Security

The war between wetware and hardware.
ed
Posts: 41488
Joined: Tue Jun 08, 2004 11:52 pm
Title: G_D

Security

Post by ed »

I contend that there is no security for anything that is connected to the net. There I said it. Is this paranoid rambluing? Maybe yes. Maybe no.

Why couldn't the government demand that microsoft program back doors into everything they sell? Why no dammit!!!

And what about this internetthing... can't the government shut it down? And what about cloud computing? What the fuck is up with that? Thats like inviting Joe Biden into your house.

So? Answer me that if you can!!?!11
Grammatron
Posts: 36779
Joined: Tue Jun 08, 2004 1:21 am
Location: Los Angeles, CA

Re: Security

Post by Grammatron »

You should buy a gun or two, you will feel safer.
ed
Posts: 41488
Joined: Tue Jun 08, 2004 11:52 pm
Title: G_D

Re: Security

Post by ed »

Don't patronize me, this is serious.

Do you really feel secure?
Grammatron
Posts: 36779
Joined: Tue Jun 08, 2004 1:21 am
Location: Los Angeles, CA

Re: Security

Post by Grammatron »

ed wrote:Don't patronize me, this is serious.

Do you really feel secure?
Not unless I have a canon near me.
Rob Lister
Posts: 23535
Joined: Sun Jul 18, 2004 7:15 pm
Title: Incipient toppler
Location: Swimming in Lake Ed

Re: Security

Post by Rob Lister »

Grammatron wrote:
ed wrote:Don't patronize me, this is serious.

Do you really feel secure?
Not unless I have a canon near me.
A camera is not going to help. 8)
Mentat
Posts: 10271
Joined: Tue Nov 13, 2007 11:00 pm
Location: Hangar 18

Re: Security

Post by Mentat »

No need to worry, we still have Obama to blame when a security breach is found.
Rob Lister
Posts: 23535
Joined: Sun Jul 18, 2004 7:15 pm
Title: Incipient toppler
Location: Swimming in Lake Ed

Re: Security

Post by Rob Lister »

Mentat wrote:No need to worry, we still have Obama to blame when a security breach is found.
Obama took credit for the last big one. Is your memory failing? I mean, I can post a link if you like.
Cool Hand
Posts: 10000
Joined: Sun Jun 06, 2004 4:09 pm
Location: Earning my avatar in the rain

Re: Security

Post by Cool Hand »

Rob Lister wrote:
Mentat wrote:No need to worry, we still have Obama to blame when a security breach is found.
Obama took credit for the last big one. Is your memory failing? I mean, I can post a link if you like.
Just be sure that the link has a Trojan horse and a worm or two. K thx.

CH
ed
Posts: 41488
Joined: Tue Jun 08, 2004 11:52 pm
Title: G_D

Re: Security

Post by ed »

I am watching the debate: Obama winked at me :shock:
grayman
Posts: 5773
Joined: Sun Feb 11, 2007 3:43 am
Location: A little further north.

Re: Security

Post by grayman »

Security:

http://www.sheerdeterminationracing.com ... /awake.jpg
DrMatt
BANNED
Posts: 29811
Joined: Fri Jul 16, 2004 4:00 pm
Location: Location: Location!

Re: Security

Post by DrMatt »

I know my life has been twisted by the Internet because whenever somebody says or writes "Science!" I immediately picture a test-tube dancing to stupid music.
gnome
Posts: 25954
Joined: Tue Jun 29, 2004 12:40 am
Location: New Port Richey, FL

Re: Security

Post by gnome »

I picture Magnus Pyke from the Thomas Dolby video... who I just discovered was something of a Bill Nye of his time. (Magnus, that is). I'm thinking new avatar...
gnome
Posts: 25954
Joined: Tue Jun 29, 2004 12:40 am
Location: New Port Richey, FL

Re: Security

Post by gnome »

Found this one...
Witness
Posts: 35689
Joined: Thu Sep 19, 2013 5:50 pm

Re: Security

Post by Witness »

Long, wordy article, so excerpt:

The Full Story of the Stunning RSA Hack Can Finally Be Told

In 2011, Chinese spies stole the crown jewels of cybersecurity—stripping protections from firms and government agencies worldwide. Here’s how it happened.

...

RSA kept those seeds on a single, well-protected server, which the company called the “seed warehouse.” They served as a crucial ingredient in one of RSA's core products: SecurID tokens—little fobs you carried in a pocket and pulled out to prove your identity by entering the six-digit codes that were constantly updated on the fob's screen. If someone could steal the seed values stored in that warehouse, they could potentially clone those SecurID tokens and silently break the two-factor authentication they offered, allowing hackers to instantly bypass that security system anywhere in the world, accessing anything from bank accounts to national security secrets.

Now, staring at the network logs on his screen, it looked to Leetham like these keys to RSA’s global kingdom had already been stolen.
https://www.wired.com/story/the-full-st ... y-be-told/ for all of it.
Pyrrho
Posts: 32020
Joined: Sat Jun 05, 2004 2:17 am
Title: Man in Black
Location: Division 6

Re: Security

Post by Pyrrho »

https://krebsonsecurity.com/2021/11/hoa ... i-website/
The Federal Bureau of Investigation (FBI) confirmed today that its fbi.gov domain name and Internet address were used to blast out thousands of fake emails about a cybercrime investigation. According to an interview with the person who claimed responsibility for the hoax, the spam messages were sent by abusing insecure code in an FBI online portal designed to share information with state and local law enforcement authorities.
:freedom:
Pyrrho
Posts: 32020
Joined: Sat Jun 05, 2004 2:17 am
Title: Man in Black
Location: Division 6

Re: Security

Post by Pyrrho »

Pyrrho
Posts: 32020
Joined: Sat Jun 05, 2004 2:17 am
Title: Man in Black
Location: Division 6

Re: Security

Post by Pyrrho »

Was asked to export a database we had set up for a client. Now, that account and project was closed in December 2020. Had given the client the login credentials for the server and deleted our service accounts. I told our team that I couldn't do the download because it is unethical. I did check and the client has not changed the server account password.

<Insert classic line from Kurosawa epic here.>
ed
Posts: 41488
Joined: Tue Jun 08, 2004 11:52 pm
Title: G_D

Re: Security

Post by ed »

ed wrote: Tue Oct 16, 2012 6:44 pm I contend that there is no security for anything that is connected to the net. There I said it. Is this paranoid rambluing? Maybe yes. Maybe no.

Why couldn't the government demand that microsoft program back doors into everything they sell? Why no dammit!!!

And what about this internetthing... can't the government shut it down? And what about cloud computing? What the fuck is up with that? Thats like inviting Joe Biden into your house.

So? Answer me that if you can!!?!11
N.B. pROOF OF THE PARANORMAL.
ed
Posts: 41488
Joined: Tue Jun 08, 2004 11:52 pm
Title: G_D

Re: Security

Post by ed »

I recall getting into an argument with some dumbfuck about the interwebs. I contended that a government could shut it down. He said "no, impossible".

I realize now that, while I may have been correct, my position was hopelessly naïve. A government would not be served by shutting it down, the right thing to do would be to monitor everything. Then you know who to watch/liquidate. In fact, they ought to entrap.

Live and learn.
post-skeptic
Posts: 2872
Joined: Mon May 31, 2021 6:07 pm

Re: Security

Post by post-skeptic »

Man In the Middle is how the spooks get to you still. Rosenstein was still a "van full of people" type of guy in the reports.

See, one of the reasons you don't want Google or Amazon branded products as your router is that they are complicit with the FBI/CIA. Your data and privacy in their ecosystems are non-existent.

You want to disable all Amazon Alexa or Google Home listening devices in your home.Their network devices I would replace with ASUS kit. You will hear people drone on about Ubiquity, but ASUS is fine. You can sideload open source firmware on it too if you don't trust the vendor firmware to not have backdoors. You can scan your home network from the internet to see if there are listening ports. Close them.

Run your ASUS (or other) router with no incoming ports open at all and UPNP disabled. Use a VPN to access sites you don't want snooped at the Telco provider. If the feds want to monitor your shit then, they have to come out in a VAN and re-route your internet from your home through a device nearby as a Man in the Middle attack to snoop your traffic. If they do this, the VPN still protects your session although they will see the destination traffic for Canada or Switzerland or wherever.

We now live in a society where you should be operating with zero trust of the government. We always did, but now the stakes with the march of Democrat Socialists, the gulags in Australia, forced medical procedures, and the general morphing of Progressivism into Nazism; you need to protect your shit.

For the record, I've worked in cybersecurity in some capacity since 1997. I have code in the Linux kernel and wrote the SSL patches for the m68k code for Mozilla. I know a thing or two about this field.