nav search
Data Centre Software Security DevOps Business Personal Tech Science Emergent Tech Bootnotes
BOFH
Lectures

* Posts by Aodhhan

568 posts • joined 25 Apr 2008

Page:

Former NSA top hacker names the filthy four of nation-state hacking

Aodhhan
Bronze badge

Sorry for the misunderstanding

The NSA doesn't actively practice hacking systems in the USA.

We turn this over to the FBI and let them do it. We only get involved when these twits can't figure it out.

-NSA-

0
0

It's official: TLS 1.3 approved as standard while spies weep

Aodhhan
Bronze badge

That's right...

It's impossible to break into. We haven't found a way in so we gave up.

The protocol is different, but the cipher suites and certs are still the same.

We'll never be able to crack this.

-NSA-

BWah ha ha ha ha.

Psst. Think everyone will buy this?

0
0

CVE? Nope. NVD? Nope. Serious must-patch type flaws skipping mainstream vuln lists – report

Aodhhan
Bronze badge

Then there are other unreported vulns

As a penetration tester for a large company, it's my job to test all applications before they are certified on our networks. This includes internally developed, as well as COTS apps.

Probably more than 60% of the time, I find vulnerabilities for the vendor to fix. Around 10-20% of the time, it's a critical vulnerability (remote and easy to do). Each time, I noticed they NEVER publish the vulnerability. They just add the fix quietly into their next "update". No mention of what we find at all.

So why don't we say something out loud? Because most software vendors/companies have items in their commercial EULA's which amounts to a non-disclosure agreement. Getting on a bulletin board, twitter, etc. will put the company you work for--and your job--in jeopardy; so unfortunately this isn't an option.

So if your a network engineer, be aware of this factor and use it to budget better security equipment to mitigate this fact. Especially with external facing web applications.

0
0

Oracle: Run, don't walk, to patch this critical Database takeover bug

Aodhhan
Bronze badge

I have to ask...

Since Oracle has a horrible reputation of fixing patches--not to mention the high number of EASY exploits; why are you still using this database, and/or any application requiring Oracle Java?

Fortunately, the two companies I've worked for in the past five years have both pretty much phased all Oracle products out--including Java based web apps. Not to mention, getting rid of applications which embed Oracle into their products. Such as Symantec DLP.

3
0

Hackers manage – just – to turn Amazon Echoes into snooping devices

Aodhhan
Bronze badge

Dang...

We were hoping it would take some time before people figure this out.

Now we have to get good at bypassing home physical security systems again.

-NSA-

1
0

Patch Tuesday heats up with pair of exploited zero-days squashed – plus 58 other vulns fixed

Aodhhan
Bronze badge

Seriously....God?

Anyone who believes you can simply kick out a fix for something in a few days is ignorant about the process... and a moron for not taking the time to learn a bit more about it.

First off... nearly anytime you increase security--albeit slightly--you impact usability. Therefore, it must be tested by security and users. Many times, it must be tested against a load of different software to ensure it doesn't negatively impact them.

Just like chess, when you move a piece to strengthen your position, you also create a weakness because you're no longer defending areas where you once were.

So... the entire operation, usability, security, etc. must be checked, attacked, worked with etc. Sometimes, it isn't fixed during the first iteration, so it must be done over.

This does take some time. If you think you can do better, and teach people something they don't know... then by all means, step up and jump froggy jump! It's easy to be a beotch and complain about something, when you're a moron.

Sometimes it's better to keep your mouth shut and let people think you're an idiot, than to open it up and remove all doubt.

2
1

Cracking the passwords of some WPA2 Wi-Fi networks just got easier

Aodhhan
Bronze badge

Where have you been?

This isn't a new technique. We've been using it for a while.

-NSA-

9
0

Dear alt-right morons and other miscreants: Disrupt DEF CON, and the goons will 'ave you

Aodhhan
Bronze badge

Keep politics out

I don't care which side you belong to. I don't want to see any political activities at a Info Sec conference. I even hate the morons on both sides, who want to interject it on this site.

They only display how hateful and small minded they are; most only repeat what they've heard, and not what they objectively know from doing their own work. If they did, they'd see both sides are moronic liars, who only say things to get your vote and do their best to trash anyone who opposes them.

So.. it's the same ole crap from both sides. Use your brain power for something else, and keep the political thoughts away from security sites and conferences.

1
3

Boffins: Mixed-signal silicon can SCREAM your secrets to all

Aodhhan
Bronze badge

Not new

This has been known by most of the major countries in the world since at least the mid 80s. It's one of the reason there is shielded conduit and tempest solutions, even when the transmission is encrypted.

0
0

Well, well, well. Crime does pay: Ransomware creeps let off with community service

Aodhhan
Bronze badge

Seriously...

If 18 or 22 years of age is too young to be held responsible for poor decisions, then we really need to raise the age for voting, drinking, driving, flying aircraft, etc. They weren't 12 to 14, so young my azz.

Sure it wasn't violent... which is why you give them 1 or 2 years instead of 5-20 years.

If they stole money from you, and you weren't able to feed your kids or make rent... you might think a bit differently. A lot of people live paycheck to paycheck. Losing 500 euros can really hit a family hard and cause undo stress... for a lot longer than 240 hours.

I think the judges have loss touch with what it is like for the majority of people. Those who don't make 300K plus euros per year.

0
0

Shock Land Rover Discovery: Sellers could meddle with connected cars if not unbound

Aodhhan
Bronze badge

Good Grief.

Apparently, you think JLR should monitor all their vehicles and some how know when they are sold off?

Of course not. But you do have to think of the process... and bump it up against a few things.

It's the typical security see-saw balance of usability versus security.

Make it too easy, then a auto thief can easily make changes so you can't track the car.

Make it too hard, then the owner gets upset.

Like any new technology where security is involved, it takes a bit for a good balance to be struck. So in the mean time, don't get too pissy about the situation. Instead, work to find a balanced solution. This is what security professionals are supposed to do.

3
2

Google's Alphabet hit by Europe's other GDPR: Global Domination = Profit Reduction

Aodhhan
Bronze badge

Re: Oh, we "customers" or "products" always pay

Apparently you don't understand economics.

If a company is fined and you believe they are going to raise prices because of this... then go elsewhere. Typically though, companies don't raise their prices; stockholders end up taking the biggest hit. Some may go into not paying raises/bonuses to employees. This is why fines can be successful in ending bad behavior.

Where the money goes? ...this depends. Typically there is some sort of general fund it goes into and then those in charge figure out what to do with this. Sometimes the money here goes for good things, like new bridges or other infrastructure projects. Like in Germany, it will likely pay for a pipeline to Russia.

The USA doesn't like the government interfering in business policy. You know, this whole freedom and liberty idea. The only real exception is health and welfare of the public/customers.

When it comes to this case, most people in the USA think it's moronic, and just a way for a government to screw over a company and the company's work force. In other words, a way to make politicians rich at the expense of employee raises and benefits.

Are people in Europe so stupid they wouldn't know how to download and install another browser; or another application and not use what is already installed? Of course not. Further, Android doesn't prevent the user from doing this. Can you imagine purchasing a new phone and there is not browser at all on it? C'mon. Do you really expect them to just install a competitor application? ...or some plain label and insecure browser? Common sense needs to be used.

0
0

Google answers 'Why Google Cloud?' with services and spectacle

Aodhhan
Bronze badge

Try doing this away from SFO

One of these days, they are going to start doing things away from the bay area.

San Fran has become a crap hole lately, especially in the downtown area. I wouldn't attend a conference there again if they paid for the entire trip.

I'd rather deal with the crowd in Las Vegas or traffic in Chicago than to put up with the smell and sights of downtown San Francisco.

1
0

Dust yourself off and try again: Ancient Solaris patch missed the mark

Aodhhan
Bronze badge

Raise your hand...

If anyone is shocked Oracle had this problem.

...take the walk of shame if you're still using Oracle products. This includes the whacky Symantec products (Like DLP) which build it into the application.

0
2

Insecure web still too prevalent: Boffins unveil HSTS wall of shame

Aodhhan
Bronze badge

Not shocked...

This is a lot more common than most people think. The reason is pretty simple. For corporations who don't use experienced penetration testers and rely on application and web scanning tools. This is because findings from these scanning tools typically state HSTS and other "header" misconfiguration findings are considered "LOW". Because of this, the risk is typically accepted or placed deep in the queue to be fixed.

For those who hire good penetration testers or have them on staff, they will consider most header findings as a medium; even for internal sites (it doesn't take long to fix) to ensure these findings are corrected. Once the developers and middleware admins get used to this, it doesn't take them long to ensure all headers are correctly added and configured for each site.

0
0

Azure promises to keep your backups safe and snug for up to 10 years

Aodhhan
Bronze badge

Marketing

Of course they say this... the longer you keep your data with them, the more money they make.

It's not like they say... they'll do it for free.

3
0

So long and thanks for all the fixes: ERPScan left out of credits on Oracle bug-bash list

Aodhhan
Bronze badge

Nobody is shocked

Oracle has been hosing everyone since it became a publicly traded company.

The only shock, is how many ignorant corporations out there who still purchase Oracle's crap.

2
0

Trump wants to work with Russia on infosec. Security experts: lol no

Aodhhan
Bronze badge

Re: Tee hee. Trump is to Putin as --

Don't forget...

The whole DNC hack was done while Obama was in the White House. Along with Russia gaining Crimea. Oh, and don't forget the red line in the sand fiasco.

Meddling was done between Hillary and the Russians... remember Uranium One?

This is just the democrats yelling louder and without pause--accusing others so people don't talk about the transgressions done while they were in power.

If Trump walked on water, the democrats would scream it's because he doesn't know how to swim.

Yet, so many people buy into their BS and catch Trump Derangement Syndrome, and lose all focus on reality.

3
13

Scumbag confesses in court: LuminosityLink creepware was my baby

Aodhhan
Bronze badge

GM, Ford, Ferrari, and others plead guilty

...to creating sports cars which can easily outrun police and cargo vehicles to carry..uhm, stuff.

They all admit to knowing these high speed vehicles are perfect for criminal activities such as smuggling and trafficking as well as getting away as quickly as possible.

They also admitted to knowing these products have been used in terrorist attacks as well as kidnappings; yet still...they provide customer support as well as spare parts to those in need.

I don't condone this guys product, but let's get real. Those who need to be arrested and focused on (with laws) are those who use the product illegally. With a few simple changes to his words, he could've marketed this as a security tool in many locations (including the US) and been fine.

2
0

Sub-Prime: Amazon's big day marred by server crashes, staff strikes

Aodhhan
Bronze badge

Seriously snowflake?

The employer has the responsibility to provide for the physical and mental well-being of its employees?????

No it doesn't; you do. How about this... listen better in school, buckle down, and get an education. Then you wouldn't have to work in a warehouse.

Perhaps you should try a job outdoors, in the elements... like many jobs.

Perhaps try putting your life on the line, such as first responders.

Maybe try high rise construction or trash collection.

Waaaah.. underpaid. No you're not. Look at the thousands of other occupations out there where it takes a lot more to collect a paycheck. Taking an order, tossing it in a box, putting it on a truck... etc. Not exactly worthy of high wages. You don't see most people working in department stores driving the newest cars.

Quit using WANT, want, WANT, and start using earn EARN earn.

4
8

Oracle cuts ribbon on distributed ledger service

Aodhhan
Bronze badge

They have to do something

Their over priced, under secured database is starting to be used less and less; so Oracle has to do something.

Banks don't exactly have a huge supply chain, so saying any of them use this isn't really saying much. Where they do, it's so regulated by every country, that it's not really providing anything but a common application.

My worry is simple. It's Oracle. Once again, they rush a product through... to be one of the first so they can charge way too much. All their products are pushed this way... all their products have security holes which can be used as examples of what not to do.

Oracle: Not exactly the best name in the InfoSec world.

I imagine, nothing will change in this regard.

4
0

Irish fella accused of being Silk Road admin 'Libertas' hauled to US

Aodhhan
Bronze badge

Re: Extraditing random people?

Look... instead of looking silly, why don't you take 3 minutes and use Google on the phone which is obviously stuck 10 inches from your eyes. What makes idiots comment about something they admittedly don't know anything about?

It's not about where a 'server' is (good grief... really, you think it's about the server?) It's about where the crime is committed/damage takes place.

2
4

Revealed in detail: World powers stuff spyware kit, how-to guides in dodgy nations' pockets

Aodhhan
Bronze badge

It's the snowflake way

If we yell loud enough with a message which is just corny enough (it doesn't have to be true), somebody will eventually believe it, provide us a forum, and we will be smart and important.

Anyone can publish anything. Doesn't mean it's worth its weight in dog crap.

1
3

Indictment bombshell: 'Kremlin intel agents' hacked, leaked Hillary's emails same day Trump asked Russia for help

Aodhhan
Bronze badge

Smoke and mirrors

The democrats are basically shouting over everyone and taking any little thing they can and running with it.

They're doing this to cover up the fact Hillary broke the law and set up a private server, used her position of power against her rivals, made terrible choices both in and out of office (including choices which killed people).

Hillary's strategy is... if you shout really loud and don't allow anyone else to talk, then the public will not be able to hear the real truth and see just how bad you really are. The only fallacy in this, is not shutting up long enough to understand the public isn't stupid.

The DNC will continue it's push against Trump, but there are a lot of people in Hillary's own party who are very happy she didn't win the election; could you imagine?

3
1

Ukraine claims it blocked VPNFilter attack at chemical plant

Aodhhan
Bronze badge

Re: Come on!

Actually, it was Obama who said Putin is nice.

Obama: Hey, Putin is nice... let's pull our defense systems out of eastern Europe as a sign of good faith and friendship.

Putin: Ha! The American's pulled back, strike Crimea! No worries... Obama will just draw another red line he will not enforce.

1
1

Timehop admits to more data leakage, details GDPR danger

Aodhhan
Bronze badge

Well done.

A company using primarily servers facing the Internet fails to use MFA for administrators.

You have to consider the CIO neglectful in their duties for not ensuring MFA is implemented

0
0

Tim? Larry? We need to talk about smartphones and privacy

Aodhhan
Bronze badge

LOL @ Oracle

Oracle's security has been so bad, they needed to figure out a way to make everyone else look just as bad or worse.

Perhaps Oracle should spend more time putting out a product which doesn't need so many patches every year. I still don't understand why businesses buy their products. Not only is it security nightmare, it's more expensive than competitor's.

0
0

Thomas Cook website spills personal info – and it's fine with that

Aodhhan
Bronze badge

What a bunch of $$$7

In good faith, I believe the company should publish the names and PERSONAL emails of all company board members and those holding the position of VP and above.

If they will do this, then I'll go along with them saying this is a LOW vulnerability... but you know they will never do this.

3
1

Snooping passwords from literally hot keys, China's AK-47 laser, malware, and more

Aodhhan
Bronze badge

Re: proceed with phase 2

The Democrats have wanted to remove representative democracy from the constitution for about 20 years now, and replace it with a modified socialism model. Yet, like all socialistic models, there is no real solution to how a country will pay if everyone received free ...everything.

American's don't celebrate kicking the Brits out of the country on July 4th. This is the day American's celebrate independence from a ridiculous monarchy. Since America had to give England two epic beat downs (don't forget about 1812) before they learned their lesson, another holiday was created for this azz-whooping. It's just not very PC these days to openly celebrate making another country your beotch; so this holiday isn't widely known.

0
2

Things that make you go hmmm: Do crypto key servers violate GDPR?

Aodhhan
Bronze badge

If you can't do, might as well go into teaching

Implied consent is far too broad of a term to make an assumption with. Yes, and assumption, because for a case like this, implied consent has never been adjudicated in the courts.

..and just because you place something into the public domain, doesn't automatically presume implied consent. Anyone who has taken a high school law class can get this question correct.

You park your car on public streets; therefore, implied consent says anyone can take it after you leave.

Sounds good, right? But obviously this isn't the case.

You'd think a professor could take 10 minutes to think this out and realize how wrong they are.

Another example... you put your garbage on the street, so now anyone can go through it and grab any old documents and other personal items you tossed out for themselves.

Again, sounds good, but in most countries... doing so is still considered stealing. Tossing something out doesn't give 'implied consent' that anyone can take it and use it.

So, once again... another so called security professional at a university who went into education because they couldn't actually perform well on the job. If you can't do, might as well teach.

2
0

Don't fear 1337 exploits. Sloppy mobile, phishing defenses a much bigger corp IT security threat

Aodhhan
Bronze badge

Thank you captain obvious--Is this really your best?

Way to put a lot of time restating keynote speeches given for the past 10 year; actually for the past 50. Don't forget the basics; we must get back to basics--maintain your foundation... blah blah. DUH! Sounds more like a speech given by a coach before a football match, than a well thought out technology briefing. Could also be the big all caps writing on a pamphlet.

BTW, those who aren't concentrating on the basics and shoring up their own networks... aren't worried about state sponsored attacks. They aren't worried about anything--because they're ignorant to begin with.

If I pay a lot of money to attend a conference, I don't want to hear ridiculous 'basic' crap from an individual who is on the cutting edge of information security. I can open up YouTube and search for this. Give me something new. Something I can't search for and find. Give me your best. YOUR BEST.

When I see crap like this, it makes me think the person giving the speech isn't really as smart as they let on about... it seems more likely it's the people they work with who are the intelligent ones, and they are the 'average' person riding on the coat tails of others.

4
2

Hands up if you didn't lose data in the Typeform breach

Aodhhan
Bronze badge

Welcome to...

PaaS and SaaS cloud environmental risk.

Too many professionals don't understand the increased risk, and don't have the experience to know where the data is and how well it's protected.

---then they find out (TOO LATE), the cloud provider has no responsibility or risk acceptance; it's all on them.

1
0

'Plane Hacker' Roberts: I put a network sniffer on my truck to see what it was sharing. Holy crap!

Aodhhan
Bronze badge

This is what happens, when you vote in people who want bigger government.

Tax and monitor.

3
0

Gentoo GitHub repo hack made possible by these 3 rookie mistakes

Aodhhan
Bronze badge

Complete Security Failure -- NOT a mistake

This only shows how lazy people are. No doubt the expertise existed to provide a thorough and accurate risk assessment of this system. If an in-depth investigation takes place, they will likely find, the internal security organization provided the risks associated with not using MFA along with fire IDs, restriction/segregation of privileges along with password policies.

Don't call this a mistake... it was a deliberate act to accept the risk.

The "I don't want to inconvenience my workers" snowflake, lazy, PC attitude doesn't work in most professional settings, especially when it comes to risk.

Get rid of plastic straws if you must, but don't accept moronic risk out of laziness and PC optics.

Oh... and you may wish to fire whomever decided to accept such risk, and please publicize their name, so everyone knows not to hire this individual to make risk decisions.

6
1

Hipster horror! Slack has gone TITSUP: Total inability to support user procrastination

Aodhhan
Bronze badge

Ack..

Does anyone have my ICQ number? I can't remember it!

1
0

When Google's robots give your business the death sentence – who you gonna call?

Aodhhan
Bronze badge

Laws

Right now there isn't a lot, if any regulation on cloud service providers; therefore, they have you by the short and curlies.

I really hate an increase in government regulations, but CSPs who are currently not responsible for data as a whole (even with PaaS), really need to be reigned in. There is too much consumer information being placed on these systems for CSPs not to be more responsible.

It's ridiculous when a CSP has you locked in and then they change the rules on you--and you're stuck.

1
0

Smash-hit game Fortnite is dangerous... for cheaters: Tools found laced with malware

Aodhhan
Bronze badge

C'mon

Malware disguised as something else is hardly a new concept.

Cheating... has been going on before man lived in caves.

During testing, testers are often provided means of adding this/that... doing this/that, jumping here/there, etc. and this information on how this is done gets leaked.

With today's processors and memory availability, it isn't hard to add in code to sanitize input, mask values, and other techniques to prevent cheating. However, there is no real incentive to stop this until it gets out of hand. People being able to cheat, to some extent, brings people to their game and therefore increases revenue.

..and since stupid cannot be fixed; there will always be the gullible cheaters who fall prey to malware disguised as the latest cheat. But let's face it, if you're so pathetic you need to cheat on an online game, what do you really have to lose by a MiTM attack.. other than their mom's credit card number.

1
1

'Coding' cockup blamed for NHS cough-up of confidential info against patients' wishes

Aodhhan
Bronze badge

No Apologies

You don't owe the public an apology... you owe the public immediate suspension followed by sacking after an investigation.

Since this has now become a trend (not that it wasn't before), those in leadership, policy writing and technical operations all need to be under fire and out of a job.

What happened to the government? It used to be when you just sneezed out of place you'd get fired. Now you can't event get rid of someone who is outright negligent.

Politicians... this is why you guys are being voted out in favor of someone with little experience (in being bribed, etc.). It doesn't matter which party you belong to, if you're part of the establishment, you probably should enjoy every last second while you can.

10
1

FireEye hacked off at claim it hacked Chinese military's hackers

Aodhhan
Bronze badge

Just another asinine NY Times reporter trying to make extra money by publishing a book on something he knows very little about. Not to mention, typical NYT reporter not doing any further research or speaking with other InfoSec professionals about certain tactics, techniques and procedures used by penetration testers and information system forensic experts.

How many times this year has the NY Times had to retract or clarify something because their reporters did a half-ass job? A LOT.

When standards are low, you're going to have employees who aren't the best around.

3
0

Reality Winner, liberty loser: NSA leaker faces 63 months in the cooler

Aodhhan
Bronze badge

Typical spoiled little brat.

No coping mechanism to deal with an uncomfortable situation.

Most work places which allow news to be shown on television don't have the sound on, or the sound is very low. So I'm betting she is exaggerating quite a bit. Likely, she was looking for some sort of attention out of the ordeal.

Plus I'm sure, she figured her pantyhose was a perfect place for stashing documents. Listening to her talk and looking at her social media... I'm betting nobody has tried to breach her pantyhose on a Friday/Saturday night.

2
6
Aodhhan
Bronze badge

Wrong.. it wasn't the NSA who wanted to withhold knowledge of Russia hacking voting systems; it was the Obama administration. This has been known now for almost a year.

https://www.nytimes.com/2017/06/21/us/politics/jeh-johnson-testimony-russian-election-hacking.html

2
2

EU summons a CYBER FORCE into existence

Aodhhan
Bronze badge

WTF?

According to what is released.. each country has to maintain a unit.

So, instead of sharing resources... each country has to spend money on them.

Sounds more like an opportunity for bureaucrats to gain more control over something they know little about, and allow crazy old men at the EU HQ to make more money for themselves by selling influence.

Watch... soon, all penetration testing will have to be done using certain commercial tools, and it will be against the law to create your own, or use tools which aren't on their approved list (you know, companies who provide kickbacks to bureaucrats) -- throughout Europe.

If each country has to already maintain a unit, then why let the whackos in Brussels tell InfoSec professionals what to do?

Just more power grabbing and money making schemes.

1
2

'Black hat' extortionist thrown back in the clink after Yelp-slamming biz

Aodhhan
Bronze badge

Re: Fake negative reviews?

All parole conditions will come with a statement (to the effect) of staying away from those affected by your actions which originally landed you in jail/prison.

Along with about 20 other items.

In the USA, any violation of your parole will put you back for the full time (for state/local sentences), and will likely cause you to face new FEDERAL charges. Under federal sentencing guidelines, you serve the entire sentence. No chance of parole after 12 months.

2
0
Aodhhan
Bronze badge

Reread the first amendment and court cases regarding it.

You don't have the right to say anything at anytime.

First amendment means you can speak out against the government without reprisal. Doesn't mean you can trash your neighbor, slander or threaten people.

Someone didn't do their homework in school, and only listens to moronic political laced comments.

4
0

'No questions asked' Windows code cert slingers 'fuel trade' in digitally signed malware

Aodhhan
Bronze badge

Encryption and Integrity.

Big difference in how the certificates work.

I'll point to Google, so you can do the rest.

1
0

On Kaspersky’s 'transparency tour' the truth was clear as mud

Aodhhan
Bronze badge

Seriously?

Kaspersky, I think thou dost protest too much!

Yes, all governments are self-serving... loathing SOBs; however,

if you don't understand the difference between a freely elected government and a government ran by a pseudo-dictatorship which invades a peaceful nation and runs hundreds of thousands of people out of their home at gunpoint.. then I believe you have a lot of research and self-reflection to do.

For anyone to back the Russian government about anything is just ridiculous. It also means you don't have any regard for human rights.

It's amazing how people will hang on to conspiracy theories about MI6, CIA, NSA and believe Russia is okay. How stupid can anyone get? I suggest you open your mind a bit, think critically, and talk to people from Russia and surrounding countries. You will be in for a mind blowing reality check.

5
15

India tells its banks to get Windows XP off ATMs – in 2019!

Aodhhan
Bronze badge

Look at everything

If you're willing to pay for it, Microsoft provides patches and fixes for Windows XP Pro until 2020.

It isn't cheap, but in cases where you don't have much choice... you know how it is.

ATMs are more/less PoS devices. Many applications haven't been updated to run on more modern OSs. If they have, the ATM owners (not necessarily the banks who lease them), won't spend the money on upgrading OS and applications until they are made to do so. Why should they? You'd save the money and pocket it yourself, right?

The number of increasing integrity attacks are starting to change minds, not to mention the cost of insuring old software/OSs. As is how much courts are starting to make examples of corporations who aren't being attentive to proper due diligence, and especially those who aren't attentive to proper due care. In-which using and old OS will likely hit the hardest in courts.

If you look hard enough, you can still find Windows XP in the US and western Europe. Mostly with companies who lease out older ATMs. For banks who own their own ATMs, these are likely updated with newer operating systems, and a wealth of physical security add-ons.

1
0

A volt out of the blue: Phone batteries reveal what you typed and read

Aodhhan
Bronze badge

This is what we called in the 80s and 90s... BSware.

Just a bunch of crap put together, which is not only difficult to collaborate, but so effing boring that nobody will.

This happens when a good idea, turns out to be not such a good idea, and then into a pile of BS.

Even though they knew hours ago, they should have abandoned the project... they didn't. So they go ahead with it and publish rubbish like this.

Just a means of individuals 'publishing' something for the sake of publishing and to say they have.

Texas-Austin academics should have stopped this from being published. In not doing so, you've more-less put this university on the back burner for integrity. Although, U of Texas never was on the map for computer engineering, let alone computer security.

C'mon guys, there are more important things to study and research. Don't be afraid to let go of a project if it isn't going anywhere... it's better than being laughed at.

Matt Halpern, Manuel Philiose and Mohit Tiwari... better luck next time, if you're given the opportunity.

2
1

Schneier warns of 'perfect storm': Tech is becoming autonomous, and security is garbage

Aodhhan
Bronze badge

Re: ahum, dumb fucks ?

Calling an entire generation of individuals, in which a good majority haven't been given the skills to think about and look at 2nd, 3rd and 4th order effects, "dumb fucks" isn't entirely out of line--especially when it comes to information security as a whole (not just a profession).

So yes, it is a security problem for those who download the latest 'game preview' only to find out it's actually an application spreading malware. Yes, it's a security problem, when the generation doesn't learn from such actions and repeats these insecure acts in a habitual manner--then continues to spread to family devices on their home network or via email attachments.

Offensive security should NOT be contained to only the lab. Not to mention, offensive security has very little to do with the SDLC. Code review and offensive security is two different things; not to be confused with penetration testing.

So, before you begin harping at people about what the 'problem with security' is--you should first spend about 7-10 years in the field so you completely understand it.

Calling people dumb fucks is not the reason for poor security, or responsible for a society in fear and uncertainty. Nor is it responsible for poor patching practices. Good grief. If you really believe this, then you're a snowflake who will never thaw out. Would you like your crayons in a box of 8 or 16?

19
3

Fraudster admits she was OPM dealer: Leaked US govt staff files used to bag cash, car loans

Aodhhan
Bronze badge

Pseudo statisticians

I love people who come up with false narratives and stats which are so far off, you can only assume, they don't have the brain power and patience to do 20 minutes of research and cross checking to get it right. ...rather, they'd prefer to spout out numbers and false figures in an attempt to make themselves seem more superior than others. Fact is, it only displays their own ignorance.

Using once source, especially something you just heard, or figured out on your own... isn't going to make you look smart.

...and bundling "YANKS" and all citizens of the USA as one is really asinine. ...but it's understandable many Europeans do this, as they don't really understand the size of the USA, and cannot begin to imagine what it is like to live there. As if, what works in England can transfer to the USA; when most of the states alone are larger and more populace than England; let alone 50 put together.

The EU bundled together, is only half the size and population of the USA, and look how screwed up it is.

0
0

Page:

The Register - Independent news and views for the tech community. Part of Situation Publishing