Recent Comments


Note: new comments may take a few minutes to appear on this page.

January 17, 2022 7:55 PM

John Kahler on An Examination of the Bug Bounty Marketplace :

@Clive Robinson
It’s now owened by that Swedish Flat-Pack furniture purveyor “Ikea” who I’m often told –mainly by women– make impossible to assemble kits

I always heard that the English translation of Ikea is “How does this f’ing thing go together?”

January 17, 2022 7:38 PM

Warren on An Examination of the Bug Bounty Marketplace :

Seems like software companies should recognize that it’s in their best intest to treat hackers a little better when they find and report bugs in a responsible manner. If they aren’t treated well, there are other, darker ways they could monetize their skills. Oops! … Is this already happening?

January 17, 2022 7:11 PM

JonKnowsNothing on Friday Squid Blogging: The Evolution of Squid Eyes :

@SpaceLifeForm, @John, @ALL

re: Boot from CD-R Or punch cards, or yellow paper tape.

Ah… the old punch tape trick… Do we get a spindle with that?

Not sure the CD-R is that good.

iirc(badly) there were some that were dual use but marked (1W RO). Others were session gated, with 1WRO+1Session then disk locked and others were 1WRO multi-session until the CD was full.

A lot depended on the CD drive too...

January 17, 2022 5:37 PM

SpaceLifeForm on Friday Squid Blogging: The Evolution of Squid Eyes :

@ Clive

re: “raw” access

Thanks for the refresh. Yes, it was a setup thing. I forgot because while I had root, I had a sysadmin that dealt with initial setup. I had root because basically I was the backup sysadmin, and if there was a problem, and my sysadmin was not around, I could fix the problem.

Was pretty rare that I needed to do so once we got our processes and procedures in place. Even then, stuff can break. And when that happened, fun times. It rarely was ever a simple fix. But, sometimes there was a quick and dirty work-around...

January 17, 2022 5:29 PM

Ted on An Examination of the Bug Bounty Marketplace :

@Erdem Memisyazici

NCA’s ‘rehab’ program to divert young criminally-leaning hackers to more constructive paths sounds like a good investment. I wonder how it’s turned out. Moving those curious minds to areas like forensic analysis and pen testing seem like better long-term strategies for everyone involved.

From the report it does sound like bug bounty hackers can still find themselves in unmarked legal territory. The authors mention a website ...

January 17, 2022 4:54 PM

JonKnowsNothing on More Russian Cyber Operations against Ukraine :

@Winter

re: Group A v Group B

Just to clarify: these are groupings of people with similar ideas. They are not necessarily a “reality”.

RL anecdote tl;dr

In the USA, in the Big Sky State, the Big Cheese Governor called the People of Montana “lazy”. He said the People of Montana were lazy because, as you have indicated, they did not want to get sick, potentially go to hospital, potentially die, to work for cheap wages...

January 17, 2022 2:27 PM

Clive Robinson on Friday Squid Blogging: The Evolution of Squid Eyes :

@ JonKnowsNothing,

Sars-Cov-2 loses 90% of its ability to infect within 20 minutes of becoming airborne.

So if my brain is working, a “halflife” of around 6mins 15secs…

With aproximately one sixth the viral load of Delta needed. The first order outdoor increase in distance is between 1.82 to 2.45 times[1]. Or as others prefer to say 80% to 150% increase as it sounds less scary…

Which as the limit was 7.8m/26ft it is now 14-19m / 47-64ft range… That’s greater than quite a few streets/paths are wide…...

January 17, 2022 1:57 PM

Clive Robinson on An Examination of the Bug Bounty Marketplace :

@ Jon, ALL,

So, Task Rabbit has been weaponized?

So it would at first sight appear.

But whilst,

“Task Rabbit”[1] is seen as “home help on a leash” it has a darker side.

Which with much of the work starting at the “Humpers and dumpers” of “White-Van with man” through basic “DIY4U”, it is to many a glorified “Card in the shop window” system. That is you are paying for physical labour with low or semi-trade skills doing physical tasks in a predictable way...

January 17, 2022 1:06 PM

Winter on More Russian Cyber Operations against Ukraine :

@Jonknows
“Be mindful that “what people want” is not necessarily what any other person wants. Nearly all countries are divided between 2 ancient concepts.”

I disagree with your reasoning. In general, people are not “lazy”. People are only called lazy when they refuse to work hard for the benefits of others.

People work when they expect a personal benefit. People have a time deduction of future benefits that relates to 1) character and 2) the feeling of security. 1) is exemplified by the marshmallow test, 2) relates to how convinced a person is s/he will be able to enjoy the fruits of her/his labors. Being unable to plan ahead over long times is not “laziness” but a limitation that has nothing to do with morality...

January 17, 2022 12:07 PM

JonKnowsNothing on More Russian Cyber Operations against Ukraine :

@Winter, @Deki, @All

re: what the people actually want

Be mindful that “what people want” is not necessarily what any other person wants. Nearly all countries are divided between 2 ancient concepts. The numbers shift some as does the forms of government but the ideology remains the same.

GroupA:
  People are poor and have no resources due to circumstances
  beyond their control or ability to influence...

January 17, 2022 11:25 AM

JonKnowsNothing on Friday Squid Blogging: The Evolution of Squid Eyes :

@Clive, @SpaceLifeForm, @All

re: Fomite duration

A recent MSM report of a not-peer-reviewed study on aerosol viability didn’t reveal much not already known but did confirm that under standard conditions Sars-Cov-2 loses 90% of its ability to infect within 20 minutes of becoming airborne. The greatest part of the decline is within the first 5 minutes.

  Not much of a relief to joggers and shop goers...

January 17, 2022 10:58 AM

Jon on An Examination of the Bug Bounty Marketplace :

So, Task Rabbit has been weaponized?

There’s no reason that the platform shouldn’t or won’t seek the largest payday for each hack.

“We’ve got three Zero-Day exploits for MS Teams root (insert favorite high value target). Who will open the bidding?”

January 17, 2022 10:36 AM

Erdem Memisyazici on An Examination of the Bug Bounty Marketplace :

When I was 8 I literally could get away with hacking in Turkey. The Internet was not what it is now. There was no record of a hacker who uses a payphone to dial-up, because there were no cameras on every street corner either. Yet today we have programs for “young offenders” to be effectively groomed into an entirely broken industry based upon selling bad software for the access it provides.

...

January 17, 2022 9:45 AM

Erdem Memisyazici on An Examination of the Bug Bounty Marketplace :

@Ted
“Yeah, it’s interesting that many of these bug bounty hackers are young. The reports says that 70% of the hackers at Bugcrowd are under 30. At HackerOne close to 50% of hackers are under 24.”

The whole thing grew out of numerous conditions one of which involves decisions made by law enforcement. You’d be surprised how many stories I’ve read involving a “freelance-hacker” meeting legal consequences for trying to report bugs. One gave up $50k and went public because of how ridiculous the binding terms were...

January 17, 2022 9:12 AM

Winter on More Russian Cyber Operations against Ukraine :

@Deki
“The people of these territories want to be part of Russia.”

I assume you are also advocating that non-Russian speaking territories in Russia can become independent? Like Chechnya and the Caucasus in general and various areas in Siberia.

Snarking aside, I am pretty sure the Kremlin does not give a farthing about what the people actually want. As it showed conclusively in Belarus, Kazachstan, and Syria...

January 17, 2022 8:54 AM

Ted on An Examination of the Bug Bounty Marketplace :

Yeah, it’s interesting that many of these bug bounty hackers are young. The reports says that 70% of the hackers at Bugcrowd are under 30. At HackerOne close to 50% of hackers are under 24.

HackerOne also says that the majority of their hackers, 89%, are based outside the US. In 2019, India accounted for 12% of registered hackers, while 11% were based in the US.

One researcher reported he believed companies were at least if not more worried about bugs that affected their business positions rather than just user privacy...

January 17, 2022 8:46 AM

Clive Robinson on Friday Squid Blogging: The Evolution of Squid Eyes :

@ JonKnowsNothing, ALL,

There are early discussions about fomites in the blog archives or perhaps on the wayback machine.

And with it my limited opinion, which is still almost as limited due to lack of testing.

I see no reason to say fomite infection can not happen, especially with something as infectious and upper airway as Omicron is.

So on that assumption we would then need time profiles of viability against temp, humidity, and sunlight. With each going full expected range...

January 17, 2022 8:42 AM

Deki on More Russian Cyber Operations against Ukraine :

Russia will push forward in 2022 and 2023. The UN and US will step in and threaten a full scale war. Russia will compromise because they have the territories they wanted. I agree with Russia and these moves. The majority in these territories speak Russian like Donetsk. The people of these territories want to be part of Russia. Very simple. A compromise would be a win/win regardless of how it is viewed. Russian snipers sit day in and day out in these territories dropping UN/US/Ukrainian snipers by the dozen. The victims are the civilians in these territories who are caught in the middle of Ukrainian mortars. Compromise and end...

January 17, 2022 7:13 AM

JonKnowsNothing on Friday Squid Blogging: The Evolution of Squid Eyes :

@Clive, @SpaceLifeForm, @All

re: It’s FOMITES again!

MSM report that China has traced an Omicron infection to a package sent from Canada. The package traveled from Toronto, via the US and Hong Kong. The package was in transit for 4 days before delivery. The package was a “cold chain” item.

Somewhere along the path from boxing to drop off to delivery a fomite happened. (1)

===

1) There are early discussions about fomites in the blog archives or perhaps on the wayback machine...

January 17, 2022 6:51 AM

JonKnowsNothing on Friday Squid Blogging: The Evolution of Squid Eyes :

@John, @All

re:
  Unless the ‘drive’ has the write current physically turned off, any program can write to anywhere!

So use 2 drives. One that is read only.

Exactly how and where will you turn off “write” and turn on “read only”?

Data can have a ReadOnly data bit set but it’s a software setting, similar to Archive data bit, which is also software setting.

The RW is done on the physical layer, so you will have to disable W there but as much is chip controlled so if you can poke the chip you can RW. Even if the chip set does not include a W option, you can still get around that the Old Fashioned Way by direct control of the mechanism: writing a mini-driver...

January 17, 2022 5:44 AM

Winter on Friday Squid Blogging: Squid Prices Are Rising :

@All
Tensions are running pretty high in Europe, fear of war is mounting:

Sweden deploys soldiers and tanks on the island of Gotland
ht-tps://newsrnd.com/news/2022-01-14-tensions-with-russia–sweden-deploys-soldiers-and-tanks-on-the-island-of-gotland.HkgmuSyaK.html

Suwalki corridor to Kaliningrad
ht-tps://talkingpointsmemo.com/fivepoints/russia-eastern-europe-tensions-gas-migrants

Moldova
ht-tps://nationalinterest.org/blog/reboot/moldova-illustrates-putins-plan-eastern-europe-198982...

January 17, 2022 3:49 AM

ResearcherZero on Friday Squid Blogging: The Evolution of Squid Eyes :

@Clive Robinson

In all truth, to move lots of data requires very little bandwidth, all that is required is time. Lax security practices, no encryption, and the system of trust within an organization can all be abused to exfiltrate data. There are still many government departments that have all the same security problems, and worse.

Cox’s letter points to what appears to be a lack of encryption protecting the breached personal data, “a cybersecurity failure that is absolutely indefensible and outrageous.”...

January 17, 2022 3:32 AM

Winter on Friday Squid Blogging: Squid Prices Are Rising :

@Clvie
“Sorry as I anoyingly point out “solid evidence” is insufficient in oh so many ways, it simply won’t get you a criminal conviction in any half way sensible jurisdiction.”

The MNH17 trial in The Hague is well under way to convict Russian military for shooting down an airliner. The proof is pretty solid, down to the serial number of the BUK missile and the address it was stored in Russia...

January 17, 2022 3:11 AM

John on Friday Squid Blogging: The Evolution of Squid Eyes :

Hmm…

The whole discussion seems silly to me.

Unless the ‘drive’ has the write current physically turned off, any program can write to anywhere!

So use 2 drives. One that is read only.

That leads me to the question: Does 64 bit mode have ‘hidden’ extra features that enable various undocumented functions?

Curious that so much software is abandoning 32 bit mode for no real reason.

John

...

January 17, 2022 1:18 AM

Clive Robinson on Friday Squid Blogging: The Evolution of Squid Eyes :

@ SpaceLifeForm,

I do recall that. But, IIRC it did not require root to run the Oracle engine. I do not recall that I needed root to enable “raw” access.

To get “raw” access to a partition you needed the correct permissions on the device. To set those correctly you needed root at the point in time you do it.

But before that the device has to exist and that needs root privileges to achive.

...

January 16, 2022 11:54 PM

SpaceLifeForm on Friday Squid Blogging: The Evolution of Squid Eyes :

@ Clive, ALL

Re: Oracle “raw” disk access

I do recall that. But, IIRC it did not require root to run the Oracle engine. I do not recall that I needed root to enable “raw” access.

I had root. Maybe I have forgotten. But as the DB admim, and DB architect, and manager of the code repository, and the toolchain, and the entire distributed build system, and the lead debugger, I think I can say I knew what was happening...

January 16, 2022 10:50 PM

ResearcherZero on Friday Squid Blogging: The Evolution of Squid Eyes :

@Clive Robinson

It’s the beauty of technology, the national security mindset allows for vague descriptions of complex matters, then reported as easily digestible sound bites for mostly technically illiterate consumers.

In the end consumers never realise that their lives are a data mining bonanza worth trillions of dollars.

January 16, 2022 10:36 PM

Clive Robinson on Friday Squid Blogging: The Evolution of Squid Eyes :

@ ResearcherZero, ALL,

American intelligence agencies that year confirmed a similar attack from China using Huawei equipment located in the U.S., six of the former officials said, declining to provide further detail.

Beware any technical article from Bloomberg, that contains “unnamed insiders” it usually turns out to be a compleate pile of cack. As it was with the “china inside” on motherboards to be used by Apple...

January 16, 2022 10:36 PM

ResearcherZero on Friday Squid Blogging: The Evolution of Squid Eyes :

“The ad campaign will run online, in newspapers and on radio stations with the aim of turning public opinion against E2EE – and, presumably, driving home the message that encryption itself is something inherently bad.”

Other announcements due this week, from notoriously anti-encryption Home Secretary Priti Patel and intergovernmental meetings, will explicitly condemn Facebook’s contemplated rollout of E2EE...

January 16, 2022 10:33 PM

SpaceLifeForm on Friday Squid Blogging: The Evolution of Squid Eyes :

@ Ted, lurker, Anders, Clive, ALL

So, CVE-2021-32648 score jumps from 6.4 to 9.1

How does that happen?

Was there a tsunami?

Just asking, for two friends that drowned on Peru beach.

January 16, 2022 10:08 PM

Clive Robinson on Friday Squid Blogging: The Evolution of Squid Eyes :

@ SpaceLifeForm,

There is a TLA or two or three, that are on top of this problem. They use 7.

Do you renember the “update” that put the Win 10 “auto exploder” on peoples earlier Win computers and in some cases caused them hugh roaming charges as they were abroad when MS forced the Win10 download?

