You can stop your bragging now, since it's clear no amount of security can detect or prevent that insider threat.
You may not be aware of it, but just a few decades ago it was common (legal) practice for banks to openly sell insider information to their clients. It was also perfectly normal for a bank to have no liquidity whatsoever, and to simply go bust if their investments went bad. And not so long ago, it was also common practice for CEO and CFO to report their "expected" revenue as if it was real or to move losses off the balance sheet. Guess what, for all of these things you can go to jail now.
Are things perfect? Not at all. Just google "Carmen Segarra" to see the extent of the complacency in the federal banking system.
Things evolve. Not fast, but they do evolve. And this has nothing to do with network security.
What you describe sounds like the mid 2000s to me, but still. Just for fun, get that MITM running on the banking app of a decent bank, and then try to do many transactions. You'll quickly understand the security features.
See, this is a side of the industry people don't get. It took the credit card companies almost two decades to start slowly rolling out chips. You know why? Because the odds of a massive fraud versus the cost of implementing those features were not computing in the actuaries spreadsheets.
Same goes for banking. There's this weakness on the network: the end user. Option 1: you force them to have military-grade security policies and annoy the hell out of them. Option 2: you slowly evolve as a laggard on the security adoption curve and in the meantime you mitigate the risk by making the other end smart enough to spot and terminante major breaches.
This said, you'll always find banks with idiotic systems in place, but that's not the norm, that's the exception.
Banks have had a culture of secrecy and security long before the tech equipment we use today was even thought of let alone deployed.
Totally agree. For instance I remember years ago, a client of mine had a policy of wiping printers memory before junking them, in case confidential documents were still in memory. That's not high tech but that shows how those people think.
I agree, but please keep in mind that there is more to Tor exploits than this one. For instance:
The hacker group appears to be attempting to dominate Tor's relays to the point where it can comprise anonymity. Tor keeps you anonymous by bouncing your communications around a network of volunteer nodes. But if one group is controlling the majority of the nodes, it could be able to eavesdrop on a substantial number of vulnerable users. Which means Lizard Squad could gain the power to track Tor users if it infiltrates enough of the network. So far, they have already established over 3000 relays, nearly half of the total number. That's very not good.
Bullshit. I have worked for three banks and they all had the best IT security money can buy. One of my current clients has a core switch that's worth more than your house, it's crammed with IDS and IPS modules and whatnot.
I bet that on the customer side, the requirements for online banking required Java, a dead browser plugin from a dead company, which has been known to be insecure at least since 2004. And probably required it to be running on an old insecure version of Internet Explorer too.
No, but one of them had an interesting password policy for eBanking: 5 characters (exactly), only numbers and letters. To be fair they had a decent MFA but still. The reason? Make the password phone-friendly so people could use the same when dialing in.
While Sprint may see VoIP patent licensing and lawsuits as a profit center, it isn't clear that the company has any particularly special role in the history of VoIP, which was moved ahead by many companies at around the same time. The multiple patent lawsuits against Vonage can be seen as a kind of loser's lament, with incumbent phone companies seeking to hinder Vonage, the first company to really be successful with the marketing and service ends of VoIP.
A system is only a good as i.t engineers set it up to be,it can have every bell and whistle possible,but if someone does something wrong or stupid,then possibly all the bells and whistles etc are no use..
When it comes to high-end hardware, be it storage or networking, the vendor sends its own team to install and configure the device, and keeps monitoring and patching it. And guess what, that's what they do for a living and they're usually very good at it.
Horror stories can and do happen. I've seen IBM wiping out huge SAN subsystems by mistake during an upgrade, or an HP engineer tripping on a power bar and pulling out a handful of optical fibers, disrupting networks in a whole building.
What I have never seen or heard about is someone putting a misconfigured 1/2 million dollar core switch in production and nobody noticing the problem. Could it happen? Maybe. But that's not "typical".
Government Agencies? Banks? really? since when the fuck did they start using Tor for Business?
Since never. This was complete bullshit coming from someone with obviously no experience in this industry.
Blockchain is getting traction in big business. It's even available on the IBM cloud platform (Bluemix). But this has nothing to do with Tor; for secure networking IBM is working on their own protected network, which will be similar to good old VAN for EDI.
Bank infrastructure is typically less secure than Tor.
Bullshit. I have worked for three banks and they all had the best IT security money can buy. One of my current clients has a core switch that's worth more than your house, it's crammed with IDS and IPS modules and whatnot.
Meanwhile Tor has been the source of many incidents, especially once people started putting up fake nodes.
You can glue an Apple logo on it and nobody at Starbucks will be able to tell that it's not a Macbook, as long as you pick blurry fonts and remember not to maximize windows.
Yes. Those who sign that should be considered informed and neutral in the context of Facebook employees, given a spectrum that starts with "anti-Trump" and ends with "supporters of violent anti-Trump demonstrations and opposed to democracy if it means Trump can get elected".
Really, they're going to use Snopes as a reference? Then why not add a source, such as "Disputed by Ann Coulter's blog" or "Disputed by the GNAA on Slashdot.org".
What they need is another tag: "biased". Because often news on right or left media outlets are not exactly fake, but they're presented in a way that favors a political view.
So what you're proposing is a worldwide police state where countries and/or people who don't follow your vision are punished. Sounds like dictatorship to me, minus the positive aspects like less money spent on elections.
Slashdot Mirror
You can stop your bragging now, since it's clear no amount of security can detect or prevent that insider threat.
You may not be aware of it, but just a few decades ago it was common (legal) practice for banks to openly sell insider information to their clients. It was also perfectly normal for a bank to have no liquidity whatsoever, and to simply go bust if their investments went bad. And not so long ago, it was also common practice for CEO and CFO to report their "expected" revenue as if it was real or to move losses off the balance sheet. Guess what, for all of these things you can go to jail now.
Are things perfect? Not at all. Just google "Carmen Segarra" to see the extent of the complacency in the federal banking system.
Things evolve. Not fast, but they do evolve. And this has nothing to do with network security.
What you describe sounds like the mid 2000s to me, but still. Just for fun, get that MITM running on the banking app of a decent bank, and then try to do many transactions. You'll quickly understand the security features.
See, this is a side of the industry people don't get. It took the credit card companies almost two decades to start slowly rolling out chips. You know why? Because the odds of a massive fraud versus the cost of implementing those features were not computing in the actuaries spreadsheets.
Same goes for banking. There's this weakness on the network: the end user. Option 1: you force them to have military-grade security policies and annoy the hell out of them. Option 2: you slowly evolve as a laggard on the security adoption curve and in the meantime you mitigate the risk by making the other end smart enough to spot and terminante major breaches.
This said, you'll always find banks with idiotic systems in place, but that's not the norm, that's the exception.
Banks have had a culture of secrecy and security long before the tech equipment we use today was even thought of let alone deployed.
Totally agree. For instance I remember years ago, a client of mine had a policy of wiping printers memory before junking them, in case confidential documents were still in memory. That's not high tech but that shows how those people think.
I agree, but please keep in mind that there is more to Tor exploits than this one. For instance:
The hacker group appears to be attempting to dominate Tor's relays to the point where it can comprise anonymity. Tor keeps you anonymous by bouncing your communications around a network of volunteer nodes. But if one group is controlling the majority of the nodes, it could be able to eavesdrop on a substantial number of vulnerable users. Which means Lizard Squad could gain the power to track Tor users if it infiltrates enough of the network.
So far, they have already established over 3000 relays, nearly half of the total number. That's very not good.
https://pando.com/2014/12/26/i...
Bullshit. I have worked for three banks and they all had the best IT security money can buy. One of my current clients has a core switch that's worth more than your house, it's crammed with IDS and IPS modules and whatnot.
I bet that on the customer side, the requirements for online banking required Java, a dead browser plugin from a dead company, which has been known to be insecure at least since 2004. And probably required it to be running on an old insecure version of Internet Explorer too.
No, but one of them had an interesting password policy for eBanking: 5 characters (exactly), only numbers and letters. To be fair they had a decent MFA but still. The reason? Make the password phone-friendly so people could use the same when dialing in.
from the linked article:
While Sprint may see VoIP patent licensing and lawsuits as a profit center, it isn't clear that the company has any particularly special role in the history of VoIP, which was moved ahead by many companies at around the same time. The multiple patent lawsuits against Vonage can be seen as a kind of loser's lament, with incumbent phone companies seeking to hinder Vonage, the first company to really be successful with the marketing and service ends of VoIP.
A system is only a good as i.t engineers set it up to be,it can have every bell and whistle possible,but if someone does something wrong or stupid,then possibly all the bells and whistles etc are no use..
When it comes to high-end hardware, be it storage or networking, the vendor sends its own team to install and configure the device, and keeps monitoring and patching it. And guess what, that's what they do for a living and they're usually very good at it.
Horror stories can and do happen. I've seen IBM wiping out huge SAN subsystems by mistake during an upgrade, or an HP engineer tripping on a power bar and pulling out a handful of optical fibers, disrupting networks in a whole building.
What I have never seen or heard about is someone putting a misconfigured 1/2 million dollar core switch in production and nobody noticing the problem. Could it happen? Maybe. But that's not "typical".
Don't get your panties in a bunch. The point is not about blaming people, the point is that Tor is not more secure than a typical bank infrastructure.
Government Agencies? Banks? really? since when the fuck did they start using Tor for Business?
Since never. This was complete bullshit coming from someone with obviously no experience in this industry.
Blockchain is getting traction in big business. It's even available on the IBM cloud platform (Bluemix). But this has nothing to do with Tor; for secure networking IBM is working on their own protected network, which will be similar to good old VAN for EDI.
Bank infrastructure is typically less secure than Tor.
Bullshit. I have worked for three banks and they all had the best IT security money can buy. One of my current clients has a core switch that's worth more than your house, it's crammed with IDS and IPS modules and whatnot.
Meanwhile Tor has been the source of many incidents, especially once people started putting up fake nodes.
Where is the breakthrough here?
You can glue an Apple logo on it and nobody at Starbucks will be able to tell that it's not a Macbook, as long as you pick blurry fonts and remember not to maximize windows.
2017 and still solving the same fucking problems for the last 10 years
This is not true at all. Now with systemd there's a whole new set of problems.
fundamentally corrupt and having a track record of lying, cheating, stealing and generally acting like an angry 6 year old.
Wait, are you talking about Clinton or Trump? Because that basically applies to both.
No, "expresso" is a trigger for cunts.
So at 57 you're watching a show about pre-teen schoolgirls prancing around in sexy outfits, and you're the one ashamed of humanity?
https://www.reddit.com/r/Chrom...
Lynx. It doesn't have to deal with all those bandwidth intensive graphics.
That's why I always use data URI in my web pages instead of images. You don't have to look at my graphics, but you're gonna download them anyways.
Please stop with those analogies. They don't work.
why don't you go 20 years in the past and fix it?
yaml uses 2 spaces for indents.
Maybe tab should be 1 space, then everyone would be happy.
You're such a party pooper. Can't you let suicidal people dream a bit?
Yes. Those who sign that should be considered informed and neutral in the context of Facebook employees, given a spectrum that starts with "anti-Trump" and ends with "supporters of violent anti-Trump demonstrations and opposed to democracy if it means Trump can get elected".
Really, they're going to use Snopes as a reference? Then why not add a source, such as "Disputed by Ann Coulter's blog" or "Disputed by the GNAA on Slashdot.org".
What they need is another tag: "biased". Because often news on right or left media outlets are not exactly fake, but they're presented in a way that favors a political view.
So what you're proposing is a worldwide police state where countries and/or people who don't follow your vision are punished. Sounds like dictatorship to me, minus the positive aspects like less money spent on elections.