Recent Comments

Note: new comments may take a few minutes to appear on this page.

October 1, 2020 6:33 PM

SpaceLifeForm on Negotiating with Ransomware Gangs :

@ Sofakinbd, Clive

Of course, an org should contact FBI before they pay the ransom.

But, consider that the hackers may not be foreign in the first place.

The advisory seems to be spinning a tale, that the only ransomware hackers you have to be concerned about are foreign.

October 1, 2020 6:31 PM

xcv on Detecting Deep Fakes with a Heartbeat :


Neither photographs nor videos are evidence without witness deposits of the one who made them.

Right. You need serious money in the bank to make bail, if you’re going to present your side of the case in court, and the cops aren’t going to confiscate all of your notes, files, videos, and photos and file additional charges against you, while you’re trying to fight the original charges in court, for which the documents on record have already been amended or altered...

October 1, 2020 6:01 PM

Anders on Negotiating with Ransomware Gangs :


I guess the total recovery time would still be the
same regardless whether they had the AD backup and
no single working AD or had that one survived real
server and no backup.
10 days, 4,000 servers and 45,000 PCs rebuilt. Every
company must try to repeat this achievement and even
improve it. Next similar incident is around the corner.

October 1, 2020 5:11 PM

Steve on Hacking a Coffee Maker :


For example they introduce a deliberate bug inside the
firmware (something time related) that cripples the
device. Want to use it on? Sorry, it’s a old model, no
free firmware update, but with extended support we are
happy to provide you one, just pay! Or buy a new one.

Sort of like razor cartidges.

Ever try to find a SuperWhammy5 more than a couple of years after you’ve bought the shaver handle?...

October 1, 2020 4:38 PM

SpaceLifeForm on Negotiating with Ransomware Gangs :

@ Anders, Vesselin Bontchev

Maersk got lucky. One of their AD Servers was down due to a power failure.

That was how they were able to recover as quickly as they did.


October 1, 2020 3:47 PM

SpaceLifeForm on On Executive Order 12333 :

@ Clive

Interesting timing. Addressses both of our points, sorta.


The task force is home to specialists from more than 30 federal agencies, including the Central Intelligence Agency, National Security Agency, and Secret Service.

But some national security policy experts believe the expanded partnership could lead to internal conflict. They say intelligence and law enforcement agencies sometimes have different goals that could conflict with one another...

October 1, 2020 2:49 PM

Sofakinbd on Negotiating with Ransomware Gangs :


You have:
For now, it seems that paying ransomware, while obviously risky and empowering/encouraging ransomware attackers, can perhaps be comported so as not to break any laws (like anti-terrorist laws, FCPA, conspiracy and others) ­ and even if payment is arguably unlawful, seems unlikely to be prosecuted. Thus, the decision whether to pay or ignore a ransomware demand, seems less of a legal, and more of a practical, determination ­ almost like a cost-benefit analysis...

October 1, 2020 2:03 PM

Sherman Jay on Friday Squid Blogging: COVID-19 Found on Chinese Squid Packaging :

I know it is just one day before this post becomes obsolete. But this is important.

The article below is very long. But, it is very important and comprehensive on this one (out of hundreds of) personal/health data vulnerabilities:

ht tps://

October 1, 2020 1:21 PM

Arclight on Negotiating with Ransomware Gangs :

As a storage engineer, I can say confidently that a lot of these ransomware schemes are easily recoverable if the customer has a combination of backups (ideally some off-line) and storage snapshots. Modern disk array file systems like ZFS and Netapp WAFL (now clustered) are capable or keeping literally hundreds of hourly/daily/weekly/monthly file system snapshots online, and they can be instantly mounted read-only or restored over the current version. Servers and workstations can be bare-metal re-provisioned if the infrastructure is in place, especially if we’re talking about a thin-client environment with a small number of “terminal services” systems that feed them...

October 1, 2020 12:31 PM

Jesse Thompson on Negotiating with Ransomware Gangs :

I am actually kind of mystified why Dead Drop style backups aren’t more common.

  1. Backup system is connected through one Ethernet port with absolutely all ports locked down but one: the file upload backup port. For me “locked down” means firewalled at that VLAN via L3 switch, plus tcpd on the backup server blocking access to all ports but the one, PLUS no services listening on any other ports to begin with. ...

October 1, 2020 12:21 PM

L. Jeffers on Detecting Deep Fakes with a Heartbeat :

El Guapo: Jefe, would you say I have a plethora of photoplethysmographs?
Jefe: A what?
El Guapo: A plethora of photoplethysmographs.
Jefe: Oh yes, El Guapo. You have a plethora of photoplethysmographs .
El Guapo: Jefe, what is a photoplethysmograph?
Jefe: Why, El Guapo?
El Guapo: Well, you just told me that I had a plethora of photoplethysmographs, and I would just like to know if you know what it means to have a plethora of photoplethysmographs. I would not like to think that someone would tell someone else he has a plethora of photoplethysmographs, and then find out that that person has no idea what it means to have a photoplethysmograph...

October 1, 2020 12:17 PM

Winter on Detecting Deep Fakes with a Heartbeat :

” The notion of what constitutes evidence of something should vary drastically depending on the trustworthiness of the parties in the discussion.”

Neither photographs nor videos are evidence without witness deposits of the one who made them.

October 1, 2020 11:59 AM

Thunderbird on Detecting Deep Fakes with a Heartbeat :

What about Sylvester Stallone as The Terminator?

I looked at it–thanks for the pointer. Video on the internet always has strange compression artifacts, but that one has a visible outline around the terminator’s head in the initial shot where he’s in silhouette against the sky.

Like Bruce says, it’s an arms race, which means that one side will constantly be leapfrogging the other. The notion of what constitutes evidence of something should vary drastically depending on the trustworthiness of the parties in the discussion. In a purely adversarial situation like court (or the “court of public opinion”) we should be much more skeptical than in situations where people of goodwill are cooperating to discover the truth...

October 1, 2020 11:11 AM

Winter on Detecting Deep Fakes with a Heartbeat :

” a trial by judge is sufficient to protect the rights of the accused, because the defense has not shown in court that the guilty party’s rights are violated in any way by omitting the formalities of a full jury trial”

Not sure what you want to say. However, jury trials are not the standard in the world. Actually, trial by jury is rather uncommon.

October 1, 2020 10:53 AM

xcv on Detecting Deep Fakes with a Heartbeat :


“Best Deepfake Videos”

Convince 12 stooges of the suspect’s guilt in court, or simply dispense with the video and dismiss the jury entirely, especially if it is deemed pornographic, because any “reasonable person” would vote to convict, and a trial by judge is sufficient to protect the rights of the accused, because the defense has not shown in court that the guilty party’s rights are violated in any way by omitting the formalities of a full jury trial on the particulars of the matter...

October 1, 2020 10:37 AM

Winter on Detecting Deep Fakes with a Heartbeat :

@Geoffrey Smith
“Are there deepfakes that are that so realistic it isn’t obvious from looking at it?”

Yes, search for “Best Deepfake Videos” and you get a very nive collection. Btw, speech synthesis and voice conversion are also pretty good nowadays.

October 1, 2020 10:19 AM

Geoffrey Smith on Detecting Deep Fakes with a Heartbeat :

Are there deepfakes that are that so realistic it isn’t obvious from looking at it? I assumed the challenge to autonomously detecting deepfakes was simply finding an efficient means of doing so, not necessarily that finding them at all were a challenge. For example the eyes and shadow in deep fakes are usually what gives it away. It looks like there’s been some research into this.

I can see PPG being used in addition to other methods but I really doubt it alone is that effective and likely results in false deepfake positives. It might be computationally cheap and easy to do though. Like DRM there will always be a race to detect deepfakes and software to defeat detection...

October 1, 2020 8:57 AM

J.C. Checco on Detecting Deep Fakes with a Heartbeat :

The Eulerian video method has been around for about 8 years now, and although I first thought it would be employed as a user verification technique, I applaud it being used for other uses. As deepfake AI algorithms becomes more advanced, I believe so will the the algorithms and use cases around eulerian.

October 1, 2020 8:14 AM

Anders on Negotiating with Ransomware Gangs :

@Vesselin Bontchev

I’m suprised with your customer.
I call this just a bad risk management.

Ransomware is not the only thing that can bring data loss.
There’s also file deleting malware, hardware (HDD) failure,
(updated) drivers that slowly corrupts data, accidental deletion
of data, accidental overwrite of data etc etc etc.
Yes, some of them have smaller impact, affecting only
some servers or workstations, but then again, sometimes...

October 1, 2020 8:00 AM

Cande9 on Security vs. Business Flexibility :

Yes, now everyone is trying to make money on other people who have their own business, so I really respect people who have enough contacts to start their own business, this implies constant travel and at the moment it is very difficult to track record keeping and cash flow. I would like to recommend the site for the future, it will be interesting for people who are planning to open their own business or already have their own startup. Here we are talking about the monthly cash flow statment, as this is one of the most serious problems when running a small business...

October 1, 2020 7:20 AM

Winter on Detecting Deep Fakes with a Heartbeat :

I think we can go even further: A Captcha like Turing Test for moving pictures.

