* Posts by It's just me

57 posts • joined 2 Aug 2018

Page:

To test its security mid-pandemic, GitLab tried phishing its own work-from-home staff. 1 in 5 fell for it

It's just me
Mushroom

I've been getting a phish from "American Express" sent through SendGrid about once a week for the last month. I've reported them all to [email protected] and [email protected] but nobody appears motivated to stop them.

Real-time tragedy: Dumb deletion leaves librarian red-faced and fails to nix teenage kicks on the school network

It's just me
Angel

Re: My uni had similar rules :)

Us true admins were the ones running the quake server on the network for lunchtime and after-hours "network latency testing" and ops team-building.

It's 2020 and hackers are still hijacking Windows PCs by exploiting font parser security holes. No patch, either

It's just me
FAIL

Re: Why the Details pane?

If I recall correctly, for at least some file types, Windows runs the file in the associated application in order to extract that metadata.

Wake me up before you go Go: Devs say they'll learn Google-backed lang next. Plus: Perl pays best, Java still in demand

It's just me
Happy

Was that some Perl code you ended your comment with?

Microsoft boffin inadvertently highlights .NET image woes by running C# on Windows 3.11

It's just me

Re: BTW if you need a cross-platform GUI development solution

> you get a fairly large (10 Megabytes) static binary

Turning off debug info can shrink the executable size 90%.

Are you getting it? Yes, armageddon it: Mass hysteria takes hold as the Windows 7 axe falls

It's just me
Linux

Re: one would think

Microsoft already owns the Lindows trademark.

In 2001 the founder of mp3.com released a Linux distribution names Lindows OS.

Microsoft sued them in 2002 and in a 2004 settlement MS gave them $20 Million, they transferred the Lindows trademark to Microsoft, and changed their name to Linspire.

https://www.operating-system.org/betriebssystem/_english/screen_gallery.php?bsgfx=linux/lindows/shot0-scr-.jpg

Step away from that Windows 7 machine, order UK cyber-cops: It's not safe for managing your cash digitally

It's just me
FAIL

Re: Upgrade from Windows 7

Unless you surf to such malicious sites as the BBC, The New York Times Online, The London Stock Exchange, Spotify and The Atlantic. All of which have in the past served up malware in the ads they display to their viewers. Just because it's a reputable company doesn't mean that crooks haven't found a way to inject malware into their site.

H0LiCOW: Cosmoboffins still have no idea why universe seems to be expanding more rapidly than expected

It's just me

Re: the Hubble variable

Maybe it's a just-in-time or interpreted universe.

Rowhammer rides again as FPGA attack, RSA again reportedly up for sale, anti-theft kit to nuke laptops, etc

It's just me

Re: Rowhammer/JackHammer

As much as I would like that, I doubt it, as a prerequisite of these attacks is for the attacker to already have their code running on the victims computer. In the case of consumer devices it's already game-over at that point. The only place these attacks are really a concern is situations such as cloud computing where you share the hardware with untrusted third parties, or perhaps DRM where the untrusted party is the owner of the hardware.

Latitude 9510 lappy has a speakerphone so you can tell the conference call all about your 30-hour battery

It's just me

Re: Speakerphone

It doesn't mean they are doing it, but when there are additional microphones available then some advanced signal processing and noise cancelling algorithms can be employed to give better audio quality.

It's just me

There are several things that may limit a system to 2TB. MBR formatting has a 2TB limit and certain SCSI commands have a 2TB limit. So if the system doesn't support UEFI booting to a GPT partition with a 64bit OS or it doesn't support LBA64 then it might have this limit. Or they might not want to list all the caveats or deal with the increased support load and its simpler and cheaper to just say they don't support it.

It's just me
Unhappy

Re: 30-hour battery

No, We've had to replace swollen batteries on probably 10 to 20% of our Dell laptops over the last few years, over 50% of the XPS and Precision laptops purchased 2016-2017 had this problem. Dell did proactive replacements of a number of them in early 2017.

Managing the Linux kernel at AWS: 'A large team of security experts' dealing with fallout from Spectre, Meltdown flaws

It's just me

Re: How many attacks?

The problem is, with most of these attacks, there is no noticeable effect on the targeted system. So unless the crooks/hackers/TLAs screw up in some other way, you may never know you were attacked, what they got, or how they got it.

Bad news: 'Unblockable' web trackers emerge. Good news: Firefox with uBlock Origin can stop it. Chrome, not so much

It's just me

Re: Unblockable email

Most spam I see comes from random or fictional addresses so a block list doesn't help in many cases, I recently found gmail bounces incoming email that doesn't provide a From: heading.

Close the windows, it's coming through the walls: Copper Cthulu invades Dabbsy's living room

It's just me

Re: Tone tracker

Unless you pay extra for the shielded stuff, Cat5 & 5e is UTP (Unshielded Twisted Pair)

That code that could never run? Well, guess what. Now Windows thinks it's Batman

It's just me
Linux

You do know sudo can be used to run processes as users other then root? These are exactly the type of people who should be restricted by a very tight sudo policy.

Microsoft joins Google and Mozilla in adopting DNS over HTTPS data security protocol

It's just me
Boffin

Re: So, for the simpletons like myself...

You should be able to, at your router, block traffic to the DoH IPs that Firefox uses - ping mozilla.cloudflare-dns.com and then block the IP(s) it resolves to. Currently it resolves to 104.16.248.249 and 104.16.249.249.

It's just me
Big Brother

Re: not going to work

It's known as MITM or MiddleBox TLS interception/inspection. Doing it without raising a warning/error on the client requires that either you get your own certificate installed as a root CA on the client, or you are able to obtain, via theft or coercion, a signing key from one of the several hundred CAs your browser already trusts.

One man's mistake, missing backups and complete reboot: The tale of Europe's Galileo satellites going dark

It's just me

Re: Oh yeah?

Probably the same rogue engineer that worked for some auto manufacturers.

Blood, snot and fear: Why the travelling lone tech reporter should always knock twice

It's just me

Re: Bah!

The majority of times the latch was used, there was no story.

It's 2019, and Windows PCs can be pwned via a shortcut file, a webpage, an evil RDP server...

It's just me

Re: "exploits in the wild"

Actually they did report on this:

https://www.theregister.co.uk/2019/08/30/google_iphone_exploit_chain/

The NetCAT is out of the bag: Intel chipset exploited to sniff SSH passwords as they're typed over the network

It's just me

Except Nagle is often disabled for interactive sessions such as SSH.

Call Windows 10 anything you like – Microsoft seems to

It's just me
FAIL

Re: "Naturally, all user data is wiped with this option"

But windows explorer still doesn't know how to properly deal with the folder mounted partitions. If you have a 1GB D: and have a 1TB partition mounted on D:\Data\, using explorer to try to copy a > 1GB file from elsewhere to D:\Data\ fails with a insufficient disk space error.

Brits are sitting on a time bomb of 40m old electronic devices that ought to be recycled

It's just me
Happy

Re: Tell Apple that..

> I made 2 working HP laptops from one broken laptop by swapping parts.

That's amazing, how did you do this?

This summer's hottest sequels: BlueKeep II, III, IV and V – the latest wormable RDP holes in Microsoft Windows

It's just me

Read The Fine Article

From the article itself: "mitigations or workarounds... turn off, or firewall off, RDP services"

Y2K, Windows NT4 Server and Notes. It's a 1990s Who, Me? special

It's just me

Re: Even to this day...

RE: ghost systems

A few months back we had an AWS instance that experienced some hardware failure, was given the commands to shut down, and then restarted so aws brought it up on different hardware. But the old zombie instance kept running for a couple weeks with us having no way to access it, but it continued to send notices and warnings that took a while to track down as there was no trace of them on the supposed source machine.

LibreOffice handlers defend suite's security after 'unfortunately partial' patch

It's just me
Headmaster

Re: age of code

That's SSLeay, by Eric Andrew Young

Literally braking news: Two people hurt as not one but two self-driving space-age buses go awry

It's just me
Happy

Re: 9mph!!!

Oh no, not the comfy chair!!

I don't know but it's been said, Amphenol plugs are made with lead

It's just me

Re: Soon... soon....

Just waiting for the statute of limitations to expire, huh?

Here's a great idea: Why don't we hardcode the same private key into all our smart home hubs?

It's just me
Linux

Re: Not just IoShit

I discovered the same problem in an open-source intrusion detection system distribution a year or two back as well. Every installation from the ISO they provided would include the same SSH private key. I notified the author and in less then a day they had a new ISO posted with a modified installer that generated a new key during installation.

Google's reCAPTCHA favors – you guessed it – Google: Duh, only a bot would refuse to sign into the Chocolate Factory

It's just me
Terminator

aMfM?

What score does he get?

Out of Steam? Wine draining away? Ubuntu's 64-bit-only x86 decision is causing migraines

It's just me

Ubuntu 18.04 is not anywhere near EOL, it is the current LTS version and will receive updates for the next 4 years.

If Uncle Sam could quit using insecure .zip files to swap info across the 'net, that would be great, says Silicon Ron Wyden

It's just me

Re: Sensitive documents - with NIST?

NIST stands for National Institute of Standards and Technology and they develop Federal Information Processing Standards that all federal agencies must follow. Among others, their Special Publication (SP) 800 series present information of interest to the computer security community. The series comprises guidelines, recommendations, technical specifications, and annual reports of NIST’s cybersecurity activities. SP 800 publications are developed to address and support the security and privacy needs of U.S. Federal Government information and information systems.

https://www.nist.gov/itl/nist-special-publication-800-series-general-information

It's just me

Re: Strong encryption for the masses? Since when?

> ... six of the most honest of senators ...

Could you find that many?

Ubuntu says i386 to be 86'd with Eoan 19.10 release: Ageing 32-bit x86 support will be ex-86

It's just me
Linux

32 bit VMs

One thing I used 32 bit linux for was lightweight single purpose VMs, if you are using < 4GB RAM then a 32 bit system uses a lot less resources. A number of years ago I ran some tests, I configured 2 identical bare bones Ubuntu server VMs running Apache, one 32 bit and one 64 bit. The 32bit system used 170MB RAM while the 64bit system used 270MB. So in this case the 64bit system used over 50% more ram just to accomplish the same job and I could run quite a few more 32bit VMs on the same host.

Microsoft emits free remote-desktop security patches for WinXP to Server 2008 to avoid another WannaCry

It's just me

Re: XP What? Where?

I believe the TeamViewer host maintains an outgoing connection to the TeamViewer servers to facilitate connections from behind a NAT router. So, unless there are additional considerations, you should be able to use a strict firewall that denies all connections coming from the internet and just allow connections initiated by the XP machine.

It's your what in a box? Here's a thing to make your bosses think about malware responses

It's just me

Apparently Americans are not part of "it's open for anyone to use"

Tried to access it from the US and got

403 ERROR

The request could not be satisfied.

The Amazon CloudFront distribution is configured to block access from your country.

Generated by cloudfront (CloudFront)

Request ID: VHAppfdRXhGS1TMFQ4-fnV21guIgWpEAhd8mfgddxw==

Free online tax filing? Yeah, that'll soon be illegal thanks to rare US Congressional unity

It's just me
Thumb Up

Re: Unpaid advertisement

No, on the upsell, for tax filings at least. They do make you create an account on their main site where they make their money by offering you various credit cards and other such offers you may qualify for. They handle a large number of additional forms. The only problem I ran into with them was they wouldn't let me directly apply my refund to my 2019 estimated taxes (I'm self-employed, so have to pay quarterly). So I used CreditKarma to fill out all my tax forms, then exported them to pdf, then went to www.freefilefillableforms.com and copied the numbers into the forms on that site and electronically filed them from there. CreditKarma also does free state filing as well, but since I didn't file through them I just copied the numbers from their forms into my state's web filing portal.

It's just me

That list only applies if your adjusted income is less then $60000. There is the https://www.freefilefillableforms.com/ site which allows you to fill in and file your federal returns for free. https://www.creditkarma.com/tax also provides free state and federal tax filing.

Scare-bnb: Family finds creeper cams hidden in their weekend rental by scanning Wi-Fi

It's just me

Re: How

It's similar. It has a subset of Nmap's features, but provides them in a simple to use GUI.

Q&A: Crypto-guru Bruce Schneier on teaching tech to lawmakers, plus privacy failures – and a call to techies to act

It's just me
Terminator

Re: They Won't Listen

Aaaand... now AMfM is back to his usual self. Multiple personalities/programs using this account?

It's just me
Terminator

Re: Pie in the Sky, the Phantom Traded Stock of Parasitic Political Pygmies and Wannabe Caesars?

Wow, did AMfM get an upgrade? That post was more coherent and natural then the psychedelic word explosion I'm used to seeing from him.

WannaCry-hero Hutchins' trial date set, Microsoft readies Google's Spectre V2 fix for Windows 10, Coinhive axed, and more

It's just me
Unhappy

Re: We the Rabbits ...

Welcome to the US judicial system where it's not unusual for a speedy trial to take 2 to 3 years.

https://www.avvo.com/legal-answers/what-is-the-average-length-of-time-for-a-criminal--782338.html

Use an 8-char Windows NTLM password? Don't. Every single one can be cracked in under 2.5hrs

It's just me
Thumb Up

Re: There are 203 passwords in my password manager

I agree. If everyone would implement an open standard such as FIDO U2F or FIDO2 then you could use one Yubikey dongle for all sites. Another open protocol I'm watching which is nearing release is grc.com's SQRL.

Fun fact: GPS uses 10 bits to store the week. That means it runs out... oh heck – April 6, 2019

It's just me

Some manufacturers would just EOL their devices every 2.5 years then, they would love an enforced 2.5 year replacement cycle.

Alleged SIM swapping crypto-crooks cuffed, iOS app snooping, ad-fraud botnets, and more

It's just me

Re: Sms should not be used for 2fa

No! SIM swapping, as referred to in this article, and SS7 exploits among others allow someone else to intercept your 2FA codes.

Where to implant my employee microchip? I have the ideal location

It's just me

Re: Implanting chips in employees

https://www.cnet.com/news/employees-offered-rfid-chip-implants-its-voluntary-for-now/

Just one Corretto, give it to me... AWS brews its own blend of Java with free long-term support

It's just me

Re: Not correct

Quoting the Oracle announcement : "Once a Java SE version reaches “End of Public Updates”, any further updates will be available only to Customers and accessible through My Oracle Support and via corporate auto update where applicable" ... "Oracle will continue to provide Public Updates and auto updates of Java SE 8, until at least the end of December 2020 for Personal Users, and January 2019 for Commercial Users." ... "Java SE 8 Commercial User End of Public Updates - January 2019"

compared to the article's "Amazon will distribute security updates to Corretto 8 at no cost until at least June, 2023"

It's just me

Re: Not correct

It's close enough, My understanding from reading the linked Oracle document is that after Jan 2019 all the users in my company will not be able to get security updates for their java 8 runtimes for free. So Amazon providing their builds for free sounds attractive to me.

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020