* Posts by something_or_another

95 posts • joined 14 Jun 2015

Page:

Step on it, I've got the police on my hack: Anon swipes, leaks online 269GB of crime intel docs from cops, Feds

something_or_another

Re: What happened to encryption at rest?

they must have had legitimate user or admin credentials

Ummm, that's not how at-rest encryption works.

An Internet of Trouble lies ahead as root certificates begin to expire en masse, warns security researcher

something_or_another

Re: Lawyers... start your engines

Wow, enlightening....and what "kit" do you buy today that doesn't rely on root certificates?

something_or_another

Re: What problem are the certificates solving?

Wrong. Learn how PKI and the internet in general works before trying to make us think you know what you're talking about.

something_or_another

Re: Planned or accident

One could argue that this problem is purely accidental because products are pushed out in the name of consumerism.

That's not accidental, that's intentional.

Google tests hiding Chrome extension icons by default, developers definitely not amused by the change

something_or_another
FAIL

Anticipating how Google's security and privacy-focused platform......

I'm not so concerned with anyone pissing off developers - it's kinda sport - but actually believing that google is acting on our behalf is laughable! They care about our security and privacy about as much as devs do. ZERO!

WeWork sues SoftBank over 'AWOL' $3bn shares purchase – which included millions lined up for ousted CEO Neumann

something_or_another
Black Helicopters

....and trouble with its joint venture in China

No kidding. See, ya get into bed with China, you catch a virus, your value goes to sh!t!

To catch a thief, go to Google with a geofence warrant – and it will give you all the details

something_or_another
Devil

Re: Dumb, dumb, dumb

Modern cars are tracked in cities with sensors/detectors that pick up the unique identifiers of your wireless tire pressure sensors. If you have modern car with tire pressure sensors you "disabled" or removed, then the the government cameras and those sensors/detectors will quickly ID YOU as owning the car that should have tire pressure sensors.

So, swap them out before a crime.

Track Cars with Wireless Tire Pressure Sensors, Hak5 1511.1

https://www.youtube.com/watch?v=TDYoo7TGNcw

Just let us have Huawei and get on with 5G, UK mobe networks tell MPs

something_or_another
FAIL

Re: Telco-speak translation

Huawei's business model has always been a state sponsored, IP theft operation. PERIOD. Full-Stop. R.I.P. Nortel.

China, if you're listenting, you can go fuck yourselves, on behalf of all Americans! No apologies for you. We are America - the land of FREE "Fucking" SPEACH!!!

#FreeHongKong #FuckChina #FuckTheNBA #FuckHuawei #PoohBearPing #BDS #FuckTrump

iFrame clickjacking countermeasures appear in Chrome source code. And it only took *checks calendar* three years

something_or_another

Re: iFrames are evil

-"I am currently writing a code editor/testing plugin for my own use for Adobe Captivate & I have to use Iframes in order to make it work."

Well, you're using Adobe, so you are 'Captive" to iFrames and all their other bullshit.

I love how people are always like, "I use Adobe, so [ENTER LAME EXCUSE HERE].

I use Adobe, iFrames, Fucked!

How dodgy browser plugins, web scripts can silently rewrite that URL you were about to hit – and throw you into an internet wormhole

something_or_another

Re: The common root case?

THen use uBlock Orgin to get rid of that element, and all "We use cookies" BS. Then put uBlock Origin in advanced mode, and have at every script you don't like. By default it lets a good # through that make no sense. It even tells you the # of scripts that would be blocked if noscript wasn't blocking any.

YouTube mystery ban on hacking videos has content creators puzzled

something_or_another

Re: Cui bono @Chris

"I can only assume that there's people at Youtube who are ok with ad blockers, because I'm sure it can't be that hard for Youtube to bypass the ad blocking (eg, make the advert part of the same video stream as the content,.........."

Having worked for a large internet media company, they (media companies in general) rarely host the ads, but rather pass a URL to your browser to make a call to a particular ad hosted at an ad company or the company who made the ad itself, based on an algo. In doing that, they don't use their bandwidth, storage or compute power, they're not responsible if the ad turns out to be malicious and it would be a LOT of work to deal with the transfer and management of countless media (ad) files.

Most people don't use ad/script/canvas/referer blockers, cookie destroyers, user-agent changers, etc ... having to occasionally tweak on them gets in the way of the instant gratification people want. With that, YT loses very little $$ for those that do. Beyond using all of the tools listed above, YouTube Red takes care of the ads for me.

If you really want to see how it works, download a MITM app like Fiddler (Win) / Charles (Mac) / Burp Suite (Win/Mac/Lin) (all free) and learn what goes on when switching videos, or really any interaction you have with the site.

