Posts by regadpellagru

Re: rip out the SSD

"If they need the info that bad then they should just rip out the SSD and brute force it. It's common for hard disks to be examined in this way so why does this need to be anything different"

Brute-forcing AES256: 2^255 iterations in average (assuming half of the total space will give the key).

Assuming 1ns time for one iteration (very very optimistic), that's more than 10^64 * 10^-9 s, therefore 10^55 s. One billion years being around 1/3 * 10 ^ 17s, you're looking at 3 * 10^38 billion years !

And if you have 1 billion CPUs, that only cut it to a lot longer than the univese will exist.

Good luck, here !

"Because switching to say Android eliminated malware entirely. Oh, wait - I just got rooted by an SMS."

Well, at least with Android, malware comes as accidents. So there are mitigations.

With Windows, nowadays it comes, part of the operating system, therefore, there is REALLY no escape.

I'm sorry, but I really don't know how to protect users from the kernel booting up from their drive !

Re: I upgraded back in November, and Windows 10 is working great.

"I upgraded back in November, and Windows 10 is working great. UI is almost exactly the same as Windows 10."

Well, yeah, W10 is similar to W10, good call. FYI, X is normally similar to X, whatever X you're talking about. Is a tautology ...

"Biggest change is speed, it make much better use of multi-core CPUs."

Ah, really ? You've been able to see that ? How ? Benchmark ? FYI, office users only use 10% of 1 core whenever they're doing a lot of stuff. So only 1 core out of 4 is busy, throughout the whole day. It's beyond me how you could see that. The only Windows app I've seen use multi-threading is a video conversion app, and last I checked, it was fully using all 4 cores at 100%. Would be interesting to see how W10 is doing better.

"Second biggest change is even fewer system problems."

Very factual. How many did you get with W7 ? And what is a "system problem" ?

You sound to not being able to distinct bottoms from elbrows, to be honest, or work for MS ...

"Those who don't want to upgrade because it is Microsoft doing this instead of Apple, maybe switch to Apple or Linux."

Good advise. Done.

Re: CAB

"Pretty soon you will be able to buy software for mobile devices that will show which shiny things are inside a specific flat and whether someone is inside or not. CAB - computer aided burglary."

No need for an app, a simple web browser will do !

http://www.insecam.org/

Amazing how many people have a default password CAM staring at their door, made public on da web.

Well, yes, I can't sum up better how I feel, vs. MS and Apple !

Sure, a macbook is a lot more expensive than a shite Lenovo laptop, but the macbook OS is still under your control. You don't want to upgrade to Yosemite or El Capitan ? Sure thing, just don't do it in the app store. I've dodged Yosemite for one year, because of software compatibility issues without any nuiance.

W10 auto install have been a problem since one year, MS putting more pressure every year to upgrade, without even speaking of Lenovo (and friends) malware !

MS has allowed OEMs to install malware on their systems, unlike Apple, and that's the difference between a macbook and a Lenovo laptop.

YMMV.

Re: Brute force the firmware

"Now I have an itching to start disassembling all the firmware I have access to, then using each line as part of a dictionary attack against the devices to see what pops up."

You won't get far with that, if K = K1 XOR K2, with K being your backdoor, and K1 and K2 being the only strings in the binary ...

The only solution is disassemble the binary ... Possible but VERY time consuming.

Re: How not to turn it off and on again

"The head of an organisation I worked at tried to turn off a projector by moving the input voltage selector from 240 to 110. He was certainly successful in turning it off.

He must have gone to some effort as it was a recessed switch that normally needs the tip of a screwdriver to slide over."

Was certainly interesting to see any tech try to guess what went wrong and why the darn thing doesn't turn on again !

Re: Don't stop there

"They should also change the OEM program to state that you are not able to modify the Trusted Root Store of any machine."

This all along.

And they should as well make the OS itself can't be modified by OEMs.

Hint: we're dreaming, here. The drug dealer business model will prevail and none of this will happen.

Re: FFS Microsoft

"Sadly so many of the best PC games are still only on Windows. I am probably going to have a Windows games-only box and use Linux for everything else."

Have a look at SteamOS, it's now working great. Spent the night playing games on it (with a steam controller) ...

Re: New machine?

"The EU needs to get onto this. "

The EU is not even able to tell its ars from its elbrow, mate ! How could they even see anything wrong, here before the cows come home ???

They never sent anyone fighting against terrorism, until, what, 2 days ago ? Only the french and the american went to Mali !

Re: IoT Smart crap!!!!

"When I bought my new TV a few months ago, I asked the Salesman about its operation without being connected to the Mothership/Internet.

He smiled and said

"I'm being asked that a lot these days"."

My TV died this summer so I bought a new Sammy screen.

While fiddling with it, I noticed it had a freaking anti-virus on it ! A frasking AV on my TV ! WTF !

This is really telling ...

Re: Bah!

"Interesting. Which one?"

Credit Mutuel. I've been using their service to pay for online stuff for now 8 years (I've bought probably 1 item/week online ever since (up to 1500 E stuff !)). Is free, easy, secure, and just works. I think other french banks are doing this as well.

Possibly Caisse d'Epargne is still stupid enough to have withdrawn this kind of service. I know for sure they did that, 3 years ago. Retarded.

"I can't work out if you're Bill Gates or Steve Ballmer (probably the later), but take your negativity and shove it up the tailpipe of Windows 10."

Uh ? None of them obviously. Just making the point that a dead OS needs to be used as a) emulated or b) virtualized. And not on bare metal, since it introduces some issues (OS from the 80s on 2015 metal is probably gonna introduce some difficult to come by problems or security issues).

Re: The tables have turned

"The biggest one that comes to mind recently is OpenSSL's heartbleed bug, which highlights just how easy it is to cock this sort of thing up. "

Openssl is quite particular, but nonetheless showed (for the first time ?) that open source can have totally unbelievable security bugs, due to source being unreadable, library architecture being completely brain dead, and project supporting platforms long gone and forgotten.

Re: Time to look at another opsys?

"I live in a French village of 200 inhabitants, so you can imagine the ratio of Brits....I have already had to rebuild two laptops back to Windows 7 from 10 "upgrades"........so when and if this starts I think I will just hide somewhere..............."

Same, here. I've already told village+dogs & cats that I DON'T DO W10 and W8.

Everyone is now aware of this weird obsession of mine about 8 and 10, so no-one bothers me ...

Re: Tried and tested recipe

"Where are the law suits?"

There's no way you or me will see them. Judges, in whatever country, can't understand a thing about this, therefore, plenty of bollocks tellin them it's allright, while it's clearly not.

We're fighting a lost battle, here.

"But how does that amount to 6000 hours of lost production? Did they close the plant for a whole year?"

(time of closure + time to restart all lines) X number of production lines

Problem is a semi-conductors line doesn't start in 10 mins, takes hours. And I think this factory was big, if 4000 staff is anything to go by, therefore the 6000 hours. Probably 500 production lines, there.

"I feel like I'm going to be condemned to fight this fucking war for the rest of my damned life. At least once 2020 rolls around they'll have to choose between Windows 10 or Linux Mint. When that happens anyone who goes with Windows 10 won't have me looking after their computers from that point on."

I feel for you. Ever since the W8 madness, I've made very clear to the population I currently support (family, friends etc ..., some of them 70 years old, who have yet to discover we can actually launch stuff on W7 by other means than double-click on the desktop), that if they buy a new laptop, they should get a Mac, and any Windows version above 7, I don't touch, like ever.

Re: I can imagine several foreign governments being annoyed with this.

"I can imagine several foreign governments being annoyed with this.

Mainly Germany. But possibly a few others as well."

Really ? Then watch how none of european countries officials are ever going to react to this, nor how the mainstream press is gonna even talk about it.

Truth is: no-one understand a bit of this, and pending understanding, opposing what is seen (wrongly) as counter-terrorism is very risky from a political standpoint.

Re: Unaware, geez ...

"Oh hello, Conspiracy Corner is open for business. So long as the steering wheel is mechanically connected to the rack and the car can be taken out of gear and the handbrake works it would be rather difficult to crash a car remotely with a half competant driver on board."

Hmmmm, no, really no. You seem to imply you'll have dozens of seconds to react in case of attack, but that is not the case. I can't comment on the aforementioned affairs on security people, but I'm sure those things, carefully used, can kill.

If someone can remotely control and suppress your brakes, only your brakes outside of handbrakes (and here, understand we now have vehicules with bus-driven handbrakes and steering wheel, opening tons of other possibilities) and he knows you're coming to the mountains road I live closeby, he'll be in a position to wipe you out of the road.

Simple: wait until you're in one of the very sharp turns and suppress the brakes 2s before the sharp turn, you'll be so stunned you won't have time to switch gears or handbrake, your car jumps the barriers and crashes 20 m below. You're history.

Re: Wellll......

"The absence of navigation buttons (Home / End / PgUp / PgDn / and most importantly DEL) was the what drove me back to the PC world. Much as I admire both Apple hardware and OS X, the absence of those buttons caused a serious decrease in my productivity."

To be franck, when I switched to a Macbook pro, even if a number of things I had grown acustomed to, had to be done differently, it really was short learning for me.

The 1/2/3 fingers stuff on the Mac pad is really priceless and replaced the totally insane abundance of keys of every PC laptop I've seen, including Home/End/PgUp/PgDn. DEL is not really usefull when you have backdel.

That's when I understood at which point so many keys (WIFI on/off, geez and so many others) have cluttered the PC laptops.

@Dogged Re: margin enhancing malware strategy

"Yep, they did it. Nope, they didn't quite understand what they were doing."

Really ? They developped a program aimed at detecting a Windows agent, overwrite it at boot time, all of this embedded in the MB memory, without knowing what they were doing ? It costed them quite some effort, so be sure they knew what they were doing, along with all the engineering mgmt line.

"They took money to make a low-margin product cheaper."

Yeah, in other words, they screwed their customer by selling their laptop to someone else to make for a better price. You seem to find this OK, I don't.

"It was only ever on the cheapest nastiest shit they sell, never on the ex-IBM product lines."

Doesn't matter. People paid for it anyway. Again, you seem to find it OK, I don't.

"This was a catastrophe for Lenovo. No sane board would have approved it with full knowledge. It cost them far more than they made. Think they're ever going to do it again?"

This was a very minor incident for Lenovo. Which of your neighbours or mine heard of it ? They were just cought and backtracked in emergency. Joe User will still find those Lenovo laptops very attractive at the local shop. Of course, they'll do it again, but will try to be more cautious.

If I were a security researcher, my christmas gift would be the first entry level Lenovo laptop, 2016 line.