* Posts by Mahhn

278 publicly visible posts • joined 9 Mar 2016


Microsoft bigwig says the Feds catching Chinese spies in Exchange Online is the cloud working as intended


Re: I was expecting the upsell

yep, takes defender to monitor the pathetic old Kerber roasting and pass the hash of their 40+ year old authentication that has so many holes it requires special monitoring and even then, pfft exploit after exploit just walk right up. There is no Innovation at MS, just rehash and add more to menus. It's still running the same lame code with CMD and CSV as its foundation.

Chinese telco gear may become verboten on German networks


and since XI wants the equipment is place for a solid spy backboke, if it cost 500B to make and they sell it for $500 euro, they still got what they wanted - to infiltrate. Hard to beat that kind of infrastructure attack.

UnitedHealth CEO: 'Decision to pay ransom was mine'


Re: Citrix multifactor authentication already hacked

Most likely (most often) data is exfiltrated over days, during regular and peak web use (a company of thousands of systems bandwidth, 51GB is a drop in the bucket) so yes the data could get out un-noticed.

Feds finally decide to do something about years-old SS7 spy holes in phone networks


nobody will fix anything

if they fixed stuff it would hurt spying, it would hurt criminals spoofing. So no, nothing will happen.

On the bright side, you can do what I did - I gave up owning a phone 8 years ago. I live Infront of a dam PC for work, who needs a phone (no tv for over 20 years, total crap that is, more commercials than entertainment)

I'm just working until I die, trying to avoid unnecessary aggravation along the way.

NASA awards $150 million to prototype tech for humans on the Moon, and above it


Re: H3

I was sharing the estimated value, that is all. And that was from years ago.


Re: H3


"The value of helium-3 on the Moon at current prices would be $1.543 quadrillion. "

Can noise-cancelling buds beat headphones? We spent 20 hours flying to find out


Game on

I picked up some JBL Quantum 800 headphones 3 years ago for gaming and music. Brought them on a flight to test noise canceling on the plane - I take them every time now. Just amazing.

I'm a tall guy, so it was important to me they don't squeeze my head, and they don't. They use of wifi and BT at the same time is pretty cool. And they have a button to turn NCC off and on without taking them off, if you want to keep listening but hear people talk. Looks like they have been superseded by the 810

Microsoft is busy rewriting core Windows code in memory-safe Rust


Re: "I expect Microsoft to reuse the existing compiler"

that has always driven me crazy. WTF was MS thinking to put gaming software on and by default turned on and Enterprise OS. Its like, they thought - hmm this is not exploitable enough, lets put something on these to make businesses IT staff scream.

How fiends abuse an out-of-date Microsoft Windows driver to infect victims


Re: I still blame MS for the problem

I think of the "trust but verify" as a pathetic attempt to sound nice, and not say Zero Trust, which is the only way. I don't trust people apps or hardware. But we have to allow just enough leash for work to get done, but keep it tight enough to keep the dog from running into traffic. Inspecting the leash, dog and environment non-stop. Gad I hope I live long enough to retire and be normal (stupid and happy).

Psst! Infosec bigwigs: Wanna be head of security at HM Treasury for £50k?


The results will be

Only three types of people will take this job;

1. Retired IT person that is board and wants to get out of the house.

2. Underqualified person that will use it as a stepping stone for 6 months while trying not to get fired.

3. A criminal that will be creating and selling back doors, that won't be outed for years.

Oh wait, there is option 4, use a human service program for an offended group, and give them a job they have no skills for so they can tell the world they are doing good - while really setting up the person, position and tech to fail. nope, this is option 2.

Belgium says Chinese cyber gangs attacked its government and military


Belgium peaking with caution

Because if Xi gets offended, he will replace the government of the Chinese province called Belgium.

Calls for bans on Chinese CCTV makers Hikvision, Dahua expand


Re: All Chinese CCTV systems connect back to China

maybe because china is the only country that locked up over a million people for their land, has been selling their Hair (well documented) and other parts - look it up. This isn't some insane historical thing from hundreds or thousands of years ago - it is right now.

NSO claims 'more than 5' EU states use Pegasus spyware


How many good people

I'd like to know how many good people (journalist, human rights advocates) were murdered by these governments due to this software enabling the corrupt governments to hunt down those that would expose them.

If any software has earned this name, it is Pegasus; 'Murderware"


Re: I don't understand

Great post!

Google has more reasons why it doesn't like antitrust law that affects Google


Re: While I applaud the Democrats

You are correct, it is normal for them not to read the bills.

As the famous quote goes from Nancy P "we have to pass it to see what's in it"

which really means,,, it's a stool sample.


Re: While I applaud the Democrats

Reminds me of the Patriot Act, that removed the right to a hearing of any kind if "suspected" of X. Should have been called the vanishing law.

China offering ten nations help to run their cyber-defenses and networks


It's not about profit to china, it's about control. Currency cost is of little to no issue.

It is public information that over 30 years ago china started their task of taking over the globe through financial means, until other resources are needed. It's been working pretty well, less those pesky westerners not always selling out.

Info-saturated techie builds bug alert service that phones you to warn of new vulns


Re: Reader

That's being set up for failure and low moral. Nobody should be put in that place.

Treat yourself better than they do, offer a solution (staffing) with a "there arn't worse jobs out there" or "I can't watch the place burn down anymore, it's to hot in here" type notice. You deserve better.

Microsoft previews $3-a-user Defender for small biz types


So nice of them

to go from Free to $3 a month/ $36 a year, for a product with 0 support, is silly at best. Better rated products in the same price range abound.

There are far better options than having a chicken guard the hen house.

Google to auto-enroll 150m users, 2m YouTubers with two-factor authentication


2SV = Two Step Viper (Ventrure bros)

Sorry goog, you can't have my phone number, since I don't have one of my own (carry a work phone). You can have the Email back and youtube is as much commercials as it is anything - heck I remember watching things on YT to avoid commercials, back in the day lol.

All good things come to an end.

Thanks for the heads up Reg, I'm backing up my address book today to avoid loosing contacts :)

Apple warns of arbitrary code execution zero-day being actively exploited on Macs


with the old free version of BlackIce firewall configured well, it wasn't to bad.

Zoom's $15bn merger with Five9 probed by Uncle Sam for national security risks


Re: Not a problem for us..

Thank you


Re: Not a problem for us..

You got me interested, I reviewed their pages to see if it can replace zoom, but it seams focused on mobile apps. Two conflicting pages on the desktop - one says they stopped developing it, another says its supported - so idk. I'd love to dump zoom, but this looks more like a dev toy than a common video chat. Maybe if they decide to make money it will mature into something to replace the CCP spyware.

Stop worrying that crims could break the 'net, say cyber-diplomats – only nations have tried


Badges? we don't need no stinking badges.

" warfare needs rules"

Yeah, good luck with that. Should we hand out blankets and hot coco to everyone involved? (SouthPark - InSecurity)

Bangkok Airways hit by LockBit ransomware attack, loses lotsa data after refusing to pay


Re: Don't mess with Dr Prasert

I hope he doesn't worry about nationality, and just feeds the fish.

United Nations calls for moratorium on sale of surveillance tech like NSO Group's Pegasus


only way

Sadly, the only way to truly avoid digital surveillance/data harvesting for abuse, it to not use the internet and avoid being logged (no medical help, no property, no public or registered transportation.) pretty much a cave man. And even then you will be a counted statistic.

Windows 11 comes bearing THAAS, Trojan Horse as a service


Is it to kill PC gaming - to drive people to xbox?

Feels like MS is at war with PC gamers. Over bloat an OS so bad with what you would expect are add in apps that you might turn off during gaming, but if you can't turn it off - is it really our PC or MS's and we are allowed to use what they want us to, not what we want to?

I've been waiting 20 for linux to be top for gaming, and it still isn't. Clearly MS has zero interest and wants to push people to xbox. Maybe someone can carve out a stripped version of 11, like the PE installs, I don't need to print, join a domain, my firewall is at the edge, don't even want default AV or any browser.

I know, I'm asking for a low profit, highly desired unicorn, but a guy can dream.

India orders takedowns of social media posts it claims harm fight against raging COVID-19 outbreak


Re: Miracle Mineral Supplement

Reading that is perplexing legally, as they apparently sold millions worth, and it is supposedly dangerous, so much it reads like it would kill someone instantly. But they aren't being charged with causing anyone harm, just disobeying a request to stop selling it. Also this, https://www.cdc.gov/healthywater/drinking/public/water_disinfection.html

Microsoft president asks Congress to force private-sector orgs to admit when they've been hacked


Re: MS has no room to talk

I did eventually end up with a way to report it and they took the malware down. It was though a different address. But thank you for posting a way also.

Searching on their site for "report abuse" (among others) should get more than xbox results though.


MS has no room to talk

Just this morning I went to report to MS that we received a phishing Email with a link to "malware hosted on their dynamics.com domain."

There is literally no way to report it. Even called them, unless I would give them an account number, they didn't care.

MS needs to get their cranium out of their donkey before they tell anyone else to be responsible.

In wake of Apple privacy controls, Facebook mulls just begging its iOS app users to let it track them over the web


Alternative - no app needed for FB

Run your mobile browser in Desktop mode for the FB website, then there is no need for the app.

You can even use the IM just like on a desktop.

fyi - Location tracking, if you disable it "you" don't see the reports anymore, they are still generated for the customers that pay for them.

United States Congress stormed by violent followers of defeated president, Biden win confirmation halted


Re: ...and where exactly do you live in the US?

"What about the Americans that can't afford good insurance?" Didn't obomba fixed that years ago - Oboma Care

Recent figures say something like 30% of Americans are in medical debt - Insurance is a scam in the US, and always has been. Making them mandatory (oboma) drove their profits up higher, and hurt people more. You might have to live it to understand it.

But yeah, our insurance scam called healthcare sucks.

Ad-scamming, login-stealing Windows malware is hitting Chrome, Edge, Firefox, Yandex browsers, says Microsoft


UN-bundled goodness

"Microsoft says~~~ And it advises those who find the malware on their system to reinstall their browser."

Well it's a pretty darn good thing that MS was required by governments to UN-bundled IE to the OS, or everyone effected would have to reinstall windows and not just their browser.

Privacy campaigner flags concerns about Microsoft's creepy Productivity Score


"Your daily briefing" Unauthorized data access

Like most offices we use MS Office products. This "productivity tool" raised a lot of red flags at our business when it started self generating Email to the people with the "Your daily briefing" crap. Since all our external Email is Tagged, and this didn't have that tag, and came from nobody - you caused concern by implimenting these apps without permission. If one of our sys admin had done this without a Change Control there would be trouble. I wish I could punish you MS, at least charge you for wasting my, and our users time.

Microsoft - we, the administrators like to make decisions about the tools on our network. We do not approve of you simply enabling such invasive tools without our explicit permission, and understanding. This harvesting of data in what should be a 0 trust environment is very concerning.

This isn't some free service like google where all data is expected to be harvested for marketing purposes, this is supposed to be a secure environment.

We are offended, and it will reflect in our product choices, since paying you for a product isn't enough, you need to steal data we have not authorized you to, regardless of PII being stripped - it came from our company without our permission.

Ticketmaster: We're not liable for credit card badness because the hack straddled GDPR day


Re: CC cancelled

to bad they cancelled it right off and didn't just block the charge, but at least they took some action and didn't let charges build up, and have to deal with that.

Still would have been nice if they notified you when they cancelled it - before you had to deal with being declined and having to call them.


CC cancelled

Couldn't he call his CC company and have them re-activate it and just left the clearly fraudulent Ticketmaster charge blocked? Sounds like "his" particular issue is with the CC company. (I'm reading this story as 2 parts, the problem he had, and the overall Ticketmaster response)

Apple's global security boss accused of bribing cops with 200 free iPads in exchange for concealed gun permits


Re: Concealed?

Explanation; Some states (where I live) allow anyone qualified (FFA background, no legal restrictions on you for crimes, crazy or non-resident) to Open Carry, meaning it cannot be hidden from plain view, even in your car, it cannot be in the glove box. Concealed carry (where I live) is now legal for everyone (resident/not a felon, bla bla), but used to require a $10 permit fee, 3 references and approval from the Chief on the local PD.

I have been with people that get nervous if they see a gun on anyone (including police). Very conditioned response. So some people who carry prefer to carry concealed to not scare people that are uncomfortable. They only time I worry about a gun, is if it's in someone's hands and not under peaceful condition (like at home, the range). But I have been around them my entire life. The average driver worries me much more, well, there are lots of videos every day on that..


Re: Why do Apple employees need to carry guns ?

who are you to decide some people's lives have less value and don't deserve protecting while others do.

Election security fears doused with reality: Top officials say Nov 3 'was the most secure in American history.' The end


Re: "Most secure in History"

What do you mean "no fraud"? There is plenty, and it is being rooted out and well documented. Will it be enough to effect the election, I doubt it. But calling a system "secure" before proving it is, does not pass this techs sniff test.

Might as well say "Windows 10 is the most secure OS ever - there is no need for running an AV scan...."

now it's sounds pretty stupid like that doesn't it?

NSA: We've learned our lesson after foreign spies used one of our crypto backdoors – but we can't say how exactly



This is one of the reasons we like to have "overlap" in our security products. Due to constant proof (like this news story) we have to presume that at least one of our antivirus, firewalls, web filter, VPN, ransomware detectors, components is compromised, by private or nation state criminals - all the time. It's not a happy thing to know your own government is destroying security for the sake of stealing data for insider trading, er I mean keeping us safe from ghost.

Trump's official campaign website vandalized by hackers who 'had enough of the President's fake news'


Re: ... another 4 or 8 or ... 12 years

You are correct. But every 4 years someone starts a panic about how the outgoing prez might resist. Which is really comical because there is nothing they can do. They literally have no power. Do idiots think, that they will hold a gun to someone's head and say please let me live in this house lol.

It's a job in this country, not like a king, or queen, or emperor. It's literally a job that last at most 8 years and that's all.

Ed Snowden doesn’t need to worry about being turfed out of Russia any more


Re: Achy Breaky Hearts

I though they were only the new regulating body for TV and movies. Must be expanding their role.


They are, they will never stop.

But now since it's a fact no longer a conspiracy theory, "conspiracy theorist" have been turned into normal people.


Re: Life in Russia

I want to agree with you because I detest politicians, but he has donated his salary and made less money than he would have. So the only way you can get robbed by turnip head is to gamble at his casino, if that counts.

Palo Alto Networks threatens to sue security startup for comparison review, says it breaks software EULA


Re: Off to look at Orca

I'm thinking well played by Orca. Poke the giant to get in the news to get all the minions to look your way and grab some of that market. I doubt Orca will end up paying any fine, but even if they do, it was worth the expense- it was a great marketing play, because until now I had never heard of them. Good job.

How much does Oracle love you? Thiiiis much: Latest patch bundle has 402 fixes


Re: Is it a competition..

nahhh, since they started charging for basic java use, we have almost no Oracle products left on the network.

Iran sent threatening pro-Trump emails to American Democrats, Russia close behind, says US intelligence


Re: It's not tricky.

You're presenting facts, expect to be down voted and vilified.

Even if I don't like Turnip head for the way he talks, you are correct.

Just to make sure I get downvotes to, when I watched one of Biden's meetings and he told the guy that asked a question (politely even, to give Biden a chance to clear up an accusation, as he was a Biden support) and Biden told him he was fat, stupid and "to old to vote".

Be independent, hate both gangs - it's only fair.

Former antivirus baron John McAfee collared, faces extradition to America on tax evasion, securities allegations


Re: Parallels

Obamacare,,, my insurance doubled and coverage was reduced, same for most "employed" US citizens. Thanks to that health insurance law, as a single healthy person I pay over $600 a month now. It used to be under $300. I don't understand why anyone liked him besides his skin color, since he didn't do anything besides raise taxes at home and drop bombs on more countries than any president in history.

But your comment about the parallels, well might want to check the news today of where all that Russian money came from and went to, since it was just declassified.

China proposes ‘Global Initiative on Data Security’ forbidding stuff it and Huawei are accused of doing already


Re: 1962 rebooted

"China is now countering"

Dude, you do not know history. China has never made a secret of their plans for taking over the world. They will do it by Economics as far as they can, then,,, well, they are almost ready to take on every country with their military now, production has been ramping up for 20+ years. They do have some cool new military subs, ships and islands in the last 5 years. That were in the planning stages 15+ years ago.