Security

[ed]

I contend that there is no security for anything that is connected to the net. There I said it. Is this paranoid rambluing? Maybe yes. Maybe no.

Why couldn't the government demand that microsoft program back doors into everything they sell? Why no dammit!!!

And what about this internetthing... can't the government shut it down? And what about cloud computing? What the fuck is up with that? Thats like inviting Joe Biden into your house.

So? Answer me that if you can!!?!11

[Grammatron]

You should buy a gun or two, you will feel safer.

[ed]

Don't patronize me, this is serious.

Do you really feel secure?

[Grammatron]

Don't patronize me, this is serious.

Do you really feel secure?

Not unless I have a canon near me.

[Rob Lister]

Don't patronize me, this is serious.

Do you really feel secure?

Not unless I have a canon near me.

A camera is not going to help. 8)

[Mentat]

No need to worry, we still have Obama to blame when a security breach is found.

[Rob Lister]

No need to worry, we still have Obama to blame when a security breach is found.

Obama took credit for the last big one. Is your memory failing? I mean, I can post a link if you like.

[Cool Hand]

No need to worry, we still have Obama to blame when a security breach is found.

Obama took credit for the last big one. Is your memory failing? I mean, I can post a link if you like.

Just be sure that the link has a Trojan horse and a worm or two. K thx.

CH

[ed]

I am watching the debate: Obama winked at me :shock:

[grayman]

Security:

http://www.sheerdeterminationracing.com ... /awake.jpg

[DrMatt]

I know my life has been twisted by the Internet because whenever somebody says or writes "Science!" I immediately picture a test-tube dancing to stupid music.

[gnome]

I picture Magnus Pyke from the Thomas Dolby video... who I just discovered was something of a Bill Nye of his time. (Magnus, that is). I'm thinking new avatar...

[gnome]

Found this one...

[Witness]

Long, wordy article, so excerpt:

The Full Story of the Stunning RSA Hack Can Finally Be Told

In 2011, Chinese spies stole the crown jewels of cybersecurity—stripping protections from firms and government agencies worldwide. Here’s how it happened.

...

RSA kept those seeds on a single, well-protected server, which the company called the “seed warehouse.” They served as a crucial ingredient in one of RSA's core products: SecurID tokens—little fobs you carried in a pocket and pulled out to prove your identity by entering the six-digit codes that were constantly updated on the fob's screen. If someone could steal the seed values stored in that warehouse, they could potentially clone those SecurID tokens and silently break the two-factor authentication they offered, allowing hackers to instantly bypass that security system anywhere in the world, accessing anything from bank accounts to national security secrets.

Now, staring at the network logs on his screen, it looked to Leetham like these keys to RSA’s global kingdom had already been stolen.

https://www.wired.com/story/the-full-st ... y-be-told/ for all of it.

[Pyrrho]

https://krebsonsecurity.com/2021/11/hoa ... i-website/

The Federal Bureau of Investigation (FBI) confirmed today that its fbi.gov domain name and Internet address were used to blast out thousands of fake emails about a cybercrime investigation. According to an interview with the person who claimed responsibility for the hoax, the spam messages were sent by abusing insecure code in an FBI online portal designed to share information with state and local law enforcement authorities.

:freedom:

[Pyrrho]

https://twitter.com/kevincollier/status ... 8765845504

[Pyrrho]

Was asked to export a database we had set up for a client. Now, that account and project was closed in December 2020. Had given the client the login credentials for the server and deleted our service accounts. I told our team that I couldn't do the download because it is unethical. I did check and the client has not changed the server account password.

<Insert classic line from Kurosawa epic here.>

[ed]

I contend that there is no security for anything that is connected to the net. There I said it. Is this paranoid rambluing? Maybe yes. Maybe no.

Why couldn't the government demand that microsoft program back doors into everything they sell? Why no dammit!!!

And what about this internetthing... can't the government shut it down? And what about cloud computing? What the fuck is up with that? Thats like inviting Joe Biden into your house.

So? Answer me that if you can!!?!11

N.B. pROOF OF THE PARANORMAL.

[ed]

I recall getting into an argument with some dumbfuck about the interwebs. I contended that a government could shut it down. He said "no, impossible".

I realize now that, while I may have been correct, my position was hopelessly naïve. A government would not be served by shutting it down, the right thing to do would be to monitor everything. Then you know who to watch/liquidate. In fact, they ought to entrap.

Live and learn.

[post-skeptic]

Man In the Middle is how the spooks get to you still. Rosenstein was still a "van full of people" type of guy in the reports.

See, one of the reasons you don't want Google or Amazon branded products as your router is that they are complicit with the FBI/CIA. Your data and privacy in their ecosystems are non-existent.

You want to disable all Amazon Alexa or Google Home listening devices in your home.Their network devices I would replace with ASUS kit. You will hear people drone on about Ubiquity, but ASUS is fine. You can sideload open source firmware on it too if you don't trust the vendor firmware to not have backdoors. You can scan your home network from the internet to see if there are listening ports. Close them.

Run your ASUS (or other) router with no incoming ports open at all and UPNP disabled. Use a VPN to access sites you don't want snooped at the Telco provider. If the feds want to monitor your shit then, they have to come out in a VAN and re-route your internet from your home through a device nearby as a Man in the Middle attack to snoop your traffic. If they do this, the VPN still protects your session although they will see the destination traffic for Canada or Switzerland or wherever.

We now live in a society where you should be operating with zero trust of the government. We always did, but now the stakes with the march of Democrat Socialists, the gulags in Australia, forced medical procedures, and the general morphing of Progressivism into Nazism; you need to protect your shit.

For the record, I've worked in cybersecurity in some capacity since 1997. I have code in the Linux kernel and wrote the SSL patches for the m68k code for Mozilla. I know a thing or two about this field.

[Pyrrho]

Why I don't use code from GIT

The Verge: Open source developer corrupts widely-used libraries, affecting tons of projects.
https://www.theverge.com/2022/1/9/22874 ... s-affected

[Pyrrho]

https://blog.avast.com/malicious-qr-cod ... stin-avast

As the Covid-19 pandemic made people hesitant to touch most surfaces in early 2020, QR codes started popping up everywhere. They’ve become even more ubiquitous over the past year and a half, showing up on everything from restaurant menus to mobile check-ins to supermarket displays. And now, according to a report from the City of Austin, fraudulent QR codes have been found on more than two dozen parking pay stations across the city.

[Pyrrho]

Link: https://twitter.com/briankrebs/status/1483852269510610946

Article with a 'splainer:

https://krebsonsecurity.com/2022/01/irs ... ne-access/

[ed]

If you don't know her shame on you.
https://i.imgur.com/6XMOHnQ.png

[Doctor X]

Fortunately we still have mail.

– J.D.

[Pyrrho]

https://twitter.com/CaseyNewton/status/ ... 6101357574

[Pyrrho]

https://twitter.com/amateuradam/status/ ... 4900197388

[Doctor X]

That copy of Justine is somewhat surprising.

– J.D.

[Hotarubi]

https://twitter.com/amateuradam/status/ ... 4900197388

I would have thought that Brenda would stop having having red boxes after Phil the Greek popped his clogs.

Hold onto that image.



























It's not going away, is it?

[Pyrrho]

Link: https://twitter.com/pluggedinn/status/1495246939838840840

[Doctor X]

So the are . . . not . . . non-fungible?

– J.D.

[Pyrrho]

There are some epic replies.