* Posts by Phil Koenig

222 publicly visible posts • joined 26 Jul 2007


Germany advises citizens to uninstall Kaspersky antivirus

Phil Koenig

Re: Who do I trust?

Mister McAfee has been permanently uninstalled.

Phil Koenig

The Pecking Order

Vulture > Crow

Phil Koenig

Re: Just don't use ANY anti-virus

A modern AV engine will only do that scan ONCE - when it is first installed. (And all the OS files are already known and they have hashes for all of them, so they have no need to scan any of those either, unless their checksums don't match their database)

Subsequently it skips all the files it inventoried on first install/scan, because it vastly speeds up subsequent scanning and lowers resource usage. AV tool makers figured out this "trick" probably 20 years ago.

Phil Koenig

Re: Who do I trust?

This reminds me of SMTP admins that used to geoblock entire continents as their method of "anti-spam".

If the bad Russians really want to get you, your uBlock filter is not going to help you..

Phil Koenig

Re: Just don't use ANY anti-virus

I work in IT security too, and if you don't understand the concept of heuristic and behavioral detection that has been in modern AV tools for decades now, maybe you shouldn't be in IT security, AC #9315347...

Microsoft will adopt Google Chrome's controversial Manifest V3 in Edge

Phil Koenig

Microsoft: The Google Wannabe

Whether it comes to trying to track and data-mine everything you do with your computer, or working against your web freedom and privacy, Microsoft has become a big Google wannabe these days.

US Supreme Court Justice flames lower courts for giving 'sweeping immunity' to Facebook, YouTube, etc when it comes to harmful content

Phil Koenig

Careful what you wish for..

As bad as it has been in recent years where giant social media platforms have become megaphones for all sorts of 100% false and manipulative garbage, the alternative of having corrupt politician-du-jour decide what stays or what goes is probably even worse.

I've watched this debate going on for decades now, and politicians didn't care all that much one way or the other until they discovered occasional restrictions on their own armies of disinfo bots and nonsense-posting political provocateurs.

If any changes are going to be made they need to be done cautiously and with due consideration from people who understand the big picture cultural implications (and what is or is not feasible from a technical/platform standpoint), not idiotic self-serving politicians. At the very least some sort of community standards or board with a diverse membership should be involved in setting standards.

Far easier said than done.

Especially considering the fact that some degree of anonymity is still important for any sort of dissident. Nowadays you cannot even attend a political protest without being surveilled, face-recognition-matched, DNA-collected, GPS-tracked, etc etc.

Twitter Qracks down on QAnon and its Qooky Qonspiracies

Phil Koenig

Re: Wait what?

DoubleThink and DoubleSpeak are a central part of the US Republican party's disinformation tradecraft today. Quite a lot of their statements and positions are at direct odds with their actual acts and history.




Don't strain yourself, Zuck, only democracy at stake... Facebook makes half-hearted effort to flag election lies by President Trump

Phil Koenig

Re: If he does lose

Unfortunately they are so emotionally invested in the illusion he represents that they are extremely fact-resistant and prone to impressively deeply-nested levels of rationalizations. So those numbers of "core" followers are not dropping as fast as you might think.

The so-called "independents" that voted for him, however, are declining noticeably lately.

Phil Koenig

ALMOST wonder???

There is no need to wonder, it's been obvious for a very long time.

You are missing a few other elements but the ones you did include are correct.

If there is one actual skill that this man possesses it is in finding and manipulating gullible, not particularly intelligent people to serve his personal interests.

He certainly hasn't the slightest concern for anyone's interests but his own.

Ex-boss of ICANN shifts from 'advisor' to co-CEO of private equity biz that tried to buy .org for $1bn+

Phil Koenig

Re: It stinks...

Regarding your last paragraph, I simply want to know what entity I am dealing with.

If Google or Microsoft sees the need to create a slew of brand-new domains like awer9u8sdlfkjsdkfjhdf.com to serve web content, I view such a decision as inherently hostile, because they are a well-known organization that has no reason to do such a thing unless they're trying to hide something.

If I have a company name I can look up the company and decide whether their content has any use to me, is just useless/unneeded or is an actual potential threat.

