* Posts by gollux

413 publicly visible posts • joined 11 Sep 2007


Latest Androids have 'god mode' hack hole, thanks to Qualcomm


Totally flaming awesome!!!

It's a grand world where amazing things happen. Please keep the wondrous software and firmware coming into our lives for the beauty they bring!

Russia reports RAT scurrying through govt systems, chewing data


Re: After reading the description of the malware...

Meh, given the nature of Organized Crime in Russia, simply home dudes lookin' to make more money.

Odds are your office is ill-prepared for network-ransacking ransomware


And will most likely be...

Cisco enabled... They haven't had a very good security track record. The latest fixes are mostly a testament to how much they've been resting on their laurels and seem to be a way of pointing fingers elsewhere to try gaining back some cachet of responsibility and forward planning.

It's 2016 and your passwords can still be sniffed from wireless keyboards


Totally awesome!!!

If you're brain dead to checking out the technology you buy, convenience always has a neat price...

Meh, whatever... You probably are ok in a sea of blithering data and have escaped so far.

There will always be another interesting method of compromise once you've closed this hole.

Flaws found in security products from AVG, Symantec and McAfee



Humorously, we'll find that an OS with the latest patches available, web browser with downloads disabled, minimal acceptance of file types and email clients that only accept a minimum of file attachments will be about as safe as we can get for the next couple months... (RIP Bloated AV Suites)

Maybe time to start thinking about that mission specialized barebones *nix box if you don't already have one.

Since you love Flash so much, Adobe now has TWO versions for you


Oh, JFC...

Can't we just put the stupid package to permanent death already. I've given up on the games as an enticement to keeping Smash Player loaded several years ago, and would like to see any accounting package (Sage, you're in the crosshairs) that demands Flash Player be loaded for part of their software display interface to be removed from the planet.

BMW web portal vulns pose car hack risk – researchers


We are creating a world...

That we richly deserve... While the planet dies off from under us, the dispossessed rise up against us, we create navel gazing cars that quickly gain the ability for others to transport us to misery.

You know how that data breach happened? Three words: eBay, hard drives


Re: Investing

Yeah, that free DBan download kills most budgets, as does just simply folding most 2.5" drives in half and then peeing on them and burying them out in the rose planter.

Eat my reports! Bart ransomware slips into PCs via .zip'd JavaScript



Excepting that this is Javascript which is executed by web browsers and the Windows Script Host...

Sun/Oracle Java doesn't need to be installed on the system for this to operate, it's not Java Byte Code.

Honk if you love Jesus and understand the difference between Java and JavaScript!

25,000 malware-riddled CCTV cameras form network-crashing botnet


Definitely one we'd want to BrExit...

Medicos could be world's best security bypassers, study finds


Yeah, we're secure...

But the patient's dead...

There was this book written in the aftermath of WWII that pretty much details the conflict between reality, policy and management. I'm reminded of it every day...

"Catch 22"

IRS kills off PINs citing increasing suspicious activity



That whiff of a stupid number that supposedly is a key to something. Protecting stupid stuff 5 digits at a time... Hey, I have this bridge I can sell you, it's got this number on it.

Carbonite online backup accounts under password reuse attack


Totally, absolutely awesome. Steal their backups, hit them with a targeted attack while simultaneously burning their backups to the ground.

Update your buggy Samsung PC bloatware to plug privilege bug


Re: Usefulness

crapware is to manufacturer bloatware

as possible low grade fertilizer is to agent orange defoliant.

Often never updated more than once or twice after installation, the best way of handling all that manufacturer junk is to remove it with extreme decontamination level set and hope that there's no residual breakdown poison remaining in your OS.

You've got a patch, you've got a patch ... almost every Android device has a patch


Good Luck on that...

Good Luck getting that update from your mainline Android producer, except the majority probably won't be getting it out to you soon. Samsuck earned my eternal do not buy on this.

TeamViewer: So sorry we blamed you after your PC was hacked


If you value convenience over security when using Remote Desktop, VNC, TeamViewer, LogMeIn, etc...

They all become Remote Access Trojans.

Air-gapping SCADA systems won't help you, says man who knows


More SBO

Increasingly, the "Air Gap" is just another "Security By Obscurity" tactic. If it ain't secure offline, it ain't secure. There's always a way of jumping the "Air Gap", and often, the people working with the system assume that the "Air Gapped" system is automatically secure.

