* Posts by elvisimprsntr

114 publicly visible posts • joined 2 Mar 2018


Former US Homeland Security Inspector General accused of stealing govt code and trying to resell it to... the US govt


I'll give you one guess which administration appointed this a $ $ h a t.

Credit Karma's enriched: Turbo Tax daddy Intuit snaps up personal finance platform for $7bn


I am sure I will soon be receiving unsolicited emails from CK/Intuit about credit offers/services, in spite of having a promotional block, fraud alert, and credit freeze set at the three US credit bureaus.

Google exiles 600 apps from Play Store for 'disruptive advertising' amid push to clean up Android souk's image


...removed nearly 600 Android apps from the Google Play Store and banned them from its ad services for violating its policies on disruptive advertising...

So Google only takes action if affects their bottom line in either excessive advertising payouts or re-direction.

If you're running Windows, I feel bad for you, son. Microsoft's got 99 problems, better fix each one


So because M$ built in Flash into Edge, I am still vulnerable until the end of 2020. Nice going, Satya!


Problems at Oracle's DynDNS: Domain registration customers transferred at short notice, nameserver records changed


Having survived 2 (voluntary) domain transfers, I know what a PITA it can be. Having learned a lot from the first experience, the second time around was to commingle all services in one place (noip.com) for better pricing (Domain, DDNS, MX, eMail hosting, etc.) and took less that 15 minutes.

Too bad Oracle did not provide much detail, advance notice, and made the announcement at a time when most employees are winding down the year and looking forward to the holidays. Too bad some admins did not have a secondary account verification email on file to protect again some of the scenarios listed.

Boeing, Boeing, gone! CEO Muilenburg quits 'effective immediately'


I bet Muilenburg got to keep his golden parachute. Passengers were not so fortunate.

Deadly 737 Max jets no longer a Boeing concern – for now: Production suspended after biz runs out of parking space


And where are the C-Suite Execs who were all patting themselves on the back for the billions in new airframe development they saved by bolting on a new engine on a 50+ yo platform when they got caught with their pants down by the Airbus A320neo?

It's 2019 so, of course, this Wells Fargo employee accused of stealing customer cash posed with wads of dosh on Instagram, Facebook


Note to self: Don't flash your ill gotten loot on social media. Someone just might be watching.

Valuable personal info leaks from Facebook – not Zuck selling it, unencrypted hard drives of staff data stolen


Let's hope it was Zuck himself that was the victim of the reported smash-n-grab. I would not be surprised if the victim was targeted. Not that difficult when employees post all their personal details on social media. Wait! What?

Mysterious botched code upgrade breaks voicemail for unlucky AT&T punters for weeks


Now that ATT and iOS perform speech to text (STT), although not very well, I can read my voice messages. Never seen an interruption on my end.

I got 99 problems but a switch() ain't one: Java SE 13 lands with various tweaks as per Oracle's less-is-more strategy


Disabled Java years ago. Don't even miss it. Java needs to be put out to pasture, with Flash.

It's just another vulnerability to be exploited. https://heimdalsecurity.com/blog/java-biggest-security-hole-your-computer/

If you could forget the $125 from Equifax and just take the free credit monitoring, that would be great – FTC


And I'm sure all these fines levied (real or imagined) are tax deductible against future Equifax earnings, lowering their tax liability. The net effect will be less US tax revenue, which middle class America will have to make up for or just gets piled on to the US national debt. So who are the real criminals here? The thieves who stole the data, or the government officials and politicians?

Cybercrooks attempted credential-stuffing banks 3.5 BEEELLION times in the last 18 months alone


so, ABCD1234 is not a good PW?

Capital One gets Capital Done: Hacker swipes personal info on 106 million US, Canadian credit card applicants


Clearly, there is more to this story than we are being told. If her motivations were notoriety, she could have practiced responsible disclosure. Unless her motivation was spite, becasue she was the one responsible for the misconfigured systems and/or was fired from AWS. Photos of her from some articles, she looks like she might be a tweaker and may have some prior experience in the custody of the state. Perhaps a product of a prison educational program.

Meanwhile, the real criminals continue to get away with it. Namely the predatory CC companies and WS.

Sleeping Tesla driver wonders why his car ploughed into 11 traffic cones on a motorway


The average IQ of the human species would tic up a few points if the driver stopped sucking up oxygen and unnecessarily contributing to CO2 emissions.

Equifax to world+dog: If we give you this $700m, can you pleeeeease stop suing us about that mega-hack thing?


Re: Passing the loss to the shareholders is fine

How about taking away stock options from executives/directors found criminally negligent or culpable?


Class action lawsuits only serve to line lawyers pockets. Settling the case means it will not become a landmark liability case for similar corporate/executive negligence. Everyone wins, except the netizens most affected by the breach.

It's 2019 and SQL Server can be pwned by an SQL query, DHCP failover server failed by a packet, Edge, IE by webpages...


It's 2019, why does anyone use anything from Adobe?


Fibaro flummoxed, Georgia courts held for ransom, and more


The Russian proverb quoted by RR, "Trust, but verify," needs to be replaced with with "Trust no one (TNO)."


We are shocked to learn oppressive authoritarian surveillance state China injects spyware into foreigners' smartphones


Better yet, pull a Jason Bourne and pay cash for a pre-paid burner phone in country.

It's us, only backwards. DXC registers new corporate entity: World, meet *drum roll* CXD Infrastructure Solutions


How many executive board meetings did that take? Reminds me of THHGTTG B-Ark

Stop us if you've heard this one: US government staff wildly oblivious to basic computer, info security safeguards


Why am I not surprised?

Large Redmond Collider: CERN reveals plan to shift from Microsoft to open-source code after tenfold license fee hike


Reminds me of one proprietary RTOS vendor with run time licenses based on CPU core. We quietly funded a project to switch all our systems to RTLinux. They tried to pitch the benefits of their RTOS with 1 msec interrupt service times and 1-2 msec of jitter. It was fun when we broke the news that we were getting 10 usec interrupt service and 10 usec jitter, thus we did not need them anymore. They begged us to at least let them bid on the server hardware. Between switching from PPC SBCs to Intel commodity servers, and RT licenses per CPU core to per installation, we saved quite a bit of coin.

DXC Technology exec: What should our brand be known for?


DXC, a name synonymous with a part of the male anotomy. Already says it all.

It's that time again: Android kicks off June's patch parade with fixes for five hijack holes


As much as some complain about iOS being proprietary, at least security updates get rolled out as soon as (or in most cases before) CVEs are disclosed. Android on the other hand, the majority will have to wait weeks/months (assuming the manufacturers/carriers bother) for security updates. Until then, miscreants have time to target those vulnerabilities. The average consumer does not take the time to make an informed decision, thus makes their choice based on initial acquisition cost without taking taking risks into consideration. The average consumer also uses social media which poses it's own set of risks to security/privacy.

News aggregator app Flipboard hacked: All passwords reset after hackers pinch user data


Never heard of it!

Fixes for Windows 10 arrive (for Insiders, soz) and covers are pulled from Edge for macOS


It's a move towards migrating all Office users into an Office 365 $ubscription, Accessible only through Edge.

Headsup for those managing Windows 10 boxen: Microsoft has tweaked patching rules


Glad I excommunicated M$ from my home 15+ years ago. Life could not be better.

Maker of US border's license-plate scanning tech ransacked by hacker, blueprints and files dumped online


if Perceptics can't keep their own house in order, what does this say about their ability to keep license plate, and any other data used to track vehicles and citizens out of the hands of miscreants?

G Suite'n'sour: Google resets passwords after storing some unhashed creds for months, years


Re: ‘Encryption at rest’

As you indicate, at rest likely means disk encryption. The follow up question is, what about in transit?

Google != security | privacy

Titan-ic disaster: Bluetooth blunder sinks Google's 2FA keys, free replacements offered


Google != security | privacy

RIP Hyper-Threading? ChromeOS axes key Intel CPU feature over data-leak flaws – Microsoft, Apple suggest snub


Disabled HT on my Mid-2014 MBP i5. https://support.apple.com/en-us/HT210108

Thanks Apple! Let me know when you kick INTC to the curb and switch to AMD/ARM, similar to what you did for QCOM 5G modem chips.

Buffer the Intel flayer: Chipzilla, Microsoft, Linux world, etc emit fixes for yet more data-leaking processor flaws


Re: Patches on patches

More bandaids on top of bandaids. At some point you have to rip off the first bandaid to clean the wound to prevent infection.


At this point I have lost all hope the vulnerability discovery cadence will not slow down enough for Intel to ever fab new silicon.

Microsoft emits free remote-desktop security patches for WinXP to Server 2008 to avoid another WannaCry


I have noticed an uptick in WAN side port 3389 scanning out of Russia and China.

You lost me at "Adobe"

It's 2019 and a WhatsApp call can hack a phone: Zero-day exploit infects mobes with spyware


FB != security | privacy

It's May 2. Know what that means? Yep, it's the PR orgy that is World Password Day... again


Use a "password manager" from one demonistrated trustful company. Easy to create random new ones, store, sync, and retrieve.

FYI: Get ready for face scans on leaving the US because 1.2% of visitors overstayed their visas


Thanks to the US OPM hack, the Russian and Chinese gov't already have many US citizens personal details, including biometric fingerprints.


We do not have a mandatory national federal photo ID. Instead, we have a social security number (SSN) card, which is a piece of cardboard, with a 9 digit number and a signature. We have federally mandated RealID requirements for state issued photo IDs, which requires multiple forms of ID (including the cardboard SSN card) and other documentation proving who you are and where you live.

Let's stop the charade and embrace our "Idiocracy" destiny.


Now here's a Galaxy far, far away: Samsung stalls Fold rollout after fold-able screens break in hands of reviewers


Who thinks the Galaxy Fold would survive the beach sand test?

Defense against the Darknet, or how to accessorize to defeat video surveillance


I wear a ghillie suit while in public. Fools em every time.

Patch blues-day: Microsoft yanks code after some PCs are rendered super secure (and unbootable) following update


My employer uses third party tools to manage and push out updates after they have been vetted, rather than clients pulling updates directly from M$.

Facebook's at it again: Internal emails show it knew about Cambridge Analytica abuse 'months' before news broke


Proof FB is an open sewer and Zuck is a worm. Let's just hope he does not procreate.

SPOILER alert, literally: Intel CPUs afflicted with simple data-spewing spec-exec vulnerability


Universal law: Good, fast (lead time), or cheap. You can have any two, never all three. Intel obviously did not pick Good.

If this doesn't push Apple over the edge to migrate some of their laptop line away from Intel, nothing will.

It all hinges on this: Huawei goes after Samsung with its own foldable hybrid Mate X


- Do you get a free toaster with the loan you have to get to finance it?

- What is the software update plan, delay, and how long before they stop issuing updates after sales fail?

- Looks fragile.

- The screen warp at the seam (watch some of the launch demo videos)

- Too big to put in a pocket.

- How does it hold up to scratches?

- Is it IP67/68?

- Can't put a case on it and still use it.

- How much does it cost to replace a cracked screen?

- Contains two batteries that could become an IED.

- Contains 5G, which means you have potentially cellular level alternating, millimeter wave antenna. (https://www.saferemr.com/2017/08/5g-wireless-technology-millimeter-wave.html)

I don't see the use case given all the drawbacks. Just because you can, does not mean you should.

WTF PDF: If at first you don't succeed, you may be Adobe re-patching its Acrobat, Reader patches


I uninstalled everything from Adobe years ago and excommunicated M$ for my home 10+ years ago.

Unfortunately, people will continue to use Flash well beyond the announced EOL in 2020. https://theblog.adobe.com/adobe-flash-update/

The only real way to kill it off is if Adobe or the OS/browsers implement a master kill switch which is activated on a particular date.

Fun fact: GPS uses 10 bits to store the week. That means it runs out... oh heck – April 6, 2019


I guess you don't use a GPS based time server or understand location determination is critical to determining GPS time. Good to know in case your resume comes across my desk.



Glad I have my own verified compliant GPS NTP time server in my home.

I wonder how many government agencies, car navigation systems, and aircraft navigation systems will go Tango Uniform (TU) on 4/6.

What about the banking industry? At least it’s a Saturday so the stock market won’t crash.

QNAP NAS user? You'd better check your hosts file for mystery anti-antivirus entries


Problems like this occur when a user enables WAN facing services (port forwarding, UPnP, MyQNAPcloud, etc.) Hackers can profile the device based on responses, then gain access using known vulnerabilities.

Judge! snuffs! Yahoo!'s attempt! to! settle! 2013! megahack! class-action!


Put all the lawyers on the B-Ark and send them ahead to populate the next planet.

Ref: https://hitchhikers.fandom.com/wiki/Golgafrinchan_Ark_Fleet_Ship_B

"The Golgafrincham Ark Fleet Ship B was a starship designed to relocate the (largely redundant) useless part of the population from the planet of Golgafrincham."