* Posts by fm+theregister

18 posts • joined 6 Aug 2018

Microsoft nukes 9 million-strong Necurs botnet after unpicking domain name-generating algorithm


Report is flawed - Namecoin DNS infrastructure?

From: https://www.bitsight.com/blog/joint-effort-with-microsoft-to-takedown-massive-criminal-botnet-necurs

"A second DGA-like fetches .bit domains that are not generated algorithmically but hard-coded.

The .bit TLD is an alternative DNS model, maintained by Namecoin, that uses a blockchain infrastructure and is harder to disrupt when compared with ICANN regulated TLDs."

Unless they block all Namecoin-able DNS servers, I cannot reasonably see why spend so much time, money and coordination efforts in such operation.

Want to get rich from bug bounties? You're better off exterminating roaches for a living


True security ppl never sells, instead they use them

It is my understanding that if you are deeply involved in security, you should never sell the bugs / softwares for a bounty, instead you shall use them, and only when necessary to do so.

The Reg takes the US government's insider threat training course


Re: Gov agencies, analysts, funding, military

>81 per cent received no money for their services

Why would someone work for free? Even working for your own country, you need to get paid - I believe that's called capitalism. If doing something others cannot easily do, you need to be well-paid.

>and 94 per cent went to prison

I strongly doubt this numbers.


Gov agencies, analysts, funding, military

Gov agencies got low on their stockpile of cyber, due to recent leaks.

There are a handful of companies and men out there who know how to develop them.

They should talk to their local military ally branch and sign a contract, funding them, in short term.

Brit armed forces still don't have enough techies, thunder MPs


>requiring certain level of physical training

I believe bcz if they want to work with you, they certainly pass the physicals, a matter of training.

>potentially dangerous missions

maybe bcz they enjoy it

>Or even worse you could do it at Civil Service rates

there is a way around this, hire the consultant services while they are civilians, and welcome them in the next trial

FBI fingers the Norks it wants to pinch for Sony hack, WannaCry attacks


I would assume the shit hit the fan, ppl went after him, he was tipped off to not leave the country, the guys after him realized that, then decide to post a search warrant.

NASA 'sextortionist' allegedly tricked women into revealing their password reset answers, stole their nude selfies


what is wrong with the good old porn?

plenty of websites to go for FREE porn, why the heck go after women ONLINE????

Nope, the NSA isn't sitting in front of a supercomputer hooked up to a terrorist’s hard drive


NSA does have loots of super computer rooms

Hopefully they will be put to good use, with better tools, to achieve the very same objective - stop criminals and terrorists.

The tools and the operators sure need warrant and reward, after all it is a gray area - and the organizations using the tools may decide to use them for other purposes other than pursue crims+terrorists - in which case, if you helped with such tools, you cannot be deemed responsible for the bad use of them.

And travelling abroad, only with diplomatic passports.

Congress wants CVE stability, China wants your LinkedIn details, and Adobe wants you to patch Creative Cloud


Out of the box, gray thinking

“This case is another example of a double standard toward prosecuting cybercriminals in post-Soviet countries"...


We need to be careful pointing fingers. Double standards are everywhere. Hackforums+Omniscient+LEA (you know which one) also have been looong date partners, including in sting ops.

Hackers faked Cosmos backend to hoodwink bank out of $13.5m


It is all about penetration testing

While companies and gov-entities still insist in not conduct real-world pen-testing, security will never improve.

If you choose to take a pentest with restrictions, for world+dog only to "see" how good your security is, this will keep happening.

real world attackers (and gov agencies) use - bribing, woman, booze. it is up to the banks (and gov entities) to conduct real-world pentest and avoid this to happen again and again.

its a never-ending game. dangerous game.

Black hats are baddie hackers, white hats are goodies, grey hats will sell IP to kids in hoodies


Re: greys dont screw over their employers, blacks do



Re: Secret documents for sale cheap

why not .gov? but they are quite more polite and elegant by now...


greys dont screw over their employers, blacks do

greys will help their employers by viable means, not screw them.

Windows 0-day pops up out of nowhere Twitter


I would bet he used unofficial channels to make a bigger buck, and was crossed.. auf!

US Democrats call in Feds: There's something phishy going on with our voter database


Re: Corruption.

just burn after reading

Cisco smells a RAT in Breaking Security's Remcos PC wrangler


Re: Every Tool is a Weapon -- Revocation Lists

>One might think that it would be nice if they had a way to revoke a license

They can revoke the license denying future updates, disclose a watermark in that specific build of the software, send the IP address + email of the buyer to the authorities. But surely this move will hurt their business model.

Wasted worker wasps wanna know – oi! – who are you looking at?


Wasps can turn into beautiful butterflies

I heard wasps can turn into beautiful butterflies once... somewhere...

Security world to hit Las Vegas for a week of hacking, cracking, fun


Re: Hackers conference?


Not a possibility. A fact! directly from Andrew Grove:


-"Only the paranoid survive"


Biting the hand that feeds IT © 1998–2020