Solid state of fear: Euro boffins bust open SSD, Bitlocker encryption (it's really, really dumb)

something_or_another
FAIL

Lovin' It!!!

I've been doing security for over 20 years - and the longer I do it, the more shitty it gets. Let's take vPro machines and leave the backdoor wide open, and never use it.

I love ITSec, but I also love its demise. Dumb fuck devs, shitty managers and security folk that have spent decades trying to protect you from yourself. Burn in hell, dipshits!!!! You hire 'em, and never fire 'em ... you get reap what you sow.

Fuck you're all dumb!

WikiLeaks a 'hostile intelligence service', SS7 spying, Russian money laundering – all now on US Congress todo list

something_or_another

Re: yeah,,,,

"Exposing criminal activity by the US government (mine) will get you killed or worse."

Snowden is still alive .... Drake is still alive. I harass them all the time, I'm still alive.

You've just bought what they WANT you to believe. #FuckTheNSA .... #FuckTheCIA. Grow a set and stand up to them, instead of being a pussy!

Hua-no-wei! NSA, FBI, CIA bosses put Chinese mobe makers on blast

something_or_another

China trash.

For all you assholes that down vote me for saying, "Fuck China, Fuck Huawei", fucking buy that shit and be owned, LOSERS!

Here we go again... UK Prime Minister urges nerds to come up with magic crypto backdoors

something_or_another

Just sprinkle on a little pepper.

They'll just push everyone to become a little more creative.

Take GPG. Shuffle the cipher text in a manner than the g-men would have to take into account. For instance, encrypt it several times, with different Algos, then remove the GPG header footer from the final cipher (that means they have to account for all the various GPG/PGP headers) ... then have a script that'll omit any line that contains an "=" or is less than x # of characters. Take the remaining lines, you + recipient agree on a daily changing pepper, and shuffle the remaining characters with it. Say today's #s are 3 and 8 .... run the script to swap every 3rd character line with every 8th. Sure, you'll/they'll get a CRC error, but they'd have to solve for all the shuffling 1st....and how long will that take, assuming that they don't have quantum computers cracking it? Then they'll have to solve all the different layers.

Why do they think that we can't solve for that? Remove a line, post that line, encrypted, elsewhere. There are plenty of ways around compromised crypto, if you're not lazy. Time would not be on their side.

Uncle Sam's treatment of Huawei is world-class hypocrisy – consumers will pay the price

something_or_another

FŬCK HUAWEI & CHINA!

Huawei's success was built off the theft of Nortel's IP, and who knows how many other companies. China can piss off.

Intel finds critical holes in secret Management Engine hidden in tons of desktop, server chipsets

something_or_another

What is, Not New News?

We were warned.

https://www.theregister.co.uk/2015/12/31/rutkowska_talks_on_intel_x86_security_issues/

Equifax mega-breach: Security bod flags header config conflict

something_or_another
Thumb Down

El Reg -n- HTTPS.

It only took them years to figure out https ..... don't tax them with getting SPF right.

So, FCC, how about that massive DDoS? Hello? Hello...? You still there?

something_or_another

Ajit Pai and his DSLs

He just can't wait to wrap his big ole DICK SUCKING LIPS around Drumpf's cock to curry favor. Like he has any other motivation. FUCK I HATE REPUBLICANT'S!!!!

US Secretary of State: I will work with Russia on cyber security issues

something_or_another

Being played the fool!

What a load of shit. China and Canada, US and Russia, and the halting of cyber attacks. It's just Bullshit. What incentive does China have to stop robbing orgs of IP. NONE!. The fool of these agreements will be the loser - Canada, US.

How about building and maintaining secure infrastructures, gear and apps; instead of meaningless agreements.

Step one, fire 90% of devs. Step two, stop buying Chinese hardware. Step 3, FUCK RUSSIA.

Why I just bought a MacBook Air instead of the new Pro

something_or_another

Re: Solder not Socket...

Chaining monitors has been around way longer than USB-C. And speaking of USB-C - so nice of Apple to make their use of it proprietary. Can't just get ANY USB-C cable and use it with a MAC.

Fuck that!

something_or_another
Thumb Down

Re: Surface is nice and all

"I'm giving Devuan a try."

LOL ... talk about planned obsolescence (yours and Duvuan whiners)! Linux with concrete shoes. "Let's do the opposite of the industry".

Way to inform the world that you're going to stick with yesterday's skills, aging out, while everyone else is maintaining relevance. Don't get irritated when nobody wants to handhold you as to why you can't find the SysV init scripts.

Heads roll as Qihoo 360 moves to end WoSign, StartCom certificate row

something_or_another
FAIL

Nananana na na na na NO!

No Chinese anything TRUST!

FBI wants to unlock another jihadist’s iPhone

something_or_another
WTF?

Re: FBI needs to stop "the lazy" and do REAL police work

"Or maybe they just need to ASK NICE...."

Yes, I'm sure that will change Timmy's mind. WFT - so they should betray their customers? For that Sir Bombast, Go Fuck Yourself.

Never explain, never apologize: Microsoft silent on Outlook.com email server grief

something_or_another

Re: SSL authentication

"Like Google and Apple, MS has shown that they are perfectly willing to chop off legacy services no longer considered tactically important."

YES! That's what you do with legacy. You never want to utter the word legacy. Like, "I'm so proud I support legacy systems." Or, "There's nobody left who knows how these legacy systems were built, so we hope they don't go down.

Microsoft preps defence against the dark arts for enterprise customers

something_or_another

Re: Yay

> A downvote? Seriously?

Wear it as a badge of honor, given by UK's dimmest.

Swagger staggered as hacker drops dapper code execution cracker

something_or_another
Holmes

Users can do little but "carefully inspect Swagger documents" for ......

language-specific escape sequences....

Users can do little when coupled with little imagination centers. Devs should ALWAYS code for just this sort of thing. Correct me if I'm wrong, but REST should be no different than any other user input mechanism - YOU SCRUTINIZE EVERY PIECE OF THAT USER TRASH. (not treat it as a shitty task - unless you feel you have a shitty job - which is more likely an assessment of yourself rather than your employer).

If the expected user input is [a-zA-Z0-9], how is it that escape sequences even get through. And if your API is that sensitive and/or requires dangerous characters (that for some reason the lazy dev didn't bother to encode), why not use mutual auth?

Whether a component of your web app is written well or shitty (you probably don't know which, it isn't your code), but it is your app in the end, and with it having been built with quality will save your ass. Now, are you the quality design type, or someone that relies on others to keep you getting paid.

FBI's iPhone paid-for hack should be barred, say ex-govt officials

something_or_another
Mushroom

Good for both, Goose and Gander.....

So, US citizens are authorized to use exploits against other US citizens - Glad to hear it. Time for some fun.

Sophos U-turns on lack of .bat file blocking after El Reg intervenes

something_or_another
FAIL

WCE anyone?

When will they detect the publicly available WCE? Seriously, how long as that tool been around and it just ignores it.

Destroying ransomware business models is not your job, so just pay up

something_or_another

Re: Just as well this is only for people...

How about format that child and DON'T start again.

Google, Honeywell put away Nest patent knives

something_or_another

Re: And it all works until...

Who the hell needs to touch a server to fix it. Step out of yesterday!

$17 smartwatch sends something to random Chinese IP address

something_or_another
Thumb Down

Have you MITM'd your phone?

All you "I don't worry" losers ... you'd better be PERFECT government, compliant, 'do-as-you're-told' citizens.

I am not, nor do I intend to be. Fuck NSA, FBI, GHCQ, Mossad, खुफिया विभाग, ASIS, and the rest of them! I know I'm on a list; couldn't give a shit less.

Lenovo: China biz down, PC and mobile down

something_or_another
WTF?

Re: How could Windows 10 help?

Vaio's aren't cool, they never have been. They're bloated trash. And Lenovo? Let's see ... a computer, manufactured in China, who is its biggest customer, that LOVES denying privacy, yeah - I trust that ... let me pay money for something that is already compromised; not that everything isn't already compromised. FUCK YOU NSA!

We actually have an HP contractor with a Huawei phone - SERIOUSLY?!? Fuck China! I told him to get that piece of shit outta the building - Not that I have any authority in that matter.:)

Cops hate encryption but the NSA loves it when you use PGP

something_or_another
FAIL

Re: " I'm already looking at tunnelling my home connection through a dedi in a DC "

What he means is that he's already busted. He's gonna access it from his home? LOL. FUCKING RETARD.

1st, if you going to use your own proxy, are you paying for it?? PayPal or Bank Account (Busted). You're going to use it from home (Busted). Are you going to use it @ Starbucks (Busted - they're called cameras). Do you have your Smart Tracker (phone) - (Busted). Did you drive their in your car (Busted). Did you order the same Mocha Shit-Latte (Busted). Do you know what a MAC address is, and how to change it? No (Busted). Are you doing anything that you'd do at home? (Busted).

Chances are you're not smart enough. That doesn't mean your dumb ... it just means you're not smart enough. I could have kept going on and on and on. You're going to do something that leads them right back to you. Even Gene HACKman couldn't remain anonymous enough. Sure it's a movie, but you'd better be more paranoid than that....and he was playing paranoid. Chances are, you're not that paranoid. You're going to jail, loser.

something_or_another
FAIL

Re: " I'm already looking at tunnelling my home connection through a dedi in a DC "

What he means is that he's already busted. He's gonna access it from his home? LOL. FUCKING RETARD.

