. . .and then companies have the utter gall to complain about lack of employee loyalty. . .
. . . forgetting that what comes around, goes around. . .
Posts by SotarrTheWizard
72 posts • joined 14 Jan 2016
Maersk prepares to lay off the Maidenhead staffers who rescued it from NotPetya super-pwnage
Roses are red, IBM is Big Blue. It's out of RSA Conference after coronavirus review: IBMers will not attend infosec event over 'health concerns'
Call us immediately if your child uses Kali Linux, squawks West Mids Police
Artful prankster creates Google Maps traffic jams by walking a cartful of old phones around Berlin
Five years in the clink for super-crook who scammed Google, Facebook out of $120m with fake tech invoices
Monday 23rd December 2019 12:23 GMT
Hey d00d!!
We lerns gud in Murica!!! And we gots the self-steem awards to prove it!!
(Note: and this is why we homeschooled our children. THEY can read and write, do math, and know actual history. The oldest is the de-facto helpdesk at work: Helldesk comes to HER when they're stumped. Both also code far better than I do. . .)
You leak our secrets? We'll leak your book sales, speech fees – into our coffers: Uncle Sam wins royalties fight against Edward Snowden
Friday 20th December 2019 11:45 GMT
Well the obvious solution. . .
. . . is to go check ThePirateBay or other torrent site. I'm sure it's there already. I remember the last time a country tried suppressing a book: the UK banned a book called "Spycatcher", late 1980s.
https://en.wikipedia.org/wiki/Spycatcher
It eventually, did not succeed. Not that I have much interest in Snowden's book, but all the current actions will do is de-monetize it. . .
US senators green-light recruitment of crack infosec teams, both public and private
Monday 30th September 2019 11:20 GMT
Re: Except, of course. . .
. . .some of us already have one. You still wait months for it to "cross over". And if you're particularly lucky. . . .then you get scheduled for a session on The Box.
Which is an order of magnitude MORE joy, because apparently older folks, IT folks, and people with medical issues are nearly impossible to get a solid read on. . . so you get re-scheduled to take it again, a month or three later. . . and it's back to the off-site meeting room in the meantime . . .
Wake me up before you Gogo ... so I can jump out: Kenyan MP takes on aeroplane flatulence
Monday 16th September 2019 11:01 GMT
. . .or not rapidly.
Way back when, I flew jets for the USAF. The FIRST portion of Pilot or Navigator school is Aerospace Physiology. All the lovely things that happen to the human body at altitude. Farting is just the start. And the 8,000 foot cabin altitude of civilian jetliners is easy: military cabins are typically at 10K feet pressure altitude.
We learned, early on, which foods produce the most gas, and more importantly, which ones make you sleepy. And, as part of the training, we did altitude chamber "rides". Trust me, when you re-pressurised to 8-10K after everyone being on oxygen and cabin altitude at 38K, it was enough to gag a maggot. . .
Equifax is going to make you work for that 125 bucks it owes each of you: Biz sneaks out Friday night rule change
Tuesday 10th September 2019 11:20 GMT
Re: Find something wrong? Equifax has a product for that
Not really. I got zapped by the US Gov OMB hack. . . their monitoring and "repair" service is absolutely worthless. But it gives me near-weekly updates on any registered sex offenders within ~20 miles. A feature I neither wanted or needed.
When someone tried to open an account in my name, I got a warning from the BANK, who thought it dodgy. It took a MONTH for the OMB "MyIDCare" to even show the queries.
If you could forget the $125 from Equifax and just take the free credit monitoring, that would be great – FTC
Sunday 8th September 2019 01:57 GMT 
And now comes the waffling. . .
. . . just got email from Equifax. I now have to PROVE I have Identity Theft protection, or accept theirs. And the payout will, ***SURPRISE** be lower.
To quote:
"Because of the number of individuals who have selected the alternative compensation cash payment, the amount you receive may be substantially less than $125.
Click this box if you want to keep the alternative compensation cash payment. Your payment may be substantially lowered, depending on the number of valid claims filed.