So eg if I find out that their business is "behavioural tracking", their code goes to the bitbucket. If I find out that they are providing something actually useful like a web chat client that the calling domain (a known and legitimate company that I have an existing business relationship with) uses for a legitimate purpose like customer support, then I might not send it to the bitbucket, I might enable it on a day I actually need to use their support chat. Etc.

Phil Koenig

Re: It stinks...

I registered my first domain in 1998 as well and the information there is complete and correct as of this day.

Mind you, I don't put data in there that could directly endanger me or subject me to stalkers. Never had a single problem with it, maybe a dumb domain-switch solicitation mail or fax every once in a blue moon, that's about it.

I see basically ZERO reason for any legitimate business to hide behind a 100% redacted WHOIS record. If you are a legitimate business and not a scammer, you owe it to the public who may be roped into "doing business with you" simply because you're serving some dodgy JS on thousands of webpages that people encounter every day without any warning in advance that your lousy dodgy JS is going to be trying to get into their browser.

At the VERY least they should have their f'ing COMPANY NAME there. Would you buy stuff from an entity on Amazon that won't even tell you what the name of their company is or where they're based?? Would you buy a car or a pork loin from a reseller that won't even tell you who they are?? This is absurd.

For individuals of course it's different, if they don't have a business or mailing service address or a phone # that doesn't ring at their house or on their mobile then yes, I understand all that. I'm not talking about such people. I'm talking about companies who you are forced to "do business with" in the form of active online code, but which REFUSE TO IDENTIFY THEMSELVES.

As it stands today, the whole idea of WHOIS has been completely destroyed for all practical purposes. It seems that almost every new domain registered today is completely redacted by default.

I view this as just one example of how various parasitic entities have twisted the domain and IP address-space management bureaucracy in recent years towards their own profit interests and against the interests of the public at large.

Just like the subject of the article we are commenting upon.

Phil Koenig

Re: It stinks...

What has happened to ICANN, IANA and the Internet Society over the last 10+ years is horrible.

For example, because WHOIS records are now virtually useless due to so-called privacy provisions which are largely used by shady organizations trying to escape responsibility for their online activities, it takes me 5 or 10 minutes per domain to do research every time I see some questionable javascript that I'm trying to decide whether to let run in my browser or not.

My life as a criminal cookie clearer: Register vulture writes Chrome extension, realizes it probably breaks US law

Phil Koenig

Re: Alternative approach

I love this - call it a "Reverse EULA" - presented in the HTTP handshake with every website you open. :-D

Phil Koenig

That happens to be a legal requirement in the EU that they are complying with.

Phil Koenig

Re: My computer, my rules.

Considering the fact that Google isn't particularly interested in making it easy for people to circumvent advertising and paywall tech, don't expect much help from them in Chrome/Chromium (and all its forks) either.

Yes, it should not be easy for websites to ascertain if someone is using incognito mode. Or any other privacy/security enhancing tactic if the user so chooses.

Phil Koenig

Re: "Removed in v44"

"Ask me every time" became ridiculous on the web like 15+ years ago.

Nowadays the best strategy is use an extension that auto-deletes them, make the default "session only" and set the timeout after tab close to delete to ~60 seconds. (In case you're doing an e-commerce transaction or some other page that pops a new window to enter credentials in and then redirects back to the original page afterwards to complete the transaction with cookies carrying the login status)

Then just add the few sites you do need persistent cookies on as necessary and that's that.

Of course, now that we have reasonably effective cookie management tools, site developers are moving onto other mechanisms that don't rely on them, like local storage/DOM storage and browser fingerprinting.

Goodness forbid you're using a mobile browser, the choices there are bleak.

Twitter hackers busted 2FA to access accounts and then reset user passwords

Phil Koenig

Re: The need for passwordless WebAuthn and Yubikeys

I thought about getting a Yubikey for a while.

Until I realized how much it would suck if it was lost or stolen .

Phil Koenig

Re: There's something I don't understand

Being able to initiate a password reset is not the same as revealing the password in plaintext on someone's monitor.

Initiating a password reset shouldn't be an inherent risk for an admin to use unless they control the account that the reset request is being sent to. (Or they are using an idiotically insecure channel like SMS to send the unencrypted password reset request)

On the other hand, if a user asks an admin to both reset a password and disable 2FA simultaneously, that should probably require A) some additional info from the user, and B) get a supervisor approval of some kind before being allowed, and probably the account in question should be closely monitored for a while, too.

As for Twitter not being open, I think it's clear that they are not, despite their claims. If they were actually being open, they would have defined what this "small number" of admins actually means, what positions they held, and more details about how they were pwned.

Phil Koenig

Re: Karmic Justice for this incompetence

People have had years to "wakeup", yet they seem to be getting stupider and stupider about such things.

Education and aggressive policing of the massive online disinformation programs that are going on these days would be helpful.

As would actual criminal penalties against any business that causes damage to customers or the community, either willfully or unknowingly. If you own a building that flouts safety regulations and which blows up and injures people living next door, the same principle applies.

Unfortunately in the US, Profit is King, so there is rarely any political will to write and enforce such cyber-laws. Especially since technology-ignorant politicians can't even imagine what the potential problems are until they have already left a trail of destruction.

Phil Koenig

Re: Dodgy

Doesn't help much if the miscreants had access to internal Twitter admin control panels and just disabled 2FA temporarily.

This whole matter is an unmitigated disaster.

Phil Koenig

Karmic Justice for this incompetence

Not just one but apparently several Twitter employees were socially-engineered to share or compromise their admin credentials which have access to super high-profile accounts?

Is this some kind of bad joke?

Maybe it's karmic justice for being one of the top 3 enablers of the current POTUSCLOWN.


Linux Foundation starts new group to build pandemic-popping software

Phil Koenig

The right tool for the job?

"When the only tool you have is a hammer, everything looks like a nail."

Give technocrats a problem, and they will propose a technology "solution" for the problem.

I suspect old-fashioned contact tracing is at least as efficacious, and I don't have to worry about incompetent/cavalier developers that make stuff that violates my privacy far more than necessary to accomplish the job. (Eg, anything with links to any Google framework is already highly suspect.)

Phil Koenig

Re: Correct me if I am wrong

Given all the money in recent years that has been thrown at Linux players, I'd say you are not wrong.

Linux has been corporate-mainstreamed, with all the usual trappings.

Twitter admits 130 A-lister accounts compromised to promote Bitcoin scam after 'social engineering' attack

Phil Koenig

Re: Your passwords are safe - phew!

The attackers apparently did 2 things on the targeted accounts with the admin creds they gained access to (apparently via social engineering), which are standard admin tasks:

1) Disabled 2FA if enabled

2) Reset the associated email account to an account under their control

Once they had control of the linked email accounts (and with 2FA disabled) they could send password reset requests and at that point they effectively owned the accounts.

None of that discounts the fact that Twitter is incompetent here - in fact I think they are grossly incompetent.

And this also highlights the folly of making access to a particular email address a critical part of any account's so-called "security".

It's not much better than your bank giving someone else access to your account if they are wearing the same brand of shoes you wear.

Literally rings our bell: Scottish eggheads snap quantum entanglement for the first time

Phil Koenig

I went to the island of Doctor Moreau...

Who showed me a vision, and it looked like... love?

Cough up, like, 1% of your valuation and keep up the good work, says FTC: In draft privacy deal, Facebook won't have to change a thing

Phil Koenig

I'd be more supportive of the fine if it could be earmarked for specific purposes, not to include military budgets..

Phil Koenig


Ron Wyden is a rare jewel amongst the cesspit of US politicians these days, and one of the few consistent defenders of personal privacy. In an era where we are constantly bombarded with propaganda trying to convince us that privacy is an old-fashioned concept.

As if.

Brilliant Boston boffins blow big borehole in Bluetooth's ballyhooed barricades: MAC addy randomization broken

Phil Koenig
Black Helicopters

Re: Isn't the real flaw...

One WiFi privacy tool I use on my phone uses the GPS to ascertain if you are near a known network or not before it attempts to connect. (Rather than the usual practice of constantly broadcasting and looking for a known network)

Perhaps something like that could be applied to Bluetooth. (Of course, all the privacy-invasive things people like to use Bluetooth for - like retail BT beacons and such, would stop working. A feature, not a bug..)

Phil Koenig

Bogus funeral plans

I've been a user here for years and I see no evidence that it has lead to sales calls or emails from anyone.

Here's a coin, try again.

Dodgy-govt fave FinSpy snoopware is back and badder than ever for Android and iOS kit

Phil Koenig

Re: Factory Fresh? From a mobile provider?

Unfortunately Verizon's network, while probably the best run in the US, is rather unique.

So the majority of phones that work elsewhere won't be fully operable on Verizon's network. (Due to, among other things, its unique LTE spectrum and usage of IS-95/IS-2000 ["CDMA"] technology for fallback voice and SMS)

NASA smacks an Orion into the water with a successful Ascent Abort-2 Test

Phil Koenig

Re: Stumpy...

It doesn't look "right" because it's more or less just the top of the final launch stack, equivalent to the 2nd stage, a dummy crew module, and the Launch Abort System. (LAS - the little tower on the top, which is what they were primarily testing today)

This is what the completed launch vehicle will look like during the first stage of the launch:


Don't worry, Eugene Kaspersky. Acronis is just busting a security move...

Phil Koenig

Re: Acronis headquartered in CH, support in Singapore, yet everyone on devel staff is Russian?

@elDog - you beat me to it.

I thought the article was going to talk about the fact that Acronis and Kaspersky were going to do some kind of partnership or something.

Because Acronis was indeed founded by a bunch of Russian guys.

Lots of companies seem to move their official headquarters around to more geopolitically blasé locations to avoid cuing-in the public about their national roots, particularly when that's a place that isn't very popular at the moment...

Here's how we made a no-fuss RSS vulture app using trendy Electron

Phil Koenig

A headline lister?

I've been using RSS for quite a few years and a "headline lister" sounds fairly pointless to me.

The whole reason I use RSS readers is to avoid all the garbage on the original webpages, and to reformat the pages into something that doesn't blind me. (I pretty much despise blinding white backgrounds on anything I have to read much of.)

I realize this may sound like some kind of declaration of war to those whose salaries depend on website advertising, but if I wanted to load all the scripts, images, tracking nonsense, ads and other junk just to read a couple of paragraphs for each article of interest I would just go to the original website and forget about RSS.

Julian Assange wins at hide-and-seek game against Sweden

Phil Koenig

Re: So, are the Swedes going to pay

If you honestly think that the UK spends millions of pounds and 5 years of 24-hour baby-sitting for every bail scofflaw in the country then I think it's time to go home and dry out.

Phil Koenig

Re: Entertainment

Re: Assange's "selectivity", of course it would never have occurred to any of his numerous bitter critics who made their mind up about him the moment they heard all that state propaganda about him and never bothered to look at the details.. that he might actually be protecting Edward Snowden by not going full-tilt against Russia at the moment?

Or that Russia is one of the very very few countries in the world (2 or 3 at the most) which has the power and capabilities to a) keep Snowden away from US clutches, and B) provide some kind of platform to someone like Assange (eg via RT) who is persona-non-grata anywhere the US has significant influence? Does anyone in their right mind think that the BBC is going to provide Assange with a neutral platform from which to criticize western countries?

Most of the shrill critics from what I can tell basically decided whether they like him or not based on whether he leaked anything on their buddies recently and what their favorite politician tells them to think. The US Republicans hated him and Wikileaks with a passion for years and were incessantly braying for his head until Wikileaks released some damaging material on their political foes that ultimately helped them win the election, whereupon they all kissed and made up and got on the Wikileaks bandwagon. Pathetic.

Phil Koenig

I just love these people whose minds were already made up 5 years ago

This is the most ridiculous international legal case I have ever seen.

Sweden issues an international arrest warrant for a guy who had already been cleared to leave their country after they questioned him on Swedish soil the first time around. Then after he leaves the country they decide to re-open the matter - likely after back-channel pressure from one of those exclusive club-members with 5 eyes.. The way they've been after him you'd think he blew up the Swedish parliament or something.

Assange and his legal assistants offered many many times over the years to speak to the Swedish prosecutors, but they refused to take a plane flight to the UK to do so and instead created this ridiculous circus where the cost for the UK to babysit him all this time has probably exceeded 1000 times what the cost of traveling to London would have been to interview the guy who they claim they "do not have physical access to". (Yeah, I suppose that's code for "physical access to kidnap him, chain him to a wall and send him for US-style "extraordinary rendition"" in one of those peachy "black sites" the US loves to use when they want to avoid the inconvenience of legal and publicly-known detention.)

The Swedes waited something like 5-6 years before they bothered to travel to the UK to interview him and then a few months later they drop the case.

It's ridiculous, it's absurd, he should be a free man.

Operator of DDoS protection service named as Mirai author

Phil Koenig

False Flag??

The bot master could also be framing the anti-DDoS company to take down a company that undermines their attack effectiveness.

Antivirus tools are a useless box-ticking exercise says Google security chap

Phil Koenig

Re: If Only Google Could Get A Handle On Their Own Security Problems

Re: paragraph 2 - various third party apps can do all of that.

Some of them may require the device to be rooted.

Phil Koenig

Re: Real life testing

And yanno what's funny about using VirusTotal to do your malware check?

Google owns it. :D

Phil Koenig

Trendy targets

It's trendy to bash antivirus (especially when you have your own axe to grind), but it reminds me of all the dimwits who breezily proclaimed on January 1, 2000 that the Y2K computer problem was obviously a big hoax because the world didn't come to an end that day. (Conveniently forgetting that the world had spent decades and billions of dollars/pounds updating everything precisely so that would NOT happen.)

Oftentimes when a security measure is this ubiquitous people in ivory towers who have enough advanced knowledge and skills that they don't personally need to rely upon such measures make dumb sweeping proclamations about everyone else.

I haven't used A/V on most of my personal boxes for decades (except Android where eg the available web browsers are too unsophisticated to be capable of being configured securely and Google has a lousy track-record of letting malware/spyware into its appstore), but I would never dream of advising one of my clients to do the same.

IBM: Yes, it's true. We leaned on researchers to censor exploit info

Phil Koenig

Conflicted on this

I sympathize with both parties. A company in IBM's position can absolutely have a legitimate concern that keeping the worst parts (eg exploit code) offline during the initial disclosure will prevent some of their customers from being exploited. Perhaps after some nominal timeframe they can "un-embargo" it.

And while full disclosure is a nice philosophical goal, I've seen more than my fair share of "security researchers" over the years who seem more determined to make a name for themselves by releasing documentation and tools to facilitate widespread malicious behavior via copycats than they truly seem interested in improving the security of the digital world.

I don't know what category Maurizio Agazzini comes under. But likewise, not every company that thinks in the way IBM is here is automatically some cartoonish caricature of the sleazy, profit-hungry monster that only cares about their bonuses and golden-parachutes.

Level 3 goes to Level 0 for American VoIP peeps

Phil Koenig

Yes, coincidence.

Given that OVH is one of the very largest hosting providers in the world (especially free or cheap hosting, thus they have more than their share of miscreants as customers), and given that Level3 operates one of the very largest "Tier one" transit networks in the world - statistical probability suggests that yes, it was probably a coincidence.

FBI overpaid $999,900 to crack San Bernardino iPhone 5c password

Phil Koenig

Re: Not really comparable

Then you may want to have that olfactory sampler of yours examined for proper function.

All it would take is a casual look at my comments here over the years (including other ones right here in this thread for you to figure out just how wrong you are about that.

Phil Koenig

Re: Not really comparable

I'd say there's a good chance I started soldering electronic things together before you were born, given the demographics of this website.

So yeah, I'm a total beginner at this stuff.

The statistical risk of damage to a $10 surface-mount component when attempting to de-solder it from a circuit board is exactly the same whether it's one of a dozen junk phones you are casually tinkering-with in your garage or a key piece of potential evidence in a massive and highly time-sensitive international terrorism investigation where failure is not an option. (Which for some reason you have also been asked to perform in that garage lab of yours)

But the stakes in the latter are about 1,000,000 times higher. Which is why you don't send such high-value evidence to tinkerers to play around on in their garage lab for 6 months. And the price of such an operation varies accordingly.

Phil Koenig

Re: This is - at best - a temporary solution.

Actual high-security/low-production devices such as those used in top-secret roles eg military and by national-security officials, often have just such countermeasures.

But it would be corporate suicide for a company to build a product that sells at the scale of hundreds of millions per year, which is essentially 100% un-repairable.

Especially since the vast majority of end-users don't give a rat's behind about security and privacy anyway. (If they did, companies like Facebook wouldn't exist)

Phil Koenig

Re: Not really comparable

Re: "Not so amateur"

What you offer as 'proof' says that he's an academic, not a professional forensic technician.

As I wrote previously, the constraints of an actual, high-profile forensic investigation of a very high-profile, high-value piece of evidence are vastly different than what a guy tinkering in his home lab (while probably destroying many phones in the process) are under. Has nothing to do with his smarts or abilities, has everything to do with A) being able to guarantee success within a certain timeframe, and B) being able to guarantee that even if he doesn't succeed, he doesn't destroy the evidence in the process.

For every Skorobogatov that proudly announces he's come up with a successful hack, there are probably at least 100 people that tried and failed. Which one of those 100 should the FBI have hired instead of Cellebrite or whoever they did hire? John McAfee? :D

And how much was it worth it for them to have an answer in March, rather than waiting 6 months for the tinkerer to come up with a successful hack?

Skorobogatov claims it took him 4 months, but it's nearly 10 months since the FBI got their hands on Farook's iphone.

Swedish appeals court upholds arrest warrant for Julian Assange

Phil Koenig


For a certain class of person, the only possible explanation for a person who has revealed widespread injustices, lies and governmental abuses and thus rattled feathers in high-places (and is therefore on the run from governments determined to punish him for that) is that he is a self-aggrandizing attention seeker.

I think such pre-determined conclusions say more about their worldview than his.

Thank goodness for so many of those "attention-seekers" over the millennia that had the perspicacity and conviction to force society to make important changes that ultimately became the human race's heroes.

But no, in this case, we keep hearing instead that he's just an "attention seeker".

If so, that's an attention-seeker we could use more of.

Phil Koenig

Re: Ah, yes, the famous "afraid of the US" bogeyman.

Actually the Swedish allegations have always been weak and questionable, and the Swedes already had a chance to question him about the allegations, which they did, and they cleared him to leave the country.

Sorry but for those who have actually reviewed the actual history in detail and who don't have some kind of in-built bias against the guy, the whole matter stinks to high heaven.

Yelp wins fight to remain morally bankrupt

Phil Koenig

Re: Calling the El Reg Detective Agency!

"...any links to actual evidence that Yelp offers such quids pro quo?"

Yes, they do. But here's how they do it:

At the top of every review today, Yelp now proudly states:

" Your trust is our top concern, so businesses can't pay to alter or remove their reviews. Learn more."

Classic weasel-words.

No, they don't technically "remove" negative reviews, they hide them. Which is the go-to tactic these days for online "review pages": the vast majority of people do not have the motivation or drive to seek out anything but the stuff right at the top of any page they are viewing. If a company like Amazon or Google Play systematically put the positive reviews of a product or service right at the top, 99% of people will never read anything but those positive reviews.

SO they hide the ones their advertised businesses don't like. Take a look here: http://imgur.com/a/qaEjB

That's an example from today, using a desktop browser. Note how they hide the bad reviews and call them "Not Recommended", at the very bottom of the page (there are 20 reviews per page) in small, faint grey text with a tiny dropdown button. And I'm not sure that "unhide" feature is even available to people using a mobile to view reviews. (Probably the majority of Yelp users these days)

Sleazy, absolutely. Pity it's not thought of as illegal here in Capitalism Central.

I remember the days when Yelp was much more useful. Now you have to be very careful to not get misled by the reviews.