* Posts by SotarrTheWizard

79 posts • joined 14 Jan 2016


Apple was the only Fortune 50 company to foresee COVID-19 pandemic risk and properly insure against it – Forrester


Re: Things we can prevent and things we can't

Long before I did IT, I was a Geologist, at least by training. The Yellowstone Caldera "clock" is an average, as I recall, one of the intervals was ~960K years.

The interesting one is the Continental Glacial Advances, we're still in an Ice Age, and geologically speaking, the next one is due Real Soon Now. Admittedly, that's in a Geologic time frame, which translates to "any time in the next 5-10K years, beginning yesterday. . . "

Which makes the current Solar Minimum of special interest: do we get another "Little Ice Age". . . or a big one. . .


. . .and yet people are freaking over COVID. . .

. . . with an infected death rate of ~0.6%, simply because the overall numbers, while horrible, are constantly being reinforced by personal examples in the media. Yet, compared to the Spanish flu, those are small numbers, and while slightly more deadly than the 1968 Flu Pandemic (H3N2), yet significantly less deadly than the 2009 H1N1 Pandemic.

I suspect that the now ubiquity of the Net and Social media is a big part of that driver . . .

Is it Patch Blues-day for Outlook? Microsoft's email client breaks worldwide, leaves everyone stumped


Effing Micro$oft. . .

. . . .had to uninstall Office. . . then use the M$ Uninstall clue, and steam-clean all of Orifice off my box. Then re-install from DVD. 2 hours wasted. . .

IBM job ad calls for 12 years’ experience with Kubernetes – which is six years old


I've seen worse. . .

. . . like the requirement for 6+ years experience with Windows 2000 Server. . . .in 2001, roughly 18 months after it went RTM. . .

Then again, I've long since given up on HR Staff having IQs above room temperature. . . . in Centigrade. . .

PC printer problems and enraged execs: When the answer to 'Hand over that floppy disk' is 'No'


Re: Ah IT 'managers'

Then there are the other kind. I had a .gov IT manager who was **proud** of the fact that he no longer did anything "technical" on computers. The last time he had done so, he was coding COBOL. . .on punchcards ( this was circa the year 2000)

The girl with the dragnet tattoo: How a TV news clip, Insta snaps, a glimpse of a tat and a T-shirt sold on Etsy led FBI to alleged cop car arsonist


Incidentally, at least in .us. . .

. . . . the FBI has added tattoos, scars, and marks to it's "IAFIS" Fingerprint/ID system. How do I know ?? 15 years ago, I was on the Requirements team, and helped to write the Requirements Traceability and Validation Matrix document.

So, cops using tats for identification has been standard technique in .us for at least 10 years. . .


Re: Tut....kids today....

Considering the stunning naivety of most people, relative to security, much less deception and maskirovka, is this surprising ?

Maersk prepares to lay off the Maidenhead staffers who rescued it from NotPetya super-pwnage


. . .and then companies have the utter gall to complain about lack of employee loyalty. . .

. . . forgetting that what comes around, goes around. . .

Roses are red, IBM is Big Blue. It's out of RSA Conference after coronavirus review: IBMers will not attend infosec event over 'health concerns'


Re: Viruses at conferences

. . .or you had Durex anti-virus. . .

Call us immediately if your child uses Kali Linux, squawks West Mids Police


Re: I told my Dad I use Kali

4 was interesting: layers of a dollhouse. . .


Re: I told my Dad I use Kali

Quite the firewall and intrusion protection. . . or you simply didn't raise privilege enough to access her resources ???


Re: Be a government informer! Betray your family and friends! Fabulous prizes to be won!

Indeed. Ask Libby Hoeler. . .(evil grin)


Re: Be a government informer! Betray your family and friends! Fabulous prizes to be won!

What, it's not the "permanent record that will follow you throughout your life" that my elementary school teachers kept threatening me with ???


Re: Be a government informer! Betray your family and friends! Fabulous prizes to be won!

Well, they're certainly smegging idiots. Probably even have a member of the Rimmer clan on staff. . .

Artful prankster creates Google Maps traffic jams by walking a cartful of old phones around Berlin


Re: Can't stop smiling

Break them up in groups of 5 or less, mount on drones. . . .each hovering ~10-20 meters off the motorway.. . .both sides.

And then send them moving AGAINST traffic. . .

Five years in the clink for super-crook who scammed Google, Facebook out of $120m with fake tech invoices


Hey d00d!!

We lerns gud in Murica!!! And we gots the self-steem awards to prove it!!

(Note: and this is why we homeschooled our children. THEY can read and write, do math, and know actual history. The oldest is the de-facto helpdesk at work: Helldesk comes to HER when they're stumped. Both also code far better than I do. . .)

You leak our secrets? We'll leak your book sales, speech fees – into our coffers: Uncle Sam wins royalties fight against Edward Snowden


Well the obvious solution. . .

. . . is to go check ThePirateBay or other torrent site. I'm sure it's there already. I remember the last time a country tried suppressing a book: the UK banned a book called "Spycatcher", late 1980s.


It eventually, did not succeed. Not that I have much interest in Snowden's book, but all the current actions will do is de-monetize it. . .

US senators green-light recruitment of crack infosec teams, both public and private


Re: Except, of course. . .

. . .some of us already have one. You still wait months for it to "cross over". And if you're particularly lucky. . . .then you get scheduled for a session on The Box.

Which is an order of magnitude MORE joy, because apparently older folks, IT folks, and people with medical issues are nearly impossible to get a solid read on. . . so you get re-scheduled to take it again, a month or three later. . . and it's back to the off-site meeting room in the meantime . . .


Except, of course. . .

. . . . the Federal hiring process is so long and involved, that by the time you get to an interview, it's a year or more later. . .

I can recall finally getting called on a "critical fill" infosec position. . .18 months after applying. . . .

Wake me up before you Gogo ... so I can jump out: Kenyan MP takes on aeroplane flatulence


. . .or not rapidly.

Way back when, I flew jets for the USAF. The FIRST portion of Pilot or Navigator school is Aerospace Physiology. All the lovely things that happen to the human body at altitude. Farting is just the start. And the 8,000 foot cabin altitude of civilian jetliners is easy: military cabins are typically at 10K feet pressure altitude.

We learned, early on, which foods produce the most gas, and more importantly, which ones make you sleepy. And, as part of the training, we did altitude chamber "rides". Trust me, when you re-pressurised to 8-10K after everyone being on oxygen and cabin altitude at 38K, it was enough to gag a maggot. . .

Equifax is going to make you work for that 125 bucks it owes each of you: Biz sneaks out Friday night rule change


Re: Find something wrong? Equifax has a product for that

Not really. I got zapped by the US Gov OMB hack. . . their monitoring and "repair" service is absolutely worthless. But it gives me near-weekly updates on any registered sex offenders within ~20 miles. A feature I neither wanted or needed.

When someone tried to open an account in my name, I got a warning from the BANK, who thought it dodgy. It took a MONTH for the OMB "MyIDCare" to even show the queries.


Re: I know what we can do, call the Consumer Financial Protection Bureau

If you think ***ANY*** President controls the Bureaucracy, I have some shoreline property in Florida to sell you. . .

If you could forget the $125 from Equifax and just take the free credit monitoring, that would be great – FTC

Thumb Down

And now comes the waffling. . .

. . . just got email from Equifax. I now have to PROVE I have Identity Theft protection, or accept theirs. And the payout will, ***SURPRISE** be lower.

To quote:

"Because of the number of individuals who have selected the alternative compensation cash payment, the amount you receive may be substantially less than $125.

Click this box if you want to keep the alternative compensation cash payment. Your payment may be substantially lowered, depending on the number of valid claims filed.

In order to verify your claim, please provide the name of your credit monitoring service that you will have for at least the next six months:"


Well, I accepted the offer in lieu. . . .

. . . so if they don't deliver the bucks as agreed. . . . . isn't it grounds for suing for breach of contract ? With legal fees and triple damages for the non-performance. . . (evil grin)

SpaceX didn't move sat out of impending smash doom because it 'didn't see ESA's messages'


A pity Elon doesn't use spray tan. . . .

. . . . then we could all say. . .


Disgruntled bug-hunter drops Steam zero-day to get back at Valve for refusing him a bounty


Re: after the Microsoft bug bounty initiative.

Hey! My mother was a hamster, and my father smelled of elderberries !!

Now, go taunt Microsoft a second time !!1

You can easily secure America's e-voting systems tomorrow. Use paper – Bruce Schneier


Re: Sure there are potential exploits against paper

I disagree. An election attack can be made via critical nodes. When elections are run at the county level, you need but to merely control the count in critical counties, and delay final results until all non-crtitical results are in. The Commonwealth of Virginia is the exemplar here, in each of the major statewide elections for over 10 years, the voting districts inside the Beltway and in the Tidewater area, all heavily urbanized and the first areas one would expect to report. . . .never do.

The Opposition candidate is always 1-2 points ahead. . . . .and then an hour with no changes, and suddenly Arlington and Hampton Roads report, and BOOM! their candidate pulls ahead by about 5% over the greatest possible margin of error. . . .

It's cynical. but your vote does not count so much as who ***counts*** the votes. . .

Class-action sueball flung at Capital One and GitHub over theft of 106 million folks' details


Re: Question is. . .

That's cute. Assuming any big organization will change without their feet LITERALLY placed in the fire. . .


Question is. . .

. . . .assuming the sueball hits the target, and that we already know the lawyers will eat most of the settlement. . . .

. . . .why bother ? Suing a big corp only enriches the sharks, not the people who actually got damaged. .

Personally, I'm waiting to see if I get **ANY** of my US$125. 'settlement' from Equifax. . . and whether I cash the check. . . . or my estate does. . .

Cloudflare punts far-right hate-hole 8chan off the internet after 30 slayed in US mass shootings


"Rational Gun Control"

. . . are you planning on banning small home shops ? 3-D Printers ? Or Home CNC machines ? You can make a firearm with any of them.

Heck, you can skip down to your local Home Improvement store and get everything you need to make a plethora of weapons, in the plumbing section alone.

Hint: guns are not dangerous: PEOPLE are. Like people on psych meds, and ESPECIALLY people coming off them. SSRI inhibitors are involved on most of the "mass shootings" (i.e. the ones that get air time, and not just J. Random Gangbanger spraying bullets in Da Hood. . . .) in the past few decades.

There are other common factors as well, the most politically incorrect of them being that of the last 23 "mass shooters" in .US (prior to this weekend), 22 grew up in single-parent households. . . .

I'll also note both the rise of "garage guns" in Australia, and the rise of arson as a means of settling scores Down Under. . .

UK PM Johnson spins revolving doors, new digital minister falls through


What, no role for Harriet Jones ??

. . . . MP from Flydale-North ?? :)

Cyberlaw wonks squint at NotPetya insurance smackdown: Should 'war exclusion' clauses apply to network hacks?


Re: cyber equivalent of a Weapon of Mass Destruction

No, those are Weapons of Mass DUH-struction (grin)


Consider the flip side of the argument. . . .

. . . . if a cyber attack is an act of war, then retaliating via armed force is on the table. And the more important question: what is the cyber equivalent of a Weapon of Mass Destruction ???

Low Barr: Don't give me that crap about security, just put the backdoors in the encryption, roars US Attorney General


What was that ripping sound ??

"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

- 4th Amendment to the United States Constitution

Get a warrant, Barr, otherwise sod off. . . .

Train maker's coder goes loco, choo-choo-chooses to flee to China with top-secret code – allegedly


Re: "US train makers have a long experience in such kind of transport"

Question is, is a new model of train required ? If you've optimized a basic model, most upgrades (like electronics) are bolt-on additions, and can be upgraded as required.

Last numbers I've seen have North American freight traffic a~9 times the tonnage of EU traffic, over a significantly larger footprint. And yet we have a system that works well enough that freight train accidents are memorable events.

Stop us if you've heard this one: US government staff wildly oblivious to basic computer, info security safeguards


Re: How about Congress?

. . .probably because Infernal Revenue relies on positively ancient mainframes. . . . pre-Net era. Really.. .

Freaking out about fiendish IoT exploits? Maybe disable telnet, FTP and change that default password first?


Years ago. . .

. . . a friend was holding a house-warming party, the week before Christmas. Her DSL hadn't been connected yet, **AND** this was an audience of geeks. So, out of 10 singles and couples, we had 7 laptops.

We went searching for open access points. . . .and found 20+. Every single one either admin/admin or admin/password. And most had Win9x or XP PCs behind them, also wide open.

So we locked down all the networks, and left a note on the desktop of all the PCs, from "Santa's Elves", with the new username and password for the wireless routers.

Apparently, the next day, it was the talk of the neighborhood. . .

Hacking these medical pumps is as easy as copying a booby-trapped file over the network


Honestly, at least in .us. .

. . . .you CAN'T secure medical kit. Changing the software requires a vendor to TOTALLY re-accredit the kit and any software.

. . .which is why, at the hospital my eldest daughter worked at, the password for EVERY SINGLE MEDICAL DEVICE was. . . "password" . . .

Could you just pop into the network room and check- hello? The Away Team. They're... gone


Ah, memories. . .

. . . .the time: 1998

The place: Capitol College, Lanham, MD (just north of DC)

I was teaching a course to develop the first set of Windows Admins/Engineers for a large, unspecified Federal Agency in the Fort Meade, Maryland, vicinity.

Part of this was A+, part was Windows NT4 MCSE, and part was Linux and Cisco.

I jokingly referred to "magic smoke" being the key to computing. One of the students demanded I show them some "magic smoke".

Luckily, we were in the lab, I had a whole stack of discarded AMD K2 motherboards, and a number of variable power supplies.

Wired it up. set the 5 volt feed to 30 volts, and the 12 volt feed to 75 volts. Inside of 5 seconds, hilarity ensued. Capacitors were popping with little bursts of flame and large bursts of. . . "magic smoke".

But as I was pointing out the "magic smoke" to the class, I had neglected to power down the supplies.

And someone asks, "Is the CPU supposed to do that ?".

I take a look back at the mobo, and the CPU has deformed about half an inch. . . and suddenly BANG, burst of flame. . . and no CPU. Well, at least on the mobo: it had embedded its' remains in the ceiling, 10 feet above.

Now, **THAT'S** entertainment. . .

Senator: US govt staff may be sending their smartphone web traffic 'wrapped in a bow' to Russia, China via VPNs


So why do PUBLIC servants. . .

. . . use a VPN to hide their traffic on GOVERNMENT-issued phones ?? Personal, no worries. But their issued phones ??

If servers go down but no one hears them, did they really fail? Think about it over lunch


This happened to me, sort of, late 1990s . .

. . . . .but the blame is purely on the manufacturer. They shall remain nameless, but it was a top-of-the-line LaserJet 5. We checked that it could handle 220, spec said it was 110/220.

What PrintZilla ***didn't*** say was, the 110V was one stock number, and the 220V was a separate stock number. And you couldn't buy the 220 version in North America, where we sourced everything else (all of which was dead easy to change over, flip the switch on the back of the Power Supply, and locally source the power cords to match local outlet configuration. . .)

We had to re-pack and ship the 110 version back to the States.

But the story does not end there. We were doing the install at HQ NATO. So, we called *(redacted)* Belgium, asked who their local resellers were. They named a company whose nearest office was in Antwerp, and another whose office was, conveniently, right next store to the US Support Activity. And we even had an account with them.

Or so we thought. I make a call, half in English and the rest in French, for an appointment the next morning. I get there. . . and they hand me an application form to become a customer. I was told to fill it out, and they'd get back to us in 4-6 weeks. I told them, that I needed to buy a printer now, and pulled out a wad of cash, ~180,000 Belgian Francs. Got told they didn't accept cash payments. Pointed out we already had an account in .us. Was informed that the .us was a different organization, and we needed to be an approved customer of **theirs**. I walked out.

Grabbed the Pages Jeune, and started calling companies that had HP logos in their ads. About a third, 10 or so, had the printer we wanted in stock. I got a name, a voice number, and a fax number.

Got a list of vendors, made a standard bid request. Model XYZ printer, with accessories A and B, for cash, delivered to HQ NATO C/o my employer's Company and the US Mission. Best price, taxes and delivery included, reply by fax with bid NLT 1400, Friday (this was a Tuesday afternoon).

Got one bid on Wednesday, after lunch. And then nothing. Called the outfit that bid on Friday at 1410, and we arranged delivery and payment for Monday morning. Easy peasy, installed as per the book, no circuits popping. Up and running by COB.

Rest of the network install continued over the next two weeks. But two weeks after we sent out the bid, a second company responded, with a much higher price, and delivery in 20-30 days. Ignored it. Next morning, the guy called, and asked when we could work payment for his bid.

I pointed out that bidding had closed ~10 days prior, someone had been selected, the printer paid for AND INSTALLED for a week-plus.

Guy flips out, did we not know who he was, he would complain to NATO, I pointed out that NATO wasn't buying it, a private US company was, supporting an activity based in the Pentagon. He said he would complain to the Ambassador. I gave him the Embassy switchboard number and wished him luck. . (turns out he had done this before, the Embassy had him on their "cranks" list. . .). The next day, the team flew back to .us.

2-3 weeks after this, we get a call from the US Mission. Seems that the original reseller had approved us to be a customer, and they wanted to discuss when we could take delivery of the printer. . . .Apparently, they weren't amused when I emailed them, and told them that it was overcome by events. And in any case, their proffered price was about 10% higher than what we paid. . . .

Do Not Track is back in the US Senate. And this time it means business. As in, fining businesses that stalk you online


Track me all you want. . . .

. . . . for 50% of the gross, not net, revenue you derive from my data. Don't want to pay me ? Zero Tracking.

Giga-hurts radio: Terrorists build Wi-Fi bombs to dodge cops' cellphone jammers


Re: WiFi Routers can be anywhere; cell towers are generally in fixed locations

. . .and then this shows up in the email today . . .


Apparently, there's a repeat-fire capability. . .


Re: WiFi Routers can be anywhere; cell towers are generally in fixed locations

Actually, there are any number of ways to generate an EMP. Any sufficiently large explosion is the "easy" way, but a one-shot "focused" EMP bomb is apparently possible:


. . .which suggests, in turn, that the major powers already have them.

Or, just focus microwaves tightly enough, although that tends to leave signs. . . like cooked meat in the beam path. Alternately, that's a cheap way of training managers, they didn't need those higher brain functions to start with. . . (evil grin)

White House issues Executive Order on cybersecurity, including hacker Hunger Games


Ever TRY to work for Uncle Sam ??

. . . .the process is lengthy and byzantine. No, you can't use your regular resume or CV. Instead, you have to write a custom document addressing required "KSAs" (Knowledge, Skills, Abilities) for each and every point of the job description. And then wait. In one case, I waited 14 months for a response, got a phone interview, and 6 months after THAT, got an email telling me I was not selected.

All for lousy pay (compared to the private sector), but excellent benefits. Including being effectively layoff-proof. . . .

Oh, and a list of certifications ? Department of Defense has had that for 11 years: why not use theirs ??

All in all, the pain and hassle of putting in for a Federal Job in us.gov is pretty much not worth the payoff. . .

User secures floppies to a filing cabinet with a magnet, but at least they backed up daily... right?


Now, mind you. . .

. . . . in my younger days, I got REALLY pissed at a particularly stupid user. One who would, for example, complain that the system wasn't working, when they hadn't powered up the box . . .

. . . . so I mounted a inch-long piece of self-adhesive magnet tape just under the slot on the 5 1/4 floppy slot. . . (evil grin)

Uncle Sam charges Julian Assange with conspiracy to commit computer intrusion


Re: Good

I was always under the impression that Assange was an Australian national.

Also, pardon me for demanding historical accuracy, but the files were leaked by BRADLEY Manning, who later transitioned to being CHELSEA. But was still Bradley at the time. . .

Happy Thursday! 770 MEEELLLION email addresses and passwords found in yuge data breach


Re: Interesting, but. . .

60 days. high complexity and multifactor. Remember. security is about MANAGING risk. I know you WANT me to use an epic passpoem, detailing the life and works of seven mythical Norse heroes.

But I'm not Bruce Schneier . . .


Re: Interesting, but. . .

And I rather suspect you work for 1password.com. (grin)

The companies in question sell contact lists in industry, and I **know** that data is compromised, because I get at least one targeted spam a day, and generally more. . .


Re: Interesting, but. . .

Actually, I'm on a forced 60-day password change cycle with high complexity AND 2-factor authentication.



Biting the hand that feeds IT © 1998–2020