* Posts by DanielR

54 publicly visible posts • joined 7 May 2015

Page:

Parler games: Social network for internet rejects sues Amazon Web Services for pulling plug on hosting

DanielR

For 95 comments a whole service is removed from AWS ! Nice excuse !

This is what it takes to give the authoritarians leverage. While Twitter was used to incite deadly coup riots by fake journalists and even right winger Demoncrats that murdered black kids. Biden was bailing them out. Twitter was used as a platform for Mi6/NATO/Biden's Al Qaeda and Daesh terrorist coupsters. Mccain's picture with them is still up !

DanielR

Rejects ? OK Five Eyes MI6 authoritarians

If you really don't see the precedence here you are part of the problem authoritarian right wingers. "rejects" ? For real. PURGING DISSENT you ratbags.

Journalists even Assange's mum has lost followers and are being purged. For something that was staged theatre by COPS, a coup against themselves ? LOL. The Mi6 and Biden committed deadly coups against Libya and Syria arming Jihadist terrorists who rape, torture and kill people. Who were also given a platform on Twitter. Fake journalists were inciting the arson of buildings all over Twitter for their failed coups which led to 50 murders including black kids. Biden sent millions to Neo-Nazis in the Ukraine for their dodgy proxy wars and they murdered activists in Odessa.

I'm sick of these authoritarians and looking to move away from AWS because of it. I'm migrating to protonmail which is GPG encrypted email.

Losing credibility, are you Five Eyes or what ?

Brexit trade deal advises governments to use Netscape Communicator and SHA-1. Why? It's all in the DNA

DanielR

Biometric data has been stolen already because of all this

"The fingerprints of over 1 million people, as well as facial recognition information, unencrypted usernames and passwords, and personal information of employees, was discovered on a publicly accessible database for a company used by the likes of the UK Metropolitan police, defence contractors and banks.

Suprema is the security company responsible for the web-based Biostar 2 biometrics lock system that allows centralised control for access to secure facilities like warehouses or office buildings. Biostar 2 uses fingerprints and facial recognition as part of its means of identifying people attempting to gain access to buildings.

Last month, Suprema announced its Biostar 2 platform was integrated into another access control system – AEOS. AEOS is used by 5,700 organisations in 83 countries, including governments, banks and the UK Metropolitan police.

The Great Hack: the film that goes behind the scenes of the Facebook data scandal

Read more

The Israeli security researchers Noam Rotem and Ran Locar working with vpnmentor, a service that reviews virtual private network services, have been running a side project to scans ports looking for familiar IP blocks, and then use these blocks to find holes in companies’ systems that could potentially lead to data breaches.

Advertisement

In a search last week, the researchers found Biostar 2’s database was unprotected and mostly unencrypted. They were able to search the database by manipulating the URL search criteria in Elasticsearch to gain access to data.

The researchers had access to over 27.8m records, and 23 gigabytes-worth of data including admin panels, dashboards, fingerprint data, facial recognition data, face photos of users, unencrypted usernames and passwords, logs of facility access, security levels and clearance, and personal details of staff.

Much of the usernames and passwords were not encrypted, Rotem told the Guardian.

“We were able to find plain-text passwords of administrator accounts,” he said.

“The access allows first of all seeing millions of users are using this system to access different locations and see in real time which user enters which facility or which room in each facility, even.”

“We [were] able to change data and add new users,” he said.

This would mean that he could edit an existing user’s account and add his own fingerprint and then be able to access whatever building that user is authorised to access, or he could just add himself as a user with his photo and fingerprints.

In the paper about the discovery provided to the Guardian before being published by vpnmentor on Wednesday, the researchers said they were able to access data from co-working organisations in the US and Indonesia, a gym chain in India and Sri Lanka, a medicine supplier in the United Kingdom, and a car parking space developer in Finland, among others.

The researchers said the sheer scale of the breach was alarming because the service is in 1.5m locations across the world and because, unlike passwords being leaked, when fingerprints are leaked, you can’t change your fingerprint.

“Instead of saving a hash of the fingerprint (that can’t be reverse-engineered) they are saving people’s actual fingerprints that can be copied for malicious purposes,” the researchers said in the paper.

The researchers made multiple attempts to contact Suprema before taking the paper to the Guardian late last week. Early Wednesday morning (Australian time) the vulnerability was closed, but they still have not heard back from the security firm.

Chinese cyberhackers 'blurring line between state power and crime'

Read more

Suprema’s head of marketing, Andy Ahn, told the Guardian the company had taken an “in-depth evaluation” of the information provided by vpnmentor and would inform customers if there was a threat.

