* Posts by Gnosis_Carmot

83 publicly visible posts • joined 1 Sep 2015


What's the last piece of software you'd expect to spy on you? Maybe your enterprise security suite? Bad news


Name names!

I get so tired of reports like this where the names are left out. Naming the perpetrators is the only way to get this kind of action to go away.

Watch as 10 cops with guns and military camo storm suspected Capital One hacker's house…


Wow. This person is a whole bucket o' crazy.

Brags about the crime online so much that other hackers warned her she was facing jail.

Uses the same credentials to commit said crime.

Posting in Twitter ‘I’ve basically strapped myself with a bomb vest, f*****g dropping capitol ones dox and admitting it...I wanna distribute those buckets i think first.’

Posting about a desire to commit suicide

Claiming to be a woman.

What the cell...? Telcos around the world were so severely pwned, they didn't notice the hackers setting up VPN points


Name the telcos

That way people know who to avoid doing business with.

'Software delivered to Boeing' now blamed for 737 Max warning fiasco


And now we get to the ...

...blame the engineers. Of course NO ONE in management EVER learned about this beforehand.

The smell of excrement is strong on this from Boeing.

FYI: Yeah, the cops can force your finger onto a suspect's iPhone to see if it unlocks, says judge


Re: My Passphrase

Passphrases and codes are protected.


This is why it is best to use a passcode/passphrase

The courts have already ruled you cannot be order to divulge a passcode/phrase since it would expose a state of mind and is protected under the 5th Amendment.

Ex-Mozilla CTO: US border cops demanded I unlock my phone, laptop at SF airport – and I'm an American citizen


Re: Unwarranted border searches

It also covers all states with an ocean front like NC, VA, SC, GA,DE,OR, etc.


Only one of his three guesses is correct.

"My past work on encryption and online privacy is well documented[1], and so is my disapproval of the Trump administration[2] and my history of significant campaign contributions to Democratic candidates[3]," Gal noted. "I wonder whether these CBP [Customs and Border Patrol] programs led to me being targeted."

Number [1] is what got him.

Numbers [2] and [3] are pure BS based on his political biases. This sort of thing has been documented as going on pre-Trump.

NSA may kill off mass phone spying program Snowden exposed, says Congressional staffer


Either 1 and/or 2


1. They aren't really.


2. They have something better

I'm betting both.

Who needs malware? IBM says most hackers just PowerShell through boxes now, leaving little in the way of footprints


Cue the corporate stupidity

Because you can't manage Exchange server without PS and SQL is going that direction.

Jeez, what a Huawei to go: Now US senators want Chinese kit ripped out of national leccy grid


If they aren't talking about Lenovo gear too....

Then they are just targeting this one company for some reason. Lenovo has gotten caught actually putting spyware into BIOSes.

WTF PDF: If at first you don't succeed, you may be Adobe re-patching its Acrobat, Reader patches


When asked about the decision....

When asked about the decision, a Microsoft spokesperson told us: "We got caught and now we're going to trot out a BS response that doesn't answer why we were allowing it to run despite the clear setting that said it shouldn't."

American bloke hauls US govt into court after border cops 'cuffed him, demanded he unlock his phone at airport'


Re: Factory Reset Your Phone

This or keep a pre-paid phone you don't set anything up on.


He's going to lose

Anything within 100 miles of the border is a Constitution-free zone.

Under 8 U.S.C. § 1357(a)(3), CBP officers have the right to stop and conduct warrantless searches on

vessels, trains, aircraft, or other vehicles anywhere within “a reasonable distance from any external

boundary of the United States.” Regulations define this “reasonable distance” as 100 air miles from any

external boundary of the U.S., including coastal boundaries, unless an agency official sets a shorter


They can also enter private property without a warrant (excepting dwellings) within 25 miles

of any border.

GDPR USA? 'A year ago, hell no ... More people are open to it now' – House Rep says EU-like law may be mulled


The real problem is

most of the worst offenders have based their entire business on doing the exact opposite of GDPR. This would kill them.

WhatsApp security snafu allows sneaky 'message manipulation'


How long?

So how long have the NSA, FBI, and CIA been using this one?

Crappy IoT on the high seas: Holes punched in hull of maritime security


Not just open sea navigation...

I just watched a show which was looking at the world's biggest container freight ship and part of it's maiden voyage was through the Suez Canal. It had only a couple of feet to spare across the canal width. Imagine tampering with a ship like that as it's going through the canal - the canal would have damage and would have to be closed.

Sure, Face ID is neat, but it cannot replace a good old fashioned passcode


At least in the USA

At least in the USA I will stick to a passcode. Law enforcement can force you to unlock your device if it is secured using biometrics like facial and fingerprint. At least with a passcode you can make them at least get a warrant first.

IRS tax bods tell Americans to chill out about Equifax


Misleading headline is misleading

And the article body didn't bother to clear it up.

What the IRS actually said is [1] that they've already taken steps on their own and [2]that people should assume their information is already in the hands of criminals and act accordingly.

Number two is actually common sense. People should be monitoring their own data directly or through a monitoring company. The days where people could go for years without bothering to check their credit reporting data are over, and not just because criminals might get/have it.

Docs ran a simulation of what would happen if really nasty malware hit a city's hospitals. RIP :(


Not surprising given the user base at hospitals

Overheard a call once where a doctor was calling wanting the mouse calibrated. To the mouse pad. So when the mouse was in the center of the pad the pointer was in the center of the monitor,

44m UK consumers on Equifax's books. How many pwned? Blighty eagerly awaits spex on the breach


Re: Crucifed

"I didn't think it worth the risk of giving them more personal information than they already had."

They probably had every bit of that information anyway. You'd be amazed at how much they know about you. It's probably up there with what the NSA has.

NSA here : Not quite, but close.

Dolphins inspire ultrasonic attacks that pwn smartphones, cars and digital assistants


Wouldn't a group of teenage girls be able to do the same?

Wouldn't a group of teenage girls be able to do the same?

Microsoft won't patch Edge browser content security bypass


Welcome to the Windows Open A Security Hole Wizard.

Using this wizard you may open all ports, shut off firewall software, terminate anti-virus protection, install any malware desired. Simply click "Next" to begin. Or do nothing - this is Windows after all.

Please, pleeeease let me ban Kaspersky Lab from US govt PCs – senator



Sen McCarthy looks on and smiles.....

Logitech's security cams allegedly suck so bad, this US bloke is suing it



Enough for the lawyers to get rich while the people who bought the defective stuff get coupons to buy more stuff from the manufacturer.

Adware API sends smartmobe data home to Chinese company


Re: Malicious software removal

Or even better, remove the app completely and leave only a placeholder that pops up a message saying it was removed for malware.

Salesforce sacks two top security engineers for their DEF CON talk



Sounds like a porn name rather than security tool.

US Homeland Security CIO hits ctrl-alt-delete after just three months


Running the operation like a hedge fund...

... is not a good thing.

Blighty's first aircraft carrier in six years is set to take to the seas


And it runs on XP

Old power plant, old OS, "new" carrier?

Latest Windows 10 Insider build pulls the trigger on crappy SMB1


Re: "Home and Professional editions strips out the SMB1 server software exploited by the NSA."

I wonder if MS has made some way of stripping out the SMB1 client on Home and Pro as well?


Re: Someone please take out all the plebs infesting MS and shoot them.

WinME would be a better torment.

Homeland Security: Putin’s hackers tried to crack electoral networks in 21 US states


And no mention of....

...DHS's documented and unauthorized attempts to hack into the Georgia, West Virginia, and Kentucky voting networks.

US voter info stored on wide-open cloud box, thanks to bungling Republican contractor


Re: Data mining?

"The best way to swing an election in the US is to simply remove people from the voting rolls based on ethnicity and voting history"

Conversely you can leave names on the rolls of the deceased and people who moved away. The first election after my father died I found out, since we shared the same name, that someone had voted as him. I notified the poll workers that ballot should be voided as my father was deceased.


Re: Data mining?

It was common when I was in college in the 90s for both the Democrat and the Republican party people to tell to college students they could vote at both their home address and at their college address.

What they always left out was that only applied to local elections. National level the students had to pick one.


Re: 200 million people in the DB?

I'm sure the Democrats have it too. It would be naive to think otherwise.

Worried about election hacking? There's a technology fix – Helios


Re: No! No! No!

Actually the reason it can't be used is because a whole bunch of people with government connections won't be able to make tons of money off it they way they can off closed-source software.

Banking websites are 'littered with trackers' ogling your credit risk


No link to the study?


WannaCrypt: Roots, reasons and why scramble patching won't save you now


Re: The real solution is always ignored...

You are way too optimistic about users actually paying attention, much less heeding you.

Several years ago I had the (dis)pleasure of fixing a machine where the user admitted he deliberately opened an emailed virus because he was curious to see what it would do and didn't want to mess up his personal PC to find out.

Why Microsoft's Windows game plan makes us WannaCry


Re: It is the apps tied to ActiveX that cause the problems

Not just browser based apps.

A metric ton of vendors deliberately wrote, and continue to write, code using undocumented APIs and such. When MS or someone else (cough Java cough) comes along and patches/updates removing those undocumented APIs the code vendors refuse to update it because it would mean either degrading or removing functionality the customers have come to expect.

Trump signs executive order on cybersecurity, White House now runs the show


Re: Two quite separate things

Unless, the merge-and-secure is done by moving to a new system?

FBI boss James Comey was probing Trump's team for Russia links. You're fired, says Donald


Dear Reg Team,

Dear Reg Team,

Please keep your politics out of a site that is meant to be about IT. If you are going to get all butt-hurt over it realize that people have been calling for Comey's firing for a LOOOOOOONG time.

here is a tweet with many of the clips edited together:


This is Schumer talking about how scared he is and "Muh Russians" etc:


This is MSNBC upset about it 10 days before the election:


Bernie Says he should step down:


Democrats lash out at Comey from Fox News:


Harry Reid saying Comey should be investigated:


James Carville saying Comey worked for the republicans:


Tim Kaine compares Comey to Hoover taping MLK:


FOX, Dems change tune on Comey:




occupy democrats "news" :


OBAMA talking shit:






Red alert! Intel patches remote execution hole that's been hidden in chips since 2010



Wonder if this was something exposed with Vault7.

Facebook decides fake news isn't crazy after all. It's now a real problem


"I would trust Mark on this," de Alfaro said in an email to The Register.

He's about the only one to trust Zuckerberg on anything. This is the same MZ that called his company's users "dumb f**ks" ( http://www.theregister.co.uk/2010/05/14/facebook_trust_dumb/ )

That apple.com link you clicked on? Yeah, it's actually Russian


Vivaldi and Brave (Chromium based) didn't show apple and epic

They showed the gobbledegook domain names. Chrome went ahead and showed the bogus names.

FBI boss: 'Memories are not absolutely private in America'


"and any of your memories are up for grabs should a court order it."

Good luck with that! I'm famous among people I know for having CRS issues with my memory. Half the time I can barely remember what I had for supper the day before, and past 24 hours you better expect a blank stare.

As Microsoft touts Windows Insider for biz, let's take a look at W10's broken 2FA logins


" kicked February's Patch Tuesday into next month"?

"Meanwhile, Redmond has kicked February's Patch Tuesday into next month: any bug fixes due to be released and installed this week will be rolled into patches released on March 14."

Mine for Win10 home got auto-stuffed onto my machine along with the auto-lose-everything-you're-working-on-reboot early morning yesterday.

New Windows 10 privacy controls: Just a little snooping – or the max


"the Feds, who are about to be under the control of a remorseless bully who loves to hold a grudge."

What the reporter, who was desperate to insert his own political views, misses is that statement is just as true of Clinton. The US lost no matter which was elected.

D-Link sucks so much at Internet of Suckage security – US watchdog


Re: D-Link?

"How is this company still in business?"

The complete cluelessness of the general public.

Pre-Trump FCC – get a grip on mobe data caps, racist Stingray spying, urge Dem senators


Re: Common Carrier not a stretch

You forget the days of Compuspend, America Offline, Stodgity, etc, where yes, you could get *most* content over the interwebs but some was reserved exclusively for a single provider. UPN when it first appeared was only available on AOL. Didn't have AOL? You were told sign up for AOL or shut up.

These carriers are wanting to return to that level of gouging. Net Neutrality, in theory, prevents that. In practice, maybe not so much, but it would be better than nothing....

The UK's Investigatory Powers Act allows the State to tell lies in court


Welcome to 1984

War is Peace, Freedom is Slavery, and Ignorance is Strength.

Big Brother is watching.