* Posts by Aodhhan

684 publicly visible posts • joined 25 Apr 2008

Page:

Email security crisis... What email security crisis?

Aodhhan

Memo to all Personnel

Attention,

Due to the recent threats and a need to have a system we can store state secrets on, I've ordered our email server to be moved into a towel closet near a bathroom; where it's unlikely any malicious foreign service will find it. We've also instituted an offline backup system to place important files on the laptop computer of my assistant's husband.

Thank you

--Hillary and the DNC--

Dear America: Want secure elections? Stick to pen and paper for ballots, experts urge

Aodhhan

Re: @Martin Gregorie

If you're going to spill evilness about those on the opposite side of the political spectrum, you may want to at least take a few minutes to look at how imbedded you are.

You should consider how fascist your words are.

A fascist doesn't want to hear the other side. If someone doesn't believe what you believe, then they are wrong... and should be punished. --This is fascism.

A fascist doesn't look at both sides. They are stuck on what they are told (rarely looking for the truth).

A fascist sees faith as a bad thing, and belittles anyone who follows religious beliefs.

Finally, a fascist calls others fascist without proof...often times without knowing what the word actually means--because they've spent so much time just repeating what they've been told to say.

Attempting to apply 'tribalism' to religion is so completely ignorant, it's clear you don't have any original thoughts of your own, and you've never stopped to use the cognitive creative abilities your brain does have. You may want to try critical thinking for once. You'll find your life suddenly becomes a lot more enjoyable and filled with less hate.

Voyager 1 left the planet 41 years ago – and SpaceX hopes to land on Earth this Saturday

Aodhhan

No math outside USA, China and Germany?

Is it only the USA and Germany which bridge mathematics and science in school?

The ISS is moving ~17,500mph because of orbital mechanics. If it was going slower, it will fall back to earth. If it was going a little faster, it would increase it's orbital altitude, if it was going much faster... say 25,000mph, it would escape earth's gravity.

Consider how fast an object must be going to maintain earth orbit, then how fast something needs to go to escape earth's orbit. Finally, work how fast something must go to escape the grasp of the sun. Most objects don't decelerate due to friction, they decelerate from gravitational pull of a large object. Such as a large planet, star, etc.

If you don't believe 35000mph is fast, perhaps you should consider just how fast it really is. If you were watching traffic on a road, in which the speed limit is 35000mph, you wouldn't see the traffic go by, and you couldn't turn your neck fast enough to keep up; even if you were 5000 feet from the road.

Wannabe Supreme Brett Kavanaugh red-faced after leaked emails contradict spy testimony

Aodhhan

ROFLMAO

First off... the emails weren't leaked as first reported. They were approved the evening before by the Senate sub-committee. Senator Booker introducing them was just putting together a grandstanding moment for the crowd, in hopes of becoming a front runner for president.

If you read everything thoroughly, you'll find in each case, it shows how the nominee is actually very UNBIASED in his opinions. (which is why not a lot was really talked about during questioning in the afternoon or making headlines) In protecting freedoms of everyone from all ethnic backgrounds; despite Islamist terrorists attacking the USA a week earlier.

As far as being read into a program. There are items which can come from a program which are declassified or classified releasable outside of it's SCI container. This often happens for certain high ranking government officials, judges, etc. with a need to know.

It's amazing how people immediately disregard facts, when lies or 'spin' is brought up on things they wish to hear.

If you want to make a comment when knowing only 2% of the information, and/or looking at all the facts--instead of looking at everything from all sides--you're free to do so. By now, you're likely used to the taste of toes in your mouth. You will also likely continue to make less than $70K/year.

If you notice, not a lot was brought up in questioning this afternoon... other than grandstanding blah blah questions, and nothing is being made of it today. Well, nothing substantial. I'm sure the far left will still rant and chew on this nothingburger.

Excuse me, but your website's source code appears to be showing

Aodhhan

Re: Not the root problem

Here's a quick run thru of why you're SO VERY WRONG.

Any code live to a hacker is potentially a weakness... if not today, then tomorrow. This goes for encryption as well. Typically, developers are 'too busy' to maintain every part of the code.

The most prevalent weakness in web sites, is in not updating/upgrading code developed in out of date environments. For instance, using jQuery 1.7.x (which I see a lot), when the current version is 3.3x. You can even find old .NET web apps, etc. Yeah, a lot of exploits in there.

Giving me access to code, allows me to scrape the website and go to town. If I don't find a weakness, it sure makes it easy to duplicate and redirect users to it. Because there is so much code, I can get not only authentication credentials, but likely internal information; such as an account number, social security... you get the picture now.

If the directory isn't locked down, what would you do if someone... say, updated the code for you? ...think malicious thoughts.

If you think none of this is possible, then what we can tell from you is--you don't have much experience in the real world. So we think "Bulls Eye"!

Spies still super upset they can't get at your encrypted comms data

Aodhhan

No way.

Look... we voted out the Obama--Clinton power house Dems which abused their powers and continue to slow down progress by throwing false and malicious accusations against innocent people.

We learned from the Obama era, even the FBI, MI6 and CIA can't be trusted... even within these organizations it's possible for people in the highest levels become corrupt and unfair.

As someone who does pen testing and red teaming for a living... those who concentrate too much on encryption, often leave other weaknesses wide open; because people are, for the most part... lazy and forgetful.

Detroit sh*t shifter's operating costs waste away with Oracle's cloud

Aodhhan

The brain trust of the sewage department has spoken

Yes, I'm sure the brightest computer scientists and engineers stand outside in the Michigan sunshine...err snow drifts to que for an opportunity to work at the sewage department.

Saving $1Mil is a huge sounding statement, until you realize where they were beforehand.

Since you chose Oracle... you likely would have saved even more money if you decided to use something else. You definitely will find, you will have a more secure database if you went with several different products.

If you had completed a good amount of technical research, you would have found out corporations are moving away from Oracle in favor of 2 to 3 other solutions.

You can't just look at your initial savings, you have to look at savings over the lifecycle of the product... in this case, about 4 years. Not to mention the risk increase/decrease... in the case of Oracle... it's a definite risk increase. Although, who cares if hackers get in to the database and start releasing a bit too much chemical into the wastewater? Especially knowing how well the sewer system drains in the old central part of Detroit, even if it only rains 0.25 of an inch.

What's holding you back from Google Cloud? Oh, OK... it was hoping you'd say 'lack of hardware security modules'

Aodhhan

No doubt they have access to the keys. Which is why I always believe it's better to use a 3rd party.

The biggest item here, is to let us know with their services, how much latency is added to each of the most common cloud configurations--when using their HSM. Also, how much it will cost to decrease the latency. This goes for incoming and outgoing traffic.

The cloud is a great place to reduce time and cost, provided you aren't worried about performance.

ETSI crypto-based access control standards land

Aodhhan

The nanny state kicks in.

Let's make regulations covering every bit of data we can; then, let's make things so convoluted and difficult to interpret we are sure to get people busted; because, finding people educated enough to understand all of these regulations will be difficult.

We must do this because InfoSec professionals are too stupid to figure out how to secure data. Plus, if encryption best practices change, we want to create even tighter regulations to babysit.

...blah blah blah.

-------

I like the GDPR in theory. In practice, we're beginning to see the rich white men in Brussels are trying to over control the industry.

You don't need to make regulations on how encryption is properly done. All you need to do is create laws to hold businesses responsible and punish appropriately. Require businesses have a robust InfoSec organizations within their corporation. Let the professionals who know a lot more about securing data than politicians, do their job.

Then you don't need to stick your noses in at every turn, cost taxpayers more money than needed... and if big industry changes occur... it's easy to adapt without having to rewrite 35 volumes of outdated regulations.

Use Debian? Want Intel's latest CPU patch? Small print sparks big problem

Aodhhan

You obviously aren't trained in legal matters.

Businesses also have constitutional rights. A business has the right to not do something, and you have the right not to support this business for their decision. Nobody has a monopoly creating a forced action. Everyone can go elsewhere and make a number of choices.

This being said, both the EULA and Debian's lack of action is not against GDPR or anyone's constitutional rights in any country in Europe.

SuperProf gets schooled after assigning weak passwords to tutors

Aodhhan

Re: At Superprof we take security seriously and know how key it is to the running of our business

Taking security seriously doesn't mean you have cousin Nigel--educated by the London public school system and flunked out of taxi driving school--audit your security practices.

Taking security seriously, means you've built your security policies and procedures around industry best practices, and annually have an outside agency audit your security and risk management programs. Then you take the audit to heart to make changes as necessary to constantly improve.

How's that encryption coming, buddy? DNS requests routinely spied on, boffins claim

Aodhhan

Re: Well to stay real for a bit

Christian,

The ISPs can't monitor your Internet packets if they are encrypted, and many times, the route taken by the packets for all the web sites you view (from your computer to any particular web site) doesn't pass through the ISP.

However, if you use their DNS servers (and most people do), they can track where you have been on the Internet.

Aodhhan

Re: whatismydnsresolver.com

Performing a traceroute doesn't prove anything when it comes to DNS.

The path used by packets to perform information exchange with a particular web site, isn't the same path taken by DNS to resolve queries. Two very different protocols, for two very different services.

C'mon. You should know this.

Aodhhan

Re: whatismydnsresolver.com

Don't you just love the ignorant when they post something on a security site?

Pascal's response to this article actually gave me a chuckle. I didn't think anyone who is so ignorant on DNS would post something so silly.

I guess the filter most of us have for being quiet when something doesn't make sense to us wasn't provided Pascal.

Pascal, you aren't the center of the universe. Just because something didn't work for you.. doesn't mean it doesn't work. It just means you're too ignorant to figure it out. Perhaps you should research the problem on YOUR END a bit more. :)

SentinelOne makes YouTube delete Bsides vid 'cuz it didn't like the way bugs were reported

Aodhhan

A waste of time

Let's see how long it takes for everything to get on the notebook sites and dev sites, such as GitHub.

Juno this ain't right! Chinese hackers target Alaska

Aodhhan

Not attempting to hide IP

The IP wasn't hidden, because more than likely this wasn't done by the government. It was instead carried out by students and/or faculty at the university. In China, it's a HUGE crime to attempt to hide your actions or use devices such as Onion routers, external proxies, etc.

China's strict control of the Internet within their country, does provide some benefits to intelligence communities in more than just this reason.

Aodhhan

Re: There is not enough OMG for this

This is old news. It happened during the Obama administration around 5-8 years ago.

Part of the problem uncovered in an after action report, was the lack of funding the Obama administration provided to the department of defense, DARPA and intelligence agencies. This forced them to use poor quality products and take shortcuts both logically and physically regarding intelligence techniques, tactics and procedures.

Who was it that hacked Apple? Ozzie Ozzie Ozzie, boy boy boy!

Aodhhan

It's not going to work...

It's not going to work --to get a job -- when you hack Apple systems using Ubuntu.

This really erks them off.

Mozilla-endorsed security plug-in accused of tracking users

Aodhhan

You take privacy seriously... my azz.

Taking privacy seriously means testing and checking all plugins for privacy concerns before making them available to the public.

Obviously this application wasn't checked for privacy concerns... so it seems you don't take privacy seriously. You're only trying to cover your back side after the fact, like a weak politician.

Making some BS statement after the fact, doesn't help your credibility at all. It only makes it worse. Better would be, you are going to make changes in procedures to ensure privacy is maintained prior to making plugins available.

Former NSA top hacker names the filthy four of nation-state hacking

Aodhhan

Sorry for the misunderstanding

The NSA doesn't actively practice hacking systems in the USA.

We turn this over to the FBI and let them do it. We only get involved when these twits can't figure it out.

-NSA-

It's official: TLS 1.3 approved as standard while spies weep

Aodhhan

That's right...

It's impossible to break into. We haven't found a way in so we gave up.

The protocol is different, but the cipher suites and certs are still the same.

We'll never be able to crack this.

-NSA-

BWah ha ha ha ha.

Psst. Think everyone will buy this?

CVE? Nope. NVD? Nope. Serious must-patch type flaws skipping mainstream vuln lists – report

Aodhhan

Then there are other unreported vulns

As a penetration tester for a large company, it's my job to test all applications before they are certified on our networks. This includes internally developed, as well as COTS apps.

Probably more than 60% of the time, I find vulnerabilities for the vendor to fix. Around 10-20% of the time, it's a critical vulnerability (remote and easy to do). Each time, I noticed they NEVER publish the vulnerability. They just add the fix quietly into their next "update". No mention of what we find at all.

So why don't we say something out loud? Because most software vendors/companies have items in their commercial EULA's which amounts to a non-disclosure agreement. Getting on a bulletin board, twitter, etc. will put the company you work for--and your job--in jeopardy; so unfortunately this isn't an option.

So if your a network engineer, be aware of this factor and use it to budget better security equipment to mitigate this fact. Especially with external facing web applications.

Oracle: Run, don't walk, to patch this critical Database takeover bug

Aodhhan

I have to ask...

Since Oracle has a horrible reputation of fixing patches--not to mention the high number of EASY exploits; why are you still using this database, and/or any application requiring Oracle Java?

Fortunately, the two companies I've worked for in the past five years have both pretty much phased all Oracle products out--including Java based web apps. Not to mention, getting rid of applications which embed Oracle into their products. Such as Symantec DLP.

Hackers manage – just – to turn Amazon Echoes into snooping devices

Aodhhan

Dang...

We were hoping it would take some time before people figure this out.

Now we have to get good at bypassing home physical security systems again.

-NSA-

Patch Tuesday heats up with pair of exploited zero-days squashed – plus 58 other vulns fixed

Aodhhan

Seriously....God?

Anyone who believes you can simply kick out a fix for something in a few days is ignorant about the process... and a moron for not taking the time to learn a bit more about it.

First off... nearly anytime you increase security--albeit slightly--you impact usability. Therefore, it must be tested by security and users. Many times, it must be tested against a load of different software to ensure it doesn't negatively impact them.

Just like chess, when you move a piece to strengthen your position, you also create a weakness because you're no longer defending areas where you once were.

So... the entire operation, usability, security, etc. must be checked, attacked, worked with etc. Sometimes, it isn't fixed during the first iteration, so it must be done over.

This does take some time. If you think you can do better, and teach people something they don't know... then by all means, step up and jump froggy jump! It's easy to be a beotch and complain about something, when you're a moron.

Sometimes it's better to keep your mouth shut and let people think you're an idiot, than to open it up and remove all doubt.

Cracking the passwords of some WPA2 Wi-Fi networks just got easier

Aodhhan

Where have you been?

This isn't a new technique. We've been using it for a while.

-NSA-

Dear alt-right morons and other miscreants: Disrupt DEF CON, and the goons will 'ave you

Aodhhan

Keep politics out

I don't care which side you belong to. I don't want to see any political activities at a Info Sec conference. I even hate the morons on both sides, who want to interject it on this site.

They only display how hateful and small minded they are; most only repeat what they've heard, and not what they objectively know from doing their own work. If they did, they'd see both sides are moronic liars, who only say things to get your vote and do their best to trash anyone who opposes them.

So.. it's the same ole crap from both sides. Use your brain power for something else, and keep the political thoughts away from security sites and conferences.

Boffins: Mixed-signal silicon can SCREAM your secrets to all

Aodhhan

Not new

This has been known by most of the major countries in the world since at least the mid 80s. It's one of the reason there is shielded conduit and tempest solutions, even when the transmission is encrypted.

Well, well, well. Crime does pay: Ransomware creeps let off with community service

Aodhhan

Seriously...

If 18 or 22 years of age is too young to be held responsible for poor decisions, then we really need to raise the age for voting, drinking, driving, flying aircraft, etc. They weren't 12 to 14, so young my azz.

Sure it wasn't violent... which is why you give them 1 or 2 years instead of 5-20 years.

If they stole money from you, and you weren't able to feed your kids or make rent... you might think a bit differently. A lot of people live paycheck to paycheck. Losing 500 euros can really hit a family hard and cause undo stress... for a lot longer than 240 hours.

I think the judges have loss touch with what it is like for the majority of people. Those who don't make 300K plus euros per year.

Shock Land Rover Discovery: Sellers could meddle with connected cars if not unbound

Aodhhan

Good Grief.

Apparently, you think JLR should monitor all their vehicles and some how know when they are sold off?

Of course not. But you do have to think of the process... and bump it up against a few things.

It's the typical security see-saw balance of usability versus security.

Make it too easy, then a auto thief can easily make changes so you can't track the car.

Make it too hard, then the owner gets upset.

Like any new technology where security is involved, it takes a bit for a good balance to be struck. So in the mean time, don't get too pissy about the situation. Instead, work to find a balanced solution. This is what security professionals are supposed to do.

Google's Alphabet hit by Europe's other GDPR: Global Domination = Profit Reduction

Aodhhan

Re: Oh, we "customers" or "products" always pay

Apparently you don't understand economics.

If a company is fined and you believe they are going to raise prices because of this... then go elsewhere. Typically though, companies don't raise their prices; stockholders end up taking the biggest hit. Some may go into not paying raises/bonuses to employees. This is why fines can be successful in ending bad behavior.

Where the money goes? ...this depends. Typically there is some sort of general fund it goes into and then those in charge figure out what to do with this. Sometimes the money here goes for good things, like new bridges or other infrastructure projects. Like in Germany, it will likely pay for a pipeline to Russia.

The USA doesn't like the government interfering in business policy. You know, this whole freedom and liberty idea. The only real exception is health and welfare of the public/customers.

When it comes to this case, most people in the USA think it's moronic, and just a way for a government to screw over a company and the company's work force. In other words, a way to make politicians rich at the expense of employee raises and benefits.

Are people in Europe so stupid they wouldn't know how to download and install another browser; or another application and not use what is already installed? Of course not. Further, Android doesn't prevent the user from doing this. Can you imagine purchasing a new phone and there is not browser at all on it? C'mon. Do you really expect them to just install a competitor application? ...or some plain label and insecure browser? Common sense needs to be used.

Google answers 'Why Google Cloud?' with services and spectacle

Aodhhan

Try doing this away from SFO

One of these days, they are going to start doing things away from the bay area.

San Fran has become a crap hole lately, especially in the downtown area. I wouldn't attend a conference there again if they paid for the entire trip.

I'd rather deal with the crowd in Las Vegas or traffic in Chicago than to put up with the smell and sights of downtown San Francisco.

Dust yourself off and try again: Ancient Solaris patch missed the mark

Aodhhan

Raise your hand...

If anyone is shocked Oracle had this problem.

...take the walk of shame if you're still using Oracle products. This includes the whacky Symantec products (Like DLP) which build it into the application.

Insecure web still too prevalent: Boffins unveil HSTS wall of shame

Aodhhan

Not shocked...

This is a lot more common than most people think. The reason is pretty simple. For corporations who don't use experienced penetration testers and rely on application and web scanning tools. This is because findings from these scanning tools typically state HSTS and other "header" misconfiguration findings are considered "LOW". Because of this, the risk is typically accepted or placed deep in the queue to be fixed.

For those who hire good penetration testers or have them on staff, they will consider most header findings as a medium; even for internal sites (it doesn't take long to fix) to ensure these findings are corrected. Once the developers and middleware admins get used to this, it doesn't take them long to ensure all headers are correctly added and configured for each site.

Azure promises to keep your backups safe and snug for up to 10 years

Aodhhan

Marketing

Of course they say this... the longer you keep your data with them, the more money they make.

It's not like they say... they'll do it for free.

So long and thanks for all the fixes: ERPScan left out of credits on Oracle bug-bash list

Aodhhan

Nobody is shocked

Oracle has been hosing everyone since it became a publicly traded company.

The only shock, is how many ignorant corporations out there who still purchase Oracle's crap.

Trump wants to work with Russia on infosec. Security experts: lol no

Aodhhan

Re: Tee hee. Trump is to Putin as --

Don't forget...

The whole DNC hack was done while Obama was in the White House. Along with Russia gaining Crimea. Oh, and don't forget the red line in the sand fiasco.

Meddling was done between Hillary and the Russians... remember Uranium One?

This is just the democrats yelling louder and without pause--accusing others so people don't talk about the transgressions done while they were in power.

If Trump walked on water, the democrats would scream it's because he doesn't know how to swim.

Yet, so many people buy into their BS and catch Trump Derangement Syndrome, and lose all focus on reality.

Scumbag confesses in court: LuminosityLink creepware was my baby

Aodhhan

GM, Ford, Ferrari, and others plead guilty

...to creating sports cars which can easily outrun police and cargo vehicles to carry..uhm, stuff.

They all admit to knowing these high speed vehicles are perfect for criminal activities such as smuggling and trafficking as well as getting away as quickly as possible.

They also admitted to knowing these products have been used in terrorist attacks as well as kidnappings; yet still...they provide customer support as well as spare parts to those in need.

I don't condone this guys product, but let's get real. Those who need to be arrested and focused on (with laws) are those who use the product illegally. With a few simple changes to his words, he could've marketed this as a security tool in many locations (including the US) and been fine.

Sub-Prime: Amazon's big day marred by server crashes, staff strikes

Aodhhan

Seriously snowflake?

The employer has the responsibility to provide for the physical and mental well-being of its employees?????

No it doesn't; you do. How about this... listen better in school, buckle down, and get an education. Then you wouldn't have to work in a warehouse.

Perhaps you should try a job outdoors, in the elements... like many jobs.

Perhaps try putting your life on the line, such as first responders.

Maybe try high rise construction or trash collection.

Waaaah.. underpaid. No you're not. Look at the thousands of other occupations out there where it takes a lot more to collect a paycheck. Taking an order, tossing it in a box, putting it on a truck... etc. Not exactly worthy of high wages. You don't see most people working in department stores driving the newest cars.

Quit using WANT, want, WANT, and start using earn EARN earn.

Oracle cuts ribbon on distributed ledger service

Aodhhan

They have to do something

Their over priced, under secured database is starting to be used less and less; so Oracle has to do something.

Banks don't exactly have a huge supply chain, so saying any of them use this isn't really saying much. Where they do, it's so regulated by every country, that it's not really providing anything but a common application.

My worry is simple. It's Oracle. Once again, they rush a product through... to be one of the first so they can charge way too much. All their products are pushed this way... all their products have security holes which can be used as examples of what not to do.

Oracle: Not exactly the best name in the InfoSec world.

I imagine, nothing will change in this regard.

Irish fella accused of being Silk Road admin 'Libertas' hauled to US

Aodhhan

Re: Extraditing random people?

Look... instead of looking silly, why don't you take 3 minutes and use Google on the phone which is obviously stuck 10 inches from your eyes. What makes idiots comment about something they admittedly don't know anything about?

It's not about where a 'server' is (good grief... really, you think it's about the server?) It's about where the crime is committed/damage takes place.

Revealed in detail: World powers stuff spyware kit, how-to guides in dodgy nations' pockets

Aodhhan

It's the snowflake way

If we yell loud enough with a message which is just corny enough (it doesn't have to be true), somebody will eventually believe it, provide us a forum, and we will be smart and important.

Anyone can publish anything. Doesn't mean it's worth its weight in dog crap.

Indictment bombshell: 'Kremlin intel agents' hacked, leaked Hillary's emails same day Trump asked Russia for help

Aodhhan

Smoke and mirrors

The democrats are basically shouting over everyone and taking any little thing they can and running with it.

They're doing this to cover up the fact Hillary broke the law and set up a private server, used her position of power against her rivals, made terrible choices both in and out of office (including choices which killed people).

Hillary's strategy is... if you shout really loud and don't allow anyone else to talk, then the public will not be able to hear the real truth and see just how bad you really are. The only fallacy in this, is not shutting up long enough to understand the public isn't stupid.

The DNC will continue it's push against Trump, but there are a lot of people in Hillary's own party who are very happy she didn't win the election; could you imagine?

Ukraine claims it blocked VPNFilter attack at chemical plant

Aodhhan

Re: Come on!

Actually, it was Obama who said Putin is nice.

Obama: Hey, Putin is nice... let's pull our defense systems out of eastern Europe as a sign of good faith and friendship.

Putin: Ha! The American's pulled back, strike Crimea! No worries... Obama will just draw another red line he will not enforce.

Timehop admits to more data leakage, details GDPR danger

Aodhhan

Well done.

A company using primarily servers facing the Internet fails to use MFA for administrators.

You have to consider the CIO neglectful in their duties for not ensuring MFA is implemented

Tim? Larry? We need to talk about smartphones and privacy

Aodhhan

LOL @ Oracle

Oracle's security has been so bad, they needed to figure out a way to make everyone else look just as bad or worse.

Perhaps Oracle should spend more time putting out a product which doesn't need so many patches every year. I still don't understand why businesses buy their products. Not only is it security nightmare, it's more expensive than competitor's.

Thomas Cook website spills personal info – and it's fine with that

Aodhhan

What a bunch of $$$7

In good faith, I believe the company should publish the names and PERSONAL emails of all company board members and those holding the position of VP and above.

If they will do this, then I'll go along with them saying this is a LOW vulnerability... but you know they will never do this.

Snooping passwords from literally hot keys, China's AK-47 laser, malware, and more

Aodhhan

Re: proceed with phase 2

The Democrats have wanted to remove representative democracy from the constitution for about 20 years now, and replace it with a modified socialism model. Yet, like all socialistic models, there is no real solution to how a country will pay if everyone received free ...everything.

American's don't celebrate kicking the Brits out of the country on July 4th. This is the day American's celebrate independence from a ridiculous monarchy. Since America had to give England two epic beat downs (don't forget about 1812) before they learned their lesson, another holiday was created for this azz-whooping. It's just not very PC these days to openly celebrate making another country your beotch; so this holiday isn't widely known.

Things that make you go hmmm: Do crypto key servers violate GDPR?

Aodhhan

If you can't do, might as well go into teaching

Implied consent is far too broad of a term to make an assumption with. Yes, and assumption, because for a case like this, implied consent has never been adjudicated in the courts.

..and just because you place something into the public domain, doesn't automatically presume implied consent. Anyone who has taken a high school law class can get this question correct.

You park your car on public streets; therefore, implied consent says anyone can take it after you leave.

Sounds good, right? But obviously this isn't the case.

You'd think a professor could take 10 minutes to think this out and realize how wrong they are.

Another example... you put your garbage on the street, so now anyone can go through it and grab any old documents and other personal items you tossed out for themselves.

Again, sounds good, but in most countries... doing so is still considered stealing. Tossing something out doesn't give 'implied consent' that anyone can take it and use it.

So, once again... another so called security professional at a university who went into education because they couldn't actually perform well on the job. If you can't do, might as well teach.

Don't fear 1337 exploits. Sloppy mobile, phishing defenses a much bigger corp IT security threat

Aodhhan

Thank you captain obvious--Is this really your best?

Way to put a lot of time restating keynote speeches given for the past 10 year; actually for the past 50. Don't forget the basics; we must get back to basics--maintain your foundation... blah blah. DUH! Sounds more like a speech given by a coach before a football match, than a well thought out technology briefing. Could also be the big all caps writing on a pamphlet.

BTW, those who aren't concentrating on the basics and shoring up their own networks... aren't worried about state sponsored attacks. They aren't worried about anything--because they're ignorant to begin with.

If I pay a lot of money to attend a conference, I don't want to hear ridiculous 'basic' crap from an individual who is on the cutting edge of information security. I can open up YouTube and search for this. Give me something new. Something I can't search for and find. Give me your best. YOUR BEST.

When I see crap like this, it makes me think the person giving the speech isn't really as smart as they let on about... it seems more likely it's the people they work with who are the intelligent ones, and they are the 'average' person riding on the coat tails of others.

Page: