Totally flaming awesome!!!
It's a grand world where amazing things happen. Please keep the wondrous software and firmware coming into our lives for the beauty they bring!
Posts by gollux
413 publicly visible posts • joined 11 Sep 2007
Latest Androids have 'god mode' hack hole, thanks to Qualcomm
Russia reports RAT scurrying through govt systems, chewing data
Odds are your office is ill-prepared for network-ransacking ransomware
Tuesday 26th July 2016 19:30 GMT 
And will most likely be...
Cisco enabled... They haven't had a very good security track record. The latest fixes are mostly a testament to how much they've been resting on their laurels and seem to be a way of pointing fingers elsewhere to try gaining back some cachet of responsibility and forward planning.
It's 2016 and your passwords can still be sniffed from wireless keyboards
Tuesday 26th July 2016 19:22 GMT
Totally awesome!!!
If you're brain dead to checking out the technology you buy, convenience always has a neat price...
Meh, whatever... You probably are ok in a sea of blithering data and have escaped so far.
There will always be another interesting method of compromise once you've closed this hole.
Flaws found in security products from AVG, Symantec and McAfee
Wednesday 20th July 2016 04:52 GMT 
AT WHICH POINT...
Humorously, we'll find that an OS with the latest patches available, web browser with downloads disabled, minimal acceptance of file types and email clients that only accept a minimum of file attachments will be about as safe as we can get for the next couple months... (RIP Bloated AV Suites)
Maybe time to start thinking about that mission specialized barebones *nix box if you don't already have one.
Since you love Flash so much, Adobe now has TWO versions for you
Saturday 16th July 2016 05:05 GMT
Oh, JFC...
Can't we just put the stupid package to permanent death already. I've given up on the games as an enticement to keeping Smash Player loaded several years ago, and would like to see any accounting package (Sage, you're in the crosshairs) that demands Flash Player be loaded for part of their software display interface to be removed from the planet.
BMW web portal vulns pose car hack risk – researchers
You know how that data breach happened? Three words: eBay, hard drives
Eat my reports! Bart ransomware slips into PCs via .zip'd JavaScript
Tuesday 28th June 2016 07:03 GMT
Re: UMMMM!
Excepting that this is Javascript which is executed by web browsers and the Windows Script Host...
Sun/Oracle Java doesn't need to be installed on the system for this to operate, it's not Java Byte Code.
Honk if you love Jesus and understand the difference between Java and JavaScript!
25,000 malware-riddled CCTV cameras form network-crashing botnet
Medicos could be world's best security bypassers, study finds
IRS kills off PINs citing increasing suspicious activity
Carbonite online backup accounts under password reuse attack
Update your buggy Samsung PC bloatware to plug privilege bug
Tuesday 14th June 2016 03:24 GMT
Re: Usefulness
crapware is to manufacturer bloatware
as possible low grade fertilizer is to agent orange defoliant.
Often never updated more than once or twice after installation, the best way of handling all that manufacturer junk is to remove it with extreme decontamination level set and hope that there's no residual breakdown poison remaining in your OS.
You've got a patch, you've got a patch ... almost every Android device has a patch
TeamViewer: So sorry we blamed you after your PC was hacked
Air-gapping SCADA systems won't help you, says man who knows
You've patched that Flash hole, but have the users? Phone's ringing. It's for you
Smut apps infecting Androids with long-gestation nasties
Flash zero day phished phoolish Microsoft Office users
Adobe...sigh...issues critical patch...sigh...for Flash Player zero day
Hackers' paradise: Outdated Internet Explorer, Flash installs in enterprises
Android's security patch quagmire probed by US watchdogs
Monday 9th May 2016 20:48 GMT
Funny how you don't have to buy cheap Android equipment either to be caught in the patch quagmire. It's abysmally bad all around. The "business" models my company paid for were promoted for their performance and support and cost a little bit more, but at 18 months were basically unsupported when it came to OS upgrades. And the companies with garbage support can be some of the mainstream types that tout their excellence in all other fields, until it comes down to Android.
Facebook bungs 10-year-old kid $10k to not 'eliminate' Justin Bieber
Google can't hold back this malware running riot in its Play store
Tuesday 26th April 2016 20:00 GMT
Intensely good news!!!
I've been told to quit whining about the lack of OS updates on the Samsung and HP abandonware that I stupidly bought because even though the last OS upgrade was a year and a half ago, I only had to worry if I had enabled downloading apps from anywhere else but the Google Store. Google Knows Best, serves out the very thing I was told by various Android FanBois that I didn't have to worry about as long as I didn't install from untrusted sources or root my tablet.
Net scum lock ancient Androids, force users to buy iTunes gift cards
FBI ends second iPhone fight after someone, um, 'remembers' the PIN
Exploit kit writers turn away from Java, go all-in on Adobe Flash
Tuesday 19th April 2016 16:06 GMT
It's time for a change...
start looking for HTML5 vulnerabilities, our cash cows, Java and Flash are being taken away from us.
Oh, and Apple's still recommending Quicktime installation despite the somewhat nebulous security warning from them about their abandonware.
Respectfully,
Grott E. Hacker
Idiot millennials are saving credit card PINs on their mobile phones
US-CERT advice says kill Quicktime for Windows, quickly
Monday 18th April 2016 05:24 GMT
Re: Next
As soon as Stooge Software, err, ahem, Sage stops pushing it for their Visual Workflows tripe.
Their SOP install for their Sage 100 product leaves the central server wide open for ransomware takedown. You'd think that Client Server meant that the client wouldn't run with enough rights on the server to directly access and modify files, oh, who am I kidding. Every workstation on the network should automatically have read/write access to the data table files, 'cause, you know, Crystal Reports... even though it's only server processes on the server that actually modify the files.
Swedish air controllers debunk cyber attack disruption theory
Saturday 16th April 2016 02:50 GMT
World War III will begin with various nations ramping up their weaponry to include all sorts of hypersonic warhead delivery systems, advanced cruise missiles and cyberwarfare initiatives.
The trigger will be a 10 thousand year solar event and an itchy, ill-educated button finger recently removed from scratching a well-fed upper class behind.
Symantec cloud portal goes titsup after database crash
Friday 15th April 2016 03:24 GMT
Re: Root Cause identified...
Oh, you mean that awesome computer performance enhancement tool? We used it company-wide in our Windows XP days to revitalize our network and get an extra year out of the workstations so we could afford our Windows 7 roll-out. Good to know it has other world improving uses!
Websites take control of USB devices: Googlers propose WebUSB API
WordPress pushes free default SSL for hosted sites
Read America's insane draft crypto-borking law that no one's willing to admit they wrote
Sunday 10th April 2016 19:43 GMT
require companies to either build a backdoor into their encryption systems or use an encryption method that can be broken by a third party
And by federal mandate, all federal, state and municipal entities, law enforcement military and intelligence and any other unspecified government entity must use said encryption systems and methods.
No governmental, commercial entity or person is above the law.
Adobe preps emergency Flash patch for bug hackers are exploiting
Android gets larger-than-usual patch bundle as researchers get to work
'Devastating' bug pops secure doors at airports, hospitals
Hacker reveals $40 attack that steals police drones from 2km away
Patch Java now, says Oracle. Leave the Easter chocolate until later
Thursday 24th March 2016 04:45 GMT
Thank goodness the only installation of Java I have runs on a VirtualBox VM used for the single purpose task of router management. It's been a pleasure stomping it out and not having to worry about the panicked upgrade cycle on the network for about a year now.
Adoobie Trash, Murdersloth SliverBlight been exorcised as well. Sigh...
Hackers giving up on crypto ransomware. Now they just lock up device, hope you pay
Cloud security harder than 'encrypt everything'
Tuesday 22nd March 2016 04:52 GMT
<quote>“So you decided to encrypt the giant database at rest – but you have automated queries coming in from other systems, all day."
“All those other systems have copies of the keys – you have copies of the keys all over the place. It's hardly any different to the data not being encrypted.”</quote>
Heh, the same argument as used against backdoors. All those keys sitting around just waiting to be extracted and exploited.
Apple stuns world with Donald Trump iPhone
Apple engineers rebel, refuse to work on iOS amid FBI iPhone battle
Friday 18th March 2016 20:00 GMT
Re: How unAmerican ...
Next time around, please put a joke alert on. While a good portion of Apples software engineering and hardware R&D might be done in the US, I'd like to see a list of who builds iPhones in the US. It's got to be a pretty short to non-existent list...
Also, last I heard, Taiwan hasn't been taken over by Mainland China yet... and that's where Foxconn is based so we have a mix of their Mainland China locations that are Communists waiting to be rebranded as Extreme Communists and Taiwanese who will laugh at you...
HTTPS is not enough: Boffins fingerprint user environments without cracking crypto
Thursday 17th March 2016 16:18 GMT
One of those...
This is a "no shit" type of finding. Yes, there is metadata that is used in the establishing of connections and outside of the encrypted connection that can be statistically and directly analyzed to identify the two stations exchanging information. We've known this all along unless we were hiding under a rock.
Biting the hand that feeds IT
