* Posts by Wzrd1

2260 publicly visible posts • joined 7 Dec 2012

3l33t haxxors don't need no botnet, they just pinch passwords

Wzrd1 Silver badge

Re: Muppets

"Recent pen test at our place and of 800 about 120 replied to phishing emails from a faked Help Desk email asking for their credentials as their had been a security breach."

Our organization is a lot larger, a similar test was performed, a bit over 50% reported the phish attempt to security. We're working on improving that number.

We still have a way to go, as I noted a *.pdf.scr execute and run msiexec successfully just this past weekend.

It looks like the sales department is in need of remedial training. :/

Wzrd1 Silver badge

Re: Simple enough

"If admin creds are getting stolen you have issues with your admins not keeping things tidy. If your admins have these issues, I don't wanna know what else is going down the toilet."

We're global, we have thousands of exit nodes we monitor, as well as log aggregators, network taps, HIPS, IPS and more.

We see webshells created from an unknown entry point, lateral spread via RDP sessions, notepad used as a tool depositing tool, the resultant script ran, which installed more tools, then pass the hash uncovers admin accounts on that box, then those used to enter Active Directory and raise merry hell quietly on the network.

Incident response teams try to contact that distant manager and admin, to learn that it's between 1 and 3 AM and nobody can respond.

Or the server is a critical server room pet, which takes days to get off of the network.

The bugger even got into our antivirus server, software inventory server and more.

The adversary knows the network well now, knows when response will be slow and capitalized upon that repeatedly.

2FA would help a lot, but corporate doesn't want to spend the money, as we're talking global 2FA in 100K users.

I could write a script that could follow the SOB back to the ingress point, terminating his connections and installing itself on the lateral spread points, but the script would have to have a global admin privilege set and that is a greater security risk.

Wzrd1 Silver badge

Re: User Monitoring

"All the organisations subject to Sarbanes Oxley must have full auditing for their privileged accounts, with the audit logs scrutinised by people other than the administrators themselves, preferably in a completely different management stream."

I work for a Fortune 200 corporation that is global. I'm one of the poor folks who get to monitor our logger, network taps, e-mail system (can retrieve suspect mail to remove phish and malware attachments, as well as spam (can't read the mail though, thankfully. Did that when I was working with US DoD when things were suspicious.).

One problem, when logs from a global corporation aggregate, it requires massive storage and massive database processing capabilities. That means that on occasion, the logger reporting arrives up to six hours after the suspicious events have occurred.

Worse, incident response is spottily 24/7/365, resulting in delays in response, resulting in the attack being long over, a webshell used, RDP through the shell, pass the hash attack used, AD trees dumped, etc in minutes.

Even when everyone's in the office, when the attack is viewed by the web taps and observed as it happens, getting the message to the manager and server admin still takes long enough that the attack is over.

We've had external "eyes" review the problem, 2 factor not adopted due to the cost to the corporation. Even after a few SOX audits.

But, we've gotten new tools to help catch the breach, but nothing can speed response in a truly global corporation - *someone* is in bed during an attack and China has plenty of time to breach in.

Attention sysadmins! Here’s how to dodge bullets in a post-Ashley Madison world

Wzrd1 Silver badge

Re: password re-set security

"don't know about other places, but here, we generally recognise the voice of the person asking for a re-set"

We have around 100000 users. No way in hell to remember all of those.

Wzrd1 Silver badge

Re: The email dilemma

I had to have a sysadmin fired. He kept checking his gmail on servers on a US DoD network.

He was repeatedly warned as well!

Wzrd1 Silver badge

Re: BYOD...

"--goddamn do I love defense contractors..."

I remember when the US DoD banned all USB mass storage, as it cost them multiple billions of dollars cleaning up a bit of cyber spying malware kit.

Where I worked, no mobile devices were permitted, we had a locker outside to store them in.

You won't imagine the delight when I had AD shutter all USB mass storage on the base!

Wzrd1 Silver badge

Re: Why do people use work email for personal use?

I never use my work e-mail for personal use. Too big of a risk. I do check my personal e-mail, but that is tested on a read-only VM.

If that gets compromised, it's only compromised with private e-mails between myself and my family until COB.

Wzrd1 Silver badge

Re: but you have to prevent the use of Chrome

" Security will always trump the preferences of the users."

