* Posts by pc-fluesterer.info

144 publicly visible posts • joined 23 Feb 2020

Page:

Unending ransomware attacks are a symptom, not the sickness

pc-fluesterer.info
Go

The pricipal culprit: Proprietary prducts with backdoors

Yes, you could make life easy and blame attacks on not employing MFA.

But if you use network gear riddled with backdoors for the three-letter-agencies, you are lost. Anyone remember the US-Telcos case?

The only fundamental solution is the migration to FOSS on all levels from network gear to the back office servers.

Denmark and Estonia both have built their Civil Services completely on FOSS. Ransomware attacks are plain unknown.

pc-fluesterer.info
FAIL

Yahoo? Serously????

The firm has been hacked several times and has lost ALL of its dats to cybercrooks. The who uses Yahoo these days must be ...

Ninite to win it: How to rebuild Windows without losing your mind

pc-fluesterer.info
Happy

"a criminal waste" -- or an opportunity to buy HW for all kinds of non-M$ uses cheap. :-)

Blue Shield says it shared health info on up to 4.7M patients with Google Ads

pc-fluesterer.info
Alien

Re: Why no mention of penalizing Google?

Nice dream ...

What to do once your Surface Hub v1 becomes an 84-inch, $22K paperweight

pc-fluesterer.info

no need for "retro-arch"

The core-i7-4xxx can run any contemporary Linux. If Nvidia isn't in the way.

Cardiff's children's chief confirms data leak 2 months after cyber risk was 'escalated'

pc-fluesterer.info
FAIL

Name names

Where sat the weakness exploited? Cisco, Citrix, ... Micro$oft, Oracle, ...? Anyway a proprietary product, amirite?

So to prevent a recurrence will they consider migration to FOSS as in Denmark or Estonia?

The answer is: NO, for a variety of reasons. :-(

Qilin ransomware gang boasts of cyberattacks on cancer clinic, Ob-Gyn facility

pc-fluesterer.info
FAIL

Lessons learned?

So, what ramifications will follow?

None, of course.

Perhaps a bit of user training, because a user was the culprit, no?

But I bet that they will continue using M$ and other closed-source sh.t, buggy and riddled with backdoors.

Consider migration to FOSS? Oh, nooo!

Before that could happen the hell freezes over.

Oh well.

Microsoft unveils finalized EU Data Boundary as European doubt over US grows

pc-fluesterer.info

Not to forget the PATRIOT Act!

There's CLOUD and FISA and PATRIOT.

pc-fluesterer.info

Did you forget the "beware - irony" tag?

If not meant ironically I would understand your post as devious.

Crimelords and spies for rogue states are working together, says Google

pc-fluesterer.info
Facepalm

The real source of all trouble

All proprietary products, regardless weather from China or the US, are riddled with backdoors. A "good" backdoor doesn't exist, because every backdoor will be found by rogue exploiters at some point in time. The only valid protection would be by FOSS. That’s all.

Russia's Star Blizzard phishing crew caught targeting WhatsApp accounts

pc-fluesterer.info
FAIL

Why are officials allowed WhatsApp in the first place?

Nothing to see here - move on please.

Uncle Sam now targets six landlord giants in war on alleged algorithmic rent fixing

pc-fluesterer.info

Re: It's Not Just the Companies Named in the Lawsuits

In Germany we have a Tenant Association (Mieterbund) https://de.wikipedia.org/wiki/Deutscher_Mieterbund which fights for the concerns of tenants. OTOH they too are unable to achieve substantial improvements against adversaries like Vonovia (Annington). -

For organizing informally I would recommend a group in Signal.

'That's not a bug, it's a feature' takes on a darker tone when malware's involved

pc-fluesterer.info
Big Brother

And what about US-gear?

Nice talk about foreign gear. But what about US? Cisco, Citrix and the rest of the gang? They are riddled with backdoors as well. "Forgotten" hardcoded admin credentials and the like. Remember: the Chinese attacks against US telcos exploited backdoors in place for the government.

There is no "good" backdoor!

Proprietary (closed-source) products cannot be trusted, regardless of their origin.

The only tolerably secure solution is FOSS. And even that has limitations as we all know.

HTTP your way into Citrix's Virtual Apps and Desktops with fresh exploit code

pc-fluesterer.info
WTF?

"we've lost a little more faith in the internet"

s/the internet/Citrix/

xAI picked Ethernet over InfiniBand for its H100 Colossus training cluster

pc-fluesterer.info
Facepalm

Seriously - they did label that thing "Colossus"?

https://en.wikipedia.org/wiki/Colossus:_The_Forbin_Project

CISA boss: Makers of insecure software must stop enabling today's cyber villains

pc-fluesterer.info
WTF?

... not to mention the BACKDOORS implanted deliberately!

Each and very US company will have received a NSL, take that for granted.

There are by far too many "forgotten" hardcoded admin credentials and other faults clearly intended as backdoors.

But to address this issue is clearly off-limits.

Cisco's Smart Licensing Utility flaws suggest it's pretty dumb on security

pc-fluesterer.info

Backdoor

"negligence/incompetence" - that is the nice view.

I for one would presume intention.

They may have gotten a gag order (NSL).

Iran's Pioneer Kitten hits US networks via buggy Check Point, Palo Alto gear

pc-fluesterer.info
Facepalm

Hey, you! These backdoors were meant for the NSA only!

Nothing to add.

SolarWinds left critical hardcoded credentials in its Web Help Desk product

pc-fluesterer.info
FAIL

SolarWinds - I heard that name before

If only I could recall where ... <eg>

Hello? Are you talking on a Cisco SPA300 or SPA500 IP phone? Now's the time to junk 'em

pc-fluesterer.info
Black Helicopters

Re: Cisco, again

Yes, particularly: "An attacker could ... send a crafted HTTP request to one of the phones, ... making it possible to execute arbitrary commands – with ... root privileges."

Noooo, we don't build in backdoors, promised, honour bright!

Using 1Password on Mac? Patch up if you don’t want your Vaults raided

pc-fluesterer.info
Thumb Up

Full ACK.

I completely second that. I for one would NEVER give my credentials to a Closed-Source product, for various reasons.

Only way is FOSS. In terms of PW managers that is - depending on taste - keepass (and derivatives) or Bitwarden. Full stop.

Google gamed into advertising a malicious version of Authenticator

pc-fluesterer.info
FAIL

Trusted? TRUSTED?

"Google Authenticator is a ... trusted multifactor authentication ..."

What?

I for one would NEVER trust Google nor Microsoft, not at 2FA, nowhere.

For 2FA I use Aegis which is a FOSS TOTP App. The second choice would be FreeOTP, FOSS as well.

Intruders at HealthEquity rifled through storage, stole 4.3M people's data

pc-fluesterer.info
FAIL

"no malicious code was FOUND in its systems"

well ...

No rest for the wiry as Cisco Nexus switches flip out over latest zero-day

pc-fluesterer.info

Not 'anything' but only FOSS!

https://forums.theregister.com/post/4890470

Juniper Networks flings out emergency patches for perfect 10 router vuln

pc-fluesterer.info
Thumb Up

Re: History Lesson??

Full ACK.

The bottom line is: proprietary products from China or the US CANNOT BE TRUSTED.

All of them might have gotten a NSL requiring them to build in backdoors for 3-letter agencies.

If you want security get a FOSS solution.

'Mirai-like' botnet observed attacking EOL Zyxel NAS devices

pc-fluesterer.info
FAIL

Just don't make a NAS reachable from the open internet.

Just don't. That's a no-go. It is called NAS not IAS. NETWORK attached storage, not INTERNET attached storage. The latter we call cloud nowadays, and that is hard enough to protect.

Dropbox dropped the ball on security, haemorrhaging customer and third-party info

pc-fluesterer.info

FOSS

Nextcloud is FOSS, so a secret backdoor would not for long run undetected.

Flaws in Chinese keyboard apps leave 750 million users open to snooping, researchers claim

pc-fluesterer.info
FAIL

"Flaw"? Works as designed!

Move on, nothing to see here.

Apple promises to protect iMessage chats from quantum computers

pc-fluesterer.info
Thumb Down

Smoke grenade

All this fuzz is made as a sham fight in order to distract public attention from the role iMessage played (and plays?) for zero-click infection with Pegasus and others.

Thousands of Juniper Networks devices vulnerable to critical RCE bug

pc-fluesterer.info
FAIL

Darn! Again a backdoor disclosed ...

US design? Oh well. No further questions.

Kaspersky reveals previously unknown hardware 'feature' exploited in iPhone attacks

pc-fluesterer.info

Recording of Larin's speech at 37C3

https://media.ccc.de/v/37c3-11859-operation_triangulation_what_you_get_when_attack_iphones_of_researchers

pc-fluesterer.info

Re: You receive some 'visitors'....

aka NSL.

Money-grubbing crooks abuse OAuth – and baffling absence of MFA – to do financial crimes

pc-fluesterer.info
FAIL

OAuth is broken by design

Yes, a single sign-in is convenient. But it is inherently unsafe, too. I for one would never use it.

I use a password manager which automatically inputs my credentials into the appropriate website or application, and I use 2FA (TOTP) where ever possible.

Surprise! Email from personal.
information.reveal@gmail.com is not going to contain good news

pc-fluesterer.info
Thumb Down

And the role of the Chocolate Factory?

I see gmail and protonmail addresses used by the cyber gangsters.

At Protonmail they immediately delete accounts reported as abuse. BTDT.

And gmail? Reaction to abuse reports: Nil, nought, zero. :-(

pc-fluesterer.info
FAIL

Basically, never use exchange

https://alternativeto.net/software/microsoft-exchange-server/

Black Basta ransomware operation nets over $100M from victims in less than two years

pc-fluesterer.info
Linux

Will they ever learn?

Will any of the victims draw the obvious conclusion? Ransomware attacks rely on design faults and programming errors in M$ products. If the victims (and the to-be victims) wanted to protect themselves in the future, they could and should turn to FOSS.

Japan's space agency suffers cyber attack, points finger at Active Directory

pc-fluesterer.info
Facepalm

Will they ever learn?

AD is not inevitable!

https://alternativeto.net/software/microsoft-active-directory/

Ransomware-hit British Library: Too open for business, or not open enough?

pc-fluesterer.info
Linux

"let the barbarians in through the gate"

The name of the founder of Microsoft was "Gates", not "gate", wasn't it?

Microsoft pins hopes on AI once again – this time to patch up Swiss cheese security

pc-fluesterer.info
Facepalm

AI is a plain mock attack

Ransomware to 90% is not enabled by security holes in the sense of programming errors. Ransomware is enabled by design faults deep in M$' thinking. Most of ransomware comes with SPAM an the user has to contribute:

Open the SPAM (ok, take that for granted);

open the attachment (that's already questionable);

allow macros! (¹);

give the admin's password! (²)

(¹) How on earth can it be that a document (text, spreadsheet, presentation) sent by mail can contain macros so powerful that they can damage the OS severely? How on earth can it be that macros in an email attachment can be enabled at all?

(²) Following best practice, no user should™ have administrative rights, neither by knowing an admin's password nor by by normal working with administrative rights. But the latter happens way too often. Why? Because M$' products are "more comfy" with administrative rights - a design fault. Anyone remember Windows XP? That was effectively unusable with restricted user rights. The situation has since improved a little bit, but not enough by far.

Linux Mint Debian Edition 6 hits beta with reassuringly little drama

pc-fluesterer.info
Linux

Here is a happy and satisfied user

I for one use LMDE since version 2. LMDE 4 was quite good, LMDE 5 really grown-up. Looking forward to LMDE 6!

Will it offer an in-place upgrade such as Mint does?

Only thing I dislike is Cinnamon. I prefer Mate since the beginning, which I just installed additionally. So I use Mate plus Cairo-Dock.

Do Facebook's algorithms drive political polarization? Meta says no, but researchers say it's complicated

pc-fluesterer.info

No question here

Of course the tendency is away from the centre. The algorithms foster divisiveness, polarisation, radicalisation, because that catches peoples attention.

pc-fluesterer.info
Alert

Mock fight

The main menace for democracy is not the algorithms but the individual targeted advertising based on "big data" user profiles. That can be quite manipulating, as seen in the election campaign for the MAGA POTUS. In Germany we have a recent example as well: https://targetleaks.de/

Linux has nearly half of the desktop OS Linux market

pc-fluesterer.info
Happy

Re: "typical Linuxes are tools for nerdy hacker types" -- ?

""Mint is end user friendly to such an extent that it can beat Windows."

You're right, of course but to be fair, it's a low bar."

:-)

pc-fluesterer.info
Linux

Re: "typical Linuxes are tools for nerdy hacker types" -- ?

The ones I am talking about would never ever do a search (of course not goggle) and manipulate the system on their own.

After I have installed the system, it just runs. And runs and runs and runs.

Only when an upgrade is necessary (not earlier than four years) I enter the scene.

While in the meantime the process of upgrading is automated and works so seamless that any reasonably intelligent person can do that.

pc-fluesterer.info
Thumb Down

"typical Linuxes are tools for nerdy hacker types" -- ?

"... typical Linuxes are tools for nerdy hacker types"? I for one strongly disagree.

I have used many flavours of Linux since the mid-90s. For many years now Mint and LMDE are my number one (and debian as host for VirtualBox).

End users get Mint from me. And guess what? Even the most non-nerdy ones are happy with it. Mint is end user friendly to such an extent that it can beat Windows.

My stance is: Anyone who can read and write can use Linux.

Unsealed: Charges against Russians blamed for Mt Gox crypto-exchange collapse

pc-fluesterer.info
Boffin

Crypto is for crims an gamblers anyway, so what?

nothing to be seen here.

'Strictly limit' remote desktop – unless you like catching BianLian ransomware

pc-fluesterer.info
WTF?

In other words: Best practice

All that FBI advice boils down to one single sentence: Adhere to best practice.

Fast-evolving Prilex POS malware can block contactless payments

pc-fluesterer.info

How does it get there?

Well, that is what Prilex CAN do - impressive. But what's missing is step one: How does Prilex get into the POS system in the first place?

Bankruptcy probe: Celsius cheated investors 'from the start'

pc-fluesterer.info
Stop

If it looks "too good to be true", ...

nothing to add.

pc-fluesterer.info
Happy

Re: AST

Sell? To the "greater fool". ;-)

Page: