Re: cascaded dialogs
The possibilities are endless, depends also on your mood.
358 publicly visible posts • joined 22 Jun 2021
@jake - I believe you cannot understand subtlety
@Aussie Doc - I believe it said fiber in the article, not polymer. But I doubt the chemistry-lad is willing to share his process for free
@W.S.Gosset - SMS 2FA if used together with another authentication actually improve security, despite we all know how easy it is to intercept SMS / SIM swap
@John Brown (no body) - God bless the insurance companies. The value is already in place even if there are no withdraws. Those guys are just making their profit smaller
QUOTE: For an exploit, you need to have a vulnerability. It's a race against time. Being able to successfully create an exploit and then using it, versus someone coming along and applying a patch."
REPLY: Some market niches do not patch THAT OFTEN. Your bugs are good to go even in a 5/10-year timeframe.
From what I heard, Russia tried at least 40 times this year to reach American counterparts to solve hacking problems allegedly coming from overseas into Russian territory - no response received.
Upon not receiving answers, someone must have hinted their local cyber-warriors - go there and have some fun too, those guys are already having too much of it.
When big-bad-smelly stuff like SCADA systems hit the fan and affect real life of citizens, govs demand cooperation - which they were not willing to have in the first place.
The rest is just PR.
Already having that beer - local kind of brandy, actually. Have one on me, also.
About SCADA, having the power does not mean to use it. Same with strike capabilities. Deterrence is the main objective - at least should be in the first place. If we are here today, probably someone did a bit of overusing its capabilities.
About Mass Media Reprogramming of Human Assets, we have pretty good scientists to take care of that.
QUOTE: "We don't want to escalate"
REPLY: Actually, UK/USA/IL cannot escalate. Better solve the differences like grow ups chatting in a table with a nice brandy.
TIP: https://www.aljazeera.com/news/2021/9/17/iran-denounces-unilateralism-as-it-becomes-full-sco-member
Reminds me of Happy99 by Spanska.
I believe exploits are still partying like it's 1999, mainly because its not only a technical situation, but also a creativity one.
Where an average security professional flag a bug as low-risk, a creative professional will, in a few days, chain it with others innocent-looking bugs - and make it high-risk.
Just like what Signal Private Messenger did with "aesthetic" messages for Israeli-Cellebrite (this chapter isn't finished, expect more news), the solution here is also simple.
Phone-Devs can embed hundreds of digitally-created-naked-children-fake-photos (not real ones) into files not viewed by the user, including fake geotags like for example FBI offices, Apple offices, or even the Pentagon.
I do not endorse adult games with children, but this tech must go.
Contrary to what most people believe, the 5-eyes alliance hacks/snoops far more than Russia, China, Iran, DPRK and whatsoever, all together.
The asymmetric response by harboring / protecting non-state actors (Ok, some of these, soon, become full-geared state-actors, actually) is just a drop in the ocean.
It would be much better for Russia, China, Iran, DPRK and whatsoever to actually have a framework curbing baddies online (Ok, sometimes also offline) - but having such a framework, means to hold some not-too-happy-with-cameras 3-letter 5-eyes agencies, accountable.
.. And to politically cut the powers of some of these 3-letter agencies this way, also mean actions Kennedy-Style - and most politicians do not like actions Kennedy-Style, mostly because the stain in the suit is difficult to wash, explain, and takes time to prepare.
I believe no treaty will be signed, and some of the new Kids on the block will take over the kindergarten, blinding the older kids.
I politely disagree.
Such powers NEED to be part of the regular armed forces, the sole coordinators on the use of force.
Otherwise it is just blood and chaos, and nobody wants that.
People want safety and prosperity, force being used only when others are hurting you.
QUOTE: "The idea that a decryptor can hold 'all the keys' is too fancyful. Must be more to the story."
No, its not fancy, it is technically viable and has been done in the past already (I believe I read it somewhere).
Supposing 4000 systems were infected and each key has 512 bytes in size, it will add 200Kb to the final .EXE size to hold all the keys, plus the extra algorithm part to test each key for 1 file, succeeding, use that key in the rest of the encrypted files.