Yep, this BOFH turned information security chap has uninstalled undesired software via its product SQUID. Pushed the instruction out via SCCM, called it a day after reviewing remote logs to confirm removal.

Wzrd1 Silver badge

"There have been plenty of court cases confirming that you can't just monitor everything, you need a good reason to monitor a specific individual."

We monitor *everyone* and we're international.

We *check* when there is a suspicion of something awry, such as malware, a chap from the UK logging in from China, etc.

I've even retrieved e-mails via pcap, as they were avoiding our mail server. Turned out it was malware trying to spam.

We've also retrieved e-mails from our e-mail processing software, deleting spam and malware spear phishing employees.

Ashley Madison made dumb security mistakes, researcher says

Wzrd1 Silver badge

Re: 5 characters eh?

Only if one is measuring in millimeters.

Two numbers for developer IQ points.

Turkey cites crypto software find in terror charges against TV crew

Wzrd1 Silver badge

Re: Proof

Perhaps it is because the Kaiser was better at divvying up up other people's lands in the 1850's than England has throughout its history.

India-Pakistan-etc is a UK blunder as well. Originally all over bloody tea.

Wzrd1 Silver badge

Re: It's not just Turkey (or ham)

"That tends to put things especially 1st world problems in perspective."

Neither do I, in the New World. That is good, as budget cuts eliminated the bread line.

The good thing about information security is, if you can't provide the solution due to top office negating the notion, there is good money to be made in prolonging the agony.

Wzrd1 Silver badge

Re: ban mathematics...

"Maybe, but I'd much rather that they and a big chunk of the rest of us caught on to the Enlightenment."

Well, during the dark ages, they did have enlightenment, then they tried to emulate Europe and look at the mess we have today, Islam's dark ages.

Worse, we fed this monster and now the monster is looking for its creator.

Wzrd1 Silver badge

Re: Turkey nowadays

Although, the arresting and charging officers will now be arrested at the end of this debacle.

After all, their idiotic actions have insulted Turkishness, which is a crime in Turkey.

Prepare to be Thunderstruck: What if 'deuszu' ISN'T the Ashley Madison hacker?

Wzrd1 Silver badge

Re: "For all we know, Zu may be a dog on the internet."

Dogs aren't allowed, but my cat sure gets around online when I go to the can.

US mulls unprecedented Chinese sanctions in wake of hacks – report

Wzrd1 Silver badge

Re: A lot of missed points here....

Not quite crap on the entire spectrum of products.

There are two tiers, cheap crap and good quality.

The iPhone doesn't fall apart like other Chinese cheap products do.

Wzrd1 Silver badge

Re: Bunch of idiots..

Depending on the product, up ordering from Indonesia, India, South Korea, Vietnam and South Korea would be trivial.

Wzrd1 Silver badge

Re: I can see that working

Heh, the PRC economy is already imploding.

Meanwhile, once again, we caught Chinese hackers inside of our network. We average between 5 and 8 a month these days.

We secure our clients networks, we don't bother doing that on our own.

Linux Foundation releases PARANOID internal infosec guide

Wzrd1 Silver badge

Re: burn a hard drive?

Well, I *have* made thermite to burn a tack of hard drives.

Fiery old geysers FOUND ON MOON: Volcanic past explained

Wzrd1 Silver badge

Re: atomic oxygen?

Be warned, hydroxic acid, hydrogen monoxide, dihydrogen monoxide, hydrogen oxide, hydric acid, hydrohydroxic acid, hydrol and μ-Oxido dihydrogen are widely traded.

Dangerous stuff, it can cause death by asphyxiation, circulatory overload and more.

It's so addictive that once one is exposed to it, one would lose their life if consumption of it is ceased.

Prof Hawking cracks riddle of black holes – which may be portals to other universes

Wzrd1 Silver badge

Rather odd, the notion of matter entering the singularity

Relative to the external universe, anything below the event horizon is frozen in time just below the event horizon or wherever else matter within the collapse was when singularity moved the event horizon out past it.

So, in theory, most matter "eaten" by the black hole is just below the event horizon.

Wzrd1 Silver badge

Re: Yea but

"What we want to know is what happens when you poke a black hole with a stick."

You get irradiated by the accretion disc you're joining.

Wzrd1 Silver badge

Re: 3D TV/Movies

Sadly, not quite. Functionally, they are similar, but in actuality, time movement ceases below the event horizon of a black hole, whereas time continues to move forward while captured under the event horizon of television or a movie.

What Ashley Madison did and did NOT delete if you paid $19 – and why it may cost it $5m+

Wzrd1 Silver badge

Re: "... then complaining when telesales phone them up. Idiots."

"You beat them with a plumb-bob "Dr Syntax"?"

I was thinking more like a sash weight.

Wzrd1 Silver badge

Re: Greasy

"Really wished that worked over here in the UK. In Australia, there is a (national?) "Do Not Call Register", which is easy to add your phone number to online. It's enforced well, and marketers really don't screw with it."

We have a similar 'Do Not Call' database. A few idiots actually tried to use it as a calling database, to end up meeting a judge, jury and prison guards.

Today, some foreign call centers either ignore it or use the database, obfuscating and forging their caller ID.

Wzrd1 Silver badge

Re: "... then complaining when telesales phone them up. Idiots."

"However I did have a missed call the other day which on googling turns out to be a number used for calls from "Microsoft""

Yeah, I'd be disappointed too. I love to waste their time, doing my best to confuse the bastard for as long as possible. I've gotten them stretched out to as far as 15 minutes, variously saying "My computer brand? Cray. C. R. A. Y. Yes, I don't see that prompt"...

Notable, most of the unsolicited calls I do get are out of country and are running caller ID obfuscators. A bit of kit between the ID device that kills the reading after the first CID signal is received found a more accurate, out of country phone number.

Hmm, perhaps I can stop off on the way to work and borrow an armed drone...

Manhattan-sized iceberg splits from glacier – and spotted FROM SPACE

Wzrd1 Silver badge

Re: when measuring things in terms of Manhattans

One could do that, but I drink my Manhattans out of a barrel.

Wzrd1 Silver badge

Re: El Reg UoM?

Miles, yards, feet, inches and mugwumps.

Wzrd1 Silver badge

Re: Wot no Global Scaryness?

But, but, but El Reg said just last week that the ice is thicker than ever!

Come on, El Reg, figure out which it is.

Unholy Hong Kong hackers hit evangelicals with IE 0day

Wzrd1 Silver badge

Bleh

An ancient in IT world terms vulnerability is utilized by bastards of another nation, suddenly that is news?

OK, tomorrow, I expect from El Reg a story about "Sun rises in the east and amazingly sets in the west" story.

Adulterers antsy as 'entire' Ashley Madison databases leak online

Wzrd1 Silver badge

Re: Ain't gettin' nuthin here!

"So, either the implied 5 - 10% of female users are *extremely* busy, or - and this seem more likely - most of the blokes on there are very dissatisfied cos they ain't gettin' nuthin'."

Blather. The reality is, most "hook up" sites are largely male members, variable actual female members, researchers and trolls.

Based upon my six site research.

And I'm far from being "on the market". Just doing sexurity research, with my wife looking over my shoulder and laughing, as I was laughing.

The sexual spectrum is fascinating in diversity, the mistruths phenomenal.

That said, this particular site was off scope of research. It was more management, off-troll and oddity, due to previously discovered metrics.

As in >95% male, proclaiming hetero and oddly <5% female, based upon profile profiling and posting research conducted by other researchers.

Interesting how many desire to dispose of the rule of law and accept anarchy, never realizing that under those conditions, their very lives were in grave danger to anyone annoyed with them.

Wzrd1 Silver badge

John, why, you're absolutely right! Fuck all rule of law, cue in the Sharia courts you desire.

Either we have law and order or we have mayhem.

I happen to be exceptionally good in either environment.

I *prefer* law and order over mayhem, but I can do mayhem.

So, what do you desire? Law and order or rule of the mob?

Wzrd1 Silver badge

Re: True - but unlikely

As I recall from previous reporting, there were monthly fees collected.

If they don't store credit card information, *how* do they manage to collect those fees? Telepathy?

Frankly, this sounds like some malcontent that was given the sack and seeks vengeance.

His name is known, from temp employee records. Currently, a criminal case is being built upon him.

The rest is beyond my security clearance level. Some importance is due to military e-mail addresses, which will not be discussed at all.

Here's an interesting notion, how many names were harvested that are security researchers? I'd expect at least on hundred at least.

Small number of computer-aided rifles could be hacked in contrived scenario

Wzrd1 Silver badge

Re: waste of time

"They got guns, they got badges , being a computer techie with a portable lap top and tons of skill is far, far down on the list of things to worry about when dealing with people within fifty feet of you."