You've patched that Flash hole, but have the users? Phone's ringing. It's for you


Nobody knows yet. We hope the browser programmers learned from Flash and have done their job with security as the top priority, but I'd imagine somebody's out there with a fuzzer to see how high, thick and well built the wall is. Give it a couple years and we'll know for sure.

Smut apps infecting Androids with long-gestation nasties


Re: "plunder older Android devices through infected porn apps"

Yeah, mainline porn sites kind of want repeat customers.

Non-profit religious sites operate off a wing and a prayer and so security is often done off faith.

Flash zero day phished phoolish Microsoft Office users


Re: Why...?

So that school kiddies can attempt to bypass network security rules to play Flash Games. What's it been, about a decade now that this stupidity has been enabled? Was trouble when it began...

Adobe...sigh...issues critical patch...sigh...for Flash Player zero day



Porn sites tend to want to keep their customers so are probably well ahead of the curve on HTML5 adoption, unlike ad agencies, Sage software type graphical interfaces and other companies who think they have a captive audience and therefore don't have to change.

Hackers' paradise: Outdated Internet Explorer, Flash installs in enterprises


Re: MS is trying to fix

Heh, like all the Windows versions before it. SSDD...

Android's security patch quagmire probed by US watchdogs


Re: Samsung is the worst of the big manus

Yeah, I crossed Samsung off my buy list a couple years ago. Flash but in the end, no go.


Funny how you don't have to buy cheap Android equipment either to be caught in the patch quagmire. It's abysmally bad all around. The "business" models my company paid for were promoted for their performance and support and cost a little bit more, but at 18 months were basically unsupported when it came to OS upgrades. And the companies with garbage support can be some of the mainstream types that tout their excellence in all other fields, until it comes down to Android.

Facebook bungs 10-year-old kid $10k to not 'eliminate' Justin Bieber


There is no justice

That should have gone up for auction with the highest bidder getting the choice of thumbs up or down and all the money put into some worthy charity. Canadians by now probably would have snapped it up to end the embarrassment and sent it permanently to the eternal bit bin.

Google can't hold back this malware running riot in its Play store


Intensely good news!!!

I've been told to quit whining about the lack of OS updates on the Samsung and HP abandonware that I stupidly bought because even though the last OS upgrade was a year and a half ago, I only had to worry if I had enabled downloading apps from anywhere else but the Google Store. Google Knows Best, serves out the very thing I was told by various Android FanBois that I didn't have to worry about as long as I didn't install from untrusted sources or root my tablet.

Net scum lock ancient Androids, force users to buy iTunes gift cards


Re: How Ancient?

Smash it with a hammer, silly. Isn't that what everyone does? After all, you should be buying one a year to keep the OEM in the black.


Users can still copy their files from infected devices before entering recovery mode and flashing a clean - and preferably updated - still vulnerable Android operating system because your major manufacturer never bothered with those silly updates.

FBI ends second iPhone fight after someone, um, 'remembers' the PIN


They didn't like the looks of that legal "wrench" being swung around. Their lawyer had a little discussion about "plea bargain" and "good behavior" and the reality of accepting lesser charges.

Exploit kit writers turn away from Java, go all-in on Adobe Flash


It's time for a change...

start looking for HTML5 vulnerabilities, our cash cows, Java and Flash are being taken away from us.

Oh, and Apple's still recommending Quicktime installation despite the somewhat nebulous security warning from them about their abandonware.


Grott E. Hacker

Idiot millennials are saving credit card PINs on their mobile phones


Welcome to the new millenium...

It's time to join PETE...

People eating tasty Eloi

US-CERT advice says kill Quicktime for Windows, quickly


Re: Next

As soon as Stooge Software, err, ahem, Sage stops pushing it for their Visual Workflows tripe.

Their SOP install for their Sage 100 product leaves the central server wide open for ransomware takedown. You'd think that Client Server meant that the client wouldn't run with enough rights on the server to directly access and modify files, oh, who am I kidding. Every workstation on the network should automatically have read/write access to the data table files, 'cause, you know, Crystal Reports... even though it's only server processes on the server that actually modify the files.


Is Crapple still trying to get you to reinstall Quacktime 7.7.9 when you run Apple Update?

They announce it's abandonware and are still pushing it, must not like Windows users.

Swedish air controllers debunk cyber attack disruption theory


World War III will begin with various nations ramping up their weaponry to include all sorts of hypersonic warhead delivery systems, advanced cruise missiles and cyberwarfare initiatives.

The trigger will be a 10 thousand year solar event and an itchy, ill-educated button finger recently removed from scratching a well-fed upper class behind.

Symantec cloud portal goes titsup after database crash


Re: Root Cause identified...

Oh, you mean that awesome computer performance enhancement tool? We used it company-wide in our Windows XP days to revitalize our network and get an extra year out of the workstations so we could afford our Windows 7 roll-out. Good to know it has other world improving uses!


Welcome to the cloud...

You have just hit an embedded thunderstorm. Expect to simultaneously hit updrafts, downdrafts, softball sized hail, intense rain, icing conditions and the possibility of tornado force winds.

Hope your business survives the experience.

Websites take control of USB devices: Googlers propose WebUSB API


More stuff...

to help the "Internet of Stuff" help you get stuffed.

WordPress pushes free default SSL for hosted sites


At least you can be safely and privately infected when you visit WordPress sites now.

Read America's insane draft crypto-borking law that no one's willing to admit they wrote


require companies to either build a backdoor into their encryption systems or use an encryption method that can be broken by a third party

And by federal mandate, all federal, state and municipal entities, law enforcement military and intelligence and any other unspecified government entity must use said encryption systems and methods.

No governmental, commercial entity or person is above the law.

Adobe preps emergency Flash patch for bug hackers are exploiting


Open Cesspit's...

back in the news, try the new flush system invented by John Crapper, it has much improved handling of internet detritus, uses that newfangled HTML5 stuff.

Android gets larger-than-usual patch bundle as researchers get to work



Never has so much effort been put forth for so little return... It's wonderful if your Android device provider is keeping things current, for everyone else, not so much.

'Devastating' bug pops secure doors at airports, hospitals


More cool news...

From the Internet of Sh!t

Hacker reveals $40 attack that steals police drones from 2km away


Bwa ha ha

How precious... For want of a little security, you could 5 finger discount your own professional level drone.

Patch Java now, says Oracle. Leave the Easter chocolate until later


Thank goodness the only installation of Java I have runs on a VirtualBox VM used for the single purpose task of router management. It's been a pleasure stomping it out and not having to worry about the panicked upgrade cycle on the network for about a year now.

Adoobie Trash, Murdersloth SliverBlight been exorcised as well. Sigh...

Hackers giving up on crypto ransomware. Now they just lock up device, hope you pay


Welcome to the TOR crime locker.

Cloud security harder than 'encrypt everything'


<quote>“So you decided to encrypt the giant database at rest – but you have automated queries coming in from other systems, all day."

“All those other systems have copies of the keys – you have copies of the keys all over the place. It's hardly any different to the data not being encrypted.”</quote>

Heh, the same argument as used against backdoors. All those keys sitting around just waiting to be extracted and exploited.

Apple stuns world with Donald Trump iPhone


Re: Good phone makers start to recognize there's a market for 4" devices...

Smaller, less foldable phones is a good idea. Also makes it more impressive when they shoot 8" flames. Nothin' lights better than a Ronson...

Apple engineers rebel, refuse to work on iOS amid FBI iPhone battle


Re: How unAmerican ...

Next time around, please put a joke alert on. While a good portion of Apples software engineering and hardware R&D might be done in the US, I'd like to see a list of who builds iPhones in the US. It's got to be a pretty short to non-existent list...

Also, last I heard, Taiwan hasn't been taken over by Mainland China yet... and that's where Foxconn is based so we have a mix of their Mainland China locations that are Communists waiting to be rebranded as Extreme Communists and Taiwanese who will laugh at you...

HTTPS is not enough: Boffins fingerprint user environments without cracking crypto


One of those...

This is a "no shit" type of finding. Yes, there is metadata that is used in the establishing of connections and outside of the encrypted connection that can be statistically and directly analyzed to identify the two stations exchanging information. We've known this all along unless we were hiding under a rock.

'Millions' of Android mobes vulnerable to new Stagefright exploit


Re: Cyanogenmod time

Better to brick it finding Cyanogenmod won't load than to be running a easily compromised device.

If it bricks, replace it with something supported by Cyanogenmod for that inevitable point in time when the manufacturer quits supplying Android updates.