1st, if you going to use your own proxy, are you paying with it?? PayPal or Bank Account (Busted). You're going to use it from home (Busted). Are you going to use it @ Starbucks (Busted - they're called cameras). Do you have your Smart Tracker (phone) - (Busted). Did you drive their in your car (Busted). Did you order the same Mocha Shit-Latte (Busted). Do you know what a MAC address is, and how to change it? No (Busted). Are you doing anything that you'd do at home? (Busted).

Chances are you're not smart enough. That doesn't mean your dumb ... it just means you're not smart enough. I could have kept going on and on and on. You're going to do something that leads them right back to you. Even Gene HACKman couldn't remain anonymous enough. Sure it's a movie, but you'd better be more paranoid than that....and he was playing paranoid. Chances are, you're not that paranoid. You're going to jail, loser.

something_or_another
FAIL

RE: Start encrypting every bit of Internet traffic

Not 'El Reg-Tards. TLS to Hard. These fucks' refusal to implement TLS is totally for fellating their PM. TLS is 1st grade skill. Why 'El Fucktards? Why do you FLAT OUT refuse to use TLS? Is it that the Queen will look unkindly you? Not knight you? *** FUCKING TLS!!!! ***

Ban internet anonymity – says US Homeland Security official

something_or_another

Re: "ignored most of the time"

Cars should? Cars do. Buy a BMW M-whatever, and floor the 'gas' pedal, and KNOW that it phones home to daddy. They know who you are, they know how you drive, and are itching to cancel your warranty. You're already on lockdown dumbass!.

PGP Zimmermann: 'You want privacy? Well privacy costs MONEY'

something_or_another

Re: 'You want privacy? Well privacy costs MONEY'

Tell Cameron that!

Bounty hunters won't blink until you dangle US$1500 bug reward

something_or_another
Flame

Re: Broken window fallacy?

Yeah, great .... but does anyone call out the moron that committed the shitty code? NO, THEY DON'T, because Dev manager are too busy protecting their own ass to point it out!!

And that would be in a perfect world. More than likely, Dev Managers are just as dumb as the Devs. They just want their $$$check$$$ - they don't give a shit ... seriously, they don't care at all!! No pride of ownership!!!

Down-vote it if you want, but it doesn't change truth .... it just shows you're one of them.

something_or_another
Megaphone

WHY NOT?!?!

If they find a shitty little XSS or Session Management issue because the company cheaped-out on over-seas-low-$$$ devs, that are probably being paid by a 3rd party to code in vulns, or have absolutely no idea about input validation/sanitation, then yeah - PAY UP bitches!!!

(Disclaimer: I am not a bounty hunter, I can just spot some shit code when I see it. I see shitty code, it's everywhere)

Security bod watches heart data flow from her pacemaker to doctor via ... er, SMS? 3G? Email?

something_or_another

Vendors ....

> "As a patient I am expected to trust that my device is working correctly and that every security bug has been corrected by the vendor, but I want to see more testing and research [because] we can't always trust vendors."

You can never trust vendors.

How long is your password? HTTPS Bicycle attack reveals that and more

something_or_another

Re: Optional

> One simple way to counter this ground-breaking attack is to use clientside scripting to hash the username and password on the browser before transmitting it.

Yes - Let's use clientside security. Nothing has ever gone wrong with that mental-fuckery.

DAMN-IT there are some dumb fucks in this world!!!

something_or_another

Re: Down with 2FA

Until you loathe having to piece your financial life back together. Let me guess, a millennial?

It's probably been around longer than you have:

http://www.cs.cornell.edu/Courses/cs513/2005fa/NNLauthPeople.html

something_or_another

Re: Bah!

> Bah!

> Blast!. Now I must protect my blog by adding more headers

OH, it must be terrible - adding a header. Typical L'User web-wannabe.

something_or_another

Re: El Reg

> El Reg

> What's HTTPS?

LOL ... I always get down-voted for asking the same question.

Security industry too busy improving security to do security right

something_or_another
Thumb Down

Re: Too Hard?

- Yep, many businesses here give you a better price if you pay cash

Which is complete BULLSHIT! I assume total risk of being mugged (go ahead and walk around Oakland or Baltimore with a wad of cash in your pocket).

These fucking businesses allow themselves to be slaves for outrageously priced machines (vice Square), then mark up product 20% and then discount it 20% if they can force you to give them your Name, Address, Phone# and Email Address for their piece of plastic, then complain about needing to keep up with tech. FUCK THEM! If their shit isn't up to standards, they can keep their card and lose my business.

Lastly: EVERYBODY FRAUDULENTLY FILES PCI RESULTS/FINDINGS!! And the dumb fuck auditors don't know the difference.

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020