A friend who has some legal knowledge in these areas did point out over a drink one evening that what Micro$haft had done was very probably illegal. They took a sip of their expensive wine then observed that your chance of getting it to court was considerably less than you might hope, “As you would have less standing than that oh so reasonable ‘Man on the Clapham Omnibus’, after he had been thrown under the wheels of it”...

January 16, 2022 10:03 PM

ResearcherZero on Friday Squid Blogging: The Evolution of Squid Eyes :

@AL

They don’t want to start a ‘privacy vs safety debate’. That’s real cute.

The plans include a media blitz, campaign efforts from UK charities and law enforcement agencies, calls to action for the public to contact tech companies directly, and multiple real-world stunts — some designed to make the public “uneasy.”

“most of the public have never heard” of end-to-end encryption – adding that this means “people can be easily swayed” on the issue. The same slide notes that the campaign “must not start a privacy vs safety debate.”...

January 16, 2022 9:35 PM

Clive Robinson on Friday Squid Blogging: The Evolution of Squid Eyes :

@ SpaceLifeForm,

Nonroot Userland Software should never be able to write to MBR.

But has in the past.

Back in the long dark history of Oracle, wanted performance at any price… So the bypassed the OS file system and had “raw” access to the device…

There was a “vulnerability” –which Oracle claim they never have– that enabled a DB administrator to “write before” to earlier sectors on a hard drive. If as sometimes happened things overflowed back to lesser numbers earlier sectors fell into range, such as sector zero...

January 16, 2022 9:10 PM

SpaceLifeForm on Friday Squid Blogging: The Evolution of Squid Eyes :

@ Clive, lurker, Ted, Anders, ALL

Bad C+P, forgot to fix.

As to Notpetya, likely same issue in the OS. The problem is not really fixed, by design. They say they fixed, but.

Oh, did you need to upgrade your OS or app?

Did you know about the problem?

Are you running an old non-supported Windows version?

Must be your fault then.

Hey, we have patches for that problem. Upgrade, and you get the fixes for that old problem, and you get our new latest and greatest new shiny backdoors...

January 16, 2022 8:37 PM

Ted on Friday Squid Blogging: The Evolution of Squid Eyes :

@SpaceLifeForm, ALL

According to Bleeping Computer:

Sources have told journalist Kim Zetter that all 15 compromised Ukrainian sites were using an outdated version of the October CMS, vulnerable to CVE-2021-32648.

This is a critical (CVSS: 9.1) authentication flaw allowing an attacker to send a specially crafted request to perform a password reset on the platform, thus taking over admin accounts. ...

January 16, 2022 7:50 PM

SpaceLifeForm on Friday Squid Blogging: The Evolution of Squid Eyes :

@ lurker, Ted, Anders, SpaceLifeForm, ALL

The elephant in the room (her name is Stage0) is constructed of swiss cheese called windows, grandfathered by AML and Microcode.

It has nothing to do with October CMS
or Laravel PHP.

That software should never require root for its functionality.

Nonroot Userland Software should never be able to write to MBR.

It is all about backdoors.

That are known by MSPs by design...

January 16, 2022 7:37 PM

null clam on Friday Squid Blogging: The Evolution of Squid Eyes :

@ Clive Robinson @ JonKnowsNothing all

@ Clive, thanks for the enlightening commentary on the historical background and classical theory of the “Spoilage” problem, ie handling the Remainder Term, and @JonKnowsNothing, for the extension to the multi-prime (-time) context, and drawing attention to the exemplar Boris-Dilyn special case.

And, I didn’t know that Riemann had a dog.

If you read the classic treatment of the zeta-function [1], don’t let the dog eat your homework !...

January 16, 2022 7:08 PM

Clive Robinson on Friday Squid Blogging: The Evolution of Squid Eyes :

@ SpaceLifeForm, Anders, lurker, Ted, ALL,

The CVE score should have been near 10.

And MITRE’s CVE is considered the “bug reporter of last resort”…

But put your hand up if you had heard before today of,

1, October CMS
2, Laravel PHP Framework

Yup me neither (even though they are considered significant).

But as for the score being “to low” any score should have had it mitigated or patched within days of the patch at most, in any sensible business organisation...

January 16, 2022 6:32 PM

Clive Robinson on Friday Squid Blogging: The Evolution of Squid Eyes :

@ Ted, Anders, SpaceLifeForm, ALL,

Remember I said there was something odd with Microsofts post?

Well from the tweet,

“The blob contains the 16-bit assembly code used to, upon system restart, display the ransom note on the screen.”

Which is what I would expect.

Microsoft said it ran on shuting down…

So yeah my suspicions are even further aroused ={

But man “16bit asm” I guess the Kremlin still has metal filing cabinets with old PC mags stacked in the bottom…...

January 16, 2022 6:23 PM

SpaceLifeForm on Friday Squid Blogging: The Evolution of Squid Eyes :

@ lurker, Ted, Anders, Clive, ALL

Your partition layout is your password.

Write it down on paper. Use the tools Luke.

You can then recover with live boot and/or live install tools.

It will be a pain if you do not know Linux. Of course, one can always do the recovery route on ‘modern windows oem boxen’, and lose all of your data. Your choice.

If your partitions got encrypted by ransomware, well, you probably will not understand what I am referring to...

January 16, 2022 5:27 PM

SpaceLifeForm on Friday Squid Blogging: The Evolution of Squid Eyes :

@ Ted, Anders, Clive, ALL

It starts with a phish in a Windows environment.

The CVE score was way too low, which led to failure to patch.

Let’s go back to the CVE and parse closely. I am adding some dashes for readability, and some bold.

https://www.cvedetails.com/cve/CVE-2021-32648/

CVSS Score – 6.4

Seems low to me. Dots to follow.

Confidentiality Impact – Partial (There is considerable informational disclosure...

January 16, 2022 5:00 PM

Ted on Friday Squid Blogging: The Evolution of Squid Eyes :

Microsoft: “The hashes for the two-stage destructive malware are now in VirusTotal”

An analysis from Malware RE @ MSTIC:

As seen in the stage1.exe MBR wiper sample, the malware overwrites the first 16 sectors of the disk (sector 0 being MBR) each with a hardcoded 512 blob. The blob contains the 16-bit assembly code used to, upon system restart, display the ransom note on the screen.

https://twitter.com/malwarere/status/1482826924925894657...

January 16, 2022 4:39 PM

Anders on Friday Squid Blogging: The Evolution of Squid Eyes :

@Clive @SpaceLifeForm @ALL

Yes, wiping alone MBR is not destructive at all,
it’s also relatively easy to rebuild – boot code is standard,
only important thing is partition table. Modern OS don’t
care about CHS, only LBA, so you must find the start of the
partition, that’s easy too if you know the disk layout.

Historically partition started at cylinder boundary, so
first cylinder has enough free space (63 sectors)...

January 16, 2022 3:45 PM

Clive Robinson on Friday Squid Blogging: The Evolution of Squid Eyes :

@ SpaceLifeForm, ALL,

There is no way the fake ransom message can be stored in the MBR.

True but it does not have to be…

At one time the convention was just sector Zero at CHS-0:0:0. However it was not enough so it was sector zero and sector 1, and like Topsy the cat once hard drives got above a certain size and LBA was there the entire first track ie CHS-0:0:- was left free. GNU have some documents around if you want to read them but the cliffs notes is,...

January 16, 2022 3:30 PM

lurker on Friday Squid Blogging: The Evolution of Squid Eyes :

@SpaceLifeForm, All

If you know what you are doing, and have the right tools, you can rebuild the MBR.

I have done so more than once, on Classic MacOS with Nortons Disk Tools which were designed just for such jobs. When Apple went to OS-X Symantec didn’t follow.

But seriously, an MBR attack in this day and age? Didn’t eliminating floppy boot rid us of that? (I know, don’t answer)

...

January 16, 2022 2:57 PM

SpaceLifeForm on Friday Squid Blogging: The Evolution of Squid Eyes :

@ Ted, Anders, Clive, ALL

If you strip out the nonsense what you are left with does not make sense.

That is my conclusion also.

It is interesting that CISA points to this Microsoft report, but does not clearly endorse the conclusions of Microsoft.

It’s almost like they have questions.

https://www.cisa.gov/uscert/ncas/current-activity/2022/01/16/microsoft-warns-destructive-malware-targeting-ukrainian...

January 16, 2022 2:51 PM

Ted on Friday Squid Blogging: The Evolution of Squid Eyes :

@Clive, AL

If they can not reach it they can not attack it

This was from liveuamap:

Cyber-attack on Ukrainian government websites carried out through one 3rd party outsource IT company Kitsoft, which developed these websites using October CMS website content management system

I don’t know if October CMS is saying that a vulnerability was exploited bc people didn’t patch their systems? From October CMS:...

January 16, 2022 2:39 PM

Clive Robinson on Friday Squid Blogging: Squid Prices Are Rising :

@ Winter, MarkH, ALL,

Inevitably, quite a number of cases do have solid evidence.

Sorry as I anoyingly point out “solid evidence” is insufficient in oh so many ways, it simply won’t get you a criminal conviction in any half way sensible jurisdiction.

The burden of proof has to meet certain internationally recognised standards and in both the cases you mention it actually does not meet the “beyond reasonable doubt” burden of proof. I wish it were otherwise but those rules are there for good reason to protect the weak defendant against the power of a strong, conniving or both state...

January 16, 2022 2:24 PM

Clive Robinson on Friday Squid Blogging: The Evolution of Squid Eyes :

@ squid brain, ALL,

IMO, TPTB won’t be satisfied until they get the youtube-dl program completely chased into the underground

That is not the intention of the law suit.

The intention is to get “creative commons” and similar licencing being made illegal or ineffrctive.

From a publishers point of view creative commons very specifically discriminates not against them but their potential to make money by,...

January 16, 2022 2:08 PM

Anonymous. on Using Foreign Nationals to Bypass US Surveillance Restrictions :

A few commenters seem to have missed a key point: there are no US defendants. Precisely for some of the issues raised above, this data could not be used in US court cases except in very limited circumstances; consequently, no US-based suspects were arrested.

January 16, 2022 2:01 PM

Winter on Friday Squid Blogging: Squid Prices Are Rising :

@MarkH
” Often, Russia’s responsibility for crimes is intended to be like the Goldbach conjecture: the truth is both obvious, and hard to prove.”