Having been inside of Eric Raymond's home, well, he's a very, very, very well armed computer techie.

He also happens to be quite a good shot.

Not as good as I am, being also a computer techie, former SF veteran, but still quite competent. Where he and I depart skills is, I'm proficient with all small arms, edged weapons and hand to hand combat.

Beyond his firearms skills, the worst he could do is write a really, really nasty letter.

As for Eric's personality, the term wanker comes to mind.

Wzrd1 Silver badge

Re: US readers...

"FYI... in the UK, "castle homes" means homes that are castles. There are a fair few around..."

As I recall, those castles were dreadfully drafty and murderously expensive to heat.

Quite a few are also annoyingly damp.

I'll stick with masonry in part, wood in greater parts and reinforced with hubris, as all US homes are.

OK, I'll be reinforcing with concrete, but that isn't as humorous or accurate.

Wzrd1 Silver badge

Re: US readers...

Indeed, as having overlapped SAS and Royal Marines, rescuing and being rescued when nasty surprises reared their misshapen heads, yeah, those Brits can fight damned well. As well as we can.

Our northern neighbors have very similar forces and they kicked ass and didn't bother wasting time on names, lest it delay more asses being kicked.

The Australians as well.

Aw, screw it, the entire Commonwealth are quite good at defense (or as it's spelt across the pond, defence).

Although, I will admit to some consternation for some from Great Britain, for to be honest, I have absolutely know clue whatinhell language he was speaking. It sounded as close to English as is spoken in the West Virginia mountains, although nowhere near like the cat being strangled sounds from West Virginia.

I understood Liverpool, beyond that, I've nary a clue what he was going on about.

A chap from London kept trying to correct my abuses of language, but I set him straight by reminding him that I was speaking and abusing the residuum of what King George left us, undocumented at the time and only documented two years after a bit of an ugly divorce between our lands and we remained rather irritated with them after that mess in 1812. That paint bill for the Presidential Palace was quite great, having to turn it into a White House.

Apparently, all of those bare arms didn't slow the British forces sacking our White House and Library of Congress.

Wzrd1 Silver badge

Re: and still even with all the doors opened

I competitively fire and hunt, that thing, even when it was first announced, was a boondoggle and not worth one hundredth of the price that they demand.

Bloody hell, if you can put your sight onto the target, designate it, might as well have fired.

The crap locks the target that you designate (if it's the wrong area, too bad, it's locked), you depress the trigger and when you manage to get your sight back onto the target area, the rifle fires.

If you can designate that target, you can squeeze the trigger and shoot that target.

Wzrd1 Silver badge

"...whereby the end scene will be Mr Tatum using an old fashioned Lee-Enfield..."

I was going to suggest a superior rifle for that purpose and found that, due to longevity and preference of certain workers in heavily forested areas in Canuckistan despite a newer and fancier rifle removed all possible alternative contenders.

The US has occasionally considered invading Canuckistan, but demurs due to memory of the last time folks from there tried and was resoundingly beaten and sent running away like frightened children, astonished over how such polite people could fight so effectively and politely.

"They were amazingly polite as they knocked my last tooth out, apologizing for the necessity as I ran back south", said one of the expeditionary force from middle North America, now known as the United States.

"They were astonishingly brash and stupid, attacking people who outnumber them by over one thousand to one, but they seemed earnest enough, we hated to see them go so quickly!", said one Canuckistan veteran of the abortive campaign.

"We 'ardly noticed that they were here, they departed so quickly.", said one of His Majesty's finest, spoken under conditions of anonymity, as he was not permitted to speak to anyone, let alone the press.

Wzrd1 Silver badge

Re: wind Lidar

I've been toying with that notion myself, just lack the time to consider putting something together. Over the entire course of beam to target, one can acquire full information on wind directions and compensate for the entire bullet path.

About the only people who could benefit from it would be specialty military niche applications.

Wzrd1 Silver badge

Re: spin drift. (Coriolis Effect?)

"Complain all you want about my mention of rotation in drains and toilets..."

That is a myth. Toilet flow direction is determined by the design of the jets in the rim of the bowl. The coriolis effect is too weak to effect that small amount of water flowing into the bowl.

I believe that Snopes has a write-up on the subject.

Wzrd1 Silver badge

Re: spin drift. (Coriolis Effect?)

"Shooters on Stickledown (up to 1200 yards) at Bisley adjusted sights slightly from zero to allow for the coriolis effect at the longer ranges."

I've fired out to two clicks, was fair to middling, but then I wasn't a sniper. I was just familiarizing with the system.

As for the author, I've fired UK forces L85A2 and L86A1 nice weapons. Much nicer to clear a building than our M4's. The MP5 was a fine weapon, the MP7 is occasionally used as well. As for 12 gauge shotguns, they made fine door knockers, nobody could pretend to not be home when we knocked with one. Fired various sniper systems, squad designated marksman rifles and fell in love with the M14 (now, M1A, as full automatic was removed as unnecessary and ineffective). I also performed explosive demolitions and rapid explosive neutralization.

Fortunately, I'm now retired from all of that unpleasantness.

Wzrd1 Silver badge

Re: spin drift. (Coriolis Effect?)

"You can also be certain that planetary coriolis forces are not going to affect your bullet outside a zero.centered error bar."

Actually, with extreme distance shots (measured in kilometers), there is Coriolis effect present. The effect isn't great enough to avoid damaging something the size of a heart, but it's great enough to prevent an accurate zero reflex shot if not taken into account.

Wind, of course, still has a much greater effect, which can get downright complicated with real world cross winds moving in different directions along long distance trajectories.

As for this not being a fucking neutron star, my back and knees disagree with you in the morning.

Row rumbles on over figures in Oracle CSO’s anti-security rant

Wzrd1 Silver badge

Re: Oracle has a historically poor relationship with ....

Still, could be worse. They could be Adobe.

Captain, dark energy sensor readings show dwarf galaxies orbiting the Milky Way

Wzrd1 Silver badge

Non-barynoic dark matter is only one candidate for dark matter, old fashioned dust, naked singularities, dust shrouded star nurseries, rogue planets, etc are also likely candidates. There's a hell of a lot of mass to account for, much is dark.

My personal theory is at least one eighth of the unaccounted for mass consists of single missing socks from cloths dryers and missing ball point pens.

China laments 'wild guesses and malicious slurs' on state hacking

Wzrd1 Silver badge

Re: haha

"For example Israel would be very stupid indeed to spy on the US..."

Wrong, Israel has repeatedly been caught spying on the US. The US has repeatedly been caught spying on Israel.

One upside to everyone spying on each other, it keeps everyone honest. In the case of the US and USSR years ago, spies broke tradecraft to defuse a near-nuclear war when Russia misread what was going on during Abel Archer.

Put it away: Dwarf's 'supermassive' marvel is actually smallest thing boffins have ever seen

Wzrd1 Silver badge

"In theory if they do exist they would evaporate almost instantly."

That's a relative instant, if it's moving at relativistic velocity, instant can be quite long.

'WOMAN FOUND ON MARS' – now obvious men are from Venus

Wzrd1 Silver badge

Re: It is simply...........

A rock, rather like the rocks in the heads of those who think it's a human form.

Tobacco field bacteria offers hope for buzz-kill smoking therapy

Wzrd1 Silver badge

Re: "at 98 degrees Fahrenheit"...

One can always tell when a US citizen speaks, both by the use of language, abuse of language, poor punctuation and finally, by units of measure.

Having traveled a great deal and worked in medical science, I'm familiar with the global standard measure.

Stones. Miles. Hmm, the US doesn't use stone measure, but shares the mile with the UK. ;)

Seriously though, it would be nice if we in the US would join both the rest of the world and the twenty first century. Regrettably, I suspect the only kilo anything in the US will remain a kilo in illicit drugs.

Some years ago, I was abroad and went to purchase meat for sandwiches. I asked for a kilo of several different meats and cheese. The poor clerk suggested 100 grams, maybe 250 grams.

I explained that I was having a party.

Boy, but I *know* that the poor man's arm was tired!

Wzrd1 Silver badge

Re: So somewhat like anabuse?

"So I guess somewhat like anabuse for liquor?"

Nope, it's like like Naloxone (Narcan) for heroin addiction. No sickness at all, only neutralizing the nicotine in the bloodstream.

Wzrd1 Silver badge

"and that is that those 8 hours you sleep without smoking or feeling uncomfortable or in need of a cig make that difference."

What 8 hours? I've been known to get up, have a cup of coffee and a smoke, then go right back to bed and sleep well.