Posts by Crazy Operations Guy

Re: Attribution is a myth

But even then, where it phones home is no clue as to who actually owns it. Its not unreasonable to believe that someone like the US would use a couple machines in China to attack Russia. China is a big enough country were it'd be perfectly possible for the CIA to plant someone in the Chinese government to infect computers and to perform all the the malware-control work form within that network and just transfer the data manually.

It'd be perfectly possible for the CIA to compromise a friend of a Chinese government official (Doesn;t even need to be someone very far up). This 'friend' then gives the dupe a hard drive full of movies or games or some other data that they'd want. The media on the drive contains a malware package to turn the dupe's computer into a malware C+C machine when they go to open any of it (Hell, the media itself could actually work with the dupe even suspecting that something is wrong). The malware then collects its data and stores it onto the drive which is then taken back to the friend for more media. The 'friend' pulls off the retrieved data and puts on new media containing updated attack code and commands. This would proceed for quite some time until found out. But even then, it'd looks like just a regular malware infection, not a spy operation. The data retrieved would be hand-delivered to the US embassy to be passed back to the CIA itself.

In that scenario, the malware neither phone home to, or appears to originate from, the US. If the campaign was launched against the Russians, all evidence points to the Chinese being behind the attack, as all the data is coming and going from a Chinese Government IP address. With it just looking like two people exchanging pirated and/or illegal media, no one but a paranoid lunatic would think that the CIA was behind it.

Re: Funny that

I've never trusted those conclusions anyway, since the exploit author may live in one nation but sells the exploit to an agency of another nation. I doubt that the CIA is writing all its code in-house, and probably ends up out-sourcing it to foreigners.

I wouldn't be surprised to find out there is a black-hat that has been selling the same malware code to both the Russians and NATO members.

Its likely that they would purchase the new server so the old one could be used as evidence, or that someone could be building the new one getting things up and running while another person goes through the old system to pull files off that were deleted or they just didn't have a backup for (Like new order info, transaction logs, etc).

I would also think that they'd use this excuse to bring in upgraded hardware if they never had a chance to take down the old one since it was used for so much important stuff.

Re: My plan...

TO be pedantic, 'rm -r /' isn't going to do anything on a modern Linux system... There aren't any system critical files in the root directory, just sub-directories as far as the eye can see.

I believe you mean 'rm -rf /'...

Re: Change DNS ?

They'll just pull all your DNS packets. DNS is very high volume, is very well known, and isn't encrypted. I'd be surprised if an ISP -didn't- have a network tap on their routers to siphon off port TCP/53 traffic.

Re: Flash is the worst

One of things I've been seeing recently is that normally solid state media will have substantially more storage than what is on the label in order to handle dead blocks. Some of the better brands will have twice as much or more.

Found that out after receiving a 256 GB Sandisk MicroSD card that ended up with a lot of errors. Turned out that it was a 128 GB card that someone had re-written the firmware so the entire storage was accessible. I ended up using it to store a copy of my music collection, if I lose pieces or entire files, it is no big deal. I wrote everything I had to it in one go and then toggled the read-only bit, so I end up with very few failures (flash is far more likely to go bad during a write than a read).

Re: Oh no!

I tend to go for the counterfeit stuff more often than the real stuff. Usually its stuff that was made on the same assembly line, but was never delivered to Samsung. I tend to get them because they'll almost always be unlocked and have the DRM / Software "Security" parts cut out, making it much easier to install a custom OS on it.

I bought an S7 a few weeks ago like that that had some crap knock-off of version of Android on there. Stripped that crap off and dumped a freshly-built version of LineageOS on there (The successor to Cyanogenmod). It was part of batch were the manufacturer built 20% above the required order before official release (typically a certain percentage is faulty, so they'll manufacture way more than ordered so that even if an unusually high percentage fail QA, they still have the ordered amount built by the deadline).

Yeah, technically stealing from Samsung, but its kinda their own fault, what with charging $750+ for a phone that probably cost them less than $200 per unit to design and build. I have no problem with companies making a profit, but profit margins that thick are criminal (which may be one of the least unethical things they've done recently...)

Re: Automation

"So why the hell are we still working 5 days a week?"

Because companies and politicians fetishize the concept of "creating jobs" without regard to the actual quality of said jobs... In their minds 100 coal miners is better than 10 robotics technicians even though the technicians are going to produce 20-30x as much wealth in the community as a miner.

"I think IQ of 100 is determined by the median of the test scores."

Not only median of the test scores, but also the median of the particular test group. A person may get a 125 when tested alongside their peers in school, but then get a 90 if tested in a group of scientists and researchers, and then end up with a 200 if tested in a group of people from a place with a severely underfunded educational system and high amounts of lead in the water. It all depends on the organization administering the test and the selection size that they use.

The test itself is deeply flawed in that it is trying to measure something infinitely complex and variable using a simple integer. Although it is useful in that anyone who believes that IQ is an accurate measure of intelligence is really a moron that shouldn't be listened to. The only contexts I've seen for people using IQ tests are either egotistical blowhards trying to prove they are better than someone, or idiotic racists that try to use it as an example of their race's superiority.

Re: "Cloud time?"

"jet-lagged traveling from Paris to Munich"

I find it insulting for someone to show up jet lagged, it either shows that they care so little about the other person in that the other person would be the one having to make changes to their schedule to accommodate flight delays; or that the traveler cares so little about the other person that the other person doesn't deserve the traveler's best.

I've always planned to arrive twice as early as the flight is long, that way it allows for re-booking in case of a cancelled flight, but also allows for time to rest and recuperate.

Re: "We are now constantly connected and hungry for data..."

Really depends on what you mean by "dumber". Overall, people are less capable of rote memorization, but are much better at processing new information and research. The problem is, and always has been, that people tend to lack the ability to critically analyze the data and properly determine veracity.

Re: alternatives to Ubiquiti?

I've been thinking about getting some myself, does anyone know if this exploit could be stopped if the management interface is behind a firewall? Specifically, does the exploit need to be able to contact the management IP or would it work on any IP the device has?

All of my management traffic is on its own network that lack Internet access, so I'm hoping I am safe.

Re: AI?

I figure that if an AI becomes advanced enough to understand the way the world, it'd probably blast itself into space to get as far away from humans as possible, or, failing that, just turn itself off.

A properly built filter would be useful, specifically something where they released the entirety of the source code for the filtering engine as well as the rules being used, and allowed third party auditors to confirm that they are only blocking those items. Of course, such a filter should only be used to block actively malicious traffic, such as botnet C+C traffic, malware executables, etc.

The question is, would any entity be able to do that correctly?

Re: $1bn

The problem with wireless is that you run out of frequency pretty damn quick. A lot of large Metropolitan areas have shit for cell phone speed and/or coverage not because there aren't enough towers but that there are too many users vying over too few channels.

With the population density of a city like San Francisco, you'd need to place many transceivers very close together at very low power to accommodate 1 Gb/s worth of traffic from that many people. It's just cheaper to run fiber...

I used to work for a cell phone company and they ran into that exact problem Hong Kong. It got to the point where they had to start building a tower for every city block just to keep the speeds they promised.

Re: Poetterix beckons

And the gods help you if your system isn't EN-*. Systemd's config parser will shit the bed if one of your config files contains a character not in the ASCII set, even if those characters are in comments or other free-text fields (Like in email addresses or someone's name)

Had a headless / remote server die on me because of that. SysV worked quite well with non-latin characters (Specifically 'ø', which exists right in the middle of my name...). The configuration file was updated automatically from our config management system (and had my name and version/date information in comments at the top).

Since none of our systems -require- Linux, we've been moving everything over to non-systemd Open/FreeBSD (everything either has a BSD package for it or the code will compile just fine on BSD)

Re: What?

Really, since the attack vector is an image: "Fix their web/mobile app so it stops trying to execute data"

This is why NX/XD/W^X needs to be active on -everything-. User data should never be executable...