2024 posts • joined 7 Dec 2012
Re: neurodiverse ?
Bleh, I'm the BOFH MKII, turned infosec technical.
My security robots are armed with laser wielding sharks and the room that you thought was the server room is actually a tank to be instantly filled with water and yes, the robots are water tight to 190 meters. Working on getting greater depth of performance and performance depth from them. The sharks are fine on their own.
For security reference, for this non-subject, I'll offer affidavits from SAS and SBS team members, who know me and served together during mutual bacon saving missions. I'm also available via FVEY references.
Conditions, property rights in ten acres or so of fine forest, with a modest residence hidden within and a modest access road with a collapsible upon authorized vehicle approach of a "road closed" sign. ;)
Negotiable down to five acres, with no blasted neighbors. And a firearms license, with arms and ammunition to be stored at the local constable's office and constables will be authorized to familiarize themselves to their heart's content - in a sporting manner.
And of course, full NHS health care access. ;)
Yes, I know. That last is a joke, the other conditions, negotiable somewhat. I am an excellent competition marksman, but securing the things are damnably expensive for civilized nations life, so I'll palm it off on the constabulary. Military would also, on their free time, be permitted to utilize said firearms.
The road close sign, a joke, but would be welcome.
Yes, I've had some legendary bad neighbors in my time, peace and quiet is all that I want now, save at work, where it actually is WWIII with cyber warfare.
I'll supply my own batmobile, which likely will suspiciously appear to be a caravan.
Re: Security vs. convenience
Re: Security vs. convenience
The reason such chips haven't been developed is because despite offering Hollywood-blockbuster levels of security, the first time one ACTUALLY fried itself, and some moronic user puts on their Daily Mail sadface with a headline about how they "lost" £1,500 simply because the entered the wrong passcode (or their darling brat did) and it's game over.
I own several Ironkey devices, which do precisely that. They're also designed to brick if cut into.
Re: You gotta be fast
Modern Windows apps also should store passwords etc in secure storage provided by the OS, which is encrypted.
Rather like writing down the combination to the secure safe, then storing it inside of said safe.
I've actually witnessed someone do just that. I acidly corrected the individual and told them to use the other secure safe.
I say secure safe within a specific context, as it has very specific ratings and itself is inside of a secure facility, inside of a specially rated vault that has 24/7 monitoring via multiple methods.
"Surely a $5 wrench?"
Nah, I like to leave a good impression. Ten pound sledgehammer. I'll have the password before the SOB runs out of knees.
Re: Again.. How many people turn their machine off?
Wake on LAN has to be enabled in BIOS.
Re: Again.. How many people turn their machine off?
This policy arose from an incident where an executive left his machine on, and it was infected with malware. Those behind the attack had the whole weekend to surf out or internal network.
We have 24/7 monitoring of the network and systems logs via two layers of monitoring. And a host based IPS system. And 24/7 on call staff to respond to any incident.
The few times I saw a network pwned, it was due to a lack of a system administrator following policy and either not performing the proper baseline configuration or using found USB mass storage devices on the servers and due to the misconfiguration, autorun installed the malware.
They received punishing paid overtime and were named company heroes for working all of that overtime to fix what they fouled up. Until they promptly reinfected everything, precisely the same way in which they did the first time. The DoD was not amused that time.
Their advice was, if a computer gets compromised and it has UEFI, shred it. Don't bother trying to do a clean install, because you can never be 100% sure they haven't slipped something into the UEFI. You can't just throw out the old drives and put new ones in any more. Likewise, even updating the UEFI isn't a 100% guarantee.
Understanding the UEFI system, it's simple enough to reset to factory defaults, flash the BIOS to factory as well and wipe the hard drive. Have yet to have a system retain nastiness once I got my mitts on it.
The script deletes all partitions, creates a single full drive partition, formats it, deletes that partition, resets BIOS to factory defaults, flashes the BIOS, resets it again, then creates new partitions, copies base files, reboots and does hash testing on the files, then goes on for installation.
Even the NSA was impressed.
We disable sleep and always have. Hibernate can be attacked using a different method.
I either lock the machine and leave it running or shut it down. Either way, it comes home with me.
Where someone stealing it is unlikely, as they have to get past the security robots, laser wielding sharks, elevators with dubiously reprogrammed controllers, the hallway of flamethrowers, followed by a liquid nitrogen moat. All, while the BOFH MKII watching and waiting.
Re: we are the Cloud, you will adapt to service us. RESISTANCE IS FUTILE
The problem isn't the technology, it's the shitty way people like you choose to employ it, were warned by us and we were ignored and it blew up the enterprise.
Then, you fail by trying to blame us and we have tons of notes and memos that proved we had grave reservations over "implementation X", which subsequently blew up.
Proved our points, yet again, Pointy Haired Boss moron.
Single point of failure, bad, especially when it's a fucking cluster. Shared traffic amongst clusters as super groups, good, negotiating constantly for roles.
Adds overhead, but adds reliability.
So, how many bowls of stupid flakes to you enjoy in the morning, with moron milk liberally applied to them?
Plan for failure modes and recovery, not trust the shit actually always fucking works.
Re: Hurricane-grade storms? Not even close.
If the price of gas didn't go up, then Texas didn't have unusual weather.
An interesting phenomenon frequently reported and related in the Philadelphia area, as the entire Delaware River is lousy with refineries from coast to Philly and beyond.
Somehow, our gasoline prices soar, due to a Houston problem.
Yet the very same company complains over ACA cost sharing.
Re: "Gee ..."
"What could possibly go wrong?"
Once, on a US military installation in the middle of a massive desert, we had a flood.
Even I, a paranoid contingency planner type, didn't plan of a flood.
The area, high calcium carbonate compact layer (old natural concrete from ancient coral shoals), composing the "bedrock" of the area, six to eighteen inches below the topsoil.
A 3/4 inch water pipe ruptured, spilling out heaven knows how many gallons of water.
End result, a manhole filled with water - our primary telephone trunk occupying manhole.
Network, being optical and continuous, operated normally.
Fine day of no telephone ringing.
Turned out, all telephones on the mid range military installation were entirely out.
Oddly, my IP based secure telephone never rang to report a major outage. Which was far outside of policy.
And noted in the subsequent staff meeting.
The policy being, use *every* form of communication when losing primary communication.
I literally look for smoke signals, when outside.
Morons failed entirely to do anything other than, initially, try a web interface. Failed, halt.
Two used a telephone, failing that, used a secure telephone communications network that was optically based.
Which utterly ruined a very fine day for me.
Turned it from maintenance to recovery in a New York minute, which is measured in Planc units.
Re: URL link to all Cloud Outages past 5 years?
I want to bring this to meetings with senior executives... We need a Wikipedia or some easily accessible public link to all the Cloud outages. Its just too easy to skip over intermittent failures otherwise... Or try to explain them or excuse them away....
Seriously, have you ever heard of Google? It's a really cool site, found at https://www.googlel.com. There, you can search for such failures being mentioned. Even get a count of reports. Even look for scholarly articles on scholar.google.com.
Hint: You'd never get to work for me, if HR hired, you, *they* would get fired.
Re: I NEVER get tired of posting this
Outside of a specific use case (being able to quickly change the scale of a deployment), I honestly can't think of a solid advantage to using the cloud. It looks more expensive and less reliable on the whole.
Not really, it's how it's implemented. Implementation in a deficient way, where a region shuts down or errors disabling the cluster, bad. Implementation where such a thing springs up nodes to replace them, good. Rejoin them once they're back online, unfuck the clusterfuck of changes between the two at one's leisure, which is milliseconds at worst in a modern environment.
Seriously, I have 64 processors, with cores added, per brick, got two dozen of them in two cinder blocks in the rack.
I have, actually, more off site.
Not figuring out how to balance on site and off site, bad planning of the entire debacle to be.
And I plan on outage of a major sort, at the most vulnerable point, just to avoid a problem and worse, unscheduled overtime.
Overtime is for real emergencies or for work that I have scripts to do, while I surf the web.
Re: I NEVER get tired of posting this
Cloudy, with a chance of meatballs.
Same old, same old for root cause, over reliance on a geographical location with "preferred" links elected by the controllers, which then become unavailable and wreak havoc on the entire network until communications are restored and the flood of changes are propagated (OK, massively Goobered down version there).
Noticed it at work, noticed a roll back scheduled and erroring, due to it being rushed through change management.
BOFH MK-IV, occupying PFY's position currently. Little could be more dangerous than that. ;)
End result, Outrage, erm, Outlook hangs and is slow in updating. Same with Skype for MonkeyBusiness.
I'm blaming the HCU just outside of our star system for it. The bored Heavy Offensive Unit, the size of our moonish, was bored and introduced an intentional error to see the monkeys scatter about and throw scat at one another.
Or a programming team made a massive, glaring error, which they see what they think is there and not what is actually there in the code. Been there, done that, wore out that tee shirt. Back before said programmers were born.
Blaming an entire technology convergence is just idiotic. Over-reliance on a still immature technology, possibly yes, but we're stuck with what the vendor offers.
Ever look at Microsoft's certification portfolio? Looks like it was written by sales.
Seriously, find me a pathway that can find someone properly trained to find a resultant set of policy in a corporate environment of even moderate membership!
While I manage to figure out RSOP in my head to a minimum of 18 sets and frequently manage far beyond that.
Did a correction on a errored RSOP on New Year's Eve, when all of the on call couldn't figure out the debacle.
The debacle originated on making a significant change just before a major farking holiday! Worse, by junior staff and even worse, being rubber stamped at the end of the fragging day!
Took me 20 minutes, being quite well bathed in ethanol and logging in, due to being made on call, when I was solidly off call, looking at the cloistersmurf from hell that that team crafted (I strongly suspect that they began their celebrations and libations a full week before, considering the nature of changes and level), unfouled the mess in my head and ran a RSOP on it, got bored and applied it to fix the issue before I got the damned results.
Called out dead on the second, recovered on the third. Purely out of spite and besides, an old and long missed coworker, back in my ancient carpentry days, called out dead for the holiday weekend to excellent effect.
Re: Who uses McAfee ?
McAfee, also known as Intel Security Group. Yep, only amateurs and home users use Intel products.
Re: When Booking-Travel now the first thing I usually do is:
I'd do that, but I live in the US.
But, I do have an upside. If they try to search my iPhone, it's protected and I'd have it wiped immediately *and* give the TSA a butt rash. The phone is a US DoD provided phone.
I land, connect to the internet on my DoD provided computer and send a wipe signal to our specialized software.
And coming to think of it, I'll store the PIN for the device on a classified network. Tell the TSA agent that the PIN is classified, which it then would be and if he or she insists, have them arrested for espionage.
Which laughably, is literally the law in the US!
Re: Hack yes, I'd hire him.
Back when I was InfoSec for a US military installation, we'd get hacked on an annual, scheduled basis by the NSA.
Both sides learned new tricks each and every year.
They're a pretty cool bunch, too!
Re: from BBC
dedicate team of sloths maybe if he downloaded 90GB of data over an extended period ?
Nope, if memory serves, they use CSC for monitoring and incident response.
Re: So that’s what I’ve been doing wrong…
Microsoft has been hacked, Sony has been hacked. Apple has been hacked. Everyone has been hacked at some point - and some don’t even realise it (because the hacker who hacked was serious, competent and not doing it for the lulz).
Do you mean like the US OPM hack?
Well, an upside to that is, I can now get a security clearance in China.
Would they stick to that policy, or "finally" agree that they "should" help get the cops into an iThing to do their bit to help fight dangerous criminals?
Do you mean like when they, during the whole court order thing, suddenly allowed generic fingerprint scanner modules to be installed on the iPhone and somehow, a security researcher found a way to get one that always read false positive the very next day?
Remarkable coincidence, if you believe in coincidences, which I do not.
Or that super sweet DoD deal for thousands of iPhones that came shortly after? Got a DoD issue iPhone sitting right next to me now, as I'm on call.
My daughter just pointed out that SentinelOne doesn't have an article in Wikipedia.
The foundation is rather vigorous in defending itself via the courts. So, a takedown isn't very likely.
"The reference to the extension has been removed from the blog post as part of the investigative process."
Because, security by obscurity is actually an effective thing. No, it's security by obscenity.
Disabling or removing the applet is proper, removing the post is not.
Information security meeting is tomorrow, this will indeed be brought up and I strongly suspect, Firefox will no longer be on our entire network. Which is a rather significant number of users.
You had a proper kit tool examining passwords to ensure a properly hardened password is adopted, you're golden.
If you had two factor authentication to even get onto the wireless network, you're golden.
Both methods and more, trivially available for cheap to no cost.
Re: It's dead, Jim, but not as we know it
I always thought that hot fusion worked well - or at least it appeared to be doing ok this morning before it clouded over.
Cold fusion works 100% of the time. Not well, most certainly not gainfully!
Aka, a neutron generator. Generated neutrons, generates a large electric bill, heat, not so much.
So, fusion does occur and indeed, at room temperature. Poorly, with massive losses. Tweaks lower the loss, increase neutron creation, at a cost of additional energy input at room temperature and ambient pressure.
What gets done now is high pressure, insanely high pressure and hence, temperature isn't extremely relevant there, save if one is conducting quantum level calculations.
"Cops want this tech cool give it to them but. When it fucks up the cops have strict liability. The police and their superior are finally liable . This can not be discharged. Cops can by charged with false arrest"
Largely false in the US.
Oops, we fucked up is the excuse and it's excused.
Eventually, the POTUS will get shot by police, "by mistake" and they'll end up excused.
The US has a massive gap between federal and state systems. Police are local, not quite state, not quite not. Federal officers, like Secret Service and FBI are federal.
Each have their own Constitutional boundaries.
So, it's entirely possible for a local police officer to conduct the behavior I suggested in the US.
God Save The Queen if such a system misidentified her, as US police don't think, as they have a "war on crime" mentality.
With them literally thinking that they're soldiers in a literal war.
I know, I know enough of them.
Not very mentally flexible at all.
A Taser device is perfectly safe, right until it destabilizies your cardiac conduction system and kills you.
When your family objects, you get litigated into homelessness.
Welcome to US justice.
Alas, the shitware, for no other name exists for it, misidentified sitting US Senators and Representatives, of a somewhat swarthy complexion as criminals.
Yes! Let's field this kit! It's ready for horror films!
Re: Question about Impersonation/Spoofing
CallerID can be trivially spoofed.
While it wouldn't take much to intercept and block a spoof, the will to implement along with the associated cost is lacking in the US.
Let the buyer beware is the current guidance of this administration and many previous ones.
Leaving one to wait until crimes accumulate into the millions or utilizing a Rob Roy defence and paying for it when arrested, as authorities are "tough on crime".
I say, pull the teeth, feed the hogs.
Re: What if you don't allow JS at all?
And when HTML5 rendering is deficient in a specific browser, do what? The same with CSS implementation.
Security by obfuscation or removal of useful technology isn't the answer. Otherwise, we'd all go back to banging rocks together in the presence of flammable rubbish to start to begin to get warm in winter.
Demanding better security is one method, legislating fines for insecure software another, finding behavioural methods of detection a much better method, which was what was done here.
Re: What if you don't allow JS at all?
Well, there's flash...
Just to name one.
Then, move onto BHO's and accessory programs that are vulnerable.
One of the reasons I prefer to use a honeyclient and sniffer, to actually see what goes on behind the scenes.
I've dissected real world attacks that otherwise would've been complete mysteries. Some, using really old tricks, such as dumping binary data into a text editor that didn't test for text data, via a remote session link. Others, using some innovative and novel methods, which my employer and their overlords were quite keen on.
Re: sleeper malware 4276
And given that I am from a Sicilian-American family, said routine would never be triggered.
Even after death, when fighting relatives descend to claim "inheritance".
Our children know better, I store my wealth in a specific mineral form of wealth - cobalt-60. Inherit at your own risk, as shielding gets sold off to cover estate taxes.
Re: Double-Edged Sword of Progress
If we're voting, I vote for creating a Culture Mind.
It'd be nice to have intelligent company to share Infinite Fun Time.
Re: Black insulating tape
Save, that there is behavioral analysis.
Patterns garnered on browsing habits, network traffic forms, even the pattern of typing a password can be confirmation.
Cue the launch of a new AI-powered threat detection product...
Yeah, I was thinking more along the lines of a new neural net guided counterattack system.
Had something similar, years ago, which had a slightly more disproportionate response pattern. Hit a threshold, start hammering back on a sliding scale beginning at 1/3 over the level of the attack. Escalating by orders of B channels, to give a hint of the era that that system was in place.
A neural net, with the appropriate model (I have a specific animal kingdom level in mind), wouldn't be that difficult, given VM capabilities available today.
Re: Not in IT...
"No, but as happened to a friend of mine last year, they will be pretty explicit that your redundancy pay (almost twelve months in his case), does depend on you training your replacements well."
Well, there is well, as in a reasonable person would consider it well and properly, which would require competence in the first place and absent that, it's a lost cause.
Re: Not in IT...
"...one wonders what would happen if the affected workforce simply downed computers..."
In the US, that would result, regardless of notification, in a lengthy prison sentence.
In the US, throwing one's wooden shoes into the works is illegal.
Re: Not in IT...
In IT, I've had the opportunity and utilized it, to purchase my old desk for pennies on the hundred dollar mark.
Exchanging desks as the outsourced job was outsourced and the company failed.
Re: "..one small step..."
"Someone totted up how much space and weight they would have taken up, and its just over 1 ton."
Which was raw telemetry, lousy with noise and transcribed/converted to various media forms that instrumentation and humans could use, leaving it a ton of crap to find storage space for, likely to never be asked for again.
Since the data was available in every format known at the time.
How horrible of them to not demand the evacuation of a moderate sized city and retain each and every original recording medium, regardless of how wasteful of tax dollars that would be!
How about you build a time machine and volunteer to store all of that crap?
Re: That means you heard it before it was released
"Or people don't get rid of them."
Or demand a wall around them... Paid for by them by proxy of one's own populace.
Re: That means you heard it before it was released
"Can't believe a fundamentally experimental album is still being talked about and apparently still selling well nearly fifty years after its release."
Well, there were those Beatles and a certain White Album I owned. Alas, the kids managed to get it stolen while I was away at some tiff in a certain Gulf...
But, for 'Eclipse', I was 10 or 11...
Now, knees are gone, back is gone and BTW, is it the memory or something else that goes first and what's the other thing?
"Why leftpondians call it a pound sign is just an indication of their strangeness."
Well, that bifurcation of language occurred because those on the right side of the pond entirely failed to properly document the shared language until the year after a tax protest spiraled out of control into treason, which out of desperate self-protection, turned into a revolution.
As in 1777, the language was finally documented, but those on the left side of the pond were embargoed and blockaded.
At least until a load of "wine" arrived from France - just in time, as the lefties were losing...
Re: "...hashland would sound silly."
"The interrobang, a cross between a question mark and an exclamation mark."
I remember that in the later 1970's there was an attempt to resurrect the thing. It flew like the proverbial lead balloon.
"My US keyboard "has" a pound sign, as Shift-3 is #, but Shift-4 is still $, and we don't have a "£" key, so I had to copy-paste it from your post."
There's a unicode for it, which I'm entirely too lazy to look up and alas, I failed to import the lookup script from my other computer as of yet. As it's nearly midnight, that's a tomorrow afternoon job.
"We do call £ "pound" and this weekend I had to tell someone about the pound/shilling/pence system, as he was wondering about the "weird 3 part prices" in his vintage catalog."
Then, the question arises, "What is a quid" and assorted other slang terms, which turns into an hour long question and answer session. Leaving production at Fanny Adams.
Yeah, never thought you'd hear that old expression from across the pond!
"What do US people call a real pound (currency) symbol?"
Most US citizens are astonishingly ignorant and call it a "funny L symbol". I call it a Pound (currency) symbol and get asked what nation uses that currency.
I think that the ancient Athenians had the right of it, denying the idios the vote.
"Incidentally, since we call it a hash in the UK, but the Americans call it a pound and the social media companies are US based, why don't they call it a poundtag ?"
Because, far too many of us in the US call social media a "pound sand tag" and treat it accordingly.
Re: They missed a source
"Last winter in Europe, most reporting stations are seeing a year on year increase in radiation in the air."
Reventlov and Olivaw, those bastards!
Damned zeroth law nonsense, I said it would lead to no good.
"How about sitting in a classroom for 3 years learning out of date stuff (to mainly show you're not a quitter), then starting from the bottom and working your way up."
Well, doctors and attorneys do that every day. I did that in spades in selection in special forces.
None of the above prove that you are competent overall!
Meanwhile, I only sat through a class that was as you described. That, due to an injury that required me to learn a specifically specified standard. One that is as defunct as Windows 2000.
Whose test was infamously wrong in many areas.
I've done and certified under pretty much everything Microsoft from Windows 3.51 onward. Remember Windows NT, Service Pack 6, then the scrambled at fixes included in Service Pack 6a? I do recall it quite well.
Two clients moved back to NT3.51 over it.
"Well, a fair few do; there'll always be those folks who want to actually prove they know how to do the job, but they are getting increasingly rare these days."
Yes, I'm one of that vanishing breed. Alas, the reality does not meet your expectation.
Just today, I was asked to assist a coworker, who could not use his notebook's trackpad. It quit on him, he thought it defective.
Despite it being an HP device and a glaringly bright LED indicating that he had disabled the damned thing.
Double tapped it, explained nicely (due to his age) that he had a severe keyboard-mouse interface issue and departed.
While the user, due to the way that I worded things, will feel good, his supervisor, having heard my words knows that the user, despite being hired for a specific high level technical role, doesn't have a clue. I suspect he'll soon have to find a new position, perhaps, as a pizza delivery guy,
"People don’t want certifications and don’t want to do whiteboard coding and don’t want to do take-home assignments so what exactly do people want, to waltz into a job with a nod and a wink?"
Yep, in my case, that was precisely what happened. What the reality of it is is, I'm the most qualified person that the company has. I can diagnose AD issues after being kicked in the head by an angry horse. Not that I'm idiotic enough to put myself into the position of causing a horse to suffer such an injury.
Laughably, zero certifications that are germane. Annoyingly, the client requires specific certifications to operate at specific levels.
If memory serves, I do believe that Moses sat with me for my first certification.
Or was that some guy, who called himself Adam and had no family as of yet...