Continued:
Inevitably, quite a number of cases do have solid evidence. Many of the poisonings. And the MH17 disaster.

ht-tps://www.bbc.co.uk/news/world-europe-57443467
ht-tps://www.courtmh17.com/en/about-the-case.html

January 16, 2022 1:28 PM

Winter on Friday Squid Blogging: Squid Prices Are Rising :

@MarkH
” Often, Russia’s responsibility for crimes is intended to be like the Goldbach conjecture: the truth is both obvious, and hard to prove.”

But then, what use is a proof in international politics? No one will haul Putin before a judge, proof or not.

Everyone who works or worked for Putin is considered a war criminal by default. You are marked as such too if you deal with them.

January 16, 2022 1:26 PM

Clive Robinson on Friday Squid Blogging: The Evolution of Squid Eyes :

@ Ted, Anders, SpaceLifeForm, ALL,

This is pretty destructive malware.

Apparently so, and it should not be if what Microsoft has said is true.

But it should never have been an issue in the first place… To see why consider the first question I ask, and I ask it over and over till those answering it get it and tell the truth,

“Was there valid business logic to have these machines connected to the internet or other external communications network?”...

January 16, 2022 12:28 PM

MarkH on Friday Squid Blogging: Squid Prices Are Rising :

@Clive, SpaceLifeForm, flat, Winter:

Clive’s observation about deniability is crucial. A subtle concomitant often missed is that detectability is an independent variable.

The mafia mentality often wants everybody to know that you are the perpetrator, while making it hard for institutions to prove your guilt.

The obviousness that you committed the crime is vital to the perception of your power. Often, Russia’s responsibility for crimes is intended to be like the Goldbach conjecture: the truth is both obvious, and hard to prove...

January 16, 2022 12:19 PM

squid brain on Friday Squid Blogging: The Evolution of Squid Eyes :

= Host of Youtube-dl Web Site Sued by Major Record Labels

https://news.slashdot.org/story/22/01/16/025217/host-of-youtube-dl-web-site-sued-by-major-record-labels

https://torrentfreak.com/major-record-labels-sue-youtube-dl-hosting-provider-220114/

This comes just as (12-17-2021) the main dev changed his status to, “inactive.”[1]

Gee, I wonder why?

IMO, TPTB won’t be satisfied until they get the youtube-dl program completely chased into the underground. Is the successor (yt-dlp) next? (/r/youtubedl)...

January 16, 2022 11:57 AM

JonKnowsNothing on Friday Squid Blogging: The Evolution of Squid Eyes :

@Clive, @null clam, @All

re:
NC:   But the real question remains: why do hotdogs come in packages of 10, but hotdog buns in packages of 8 ?

C:   Oh that’s easy, did your mum never tell you it’s to do with “House Rules”

LOL

I thought it was so you would by 10 of one and 8 of the other, then open the “tail gate” of your pickup truck, light up the BBQ briquettes, open the ice chest filled with cold-buzz, set up your rocking recliner folding camp chair with can holder arm on one side and handy plate holder on the other, fire up the solar powered inverter and plug in your 60″ LED super high res display and pretend you are inside a stadium watching your favorite form of “footie”, while handing out the proceeds of hot-bun-dogs, maintaining social distancing from others and the stadium. (1, 2)...

January 16, 2022 11:32 AM

Clive Robinson on Friday Squid Blogging: The Evolution of Squid Eyes :

@ null clam,

But the real question remains: why do hotdogs come in packages of 10, but hotdog buns in packages of 8 ?

Oh that’s easy, did your mum never tell you it’s to do with “House Rules”.

But first, you’ve heard of “spoilers” with information such as story lines…

Are you sure you want to read on?

Well the physical universe has it’s equivalent which is “spoilage”…

For which there is the “Five Second” counter rule. Which can be applied before “dropped” becomes “spoiled” (you hear kids especially call “five second rule” with toast when they grab it up). Where they claim the pickup right...

January 16, 2022 11:02 AM

null clam on Friday Squid Blogging: The Evolution of Squid Eyes :

@ Winston Smith @ Clive Robinson

Part of the subconvexity problem, yes.

But the real question remains: why do hotdogs come in packages of 10, but hotdog buns in packages of 8 ?

January 16, 2022 11:01 AM

Anders on Friday Squid Blogging: The Evolution of Squid Eyes :

@Ted

“Does anyone know what is KitSoft?”

hxxps://www.kitsoft.kiev.ua/who-we-are/

“We are Ukrainian company, which develops and implements digital technologies for state authorities and commercial organizations. We help our clients to arrange and automate internal processes and to interact with consumers. We set new standards of the field, which allow us to be in a step ahead.”

...

January 16, 2022 9:25 AM

JonKnowsNothing on Friday Squid Blogging: The Evolution of Squid Eyes :

@Clive, @SpaceLifeForm, @All

re: Super Heat and Super Cold

Super cold works a similar way.

If the ice crystalline structures in a cooling-to-freezing liquid are not aligned the liquid doesn’t freeze, it remains in liquid form.

The formation of the crystalline structures can be thought of like rain drops forming on particles high in the atmosphere. The impurity gives a “cling” surface for the water molecule. If the ice liquid doesn’t have a starter or cling point, the ice crystal may not form...

January 16, 2022 8:58 AM

AL on Friday Squid Blogging: The Evolution of Squid Eyes :

The U.K. government is launching an advertising campaign about the evils of encrypted communications.
https://www.rollingstone.com/culture/culture-news/revealed-uk-government-publicity-blitz-to-undermine-privacy-encryption-1285453/

The UK government is set to launch a multi-pronged publicity attack on end-to-end encryption, Rolling Stone has learned. One key objective: mobilizing public opinion against Facebook’s decision to encrypt its Messenger app. ...

January 16, 2022 8:38 AM

Ted on Friday Squid Blogging: The Evolution of Squid Eyes :

Does anyone know what is KitSoft?

“Oleh Derevianko, a leading private sector expert and founder of the ISSP cybersecurity firm, told the AP he did not know how serious the damage was. He said also unknown is what else the attackers might have achieved after breaking into KitSoft, the developer exploited to sow the malware.”

https://abcnews.go.com/Politics/wireStory/microsoft-discloses-malware-attack-ukraine-govt-networks-82292115...

January 16, 2022 8:18 AM

Clive Robinson on Friday Squid Blogging: Squid Prices Are Rising :

@ SpaceLifeForm, flat, Winter,

The alleged REvil bust may have just been for cash flow purposes.

That certainly would have helped sweeten the idea, but there was a lot more behind it.

Putin uses “deniable tools” as a standard part of the way he operates, and it’s been a “White Russian”(Bela Rus)[1] way of doing things for around three centuries. With the “Behind the cloak lies the dagger unseen” behaviours of spycraft and covert disruptive activities that turned Russia into a world center for spycraft that without doubt provided the triggers for “The Great War”/WWI and upto the Civil War towards the end of WWI when the Bolsheviks who were undeniably worse turned inwards...

January 16, 2022 8:16 AM

Ted on Friday Squid Blogging: The Evolution of Squid Eyes :

@Anders, ALL

Re: DEV-0586

This is pretty destructive malware.

  • Stage 1: Overwrite Master Boot Record to display a faked ransom note
  • Stage 2: File corrupter malware

I don’t know how this malware spreads, but it’s interesting that Microsoft would recommend MFA “to mitigate potentially compromised credentials and ensure that MFA is enforced for all remote connectivity.”

January 16, 2022 5:41 AM

Clive Robinson on Friday Squid Blogging: The Evolution of Squid Eyes :

@ SpaceLifeForm, JonKnowsNothing,

With regards Lake Nyos and,

“The event resulted in the supersaturated deep water rapidly mixing with the upper layers of the lake, where the reduced pressure allowed the stored CO2 to effervesce out of solution

The same process as gives those Mento&Cola fountain eruptions…

A different “trapped energy” boiling out, effect hurts quite a few people in the kitchen every year. And although I understood the process I did not start taking precautions untill I was very nearly one of their number…...

January 16, 2022 5:02 AM

Clive Robinson on Friday Squid Blogging: The Evolution of Squid Eyes :

@ Winston Smith, ALL,

“Paul Nelson has solved the subconvexity problem, bringing mathematicians one step closer to understanding the Riemann hypothesis and the distribution of prime numbers.”

Which part of the general subconvexity problem?

Perhaps of more interest to some here though, is that just solving it for some L-Functions would make life a little more interesting in the world of “Knapsacks” and other supposadly “one way functions”...

January 16, 2022 4:22 AM

Clive Robinson on Friday Squid Blogging: The Evolution of Squid Eyes :

@ Anders,

What they are smoking there?

The same grass as grows around that “Keep Off” notice…. Only “Parkie” has not been doing his job and some little mushrooms have got into it too..

Is I suspect, the message the organisation “The Daily Beast” wants their “journalist” / “Mouth piece” to put out…

Which is why it also looks a lot like a deliberately “lost in translation” message.

But is it realy that unusual?...

January 16, 2022 4:01 AM

SpaceLifeForm on Friday Squid Blogging: The Evolution of Squid Eyes :

@ Curious

I am sure it was due to the ongoing investigation angle.

What was going on in August 2020? (rhetorical question)

Be careful these days. There is a lot of misinformation being spread by various players in the media.

Actually, you touched on two buttons, and combined, they could be considered a controversial subject, so you got a multiplier effect.

If you had any specific links (that one may find on the first search results page), that may also have been a factor. There are some that I would never even read nor reference here, just based upon the sites reputation...

January 16, 2022 12:17 AM

JonKnowsNothing on Friday Squid Blogging: The Evolution of Squid Eyes :

@Clive, @null clam, @ALL

re: … available information the subsea “explosion” is from “a continuous process” where in effect “the pot has boiled over” and will do again in around a thousand years.

Other boil overs occur in a special type of lake.

A layer of good water accumulates over a denser layer/material below which becomes “gas packed” under the weight of the water above. A land slip or tremor can displace enough of the weight above to allow the under-layer to spew upwards...

January 15, 2022 11:29 PM

AT on People Are Increasingly Choosing Private Web Search :

What privacy guarantees can DuckDuckGo substantiate? Is their code open? Has it been audited by a third party? How do they make their money?

Any search engine can claim that they are private …

January 15, 2022 11:23 PM

Winston Smith on Friday Squid Blogging: The Evolution of Squid Eyes :

Headline: Mathematicians Clear Hurdle in Quest to Decode Primes

“Paul Nelson has solved the subconvexity problem, bringing mathematicians one step closer to understanding the Riemann hypothesis and the distribution of prime numbers.”

“The problem Paul Nelson solved is two steps removed from the Riemann hypothesis.”

https://www.quantamagazine.org/mathematicians-clear-hurdle-in-quest-to-decode-prime-numbers-20220113/...

January 15, 2022 10:23 PM

Clive Robinson on Friday Squid Blogging: The Evolution of Squid Eyes :

@ null clam, ALL,

Tonga is on the Ring of Fire.

Actually Tonga is not “on” the Ring of Fire, it’s actually “in” the Tonga Trench subduction zone[1] which makes a big difference as the two island chains are quite geographically different and in turn differebt to other parts of the ring. Especially when you ask,

Are there other indications of something happening on the ring

The answers are at the moment,...

January 15, 2022 10:04 PM

lurker on Friday Squid Blogging: The Evolution of Squid Eyes :

@Clive
Apparently the NZ High Commission has an alternative channel available for official purposes. They are reporting that local mobile phones are working. A NZ P3 Orion is available for outer islands reconnaissance subject to ash dispersal. A NZ naval vessel with drinking water making capacity is also on standby awaiting a request for assistance from Tonga. These things must be done with proper protocol...

January 15, 2022 8:47 PM

Clive Robinson on Friday Squid Blogging: The Evolution of Squid Eyes :

@ lurker,

I’m taking your words out of order a bit,

The internet being offline is not surprising, underwater fibre cables are probably not designed to withstand the forces applied to them yesterday.

Not just that, think about the cables to peoples homes that can be easily swept away when above ground.

But also small vehicals float and become battering rams, likewise trees and poles are easily brought down by flooding water and become significant hazards in many ways. You can be swept from your feat by as little as 100mm / 4 inches of water moving at 2.2m/S or 5 miles an hour. That’s the sort of water movment you can have in a large stream or small river you would not think twice about crossing. But as an unconscious person you can drown in half that depth of water, and even when not flowing water sucks the heat from you atleast twenty five times faster than ordinary air at just under fog/dew point that even in summer gives you the chills. Just ten mins in 4 degree Celsius water for too many is a slow and horible death sentance without first world medical care...

January 15, 2022 8:34 PM

lurker on Friday Squid Blogging: The Evolution of Squid Eyes :

@nullclam
USGS reported a M4.5 about 150km north of the volcano at a depth of 150km about 40mins prior to eruption. Same place, same depth & magnitude this morning at 9.40 local time. Speculate if you wish. Tonga is at the point where the NE corner of the Australian plate is sliding over the Pacific plate and has pushed a significant dimple into the “ring” of fire.

January 15, 2022 5:37 PM

lurker on Friday Squid Blogging: The Evolution of Squid Eyes :

@Clive, All

phone-camera footage got out last night of a tsunami 1~2 metres in the streets of the capital Nukualofa, and there was audio from a person wading thru water attempting to escape. Since then “the lines are down” which is concerning especially since we know the potential of HF battery powered radio. The internet being offline is not surprising, underwater fibre cables are probably not designed to withstand the forces applied to them yesterday. But where’s the backup?...

January 15, 2022 5:21 PM

Ted on Using EM Waves to Detect Malware :

@Bruce McNair

I find it interesting that they are claiming 99.82% success rate.

According to Figure 5 (a), the accuracy of the CNN type classification was based on 21,161 traces. 39 fell outside the predicted value.

I don’t know if that makes this statistically significant however.

January 15, 2022 2:57 PM

Clive Robinson on Friday Squid Blogging: The Evolution of Squid Eyes :

@ lurker, SpaceLifeForm, All,

The eruption was certainly explosive

Sorry, it’s got to be said,

“A new crack a tonga?”

But getting serious you would think such an event such as this would be “big news” within hours, but apparently not.

https://theconversation.com/why-the-volcanic-eruption-in-tonga-was-so-violent-and-what-to-expect-next-175035

I guess Aus, NZ and a big chunk of the East Pacific coast are going to see some tsunami effects, but what of Tonga, and it’s people?...

January 15, 2022 2:41 PM

Bruce McNair on Using EM Waves to Detect Malware :

I find it interesting that they are claiming 99.82% success rate. Think about the number of events that need to occur to make that claim (1 failure in 555). Now, to have statistical significance, you need about 555 failures to be able to make that statement. Did they run 300,000 independent experiments to get that result. Forget about the security claims, just look at the methodology…

January 15, 2022 2:32 PM

Clive Robinson on Using EM Waves to Detect Malware :

@ MikeA, Robert Russel,

get past the “hacking involves wearing a hoodie and typing really fast while random text scrolls down the screen” cliche.

Do you mean I don’t have to wear the dark mirror shades?

Darn I was just getting used to groping around in the dark 😉

The reality is most of my best hacks back in the 1980’s involved bashing around on the keyboard to find things like “buffer overflows” in login programs and the like...

Sidebar photo of Bruce Schneier by Joe MacInnis.