Posts by Diogenes8080 162 publicly visible posts • joined 7 Jul 2020
The Bat would have been a victim of observational bias. If the only time you see Bat headers is when digging around malicious mail, you soon begin to think of it as malware.
Having said that, the careful admin constructs a non-intrusive test filter just to see who else is using The Bat. If all of the samples detected are malicious, what sort of bias is that?
Yes, it's a non-sequitur, but not one that causes the recipient organization any real problems if the test was of satisfactory duration.
As the AC says, malware programmed not to attack targets showing RU or associated localisation is now commonplace. All that would happen is the gang would cheerfully pocket your up-front payment. Due credit should however be given to researchers who publish IoCs and technical dissections of malware - they are making enemies.
Advances in cryptography and in the computing power required to break those cyphers are collectively predictable. We just don't know exactly when the tortoise will overtake the hare or vice versa. What is certain is that the encrypted data you send with the best cryptography today will be trivially decypherable X years in the future. What was not happening maybe 15 years ago and is happening to an uncertain degree today is the quantity of intercepted encrypted data being stashed away in the hope that it will prove useful in X years time.
Now let's see. Who is in a position to collect that data, bear the cost of its retention and derive the highest value from it when it is finally unlocked?
Supreme Leader, we have captured a colossal quantity of decadent fascist dream-coins! However, we cannot convert this into cheese tokens without causing their running-dog exchanges to fail! What shall we do?
Fools! Send more ransomware phishes so there are ample funds in the exchanges to buy more cheese!
Originally the costs due to the equal pay dispute (and various administrations trying to dodge that bullet / kick the can down the road to the next administration) were supposed to be nine times the costs incurred by the Oracle project.
If the equal pay costs are lower, what proportion of the BCC black hole does the Oracle debacle now form?
Whatever the proportion, the actual money wasted would have bought a lot of what the county inhabitants are now having to do without.
And schools? Ah, throw each one a handful of A3s and let them sort it out for themselves. That software manages itself, right?
I've tried two simulators and both say it would not land even if it intersects Earth's orbit. It's an 8MT airburst, even feeding in the upper size estimate and an iron composition. Another Tunguska nevertheless.
Capture would be something of a challenge. You need to slow an estimated 17kms down to a nominal orbital of 8kms and alter the course to drop it into a useful orbit, applying this force to an object of uncertain composition and structural strength. For an estimated 220 thousand tonne rock that's a lot of work for relatively little reward.
I'm sorry; are you suggesting that under any property ownership, James Bond would /not/ have endless nookie with the available Hollywood nookie served up on a scriptwriter's block? Have you not seen any of the films?
Hmm. That comment is open to interpretation. Perhaps a counterrevolution is in order, after all. I prefer not to think...
And there was I thinking that the great 2015 breach of the OPM was due in part to a politically-appointed director who failed to implement US Inspector General recommendations:
https://www.theregister.com/2015/06/25/opm_sackings_data_breach_breach/
Placed in modern context there is some obvious flamebait I won't mention. [Lights blue touch-paper, retires behind concrete-faced earth berm]
It does sound remarkably stupid, yes.
What's wrong with publishing a specimen warrant and the warrant template says "See this link for a list of government offices qualified to handle these warrants. Find the reference number on your warrant and ring the corresponding listed contact number to make contact with the investigating official. Contact no other party regarding this warrant."
Well, there's variations of the TSB scenario "we have to be off $oldSystem by $deadline because the licence / support cessation / my remuneration bonus says so".
Those joining the circus after the start of the performance will be confronted by existing player reputations shackled to the sunk cost fallacy.
Systems that complex are not turn-key; migration can take months of extra work and expense before the realisation dawns that flashy new system isn't really working or can't cope. Migrating back is politically unacceptable [read suicidal] so everyone keeps hoping that a little more effort (and a few more millions) will make everything right.
... creates^W steals, FTFtR. Though I am sure both are true.
https://trial.docusign.com "Try DocuSign free for 30 days. No credit card required". I don't see how that could possibly go wrong.
Make it right? Why not try legal liability for frauds conducted from a negligently-secured system? Most regulators who have not been captured should be in favour of that.
You can deliver a virtual desktop securely to any part of the planet, even on modest bandwidth. You do not need to give that worker anything other than type, click and see.
The earlier posters were nearer the mark.
Employing a worker sight unseen, and did we actually check the references we were given? Assume the qualifications and professional associations were from identity theft, so new hire X isn't really X at all.
Not segmenting our information? That's just sloppy, and usually results from understrength support. No-one pays any attention until something really valuable is stolen, then suddenly meat's back on the menu, boys!
"Customer Y demands [alternate insecure] product Y" - I feel your pain. Maybe sandbox, restrict and log? No, you CAN'T use it for everything!
Oh, and fake worker isn't doing much work? Then neither is their manager, or the manager is managing too much else. Who signed off on this character, anyway?
I have always maintained that at the individual level, the barrier between APT "Bears" and financially motivated "Spiders" is far more porous than many give credit for.
So if you are not locked up in a warm hut in Siberia with all the hardware and bandwidth you can eat (as opposed to being thrown into some brutal tuberculosis-raddled hell-hole) then there is nothing to stop you from engaging in some "private enterprise" in whatever free time you are granted. And if you are in the game, you know where the commercial players are advertising and that they pay well.
Naturally we see tactics and methods transferred between the two groups.
No, the resolution of the conflict between privacy and employer interest is well established. The automatics do the checking for you, and if they say there is something wrong then you have due cause to go checking for yourself. If you can see that there is definitely something bad, that gets referred to management / HR.
I'm on my fifth proxy technology and have never been asked to exempt any tier of management from the governance applied to other staff. Some might have more access rights, but the logging is the same. On average, we spend more time worrying about senior management and sysadmins because there is scope for worse trouble if they are breached or go rogue.
Is it not a very strange and inexplicable coincidence that a waterspout should turn up just as there were sinister plots afoot to sink the boat ?
I'm assuming that we have incontrovertible evidence that there was a waterspout, and that beyond a little cloud seeding weather control remains firmly in the field of science fiction.
ITYM https://www.theregister.com/2015/02/19/superfish_lenovo_spyware/
That was for teh adz. Lenovo customers worried about the PLA one day deciding to weaponize their interest in Lenovo should consider whether they really want Lenovo Vantage installing updates direct from Lenovo when and how it pleases.
And yes, that bloatware finds its way into commercial builds too.
It prevents any number of Onanists from registering it as a spurious public top-level domain with a compliant ICANN in order to extort money from those who already use it.
I assume that the usual suspects tried it on but ended up on an oompa-loompa hit squad. "It's not chocolate in that glass pipe!"
Also consider that after 2 years we have only arrived at the "You can start to argue the fine down" stage. By the time any penalty finally hits the Advanced books, the original directors / managers responsible for the operational state of affairs there will have moved on.
"A murderer was captured this morning and tried today. Tune in for the execution at six tonight. All net, all channels. Would you like to know more?"
I hate to break it to you, but "thievocracy" is a mash of Old English "theof" and Greek "kratos", the root words having drifted somewhat for modern usage. Either go with "government of thieves" or kleptocracy, which is perfectly well understood even by those who only know a few Greek loan words.
"Thievocracy" sounds like the product of a rather dim and guilt-ridden academic. It jars.
That's a non sequitur. You invite discussion of acceptable content, but this scandal involved an egregious failure of message authentication.
Proof: if plain text was the only acceptable medium then organizations would communicate in that format (anyone remember telex?). These spoofs would still appear perfect in that format, and any client code that added a security preamble to the message would show that it had passed authentication checks. Transfer the funds, Ms Heisselippen!
Text-based attempts to commence BEC are still very commonplace. The plainer ones stand out because a colossal quantity of dross is accepted and even expected in messages, but level the field and they would remain perfectly effective.
I must admit that I had noticed this flow, deduced that the senders were M365 tenants and had assumed simple account breaches. For many, I doubt that the actual cause makes much difference.
No, that plays to the Microsoft canard of blaming an open market for security software for the catastrophe. That is in turn a not-so-subtle return the position where MS grant themselves monopoly privileges when writing new software (because only they have complete access to the system APIs). We were arguing that one in the mid-90s.
I would point out that no Crowdstrike customer was deceived into installing the software, and I would expect that all of them fully accepted that they were granting significant system trust to Falcon. What no-one expected was the shocking lack of software quality that allowed a poorly written _data_ update to crash the software and the machines it ran on. Blaming an automatic content validation tool is no excuse; that approach would not prevent an attack by poisoning the data files after validation.
Crowdstrike need to fix that flaw before I would trust Falcon on my kit.
Been there. Did that. Have the vendor T-shirt.
Strangely enough, they now have an arrangement whereby the clueful can designate a test group and release the software to that before deciding to release it to the entire estate.
Others say "we only deploy $newstuff to 10% of your estate" (so only 10% is fscked, and hopefully that does not include both of your solitary pair of DCs). Scream loudly enough and the other 90% shall be saved.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