“If there has been any definite threat on our products and/or services, we will take immediate actions and make appropriate announcements to protect our customers’ valuable businesses and assets,” Ahn said.

Rotem said the problem wasn’t unique to Suprema.

“It’s very common. There’s literally millions of open systems, and going through them is a very tedious process,” he said. “And some of the systems are quite sensitive.”

He said supply chain vulnerabilities – where a company uses a third-party company for a service that doesn’t have appropriate security – was common but often some of the vulnerabilities discovered were with Fortune 500 companies.

Rotem said he contacts around three or four companies per week with similar issues. Earlier this year, Rotem pointed out a substantial flaw in Amadeus’s flight booking system.

“Mistakes happen, and the real test is how you handle them,” Rotem said. “If you have a security team that can respond quickly and efficiently it’s good enough. If you have a security team that will send a legal team to threaten you, well, it’s less efficient.

“And this happens quite a lot. It’s unpleasant for someone to point out you have a vulnerability or weakness. Some people take it as an opportunity to fix it and some people are offended by it for some reason.”"

Twitter hackers busted 2FA to access accounts and then reset user passwords

DanielR

The need for passwordless WebAuthn and Yubikeys

Twitter has been too busy censoring and shadowbanning than implementing secure U2F / WebAuthn 2FA

Too hot to handle? Raspberry Pi 4 fans left wondering if kit should come with a heatsink

DanielR

Noctua fans required.

Decoding the Chinese Super Micro super spy-chip super-scandal: What do we know – and who is telling the truth?

DanielR

The very people making the accusations like the NSA have been caught planting malware into Cisco hardware. The BMC have their own port and embedded operating system and web console seperate from the motherboard. I had one myself for a Sun server they called it Lights Out Management.

Nobody in their right mind would have this unprotected without behind a vpn / firewall. I can tell you this gets brute forced.

The level of effort for little gain is a dead give away. If the BMC isn't even connected then this hack is useless too. I am not sure if it's part of the motherboard or a daughterboard as the Sun server's was.

I can only presume it's seperate and "isolated" although it gives you full access to the server terminal like a keyboard and monitor. To configure the bios and power cycle etc.

But what is for sure they think because it's a remote console, and mention malware plant, they think people will automatically believe them. I want to see packet inspection logs !!

Better late than never: nbn™ DOCSIS 3.1 upgrade starts

DanielR

They claim the upstream has been the problem for years not the actual coax and Foxtel stealing most of the channel bandwidth !!

DanielR

I find it amazing. They are trying to implement snake oil to cover up the need to split nodes. Sorry, you are going to have to do that too.

This is not going to fix the connection problems I have experienced with both Telstra non NBN HFC and TPG NBN HFC.

Telstra - Extremely random disconnections without warning which could take anywhere between 3 hours, 6 hours or 3 days to reconnect !

TPG - Daily PPPoe disconnections. About 10 per day for 5 minutes each. Modem lights not flashing. You can't even login to a console to check a status with Arris.

Just reduce all this complexicity and provide full FTTP direct to a SFP port on an EdgeRouter FFS. Stop mucking around with experiments and provide a professional connection.

'Fibre broadband' should mean glass wires poking into your router, reckons Brit survey

DanielR

NO KIDDING. EdgeRouter-X SFP ONLY. I've been saying this all along.

https://community.ubnt.com/t5/EdgeMAX-Stories/EdgeRouter-X-SFP-is-Super-Versatile-for-airMax-to-Fiber-install/cns-p/1305124/page/2

Russia appears to be 'live testing' cyber attacks – Former UK spy boss Robert Hannigan

DanielR

The UK and the NSA are the masterminds behind cyber attacks themselves. They are not a credible source. Ransomware attacks using NSA malware have hit many of our government servers here. Because they are outsourced too.

Whois? Whowas. So what's next for ICANN and its vast database of domain-name owners?

DanielR

ICANN has been facilitating cyber criminals the entire time. There is no regulations on registrars whatsoever even though you pay the extortion fee to them and which isn't even quoted anymore so likely hiked. And criminals can buy up bulk domains with fake details. In the past it was using yahoo addresses. Now they can cover themselves up with private registration.

These criminals in the EU are a farce too. There is private registration. And they themselves collaborate with the US to commit mass hacking and spying and even hack each other although the US spies on the EU the most.

I still call for ICANN to be disbanded. We wouldn't have malware phishing sites if it wasn't for them.

Sysadmin hailed as hero for deleting data from the wrong disk drive

DanielR

Amazing story and very funny hahaha.

Must be Get Data Back. Not many can recover full paths and names as getdataback can.

4G found on Moon

DanielR

As if the snake oil radios scam couldn't be even more of a joke.

This explains the joke exactly. HD lol.

"The base station should be able to broadcast 4G using the 1800 MHz frequency band and send back live HD video feed of the Moon's surface, which will be broadcast to a global audience via a deep space link."

nbn™ to ISPs: share your speeds or we'll share 'em for you

DanielR

They have yet to expose they have stuffed up with the HFC gamble. After just realising hardly anyone is connected to it. No HFC lead in ? no NBN let alone no non NBN HFC. They have to dig trenches too.

DanielR

So they are going to release data exposing they stuffed up and the copper wires was always the problem ?

I have attempted multiple times to get information on the areas that got FTTP and they have refused. Trying to cover up their fraud.

So NBN. Be my guest. Expose how trashed the dialup tin can network is.

Massive US military social media spying archive left wide open in AWS S3 buckets

DanielR

I don't believe they scrape. I believe they exploit security holes in the Facebook API. They just need the profile ID.

Live blog: Fired FBI boss spills the beans to US Senate committee

DanielR

Voting machines have been hacked in many elections for years. I bet they have no answer why people were having Clinton being chosen for them or the voting count discrepancies ? They hack them themselves.

I would concentrate on the payments to Flynn from turkey and Russia instead. There was no hacking. The CIA and NSA are the cyber criminals here.

DanielR

Asking to cover up foreign bribery. This guy was taking payments from Turkey to influence foreign and military policy. Trump asks to cover it up.

Trio charged with $4m insider trading by hacking merger lawyers

DanielR

"The defendants are charged with targeting at least seven top international law firms with offices in New York, which advised companies on corporate mergers and acquisitions."

That mass spying is working well I see. Can't even allocate money to build up defences it all goes to spying on civilians.

Security! experts! slam! Yahoo! management! for! using! old! crypto!

DanielR

Execute the ignorance. But where would the salt be coming from considering it can't be stored as a config on the server and it needs to be recoverable for database lookups ?

I meant if that salt is stored in a config that would be the first place to look on the server,

Botched Microsoft update knocks Windows 8, 10 PCs offline – regardless of ISP

DanielR

I also tried drastic things like reinstalling the wifi client driver. Going into settings and choosing "Network reset" both fixed the problem temporarily. But then drops off again. Why would it be trying to refresh DHCP like that ?

DanielR

That's it. What a head fuck nightmare. I was trying to fix someones issue. The router is crap and provides no detailed logs. Neither does windows.

It would fail to connect to wifi so unlikely able to get IP after authentication.

So static ip is the way to go.

#Censusfail Australia: Not an attack, data safe, no heads to roll

DanielR

They mentioned router fell over, which means their only hardware load balancer fell over with no backup.

The choice of server software is not going to scale well either.

IT analyst: Oz census data processed as plain text

DanielR

OK people. Here is in point form what I consider a maybe breach of security and privacy. Pretty much setting up people to be targeted not only by corporations but criminals.

1) name

2) address (they ask about the address multiple times even though the code and form has the address in it. lol

3) How much they earn

4) The workplace name

5) The workplace address

6) A persons business name.

I don't believe there is a single question in here that is useful whatsoever for planning. A massive waste of $500 million. A wasted opportunity.

We should see truthful information here like how much people spend on food, debts with banks, debts with utilities, how shit their faulty copper NBN is, housing affordability, multiple pages on health, etc etc.

The bulk is asking useless information that breaches personal security and has no worth whatsoever other than corporate and criminal interests.

The Christian lobby will find it useful where to attack and infiltrate next in areas with large amount of "no religion" responses.

DanielR

If they want to embrace technology in this "digital government" they should be using blockchain. Countries like Estonia use this for voting and government stuff.

The system is not secure whatsoever. No bot should be able to access it for instance. They have remotely loaded javascript and the client code is not scrambled.

I chose paper. They want very detailed information not just name and address, but names of people not at home. Name of employer, their address, the name of your business then of course how much you earn. No relevance to "planning" whatsoever.

Sure outsourced ATO companies now get all this info so more chance of breaches but so will criminals.

No questions whatsoever about health, debts, housing, internet.

DanielR

Take note unscrambled javascript. Everyone can see it. Not secure whatsoever.

I already told them about that. And they did the same mistake as the I-vote system and remotely load jquery files on the google cdn haha.

The Australian Bureau of Statistics has made a hash of the census

DanielR

Someone mentioned BOM. Their cloud servers were infiltrated and hacked by the Chinese. This will be the same.

DanielR

Damn Straight.

"If two data sets – the Census and the Pharmaceutical Benefits Scheme, for example – contain enough data points to consistently identify me, then a hash of that data would work just as well for anonymous analysis.

Richard Chirgwin with a date of birth and an address will produce the same SHA-256 key (c2483d63179b71b37334f730385272c81b5d6bd3ae6edffb49234cfeb7f7d9a6, I just tried it) no matter the source system – but the hash cannot be reversed to deliver my personal data."

Hash keys as I've been carrying on about.

The fact they made an excuse about using names as keys proves they need it for corporate data mining and scope creep.

The fact they can't manage and design databases properly proves how hopeless they are.

Then the data breaches come rolling in.

Telstra's CRM system breached competition undertaking: ACCC

DanielR

These mafia thug criminals are not only thieves of public money but a security risk.

Australian government urges holidaymakers to kill two-factor auth

DanielR

If Mygov is one massive outsourced security hole full of sql injection exploits I wouldn't expect anything less.

Sued for using HTTPS: Big brands told to cough up in crypto patent fight

DanielR

PATENT TROLLS ARE HOPELESS AND THIS IS HOW THEY TRY AND MAKE THEIR MONEY. THEY ARE LUDDITE. I HOPE THEY GET COUNTER SUED FOR WASTING TIME.

It's almost time for Australia's fibre fetishists to give up

DanielR

Until it rains and you have to wait weeks for a repair like you do currently. Businesses have had to wait months for line repairs. "Up to" is also a scam. You either get it 24/7 or you don't.

I will be paying the extortion costs of $3000 to get fibre connected.

They will be not replacing the telephone line, you know the one that causes most people's problems to the pits. They re-patch you at the pit to a non noisy line that goes to the pillar. I don't doubt for a second there is any usable lines left.

Stop kidding around, unless we're talking ethernet cables as copper. 100 year old cables in my circumstances you have to be kidding me !

Also to rejog your memory

https://delimiter.com.au/2012/04/30/fttn-a-huge-mistake-says-ex-bt-cto/

https://delimiter.com.au/2012/06/29/330mbps-bt-extends-fibre-from-node-to-premise/

BT is moving to FTTP. Only 1% of users can get 75mpbs . JOKE ! Disruptor and economy killer !

Telstra passes on NBN billions, plays it safe

DanielR

Not even Telstra want to go into the hornets nest because they know.

DanielR

Good at economics I believe. This is what Turnbull has given you just to avoid fibre. Replacing the copper with copper. ADSL services.

New NBN build plan full of linguistic holes that will explain away delays

DanielR

It's so they can say something is happening without doing much at all. That is why they bought back the HFC which was due for being decommissioned. To slap something together and call it an NBN that has no upgrade paths to fibre or will have to be upgraded to fibre at more costs.

It's electoral fraud.

NBN cost blows out by at least AU$10bn and FTTN isn't launched yet

DanielR

The man has absolutely no credibility whatsoever and has absolutely no idea what he is talking about.

What they do have an idea about is under estimating their costs to take to an election of course !

They won't deliver, they blasted all their money on the HFC buy back, they will need billions to setup new infrastructure to accomodate deprecated assets, there will be no money left for Docsis 3.1 or Gfast which they said from the start it would be a future upgrade. Which will never happen because they will be kicked out by then.

They will be kicked out and we will get fibre again.

NBN Co yet to make a single fibre to the node connection but is eyeing off G.fast

DanielR

Do the UK have GFast installed already ? You know the scammy noise reduction technology because noise is prevalent to begin with ? If so they found only 1% of users can reach 75mbps. Con job much ?

I believe all these fancy upgrades for redundant technology is a waste of time and money considering it will not benefit much at all.

HFC is a problem because Foxtel consumes 60% of the channel bandwidth. They would have to take channel bandwidth back to give us 1gps and that is 1gps "whenever it's available" The whole thing is going to come crashing down when they force people from crappy copper to more expensive cable.

Fixed wireless so many people I hear complain they can't get connected because they are not in line of sight so a massive hopeless scam. Stop gap measure and an abomination let alone insecure and no doubt noisy too ?

Telstra offers six explanations for its dud Netflix rating

DanielR

Telstra's SLA is Foxtel and voice first only. They couldn't give a damn about internet let alone fixing a downed connection in a timely manner, more like expect weeks downtime. Why else are people stuck on dialup technology and copper ;)

Great, we all want 5G mobile broadband. Now just how are we gonna wire it all up?

DanielR

They need to stop this fantasy that LTE will replace fibre. Stop mucking around and provide fibre to all premises should be the goal.

We all know how crap wifi is for starters. The noise is just almost impossible to deal with and an abomination. I will be wiring up my house with ethernet !

Mobile data is insecure also not just unstable , and can't scale.

The slow strangulation of telework in Australia

DanielR

on HFC too but not timeouts just completely disconnects when it rains. The connection issue takes out the modem which needs to be rebooted, the bridged ip console becomes unresponsive !.

Not entirely helpful for someone who doesn't know what they are doing.

I have to send large projects that I rar up of course. If Im waiting to receive a delivery from an ADSL connection it could take days. rar projects could be between 200mb for sound mixes crunched up to gb's. Sending on HFC is much faster than ADSL but still sluggish even using btsync.

If you use dropbox for instance, I believe it is uploading to S3 virginia therefore regular timeouts and very slow compared to uploading to S3 sydney. Use bit torrent sync always.

I cannot wait for the day for 1000/1000 business needs this ! Business also needs a connection that stays up especially when it rains ! I have lost time and money dealing with downed connections in the past.

Fujitsu shrinks SMB file transfer metadata traffic jams

DanielR

CIFS + SAMBA == VPN right ? Network shares over WAN farout.

I saw this possibly differently. Could this not open up to other areas like HTTP ?

Excuse the ignorance. It did say cloud, therefore files served over CDN's. Segmented files for instance therefore Mpeg Dash speed up ?

At least how CDN's handle fils but S3 is an object system so maybe this doesn't relate to them ?

United Nations sends peacekeeping forces to Internet of Things war

DanielR

Obviously no mention of security. That is going to work out well for them once people get their devices turning on remotely because it's open to the public through their routers. Or sensors going nuts because someone has jumped onto the insecure wireless communications. All this needs to be taken into account. I don't believe any access should be opened up unless it's ip filtered.

Kaspersky says air-gap industrial systems: why not baby monitors, too?

DanielR

I believe the issue with the baby monitors is that crappy home routers are designed to open upnp ports which is exactly what was happening. Turn that shit off and don't use crappy routers.

This is the problem. Most people are supplied crappy routers trying to promote AC wireless as something that will improve their internet speed on their crappy copper when in reality their machine probably can't even work on AC. People don't upgrade their firmwares and neither do the ISP. It's their job to maintain them I reckon unless it's BYO.

I use a wifi passport generator and then to get that onto devices I use QR code readers. Getting the password onto the PS4 is still stupid though ! Turn mac address filtering on too.

Is that a graphics driver on your shop's register – or a RAM-slurping bank card thief?

DanielR

Is that how they did it !

And guess what ? They put one single lone guy to the task to track down the Bulgarians who did it.

Says it all while the NSA are concentrating on spying on their own population they leave the country exposed to cyber attacks and all that black hat firepower can't even thwart them. National security my ass. Cyber security is a national security risk obviously.

This is down to a few things.

Windows XP. POS systems connected to other windows systems on the network and not isolated. Surely there has to be a way to fully isolate everything and should never be connected to other windows machines on a LAN !

Obama issues HTTPS-only order to US Federal sysadmins

DanielR

Black Hat Barack ! classic !

Didn't they brag about cracking SSL and VPN encryption ? Is this an irony ? Are they bluffing ?

These black hat criminals are certainly sick that is for sure.

Undetectable NSA-linked hybrid malware hits Intel Security radar

DanielR

Hence why the NSA are one of the biggest blackhat cyber criminals on the planet.

Australian government sun to set on NBN funding

DanielR

They've messed this up big time intentionally to kill fibre because australia can't have nice things. Meanwhile murdoch is still losing money, his plan just made things worse for himself.

They do not intend to upgrade to Docsis 3.1 on HFC. They used up most of their money buying the HFC which goes down when it rains mind you. They are paying some american company on top to maintain it and from reports saying to upgrade to Docsis 3.0 when we already have it lol what ?

Your reports about bad signal for fixed wireless LTE is not surprising i'm afraid. FIBRE is the only way.

According to Netflix, Australia's slowest ISP owns half of Foxtel

DanielR

100mbs HFC here, but in reality 115mbps with my router because i'm bridging to an edgmax, don't use their crappy routers ever they are insecure and have all firewall features turned off !

However it goes down when it rains so a pile of crap. It also went down for half of sydney 4 months ago for 6 hours , no media report and total silence from them.

'The Internet of Things is like the Cloud 8 years ago' ... Boss of Dell's new IoT biz spills beans

DanielR

JOKE

Celeron ! sounds like crap. Get an edgemax ! routing is fully hardware accelerated !

Page: