* Posts by sloshnmosh

126 publicly visible posts • joined 29 Oct 2017

Page:

Ransomware encrypts files, demands three good deeds to restore data

sloshnmosh
Linux

I couldn't have said it better myself...

"there are plenty of opportunities that don't involve infecting people's devices and encrypting their photos. It might even start with uninstalling Windows. ®"

VirusTotal slips on biz suit, says Google's daddy will help the search for nasties

sloshnmosh

Re: so..

"Why don't all browsers run the checksum for whatever they just downloaded past VT before committing the save? Aware you can get various extensions and such, but even so.. it seems like such a minor thing to add."

Probably because this would be a huge privacy concern.

With an extension, the user would be notified of the privacy risks involved and would be opting-in to the T's and C's and also digitally signing that they had (could have) read the privacy policy.

There are several websites where you can upload a hash and it will show you what the hash correlates to in it's database.

These antivirus companies can positively identify what a user is downloading by the SHA/MD5 sums and share what it is the user just downloaded (along with the users IP address and browser fingerprint) and passes this info along to it's affiliates (IE: Facebook, Experian etc.)

Starting to understand the privacy risks now?

Same thing goes for Google's Safe Browsing and others that collect the users web browsing history.

Google has partnered with ESET in it's Chrome browser for another example.

ESET is a cloud based antivirus/security company from a foreign country that isn't held to the same laws as the US or UK.

(Just like almost all the AV engines on Virus Total)

This is much more of a cocern.

What's Big and Blue – and makes its veteran staff sue? Yep, it's IBM

sloshnmosh

"systematically targeted"

IBM does have a history of this.

So the elder employees received their punchcards, yes?

Eight months after Equifax megahack, some Brits are only just being notified

sloshnmosh

I don't understand why..

users don't just use Equifax's data breach checking tool to see if they were affected?

Oh, wait...

https://www.zdnet.com/article/we-tested-equifax-data-breach-checker-it-is-basically-useless/

Chrome 66: Get into the bin, auto-playing vids and Symantec certs!

sloshnmosh

Re: Available now

"I can't see the video auto play to disable it - it's one of the things that annoys me from news sites like Metro."

Try: chrome://flags Search for "Autoplay policy"

Gemini: Vulture gives PDA some Linux lovin'

sloshnmosh
Thumb Up

You had me at "removable"

"The removable 4220mAh battery is under the keyboard"

German sauna drags punters to court over naked truth

sloshnmosh
Joke

"The legal jousting lasted minutes..."

I saw what you did there!

AI racks up insane high scores after finding bug in ancient video game

sloshnmosh

Re: Ha!

I loved the fact that in Defender Stargate the high score wasn't limited to just putting in your 3 initials, you were able to write almost a full sentence next to your high score.

I was in heavy competition with another intense Stargate master and we would write terrible things about each other when we beat the others high score.

My friend and I were in a (real) Asteroids competition that was sponsored by Atari.

The owner of the local convenience store where the Asteroids machines were located kept a log of our scores and hours that we played.

My Asteroids partner and I would have so many extra lives (ships) stored in memory that the Asteroids machine would start glitching out and the rocks (asteroids) would sometimes become detached at their vector points.

Atari had to replace 2 of the Asteroid consoles due to memory corruption.

My Asteroids partner and I had to forfeit the competition because our parents wouldn't allow us to miss school for the playoffs.

An older guy won the competition and was awarded a brand new stand-up Asteroids Deluxe machine.

(I never did like Asteroids Deluxe)

sloshnmosh

Ha!

I guarantee you that no AI/quantum computing could EVER beat me at Asteroids or Stargate!

(showing my age)

Star Paws: Attack of the clones

sloshnmosh

In the words of Jud Crandell from Pet Cemetary:

"sometimes, death is better"

Equifax peeks under couch, finds 2.4 million more folk hit by breach

sloshnmosh

I guess that means it's less than 63 cents now...

"The CEO of Equifax is retiring from the credit reporting bureau with a pay day worth as much as $90 million—or roughly 63 cents for every customer whose data was potentially exposed in its recent security breach."

http://fortune.com/2017/09/26/equifax-ceo-richard-smith-net-worth/

US watchdog just gave up trying to get Google to explain YouTube's huge financial figures

sloshnmosh

Re: Its easy enough to explain actually...

What about that Logan Paul dude: Logan, on average makes between $80.5K - $1.3M a month.

Use ad blockers? Mine some Monero to get access to news, says US site

sloshnmosh

I guess mining is better than dropping a shell

I did a quick Google search yesterday using the base 64 string for PHP shellcode backdoors hidden in image EXIF and one of the first websites to pop up happened to be hosted nearby.

I contacted the webmaster by phone using WHOIS and another well known family tree site and the owner turned out to be a 70 year old man.

(Really nice guy.)

The image of a MOPAR muscle car in his sites gallery had been dropping shells on visitors since November of 2009.

He shut the site down (which was not my intention) stating he didn't have time to maintain it and that he was getting much more traffic on his "Wordpress" site.

Essex black hat behind Cryptex and reFUD gets two years behind bars

sloshnmosh

Re: Much of what was reported seems strange.

I was thinking the same thing..

Metasploit has several AV evasion programs and Github has code to create signed certs to evade AV.

Roses are red, Kaspersky is blue: 'That ban's unconstitutional!' Boo hoo hoo

sloshnmosh

Re: Good Luck

"No they haven't. Some idiot politicians state that corporations are people - mainly during campaigneering. Just because they say so it doesn't make it a fact."

http://www.amendmentgazette.com/how-spending-money-became-a-form-of-speech/

Until last week, you could pwn KDE Linux desktop with a USB stick

sloshnmosh
Thumb Up

You had me at USB

I'll say it again, I do love a good USB hack

Ruskie boffins blasted for using nuke bomb lab's supercomputer to mine crypto-rubles

sloshnmosh

Re: Obviously not quite as secret as your article makes out

I wonder if one of the labs "eggheads" was using a FitBit app?

Due to Oracle being Oracle, Eclipse holds poll to rename Java EE (No, it won't be Java McJava Face)

sloshnmosh

They should name it...

"ASK Toolbar"

Or whatever it comes "bundled" with nowadays.

Fella faked Cisco, Microsoft gear death – then sold replacement kit for millions, say Feds

sloshnmosh
Pint

Re: One of the few times...

"When you get someone claiming to be Microsoft Technical Support on the phone, it's THEM being scammed."

Ha! you beat me to it.

Oops, I gotta run, I just got a call from Microsoft saying that my "Windows license has expired".

Lenovo's craptastic fingerprint scanner has a hardcoded password

sloshnmosh

Lenovo again?

Thank God I bought an HP!

Oh, wait...

Linux's Grsecurity dev team takes blog 'libel' fight to higher court

sloshnmosh
Pint

"I've seen ...... .... time to die"

One of my favorite scenes in one of my favorite movies,

(not to fond of the remake however)

Have an upvote!

https://en.wikipedia.org/wiki/Tears_in_rain_monologue

HTML5 may as well stand for Hey, Track Me Longtime 5. Ads can use it to fingerprint netizens

sloshnmosh
Devil

Advertisers

https://www.youtube.com/watch?v=ouE-CcwE8Ls

Facebook has open-sourced encrypted group chat

sloshnmosh

No Thanks

Perhaps I should elaborate before I get deservedly downvoted into oblivion..

I do believe that it is great for ANY company to open source their software.

Especially if that software enables users to communicate over a (supposedly) secure, encrytped way.

I am a staunch supporter of open source software especially any software that helps with security and/or privacy.

But trust is earned not given.

Zuck and Co. are well known for collecting as much personal, private information from as many people as possible and aggragating all that data into graphs and selling it or even giving it away freely to anyone with a FB developer account.

Facebook has the technology, money and manpower to create powerful software that could help keep communications secure but it goes 180 degrees from what their current format is all about.

So pardon me when I have an knee jerk reaction to any software that is supposed to be private and secure with the Facebook name attached.

sloshnmosh

No thanks

That is all.

CPU bug patch saga: Antivirus tools caught with their hands in the Windows cookie jar

sloshnmosh

Win 7/Microsoft Security Essentials

I have several computers with different configurations, I have a Windows 7 machine running with Microsoft's Security essentials on it that already had this registry key set before the infamous update. Another computer with Windows 7 that has Trend Micro installed needed this registry key added.

(Trend Micro created a .reg file for users to download to add the key)

I don't know when the registry key on the Security Essentials machine was added but I know it existed before I installed the Meltdown update.

Hold on to your aaSes: Yup, Windows 10 'as a service' is incoming

sloshnmosh

Privacy settings

The first time I looked at Windows 10's "privacy" settings I thought to myself: "Is James Clapper a developer at Microsoft now?"

VTech hack fallout: What is a kid's privacy worth? About 22 cents – FTC

sloshnmosh

What kind of Mickey Mouse operation?

Who the Hell does VTech think they are? Illegally collecting childrens data is Disney's job!

sloshnmosh

And....nobody goes to jail

Several times a day I am reminded that only private citizens get arrested and jailed.

When's the last time you've heard of an "average Joe" getting the option to payout 22 cents to their victim and not have to admit any wrongdoing?

WD My Cloud NAS devices have hard-wired backdoor

sloshnmosh

"I made my own 'NAS' from a Raspberry Pi and a couple of flash memory sticks in about 20 minutes. For any self respecting geek, there is no reason to use off the shelf exploit kits."

As a bonus your NAS is also safe from the whole "Meltdown" debacle.

If Australian animals don't poison you or eat you, they'll BURN DOWN YOUR HOUSE

sloshnmosh

Re: Fascinating

"Sounds normal. No-one believed the Okapi existed until a european person found one. The locals of course had known about them forever."

Fascinating indeed! I have never heard of or seen an Okapi until I looked it up on the web after reading your post.

(Are you a local or a European?)

Least realistic New Year’s resolution ever: Fix Facebook in 365 days

sloshnmosh

Re: Misuse of our tools..

...as well as giving web developers and app developers full access to users Facebook accounts through the Graph API to post comments or hijack web links to host scareware/adware/fraud using the users Facebook access tokens..

In fact, I'm having a real tough time trying to figure out just what Facebook would actually define as "misuse" of their tools?

sloshnmosh

Misuse of our tools..

I'm assuming Zuck and co. are not referring to Cambridge Analytica or the US military or the NSA etc etc when they speak of "misuse" of their tools?

Amazon coughs up record amount of info to subpoena-happy US government

sloshnmosh

Amazon Cloudfront

Yet Amazon refuses any requests by individuals to stop the enormous amount of fraud/malware hosted by Cloudfront.

First shots at South Korea could herald malware campaign of Olympic proportions

sloshnmosh

"Why not just have hacking and the such include as an Olympic event then?"

NSA for the Gold

We translated Intel's crap attempt to spin its way out of CPU security bug PR nightmare

sloshnmosh

Raspberry PI

I have over 30 computers and you're telling me that my Raspberry PI is the most secure device in my house?

US Homeland Security breach compromised personal info of 200,000+ staff

sloshnmosh

Microsoft Office

Look for the employee with the pirated MS Office 360 key generator.

Now that's sticker shock: Sticky labels make image-recog AI go bananas for toasters

sloshnmosh

Only a few pixels

"I've noticed BS claims are being made (on the various tech new shows) about facial recognition again. BBC WS mentioned about a system that seemed to claim pulling accurate recognition from only a few pixels. They should make it a capital offense to over-hype such things."

You'd be surprised how much data can be obtained by just ONE single pixel:

https://www.facebook.com/impression.php/f2441a81bf8bca8/?lid=115&payload={%22source%22%3A%22jssdk%22}

Time's up: Grace period for Germany's internet hate speech law ends

sloshnmosh

Pythonistas

"There are nasty bigots using most programming languages, no need to single out Pythonistas."

http://samshadwell.me/TrumpScript/

Judge rm -rf Grsecurity's defamation sue-ball against Bruce Perens

sloshnmosh

I could be mistaken...

But wasn't the GRsecurity patch freely available to download a while back?

I vaguely remember (attempting to) compile a Linux kernel with their patch a few years ago.

Surveillance Capitalism thinks it won, but there's still time to unplug it

sloshnmosh

I think the average person DOES care..

I believe it has a lot to do with how much technical knowledge a person has (or wants to have).

I see lots of people take steps to protect their data at least in some small degree but they clearly have no understanding of how things work and end up giving away the keys to the kingdom.

Many people have "antivirus" apps on their Android devices because they have at least some concern that their data may get stolen by some "virus" but most of these apps are stealing far more data from their devices than any "real" malware ever could.

Some of these dodgy "antivirus" developers go so far as to "advertise" their apps by tricking users into installing their warez through the use of fake virus warnings capitalizing on the users inherent fears as well as their lack of technical knowledge.

I was looking at the web browser 'Brave" the other day, it claims to be pro-privacy and in the browser extension request webpage of Brave users were requesting all kinds of dodgy VPN add-on's and other extensions that would defeat the whole purpose of using Brave.

I believe that most people care about their privacy/security but "convenience" wins out or users just get overwhelmed.

It is kind of a pain trying to limit your data footprint, and the more knowledge you have the more you have to do.

I run a custom OS on my phone with only a few FOSS apps that I personally inspected, script blockers on my web browsers, block a multitude of social media sites on my router and HOSTS file, run BleachBit several times a day, only allow programs through the firewall when needed etc etc...I really feel I was better off 5 years ago when I was blissfully unaware of the things I now know.

And to hear members of congress or politicians speak..they're either more clueless than everyone or they're all in on it.

It's all so tiresome.

(sorry for the rant)

Bigmouth ex-coppers who fed media MP pr0nz story face privacy probe

sloshnmosh

Geek Squad

The same thing happens when people have their computers repaired by the "Geek Squad".

https://www.nbcnews.com/tech/security/customer-sues-best-buy-alleges-geek-squad-worker-stole-published-f6C10929636

https://consumerist.com/2007/07/12/geek-squad-hatched-plot-to-harvest-porn-from-pornstar-jasmine-greys-harddrive-days-before-she-died-i/

http://www.businessinsider.com/best-buy-customer-geek-squad-employee-kept-racy-photos-of-her-2012-7

https://nakedsecurity.sophos.com/2017/05/22/yes-geek-squad-can-search-your-files-and-hand-you-over-to-the-police/

https://www.washingtonpost.com/local/public-safety/if-a-best-buy-technician-is-a-paid-fbi-informant-are-his-computer-searches-legal/2017/01/09/f56028b4-d442-11e6-9cb0-54ab630851e8_story.html

Magic Leap blows our mind with its incredible technology... that still doesn't f**king exist

sloshnmosh

Cicret

This has been done before: https://www.itbusiness.ca/news/the-cicret-is-out-this-futuristic-bracelet-doesnt-exist/52677

IT giant CSC screwed its 1,000 sysadmins out of their overtime – jury

sloshnmosh

the three-year legal battle..

That right there...

Ugh

Euro ransomware probe: Five Romanians cuffed

sloshnmosh

Cerber ransomeware

I received Cerber ransomeware every week for several months in an old email account of mine.

They always arrived in the form of a .zip attachment claiming that: "UPS package undeliverable"

and the .zip file was supposed to contain tracking information.

I unzipped one in a Windows 7 VM for kicks and it encrypted any .jpg, .pdf, .zip and .doc files but left pretty much everything else alone.

Windows Store nixed Google Chrome 'app' hours after it went live

sloshnmosh

Saffari

I'm just now finding out I've been using a knockoff browser this whole time.

I was happy with my Saffari browser until this damned article.

Well, back to the App Store I go...

Google Chrome ad-blocking to begin in February – but what is it going to block?

sloshnmosh
Pint

Re: Giving the ad industry sleepless nights?

Have a beer for the Bill Hicks reference.

Firefox 57's been quietly delaying tracking scripts

sloshnmosh

In defense of Firefox..

I found that Firefox performed better than most when running tests on badssl.

https://badssl.com

Page: