* Posts by Aodhhan

684 publicly visible posts • joined 25 Apr 2008

Page:

UK government bans all Russian anti-virus software from Secret-rated systems

Aodhhan

Conspiracies

People coming up with outlandish theories and accusations without any proof about how anyone is being spied upon is what makes the intel community go around as well as laugh. It only takes someone to sit back and think about things for 10 minutes to see some of the idiocy, because far too many people don't think about anything for 10 seconds and/or just repeat something they've heard.

What does shock me, is the amount of people who unleash hate on governments which change every 4-10 years who must answer to their people in one form or another. In the same breath they protect and talk up governments which are tyrannical, toss people in jail for saying the wrong thing, are far more corrupt the any government in the west, and the government stays the same for years and years.

If we in INFOSEC, have so many people who think off the cuff without stepping back to think things through, then there will be a lot of organizations who spend far too much money on things and will be a lot more vulnerable than need be.

Only in Hollywood, do hackers and security defenders come up with solutions in a second. Only in Hollywood do all solutions come exactly when they need to.

AI taught to beat Sudoku puzzles. Now how about a time machine to 2005?

Aodhhan

This isn't new

A group of us put together a computer program back in 2003 when I was a computer engineering student to do this.

The processing operation isn't much different from those used to crack passwords. Mathematics and tossing in stored data into entry points is what computers excel at.

Thinking this is new, is pretty boring and lazy reporting.

Russia threatens to set up its 'own internet' with China, India and pals – let's take a closer look

Aodhhan

DO IT!!

Then we can shut these countries out of the original WWW, and watch crime on the Internet go down, as well as cripple their economy more.

I'm sure this will go over well with large businesses in these countries.

Uber hack: EU data protection bods launch taskforce

Aodhhan

Typical backass governments

Politicians...

Time to hold yourself responsible for some of this. INFOSEC professionals have been harping on you for years to come up with laws and methods of regulating information of private citizens, yet you've balked and pocketed money from lobbyists and other business representatives who have urged you not to get involved.

To me, you're just deflecting all blame onto business after the fact, and won't change as long as big business is tossing money at you.

Google Chrome vows to carpet bomb meddling Windows antivirus tools

Aodhhan

Yet other risky apps still run

The browser will still run Java, Flash, anything Oracle.

Thanks Google for being stupid, yet again.

Accused hacker Lauri Love's extradition appeal begins

Aodhhan

Seriously all?

It isn't 99 years for one or two crimes, it's a series of many attacks and breaches.

Not to mention, if you can't do the time then don't do the crime. Besides, where similar crimes have been committed, the individual was given less than 8 in prison. Most will likely be let out around 4-5 years.

If he is truly diagnosed with Asperger syndrome, he's likely to be sentenced to a mental facility and not a prison. Which means he'll serve even less time.

I guess we should not hold Equifax and Uber...etc. responsible for their actions in England. Especially since they didn't outright try to defraud or attack anyone like this individual did.

Let's ensure everyone everywhere is held accountable.

Aodhhan

Re: Weid Legal System

Phil W...

Your assessment of the United States is entirely WRONG.

A "state" as defined as one of the 50 states in the USA is different from the definition of a "nation state". USA is a federalist nation (like many other countries). Perhaps this is what you should read up on.

Each state in the USA may have its own constitution and set of laws; this doesn't change the fact the USA's constitution as the law of the land. This is no different than most countries who have provinces, county, city laws.

If you were given a middle school civics test on the US government, you'd score about 35%.

As Apple fixes macOS root password hole, here's what went wrong

Aodhhan

Re: Two stupid things happened

Don't go around saying someone has upset the INFOSEC community when they haven't. This is just irresponsible nonsense; especially coming from someone who posts anonymously.

US intelligence blabs classified Linux VM to world via leaky S3 silo

Aodhhan

Don't make too much of this

First off... equipment/software used for encrypted communication isn't classified as long as the keys aren't valid. The keys are changed quite often or valid for one use, so the chance they are still valid isn't likely.

It also doesn't make sense this is placed in a cloud, and not installed on a laptop.

Don't rule out the chance this is a honeypot of sorts. Run the applications at your own risk.

Seek 'passion' and tech skills will follow, say recruiting security chiefs

Aodhhan

Thom Langford at Publicis Groupe is a LAZY IDIOT--Here is why

Can't believe this guy is a CISO. Apparently, he has connections somewhere.. because it cannot be on merit and management skills.

There are so many different areas in INFOSEC, that to be so narrow when it comes to hiring professionals is idiotic (to say mildly).

For instance, to conduct penetration testing and red team skills for a person without at least 3 years security experience will take 2-4 years to become proficient. This doesn't include the huge amount of costs associated with training. On top of salary, you can expect to pay in excess of 60K.

I don't mind providing individuals right out of school a chance to prove themselves; however, I wouldn't make an entire INFOSEC organization full of them. Even so, I want to see some background displaying computer skills beyond OS configuration and administration.

Now the LAZY PART--Let's not forget one of the jobs of a CISO... and this is to ensure those who work in INFOSEC are motivated to accomplish a common goal.

If you have an expectation, then ensure employees have the resources (training, systems, etc.)required to do the job in an efficient manner. Don't expect them to become overly creative and find ways to apply Band-Aids.

If as a CISO, you find a good percentage of INFOSEC employees aren't meeting your expectations, then first look in the mirror... and ask yourself, if you're doing everything you should.

If you're unable to motivate and provide leadership, then it's time someone else fill the CISO role. Because you're spending too much time on the golf course or trying to impress those in the corporate board room.

Intel finds critical holes in secret Management Engine hidden in tons of desktop, server chipsets

Aodhhan

Settle...

When it comes down to it, this is an injection attack via web services.

Something us penetration testers see all the time. Fuzz the web application to grab information, and then craft or intercept/edit HTML packets from information we gather.

Don't over think the problem and develop conspiracy theories about this. I doubt the NSA or anyone else purposely coded in weak routines which can be exploited in many of the applications I've tested in the past year with similar vulnerabilities.

This is just a common problem which needs to be addressed through better coding practices and better testing.

Don't be too rough on developers. You'd be amazed at the turn over rate at some companies. This means you have new developers getting placed into large development projects which have been alive for years. Pretty soon, nobody is an expert on the entire mess of coded inhumanity.

Some 'security people are f*cking morons' says Linus Torvalds

Aodhhan

Security has become a buzzword for non security groups.

Linus.. first off, stop acting like you ran out of valium. Though I do get the emotion pointed towards certain developer factories.

Security people don't care if you call it a bug, *uck up, mistake, etc. No matter what, it's a vulnerability which must be weighed and mitigated. Getting hung up on nomenclature is parochial and should be beyond any developer or engineer's list of important things to consider.

Just because someone who has a long developer background or a degree in computer science and becomes a member of a security team, doesn't make them a true security person. He's still a developer or theorist who looks at things entirely different than an engineer who specializes in security.

A true security engineer doesn't give a rats @** how you fix the bug, mistake, *uck up, etc. as long as the resulting vulnerability is fixed and can no longer be exploited.

One last thing... when it comes to 'how it should be handled'. Don't forget... users (this includes some admins) are the true idiots. No matter how you develop something to become idiot proof... somebody somewhere will create a better idiot. So allowing 'buggy' processes to run, with the design of having the 'user' make the decision/choice of how to handle things, is actually worse than being an idiot.

DNS resolver 9.9.9.9 will check requests against IBM threat database

Aodhhan

Re: Smut Blocker

OpenDNS is a service worth considering; however, if you read their terms of service (Paragraph 8 - User Data), you will see Cisco is collecting data on you. They don't stipulate any particular data... which means it can be anything, such as: behavior, habits and trends.

It doesn't matter which ISP's DNS you use, you're going to notice their terms of service include a section(s) on user data (or similar) indicating they will be collecting information.

Crouching cyber Hidden Cobra: US warns Nork hackers are at it again with new software nasty

Aodhhan

Private Address

If you read the report, it provides an explanation in a note.

Does UK high street banks' crappy crypto actually matter?

Aodhhan

The lesson here is...

Don't just take every report, article or presentation as the 'end all be all' for security. There are a lot of INFOSEC professionals who forget the basics and develop bad habits and bad logic.

INFOSEC isn't about stopping each hacker and closing down every vulnerability. THIS IS IMPOSSIBLE. Something taught in EVERY security certification.

INFOSEC comes down to identifying and managing risk. Just because someone says you must shut down something doesn't necessarily mean you should or even can. One minor security change in an information system can affect a lot of people, not to mention a businesses bottom line.

Kudos to Alister who has said all the right things for this article.

Estonia cuffs suspect, claims he's a Russian 'hacker spy'

Aodhhan

Re: Round up the usual suspects

New to information security? There are plenty of reasons for being in country when attempting to infiltrate a systems network.

Regardless of what anyone thinks, he made the statement of being in the FSB. So take him at his word and add espionage charges along with hacking. Make an example of him. Whether or not the Russians admit to it, a signal will be sent.

How can airlines stop hackers pwning planes over the air? And don't say 'regular patches'

Aodhhan

Parrots... shaddup!

Air gap, air gap, air gap... sqwaaaak. Bunch of parrots repeating crap, without any talent to quiet themselves for 5 minutes so they can think critically.

Experienced security professionals know air gap isn't necessarily the answer. There are plenty of ways to connect to an enclosed gapped network. Especially when 200+ people have access to a few of them on each flight.

The answer is early and proper security injected into the systems development lifecycle. An aircraft connected to a WAN or cloud can be perfectly safe provided security is considered from day one until they retire the plane.

Because loss of network/computer systems on an airplane is an obvious security concern as well as a target for terrorists... governments should get involved in protecting these systems with compliance standards.

Airlines and aircraft manufacturers may scream about cost and delays, but consider a worst case scenario... where malware is launched quietly into the systems of 10+ aircraft, placed by malicious insiders, staying dormant until a particular date/time.

Think the US is alone? 18 countries had their elections hacked last year

Aodhhan

Funny...

I guess Germans and French are so highly educated they've become lazy; since, they've attributed a lot less to modern technology and assistance to other nations than the US, UK, and many other countries.

The Germans and French are so highly educated, their GDP, GNP, and most other economic indicators is less than US, UK and other nations.

I'm not sure what you're education is in, but it sure isn't in foreign studies, economics, military, technology or anything outside of the fast food industry; which by the way, is calling for you.

Aodhhan

Think about it for several minutes...

If you're going to try to destabilize a county, you will do everything possible to help the least popular candidate gain office. This way, the majority of the people already distrust who is in office, and it becomes a powder keg just waiting for a spark.

Marissa! Mayer! pulled! out! of! retirement! to! explain! Yahoo! hack! to! Senators!

Aodhhan

Let us not forget

Why isn't the US Congress, along with every state legislature not pointing fingers at themselves?

For years, information security bills have been killed because huge corporations contribute large amounts of money to their campaigns to make sure any security bill dies in committee.

While I enjoy these theatrics by those in Congress who put on a performance worthy of an Emmy nomination, we all know at the end of the day, you will waggle your finger... then when the lights go out, take more money from these corporations to maintain the status quo.

Bravo and shame on our elected officials.

Brit moron tried buying a car bomb on dark web, posted it to his address. Now he's screwed

Aodhhan

Re: Judging a book by it's cover

We're all the same on the inside... this is a parochial method of thinking. I take it you're an adult now, and can stop repeating things you were taught when you were 8.

The problem is, the lungs, liver, [insert any organ] may be 'roughly' the same; however, how the brain is programmed and processes isn't the same. It's the brain, not any other organ which dictates your actions.

If you're poor and you grow up in crappy conditions, you're going to see life a lot different than someone who didn't want for anything. You're also going to have very different life experiences.

We don't need white people to 'help us', defend or pander to us. We definitely don't want white people going out of their way to show us they aren't racist. It's not shocking to us, when we invite these white individuals to come to our house to have an evening meal... they'll do everything to change the subject or wiggle out.

You want to lash out against racism then lash out at racism/prejudice, but do it without describing color, religion, jihad, etc. Stop pandering and whining, and start living and accepting ALL people the SAME.

If this kid was white, there wouldn't be any mention of race, religion, conspiracy, etc.

IETF moves meeting from USA to Canada to dodge Trump travel ban

Aodhhan

If the travel ban really pisses you off...

Then why give into it by changing locations?

--Seriously...

Better to go through it and provide your real life horror stories to the world than to give into it...

By giving into a ban, you give it strength.

Now, if you don't want to go to San Francisco, because it's San Francisco... this I get.

Parity calamity! Wallet code bug destroys $280m in Ethereum

Aodhhan

Re: This is when I know I'm getting old...

You're still young.

I grew up using smoke signals for emails.

To code, we used finger paint on walls.

To archive, we carved into the back of tree bark and tied them together.

...and WE LIKED IT!!!!

OpenSSL patches, Apple bug fixes, Hilton's $700k hack bill, Kim Dotcom raid settlement, Signal desktop app, and more

Aodhhan

Re: I wonder what the Trump apologists' excuse will be this time?

I don't condone any government official using their private email, but keep things in perspective when you make a comparison. Hillary used her private server to maintain and distribute TS/SCI SAP classified documents.

Biggest Tor overhaul in a decade adds layers of security improvements

Aodhhan

What wasn't noted...

The development help by the NSA.

Upgrading all existing onions the NSA owns.

...etc.

10/10 would patch again: Big Red plasters 'easily exploitable' backdoor in Oracle Identity Manager

Aodhhan

I don't think anyone is shocked by this

Nearly all security professionals knows any Oracle product is a problem waiting to happen. Even more disturbing is how long it takes for them to fix something... if they do.

Thankfully, we've stopped allowing any new Oracle products onto our network. Those we still have must find a new non-Oracle solution prior to their refresh date.

Tor blimey, guv'nor: Firefox to try on privacy tool's Canvas gloves to leave fewer fingerprints

Aodhhan

Back to 1994

Blocking information such as OS, client side scripting info (i.e. version of Java, flash, VBScript, Silverlight, etc.), cookies (session or otherwise), monitor resolution, encoding, etc. will likely take away all the fancy artwork and client side applications used by websites for rendering the web page.

This means, web sites will begin to look like they did back in the mid 1990s.

Let's hope they provide us with options to configure exactly what we want blocked and what we wish to allow, instead of an all or nothing configuration.

Mil-spec infosec spinout Cryptonite reveals its network-scrambling tech

Aodhhan

Sometimes more devices doesn't mean more security.

So they're selling a device for people who don't know how to properly setup a defensive perimeter.

Sounds like it's just another house of mirrors for packets, which should already exist if you've correctly setup your perimeter and have your firewalls and proxies correctly configured. Using this device doesn't save you any money by removing multiple defenses already in place, and it doesn't provide any protection from malicious insiders, phishing attacks, etc.

Set up too many mirrors for packets, and somewhere... something is going to get misconfigured and allow something through. Or the product will shut some application down, so an exception will have to be made which will allow a hole for something to get through.

Keep it simple so it can be done correctly.

US voting server in election security probe is mysteriously wiped

Aodhhan

Stop injecting your politics

Trump didn't 'narrowly' win in Georgia, he received 210,000+ more votes than Hilary.

The lawsuit isn't about recounting the votes. It's about changing the computer systems used for voting. Even if the votes were recounted, it's one district in Georgia. No way 200K+ of votes.

The lawsuit to upgrade voting equipment is being pursued by Republican's across many states. The Democrats are opposing these suits.

The GOP supports these suits because new systems support accountability and prevent voter fraud.

DNC is opposed to them, because they believe people's votes will go uncounted.

Both sides are upset in this case (at least appear this way), that data was wiped just after the suit was brought on. Funny, this happened before (Hilary's server), but the DNC wasn't very upset about it then. In fact, they did everything they could to make it a non-event.

NHS could have 'fended off' WannaCry by taking 'simple steps' – report

Aodhhan

Welcome to gov't run health care

Wait time to:

- See your family physician 14-30 days

- Consult to a specialist 4-7 months

- Have a CAT Scan: 2-6 months

- Get a MRI Scan 5-10 months

- Patch server systems 18-32 months... maybe.

Julian Assange says Cambridge Analytica asked WikiLeaks for something

Aodhhan

Re: It's funny

What's not funny is you have it all backwards and inside out.

The GOP was upset at WikiLeaks because of Snowden and wanted it shut down. Whereas the DNC was supportive of WikiLeaks because of this and because of course, they have to take an opposite stand.

Then Hillary decided she was above the law and nobody will ever see her in a bad light.

Suddenly, her email server was found, the DNC site hacked and documents hit the Internet.

Then the GOP loved WikiLeaks and the DNC hated WikiLeaks.

Typical politicians no matter which party or what side.

Dell forgot to renew PC data recovery domain, so a squatter bought it

Aodhhan

Re: How do domain names expire?

Not a security person eh?

You don't register everything under the same domain, it's a security failure waiting to happen.

Then there is the difference between internal and external production systems and their protections.

On top of a company which likely has more than 10,000 individual internal servers and likely just as many if not more external facing systems.

If you have ever worked for a large corporation, the amount of internal VLANs alone can become confusing, let alone adding a bunch of external facing domains which all have to have their own protected databases.

Then just think of any one of these having a vulnerability allowing access to active directory or DNS or Web services.

You want to alias everything? This isn't just a DNS nightmare, its a web server nightmare attempting to port and forward everything. If you think troubleshooting one web system is a horror show, try having to troubleshoot 3000+ on the same domain. It would be stupid.

I can go on and on, but you get the picture.

There is also cost. The amount for a wildcard certificate to cover an entire domain is ridiculous, when you can get by with 10-20 individual certs. There is also a security issue with this as well, but why continue to explain.

C'mon; most of you are smart enough to figure this out. Just think through it for 10 minutes instead of spewing out silly things.

Hop on, Average Rabbit: Latest extortionware menace flopped

Aodhhan

Re: 1dnscontrol[.]com

Tom,

The fast food industry is calling. Better get going.

Panic of Panama Papers-style revelations follows Bermuda law firm hack

Aodhhan

Re: we have reviewed our cyber security and data access arrangements

You said, "Drupal is pretty secure"... are you kidding us?

Watership downtime: BadRabbit encrypts Russian media, Ukraine transport hub PCs

Aodhhan

Outlawing cryptocurrency

You can't outlaw the currency but you can make the scheme illegal, and in-turn hold the sites supporting the scheme responsible.

However, if politicians do this then they will not be able to launder the big money they receive for their foundations and other dark money making ventures.

Rule 1 of being a politician: Never shoot yourself in the foot.

Legacy kit, no antivirus, weak crypto. Yep. They're talking critical industrial networks

Aodhhan

ICSs are everywhere, including where you work.

Industrial control systems cover a lot more items than most get. It isn't just specialty items you find in electrical power plans. Rather it includes items in most commercial buildings/infrastructure.

Systems include:

- Elevator controls/monitoring

- Indoor/Outdoor lighting

- Fire sensor and suppression

- Alarm sensors and monitoring

- Security monitoring cameras/recording

- Physical security locks and door controls (access control)

- Electrical outlet control

- Manufacturing equipment cooling systems

- etc.

So reevaluate where you work. These items just aren't in HVAC, power, petroleum, water etc. plants. They are likely part of the very building you work in. All of these systems are likely in place where you work and you have no idea they're there, because it's never occurred to you to search for them, and building management didn't know they should tell you they installed them. Many of these systems go back to the Windows 3.x days. It isn't exactly brand new technology.

Being air gapped can bring extra problems because of the false sense of security and lack of patching. It should be looked at as a part of defense-in-depth, just like if you added a security switch/router. Air gapped systems are still open to insider threats, people hooking pwnd laptops into them, etc. So the same AV and other security software still needs to be applied and required. So test and assess accordingly.

'We've nothing to hide': Kaspersky Lab offers to open up source code

Aodhhan

A bunch of comments on the obvious.

It's old news.

The only people still giving this any time is those who have a belief one way (for themselves--and those who think like them), and then oppose the same belief two sentences later (for everyone else).

Security pros' advice to consumers: 'We dunno, try 152 things'

Aodhhan

Dont wast your time

20 minutes you'll never get back.

The entire structure of this 'survey' lacked proper form and research.

The conclusion of how varied the advice is... Of course. First off, you asked people who use the google security site. This wouldn't make my top 100 places to search for qualified security professionals.

Also... security professionals tend to put their time into only a few areas of security. It's impossible to concentrate on all areas. This alone is going to produce varied responses. Also, this is a very fluid and ever moving field of study. You will likely get responses on the last 3 big problems the professional worked to close down.

You will also get varied responses on any security response which will vary depending on if it's directed towards customers or employees.

Then there is no definition of what a "non-tech savvy user" is. I know system administrators who I may consider not very tech savvy because they still can't comprehend certain networking concepts.

Then again, I may consider a 12 year old tech savvy because he understands how to pair his Bluetooth enabled phone to his mom's car.

Then you look at the author's profession and where they work and you immediately shake your head.

So... don't waste your time.

Make America late again: US 'lags' China in IT security bug reporting

Aodhhan

But why ?

Get your bugs in and indexed quickly or our finest tanks will drive over your house--at 2am.

- signed -

The friendly People's Government.

NetBSD, OpenBSD improve kernel security, randomly

Aodhhan

For all of those who don't get it...

Live relocation; copy/update kernel; trampolines... doesn't it make you want to shake your head?

It will actually be easier and more efficient (not to mention less bugs) to halt input, complete processing (yeah, this could take a bit of time; so think about) clear cached inputs, archive data and reboot.

Now, if you think this is ridiculous then think about what you're saying to... routine out some 'random' locations/toss these into memory, pause input, halt processing, halt services, change memory locations, update pointers then start everything back up; oh every 15 minutes or 4 times a day (makes no difference). BTW, think about how this 'randomizing, updating, restarting' routine has to work while everything else is in limbo.

If you think rebooting is inefficient and will take time, think about a system which is likely running more than one application along with an underlying OS to go along with your silly scheme.

US-CERT study predicts machine learning, transport systems to become security risks

Aodhhan

Re: I believe there is only one word in answer to this:

This isn't a report meant for information security professionals. It's written for higher level executives about the technology challenges ahead. Take the time to read through it all before you jump at the chance to publicly roll your eyes.

Also, the fact you 'dismiss' anything coming from Carnegie Mellon University displays your absolute ignorance towards information security. CMU is the #1 university in the world when it comes to information security and information technology research.

Europol cops lean on phone networks, ISPs to dump CGNAT walls that 'hide' cyber-crooks

Aodhhan

What's really needed

is for law enforcement to get off their azz, and get out there and do real investigative work.

Knock on doors and a few heads to collect what is needed.

Silly millennials have been so spoiled and pandered they don't want to get out there and do actual police work. They've grown up having conversations via text messaging instead of learning how to talk face-to-face and build this type of trust and relationships with contacts and informants.

Too much tax payer money is spent on electronic surveillance and not enough on training officers to do in-depth investigations away from a keyboard.

Aodhhan

Re: Fishing

No... they can still read what your chatting to your mates about (using filters). They just have a difficult time locating you and in some courts, providing evidence everything you chatted over multiple days is actually you.

BoundHook: Microsoft downplays Windows systems exploit technique

Aodhhan

Yes, we get it... but

Sure, it's a post exploit technique I can write malware to exploit.

Which means after you 'finally' detect something and shut down the pseudo hacking applications put in to make yourself feel good after it's gone... the real malware is taking advantage of this 'feature' *cough* to continue to send me information and provide permissions to the now hidden malware.

Is anyone confident the servers at any of the recent breaches are completely free of malware?

...I doubt it.

EU: No encryption backdoors but, eh, let's help each other crack that crypto, oui? Ja?

Aodhhan

How about this...

Spend money on training and hiring detectives who aren't so effing lazy to actually dig a bit to find other evidence? Stop coddling law enforcement and make them get off their azz.

There is more to solving a crime than pooling a huge amount of resources into breaking encryption. If it's all you have to go on, then the case is likely weak to begin with... move on.

Not to mention the fact... the more law enforcement gripes about this subject, the more it's publicized; motivating people to learn more about encryption. Thus in the long run, making the job a lot tougher.

If you can't think 3 moves ahead on this fact, how do you ever expect to solve complex crimes?

Yes, British F-35 engines must be sent to Turkey for overhaul

Aodhhan

Lets see

UK has the sole avionics contract... I don't see 12 nations griping about this.

Of course, there could be multiple locations to overhaul the engines, which means the cost of paying for extra engine mechanics, location, building new facilities, etc. will be added to the cost of overhauling the engine.

Wow, I thought politicians in the USA were moronic when it comes to contracting maintenance of military equipment.

IRS tax bods tell Americans to chill out about Equifax

Aodhhan

Talk about moronic thinking

I guess he wouldn't mind then, if someone put all of his information on Pastebin.

The difference about the information Equifax and other companies collect to determine risk is the HUGE amount of information they collect.

They typically have information such as political party, how often you show up to vote, make/model/year, etc. about the past several vehicle purchases you've made, home ownership information, some health data, where you travel, how you travel, your spending habits, where you shop... etc. The list is huge.

These companies collect so much information on an individual, that if something new comes up.. they create a new category immediately and start collecting.

So while hackers may have some of my information, they likely didn't have a lot until Equifax was breached. Fact is, we still don't know yet what was taken, and Equifax isn't letting anyone know.

The US Congress needs to step up and ask what information Equifax has on individuals. Then create laws to limit the information they can acquire and store.

NHS: Remember those patient records we didn't deliver? Well, we found another 162,000

Aodhhan

Help me understand this

In a government operating healthcare system, people provide the government with all of their health information; arguably a lot more valuable and intrusive into one's life than many think. Yet, get absolutely mad upset about handing over a PIN to their phone.

Amazing.

Think of everything in your health records. Next of kin, employment, life choices, etc. Think about all the questions you get asked during a hospital or doctor visit. Sexual partners... the STDs you have, medication you take (which can say a lot), etc.

..yep, it's all in there, and available to your government when you have a health care system run by this government. Not only for them to abuse, but anyone else once it finds its way to Pastebin.

Sounds painful: Audio code bug lets users, apps get root on Linux

Aodhhan

Re: Oh for FUDs sake

I was thinking the same thing..

Just another 'pud' to reinforce the concept, "half the people you come across are below average intelligence".

If you want to be closed minded enough to think one OS is superior to another, fine. Just don't try to throw your crap here. Most of us are professional enough to become proficient on more than one OS; as opposed to sticking to one, and attempting to belittle the rest.

'Open sesame'... Subaru key fobs vulnerable, says engineer

Aodhhan

Re: This won't be addressed

Stop and think about it for just 5 minutes, instead of throwing in a comment which isn't even worth 2 cents.

Follow Suburu cars pulling into mall parking lots, movie lots or anywhere else around Christmas time with this vulnerability, and you'll gather up enough merchandise to make back your $25 easily.

Plenty of people drive older cars, and just because he published older car models, doesn't mean it doesn't work with newer models.

If you can't think like a criminal, then you're not going to do well in information security.

Page: