* Posts by SotarrTheWizard

72 posts • joined 14 Jan 2016

Page:

Maersk prepares to lay off the Maidenhead staffers who rescued it from NotPetya super-pwnage

SotarrTheWizard
Mushroom

. . .and then companies have the utter gall to complain about lack of employee loyalty. . .

. . . forgetting that what comes around, goes around. . .

Roses are red, IBM is Big Blue. It's out of RSA Conference after coronavirus review: IBMers will not attend infosec event over 'health concerns'

SotarrTheWizard
Trollface

Re: Viruses at conferences

. . .or you had Durex anti-virus. . .

Call us immediately if your child uses Kali Linux, squawks West Mids Police

SotarrTheWizard
Happy

Re: I told my Dad I use Kali

4 was interesting: layers of a dollhouse. . .

SotarrTheWizard

Re: I told my Dad I use Kali

Quite the firewall and intrusion protection. . . or you simply didn't raise privilege enough to access her resources ???

SotarrTheWizard
Trollface

Re: Be a government informer! Betray your family and friends! Fabulous prizes to be won!

Indeed. Ask Libby Hoeler. . .(evil grin)

SotarrTheWizard
FAIL

Re: Be a government informer! Betray your family and friends! Fabulous prizes to be won!

What, it's not the "permanent record that will follow you throughout your life" that my elementary school teachers kept threatening me with ???

SotarrTheWizard
Trollface

Re: Be a government informer! Betray your family and friends! Fabulous prizes to be won!

Well, they're certainly smegging idiots. Probably even have a member of the Rimmer clan on staff. . .

Artful prankster creates Google Maps traffic jams by walking a cartful of old phones around Berlin

SotarrTheWizard
Trollface

Re: Can't stop smiling

Break them up in groups of 5 or less, mount on drones. . . .each hovering ~10-20 meters off the motorway.. . .both sides.

And then send them moving AGAINST traffic. . .

Five years in the clink for super-crook who scammed Google, Facebook out of $120m with fake tech invoices

SotarrTheWizard

Hey d00d!!

We lerns gud in Murica!!! And we gots the self-steem awards to prove it!!

(Note: and this is why we homeschooled our children. THEY can read and write, do math, and know actual history. The oldest is the de-facto helpdesk at work: Helldesk comes to HER when they're stumped. Both also code far better than I do. . .)

You leak our secrets? We'll leak your book sales, speech fees – into our coffers: Uncle Sam wins royalties fight against Edward Snowden

SotarrTheWizard

Well the obvious solution. . .

. . . is to go check ThePirateBay or other torrent site. I'm sure it's there already. I remember the last time a country tried suppressing a book: the UK banned a book called "Spycatcher", late 1980s.

https://en.wikipedia.org/wiki/Spycatcher

It eventually, did not succeed. Not that I have much interest in Snowden's book, but all the current actions will do is de-monetize it. . .

US senators green-light recruitment of crack infosec teams, both public and private

SotarrTheWizard

Re: Except, of course. . .

. . .some of us already have one. You still wait months for it to "cross over". And if you're particularly lucky. . . .then you get scheduled for a session on The Box.

Which is an order of magnitude MORE joy, because apparently older folks, IT folks, and people with medical issues are nearly impossible to get a solid read on. . . so you get re-scheduled to take it again, a month or three later. . . and it's back to the off-site meeting room in the meantime . . .

SotarrTheWizard
FAIL

Except, of course. . .

. . . . the Federal hiring process is so long and involved, that by the time you get to an interview, it's a year or more later. . .

I can recall finally getting called on a "critical fill" infosec position. . .18 months after applying. . . .

Wake me up before you Gogo ... so I can jump out: Kenyan MP takes on aeroplane flatulence

SotarrTheWizard

. . .or not rapidly.

Way back when, I flew jets for the USAF. The FIRST portion of Pilot or Navigator school is Aerospace Physiology. All the lovely things that happen to the human body at altitude. Farting is just the start. And the 8,000 foot cabin altitude of civilian jetliners is easy: military cabins are typically at 10K feet pressure altitude.

We learned, early on, which foods produce the most gas, and more importantly, which ones make you sleepy. And, as part of the training, we did altitude chamber "rides". Trust me, when you re-pressurised to 8-10K after everyone being on oxygen and cabin altitude at 38K, it was enough to gag a maggot. . .

Equifax is going to make you work for that 125 bucks it owes each of you: Biz sneaks out Friday night rule change

SotarrTheWizard

Re: Find something wrong? Equifax has a product for that

Not really. I got zapped by the US Gov OMB hack. . . their monitoring and "repair" service is absolutely worthless. But it gives me near-weekly updates on any registered sex offenders within ~20 miles. A feature I neither wanted or needed.

When someone tried to open an account in my name, I got a warning from the BANK, who thought it dodgy. It took a MONTH for the OMB "MyIDCare" to even show the queries.

SotarrTheWizard

Re: I know what we can do, call the Consumer Financial Protection Bureau

If you think ***ANY*** President controls the Bureaucracy, I have some shoreline property in Florida to sell you. . .

If you could forget the $125 from Equifax and just take the free credit monitoring, that would be great – FTC

SotarrTheWizard
Thumb Down

And now comes the waffling. . .

. . . just got email from Equifax. I now have to PROVE I have Identity Theft protection, or accept theirs. And the payout will, ***SURPRISE** be lower.

To quote:

"Because of the number of individuals who have selected the alternative compensation cash payment, the amount you receive may be substantially less than $125.

Click this box if you want to keep the alternative compensation cash payment. Your payment may be substantially lowered, depending on the number of valid claims filed.

In order to verify your claim, please provide the name of your credit monitoring service that you will have for at least the next six months:"

SotarrTheWizard

Well, I accepted the offer in lieu. . . .

. . . so if they don't deliver the bucks as agreed. . . . . isn't it grounds for suing for breach of contract ? With legal fees and triple damages for the non-performance. . . (evil grin)

SpaceX didn't move sat out of impending smash doom because it 'didn't see ESA's messages'

SotarrTheWizard
Trollface

A pity Elon doesn't use spray tan. . . .

. . . . then we could all say. . .

ORANGE MUSK BAD. . . .

Disgruntled bug-hunter drops Steam zero-day to get back at Valve for refusing him a bounty

SotarrTheWizard

Re: after the Microsoft bug bounty initiative.

Hey! My mother was a hamster, and my father smelled of elderberries !!

Now, go taunt Microsoft a second time !!1

You can easily secure America's e-voting systems tomorrow. Use paper – Bruce Schneier

SotarrTheWizard

Re: Sure there are potential exploits against paper

I disagree. An election attack can be made via critical nodes. When elections are run at the county level, you need but to merely control the count in critical counties, and delay final results until all non-crtitical results are in. The Commonwealth of Virginia is the exemplar here, in each of the major statewide elections for over 10 years, the voting districts inside the Beltway and in the Tidewater area, all heavily urbanized and the first areas one would expect to report. . . .never do.

The Opposition candidate is always 1-2 points ahead. . . . .and then an hour with no changes, and suddenly Arlington and Hampton Roads report, and BOOM! their candidate pulls ahead by about 5% over the greatest possible margin of error. . . .

It's cynical. but your vote does not count so much as who ***counts*** the votes. . .

Class-action sueball flung at Capital One and GitHub over theft of 106 million folks' details

SotarrTheWizard

Re: Question is. . .

That's cute. Assuming any big organization will change without their feet LITERALLY placed in the fire. . .

SotarrTheWizard
Mushroom

Question is. . .

. . . .assuming the sueball hits the target, and that we already know the lawyers will eat most of the settlement. . . .

. . . .why bother ? Suing a big corp only enriches the sharks, not the people who actually got damaged. .

Personally, I'm waiting to see if I get **ANY** of my US$125. 'settlement' from Equifax. . . and whether I cash the check. . . . or my estate does. . .

Cloudflare punts far-right hate-hole 8chan off the internet after 30 slayed in US mass shootings

SotarrTheWizard
Boffin

"Rational Gun Control"

. . . are you planning on banning small home shops ? 3-D Printers ? Or Home CNC machines ? You can make a firearm with any of them.

Heck, you can skip down to your local Home Improvement store and get everything you need to make a plethora of weapons, in the plumbing section alone.

Hint: guns are not dangerous: PEOPLE are. Like people on psych meds, and ESPECIALLY people coming off them. SSRI inhibitors are involved on most of the "mass shootings" (i.e. the ones that get air time, and not just J. Random Gangbanger spraying bullets in Da Hood. . . .) in the past few decades.

There are other common factors as well, the most politically incorrect of them being that of the last 23 "mass shooters" in .US (prior to this weekend), 22 grew up in single-parent households. . . .

I'll also note both the rise of "garage guns" in Australia, and the rise of arson as a means of settling scores Down Under. . .

UK PM Johnson spins revolving doors, new digital minister falls through

SotarrTheWizard
Joke

What, no role for Harriet Jones ??

. . . . MP from Flydale-North ?? :)

Cyberlaw wonks squint at NotPetya insurance smackdown: Should 'war exclusion' clauses apply to network hacks?

SotarrTheWizard

Re: cyber equivalent of a Weapon of Mass Destruction

No, those are Weapons of Mass DUH-struction (grin)

SotarrTheWizard
Mushroom

Consider the flip side of the argument. . . .

. . . . if a cyber attack is an act of war, then retaliating via armed force is on the table. And the more important question: what is the cyber equivalent of a Weapon of Mass Destruction ???

Low Barr: Don't give me that crap about security, just put the backdoors in the encryption, roars US Attorney General

SotarrTheWizard
Mushroom

What was that ripping sound ??

"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

- 4th Amendment to the United States Constitution

Get a warrant, Barr, otherwise sod off. . . .

Train maker's coder goes loco, choo-choo-chooses to flee to China with top-secret code – allegedly

SotarrTheWizard
Trollface

Re: "US train makers have a long experience in such kind of transport"

Question is, is a new model of train required ? If you've optimized a basic model, most upgrades (like electronics) are bolt-on additions, and can be upgraded as required.

Last numbers I've seen have North American freight traffic a~9 times the tonnage of EU traffic, over a significantly larger footprint. And yet we have a system that works well enough that freight train accidents are memorable events.

Stop us if you've heard this one: US government staff wildly oblivious to basic computer, info security safeguards

SotarrTheWizard
Facepalm

Re: How about Congress?

. . .probably because Infernal Revenue relies on positively ancient mainframes. . . . pre-Net era. Really.. .

Freaking out about fiendish IoT exploits? Maybe disable telnet, FTP and change that default password first?

SotarrTheWizard
Facepalm

Years ago. . .

. . . a friend was holding a house-warming party, the week before Christmas. Her DSL hadn't been connected yet, **AND** this was an audience of geeks. So, out of 10 singles and couples, we had 7 laptops.

We went searching for open access points. . . .and found 20+. Every single one either admin/admin or admin/password. And most had Win9x or XP PCs behind them, also wide open.

So we locked down all the networks, and left a note on the desktop of all the PCs, from "Santa's Elves", with the new username and password for the wireless routers.

Apparently, the next day, it was the talk of the neighborhood. . .

Hacking these medical pumps is as easy as copying a booby-trapped file over the network

SotarrTheWizard
FAIL

Honestly, at least in .us. .

. . . .you CAN'T secure medical kit. Changing the software requires a vendor to TOTALLY re-accredit the kit and any software.

. . .which is why, at the hospital my eldest daughter worked at, the password for EVERY SINGLE MEDICAL DEVICE was. . . "password" . . .

Could you just pop into the network room and check- hello? The Away Team. They're... gone

SotarrTheWizard
Mushroom

Ah, memories. . .

. . . .the time: 1998

The place: Capitol College, Lanham, MD (just north of DC)

I was teaching a course to develop the first set of Windows Admins/Engineers for a large, unspecified Federal Agency in the Fort Meade, Maryland, vicinity.

Part of this was A+, part was Windows NT4 MCSE, and part was Linux and Cisco.

I jokingly referred to "magic smoke" being the key to computing. One of the students demanded I show them some "magic smoke".

Luckily, we were in the lab, I had a whole stack of discarded AMD K2 motherboards, and a number of variable power supplies.

Wired it up. set the 5 volt feed to 30 volts, and the 12 volt feed to 75 volts. Inside of 5 seconds, hilarity ensued. Capacitors were popping with little bursts of flame and large bursts of. . . "magic smoke".

But as I was pointing out the "magic smoke" to the class, I had neglected to power down the supplies.

And someone asks, "Is the CPU supposed to do that ?".

I take a look back at the mobo, and the CPU has deformed about half an inch. . . and suddenly BANG, burst of flame. . . and no CPU. Well, at least on the mobo: it had embedded its' remains in the ceiling, 10 feet above.

Now, **THAT'S** entertainment. . .

Senator: US govt staff may be sending their smartphone web traffic 'wrapped in a bow' to Russia, China via VPNs

SotarrTheWizard
WTF?

So why do PUBLIC servants. . .

. . . use a VPN to hide their traffic on GOVERNMENT-issued phones ?? Personal, no worries. But their issued phones ??

If servers go down but no one hears them, did they really fail? Think about it over lunch

SotarrTheWizard
FAIL

This happened to me, sort of, late 1990s . .

. . . . .but the blame is purely on the manufacturer. They shall remain nameless, but it was a top-of-the-line LaserJet 5. We checked that it could handle 220, spec said it was 110/220.

What PrintZilla ***didn't*** say was, the 110V was one stock number, and the 220V was a separate stock number. And you couldn't buy the 220 version in North America, where we sourced everything else (all of which was dead easy to change over, flip the switch on the back of the Power Supply, and locally source the power cords to match local outlet configuration. . .)

We had to re-pack and ship the 110 version back to the States.

But the story does not end there. We were doing the install at HQ NATO. So, we called *(redacted)* Belgium, asked who their local resellers were. They named a company whose nearest office was in Antwerp, and another whose office was, conveniently, right next store to the US Support Activity. And we even had an account with them.

Or so we thought. I make a call, half in English and the rest in French, for an appointment the next morning. I get there. . . and they hand me an application form to become a customer. I was told to fill it out, and they'd get back to us in 4-6 weeks. I told them, that I needed to buy a printer now, and pulled out a wad of cash, ~180,000 Belgian Francs. Got told they didn't accept cash payments. Pointed out we already had an account in .us. Was informed that the .us was a different organization, and we needed to be an approved customer of **theirs**. I walked out.

Grabbed the Pages Jeune, and started calling companies that had HP logos in their ads. About a third, 10 or so, had the printer we wanted in stock. I got a name, a voice number, and a fax number.

Got a list of vendors, made a standard bid request. Model XYZ printer, with accessories A and B, for cash, delivered to HQ NATO C/o my employer's Company and the US Mission. Best price, taxes and delivery included, reply by fax with bid NLT 1400, Friday (this was a Tuesday afternoon).

Got one bid on Wednesday, after lunch. And then nothing. Called the outfit that bid on Friday at 1410, and we arranged delivery and payment for Monday morning. Easy peasy, installed as per the book, no circuits popping. Up and running by COB.

Rest of the network install continued over the next two weeks. But two weeks after we sent out the bid, a second company responded, with a much higher price, and delivery in 20-30 days. Ignored it. Next morning, the guy called, and asked when we could work payment for his bid.

I pointed out that bidding had closed ~10 days prior, someone had been selected, the printer paid for AND INSTALLED for a week-plus.

Guy flips out, did we not know who he was, he would complain to NATO, I pointed out that NATO wasn't buying it, a private US company was, supporting an activity based in the Pentagon. He said he would complain to the Ambassador. I gave him the Embassy switchboard number and wished him luck. . (turns out he had done this before, the Embassy had him on their "cranks" list. . .). The next day, the team flew back to .us.

2-3 weeks after this, we get a call from the US Mission. Seems that the original reseller had approved us to be a customer, and they wanted to discuss when we could take delivery of the printer. . . .Apparently, they weren't amused when I emailed them, and told them that it was overcome by events. And in any case, their proffered price was about 10% higher than what we paid. . . .

Do Not Track is back in the US Senate. And this time it means business. As in, fining businesses that stalk you online

SotarrTheWizard
Trollface

Track me all you want. . . .

. . . . for 50% of the gross, not net, revenue you derive from my data. Don't want to pay me ? Zero Tracking.

Giga-hurts radio: Terrorists build Wi-Fi bombs to dodge cops' cellphone jammers

SotarrTheWizard
Mushroom

Re: WiFi Routers can be anywhere; cell towers are generally in fixed locations

. . .and then this shows up in the email today . . .

https://www.westernjournal.com/ct/us-deploys-missiles/

Apparently, there's a repeat-fire capability. . .

SotarrTheWizard
Mushroom

Re: WiFi Routers can be anywhere; cell towers are generally in fixed locations

Actually, there are any number of ways to generate an EMP. Any sufficiently large explosion is the "easy" way, but a one-shot "focused" EMP bomb is apparently possible:

https://science.howstuffworks.com/e-bomb3.htm

. . .which suggests, in turn, that the major powers already have them.

Or, just focus microwaves tightly enough, although that tends to leave signs. . . like cooked meat in the beam path. Alternately, that's a cheap way of training managers, they didn't need those higher brain functions to start with. . . (evil grin)

White House issues Executive Order on cybersecurity, including hacker Hunger Games

SotarrTheWizard
Mushroom

Ever TRY to work for Uncle Sam ??

. . . .the process is lengthy and byzantine. No, you can't use your regular resume or CV. Instead, you have to write a custom document addressing required "KSAs" (Knowledge, Skills, Abilities) for each and every point of the job description. And then wait. In one case, I waited 14 months for a response, got a phone interview, and 6 months after THAT, got an email telling me I was not selected.

All for lousy pay (compared to the private sector), but excellent benefits. Including being effectively layoff-proof. . . .

Oh, and a list of certifications ? Department of Defense has had that for 11 years: why not use theirs ??

All in all, the pain and hassle of putting in for a Federal Job in us.gov is pretty much not worth the payoff. . .

User secures floppies to a filing cabinet with a magnet, but at least they backed up daily... right?

SotarrTheWizard

Now, mind you. . .

. . . . in my younger days, I got REALLY pissed at a particularly stupid user. One who would, for example, complain that the system wasn't working, when they hadn't powered up the box . . .

. . . . so I mounted a inch-long piece of self-adhesive magnet tape just under the slot on the 5 1/4 floppy slot. . . (evil grin)

Uncle Sam charges Julian Assange with conspiracy to commit computer intrusion

SotarrTheWizard
Mushroom

Re: Good

I was always under the impression that Assange was an Australian national.

Also, pardon me for demanding historical accuracy, but the files were leaked by BRADLEY Manning, who later transitioned to being CHELSEA. But was still Bradley at the time. . .

Happy Thursday! 770 MEEELLLION email addresses and passwords found in yuge data breach

SotarrTheWizard

Re: Interesting, but. . .

60 days. high complexity and multifactor. Remember. security is about MANAGING risk. I know you WANT me to use an epic passpoem, detailing the life and works of seven mythical Norse heroes.

But I'm not Bruce Schneier . . .

SotarrTheWizard

Re: Interesting, but. . .

And I rather suspect you work for 1password.com. (grin)

The companies in question sell contact lists in industry, and I **know** that data is compromised, because I get at least one targeted spam a day, and generally more. . .

SotarrTheWizard

Re: Interesting, but. . .

Actually, I'm on a forced 60-day password change cycle with high complexity AND 2-factor authentication.

SotarrTheWizard
Mushroom

Interesting, but. . .

. . . tried my work email on it. Said I was compromised three times. One of them was a 2013 breach. Problem is. that email account was created in late 2015.

The other two are companies I've never heard of, much less created an account with.

And, gee, if I want more details, I have to sign up for their pay service. . . .

I'm thinking of this as maybe 20% informative, 80% Biz dev for their paid product. . .

Welcome to 2019: Your Exchange server can be pwned by an email (and other bugs need fixing)

SotarrTheWizard
Unhappy

Exchange takedown from a single message isn't new. . . .

. . . .it was a different vulnerability, but you could take Exchange down with a single, specially-crafted message, but it was there in 2005.

Automated Weather Source didn't see this cloud coming: Amazon snatches up AWS.com

SotarrTheWizard

Re: Today a domain...

(cue "Pinky and the Brain" theme song. . . )

Hey Jeff, what are we going to do tonight ?

The same thing we do every night, shareholders. . . . Try and Take Over the World!. . .

EU-US Privacy Shield not up to snuff, data tap should be turned off – MEPs

SotarrTheWizard

Perhaps it's a silly question. . .

. . . .but how do EU Laws bind the United States ?

Comcast's mega-outage 'solution'... Have you tried turning your router off and on again?

SotarrTheWizard
Trollface

Re: Running around like chickens?

In other words, as usual, Comcast's "service" has laid an egg. . . .

I've got way too much cash, thinks Jeff Bezos. Hmmm, pay more tax? Pay staff more? Nah, let's just go into space

SotarrTheWizard
Mushroom

Congratulations! (was : Re: I disagree...)

You just repeated the argument against colonizing the New World. Half the point of new worlds, be they continental or planetary, or asteroidal, or, hopefully some day, in another solar system. . . . is a fresh start.

FDISK /MBR and install the OS of your life from scratch, as it were. . .

US mulls drafting gray-haired hackers during times of crisis

SotarrTheWizard
Joke

Service guarantees citizenship. . ..

. . . Would you like to know more ??? (evil grin)

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020