I hope that Apple changes the iOS App Store approval process to look for this insanely-dangerous BACKDOOR, and make the inclusion of that cause for instant REJECTION of the App.
I'm curious when exactly they changed their policy in the first place. Apple used to reject any application that tried to do anything like this.
And a fsckin security researcher to boot. I don't get it - What kind of secure world does he live in where you publish - and therefore do the legwork - for the very people you are supposed to be securing against?
Maybe the various AV companies can sue him for infringement of their methods patent on this.
I am a Netflix user. I could give a crap about what CBS/NBC/ABC have to offer...Netflix will have it eventually
Which means you do give a crap, or at least you should. For all that Netflix is, it doesn't actually produce a whole lot of content. It makes content produced by others available to you. If those other content producers go away and Netflix becomes the sole creator and provider, what happens then?
Additionally, the attacker can even check these credentials against the LastPass API, verify their accuracy, and even ask the user for the two-factor authentication code if this feature is turned on.
If everything is correct, and all the codes verify through, using the same LastPass API, an attacker can collect any data from the user's account he wants, including the password vault.
It was not the developer of Lucky7Coin that introduced this backdoor, or at least not the original developer. The heart of this attack was a social engineering. Lucky7Coin support had been abandoned. Someone else came along, claiming that they were taking over support for this particular altcoin. They even created a new github repo for it. As part of the initial commit though they introduced a backdoor. Cryptsy picked up the new version of the code and the rest is history.
What sets this case apart is that the accused IRS employee, Nakeisha Hall, was tasked specifically with helping people who had been affected by some kind of tax-related identity theft or fraud.
Of course this would be the way to do it. Any losses that Nakeisha generated could be attributed to the fraud that the taxpayer was already suffering. Probably masked the losses quite nicely, at least for a time.
Now that's an interesting test idea... Send out your own phishing E-mails and see who clicked on them..
Our InfoSec department tried doing that in house. It became quite a game among the programming staff to have the most fun with it. The phishing link went to an internal application that logged the information. The application was totally insecure and hilarity ensued.
If it looks like an Ask Slashdot post and it sounds like an Ask Slashdot post and smells like an Ask Slashdot post . . . then Timothy will probably not manage to post it in the Ask Slashdot section or in this case even identify it as such..
I'd guess it depends on the business, and the landlord may have such a provision while intending to waive it depending on the business. If I were a landlord, I'd be fine with a business that was reasonably quiet, not destructive, and which did not mean the tenant would admit customers to the building.
Except now the property is being used for purposes other than what it is zoned for and you can face some pretty hefty fines for willingly allowing that business to operate there.
A much more appropriate response would have been to verify that the customer was running a bittorrent with what looked like BMG content, and then gently remind them that their contract (almost certainly) prohibits operating servers using Cox residential internet service.
In the bittorrent protocol they aren't running a server, they're running a peer so the ISP can suck it..
It all started when I decided to use my old mobile phone (android) as a dash cam in February this year. At first I wrote a single app to record video footage from the road. It can store on average up to 3 days of footage that can be then sent to my home server over WIFI when I park my car in front of my house. In April, however, I also added a plate recognition subsystem. It performs surprisingly well for such a cheap solution. Now I can tag plate numbers and assign notifications for specific tags. For example I receive a sound notification when I am passing my boss/friends/work colleagues. I also have a separate group for people who I have seen driving badly before. It generates a warning sound whenever the camera spots them.:-]
Choosing a private key in ECC is no magic - you can pick any number, anything as long as its smaller than the order of the group you're working in - and its a valid private key
Finding curves with the correct properties was the key to getting ECC working. I worked on ECC some in the late 80's and randomly selected curves were completely useless.
Looks like they're selling it for only $8 now. The $8 price sounds more like a loss/break even deal so I'd guess it's costing them under $9.
I don't know about you, but I had an issue during checkout. My issue was that there wasn't one. They aren't selling anything yet at any price, just gathering email addresses and judging interest.
Slashdot Mirror
I hope that Apple changes the iOS App Store approval process to look for this insanely-dangerous BACKDOOR, and make the inclusion of that cause for instant REJECTION of the App.
I'm curious when exactly they changed their policy in the first place. Apple used to reject any application that tried to do anything like this.
There is no downside to either police or Vigilant to falsely list someone
I would think that you could sue the company for libel.
And a fsckin security researcher to boot. I don't get it - What kind of secure world does he live in where you publish - and therefore do the legwork - for the very people you are supposed to be securing against?
Maybe the various AV companies can sue him for infringement of their methods patent on this.
So, is it a crime or isn't it? I don't know of another crime that it is OK to "perform" if you're "the good guy"...
Doesn't law enforcement sell drugs as part of various sting operations? Don't they do the same with weapons?
I am a Netflix user. I could give a crap about what CBS/NBC/ABC have to offer...Netflix will have it eventually
Which means you do give a crap, or at least you should. For all that Netflix is, it doesn't actually produce a whole lot of content. It makes content produced by others available to you. If those other content producers go away and Netflix becomes the sole creator and provider, what happens then?
If they really want the traffic numbers, they can get them from Comcast and other cable networks
How does Comcast know what shows I'm watching on Netflix?
Unless the user has 2FA enabled.....
From TFA:
Attacker can intercept 2FA codes
Additionally, the attacker can even check these credentials against the LastPass API, verify their accuracy, and even ask the user for the two-factor authentication code if this feature is turned on.
If everything is correct, and all the codes verify through, using the same LastPass API, an attacker can collect any data from the user's account he wants, including the password vault.
Yes, rakes are labor intensive but yet I see all these people with leaf blowers which seems to simply move the leaves from one place to another
Isn't that what a rake does too?
It was not the developer of Lucky7Coin that introduced this backdoor, or at least not the original developer. The heart of this attack was a social engineering. Lucky7Coin support had been abandoned. Someone else came along, claiming that they were taking over support for this particular altcoin. They even created a new github repo for it. As part of the initial commit though they introduced a backdoor. Cryptsy picked up the new version of the code and the rest is history.
The irony of an article on a Gawker site discussing the lack of quality in journalism should not be lost in all this.
Posted by timothy on Tuesday January 12, 2016
Ah, that explains it.
What sets this case apart is that the accused IRS employee, Nakeisha Hall, was tasked specifically with helping people who had been affected by some kind of tax-related identity theft or fraud.
Of course this would be the way to do it. Any losses that Nakeisha generated could be attributed to the fraud that the taxpayer was already suffering. Probably masked the losses quite nicely, at least for a time.
A wall is a boundary...
But not all boundaries are walls...
Because "Posted by timothy on Saturday ..."
They were flying to Los Angeles on a trip to visit Disneyworld.
Looks like they were just trying to save the family a little trouble since Disneyworld is located in Florida.
Now that's an interesting test idea... Send out your own phishing E-mails and see who clicked on them..
Our InfoSec department tried doing that in house. It became quite a game among the programming staff to have the most fun with it. The phishing link went to an internal application that logged the information. The application was totally insecure and hilarity ensued.
If it looks like an Ask Slashdot post and it sounds like an Ask Slashdot post and smells like an Ask Slashdot post . . . then Timothy will probably not manage to post it in the Ask Slashdot section or in this case even identify it as such..
I'd guess it depends on the business, and the landlord may have such a provision while intending to waive it depending on the business. If I were a landlord, I'd be fine with a business that was reasonably quiet, not destructive, and which did not mean the tenant would admit customers to the building.
Except now the property is being used for purposes other than what it is zoned for and you can face some pretty hefty fines for willingly allowing that business to operate there.
A much more appropriate response would have been to verify that the customer was running a bittorrent with what looked like BMG content, and then gently remind them that their contract (almost certainly) prohibits operating servers using Cox residential internet service.
In the bittorrent protocol they aren't running a server, they're running a peer so the ISP can suck it..
It all started when I decided to use my old mobile phone (android) as a dash cam in February this year. At first I wrote a single app to record video footage from the road. It can store on average up to 3 days of footage that can be then sent to my home server over WIFI when I park my car in front of my house. In April, however, I also added a plate recognition subsystem. It performs surprisingly well for such a cheap solution. Now I can tag plate numbers and assign notifications for specific tags. For example I receive a sound notification when I am passing my boss/friends/work colleagues. I also have a separate group for people who I have seen driving badly before. It generates a warning sound whenever the camera spots them. :-]
Nice. Is it open source somewhere?
Choosing a private key in ECC is no magic - you can pick any number, anything as long as its smaller than the order of the group you're working in - and its a valid private key
Finding curves with the correct properties was the key to getting ECC working. I worked on ECC some in the late 80's and randomly selected curves were completely useless.
the current practice of corporations being legally required to act in the best interests of shareholders only
Citation needed please. What law requires this?
The ransomware gets its name from the fact that the "DecryptorMax" string is found in multiple places inside its source code.
They distributed the source code with the ransomware? I'll bet that was handy when it came to reverse engineering it.
Looks like they're selling it for only $8 now. The $8 price sounds more like a loss/break even deal so I'd guess it's costing them under $9.
I don't know about you, but I had an issue during checkout. My issue was that there wasn't one. They aren't selling anything yet at any price, just gathering email addresses and judging interest.
This is why I use the editor's name when I sign up for such things.