!]

When the Schmidt hits The Man: Look what the NSA made Google do



You should take the time to MITM your phone. Just one of the MANY curious things......Every few minutes, your phone connects to an IP address and transmits your LAT/LONG. Whois has that IP address belonging to Google.......EVERY FEW MINUTES.

Ya spent several hundred on your trusty phone. Spend $200 on Burp Suite Pro, learn to use it and see what your phone is doing in the background. Hey, what was that connection to China??

Chrome version 42 will pour your Java coffee down the drain: Plugin blocked by default


Here's the deal.......

Google should be commended to forcing change for the good. 1st, Java is shit! 2nd, Shit is crammed into where it doesn't belong, like in PDFs For example, malware writers can get Java to execute in PDFs, even if it is a 'comment', as long as it is in the 1st page. Just opening the doc executes it (Not exactly safe).

Now for those that bemoan the need to support old IE. I assume you mean IE8, the browser that 'real' developers HATED from the start, and shit developers loved. All those shit devs are gone, but their apps live on, and live on still IE8.

Organizations are too afraid, or unable to move forward. My last company's primary app back-end is still Foxpro for DOS - Copyright 1989 ....it says so on the screen. I work for a company that requires you to have installed another SHIT app called Flash. What is Flash used for - Nothing. It's legacy code that they are TOO afraid to remove, because they do not understand what will happen if they do.

The answer, use one browser for crap like Java and Flash (and you know which one I'm talking about), and disable them in Chrome (moot point by now) and FF. IF, and only IF those sites require it, break out IE, or else let it/them lie dormant. I know it sucks to not have flash based ads distracting your attention with all their movement, and the utter lack of kitten video pleasure, but Java and Flash are the enemy, not Google. How is it that the maker of Java requires you to run extremely old and vulnerable versions of it just to use their own, over priced, crap-apps?

Fancy six months of security nirvana for free? Read on...


BitDefender = Crap.

I don't know why this wanna-be AV gets any props. A quarterly AV run-off rates it right up there with TM Titanium, yet when I fed both of them Chinese and common phishing malware, the only thing BD found some was cookies on my host. TM didn't get them all, but BD SUCKS!

NSA: 'Back doors are a bad idea, give us a FRONT door key'


Re: "....all the user would need to do is run their own encryption on top"

"yes in theory, but this cunning plan relies on the fact that most users aren't savvy or motivated enough to do that..."

And if you walk around a bad part of town and do not know self-defense (or are not self-defense savvy or motivated, as it were), their problem.

You either are or are not savvy. Those who take the time to become [savvy] have an advantage. It's the same everywhere - Finance, job, relationships, etc. Too bad for them.

Torvalds' temptress comes of age: Xfce 4.12 hits the streets


Like XFCEs Lite, but......

Who cares! Linux is for heavy lifting, not pretty Windows. If it opens an app, great ..... who gives a shit about the rest. It's all about what doesn't require X.

Sony tells hacked gamer to pay for crooks' abuse of PlayStation account


Who gives a fuck?!?!

Perhaps this person should be more concerned about his retirement and stop wasting his fucking life doing things that don't make a fuck of a difference when it comes to LIVING.

You gamers are fucking idiots. You neglect your babies, wives, life.....exercising your thumbs and wonder why you have no concept of what real life is all about. Waaaaaaaa for your fucking BAN! How about you drop a hundred pounds from your soda and junk food obesity, ya lazy fucks.

Day FOUR of the GitHub web assault: Activists point fingers at 'China's global censorship'


Layer 7 routers???

Some part of the network (possibly the routers) is injecting Javascript into the response traffic after it has left Baidu but before it reaches the user to add extra Javascript.

@thames - WOW - Layer 7 routers. How ingenious. I mean I get it - self-realizing routers that inject JS ..... how bored they must have become operating only @ Layer 3 .... where routers operate.

Virgin Media takes its time on website crypto upgrade


Re: There are no practical exploits of the algorithm

Challenge Accepted!

Keep us updated. I sense you have no idea about Crypto.


Re: Phew...

I've been bitching about EL REG's lack of SSL since last year. The answer - Coming soon. They must be speaking in Geologic Time.


Apple is picking off iOS antivirus apps one by one: Who'll be spared?


Re: Ya know what I love about apple drones?

Just what, pray tell, does your rant have to do with the article or any of the comments?

Ummmm.....that apple drones believe that there is no reason to check for malware because of a superiority notion that apple operating systems are not targeted and the mother-ship is protecting them from the worlds worst. I hear the same bunk @ work .... " There isn't any malware targeting apple OS' " - WRONG!

You don't think the NSA is going to let you people walk around unchecked, do ya? So go back to your sandpit and insert head.


Ya know what I love about apple drones?

How fucking ignorant you all are. Apple OS' are not vulnerability free..... I see it every day. You group of dolts are absolutely clueless!

Hawk like an Egyptian: Google is HOPPING MAD over fake SSL certs


Simple enough......all chinese root certs gone. That took a whole 2 minutes.

Premera healthcare: US govt security audit gave hacked biz thumbs up


Idiots, all of you.......

"I can't swear to it", "I think", "Lax US security rules", and the scared anonymous bitch "Obama-Scare".......

1st, if you think, or can't swear to it, STFU until you *know* something. 2nd, you fucking wankers and your "the US sucks" mentality ..... your shit isn't any better. PLEASE! 3rd, quit being a scared anonymous bitch!

There isn't any org better or worse than a US org. If that were a falsehood, then I wouldn't have to fight off Chinese bad actors coming at us from a PWN'd Britton VPS.

Nobody gives a shit until they have to write a check. Then, once the dust settles, nobody gives a shit anymore, until they have to write another check.

When is the last time someone on US soil was poisoned by Po-210? You european 3rd world country residents can stuff that noise.

Cyanogen finds $80m in collecting tin after busking session


Re: And them who darest not be named ?

Microsoft has in the past complained that Google Inc., which manages Android, has blocked its programs from the operating system.

Well, MS certainly knows what that tactic when it sees it.

We have no self-control: America's most powerful men explain why they're scared of email


I don't get all the fuss......

....the NSA already has captured all her email. Ya wanna know what was deleted, just ask the guys you fund!

SIM hack scandal biz Gemalto: Everything's fine ... Security industry: No, it's really not


Re: HSM?

They bought SafeNet ...... they'd better have an HSM. SafeNet uses their own HSM for their corporate CA.

Snowden's favourite Linux - Tails - rushes sec-fix version to market


Devs know nothing........

If you want security, you hire security minded devs. Therein lies the problem, THERE ARE NONE. All they do is crank out bragging-rights code, which is later found to be flawed. SO HIRE THOSE THAT FIND THE FLAWS! No way, you say .... that costs money. No shit! Who wants to pay for quality? Not a CFO, that's who-not.

C’mon Lenovo. Superfish hooked, but Pokki Start Menu still roaming free


Lenovo = China, you decide.

Not so hard, huh?

Gemalto: NSA, GCHQ hacked us – but didn't snatch crucial SIM keys



<lies>Everything Gemalto says</lies> .... Wouldn't you if the NSA essentially put you out of business? Again, what is the NSA's role?

Cert-slurping security firms chop super-fishy features


Maybe orgs will finally understand.......

.....why us security types are SO FUCKING PARANOID! LOL


Re: They're missing the point - just like Lenovo...

Ya beat me to it! My head almost exploded when I read "The potential issue".

Vint Cerf: Everything we do will be ERASED! You can't even find last 2 times I said this


You've been trolled!

Who gives a shit?!?!

Hacker kicks one bit XP to 10 Windows scroll goal


Re: Backwards compatibility

Seriously, an Oracle drone boasting about "I run Oracle on Linux". You have nothing to say about vulnerabilities ..... you support the worst vuln company EVER!!!

Jeb Bush, the man who may lead the US in 2016, dumps Floridians' private data on the web



Did you really expect a republican't to have even the slightest understanding of technology. They all want us back in the dark ages.

Remember 2008!!!!



Biting the hand that feeds IT © 1998–2020