In order to verify your claim, please provide the name of your credit monitoring service that you will have for at least the next six months:"
SpaceX didn't move sat out of impending smash doom because it 'didn't see ESA's messages'
Disgruntled bug-hunter drops Steam zero-day to get back at Valve for refusing him a bounty
You can easily secure America's e-voting systems tomorrow. Use paper – Bruce Schneier
Monday 12th August 2019 12:31 GMT
Re: Sure there are potential exploits against paper
I disagree. An election attack can be made via critical nodes. When elections are run at the county level, you need but to merely control the count in critical counties, and delay final results until all non-crtitical results are in. The Commonwealth of Virginia is the exemplar here, in each of the major statewide elections for over 10 years, the voting districts inside the Beltway and in the Tidewater area, all heavily urbanized and the first areas one would expect to report. . . .never do.
The Opposition candidate is always 1-2 points ahead. . . . .and then an hour with no changes, and suddenly Arlington and Hampton Roads report, and BOOM! their candidate pulls ahead by about 5% over the greatest possible margin of error. . . .
It's cynical. but your vote does not count so much as who ***counts*** the votes. . .
Class-action sueball flung at Capital One and GitHub over theft of 106 million folks' details
Monday 5th August 2019 15:58 GMT
Question is. . .
. . . .assuming the sueball hits the target, and that we already know the lawyers will eat most of the settlement. . . .
. . . .why bother ? Suing a big corp only enriches the sharks, not the people who actually got damaged. .
Personally, I'm waiting to see if I get **ANY** of my US$125. 'settlement' from Equifax. . . and whether I cash the check. . . . or my estate does. . .
Cloudflare punts far-right hate-hole 8chan off the internet after 30 slayed in US mass shootings
Monday 5th August 2019 17:34 GMT
"Rational Gun Control"
. . . are you planning on banning small home shops ? 3-D Printers ? Or Home CNC machines ? You can make a firearm with any of them.
Heck, you can skip down to your local Home Improvement store and get everything you need to make a plethora of weapons, in the plumbing section alone.
Hint: guns are not dangerous: PEOPLE are. Like people on psych meds, and ESPECIALLY people coming off them. SSRI inhibitors are involved on most of the "mass shootings" (i.e. the ones that get air time, and not just J. Random Gangbanger spraying bullets in Da Hood. . . .) in the past few decades.
There are other common factors as well, the most politically incorrect of them being that of the last 23 "mass shooters" in .US (prior to this weekend), 22 grew up in single-parent households. . . .
I'll also note both the rise of "garage guns" in Australia, and the rise of arson as a means of settling scores Down Under. . .
UK PM Johnson spins revolving doors, new digital minister falls through
Cyberlaw wonks squint at NotPetya insurance smackdown: Should 'war exclusion' clauses apply to network hacks?
Low Barr: Don't give me that crap about security, just put the backdoors in the encryption, roars US Attorney General
Wednesday 24th July 2019 11:20 GMT
What was that ripping sound ??
"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."
- 4th Amendment to the United States Constitution
Get a warrant, Barr, otherwise sod off. . . .
Train maker's coder goes loco, choo-choo-chooses to flee to China with top-secret code – allegedly
Friday 12th July 2019 11:10 GMT
Re: "US train makers have a long experience in such kind of transport"
Question is, is a new model of train required ? If you've optimized a basic model, most upgrades (like electronics) are bolt-on additions, and can be upgraded as required.
Last numbers I've seen have North American freight traffic a~9 times the tonnage of EU traffic, over a significantly larger footprint. And yet we have a system that works well enough that freight train accidents are memorable events.
Stop us if you've heard this one: US government staff wildly oblivious to basic computer, info security safeguards
Freaking out about fiendish IoT exploits? Maybe disable telnet, FTP and change that default password first?
Tuesday 18th June 2019 11:52 GMT 
Years ago. . .
. . . a friend was holding a house-warming party, the week before Christmas. Her DSL hadn't been connected yet, **AND** this was an audience of geeks. So, out of 10 singles and couples, we had 7 laptops.
We went searching for open access points. . . .and found 20+. Every single one either admin/admin or admin/password. And most had Win9x or XP PCs behind them, also wide open.
So we locked down all the networks, and left a note on the desktop of all the PCs, from "Santa's Elves", with the new username and password for the wireless routers.
Apparently, the next day, it was the talk of the neighborhood. . .
Hacking these medical pumps is as easy as copying a booby-trapped file over the network
Could you just pop into the network room and check- hello? The Away Team. They're... gone
Friday 7th June 2019 14:54 GMT
Ah, memories. . .
. . . .the time: 1998
The place: Capitol College, Lanham, MD (just north of DC)
I was teaching a course to develop the first set of Windows Admins/Engineers for a large, unspecified Federal Agency in the Fort Meade, Maryland, vicinity.
Part of this was A+, part was Windows NT4 MCSE, and part was Linux and Cisco.
I jokingly referred to "magic smoke" being the key to computing. One of the students demanded I show them some "magic smoke".
Luckily, we were in the lab, I had a whole stack of discarded AMD K2 motherboards, and a number of variable power supplies.
Wired it up. set the 5 volt feed to 30 volts, and the 12 volt feed to 75 volts. Inside of 5 seconds, hilarity ensued. Capacitors were popping with little bursts of flame and large bursts of. . . "magic smoke".
But as I was pointing out the "magic smoke" to the class, I had neglected to power down the supplies.
And someone asks, "Is the CPU supposed to do that ?".
I take a look back at the mobo, and the CPU has deformed about half an inch. . . and suddenly BANG, burst of flame. . . and no CPU. Well, at least on the mobo: it had embedded its' remains in the ceiling, 10 feet above.
Now, **THAT'S** entertainment. . .
Senator: US govt staff may be sending their smartphone web traffic 'wrapped in a bow' to Russia, China via VPNs
If servers go down but no one hears them, did they really fail? Think about it over lunch
Tuesday 28th May 2019 11:12 GMT 
This happened to me, sort of, late 1990s . .
. . . . .but the blame is purely on the manufacturer. They shall remain nameless, but it was a top-of-the-line LaserJet 5. We checked that it could handle 220, spec said it was 110/220.
What PrintZilla ***didn't*** say was, the 110V was one stock number, and the 220V was a separate stock number. And you couldn't buy the 220 version in North America, where we sourced everything else (all of which was dead easy to change over, flip the switch on the back of the Power Supply, and locally source the power cords to match local outlet configuration. . .)
We had to re-pack and ship the 110 version back to the States.
But the story does not end there. We were doing the install at HQ NATO. So, we called *(redacted)* Belgium, asked who their local resellers were. They named a company whose nearest office was in Antwerp, and another whose office was, conveniently, right next store to the US Support Activity. And we even had an account with them.
Or so we thought. I make a call, half in English and the rest in French, for an appointment the next morning. I get there. . . and they hand me an application form to become a customer. I was told to fill it out, and they'd get back to us in 4-6 weeks. I told them, that I needed to buy a printer now, and pulled out a wad of cash, ~180,000 Belgian Francs. Got told they didn't accept cash payments. Pointed out we already had an account in .us. Was informed that the .us was a different organization, and we needed to be an approved customer of **theirs**. I walked out.
Grabbed the Pages Jeune, and started calling companies that had HP logos in their ads. About a third, 10 or so, had the printer we wanted in stock. I got a name, a voice number, and a fax number.
Got a list of vendors, made a standard bid request. Model XYZ printer, with accessories A and B, for cash, delivered to HQ NATO C/o my employer's Company and the US Mission. Best price, taxes and delivery included, reply by fax with bid NLT 1400, Friday (this was a Tuesday afternoon).
Got one bid on Wednesday, after lunch. And then nothing. Called the outfit that bid on Friday at 1410, and we arranged delivery and payment for Monday morning. Easy peasy, installed as per the book, no circuits popping. Up and running by COB.
Rest of the network install continued over the next two weeks. But two weeks after we sent out the bid, a second company responded, with a much higher price, and delivery in 20-30 days. Ignored it. Next morning, the guy called, and asked when we could work payment for his bid.
I pointed out that bidding had closed ~10 days prior, someone had been selected, the printer paid for AND INSTALLED for a week-plus.
Guy flips out, did we not know who he was, he would complain to NATO, I pointed out that NATO wasn't buying it, a private US company was, supporting an activity based in the Pentagon. He said he would complain to the Ambassador. I gave him the Embassy switchboard number and wished him luck. . (turns out he had done this before, the Embassy had him on their "cranks" list. . .). The next day, the team flew back to .us.
2-3 weeks after this, we get a call from the US Mission. Seems that the original reseller had approved us to be a customer, and they wanted to discuss when we could take delivery of the printer. . . .Apparently, they weren't amused when I emailed them, and told them that it was overcome by events. And in any case, their proffered price was about 10% higher than what we paid. . . .
Do Not Track is back in the US Senate. And this time it means business. As in, fining businesses that stalk you online
Giga-hurts radio: Terrorists build Wi-Fi bombs to dodge cops' cellphone jammers
Monday 20th May 2019 11:22 GMT
Re: WiFi Routers can be anywhere; cell towers are generally in fixed locations
Actually, there are any number of ways to generate an EMP. Any sufficiently large explosion is the "easy" way, but a one-shot "focused" EMP bomb is apparently possible:
https://science.howstuffworks.com/e-bomb3.htm
. . .which suggests, in turn, that the major powers already have them.
Or, just focus microwaves tightly enough, although that tends to leave signs. . . like cooked meat in the beam path. Alternately, that's a cheap way of training managers, they didn't need those higher brain functions to start with. . . (evil grin)
White House issues Executive Order on cybersecurity, including hacker Hunger Games
Monday 6th May 2019 11:08 GMT
Ever TRY to work for Uncle Sam ??
. . . .the process is lengthy and byzantine. No, you can't use your regular resume or CV. Instead, you have to write a custom document addressing required "KSAs" (Knowledge, Skills, Abilities) for each and every point of the job description. And then wait. In one case, I waited 14 months for a response, got a phone interview, and 6 months after THAT, got an email telling me I was not selected.
All for lousy pay (compared to the private sector), but excellent benefits. Including being effectively layoff-proof. . . .
Oh, and a list of certifications ? Department of Defense has had that for 11 years: why not use theirs ??
All in all, the pain and hassle of putting in for a Federal Job in us.gov is pretty much not worth the payoff. . .
User secures floppies to a filing cabinet with a magnet, but at least they backed up daily... right?
Friday 12th April 2019 11:04 GMT
Now, mind you. . .
. . . . in my younger days, I got REALLY pissed at a particularly stupid user. One who would, for example, complain that the system wasn't working, when they hadn't powered up the box . . .
. . . . so I mounted a inch-long piece of self-adhesive magnet tape just under the slot on the 5 1/4 floppy slot. . . (evil grin)
Uncle Sam charges Julian Assange with conspiracy to commit computer intrusion
Happy Thursday! 770 MEEELLLION email addresses and passwords found in yuge data breach
Thursday 17th January 2019 12:18 GMT
Interesting, but. . .
. . . tried my work email on it. Said I was compromised three times. One of them was a 2013 breach. Problem is. that email account was created in late 2015.
The other two are companies I've never heard of, much less created an account with.
And, gee, if I want more details, I have to sign up for their pay service. . . .
I'm thinking of this as maybe 20% informative, 80% Biz dev for their paid product. . .
Welcome to 2019: Your Exchange server can be pwned by an email (and other bugs need fixing)
Automated Weather Source didn't see this cloud coming: Amazon snatches up AWS.com
EU-US Privacy Shield not up to snuff, data tap should be turned off – MEPs
Comcast's mega-outage 'solution'... Have you tried turning your router off and on again?
I've got way too much cash, thinks Jeff Bezos. Hmmm, pay more tax? Pay staff more? Nah, let's just go into space
Friday 4th May 2018 12:06 GMT
Congratulations! (was : Re: I disagree...)
You just repeated the argument against colonizing the New World. Half the point of new worlds, be they continental or planetary, or asteroidal, or, hopefully some day, in another solar system. . . . is a fresh start.
FDISK /MBR and install the OS of your life from scratch, as it were. . .
