Posts by Crazy Operations Guy 2513 publicly visible posts • joined 29 Jun 2009
I keep a list of countries that won't hassle me about the fact that every piece of data I carry is heavily encrypted, and every communication is done through highly encrypted links back to the office, including my sat phone. I consult for large, multinational financial institutions, so security is paramount, especially against government snooping. My list of countries I'll deal with is getting pretty small, soon it'd probably be down to Switzerland and the Caymans...
I wonder how they'd deal with the fact that every e-mail I send is PGP-encrypted before being sent over SWIFTNet? (Thanks NSA for convincing me to do that!)
So they are offering all these things for free / much cheaper than the competition to the point where it is a huge loss for them. But since it is a loss, how long before they start squeezing their customers? Or just up and kill the service with little to no warning.
Even if its not Google themselves forcing it, how long before some like Carl Icahn comes along and forces their hand?
So they discovered "SeImpersonatePrivilege" in the API, big fuckin' deal. Hell, you could do this with the SysInternal's 'psexec' tool.
But if you have Domain Admin rights, you could just edit the schema and create some random account buried deep in the System container and give yourself every right you want. Or if you are just wanting to look at someone's email, just log onto the Exchange server and mount their mailbox (Use 'psexec -sie' to impersonate SYSTEM and no one would ever notice, or they'll assume it was Exchange itself doing it).
But adding instructions gives you very little in the near-term. There is too much that has to be done before any benefit is improved:
-First new compilers need to be built
-Then you'd have to re-compile new OS kernels and maintain multiple version (One for each version of the instruction set)
-Then there is the effort of maintaining application binaries for each version of the instruction set or include quite a bit of bloat to determine what chip is in the system and branch if its supported or not (Of course a JIT-compiled language would alleviate the needs of this, but still...)
The only reason Apple was able to do such things was that they has unilateral control over every layer of the system from the silicon to APIs. This allows them to make changes in parallel so that the Instruction set and OS take full advantage of each other (Proc is optimized for new OS features, OS fully utilizes every improvement in the silicon). Add this to the fact that they locked versions of the OS to machine models and you can make all the changes to the instruction set you could ever want.
However this would never work on a free system where you have choice of OS and hardware can be heavily customized for your purposes.
It is all bragging rights.
Foreign relations aren't all that much different than a bunch of drunks fighting in a bar: they'll swear loyalty to other (I love you man...) and in the same breath make death threats (..but I'll fuckin' cut ya!) then follow up it up with boasts about their combat skills and assets (I can take you all on, I have a black belt in Jui-jit-su!)
We're already off by several hours each year due to our orbit not being an exact number of days anyway. The point of the time servers was to prevent machines from bugging out when there is a difference in time between systems; futzing about to be pedantic like this only makes things worse.
I wouldn't mind if they added extra seconds each day to compensate enough to get rid of leap years, but this feels like re-arranging deck chairs on the Titanic: a pointless task that is only going to get in the way of people doing something useful.
If they have access to Sony' external network, then certainly. Set up a router (Could just be a basic PC with a BGP daemon) on a network that allows BGP advertisements and start advertising for AS131279.
Trivial BGP trickery that can be carried out in afternoon by a network engineer with a just a basic consumer router (with DD-WRT or similar installed) and a second device behind it to generate SMTP traffic.
To justify more spending to defend against the North Koreans. Congress is a bit uneasy about pouring even more money into fighting terrorists (Especially since they haven't done much to the US lately), so the FBI / NSA / CIA need a new straw man to justify next year's budgets.
...he'll be dead in a week. Criminals tend to be a fairly tolerant of what crimes you've committed, but the one thing they do not tolerate is kiddie-fiddlers and child abusers. They may be scum, but they at least have better morals than politicians.
Although thinking about it, it is probably that the police aren't so much motivated to prevent crime but rather to make a big show of arresting people to boost their numbers and get a bigger pile of tax-payer cash. Besides, if the crime rate is low, how can they justify the additional budget to buy wire-tapping gear and CCTV cameras?
My thought exactly. It'd be much easier for them to take out huge criminal enterprises by finding whoever is still out there. And turning a criminal into an unknowing snitch would cause them to be ostracized from their former groups.
I'm pretty sure they wouldn't need a search warrant to intercept all the call since it is government property and all.
I've always wonder on Star Trek why they even bothered to transport down to the surface anyway? Why not build a remote-android duplicate to go down in their place? It'd be controlled from within an induced dream state and when the crew member is woken up, the remote droid dissolves or vaporizes itself. That way if either the mission ends or something bad happens, the crew member just wakes up thinking "Damn that was a weird dream. I was on this planet..."
No more risk going down to the planet, no clone issues, no more transporter malfunctions, and best of all, no more child support payments for all of Kirk's bastards.
I figured that teleportation would work by destroying a single cell/atom at a time to determine its quantum state. Then that state information gets transferred to the destination bit-by-bit, this would make it easy to actually determine the state of each piece as well as do away with the clone issue.
What with my checked luggage holding a 500 GB hard drive filled with pornography*, a couple bottles of rum and various other alcohols, and a couple packs of playing cards and poker chips.
*Encrypted because I was heading to London for a few days and I didn't feel like getting arrested.
Just today I've heard 'hacking' in so many different ways that the word is losing all meaning. Everything from changing a setting on piece of electronic equipment (that you own) to writing code to do a simple task to taking over an account on a website all the way to attacking a secure network to gain access. All of these things are quite different in nature, some might be trivial while others are illegal; sometimes both, other times neither.
Ummm, they've been including AV as part of the install for a few years now. On Win 7 it would install an AV package if you didn't have one installed for a while and starting in Win 8 there is one installed by default that disables itself when you install a different one.
But they undid their goodwill with my by releasing proof-of-concept code... They should do something like reveal the vulnerability after 90 days, and then slowly releasing more information about the vulnerability every few days afterward.
In this case, just publicly reveal that "NtApphelpCacheControl()" has a bug, then after 15 days release that is doesn't properly check permissions, then 15 days after that release info about the security tokens, and so on. Going from keeping it to private to instantly tell the world+dog how to do it seems very irresponsible. At the very least they could have sent something to Security Software vendors so they can write code to detect malware using this vulnerability.
The quarterly reports greatly affect stock prices, a few days lead time can make someone quite a bundle of cash, especially if the reports indicate that the company made a huge jump in profits (Or losses). Internal sales figures can tell you which suppliers to invest in, and which to avoid (EG, a product that uses a specific components sells like hot-cakes, invest in the company that makes that part)
Of course you could also edit reports before they go out to the SEC and ruin the company by making it look like they are hiding profits or losses to deceive stock holders.
I always wonder how many more are out there not getting caught. It seems the only way these people get caught is by trying to show off their trophies and make names for themselves. Case in point, the Sony data leaks, the GOP (or whomever) managed to extract several terabytes of data from Sony, how long could they have operated if they just stayed under the radar?
I figure the smart thing to do would be to penetrate networks just deep enough to get their financial reports and then just use them to play the stock market. Who cares if no one knows your name when you are swimming in huge piles of cash?
Well, technically the Catholic Church is one of the largest corporations on the planet:
-Multiple offices in nearly every country in the world (Even multiple offices in prime locations)
-Just under 1.25 Billion customers
-Over 415,000 employees
-Continued operation for well over 1000 years
-Insane levels of income (No public figures available, but given their real-estate assets...)
-Unparallelled levels of political influence (No taxes, laws preventing investigation of finances...)
-Extremely low cost vs. extremely high value of produced products
Yet no budget to put proper DR in place... Hell, they could even go the cheap route and keep a bunch of cloud instances on hand to test their backup procedures and just spin them up full time in a major disaster.
New idea for a server company:
with each physical server sold, you'd get a free replica cloud server that will run in its place in case of a failure. Could be set up so that the server would be backed-up to that cloud server as a VM image and run it like Amazon's cheap instances where you get whatever free time is available and offer more expensive plans for 1:1 dedicated systems. Such a system could also be offered as a basic off-site backup storage and verification test. Maybe add some logic to the BMC on the servers, and with a proper VPN set up, would allow any server on the internal network to fail, the cloud service would spring into action and the end-user wouldn't notice a thing except a slightly higher latency.
I've always figured that the NSA could get back into everyone's good graces by actually protecting our communications infrastructure: use their packet capture abilities to identify malicious traffic going across the wires and either report the packets to ISPs for remediation or block such connections if one end is in a foreign country. If they can track people based on a few key words, they sure as hell can track infections and botnets.
Hell, they could also release an Open-source security suite to add some transparency to their operations and gain at least a little trust with certain communities across the internet.
Oh that's cute, you think they have more than 1 peer. They only have a single peer, and that peer only advertises their ASN to one other peer, so its no wonder that their internet link falls over so often. Hell, I'm surprised that it stays up as much as it does...
http://bgp.he.net/AS131279#_graph4
The content very rarely changes, and when it does the change is just an additional row to the top of a table and updating a link to point to a newer version of the manual / code repository / download location.
Just using Static HTML and some basic CSS, you could potentially reduce server costs by a substantial amount (Fewer processor cycles needed to build pages, less cruft added to the pages themselves, fewer servers now that a DB is no longer needed, etc). Plus no longer needing someone with WordPress skill on staff means they could hire someone to update the code.
Something like the OpenBSD website would be perfect for the ISC, a simple site that is centered around getting in, finding your answer / downloading the latest code, and getting out without wasting a lot of bandwidth and processing power to render crazy menu trasitions.
How the hell is it possible that that much data was ex-filtrated from Sony's corporate network and no-one noticed? Do they not have competent network engineers or something?
I've worked at a company where they tallied everyone's bandwidth usage and anyone who sent more than 1 GB over the internet a day had their connection logs pulled to see exactly what was going across the wire. No system accounts were allowed to upload except in very rare cases, and even then a human being had to take ownership and full responsibility for everything that account did. It was an "Energy and Defense" contractor, so that level of security was par for the course, but there is no reason Sony couldn't do the same.
Thunderbolt is pretty much a couple PCIe lanes, Display Port, and a couple other interfaces made external. I always get a little nervous when an external interface has DMA; a proper IOMMU can only block most attacks and even then it can't block a peripheral from corrupting any other peripheral that uses the same memory area (such as other peripherals on the same chain).
Can someone come up with different terms for the two? Calling them the same thing is akin to calling a news channel's helicopter a stealth bomber...
They are even two completely different classes of aircraft altogether, not to mention the drastic difference in size. One is a single-engine, fixed-wing craft 8-meters in length and wingspan of 15-meters and carries enough armament to level a city block. The other is a multi-engine rotary-wing craft that, at most, is a half-meter square that can barely destroy a sand-castle...
I"d think that something that uses the last speed setting and then slowly tapers off would be easier on the rider's sense of balance.
As for the control, I'd assume that it'd be a single control that you move your finger up and down for speed (Not much else needs to be controlled anyway). So it would be held out to the side without having to look at it. But then there is the issue of accidentally hitting the home button or something on it...
Never-the-less the whole concept is idiotic; its a device that costs ridiculous sums of cash to make a merely make a task a little easier that when it fails, has the potential to cause serious injury.
Zone files are so important, and change so infrequently, that this should be a fully manual and offline process to complete. IE changes are sent via bonded courier (or another equally-secure method) to ICANN where an employee verifies the change by calling up the requester and confirming identification as well as each item modified.
Well, the biggest reason people tend not to ask the IT folk is that far too many times when they ask, many IT folk respond with condescension and ego. An attitude that you have perfectly demonstrated in your comment (Although you do seem to have a thing for sheep).
At least this is the most common complaint that I've heard from the employees where I work ever since I fell to the Management Side of the force and got my lobotomy / MBA. Speaking with CIOs in other companies, the story isn't all that different.
I can understand using it to inform customers of time-critical issues (such as service outages) or contests. But then customers would 'follow' the account, not the 'hashtag'. IN this situation, why couldn't the linux group just create a new account for this event?
I can't believe I said something positive about Twitter, excuse me while I go brush my teeth to get rid of the taste of vomit in my mouth...
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
