* Posts by FILE_ID.DIZ

174 posts • joined 26 Aug 2020

Page:

Indian state cuts off internet for millions to stop cheating in exams

FILE_ID.DIZ Bronze badge

Re: Sad

Like most of the 750 'resources' Infosys has hired?

Square-shaped hole in workers' wallets after payment system fails at peak tip time

FILE_ID.DIZ Bronze badge
Mushroom

Re: Tipping

Federal law requires that an employer "make up" the any "lost" wages between the tipped wage and the minimum wage of $7.25/hr. Federal tipped wage is $2.13/hour

For example, if a tipped employee works for 10 hours (just to keep the maths easy), their tipped wage for that period will be $21.30. If their tips do not exceed $51.20 (72.50 - 21.30), then the employer is required to pay the difference.

That is federal law, which is the floor for wages in the US. Many states exceed federal law, in both terms of minimum wage and tipped wage.

So, to your point - most likely that manager was running out because they knew they were going to have to come up with the difference... especially of the place was slow or they had too many people working.

My better half used to like working a few off-shifts bartending each month to keep her skills up. I'd audit her paystubs from time to time (it's the accountant in me that causes this disease) and tell her that her employer is shorting her - in that they were not making up the difference.

She chose not to push the issue for fear of retaliation, plus it was honestly a negligible amount given the trivial amount of hours she worked there - usually just a few dollars. However, the payroll provider is a massive company and I have to assume that all tipped employees at that employer are being given that same shaft that my better half was given. It is possible that the other full time employees are getting shafted harder, although my better half wasn't working prime-time shifts.

And if this massive payroll company allows one employer to flaunt wage laws, I have to image they allow everyone else to do so as well. Two decades ago it was much easier to weasel around this law because credit/debit cards didn't make up as much of the transactions as it does today, which means there's a proper paper trail.

FILE_ID.DIZ Bronze badge

Re: I never get tired of saying it

I am unaware of a single case where the issuing bank owns the credit card network who in turn owns the acquirer who in turn owns the merchant.

Acquirers (and payment facilitators like Square) have outages from time to time, both large scale and small scale... although the small scale outages are probably becoming harder to find simply because "hard line" connections back to the acquirer aren't used much any more and instead the transaction data flows over internet to the acquirer's gateway.

Issuing banks have outages as well. Credit card networks are probably the most resilient of all the parts that make transactions possible.

Memory prices to dive in late 2022, says Gartner

FILE_ID.DIZ Bronze badge
Megaphone

Not if you...

The memo states that memory contributes even more – 40 percent – to the cost of a two-socket server.

... buy OEM-branded memory, what fucking highway robbery!

I always buy first-tier memory separately, just like what Dell/HP/Lenovo happily sell at an excessive up-charge: Samsung, Hynix and Micron.

Haven't been disappointed - with the savings I buy a few spares so that I can replace the memory faster than Dell/HP/Lenovo can get a courier over and have barrels of money left over.

Lithuania tells its citizens to throw Xiaomi mobile devices in the bin

FILE_ID.DIZ Bronze badge

Re: Free Tibet!

Bloomberg?

SEC takes legal action after crowdfunded marijuana investment scheme appears to go up in smoke

FILE_ID.DIZ Bronze badge
Boffin

Re: Great business plan

Fortunately, the Excessive Fines Clause of the 8th amendment was recently (2019) incorporated under the Due Process clause of the 14th amendment.

Until that was incorporated, that clause of the 8th amendment did not apply to state and local governments.

(There are still a few clauses which have not been incorporated, such as the right to a jury trial or the right to be indited by a grand jury, however many states have those clauses in their constitution or through statue. And of course, the last BIG amendment to be incorporated was the 2nd in 2010.)

The case that led to the Excessive Fines Clause to be incorporated Timbs v. Indiana, was a result of the state taking someone's vehicle for the crime he committed, however - the vehicle was valued greatly over the maximum fine allowed under the law and thus was found unconstitutional.

Hopefully we'll be seeing a dramatic decrease in successful asset forfeitures in excess of any fines that can be levied.

Forget that Loon's balloon burst, we just fired 700TB of laser broadband between two cities, says Alphabet

FILE_ID.DIZ Bronze badge
Trollface

We're not talking about a Fox TV series here, getting canceled three episodes into their first season.

Ransomware-hit law firm secures High Court judgment against unknown criminals

FILE_ID.DIZ Bronze badge
Happy

Nail, meet hammer!

I guess it is true... when all you have is a hammer, everything looks like a nail.

Hey – how did you get in here? Number one app security weakness of 2021 was borked access control, says OWASP

FILE_ID.DIZ Bronze badge
Boffin

Re: with other common weaknesses...

Reinforcement.

Same reason we still have PSAs about wearing seat belts or drink driving or warnings that hot coffee is hot.

DoorDash, Grubhub, Uber Eats sue NYC for trying to permanently cap delivery fees

FILE_ID.DIZ Bronze badge
Thumb Up

Yea...

I'll use grubhub and ubereats to find new places.... and then I use google to find the restaurant's actual website and/or their real phone number and order that way.

The shitty thing is I've noticed from time to time is when Uber Eats provides you a $20-$25 discount, that discount barely covers their fees.

So, thanks for the nice directory.

Big data means big money for the UK government as £2bn tender mooted

FILE_ID.DIZ Bronze badge
Trollface

Re: Tax

Amazon couldn't be that petty, could they?

Oh wait...

Arms not long enough to reach the plug socket? Room-wide wireless charging is on the way

FILE_ID.DIZ Bronze badge

Re: Frequency? Effects OUTSIDE the room? Messaging IN ADDITION to power?

Or like how I noticed there was nothing hanging on the walls, like photos or paintings and the such.

With all that shit in the walls, I am reminded of a building that we did (network) cabling in. The building had a geothermal HVAC system, but it was weird in my experience with geoHVAC as it had pipping through all the walls (radiant system, I guess).

Anyway, we were informed that we NOT to penetrate any walls or floors without consulting the on-site engineer to verify that we wouldn't penetrate the system. What a real PITA that job was.

Wonder what this system would look like? And I can tell you that electricity probably bites a bit more than a liquid leak.

Children of China, your state-sanctioned hour of gaming begins … now!

FILE_ID.DIZ Bronze badge
Mushroom

First China allows parents to have up to three kids.

Second China make overworked, near-absentee parents (some through no fault of their own) stop working 69-9 work weeks (wait, is that right?).

And now they've taken away the after school entertainer during the work week?

Might this be a bridge too far?

'No peeing towards Russia' sign appears on country's Arctic border with Norway

FILE_ID.DIZ Bronze badge
Trollface

Re: Covered by cameras....

piss-poor? I thought that was just the smell going under the bay.

I will admit - BART train cars are considerably wider than the "standard" rail stock that I've ridden on through my travels.

Perhaps they provide a greater area to absorb urine? Or they allow everyone a seat so that those seated don't have to stare at the standing passengers derrière like in "standard" rail stock.

FILE_ID.DIZ Bronze badge
Big Brother

Re: Covered by cameras....

I have no clue about there or where you live either, but where I live, I've seen video released to the public by the Government from red light cameras (which double as stationary security cameras) about a vehicle crash (for example) and they're grainy as fuck.

However, catch a red-light ticket and that thing is all of a sudden high-def? I think they intentionally muck with the video when they those to the public versus the high-fidelity that they're actually watching and recording at.

But I have no actual knowledge, just my observation.

FILE_ID.DIZ Bronze badge
Holmes

Covered by cameras....

but they don't know who put up the sign?

Start or Please Stop? Power users mourn features lost in Windows 11 'simplification'

FILE_ID.DIZ Bronze badge

.... as in the Win11 Start Menu is their new UAC? :)

Because I don't think you can do video desktop backgrounds anymore. (That feature lasted about a half-working day for me and then I became bored of it.)

America's Argonne lab buys AI super from HPE, AMD, Nvidia while waiting for Intel

FILE_ID.DIZ Bronze badge
Meh

When your backup super....

will be still be one the top 10 fastest while you wait on Intel.... well, glad to see that some people are still buying their brand.

Israeli firm Bright Data named as enabler of Philippines government DDOS attacks on opposition groups

FILE_ID.DIZ Bronze badge
Thumb Up

Re: You know you're in for some fun and games...

The infosec equivalent to "Florida Man"?

Cop drone crashes into flight instructor's airplane

FILE_ID.DIZ Bronze badge
Boffin

Re: Expensive

Well, looking at some internet provided nav charts (so not for navigation), YKZ does not have a tower as its icongraphy is denoted in purple as opposed to blue.

Japan's aerospace agency hooks up with Boeing to make planes quieter when they land

FILE_ID.DIZ Bronze badge
Trollface

Re: Boeing

Rubber side down then, eh?

Watchdog 'disappointed' it took NHS England over a year to release details of access to Palantir COVID-19 data store

FILE_ID.DIZ Bronze badge
Big Brother

Re: Palantir

Peter Thiel was the first outside investor in Thefacebook back in 2004 and look at the size of that data swallowing machine today.

Apple says its CSAM scan code can be verified by researchers. Corellium starts throwing out dollar bills

FILE_ID.DIZ Bronze badge
Facepalm

Re: This system can't scan for "Winnie the Pooh"

The iCloud data is encrypted at rest, but with Apple's encryption key.

Source - https://www.apple.com/legal/privacy/law-enforcement-guidelines-us.pdf#page=11

SolarWinds urges US judge to toss out crap infosec sueball: We got pwned by actual Russia, give us a break

FILE_ID.DIZ Bronze badge
Trollface

Re: To be expected

What's wrong with capitalism?

I mean Thoma Bravo could have brought to bear at SolarWinds just a few of their other properties like Sophos and McAfee for end-point protection, Barracuda to filter their internet connections and emails, LogRhythm for SIEM, DynaTrace for application profiling, Connectwise to keep track of the tickets, Flexera[0] to eek out the maximum from their IT investment, Stamps.com to notify everyone of the break-in and JD Power to give someone else an award... or maybe give one to SolarWinds for the scale of the break-in.

TBH, the stamps.com deal hasn't closed yet. They're still in their "go-shop" phase for another week or so.

[0] - Yup. The same company that brought us InstallShield.

Twitter uses HackerOne bounties to find biases in its image-cropping AI model

FILE_ID.DIZ Bronze badge
Happy

Re: The REAL harm I regularly see in image cropping

There is a PSA for those afflicted with VVS

Are you a 1%er? Windows 11 turns up in the usage figures

FILE_ID.DIZ Bronze badge

I can't tell if you're a troll or not.

Of course, who doesn't wipe a computer before being used.... but I still reinstall System Updater. No easier way to keep up to date on firmware updates for an individual laptop.

As for going no updates on a machine, well, that's stupid IMHO. And now that Microsoft has a monolithic/cumulative patching process (and has for years), how do you go about just applying just fixes that are reproducible? Install that one patch and you've installed all patches issued previously. Plus, let's not go into the problems with failing to install the appropriate SSU before attempting to install a patch.

If I attempt to install Lenovo's provided driver, that fails. I am required to go to Nvidia's Advanced Driver Search page and download the "Standard" driver (non-DCH).

Part of the problem I believe is that the DCH driver provided by Lenovo requires the installation of the Nvidia "Control Panel" and Intel "Graphics Command Center" tools which are UWP/DCH-only applications by default.

When I read further (albit a long time ago) into DCH drivers, it has UWP written all over it, as shown in the links I provided earlier and this overview.

Nvidia has a link on DCH drivers. Even their latest Release Notes has three mentions of DCH, here is the the first

FILE_ID.DIZ Bronze badge
Thumb Down

Well...

Unless you went out of your way and installed Windows 10 LTSC, most likely your GPU driver is dependent on the Store, namely DCH-based video drivers.

These abominations are UWP, or just using a Desktop Bridge to help extinguish regular executables.

I first noticed this issue after my fresh installation of LTSC when my Lenovo System Update asked each day to install the newly released nvidia driver. After a few weeks of annoyance, I dug into it a bit deeper by manually attempting to install the Lenovo driver and watched it fail miserably.

An aside - having experienced all the pain formerly known as Nvidia Optimus on a much older and now retired Lenovo laptop, I half-expected to need to go to the BIOS/Setup and disable the iGPU once again.

But no... the problem wasn't due to mixed GPUs... but simply my blissfully ignorant version of Windows 10, edition LTSC. I knew I liked LTSC as soon as I opened up Calculator, but never did I think that GPU drivers would require the Store as well.

Nevertheless, each time I hear my little laptop CPU blower kick on high around 5PM for a few days in a row, I double-check to see if there's a pending GPU driver in System Update and I go to Nvidia's Advanced Driver Search and download the latest non-DCH driver and install that.

Hubble in another first: Water vapor spotted in atmosphere of Jupiter’s Ganymede

FILE_ID.DIZ Bronze badge

2001

Obligatory quote - ALL THESE WORLDS ARE YOURS, EXCEPT EUROPA. ATTEMPT NO LANDING THERE. USE THEM TOGETHER. USE THEM IN PEACE.

China sets goal of running single-stack IPv6 network by 2030, orders upgrade blitz

FILE_ID.DIZ Bronze badge
Headmaster

Re: Democracy and capitalism fails when it comes to long term planning.

Technically the next "production" version of IP should be IPv10. Odd numbers typically are experimental, even numbers aren't and the next three numbers seem to be assigned already.

https://www.iana.org/assignments/version-numbers/version-numbers.xhtml

IPv4 is only elegant because millions of people were taught only IPv4 and a great deal of them are stuck in that sand trap. I will say that DNS is the best friend to IPv6. Who gives a shit anymore about remembering 192.168.1.223.

IPv4 however, is not economical. If it was, the whole world wouldn't need to try to move to IPv6. And if you really want to hold onto IPv4, as a carrier it is very much NOT economical. CG-NAT is a very expensive license to be sure.

Furthermore IPv6 is especially hard for those used to the belief that NAT is a mode of protection. Firewalls are just as effective with IPv6 as IPv4. NAT is no more secure than Linus' blanket.

Dell won't ship energy-hungry PCs to California and five other US states due to power regulations

FILE_ID.DIZ Bronze badge
Facepalm

Actually, if you bothered to read the full article the law constrains quote "short-idle, long-idle, sleep and off-modes " power consumption.

It sounds to me that if you're playing a video game with 4 x GPUs with a 2KW power supply plugged into a 20A wall socket, that's allowed. What is not allowed is for an idle system to exceed specific power limits.

In the '80s, satellite comms showed promise – soon it'll be a viable means to punt internet services at anyone anywhere

FILE_ID.DIZ Bronze badge

As an admin at a small ISP who saw his bonded T1s fill up when users discovered alt.binaries, I did, but there weren't enough of us, I guess.

Same here, back in the mid 90's we went to a satellite feeding our nntp server. I assume that was considerably cheaper than hauling in another T1. I want to say the port and line costs for a T1 at the time were north of $2000/month.

Refreshing: An Office update that won't frighten the horses

FILE_ID.DIZ Bronze badge
Boffin

You could buy Volume License Office Standard 2019 (or Professional Plus, if that tickles your fancy).

I don't get bothered by any of this fancy new stuff that my cohorts see with their cloudy editions.

FILE_ID.DIZ Bronze badge
Thumb Up

Re: Yeah that ribbon

I use CTRL-Enter to send emails. The first time you use it, it pops up a warning that you can check to prevent the next time.

What follows Patch Tuesday? Exploit Wednesday. Grab this bumper batch of security updates from Microsoft

FILE_ID.DIZ Bronze badge

Re: #The Times They Are Not A-Changing#

Yes, I made a mistake, substitute private key for certificate, there fixed.. Everything else typed remains true. Must be nice not to make typos.

A CA does hold its own private key. How else can it sign a request presented to it?

A HSM is just a tamper-evident device which can store private keys and sign things with them. One among a whole slew of things that they can do.

Once and a while, a Root CA does need to sign a new sub-CA cert, so the story was plausible to me back then as it is still today. You want to ensure that the root CA is in a protected and trusted state so that it can not sign an unauthorized CSR.

Corollary is that with it physically disconnected from any network and physically secured, the private key is at a known and safe location.

FILE_ID.DIZ Bronze badge

Re: #The Times They Are Not A-Changing#

At one point I believed that was how Microsoft stored their root CAs (think early oughts) at a Microsoft campus. I don't know if that was rumor or whatever.

I know that when I heard of that, I knew very little about PKI at the time and for sure didn't know about HSMs, which is where valuable data like root certificates reside these days.

The coming of Wi-Fi 6 does not mean it's time to ditch your cabled LAN. Here's why

FILE_ID.DIZ Bronze badge

Re: What really grinds my gears.

First off, I did not propose a restriction. What I am proposing is an upgrade. While GMRS wasn't the best analog, it was a quick example that I could come up where licensed users are granted more transmitting power and more bandwidth where GMRS and FRS overlap (except for the 467MHz interstitial frequencies... those are identical) and granted access to repeater frequencies.

What I know is that the unregulated 2.4GHz non-ISM use is a hot mess in saturated environments because people simply believe that more power (transmitter output) and more APs is more better. They start buying these spider looking access points and place them in every corner of their home on odd-ball channels, thinking that more is always better.

That is no different than a large group of people in a room, subdivided into smaller groups of people conversing together and slowly each smaller group starts to speak louder to overcome the din of the entire room. Eventually all the smaller group are speaking louder and louder until everyone is screaming in order to be heard over the cacophony of the room.

That is my general impression of residential wifi today.

First topic, a firm understanding of wifi channels and what they actually represent.

Second topic, is related to channels are "wide" band settings.

Third topic is location, location, location. Poor AP positioning (physical) can do a lot to destroy throughput, even in low RF saturation areas.

Fourth topic is understanding mesh network design and understanding that wireless back haul is still shit in its current form and every form since 2007 when I tried to install my first wireless back haul. (To be clear, this is STRONGLY my personal opinion, but I think it is still an important topic nevertheless to understand everything going on behind the scenes.)

Fifth topic is understanding that it takes two to tango. Just because your signal strength is showing strongly on your device, that doesn't mean the same is true for that device talking back to the access point. Yea, there's RSSI/RCPI that's supposed to help.

So, there are some topics off the top of my head.

The obverse to those points is that is what is happening with some consumers of wifi today - an arms race thinking that more power and more antennas and wider bands are going to help them with higher speeds and/or lower latency or at least maybe the ability to out scream out their next door (or many doors down) neighbor(s).

How does one resolve that in an unlicensed space today?

1) Does one go and talk and try to educate other meatsacks about their RF pollution?

2) Does one foil their home over to prevent "noisy" meatsack's RF pollution who didn't take kindly to the earlier education attempt(s)?

3) Does one abandon wifi entirely?

4) Does one say fuckit and move to Green Bank, WV?

Personally, I've chosen option 3 as much as I can, except for where I can't - such as our iDevices and printer and laptops when they're not docked (which is most of the time).

Can an industry group get together and come up with an identical radio standard to Wifi, except instead of using the hot mess of an unlicensed space, carve out some licensed frequency where all participants of that space agree to the same set of rules by which all abide to with the ability to file grievances against other licensees and the ultimate penalty for failure of adherence when it causes undue interference - revocation of your license.

That space can even overlap with another licensed/restricted space with similar terms on how Wifi overlaps the 2.45GHz ISM band, except that you have to pass a test and pay a fee.

There you go, and I also didn't mention unwashed masses or plebs.

FILE_ID.DIZ Bronze badge

Re: What really grinds my gears.

