Posts by sloshnmosh

"systematically targeted"

IBM does have a history of this.

So the elder employees received their punchcards, yes?

I don't understand why..

users don't just use Equifax's data breach checking tool to see if they were affected?

Oh, wait...

https://www.zdnet.com/article/we-tested-equifax-data-breach-checker-it-is-basically-useless/

In the words of Jud Crandell from Pet Cemetary:

"sometimes, death is better"

I guess that means it's less than 63 cents now...

"The CEO of Equifax is retiring from the credit reporting bureau with a pay day worth as much as $90 million—or roughly 63 cents for every customer whose data was potentially exposed in its recent security breach."

http://fortune.com/2017/09/26/equifax-ceo-richard-smith-net-worth/

I guess mining is better than dropping a shell

I did a quick Google search yesterday using the base 64 string for PHP shellcode backdoors hidden in image EXIF and one of the first websites to pop up happened to be hosted nearby.

I contacted the webmaster by phone using WHOIS and another well known family tree site and the owner turned out to be a 70 year old man.

(Really nice guy.)

The image of a MOPAR muscle car in his sites gallery had been dropping shells on visitors since November of 2009.

He shut the site down (which was not my intention) stating he didn't have time to maintain it and that he was getting much more traffic on his "Wordpress" site.

They should name it...

"ASK Toolbar"

Or whatever it comes "bundled" with nowadays.

Lenovo again?

Thank God I bought an HP!

Oh, wait...

No Thanks

Perhaps I should elaborate before I get deservedly downvoted into oblivion..

I do believe that it is great for ANY company to open source their software.

Especially if that software enables users to communicate over a (supposedly) secure, encrytped way.

I am a staunch supporter of open source software especially any software that helps with security and/or privacy.

But trust is earned not given.

Zuck and Co. are well known for collecting as much personal, private information from as many people as possible and aggragating all that data into graphs and selling it or even giving it away freely to anyone with a FB developer account.

Facebook has the technology, money and manpower to create powerful software that could help keep communications secure but it goes 180 degrees from what their current format is all about.

So pardon me when I have an knee jerk reaction to any software that is supposed to be private and secure with the Facebook name attached.

Win 7/Microsoft Security Essentials

I have several computers with different configurations, I have a Windows 7 machine running with Microsoft's Security essentials on it that already had this registry key set before the infamous update. Another computer with Windows 7 that has Trend Micro installed needed this registry key added.

(Trend Micro created a .reg file for users to download to add the key)

I don't know when the registry key on the Security Essentials machine was added but I know it existed before I installed the Meltdown update.

Privacy settings

The first time I looked at Windows 10's "privacy" settings I thought to myself: "Is James Clapper a developer at Microsoft now?"

What kind of Mickey Mouse operation?

Who the Hell does VTech think they are? Illegally collecting childrens data is Disney's job!

"I made my own 'NAS' from a Raspberry Pi and a couple of flash memory sticks in about 20 minutes. For any self respecting geek, there is no reason to use off the shelf exploit kits."

As a bonus your NAS is also safe from the whole "Meltdown" debacle.

Amazon Cloudfront

Yet Amazon refuses any requests by individuals to stop the enormous amount of fraud/malware hosted by Cloudfront.

"Why not just have hacking and the such include as an Olympic event then?"

NSA for the Gold

Raspberry PI

I have over 30 computers and you're telling me that my Raspberry PI is the most secure device in my house?

Microsoft Office

Look for the employee with the pirated MS Office 360 key generator.

Only a few pixels

"I've noticed BS claims are being made (on the various tech new shows) about facial recognition again. BBC WS mentioned about a system that seemed to claim pulling accurate recognition from only a few pixels. They should make it a capital offense to over-hype such things."

You'd be surprised how much data can be obtained by just ONE single pixel:

https://www.facebook.com/impression.php/f2441a81bf8bca8/?lid=115&payload={%22source%22%3A%22jssdk%22}

Pythonistas

"There are nasty bigots using most programming languages, no need to single out Pythonistas."

http://samshadwell.me/TrumpScript/

I could be mistaken...

But wasn't the GRsecurity patch freely available to download a while back?

I vaguely remember (attempting to) compile a Linux kernel with their patch a few years ago.

I think the average person DOES care..

I believe it has a lot to do with how much technical knowledge a person has (or wants to have).

I see lots of people take steps to protect their data at least in some small degree but they clearly have no understanding of how things work and end up giving away the keys to the kingdom.

Many people have "antivirus" apps on their Android devices because they have at least some concern that their data may get stolen by some "virus" but most of these apps are stealing far more data from their devices than any "real" malware ever could.

Some of these dodgy "antivirus" developers go so far as to "advertise" their apps by tricking users into installing their warez through the use of fake virus warnings capitalizing on the users inherent fears as well as their lack of technical knowledge.

I was looking at the web browser 'Brave" the other day, it claims to be pro-privacy and in the browser extension request webpage of Brave users were requesting all kinds of dodgy VPN add-on's and other extensions that would defeat the whole purpose of using Brave.

I believe that most people care about their privacy/security but "convenience" wins out or users just get overwhelmed.

It is kind of a pain trying to limit your data footprint, and the more knowledge you have the more you have to do.

I run a custom OS on my phone with only a few FOSS apps that I personally inspected, script blockers on my web browsers, block a multitude of social media sites on my router and HOSTS file, run BleachBit several times a day, only allow programs through the firewall when needed etc etc...I really feel I was better off 5 years ago when I was blissfully unaware of the things I now know.

And to hear members of congress or politicians speak..they're either more clueless than everyone or they're all in on it.

It's all so tiresome.

(sorry for the rant)

Geek Squad

The same thing happens when people have their computers repaired by the "Geek Squad".

https://www.nbcnews.com/tech/security/customer-sues-best-buy-alleges-geek-squad-worker-stole-published-f6C10929636

https://consumerist.com/2007/07/12/geek-squad-hatched-plot-to-harvest-porn-from-pornstar-jasmine-greys-harddrive-days-before-she-died-i/

http://www.businessinsider.com/best-buy-customer-geek-squad-employee-kept-racy-photos-of-her-2012-7

https://nakedsecurity.sophos.com/2017/05/22/yes-geek-squad-can-search-your-files-and-hand-you-over-to-the-police/

https://www.washingtonpost.com/local/public-safety/if-a-best-buy-technician-is-a-paid-fbi-informant-are-his-computer-searches-legal/2017/01/09/f56028b4-d442-11e6-9cb0-54ab630851e8_story.html

Cicret

This has been done before: https://www.itbusiness.ca/news/the-cicret-is-out-this-futuristic-bracelet-doesnt-exist/52677

the three-year legal battle..

That right there...

Ugh

Cerber ransomeware

I received Cerber ransomeware every week for several months in an old email account of mine.

They always arrived in the form of a .zip attachment claiming that: "UPS package undeliverable"

and the .zip file was supposed to contain tracking information.

I unzipped one in a Windows 7 VM for kicks and it encrypted any .jpg, .pdf, .zip and .doc files but left pretty much everything else alone.

Saffari

I'm just now finding out I've been using a knockoff browser this whole time.

I was happy with my Saffari browser until this damned article.

Well, back to the App Store I go...

In defense of Firefox..

I found that Firefox performed better than most when running tests on badssl.

https://badssl.com