Pays to be running Windows 10
For once.
The Shadow Brokers have leaked more hacking tools stolen from the NSA's Equation Group – this time four-year-old exploits that attempt to hijack venerable Windows systems, from Windows 2000 up to Server 2012 and Windows 7 and 8. The toolkit puts into anyone's hands – from moronic script kiddies to hardened crims – highly …
The whole advertising industry is based on the idea that there's always more privacy left to violate.
Even with a camera pointed at your face, algorithmically reading your expression, there's still data missing from their model. Your thoughts are still private.
It only ends when they can plumb the depths of consciousness itself.
Nothing imaginable probes deeper than windows 10, why anal probe, because when you go to the proctologist and windows anal probe 10 is running, M$ right is in there with the windows powered camera that goes where no one wants.
Go to a dentist with Windows anal probe 10 and M$ is checking out your cavities.
Go to a lawyer and they use Windows anal probe 10 and M$ is right in there checking you legal brief.
Doesn't matter what you do, Windows anal probe 10 is right there spying on you, it is truly disgusting and should be banned, it is criminal that it got into an operating system and they should enjoy an extended custodial sentence for the machination especially loading spyware into doctors offices where it is illegal to do so under law.
"On coins, on stamps, on the covers of books, on banners, on posters, and on the wrappings of a cigarette Packet — everywhere. Always the eyes watching you and the voice enveloping you. Asleep or awake, working or eating, indoors or out of doors, in the bath or in bed — no escape. Nothing was your own except the few cubic centimetres inside your skull."
I suppose if you're a newbie and thinking of starting in the penetration testing game - good to start with something easy and work up.
You only have to look back at all the past 200+ critical Windows vunerabilities, you'll soon notice a theme to where they occur, multiple times, over and over again.
The exploits were stolen in 2013, before Windows 10 came out, so obviously it wouldn't have been listed as a potential target. But given the range of vulnerable versions from 2K all the way to 8 in some of these, only a fool who smugly posts "it pays to be running Windows 10" would wrongly assume Windows 10 is not vulnerable!
Indeed. The Windows 10 kernel is nearly identical to that of 8.1, so if 8.1 is vulnerable, I'd bet that 10 is too. Nearly every time there is a new security patch, it comes in versions from Vista (until support ran out the other day) to 10... the same issue affecting all versions of Windows in current support. I would expect this to be no different.
Maybe there is some obscurity in having a pain the ass, "moving conveyor belt OS" like Windows 10, but boy, it's a complete fcuker to stay at the leading edge.
For every 1 hour of work, it feels like 10 hours of notifications/distractions, to make sure everything is current. It seems aimed at keeping 'non jobs' busy.
Maybe there is something to be said to running Insider Builds, Fast Ring, Slow Ring even it's the equivalent of Swiss Cheese (in terms of holes), you and the hackers are both running runtimes that has seen the same amount of daylight, leveling the field somewhat.
If you want real obscurity though, it seems that choosing a non standard setup (in terms of Firewalls/Routers), Linux based OSs that few people use is probably the best approach, because its just not economical for either the NSA or Hackers to bother targeting/hacking it, until it hits the "McDonalds" mainstream.
Funding a hacking project always has to be justified, in terms of cost/benefits, even if they do have unlimited deep pockets and do some projects at such scale, most "normal folk" would find incredulous i.e. Massive Data Centres next to Data Centres to monitor social media.
This post has been deleted by its author
Looking forward to next Andrew Marr / Amber Rudd's take on this. I'll go by whatever Amber Rudd says and do the complete opposite.
New Tact/Approach?
(If you can't win the PR War consensus* after a terrorist attack (she didn't), to get the Public to give up their Encryption/Privacy, maybe the next best approach is to target all those mainstream IT Tech products "with a release of hacking tools in the public domain" to make those products feel as insecure as possible.
So in effect, "the default", feels like there is no Privacy anymore, so in future you'll feel less likely to argue/stand up for the right to Privacy).
* We never did get any real clarification/proof that WhatsApp was used, by WhatsApp themselves. It seems to have all gone quiet on that front.
"If there is a fix in the next month, we will KNOW that the NSA has been working with m$ on this."
Alternative possibility. Microsoft did a deal with Shadow Brokers some time ago so that fully supported stuff would get patched beforehand leaving W7 users with an incentive to migrate to 10 given that they've resisted everything else so far.
"For IT managers and normal folks, the Windows-hacking arsenal, which dates to around 2012, is the most worrying. It contains exploits for vulnerabilities – including at least four zero-day flaws for which no security patches yet exist – that can be used to hack into at-risk Windows systems, from Windows 2000 to Windows 8 and Server 2012. In some cases this can be done across the network or internet via SMB, RDP, IMAP, and possibly other protocols."
While some claim that there was no evidence of the server being hacked, we have two problems...
1) The server was compromised by the IT Staff who mishandled it.
2) These tools show that governments have the sophistication to hack machines at will and leaving little or no trace.
If the NSA had it ... odds are other governments had similar tools too.
ugh, a tip from an AC to an AC - that horse has been dead for a while now. keep flogging it, and you might get suspected of necrophilia.
Yes, I'd be careful that you don't get a whip full necrotic tissue. If you want to pay attention to slightly more current affairs, try working out just how much the current orange idiot is raking it in via his ownership of the places that are now deemed "presidential residencies", and how much his shares in military hardware shops have gone up since he discovered how useful a war is to divert attention.
Blabbing over Hillary is entirely irrelevant - she's not your problem right now.
This post has been deleted by its author
So... the NSA has know for quite a while that they've lost control of their toolkit.
They must have been very busy getting all our counties (govt) computers with Top Secret data upgraded to Windows 10, right? What about our allies?
Seems like none of this should be zero day, if someone was doing their jobs...
If I remember (reading) correctly much of our countries servers/systems run on old computers.
This is a colossal F up to end all F up's.
The govt/business partnership to keep our country safe seems nonexistent. What is it going to take to reevaluate our priorities...
"What is it going to take to reevaluate our priorities..."
A mega class action law suit comprising the Top 500 corporations who sue the dangerously incompetent NSA / government to the tune of countless tens or hundreds of billions for all the additional security measures they need to take, loss of data, loss of revenues due hacks ?
It probably won't happen, they are easily leaned on by the spooks if necessary, but it's nice to imagine it happening one day, perhaps.
A mega class action law suit comprising the Top 500 corporations who sue the dangerously incompetent NSA / government to the tune of countless tens or hundreds of billions for all the additional security measures they need to take, loss of data, loss of revenues due hacks ?
Funny thing about the US Government.... they have the right of refusal to lawsuits. You can sue them only if they say you can... on an individual basis. It is a lovely idea though.
>Anything with Top Secret data on it shouldn't be anywhere near the Internet anyway
Agree, but these "highly secure" systems are the sorts of systems that most probably don't get regular updates:
"We have a sneaking suspicion that Uncle Sam's foreign espionage targets aren't exactly the types to keep all their systems bang up to date."
To patch the vulnerabilities that were coming out. After all the NSA is also oversees America's cybersecurity command.
But I wouldn't be surprised if they did nothing, rather than have a series of embarrassing "OK NSA, we know you've exploited THESE vulnerabilities, but what else are you not telling us?" conversations with each vendor.
you had one job.
So there's the honourable Mr. Snowden, who went public. Then there's the not so honourable Shadow Brokers...who went public.
I would think that most people, were they to take the time and risk to smuggle stuff out of the NSA, would want to sell their plunder as quickly and quietly as possible. Kind of makes me wonder how many other NSA care packages are out there.
Also, any theories as to the weird and broken English in the SB messages? You'd think they would have someone who could string a sentence together.
Also, any theories as to the weird and broken English in the SB messages? You'd think they would have someone who could string a sentence together.
Why would they want to? It is easy enough to identify the writer by his/her choices of words, the grammatical preferences, the rhetorical devices, and even the spelling mistakes. It does not take too much text either. If you just happen to have samples of public writings from all, or nearly all computer-literate humans alive, you might be tempted to do a bit of correlation analysis.
It is much safer to run your messages through a few (obviously, off-line) machine translation systems, taking care to use different vendors so that the underlying semantic representation is not the same on each translation stage. This way, the correlation analysis will only pick up signatures from the last few translation algorithms used in the process.
This only shows that the SB are not complete idiots, but then we already knew this.
"It is easy enough to identify the writer by his/her choices of words, the grammatical preferences, the rhetorical devices, and even the spelling mistakes. It does not take too much text either."I seem to recall we did that with Peter Gleick's fake memo. It only took us a day. No computering involved.
Yeah, sure, multiple machine translations, "Chinese Whispers" or "Telephone" style with a check at the end to see that the message isn't just too garbled. However, it could be that they want people to think that their native language is not English. That it is, for example, Russian. When comedian Jessica Holmes does a Russian character, it sounds just like those excerpts. Easter, of course, they want you to think they're favouring Orthodox countries which calculate Easter (holidays) on a different basis. Although I looked it up, and in 2017, both Easters fell on the same day. Maybe there's a message in that, too. They probably didn't want to wait until Christmas.
Mr Snowden is not due to inherit an English lordship. Therefore he is not entitled to be addressed as "The honourable..."
Whether Mr. Snowden is honourable or not, is something each of us can decide for ourselves.
I do not believe he is presently entititled to the title of "Honourable" (or "Honorable", if you are a left-pondian), but given the enormously long list of occupations and hereditary qualifications for claiming it, it would not be easy to be completely sure.
Personally, I also would not exclude a possibility of the honourable Mr. Snowden acquiring the right to be referred to as Hon. Mr. Snowden at some point in the future, however unlikely it might seem now.