* Posts by c1ue

317 posts • joined 10 Nov 2015

Page:

Search history can calculate better credit ratings than pay slips, says International Monetary Fund

c1ue

I'm sorry to say but your search history is already turned over.

The only question is to how many.

The browsers do it. The forwarding links do it. The ISPs do it. Even the web sites do it.

If I can tell your search history just by forensically analyzing your computer, it means the OS can do it too. Ditto any other software or web app which operates on the same computer.

c1ue

A greater compilation of idiocy, I have not seen in some time.

We already have an enormous ecosystem of advertising fraud based on bots. These bots build their user profiles precisely through mimicking "good" customer profiles via prime web site visits in order to parlay themselves into good advertising subjects - then go on to harvest ads.

These numbskulls in the IMF are proposing to use DoubleClick/Facebook Pixel type data gathering so that these same fraud gangs can now directly open credit cards and bank accounts.

-10 points for blatantly repurposing an existing business practice as "original research"

-20 points for failing to consider the myriad ways by which their already plagiarized proposal can be abused

This product is terrible. Can you deliver it in 20 years’ time when it becomes popular?

c1ue

Harris Kupperman at adventuresincapitalism.com called this bubble and even spelled out how it progresses.

Financial arbitrage of the Grayscale Trust, now we're into FOMO by institutions and consumer plus institutional pumping and dumping.

Bitcoin in 2017 was all about Ponzi/pyramid/consumer pumping and dumping.

We're not saying this is how SolarWinds was backdoored, but its FTP password 'leaked on GitHub in plaintext'

c1ue

Yet another example of the utter bollocks of "sophisticated, patient nation-state spies" - as opposed to the reality of semi- and in-competent IT setups.

What is abundantly clear is not that the "bad guys" are skilled, it is that their targets are not.

This is pure "security by obscurity" gone bad...

CEO of China’s largest chipmaker 'possibly' resigns over hiring of Taiwanese rival's production guru

c1ue

Shang Yi is a legend. His assuming an active role in SMIC, if true, shows just how serious that company (and China) are about ramping up semiconductor manufacturing tech and capability in China.

Compsci guru wants 'right to be forgotten' for old email, urges Google and friends to expire, reveal crypto-keys

c1ue

The proposal seems like nonsense because it wouldn't universally accomplish what it wants to:

Major email providers certainly log and have other forms of metadata on their email users. The effect of publishing keys thus only muddies the ownership waters for external entities (primarily individuals) but not for governments or the email providers themselves, or for lawyers via legal discovery requests.

Worn-out NAND flash blamed for Tesla vehicle gremlins, such as rearview cam failures and silenced audio alerts

c1ue

Re: Flash wear

As earlier commentators noted: temperature and extra wear due to log files are certainly a factor.

I would bet, however, that the real cause is the fact that Tesla can (and does) access various cameras on the vehicle to fill its self driving data lakes. There is likely both a standard and "pull" type requests from the manufacturer for this data.

Writing and reading pics is a lot more wear than text files...

Ransomware crims read our bank balance and demanded the lot, reveals Scotland's Dundee and Angus College

c1ue

Attackers sound like amateurs.

Doesn't seem like backups were compromised - plus the ransom demanded was clearly too high.

c1ue

Re: Backups

Sounds like a law firm.

Just out of curiosity: what is the ratio of demanded ransom vs. losses suffered from the BCI of the restoration?

California backs Proposition 22: Great news for Uber, Lyft as their drivers can work as indie contractors

c1ue

Just goes to show you: paying over $5 per person in the entire state, will buy you anything...

US govt ups minimum H-1B tech salaries to $208,000 a year, more than startups can hope to afford, say VCs

c1ue

Startups not being able to afford H1B salaries is a feature, not a bug. Some poor slob coming over in the hopes of a mere 7 year term as an indentured servant shouldn't be working for startups - which fail 90% of the time.

Unless these VCs mean "startups" like Uber...

Another eBay exec pleads guilty after couple stalked, harassed for daring to criticize the internet tat bazaar

c1ue

Will No One Rid Me Of This Troublesome Priest?

It seems highly unlikely that the behavior documented just arose spontaneously...

Thought the FBI were the only ones able to unlock encrypted phones? Pretty much every US cop can get the job done

c1ue

Re: @c1ue

At the moment, this is true.

In reality, the storage doesn't require a big VM to mimic. In theory, you can do it with micro.

In addition - if we're talking law enforcement, there are many other ways to crack the nut.

For example: serve an order to the telco. You can protect the phone all you want, but the telco ultimately has 100% access...

c1ue

Somewhat misleading article.

Here's the reality: a relatively new (~2 years or less) android or iPhone can not be cracked by the tools except via pin brute forcing or via the "services" - basically the companies using 0-days and cracks. And while $1950 isn't a lot for some people - it is a lot for a police department to spend and generally won't be done unless there is a strong need.

Secondly, the report doesn't mention how often the subjects give up their pin. A lot of people will when asked.

For a person who has installed 2FA and also enabled the full security features on the phone, security is going to be good.

To be clear: there is no way to protect anything electronic from an attacker with time and money. The phones can be disassembled and their SSD memories copied - at which point all you need is to know the software architecture and you can run parallel attacks on the cloud against virtual copies.

Notpetya, Olympics hacking, Novichok probe meddling... America throws the book at six alleged Kremlin hackers

c1ue

Re: Hmmmm.

"reasonable and proportionate"

Interesting that you use these terms when it can be argued that this action is what prompted everyone to "take the gloves off".

Again, I don't say Russia is pure as the driven snow.

The operative statement is: "Let he who is without sin, cast the first stone".

c1ue

I would suggest everyone read the full indictment.

A number of items are odd: [On or about December 11, 2017, the Conspirators created a malicious "Seoul Bus Tracker" mobile application and registered the mobile application with a mobile application store approximately 1 hour later.] with multiple other apps created and attempted distribution in a very short time frame. Pretty fast work. There is also mention of 15000 web sites defaced in late 2019 - they must be incredibly productive...

Attribution is also interesting: is the "creation date" from just looking at file time stamps? Probably from the app application process?

Then there's the attribution of "creation of components" for NetPetya, Olympic Destroyer etc. The actual charges relate to spearphishing and transmission - there is nothing in the indictment indicating the creation other than the allegation.

The indictment does say that the NotPetya transmission component was via redirecting the web address target for the MEDocs software - makes a lot of sense.

Overall: if you just look at the behavior, it looks like a ransomware gang: spearphishing, network traversal, bitcoin payment for infrastructure etc.

I look forward to see how specific attribution to these 6 people was performed.

c1ue

Re: The poor GRU

Novichok is so deadly that it doesn't seem to kill anyone but heroin junkies.

Apple's T2 custom secure boot chip is not only insecure, it cannot be fixed without replacing the silicon

c1ue

Re: FDE & you want to boot that disk on another machine

The point of a real backup is that you preserve the entire environment, not just data. A full disk image does that.

Secondly, a full external image is completely undetectable in-system whereas an attacker can poison your system backup if they’re in.

c1ue

Some real world notes here:

T2 doesn't just "make the Mac secure" - it also prevents any type of external backup service outside of Apple's walled garden.

For example: a normal computer - you can boot up on Linux and capture a full dd image. This has its uses - for example, this image preserves all of the OS and installed software, as well as data, should something happen to the source computer. A disk failure can be remedied by putting in a new disk and slapping the image on. A computer failure can be replaced with an identical model computer and said image (really, it is the bios/motherboard).

With T2 and FDE - you can't do this. The Mac/Linux file system won't work without the T2 present, so virtual images are right out.

You can mount the image with a "recovery key" a la Bitlocker, but you have to do this ahead of time. Yes, the system is set up so that you can literally not access your own image without going through a specific sequence of events: FDE on, generate recovery key, capture image. Yes, out of order doesn't work (!)

Excel Hell: It's not just blame for pandemic pandemonium being spread between the sheets

c1ue

Re: If your only tool is a hammer

Wrong.

Excel is powerful because Ajax allows it to reach out and access/do all manner of things.

I've created an Excel spreadsheet that would update, from a web page, the prices of my mother's 300 stocks, because her online brokerage account was so crap to understand.

How else would you do something like that? Particularly 20 years ago...

Yes, you can hire a programmer to slap together something custom - but what a waste of time and money.

Sure, it is easier to work with data these days particularly if there is an XML or similar type feed - but businesses existed before this and the Excel pages are an IT artifact just like the XP laptops fronting 15 year old Xray machines.

c1ue

Re: I don't think the problem is Excel

The problem is that Microsoft's Excel programmers did a really amazing job of integrating all manner of extra capabilities into Excel.

You can query web pages. You can move data back and forth between sheets and even documents. You can bend, fold, spindle and mutilate cells and their contents.

That's the real problem: if there isn't a 100% perfect program to do something, it is easier to do it in Excel than to do "real" programming to create something custom.

So the real complaint is about Microsoft Excel/Ajax programmers being too good at what they do.

c1ue

Oh great - now everyone needs to learn to code in assembly in order to tabulate a row or column of numbers?

I'll pass.

c1ue

Except with Excel - you can stick in a query statement wherever you feel like without recompiling.

c1ue

The OP is angry at Excel.

The OP apparently would prefer everyone use some specialized tool or language where the operations are utterly opaque.

Excel - you can see and trace everything going on. Not so for "modern" platforms.

Yes, it isn't scalable for Big Data or even medium Data - but it never pretended to be.

Being angry at something which can do so much, well enough, that it is pushed to the limits and beyond is silly since this applies to literally everything in IT.

c1ue

Re: Relax...

Sorry, but the world isn't made up of data scientist wannabes.

People actually use Excel for things like modeling, tabulation, accounting and so forth.

What price your home delivery? Amazon accused of hiding real injury rate in its overworked warehouses

c1ue

Sounds nice but the buyer's choice is actually irrelevant.

Amazon makes disproportionately more profits if the same human and capital resources get more done.

c1ue

Re: *Sobs Openly*

I read it as: Nothing in Amazon Lingo = Profits.

Stop us if you've heard this one before: Crypto exchange cracked, Bitcoin burgled

c1ue

Re: banks are robbed on an almost daily basis

Totally wrong.

Regular bank account customers are hacked all the time.

The difference is that retail customers in the US (and in many other countries) are protected by laws from absorbing most of the losses, much as retail customers in the US are protected against credit card number theft.

The lack of cryptocurrency exchange regulation - said exchanges being a combination of bank and security exchange/stock exchange - throws out this vitally important protection for the consumer along with all the "red tape" and what not.

Epic, Spotify, ProtonMail and pals rise up as one against Apple's 30% cut, call for end to Cupertino-style markets

c1ue

Re: Unreal policies

Apple's app store rake isn't "somewhat greedy".

1) If it is payments and fraud protection: the credit card companies do that for 2% to 3%.

2) If it is costs: I looked at Apple's financials for 2015. The app store revenues were higher than Apple's entire personnel cost structure - which includes Apple store leases, Apple store employees, Apple developers for the entire company, Apple's entire sales and marketing people, etc.

The 30% is egregiously more than anything to do with costs - it has everything to do with monopoly access to Apple customers.

The worst thing is: Apple's iPhone business model is identical to the "razors and razor blade" model Gillette uses - except the razor is the apps/OS/email/software while the blades are the phones themselves.

The apps developers put on the app store are a significant part of the hook by which Apple can sell its immensely profitable hardware. To squeeze them is ridiculous.

Ethernet failure on Swiss business jet prompted emergency descent, say aviation safety bods

c1ue

Re: FCS is not new.

How many true-industrial certifiable routers are there?

It used to take 4 years for 4-16 bit microcontroller systems to get certified for use in cars; I would think airplanes are considerably more at-risk.

FBI boasts of dark-web drug bust: 179 collared around the world, $6.5m in cash and 500kg of narcotics seized

c1ue

Re: "Legalising a lot of drugs would reduce the value to criminals"

Thank you for your recreational drug promo.

Legalizing marijuana has not dropped the price; the legal stuff is a lot more expensive than the illegal stuff.

Nor has it reduced usage - illegal marijuana is still 80% of the market.

Reality is that legalization generates revenue for states. Period end stop.

c1ue

Re: Not even a drop in the ocean

Quite idiotic.

The purpose of law enforcement is ... enforcing laws.

It isn't about cost efficiency, nor is the cost to do something the only or even primary criteria.

Laws without enforcement are a waste of time.

c1ue

Re: Not even a drop in the ocean

I was more or less agreeing with the OP until "legalizing drugs" nonsense came out.

Really? Legalizing fentanyl is a good idea?

It's been a vintage year for bug bounty hunters, says HackerOne as it boasts of $40m+ passing through its treasure chests

c1ue

$45 million sounds like a lot until you realize that ransomware payments are probably exceeding that per month - maybe even per week.

Ryuk average ransom asked jumped to almost $400K.

Throw in BEC, credit card fraud, PII sales - I think the pay to be bad is still a lot better.

Amazon staffers took bribes, manipulated marketplace, leaked data including search algorithms – DoJ claims

c1ue

The only question I have is who cracked? It seems pretty clear that a member of the gang gave up the rest of them.

Strap in for the wild ride that is invest.com: A failed legal battle, millions of dollars on the line... and that Yo! app

c1ue

What a sordid tale of a scam artist. And I don't mean the guy who lost the lawsuit...

Who cares what Apple's about to announce? It owes us a macOS x86 virtual appliance for non-Mac computers

c1ue

The OP is ignorant.

PowerPC systems still underlie many of the core capabilities in big companies because of its hot swap capability. VMs exist in this case but still cannot replicate the hot swap nor can they replace the big iron original basis.

However, the lack of MacOS VMs is 100% Apple patent trolling.

MacOS is a flavor of Linux - there is absolutely nothing preventing virtualization besides Apple's lawyers.

Worried about bootkits, rootkits, UEFI nasties? Have you tried turning on Secure Boot, asks the No Sh*! Agency

c1ue

Turning on Secure Boot also makes it a lot more complicated for offline backups.

So - would you prefer defending against the largely mythical nation state attacker (if you are not in the defense industry/intel agency/government official space) or improving business continuity interruption protection against the very virulent ransomware gangs?

AI in the enterprise: Get ready for a whole new era of smart software fueled by mountains upon mountains of data

c1ue

It is turtles all the way down.

The reality is that AI is still somebody's algorithm - only justified with mountains of data.

The thing is - data in the real world is messy, ugly and generally unusable. Real world data encompasses limitations in sampling, errors in measurement, biases in focus, architectural limitations in model, and on and on.

Until there is actual intelligence - i.e. independent reasoning combined with intuition and reinforced with scientific method, "AI" is pure marketing garbage albeit very useful for killing jobs for people.

Smash-and-grabbed: Chinese AI academic cuffed by Feds after 'binning hard drive' amid software leak probe

c1ue

Re: Too dumb ...

Yes and no.

People destroying (or at least attempting to destroy) HDs isn't unusual.

People taking out the storage platters and electronics - that's unusual.

Sounds like the black helicopters have come for us. Oh, just another swarm of FAA-approved Amazon delivery drones

c1ue

I can't say for the less dense areas, but a UPS driver in a major city will have 200+ packages for their route every day.

Just how much money is saved by having each package loaded into a drone and said drone sent on its way?

Just how likely is it that said drones will not collide with buildings, utility wires, other drones, birds, kites, trees and what not?

For rural areas: much longer distances are involved. Sure, the drones can fly "as the crow flies" - but then again maps and survey quality deteriorate in direct inverse proportion to density even as distance traveled increases.

I suspect the operational reality of drone delivery is just not worthwhile - particularly with $5000 geolocation/sensing packages required.

And then there's GPS jammers/spoofers. Why bother with porch pirating when your loot can come to you?

As promised, Apple will now entertain suggestions from the hoi polloi on how it should run its App Store

c1ue

Re: A larger share ?

Utter bollocks.

I looked at Apple 2015 earnings: the app store revenues exceed the costs for the entire company: store and employees, developers, manufacturing management, salaries for everyone in the company, etc.

The Apple App store is a profit center at 30%, pure and simple.

Visa offers a "free" product at 2.x% of revenue, so it isn't the financial aspect.

It is ludicrous to say that what Apple charges has anything to do with the costs of providing "free" product or the cost of vetting apps etc.

Furthermore, it is the apps plus email, texts etc which is why people buy iPhones repeatedly - so in fact the app developers are a key factor Apple's core product repeat sales: the software is the razor while the hardware phones are the blades.

Amazon spies on staff, fires them by text for not hitting secretive targets, workers 'feel forced to work through pain, injuries' – report

c1ue

Re: Dystopian Nightmares Inc.

You might ask the same question of why would anyone drive for Uber/Lyft, deliver for DoorDash/Grubhub, etc?

Because there aren't better choices and because there is very expensive marketing.

Uber lied vociferously over what drivers get paid - the $80,000 annual income they were pushing in the early years was later shown to be completely made up.

Amazon: they offer "high" minimum wages, but people don't realize just how debilitating those jobs are. Nor are they jobs which can be handled for very long - injuries and lack of benefits are both later consequences.

Ultimately, these jobs exist because of the hollowing out of employment opportunities in the Western countries: manufacturing to China, services jobs to India, etc. have led to a dearth of opportunity for those who aren't sufficiently middle tier (software devs and managers) to the billionaire overlords.

Global heatmap of cheater density says Brazil is the worst at video games, but there's no data on China

c1ue

Interesting but not so useful if gold farming isn’t taken into account

North Korean hackers pwned cryptocurrency sysadmin with GDPR-themed LinkedIn lure, says F-Secure

c1ue

It isn't clear that just "disabling" macros would do the trick.

The interoperability of MS Office between its different sub-areas (Powerpoint, Excel, browser etc) via AJAX is never going to be secure - since AJAX enables delivery via Javascript libraries.

Impersonating users of 'protest' app Bridgefy was as simple as sniffing Bluetooth handshakes for identifiers

c1ue

Nice: a "secure" app which clearly has put zero thought into security.

plaintext sender and receiver addresses?

The crypto sigs is a bit more understandable - running those packages on low end cell phones is trickier than an iPhone only crowd.

Nonetheless, the pattern seems much more Zoom than Signal.

When it comes to hacking societies, Russia remains the master at sowing discord and disinformation online

c1ue

It would be nice if some of Ms. DiResta's other initiatives (and potential conflicts of interest) were more clear.

Among them:

1) Part of a cyber security company: New Knowledge name changed to Yonder. Past or still present?

2) Multiple online mentions of her doing research into the Internet Research Agency - self licking cone action going on here?

3) Director at Data for Democracy. Incredibly intrusive web site. How is it funded? Freedom House/BBG action?

Perhaps this was covered in Ms. DiResta's talk, but failure to differentiate between pure profit motive/attention trolling vs. nation state actors and motivations is a serious oversight. It has been documented since 2016 that there is a world of people out there who don't even speak English well, but understand internet attention/advertising economics well enough to pull outrageous memes from fringe sites to provoke anger and attention and to then monetize via advertising. See the Wired article about the Macedonian Fake News Complex.

And most importantly: it is the Western, for profit social media companies and their algorithms which underpin this activity.

It is their algorithms which are choosing for "high emotion" = "high divisiveness"/"high anger".

How incredibly convenient to blame negative social media outcomes on Russia - as opposed to the people and institutions without which this type of activity is literally impossible.

Think carefully about cyber insurance, says NCSC. But don't worry about buying off ransomware crooks

c1ue

Re: Just waiting to see how long before...

Backups work in theory.

In reality: the cyber criminals are actively going after backups: hardware, cloud, you name it.

Also in reality: if you have any significant number of endpoints, restore from hardware or cloud - even if not-corrupted - is immensely time consuming and often bandwidth limited. As is the reality that data/work *will* be lost as a tradeoff between backup corruption vulnerability, bandwidth impact on corporate network and windows of data loss vulnerability.

With the US election coming up, when better to petition regulators for a controversial way to chill online speech?

c1ue

Re: senility vs narcissism

You might want to make it more clear who you are referring to, since the OP mentioned dementia...

c1ue

Re: About Time

The point which your experience should inform is that moderation can not be fairly accomplished through small teams and opaque means.

The benefit of transparency and public scrutiny is that the overall picture is much easier to assemble and make fair than the outcome of the views of a handful of moderators and AI devs.

It isn’t clear to me that FB, Goog and Tw are deliberately discriminative at the top level, but their hiring practices can accomplish the same outcome. If you hire nothing but libera moderators and coders, you’re going to get liberal moderation and filtering policies.

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2021