Posts by Sir Runcible Spoon

Re: Good article. Now can you post an article on how to "pretend" to work from home....

"lol, essential:

https://mousejiggler.codeplex.com/"

100% agree :)

Re: Word transposed in headline

Are you sure it was him that replied?

If someone had intercepted his emails and asked everyone to do this then whoever that was would have lots of plain-text versions of information that he would have thought were secured with his key-pairs.

Seeing some of that information somewhere might actually have led to him believing his keys were compromised?

Who knows, it's all gobble-de-gook to me.

Re: "A paranoid world addicted to security theatre"

That's only because the powers that be hadn't worked out how to use it for their own agenda.

Now that they have, we have what we see.

Re: Concerns? It's little wonder methinks.

"The number of children on the planet is already in decline, in case you did not get the memo"

Citation please, that statement can mean just about anything without the source information and context.

The only thing that can compete in the 'constant suprise' box is that of the short-sightedness of those in whom we entrust the running of the planet we live on.

Some of the shit these people think of to screw us over just one more time never ceases to amaze and horrify in equal measure.

Re: What is that slide/switch for?

I'm going to go out on a limb here and suggest that S = Safety :)

Re: I think that would be an open question.

During a job search where I get calls from agents, when it comes to the day rate and they mention something paltry I usually just respond with a 'good luck with that'.

They typically accept that the client is dreaming based on their shopping list of skills & experience - but they can only put forward what the client is offering after all (minus their 40 odd percentage usually!).

After a few years you get to know a few good hirers/agents and they often ring out of the blue to see if I'm looking but will always respect a 'don't call back until MArch' type thing.

These guys & gals are worth cultivating - spend a little time chatting to them even if you aren't looking. Once they've placed you and heard good things they can sometimes generate more cash for you because they think you are worth sticking their neck out for and aren't going to make them look silly for the client.

Re: User Monitoring

Can someone tell me how these hackers bypassed the 2fa that should be standard for remote admin access into any business network?

Re: Ground effect

Considering how small those rotors are I don't see this as being a ground-effect flight at all.

What's the effective lift distance from a rotor that size, even if there are 54 of them?

Re: "B. I'm a virgin"

"armpit"

www.youtube.com/watch?v=iS2N1mBsEdM

Sir

It's a common mistake that can often be overlooked when people have the mind-set for fixing one type of problem (they miss the obvious weak-spot).

For example, I am currently working on building a security platform for a customer which involves collecting and analyzing data from all parts of the network in order to make it more secure.

This platform then becomes the #1 target for any infiltrator because it contains all the information you would ever need to hack into the more sensitive parts of the environment, especially the bits that haven't been sorted out yet*

Therefore as much effort has gone into securing the platform as it has developing the tools to map the network - but not everyone does this - it isn't cheap.

*due to the scale of the mountain

Re: US Gov derp

The real surprise is that they continue to legislate as if they *do* understand it though, all evidence to the contrary.

I actually thought their response was fairly well done. Nothing much happened - nothing interesting hacked - move along.

If they had been complaining from the rooftops that they had been hacked and something needed to be done/needed more powers then I would agree with you.

Re: versus?

I once saw an A-10 training video that reduced a tank to it's flat-pack components in one run.

Awesome to see, a total nightmare being on the receiving end though.

Re: Labelling

Of course it boosts energy - all that oxygen energising your blood cells for it to be taken to your muscles and brain etc. - how could air not boost your energy?

Re: That 2 year sentence thing for not giving up your password

But is the private key actual evidence? I'm not talking about wiping the encrypted data, just removing the ability to decrypt it.

Some form of HSM that only works if unlocked within a specific time frame for example?

Nanometer/Nano: meet her? = small

just guessing

Re: There's a special place for people like that...

Whilst I agree that it's more likely high pitch noise rather than EM, the problem with that is that my wife detected it as a very low frequency 'feeling' rather than just a noise. (Ear filters made no difference).

I've no idea what it really was to be honest, but the effects were real.

Re: Looking at the problem backwards

"Schultz says should vet and load content from their own domain."

I was thinking this all along whilst reading the article, and this really is the weak link in the malware delivery cycle.

Ensure the code for the adverts is sent to the publisher to be published. They can then automate the screening of the code for re-directions (and embedded malware).

No re-directions, no malware.

If the industry doesn't start regulating itself, ad-blockers will become the default and their business model will never recover.

If they won't listen to the warnings, they will be too late to fix it later.

Re: Oracle?

I get the feeling that other (smaller, lower profile) vendors are doing the same thing, but weren't worth the effort to chase since they don't have the same level of exposure to discrediting their brand-name.

However, a large corporation using their kernel in an unsupported manner, yet implying that it is (i.e. without providing any caveats in the marketing blurb) is a serious matter for any company.

Basically if this cobbled together product is shown to be insecure, then it tarnishes the Grsecurity brand through no fault of their own.

I can't say I blame them, unfortunately if you give some people an inch, they give you the shaft.