* Posts by Mahhn

228 posts • joined 9 Mar 2016


So you've decided you want to write a Windows rootkit. Good thing this chap's just demystified it in a talk



This is why I like to scan my home system from a different PC, to ensure it looks at every file. Nothing is perfect but it catches a few things local scans may miss.

This is how we scan all our VMs at work, so it makes sense. Every VM is treated as a file, not a live system.

I expect home firewalls (done as SaS) will become much more popular. With security companies managing them, constant updates (subscriptions) to block malicious IP/URLs, Ad services (I block all of Adchoices at the FW).

This is the way.

I miss being at DefCon this year, but it's great they are doing SafeMode with Networking, Enjoying the youtube presentations and hoping more people get exposure to the great work people put into making IT safer for all.

- How I found what IPs to block basics. Open CNN in a browser, open command prompt, run netstat -an. Log all IPs. Open Foxnews, do the same. Compare the IP addresses. Take the common ones and block them. It's best to look them up first so you don't block app updaters (windows, adobe, ect) or something else you want connecting.

Android user chucks potential $10bn+ sueball at Google over 'spying', 'harvesting data'... this time to build supposed rival to TikTok called 'Shorts'


Check not in the mail

I got an Email from the goog yesterday, that I can apply for settlement for a class action suit they lost for leaking data from Google+ accounts 2 years ago.

The sum of $12 per user can be mine IF - You got the email, will give them your real name and address, and your bank routing and account number.

AS IF I would trust goog with that data if they can't even keep,,, well anything from their system of greed. No doubt the account data will be leaked and cost way more than a crappy $12. Hell, if they planned this it couldn't be better for them, leak a million peoples data, then offer to pay them $12 each to get even more data from them. Blah.

National Crime Agency says Brit teen accused of Twitter hack has not been arrested


Re: Walk in to a zoom meeting just like that?

They didn't require logging in, they made it public. People had control over their own Mic's and screen sharing.

It was a management caused issue, not IT.

In the market for a second-hand phone? Check it's still supported by the vendor – almost a third sold are not


Re: for manufacturers to open-source old code

"this is not going to happen, unless they're forced by law."

no, you are just giving dictators more control.

Consumers drive the market, stop buying junk and they won't make it.

So long as people will buy junk, companies will make it.

This is your choice, and yes stuff that isn't cheep does cost more.

We're suing Google for harvesting our personal info even though we opted out of Chrome sync – netizens


I hope they win

Because the goog did lie, and they know it.

Raytheon techie who took home radar secrets gets 18 months in the clink in surprise time fraud probe twist


Training and infosec

So they say he had been bringing items from for at least a year 2017-2018.

Pretty sloppy infosec to not notice 31,000 files downloaded to non company devices.

Since they say he wasn't malicious with the data he had, does that mean he got shit for training on procedure too?

There are a lot more issue here than one guy brining home sensitive data that should be addressed.

But hey, if your a manager at Raytheon, at least the sacrificial goat took all the heat right,,,,,

Bad: US govt says Chinese duo hacked, stole blueprints from just about everyone. Also bad: They extorted cash


Re: So let's get this straight

Just these two were local so they could arrest them. Chinese state run ATP groups are reported on the Reg and many other IT news sites regularly. Hacking the world for fun, profit, and the power of the PRC.




We really doing this again? Rumour has it that Apple is nearly finished developing augmented-reality glasses


games and some biz

it has great potential for video games ( Final Fantasy seeing spirits)

maybe for military/police/criminals (seeing through drones cameras)

but for the average user on the street, it's just one more excuse to walk into parking meters and fountains.

I would love to play a FPS game with them, but not for $1000, or even half of that. Real life is still much cooler.

NASA launches guide to Lunar etiquette now that private operators will share the Moon with governments


Re: Has anyone told Donnie?

But there is a lot of Helium 3 (Movie Iron Sky)

Much more valuable.

Multi-part Android spyware lurked on Google Play Store for 4 years, posing as a bunch of legit-looking apps


whats safe

are there any truly safe apps on googleplay? seeing how apps auto update, apps get sold to companies that use that update to change the apps purpose from a game/diet/what ever into spy/malware. Can any app like that be trusted?

Breaking virus lockdown rules, suing officials, threatening staff, raging on Twitter. Just Elon Musk things


Re: Same as the Nebraska meat packing plants

do you sniff the packaging? lol


Re: Same as the Nebraska meat packing plants

I'm thinking some people here inhale meet. Because even idiots should know by now that someone must inhale the virus to get sick from it.


Herd mentalty

Just noticing how everyone is happy join the media hype and throw rocks.

However, he isn't wrong that other places are allowed to operate and his isn't.

I've read so many Hit articles on Tesla over the years, it's amazing he made any cars.

Yet, he does make cars, has a space ship, and works "with" this workers.

I'm not going to bash him. He is angry for good reason.

Don't be fooled, experts warn, America's anti-child-abuse EARN IT Act could burn encryption to the ground


Profit time

Cattle do not have rights and their opinions are not of consequence.

'the Five Eyes Human Farmers alliance – Australia, Canada, New Zealand, and the United Kingdom – have agreed to a set of principles to guide internet companies in their efforts to Harvest Consumers Data. Representatives for six online companies – Facebook, Google, Microsoft, Roblox, Snap and Twitter – were there to endorse the initiative.'

Good news, everyone: The US military says it will be ethically minded about how it develops AI


Re: Ethics?

The country appalls torture, the criminals in government don't care what the country wants. It's the same the world over.

There are little to no Ethics in government, only getting and maintaining power over others.

Samsung will be Putin dreaded Kremlin-approved shovelware on its phones, claims Russia


Re: "Fines for non-compliance range between 50,000 and 20,000 roubles"

So people can get out of having the software if they pay the fine/privacy tax of $780

I bet $780 it won't be installed on Putin's phone.

In a touching tribute to its $800m-ish antitrust fine, Qualcomm tears wraps off Snapdragon 865 chip for 5G phones


Re: "It's very easy to share and collaborate with the cloud"


Interpol: Strong encryption helps online predators. Build backdoors


Re: Here we go again...

The ugly truth is, unemployment is high, so more depressed people, more drug use, more crime overall. Illinois problems are very deep, and mostly due to corrupt politicians driving out jobs with over taxation. Please ask anyone that lives there. I used to live there and still have very many friends that do. State fuel taxes jumped again last year, hitting people really hard.

Pokemon No! Good news: You can now ban the virtual pests, er, pets to stop nerds wandering around your property


Re: New App

it'd be more profitable to hunt pokemon lawyers

What do you get when you allegedly mix Wireshark, a gumshoe child molester, and a court PC? A judge facing hacking charges


She hired a security company, wouldn't have been a legal issue if their IT team was part of the investigation to at least know what is going on with their systems. I doubt most "support only" IT depts. can even use Wireshark effectively. There is clearly much more going on here though I don't doubt her concerns are real, but this was all her opponents needed to get rid of her.

We're almost into the third decade of the 21st century and we're still grading security bugs out of 10 like kids. Why?



It will be made as complicated as possible, completely unusable, and have governments highest approval and be made mandatory. Half the InfoSec peeps will say F this, and take jobs that don't stress them out so much.

Great plan. Just like making a helicopter, a million parts flying in formation, when one goes bad - they all do.

Microsoft crams Office 365 docs into Edge-style sandboxes to thwart malware infections


30 days

I give it 30 days before their sandbox is made into a joke, publicly.

NSA to Congress: Our spy programs don’t work, aren’t used, or have gone wrong – now can you permanently reauthorize them?


so depressing

there is no hope, there is no freedom, there is no privacy. we are slaves, I don't want to die but it seams the only escape is suicide. Please kill me.

That was some of the best flying I've seen to date, right up to the part where you got hacked


Snort to keep your pigs flying?

Disgraced ex-Kaspersky guy made me do it, says bloke in Russian court on hacking charges


Re: Kaspersky blackmailed hacker?

Maybe you missed the part that says Ruslan Stoyanov was a "former" employee. So Kaspersky got rid of him prior. If anything, it suggest K did the right thing.

Massachusetts city tells ransomware scumbags to RYUK off, our IT staff will handle this easily


They do not. These new bios infections do not overwrite the files, they create their own little pocket, the malware runs independent of the OS and cannot be seen by the OS, but it can see the files. This is from a Defcon presentation this year. Several of us asked bout flashing the BIOS, but that only overwrites the existing parts and won't touch the infection. I'm sure every AV company is working on detection methods. I have to say I have an older ROG2 MB and it has and independent Linux install in the bios that you don't need a HD for some basic things. Also heard of infections 5 years ago, but not as scary as todays.

Google security crew sheds light on long-running super-stealthy iOS spyware operation


Re: Entire populations: State sponsored?

The US isn't a Democracy. It is a Democratically elected Republic. Although many call it a plutocracy due to corruption.

Finally. Thanks so much, nerds. Google, Apple, Mozilla end government* internet spying for good


Re: "We will never tolerate...

You beat me to it.

Next up goog will protest election manipulation LOL.

Cue the bond theme song "Nobody does it better"

Huawei goes all Art of War on us: Switches on 'battle mode' and vows to 'dominate the world'


Short memories

Maybe some missed the news that Huawei helped out political opponents in multiple countries, resulting in the murder of several candidates.

But ohh look there's trumpf, lets go call him names and pretend Huawei isn't putting spyware in all their phones for China's government (not like they can say no).

NSA asks Congress to permanently reauthorize spying program that was so shambolic, the snoops had shut it down


Re: The constitution is not supposed to be optional



https://www.gunsamerica.com/s/22 rimfire


Re: The constitution is not supposed to be optional

About 6 years ago during project Jade Helm (prison camp building/training at closed walmarts across the US) there was a LOT of discussion among enlisted people, the consensus being they are pledged to protect the Constitution - which represents the people not the government. A revolution in the US would take one day if it happened - Orders sent to attack civilians with military, an hour later those ordering it would be arrested for treason, a temporary government initiated, and new elections held within a month.


never left

The spying never left, if you recall they shifted the storage responsibility to the Telcos. Which the NSA has direct access. This took it off the NSA books and provided closer to real time access or data/connection records. Which has improved the speed at which people can be intercepted. They are now looking to publicly display their abilities as apposed to hiding (can get legally tricky), but want it to look legal - by having publicly acknowledged access.

There is nothing good to come of this, but it's not like anyone has a choice - it's still going on either way.

Let's see what the sweet, kind, new Microsoft that everyone loves is up to. Ah yes, forcing more Office home users into annual subscriptions


Re: Or...

yeah, all those people that have infected home PCs and either don't know it or don't care, they should be able to infect documents that go inside the company, barf.... Then you will be begging for some of those "pointless" policies back when you shut the company down from malware. - happens all the time.


Re: Nope

If the price for the license was much smaller, I wouldn't mind ($5 per year max). Since that would be to help keep the product up to date. But MS, they just want to bleed people out as much as they can.

Equifax to world+dog: If we give you this $700m, can you pleeeeease stop suing us about that mega-hack thing?


Still a security fail

Their website right now has an F rating due to shit security. They haven't learned an fricking thing, lock them up!


We are shocked to learn oppressive authoritarian surveillance state China injects spyware into foreigners' smartphones


Re: I wonder what they'd do when presented...

they will say "ahh, okay, we already tracking that one"

2001: Linux is cancer, says Microsoft. 2019: Hey friends, ah, can we join the official linux-distros mailing list, plz?


Re: They are now the Voyager Borg

I don't think they are as incompetent as they are greedy.

Their marketing of W10 is proof. It's a horrid system, but its so much of a cash cow between it's data harvesting and micro-payment for apps they could afford to just give (push) it away this time. They figured out that there is more money in Service (and data) than Sales. Now they just need to be sure to have their fingers in everything else to bolster marketing a little more. "Here at MS we work with and support other software (Linux) to ensure your W10 experience is fluid no matter how or where you compute. Welcome to MS, we are the world." Just greed, that's all.

Mozilla returns crypto-signed website packaging spec to sender – yes, it's Google


Google is drooling

They can't wait to have complete control over what you see. Think that editing all the hyperlinks in gmail (so they get add hits) was bad. Every thing you will see will be modified by google to meet their best propaganda advantage over your financial and political situations.

Google has gone full evil.

US Air Force probes targeted malware attack, blames... er, the US Navy? What?


Laws lol

"weaponised use of malware by state agencies is something that is, by law and custom, restricted to being used against actual criminals and not journalists."

Criminals don't obey laws. Laws will never, ever, stop a criminal.

Giga-hurts radio: Terrorists build Wi-Fi bombs to dodge cops' cellphone jammers


I like the "Dark Star" movie reference - "let there be light!"

Thank you, your DNA data will help secure your… oh dear, we've lost that too


Re: Alistair Dabbs

"make her face them when touching " jacket fillers like that should be fired and have their licenses removed. Report them to the SIA


Re: Alistair Dabbs

if someone says 34, and there is no 34, rooms start at 134 or c34, that's a no brainer. Similar asking someone what their birthday is, if they can't remember of the top of their head, it likely isn't their ID. if they don't have a hotel card/key (which he didn't ask for) that would be easy to, but just by asking - will actually make a would be thief want to leave and not deal with it, while someone wanting in the room will - which is why he was let in.

Hey - my post is very disliked, awesome, lol. Doesn't mean I'm wrong though.


Alistair Dabbs

Alistair Dabbs, clearly you have a big ass chip on your shoulder. Ripping about door staff, that is there to keep people from getting robbed, raped and stabbed. I have worked at night clubs and known plenty of other people that worked various security jobs over my 50+ years. Door staff have to deal with the worst of society all the time. There is always some scum bag trying to drug others, lift peoples phones, coats, sneak into places, and hurt others. The scum put a lot into their efforts some times, some security people (in any roll) get jaded by the sheer amount of BS they have to deal with, to the point you just expect everyone to be the worst - because we see it so often. There are stabbings every day in clubs across the UK, and the most likely person to try and save someone is the security person, not your buddy/coworker or date. So get off your high horse, if it wasn't for the large amount of scum, people wouldn't have to work as security staff. That Guy at the hotel making sure you are a guest, has likely had to toss several people over the last month that were there to rob and rape - but you're to stuck in your drunk head to think about anybody besides yourself.

Uncle Sam charges Julian Assange with conspiracy to commit computer intrusion


The statement "The government said Manning told Assange she was"

At that time Manning was a man. I hope Assange doesn't leave jail with his gender changed too.

My government is so full of corruption and lies, I don't think they know what the truth is anymore...

Spyware sneaks into 'million-ish' Asus PCs via poisoned software updates, says Kaspersky


Re: delay

Or the lazy ones flag auto everything unsigned, while the others detonate it to test.

Let's spin Facebook's Wheel of Misfortune! Clack-clack-clack... clack... You've won '100s of millions of passwords stored in plaintext'



and he hoped to be remembered for something cool.

In 20 years the only thing people will know about him, is that he's where the term "Zuck-up" came from.

Schneier: Don't expect Uncle Sam to guard your web privacy – it's Europe riding to the rescue


In the USA

Politicians are little more than brokers, selling off consumers to corporations.

Corruption is so deep, many of the them don't even realize that they are the problem by compliancy to the situation that is now the norm.

Surprise, surprise, yet another cryptocurrency creator collared, hit with $6 million fraud rap


One to many "i"s

Just one typo away from being honest:

My Big Coin Vs My Big Con

After last year's sexism shambles, 2019's RSA infosec bash has upped its inclusivity game


This is why

"RSA isn't really a security conference as such, but a sales bonanza"

This is why I never attend RSA. Defcon is where you go to learn useful things :)

US lawmakers furious (again) as mobile networks caught (again) selling your emergency location data to bounty hunters (again)


Re: Lock him up

"the people" vs. "the corporates".

Always has been, but most of the sheeple don't get it, and make the corporations stronger all the time. Electing officials that have gone so far as to give corporations rights as a person, but no responsibilities of such (it was a way to allow massive donations to political funds).



Biting the hand that feeds IT © 1998–2020