What's your point that that a licensed frequency product is not called WiFi? I couldn't care less in the name of something, I'm not from the marketing department.

Amateur space cannot be used for commercial purposes, period. Furthermore, amateur space is not "assigned" to any one licensee.

And these last few years are even worst, but for different reasons. Today's problems are due to a proliferation of devices which use these frequencies with no way to mediate problems between different users.

I mean, in my building, I would LOVE to be able to have our property manager include in everyone's lease agreement that for the 2.4GHz band, that only channels 1,6 and 11 are to be used and only 20MHz is to be selected. But I can't, and they probably can't either. Only through talking to other the other meatsacks in the building and teaching them some basic RF/wifi knowledge, them maybe I could get some people to come to a common understanding on how we can all be "better RF neighbors". But that's not going to happen either.

Which is why I'd rather leave the unwashed masses behind in their cesspit.

FILE_ID.DIZ Bronze badge

Re: What really grinds my gears.

I wouldn't know what to put on the test. I am not qualified to write tests in the least. I am no psychometrician.

While I cannot design any test, that doesn't make what I've stated untrue about the unwashed masses using unlicensed spectrum who are doing exactly what one would expect in unlicensed space, which is why wifi is such a crap-in-shoot - especially in high-density environments.

Over the past year I have been working with numerous colleagues who have been struggling with mediocre wireless performance within their home. Things like average 30-40ms RTTs with the occasional 200ms+ from their laptop to their home's gateway... is pathetic.

The changes I make were generally small, rarely require purchasing additional hardware, but significant enough to resolve most of their problems and at a minimum, stabilize the latency inside the home.

Back to my original point, by providing a licensed chuck of frequency for those qualified to use it - it can segregate those with enough training to use that space responsibly from those who clearly aren't, much like how other licensed space is used today.

Finally, amateur bands cannot be used in a commercial application, full stop. I would anticipate a licensed chuck of frequency would be initially sought after by commercial users long before consumers pick it up, except maybe by gamers who (for whatever reason) haven't gone back to a wired connection.

I mean, I've done plenty of wifi designs for commercial users and in complex scenarios, that can take a lot of time and effort to fine-tune. And time = money.

FILE_ID.DIZ Bronze badge

Re: What really grinds my gears.

An exam and enforcement, to answer points one and three, respectively. No different than how FCC regulates amateur radio licensees or other radio frequencies that businesses use, such as licensed wireless microphone systems, two-way radio systems, radio data systems, so on and such forth.

As for point two, if the market demands it, it would behoove a manufacturer to make the product

FILE_ID.DIZ Bronze badge
Meh

What really grinds my gears.

"Importantly the transmission medium still hasn't magically become full-duplex. Stations may get around this with some kind of trickery, but they still need to wait for the all-clear to send data. Remember that all stations and APs still hear all the transmissions. It's still a broadcast medium at the most basic." (Emphasis mine)

This is the thing that I like to mention to people when they open up their wifi adapter and see two dozen SSIDs is what you don't see. You don't see any extra BSS's with the same SSID, less likely in a residential setting. More troubling are all the wireless clients, eg: phones, laptops, tablets, fire sticks, thermostats, so on and so forth which are also transmitting.

I kinda wish that that there could be a WIFI equivalent to GMRS (at least here in the US, it requires a license to use). This way the educated WIFI users can get out of the quagmire that the unwashed cause in high-density environments. Where everyone buys the access point with more antennas than a spider has legs, cranks their output to 11 and start using channels like 2,3,4,7,8,9 and 10, thinking that a channel is only a signal frequency wide. And let's not start on the "wide channel" users - fuck them.

Sure, 5GHz is a thing, and I use it everywhere I can, but it attenuates so rapidly. And for whatever reason (I forgot the reason, tbh) but a lot of the 5GHz channels overlap on Public Safety Networks, which is shitty. Sure, there's a(nother) fix for that, DFS, but for me, it is more polite to simply stay out of the DFS channels. Wouldn't want my crappy equipment to cause some PSN interference.

Report sheds light on 'cocky' but 'creative' Mespinoza ransomware group

FILE_ID.DIZ Bronze badge
Facepalm

Some Security Researcher....

"There's really no reason to expose RDP directly to the public internet in this day and age," security researcher Tom Hudson told The Register of the all-too-familiar entry point for Mespinoza's attacks. "If you need RDP access over the internet you should be requiring the use of a VPN with multi-factor authentication enforced."

FTFY.

Their prose is too wishy washy for me to take them seriously.

SolarWinds issues software update – one it wrote for a change – to patch hole exploited in the wild

FILE_ID.DIZ Bronze badge
Boffin

Re: A modest proposal

With few exceptions, I have found that inbound blocking those IPs from our datacenter networks hasn't had much impact, which makes a lot of sense (at least to me).

Most of the "cloud" is spoken to first, then it responds. So uninitiated traffic from cloud provider networks to our datacenter networks isn't generally expected, except where other vendors/partners/customers/whathaveyou are also hosted by one of those providers.

And the reason why I block cloud providers is that I've hosted more than a few honeypots over time and there is just so much dirty looking traffic coming from presumably compromised machines running in the AWS, Azure and GCP space.

FILE_ID.DIZ Bronze badge
Thumb Up

To prevent the browser or whatever app you're reading The Register with from creating an automatic hyperlink, when one was explicitly not asked for.

FILE_ID.DIZ Bronze badge
Boffin

Re: A modest proposal

It's not that simple.

In the first (original?) SolarWinds data exfiltration service, the crims were using Azure compute nodes out of the US (or at least Azure IP addresses based in a US region), presumably to get past any obvious GeoIP filtering and keep suspicion down for as long as possible from a suspicious analyst.

These days its mandatory to not just GeoIP filter, but block all of the IP space that GCP, AWS and Azure use these days. Of course, whitelisting trusted sources might be simpler.

Quick Reference:

Azure

AWS

GCP

PS: In this case, at least the ".1" of each of the /24's provided, one was based in the US and two were from Canada (at least based on inference of their rDNS record), so probably not places that'd be likely excluded from a Geo-Fence... at least in the SSH setups that I have.

I also block based on the client connection string, like "SSH-2.0-libssh" and "SSH-2.0-Go". If only the idiots would be smart enough to use OpenSSH or PuTTY, or WinSCP in their string, they could easily slip past that filter.

Smuggler caught with 256 Intel Core processors wrapped around him in cling film

FILE_ID.DIZ Bronze badge
Trollface

Art imitating life or do I have that backwards

Slums of Beverly Hill, sans the probing fork to the thigh?

IBM email fiasco complicates sales deals, is worse than biz is letting on – sources

FILE_ID.DIZ Bronze badge
Trollface

Re: Unbelievable

I suspect that they didn't plan for failure. I mean, they spent 18 months planning this out, or six quarters for the financial types.

Shit. If this was Windows, that's what... three feature updates?

International law enforcement op nukes Russian-language DoubleVPN service allegedly favoured by cybercriminals

FILE_ID.DIZ Bronze badge
WTF?

Are there any smart criminals left?

So wait... just so that I understand what was going on here...

DoubleVPN was a single, monolithic company with multiple PoPs and they upcharged you to route your traffic through multiple PoPs before heading to the destination.

Yet the infrastructure was all owned by the same organization?

In the old hackers example provided in the article, the protection afforded was that you were bouncing off non-related infrastructures, so it'd take longer and be harder to back-trace the traffic. (According to a friend.)

It seems that all these clowns did is introduce excessive latency and hike the cost to connect to your destination.

Microsoft wasn't joking about the Dev Channel not enforcing hardware checks: Windows 11 pops up on Pi, mobile phone

FILE_ID.DIZ Bronze badge
IT Angle

Re: Every complicated problem has a very simple answer...

If they were smart, they'd own Advanced Micro Devices stock instead... ~1800% over the last five years for AMD versus ~80% for INTC over the same period of time.

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2021