* Posts by Twilight Turtle

33 publicly visible posts • joined 11 Jul 2014

Chinese gang shoots down aerospace security with MSFT flaws

Twilight Turtle

I'm not sure this is factually accurate. Before the 2014 patch, cleartext password will be stored in LSASS for interactive logon sessions unless explicitly disabled. By default Vista, 7, 2008, 2008R2 and 2012 all stored plaintext credentials in LSASS until KB2871997 when this was disabled by Microsoft, but that still doesn't remove plaintext credentials from WDigest according to their own patch overview ( http://blogs.technet.com/b/srd/archive/2014/06/05/an-overview-of-kb2871997.aspx ). I don't know about Kerberos but it certainly used to be the case that it also required plaintext storing of credentials in-memory for ticket generation

My understanding is that the cleartext passwords are stored encrypted and in-memory via SSP, historically for numerous supported authentication methods but these days pretty much solely for WDigest. The encryption is done via the LSAProtectMemory function, which can simply be reversed via (ab)use of the LSAUnprotectMemory function. There are several tools publicly available that do this, including WCE and Mimikatz.

Twilight Turtle

You can dump plaintext passwords from the Windows Authentication Digest in every version of Windows since XP, except AFAIK 10, with admin on that box.

Twilight Turtle

...these are all subject to change

All too true, but they do represent 'easy wins' that are quick to deploy and can be used retrospectively to check across log data for any signs of compromise. Pushing out IDS/IPS rules for picking up the traffic on the wire won't tell you if you got owned a year ago unless they/your AV have completely failed at cleaning up.

Chinese popped-box VPN crims screamed hacker booty in cleartext

Twilight Turtle

...Good guy or bad guy?

It's basically an anonymity network built pretty much solely on compromised Windows infrastructure owned by unaware third parties. Even if there are non-malicious users of it, the thing is in principle nefarious.

Slippery Windows Updates' SOAP bubbles up SYSTEM priveleges

Twilight Turtle

Re: Am I misreading this?

Theoretically, it would also allow you to move laterally in some environments where the deployment of Windows updates is managed by a centralised server. Get local admin on that server via, say, a compromised service account (people seem to love giving their service accounts local admin) and you could effectively weaponise updates deployed to other hosts.

British spooks wave through Samsung S6 mobes for UK govt bods

Twilight Turtle

"...as well as in the pub sector"

How may I apply for this "pub sector"? I have a decade of experience in consuming fine ales which I think would greatly benefit potential employers.

Wicked WikiLeaks leaks considered harmful: Alert over malware lurking in dumped docs

Twilight Turtle

If you're referring to the TrueType one from the tail end of last year, I think the actual vuln was in the way that certain Microsoft products parsed crafted TrueType files, so I'm not sure the same exploit would work against other vendors implementations of the TrueType standard. But don't hold me to that.

Twilight Turtle

If it's CVE-2010-3333, then LibreOffice or OpenOffice will probably do.

Or, y'known, any Windows versions of Microsoft Word that's been patched in the last half-decade.

'I'm COMING for you, DIRTBAG!': Ex-Sony chief Smedley to Kid Lizard hacker

Twilight Turtle

Re: "a cowards justice system"

So you're not interested in academic studies, contained in which are those very statistics you apparently want, but are quite happy to post a newspaper article that doesn't actually demonstrate that harsher prison sentences reduce re-offending generally, but only that they do in the case of one particular judicial system (IE, that of the UK).

Interesting to note that the reason given by Justice Secretary for the better performance of longer-serving criminals is their own failure to institute working rehabilitation programmes for short-term prisoners.

Twilight Turtle

Re: "a cowards justice system"





I mean, it's not as if it's a subject that's been subject to extensive academic review...

Twilight Turtle

Re: "a cowards justice system"

Funny how proponents of retributive justice systems always resort to hyperbole and bluster when disputing the effectiveness of more liberal justice systems. I assume it's because they can't argue with the simple facts.

Twilight Turtle



Pathetic bawling oaf; the notion that his ittle bittle wittle fweelings are somehow of more value than the judgements of a legal system that, let's be honest, does about the best job of rehabilitating and reintegrating criminals back into society of basically any in the world is truly fucking laughable.

China hacks 'everything that doesn't move' says Hilary Clinton

Twilight Turtle

Re: @thx1138v2 - Just curious

I read them as two distinct things, but I've not had enough coffee yet. Pretty sure the Snowden disclosures fingered the Pentagon as the most likely source of the loss of the F-35 plans. That or one of the myriad of defence contractors involved in it who have been compromised over the years.

Post-pub nosh neckfiller: Nasi goreng pattaya

Twilight Turtle

Re: Ketchup?

Alternatively, Ketjap Manis might make a more authentic substitution for Ketchup for the napalm-shy.

Please no non-consensual BACKDOOR SNIFFING, Mr Obama

Twilight Turtle

Struggling for words

Who moots these policy ideas? I struggle to understand how any policy makers are so ignorant of the underlying principles of cryptography and secure communications that they think magical one-way backdoors that open for patriotic 'merkin gov'ment employees but not for the Chinese or pesky Eastern European crims are even technically feasible, let alone reasonable.

VENOM virtual vuln proves less poisonous than first feared

Twilight Turtle

Re: Snakebite made with cider and lager?

Ahh, memories of my university days.

Allow me to introduce the "turbo snakebite". You will need, per person:

1x jug, approximately 2 pints in volume

1/4 jar (500ml) Old Rosie cider

1x Pound-a-can 7% Polish larger such as Okocim

50ml Wray and Nephew

50ml blackcurrant cordial (trust me, you'll need it)

Unlike the Venom vulnerability, this does scale rather well. Enjoy!

WikiLeaks, er, leaks the Bundestag Inquiry into NSA naughtiness

Twilight Turtle


I find it difficult to believe that Merkel and other senior figures in the German cabinet weren't aware of the...ongoing collaborative work, shall we say...between the BND and NSA when they decided to very publicly denounce snooping purported to have targeted the German government.

Theresa May: Right, THIS time we're getting the Snoopers' Charter in

Twilight Turtle

If there's ever a time to mourn the collapse...

...of the Liberal Democrats, it's now. Hopefully that majority will be just too slim to overcome the objections of the more liberal/sensible/reasonable/rational amongst the Tory back-benches.

I sincerely hope we won't continue to see ridiculous bollocks like this and the banning of encryption being proposed, but without the moderating effects of the Lib Dems I'm doubtful.

Spooks BUSTED: 27,000 profiles reveal new intel ops, home addresses

Twilight Turtle


...If their methodology consists of searching for anyone who has "OSINT" as a tagged skill on LinkedIn, I imagine it's going to contain a great many things other than spooks.

HP Stream x360: Flippable and stylish Chromebook killer

Twilight Turtle

Talking of RAM...

I didn't see it mentioned in the review (though I might have just missed it), but is the RAM in this standard form factor stuff and therefore upgradable? If so, could make a perfectly serviceable replacement for my ancient, now-borderline-useless Netbook.

Paul Allen hunts down sunken Japanese WWII super-battleship

Twilight Turtle

"The Germans learned from their experience in Spain..."

As well as from the likes of B.H. Liddell Hart, J.F.C Fuller and Mikhail Tukhachevsky, all of whom (amongst numerous others) had been proposing combined arms warfare since the late 1920's. Sadly Liddell Hart and Fuller were largely ignored by the British military establishment, and Tukhachevsky's significant impact in developing Soviet Deep Battle doctrine came to a fairly abrupt end when Stalin had him purged. People like Ritter von Thoma and Heinz Guerian, who worked to develop German armoured warfare principles, cited Hart and Fuller by name in their writings on the subject.

UK official LOSES Mark Duggan shooting discs IN THE POST

Twilight Turtle

Re: And still using DISCS IN THE POST

True, it was more a case of puzzlement on my part at the (apparent) outrage of sensitive disks being sent in the post at all.

Twilight Turtle

Re: And still using DISCS IN THE POST

It's worth pointing out that, in the UKGov handling guide for protectively marked materials, Royal Mail Special Delivery is specifically mentioned as a permissible transmission channel for everything up to Top Secret.

VW's Scirocco diesel: A sheep in Wolfsburg’s clothing

Twilight Turtle


Your gripe should probably be with Borg-Warner, as they build the various DSG boxen (apart from the Veyron one) for VW and a few other marques AFAIK. The six-speed wet-clutch one is supposed to fairly reliable when serviced properly but the mean failure rates for the earlier 7-speed dry-clutch ones seem to be a bit more worrying. Think there was a recall on over 1.5 million cars equipped with that box...

Man asks internet for $1k for pebbles. INTERNET SAYS YES

Twilight Turtle

Re: Whisky and water

I did one of the every-region tasting sessions at the Whisky Experience in Edinburgh when on the second day of a stag. The first bottle we sampled was a barrel proof lowlands, can't remember what. At a little over 60% ABV and after a night's worth of fairly heavy drinking, I was very glad to hear our (also young but spectacularly well-informed) guide suggest diluting it 2:1 whisky:water, which made it really rather pleasant. I did try some neat but it was pretty much all alcohol burn and no real discernible flavour. Even as a relative Scotch novice the difference was massive.

Never seen the appeal in adding any cooling assistance to whisk(e)y. All it seems to do is remove the majority of the flavour.

iPhone 6: The final straw for Android makers eaten alive by the data parasite?

Twilight Turtle

Re: An unsually poor comment

So, what you're actually saying is that Android handset makers are doomed because Sony and HTC are losing money hand over fist? I don't really think that's a fair conclusion given that they're hardly representative of the entire Android handset maker market.

Are LG losing money on their phones? Are ASUS? Huawi and the like are now selling in Western markets. What about the smaller, newer niche providers selling high-end products like Amazon, Xiaomi, Hisense, Sharp et al?

There are a myriad of reasons why Sony and HTC are in trouble, not least of all their failure to compete with Samsung and LG at the top end of the Android smartphone market and their lack of mass appeal.

Apple's ONE LESS THING: the iPod Classic disappears

Twilight Turtle

A little over 110GB of music...

...On my 160GB Classic, which is now getting on for 5 years old. So, what am I going to replace it with when it eventually, inevitably dies? It won't be my fixed- capacity, SD-card-slotless Nexus 5. I like having a dedicated MP3 player with at least a passable audio chip and long batter life (I can get about 35 hours of solid listening out of my Classic). Cowon X7? Not if the various stories of them bricking if you drain the battery are true. One of the various SD-card based ones? I rather resent spending between £50 and £500 on an SD card in addition to my music player, especially as the cheapest I can find a 256GB one is about £270.

A real shame.

Work in the tech industry? The Ukraine WAR is coming to YOU

Twilight Turtle

On the flip side...

...Anyone who works in the IT security industry should have plenty of additional work.

Six of the best gaming keyboard and mouse combos

Twilight Turtle

I've always struggled...

...to justify spending £60+ on a high-end mouse or keyboard from a big-name brand, purely because every single one I've ever bought has either been DOA or broken within a few weeks.

Corsair Vengeance K60- Worked fine if plugged in after the system had been booted, didn't work in the BIOS, didn't work if it was left plugged in. Bit of a pain when you have FDE, having to plug in an old Logitech every time you want to start the damn thing up.

Roccat Kone[+]- Great for about 3 weeks, then intermittently lost all of its settings and reverted back to the annoying "pulse" light mode every time I restarted. Managed to fix it by keeping a backup of all my settings and copy them over every time it broke, which was about once a week, for no discernible reason. Sensor then started playing up, RMA'd. The one they sent as a replacement snapped its scroll wheel pin after about a month of use. The replacement they sent for that one had a scroll wheel that didn't work at all.

Bought a cheap Perixx keyboard and mouse instead. The mouse in particular is more comfortable, better weighted, feels more precise and better built. Also cost about £20.

BMW i8 plug-in hybrid: It's a supercar, Jim, but not as we know it

Twilight Turtle


Double what Top Gear managed taking a Mk2 Prius on their test track.

I can't think of another petrol-powered "performance car" that would achieve 33mpg in traditional "performance car" style road testing. Can you?

Say goodbye to the noughties: Yesterday’s hi-fi biz is BUSTED, bro

Twilight Turtle

A million different

bells-and-whistles sound bars, wireless gadgets and all sorts of other largely pointless things, yet I can only think of a single company making sub-£250 powered desktop speakers that aren't utter shit.