"NSO Group told European lawmakers this week that "under 50" customers use its notorious Pegasus spyware...
In additional, NSO is investigating "over 20" customers that are allegedly misusing the software."
So... the customers are all misusing it?
588 posts • joined 29 May 2016
It's the same when I tell Microsoft about criminals that are abusing their services.
They just ignore me.
I suppose that's why they're currently listed by Spamhaus as (and I guess I paraphrase here a bit, but not much) the second most criminal friendly ISP on the planet:
https://www.spamhaus.org/statistics/networks/
[quote]...Aoqin Dragon's method of using malicious Microsoft Word documents also relies on users not doing the right thing and either patching or upgrading their apps to safe editions.[/quote]
Alternatively they can rely on Microsoft not actually fixing the vulnerability...
https://www.theregister.com/2022/06/09/symantec-follina-microsoft/
[quote]There is absolutely no excuse for the amount of fossil fuels we've shoved up power-station chimneys during the whole of my adult life. None. The technology was there to use and to develop during that time. With a sensible approach to deployment we'd have had reactors a few generations more advanced than we have now.[/quote]
True enough.
Forty years ago my day job was working on real reactors. This was in the UK; I only ever tripped one (twice) but it was just the little 100MW job we used to call the AGR.
All of us tried at some stage to explain to politicians (and anyone who might actually listen) why we should be building more nuclear power stations, faster. But despite the clear and obvious science (yes, we knew about global warming in 1980 - the Keeling Curve had been around for twenty years and we were already looking at 340ppm) the politicians decided not to build any more nuclear power stations at all, which left me without a good reason to stay in the employment. It wasn't outstandingly lucrative but at that point it had been my life's ambition for at least a decade and I'd spent a good few years training especially for the job.
Now that I'm retired, it seems for some reason we need to build more nuclear power stations.
Somehow "I told you so" doesn't quite say it...
But hey, you voted for them.
[quote]
Shane Huntley, director of Google's Threat Analysis Group (TAG), said ...
[/quote]
We just analyse. We don't actually do anything about it.
How else would you be getting Google emails from the United Nations and the World Bank, days after you've reported them to us?
https://www.spamhaus.org/sbl/listings/google.com
This secret spy-chip stuff is pretty scary but it takes a lot of people to make a secret spy-chip, and a lot of people to build it into a system, and a lot of people to actually build and deploy code to use the things, and a lot of people who actually spend their working lives looking for it not to notice the unusual traffic.
If there was really a problem, then by now I'd have expected to see [b]somebody[/b] say in the Register's comments on the stories to have said "Yeah, I did this and that for them." or "I saw that, then, in these."
I've installed a lot of Supermicro systems, and I've seen a lot of unusual traffic sending keystrokes to China. But all of that traffic has been easily attributable to compromised Windows boxes - which are much easier to communicate with, and, I dare say, more numerous and accessible than any secret spy-chip. Plus you don't have to compromise any harware, all you have to do is wait until the MD starts the WiFi connection wizard on his new laptop.
Colour me unpersuaded until we see some real evidence.
A long time ago I had extended correspondence with my MP and the Minister responsible for Trade and Industry about the problems I faced from Phoenixing.
For some years I was suing about one company per week for non-payment of bills issued by my small (partnership) business and I thought that this ought to be stopped - the directors of these fly-by-night companies never had the personal liability that I, as a partner in a firm, had for business debts.
The Minister was clear in his arguments that there was nothing wrong with the existing legal system and nothing needed to be done about it.
He might have had a point, because a year or two later he was sent to prison.
[quote]
Employees who worked with company assets were told in 2000 that Jeff Skilling believed that business assets were an outdated means of company worth, and instead he wanted to build a company based on "intellectual assets".
[/quote]
In case you can't be bothered, the company in question was called 'Enron'.
Dear Joe,
You're talking to Big Businesses about security?
All you'll get from that bunch of shysters is what their accountants tell them to tell you will make them more money.
Mostly that will involve selling more and more toys and bandwidth to more an more punters who haven't a clue what they're doing.
That will mean more and more attacks bounced off more and more compromised installations. Think of it as the Kessler effect on the Internet.
For what all will agree are obvious reasons everyone's safety we don't let people fly - nor even drive - without a licence, and very probably insurance too.
If you want safety on the Internet, then at a minimum you need to introduce an Internet Licence.
You heard it here first.
The claim that this is one of the fastest asteroids yet discovered seems unsubstantiated, although the period of its orbit around the sun is indeed short.
By my calculations its average speed around the path of its orbit is in the region of 31km/s - about the same as that of the earth - and well short of that of many bodies in the solar system. Mercury for example clocks in at 48km/s, and sun-grazing comets can reach over 500km/s at perihelion.
Relative to the cosmic microwave background, the solar system toddles along at a sedate 600km/s.
I've worked with instrumentation, computers, computer-controlled machinery and networks - designing, building, using, maintaining, protecting and (lately) defending the bloomin' things - for more than forty years in all sorts of settings.
I know what they're good, and what (and where) they're not so good. I know what the risks are.
In my car (and worse - on my motorcycles, three of which can comfortably exceed twice the highest speed limit on our public roads, and one of which can on a good day exceed three times that limit) I am going to be in situations which, if something goes seriously wrong with the vehicle, will be at least very seriously embarrassing and, in the case of the faster motorcycles, quite likely fatal to the driver.
The car and the motorcycles are all around twenty years old.
I can live with the electronics, but I really do NOT want computers in them, thank you very much, and that is *why* they're all around twenty years old.
"... China is clearly leading the way."
Indeed. My own personal experience tells me that China also led the way in offensive intrusions into computer systems in industry and commerce all over the planet. I can only surmise that this latest move by the Chinese government must be a response to the fact that the rest of the planet is catching up with their offensive capabilities.
I have a hard time believing that re-coding ten to thirty million lines of C into Rust (or anything else) won't generate more problems, faster, than it fixes.
There are many simple ways to make a lot of C usage much safer, with overhead no worse than, and sometimes much better than, the overhead of mitigating SPECTRE etc. attacks. More than thirty years ago I wrote tiny functions to prevent out-of-bounds and use-after-free accesses in my accounting suite, and the re-coding which I did (in about 100,000 lines of C at the time) was largely automated. There are very similar functions (or macros) in things like Sendmail and in any case there are available safer versions of some of the standard library functions which are either drop-in replacements or very nearly so.
To make a serious contribution to security using these techniques wouldn't take a hundred coders (they're rarely what I'd call engineers) but it would need the will to get it done.
OTOH better documentation could probably make a much bigger contribution.
Biting the hand that feeds IT © 1998–2022