Human pupil dilatation and micro saccades mirror cognitive working load. When speaking (behaving in general) people will have to think, which will reflect themselves in pupil dilatiation and eye movements. However, the cognitive load depends on the nature of what is said and done, by whom, and a lot of context.

Extracting the cognitive load from the spoken words automatically will be pretty difficult. But humans do it all the time, it is part of our theory of mind...

October 1, 2020 7:15 AM

MarkH on Images in Eye Reflections :


You’ve made my day, sir. I wouldn’t have imagined that “robust” and “decrepit” could be adjacent in a good sentence … still chuckling.

As for myself,

decrepit: check

curmudgeon: any reader of my comments here can answer that

disreputable: certainly, though “notorious” or “scandalous” would be more apt

old: sufficiently, that I should know better

Best of luck with those young ladies!...

October 1, 2020 6:49 AM

gladwel kubwalo on The Security Mindset :

the information so far gained will help me in my day to day thinking about security issues around me

October 1, 2020 6:41 AM

Erik on Detecting Deep Fakes with a Heartbeat :

I imagine that the deep fake software does not preserve or simulate PPG only because no one working on that software knew PPG was a thing. I don’t imagine it will be hard to fill that gap.

So yeah, couple of months and that’ll start being fixed.

October 1, 2020 6:41 AM

Anders on Negotiating with Ransomware Gangs :


I know personally that some banks have special bitcoin
account in case of ransomware attack. They want to resolve
the incident as quick as possible and without any
publicity, including hiding it from banking supervision.
So they just pay.

October 1, 2020 6:11 AM

Clive Robinson on Images in Eye Reflections :

@ MarkH,

There are some other readers of “delicate age”

Delicate indeed is this a WI tea club? Speak for yourself, I prefer the more robust “Decrepit” it sounds so much nicer especially when used with “curmudgeon” and “disreputable”.

You could chuck in “old” but in my brain I’m still “twenty-something” and would live like that if my hip stopped partially dislocating when I walk to the bus stop. Oddly if I do a little bit of contortion which is amusing for onlookers it goes back with a slightly gristly pop, which makes a few of the onlookers a bit squeamish...

October 1, 2020 6:01 AM

apa on Hacking a Coffee Maker :

A Finnish hacker team demonstrated this last year in Team Whack, a TV series for national broadcaster: they breached a home network through WiFi security camera. The camera firmware had a known vuln and was connected to the rest of the network. It made a very good proxy/bastion.

October 1, 2020 4:57 AM

Ergo Sum on Negotiating with Ransomware Gangs :

@another me…

Teaching security would be a good idea at work, at school, but people have been saying that for decades.

Second that…

If education of the endusers would be a viable option, it would have worked after decades of trying. Is that cause of the failure the teachers, or the students? It’s either both, or neither, depending on your point of view on the subject.

Neither education, nor the suggested methods of preventing ransomware addressing the underlying cause of spreading the ransomware. The lack of security in the current operating systems and software in general are the culprit...

October 1, 2020 4:44 AM

Cyber Hodza on Negotiating with Ransomware Gangs :

It is a nature way of making sure your immune system stays healthy by fighting constant outside threats

October 1, 2020 3:47 AM

Ross on Negotiating with Ransomware Gangs :

Like any successful parasite, Ransomware hackers have learned to balance their gains against destroying their “hosts”. It doesn’t make sense for them to disable their victims, or anger them to the point of trying to pursue the attackers.
The other reason in favor of paying the ransom is that even if you can restore your data on your own, the hackers may have a copy of it to use against you. Even if the business is completely consistent in it’s operations, there still may be intellectual property that would be damaging if release publicly...

October 1, 2020 2:53 AM

جوب ترموود on Cryptanalysis of SHA-1 :

Thermowood or thermo wood (heated) is the same natural wood whose cellular structure has changed due to the thermal process. Heated or heat-modified wood is known as thermowood.
The history of wood burning and heating to increase the strength of wood and use in outdoor structures was first studied scientifically in the 1930s, and Finland is one of the leaders in the thermowood industry, which first launched the production line of this wood. In addition, the country set up a thermowood technical research center and association called VTT and conducted comprehensive research in this field, and finally the process of heat treatment of thermowood or thermowood by the Finnish Thermowood Association. And with the cooperation of wood products industry, it entered the market so that today thermowood is produced and supplied according to the research done by this association...

October 1, 2020 1:28 AM

MarkH on Images in Eye Reflections :

Vitreous Detachment

(Off topic, but I hope that it is useful safety information.)

I’m posting on this older thread, because we had some discussion here about the structure of human eyes.

Not many days ago, I noticed a small dark dot in my vision, which moved around like a “floater” (of which I have many) … but it didn’t look like any of my old floaters.

Shortly afterward, whilst looking at a plain white surface, I realized that there were several such dots. This alarmed me enough, that I promptly visited my eye doctor...

October 1, 2020 1:23 AM

JonKnowsNothing on Friday Squid Blogging: COVID-19 Found on Chinese Squid Packaging :


request: can you provide a link to something that is not Twit/FB/etc?

I would like to check some of the things you post but I don’t Twit-Tweet-FB-Zoom or do any of that MooAge Stuff.

SOK if you cannot.

October 1, 2020 1:17 AM

JonKnowsNothing on Friday Squid Blogging: COVID-19 Found on Chinese Squid Packaging :

@Clive @All

In ancient times Windows had an Event Viewer were you could look at the logged events. I used to spend some time checking for red tag events although for the most part they were not correctable, maybe if you got a driver update you could clear up a few.

The log files took up a load of space and some were circular but it could give you an idea of all the stuff they wanted you to send them...

October 1, 2020 12:34 AM

Clive Robinson on Friday Squid Blogging: COVID-19 Found on Chinese Squid Packaging :

@ SpaceLifeForm, ALL,

It’s worth looking at the Microsoft document linked to, even though it’s nearly a 32MByte download[1],

“Microsoft Digital Defence Report 2020 September”

The real scary bit for everyone is given in the 6 pages before the introduction where it gives,

“8 Trillion signals a day”

That go into it’s ML system. Before telling you those signals all come from Microsoft’s Telemetry system you can not realy opt-out of…...

September 30, 2020 10:56 PM

WmG on On Executive Order 12333 :

@ Clive Robinson

“ The china shop being “the US State Dept” …”

Hmmm. Yes. Yes, indeed.

And now that the chickens come home to roost, the state of denial is like a heavy fog.

September 30, 2020 10:18 PM

another me on Negotiating with Ransomware Gangs :

I’ve seen other businesses use custom built malware, delete the customer database of a competitor, after copying it (though not well in some instances, and the data is sometimes recoverable).

If you are backing up and using removable drives (tape drives for example), I’d check you actually have tapes or disks in the backup caddies. Backing up will be really fast without anything to backup to, but there is only so many times you get a laugh at realizing a business has been backing up to the void for the last decade...

September 30, 2020 9:54 PM

mikethomson on Technology to Out Sex Workers :

Wow, What a Excellent post. I really found this to much informatics. It is what i was searching for.I would like to suggest you that please keep sharing such type of info.Thanks

September 30, 2020 5:36 PM

SpaceLifeForm on Friday Squid Blogging: COVID-19 Found on Chinese Squid Packaging :

When you can’t control all of your silicon turtles all of the way down:

And the US government argues for backdoors?

Probably the first iOS 14 iPhone 7 running Android

No cell. I consider that a feature.


September 30, 2020 5:06 PM

SpaceLifeForm on Negotiating with Ransomware Gangs :

If an org was to pay the ransom, I would recommend:

Open bank account specifically for the purpose.

Put the money into that account.

Buy the bitcoin via that account.

Pay the ransom only via bitcoin.

At least, this way there is a paper trail and a Blockchain trail.

It’s probably the only way to catch the crooks.

Pay X when X+Y is laundered.

September 30, 2020 4:22 PM

Clive Robinson on On Executive Order 12333 :

@ Jon,

… because they knew just how shot through with rot their own was.

When I was a young lad not even close to my teens, I helped my Dad put up a new wooden fence.

He very carefully cut out of 1/2 inch thick wood “top caps” for the posts.

I asked him why and he showed me an old wooden post and pointed out the “failing from the top”. Of how the rain had started the “rot at the top” which had spread right down inside without being visable from outside...

September 30, 2020 3:26 PM

SpaceLifeForm on Hacking a Coffee Maker :

Alexa: I have been informed by your Ring indoor drone that you are starting to wake up. Should I tell the coffee maker to start brewing now?

Aside: I see the ‘Write’ changed to ‘Edit’. Well done.

September 30, 2020 3:24 PM

Jason on Negotiating with Ransomware Gangs :

I suppose in defense of paying, the ransomware attackers have an enormous incentive to be as helpful as possible once paid.

The simplest way to stop ransomware may be the same as the way airline hijacking was rendered significantly less effective 19 years ago.

Launch a large series of high profile ransomware attacks and do not provide valid decryption keys after getting the money.

If you arent likely to get your data back after an attack there is no incentive to pay. Just like these days air line hijackers will likely be viciously attacked by passengers and crew rayhrr than complied with because we saw spectacularly what happens when you dont on 9/11 after they broke the implicit r I les of hijacking...

September 30, 2020 3:15 PM

Jon on Hacking a Coffee Maker :

@ Peter A :

“Quite another thing is – devices that MUST be connected or they stop functioning or are crippled beyond sensible use. That is a disaster waiting to happen,”

If I were you, I would delete the ‘or’ after ‘functioning’ from the middle of that remark. 😉


September 30, 2020 3:09 PM

Singular Nodals on Friday Squid Blogging: COVID-19 Found on Chinese Squid Packaging :

@ Winter

re: It is easy to recognize independent journalism. …

I’m not sure that this is the case. Opposition or support for government is not a sufficient criterion. Also to be considered are social ideology and financial enmeshment. These are also sources of “partisan” writings, and in the modern period are probably more important than party affiliations. They govern the coverage and commentary of the journal, and it is almost never simply seeking truth...

September 30, 2020 3:07 PM

Clive Robinson on Friday Squid Blogging: COVID-19 Found on Chinese Squid Packaging :

@ JonKnowsNothing,

Some countries just define torture as torture.

Others call it “making routine enquiries”…

Yes it is sometimes caught in the UK. One police oficer knocked a kid around in the back of a van and told him if he did not become a “grass” then either he’d end up in court and never see the light of day, or his name would be given to the gang leader and he’d end up under a train.

Unbeknown to the police officer or the kids defense team the kid had recorded it on his cell phone. The kid told his side of the story in court much to the surprise in his own defense team and when the prosecution challenged it he pulled the phone out and started playing the recording...

September 30, 2020 2:46 PM

Rodney B on Negotiating with Ransomware Gangs :

These are very compelling arguments, but the first one on the list to me is enough if it’s true. The last argument against, “Using Bitcoin to pay a ransomware attacker can put organizations at risk” can actually be prevented. Although, if a company is smart enough to protect Bitcoin transactions, they likely had guarded against ransomware attacks.

September 30, 2020 2:32 PM

JonKnowsNothing on Friday Squid Blogging: COVID-19 Found on Chinese Squid Packaging :


US Prisons are notorious in their punitive measures. If a prisoner is of particular notice like Chelsea Manning, Reality Winner or any other prisoner of A Different Conscience than the Official View, their treatment will be on the legal side of barbaric. At least someone notices.

US Prisons where people are not of particular notice, get the same treatment or worse because there isn’t anyone looking out for them. Even if they have counsel, the systems are such that they cannot access it and the courts are not very inclined to take such cases in opposition to government policies...

September 30, 2020 2:17 PM

JonKnowsNothing on Friday Squid Blogging: COVID-19 Found on Chinese Squid Packaging :

@Clive @All

re: Mink COVID-19 mortality changes

Veterinary Reports on COVID-19 outbreaks on mink farms in Utah and earlier in Denmark indicated that the minks were infected by humans. Sometimes dogs and cats were also infected. Any escaped minks are to be captured and any wild minks found dead are to be disposed of appropriately.

The following was reported first in the Danish outbreak and then in the Utah outbreaks; both reported a similar situation...

September 30, 2020 11:57 AM

Warranty Void on Negotiating with Ransomware Gangs :

Even among security professionals there is a staggering display of arrogance and ignorance surrounding ransomware.

“Have good backups” <- The bad guy will delete any hot backups after they have domain admin. The backup processes you have probably won’t look as good in retrospect
“Paying for decryption is quicker…recovery” <- The ransomware decryption utilities are not always reliable enterprise products designed for ease of use. You still need to decrypt hundreds or thousands of machines, that are at best still vulnerable and at worse still actively compromised upon decryption...

September 30, 2020 11:21 AM

Clive Robinson on Friday Squid Blogging: COVID-19 Found on Chinese Squid Packaging :

@ ALL,

There are growing questions as to if “Herd Immunity” is working with COVID-19.

The current increasing rates of infection where there has already been significant infection suggests that there are issues as yet unknown with “Herd Immunity”

One of the more worrying is in Amazonia in Brazil.

It’s been indicated that between half and two thirds of one population (Manaus) have been infected which is close to the 70% that various epidemiological models suggest would stop the spread of SARS-CoV-2 so it should have significantly slowed down. Unfortunately that is apparently not the case, and infections are rising rapidly again,...

September 30, 2020 11:20 AM

Etienne on Negotiating with Ransomware Gangs :

I remember the military ordering all firewalls removed inside the LAN’s. Many were maintaining their own firewalls to maintain some span of control, but the whole network was laid open like a fresh cadaver.

“The VLAN’s will protect us”

…as some low-ranking Okie started downloading everything to CD and giving it away for free to Wikileaks.

“Ya gotta be smarter than an Okie” – Bumper Sticker at West Point...

September 30, 2020 11:04 AM

How to Fix Your Connection is Not Private Error in Google Chrome (18 Tips) on Cryptanalysis of SHA-1 :

[…] hash-algoritme, der en gang almindeligvis bruges af SSL-certifikater på nettet. SHA-1 har dog vist tegn på svagheder og understøttes derfor ikke længere i nogen nuværende browser. Hvis et websted stadig bruger et […]

September 30, 2020 10:39 AM

Clive Robinson on Friday Squid Blogging: COVID-19 Found on Chinese Squid Packaging :

@ Winter,

As long as it is “Only Us”, nothing will happen.

Or “Doing it for Us”, have a look at the history of the ruler of the nation concerned…

With regards,

… as they ALL see their respective populations as the real enemy.

The history of that country also shows that and worse.

But it’s also very true of the US, see my posting above on Day 20 of the Assange Extradition proceadings.


September 30, 2020 10:33 AM

Clive Robinson on Friday Squid Blogging: COVID-19 Found on Chinese Squid Packaging :

@ ALL,

As some of you are aware the extradition hearing against Julian Assange is happening in london as now into 21 days.

Whilst it might be of academic interest as to what happens to Julian, the evidence presented yesterday is most certainly not.

It gives a very rare insight as to whay happens in US Federal maximum security prisons when the US Attorney General puts a prisoner under “Special Administrative Measures” or “SAMs”. As the AG is a “political Appointee” their decisions impartiality is at best extreamly questionable especially as it has been made “unchalengable” by various hurdles...

September 30, 2020 9:38 AM

Clive Robinson on Negotiating with Ransomware Gangs :

@ me, ALL,

Or… get a decent backup and forget about the problem.

That unfortunately does not solve the problem.

Ransomware or Ex-Insider Ransom has been sort of discussed on this blog befor over the years and each time people miss the point.

1, Someone has been in your systems.
2, You have no idea howlong they have been in your systems.
3, You have no idea what they did in your systems.

Read through that twice and give it some thought, then draw up a list of things they could have done...

September 30, 2020 9:15 AM

M@ on Negotiating with Ransomware Gangs :

Backups aren’t that useful against a commercial ransomware attack. The cases I’ve worked on were breached for 2+ weeks before they triggered, backups were at best compromised if not subverted, and restoring from month-old offline copies basically means liquidating the business. There have been a couple instances where it was clear the attackers weren’t commercial, and pulled the trigger moments after they breached, and we felt comfortable rolling back 6..24 hours: But those were amateurs...

September 30, 2020 9:12 AM

Chelloveck on Negotiating with Ransomware Gangs :

@JB Generally the value of the data far exceeds the value of the hardware. Salvaging the data is the important part. After than you can (figuratively) burn your data center to the ground and start over on new hardware, hopefully with better security and a better backup regimen. Or do you mean you can’t trust that the data you decrypted hasn’t been tampered with? Maybe, but the ransomers aren’t really interested in destroying your business. Quite the opposite, really. They want you to survive because you’ve already proven yourself a good “customer” of theirs! They want you to pay up the next time you’re infected. You won’t be willing to do that if they screw you out of your data this time. Repeat business is important for any entrepreneur, even the illegal ones...

September 30, 2020 8:55 AM

Me on Hacking a Coffee Maker :

Simple answer: buy a $20 coffeemaker. It likely can’t do all that stuff, doesn’t connect to the internet, and, if it does get hacked, you just replace it with another $20 coffeemaker.

September 30, 2020 8:51 AM

JB on Negotiating with Ransomware Gangs :

Paying the ransom not only hurts everyone in the long run, it doesn’t help a bit in the short run. Because be definition, those systems and all the data on them have been compromised. So even if you pay, you get the decryption keys, they decrypt the files, you still can’t trust any of it.

The only good that can come from a ransomware attack is learning a valuable lesson in having good backups and good security...

September 30, 2020 8:43 AM

Mariam Madison on Using Gmail "Dot Addresses" to Commit Fraud :

I was trying to get some help on google about how to repair my credit report and how i could get a hacker to help me clear my personal loan debt and also increase my credit score,I meet lot of fake hackers who scammed me until i then came across HACKINVADE who helped me clear my many years debts and also helped me boost my credit score to an excellent result of 790 and also help me retrieve my Stolen Bitcoins.Try him and let his job speak for him. Contact him on his private mail: HACKINVADE At Gmail Dot CoM or on his phone number:256 294 4701...

September 30, 2020 8:35 AM

Vesselin Bontchev on Negotiating with Ransomware Gangs :

“Just restore from backups” is not always the best option. I had one case when the customer who was hit by ransomware did have backups – but still wanted to pay the ransom, because restoring would cost more (in terms of lost time and pay to people who would be doing it) than the ransom itself. Admittedly, that was years ago, before the ransomware gangs switched to hunting big companies and demanding millions in ransom...

September 30, 2020 8:22 AM

parabarbarian on Negotiating with Ransomware Gangs :

My employer was recently hit by ransomware. They even got the backups so paying was about the only option besides going out of business. Once the ransom was paid (rumor is it was about $1 million) The criminals not only provided the decryption keys but also a list of the machines they had infected and documentation on how to decrypt the files. It was quite an organized effort. They even had an email helpdesk that was, reportedly, very helpful at handling the minor difficulties...

September 30, 2020 7:52 AM

rj on Negotiating with Ransomware Gangs :

I guess the only VALID reason to pay ransom would be if the decryption process would be considerably faster that the restoration process — assuming you do have good backups. If you don’t have good backups then you are negligent anyway. But what if lives were at stake, and the restore time was too long to get you enterprise back up, but running decryption on each computer in parallel would be faster than a restore — fast enough to save those lives? I would still say that if your restore time is too long, so that lives could be lost, then your backup/restore process is inadequate, and you are still negligent...

September 30, 2020 7:49 AM

Michael Martin on Negotiating with Ransomware Gangs :

We need to regulate ransomware providers, so we can check their reputations to see whether we can trust them to provide decryption.

September 30, 2020 7:48 AM

jbmartin6 on Negotiating with Ransomware Gangs :

Payment further funds additional criminal pursuits of the attacker, enabling a cycle of ransomware crime

This argument isn’t valid. Would you tell someone being mugged to hold onto their wallet because giving it up would “fund additional criminal pursuits”? The victim should just run away, they probably won’t get shot.

September 30, 2020 7:16 AM

Anonymous on Negotiating with Ransomware Gangs :

About the regulation of Bitcoin exchanges – all the major cryptocurrency exchanges today have a KYC and security measures comparable or stricter than traditional banks. Basically all cryptocurrency transactions are irreversible so the security has to be top notch. Some of the exchanges even offer bank services like issuing VISA cards or providing loans. The times when exchanges were ran by a single enthusiast on a single server are gone...

September 30, 2020 7:14 AM

Adrian Leverkühn on Hacking a Coffee Maker :

@Anders: The lightbulb argument repeated all over the web does not prove the desired point. You can still buy extremly long-lasting incandescent lightbulbs (Used for traffic lights) but you don’t want them because their efficiency is so lousy and you are paying far more than what you save on replacing bulbs with your energy bill. If you don’t have to pay for your electricity and new bulbs are hard to get (Living in 50ies Soviet Union next to a hydropower plant?) then you love your bulbs to last long. You can still do it: Take two incandescent bulbs and connect them in series. You still get some light, and the bulbs will last for a million hours.The quote that sums it up best:”The objective is to minimize the cost of light, not the cost of lamps.” is from...

September 30, 2020 7:14 AM

Clive Robinson on Hacking a Coffee Maker :

@ Peter A.,

… the defender has to do everything right to prevent unauthorized operation, including yet-unknown methods and modes of failure …

That is the crux of the problem, we can not foresee the “unknown unknowns” and at best peer dimly for “unknown knowns” whilt trying where possible to combat the myriad of “known knowns”.

The only defence known is segregation, if your device can not be reached by attackers then their options are very limited. This does not mean hiding or obscurity but careful thoughtfull engineering, taking as many known “clases” of attack into account as is posible within the required constraints...

September 30, 2020 6:55 AM

me on Negotiating with Ransomware Gangs :

Or… get a decent backup and forget about the problem.
disk can break and people can accidentaly delete a root directory.

This doesn’t solve the theft but at least you can be sure that you can access your data.
Stealing & publishing is probably more risky for the attacker and people will probably not pay to that kind of requests

September 30, 2020 6:29 AM

Winter on Friday Squid Blogging: COVID-19 Found on Chinese Squid Packaging :

“Thus the Moon represents a very real opportunity as a longterm science / surveillance base of Earth.”

I assume the different governments are only going to do something about the spying when they are also subjected to the surveillance. As long as it is “Only Us”, nothing will happen.

Or not, as they ALL see their respective populations as the real enemy.

September 30, 2020 5:18 AM

Peter A. on Hacking a Coffee Maker :

Te devices that CAN be connected are one thing – many people would do it, out of convenience/laziness/lack of knowledge about the risk. One could still use them reasonably safely and securely by not connecting/firewalling etc. in the lack of a better alternative. I had to do this with a “smart” TV a few years ago – there simply weren’t any “dumb” TV to buy that had the set of signal inputs I needed to connect all my stuff. The old CRT one was failing repeatedly and did not have HDMI...

September 30, 2020 4:43 AM

Clive Robinson on Friday Squid Blogging: COVID-19 Found on Chinese Squid Packaging :

@ vas pup,

The United Arab Emirates announced a new project on Tuesday to land an unmanned spacecraft on the moon by 2024.

It’s something that people do not think about much, but “Space is becoming weaponised year by year”, it’s also getting filled with,”apparent junk”. If you link the two ideas together it does not take long to realise that it’s becoming like the cold war submarine game of a nuclear boomber with between ten and thirty multiple nuke warhead rockets was the “unseen deterent threat”. Which spawed the new generation of “Hunter-Killer” subs. Thus how much of that junk is realy junk?...

September 30, 2020 4:06 AM

Clive Robinson on On Executive Order 12333 :

@ WmG,

But Churchill did quip that J. F. Dulles was “The only bull I know who carries his own china shop around with him.”

The china shop being “the US State Dept” which from the looks of it is still suffering from the old bulls ghost… So the three generations rule of thumb looks like it’s still running….

It still amazes my as to US Gov Appointees, the old,

“More money than sense”

Rule still applies I guess…...

September 30, 2020 3:45 AM

SpaceLifeForm on On Executive Order 12333 :

@ Clive

The current Batcache setting is for 5 minutes.

So, as a test, the next time you see this problem, wait 5 minutes, and then force a reload.

If that does not get an updated page, then there may be a different issue.

Like a cache timer that keeps getting reset when it should not.

September 30, 2020 1:34 AM

Winter on Friday Squid Blogging: COVID-19 Found on Chinese Squid Packaging :

@vas pup
“More than 2 million people around the world have had their personal data collected on behalf of Chinese intelligence services, according to a leak of a dataset made public earlier this month by an Australian cyber security consultancy.”

I think all major countries are compiling databases of all people who are online. The breeches that became public showed an interest in, eg, all US public service officials...

September 30, 2020 1:18 AM

WmG on On Executive Order 12333 :

@ Clive Robinson

No, not pleasant men.

The history of prominent families in the US going into politics may vary by region. But the rise of huge money makes holding office unpredictable and subject to the prerogatives of the wealthy. And national politics has become so brutal that people like the Lodge family no longer seem to be interested. The Kennedy charm seems to be wearing off. The Bush family has shown signs of continuing hope for time in the spotlight, but perhaps suffers a lack of political talent...

September 30, 2020 1:17 AM

Ike on CEO of NS8 Charged with Securities Fraud :

First they will bankrupt him with legal fees, then they will enforce all kind of work and business restrictions so he can not pay his lawyers then he will be forced to plead guilty otherwise go to trial where conviction rate is 99.99%.

September 30, 2020 12:36 AM

Winter on Friday Squid Blogging: COVID-19 Found on Chinese Squid Packaging :

“If there were any such journalism. It’s humorously macabre to hear this said by a newspaper.”

It is easy to recognize independent journalism. Eventually it criticizes all sides and everyone, because no side and no person is perfect and without fault. Everyone makes mistakes.

I was once in a dinner discussion with people from Finland and Poland about MSM and independent journalism. One of Polish guests stated that newspapers are divided by political party and that one side will always defend the current government, the other side will always attack them...

September 30, 2020 12:22 AM

SpaceLifeForm on On Executive Order 12333 :

@ Clive, Moderator

In re stale pages

It may just be batcache default settings.


Page caching is one of the three levels of caching Pressable uses to ensure your site loads quickly and efficiently.

To achieve page caching, we use a drop-in plugin called Batcache, which is “symlinked” as advanced-cache.php in the wp-content folder on every Pressable site...

September 30, 2020 12:10 AM

Singular Nodals on Friday Squid Blogging: COVID-19 Found on Chinese Squid Packaging :

@vas pup

Re: “… Independent journalism is a pillar of open society …”

If there were any such journalism. It’s humorously macabre to hear this said by a newspaper.

“So again, we have almost up to the last instant trusted the newspapers as organs of public opinion. Just recently some of us have seen (not slowly, but with a start) that they are obviously nothing of the kind. They are, by the nature of the case, the hobbies of a few rich men.”...

September 29, 2020 10:50 PM

Phaete on Hacking a Coffee Maker :

I’m quite a bit put off by one of the remarks at the end of the original article.

Even if we were to contact the vendor, we would likely get no response. According to their website, this generation of coffee maker is no longer supported. So users should not expect a fix.

So he doesn’t give a rat’s arse about the fact that the company can send an email to the registered users warning them, or any other actions the company might take...

September 29, 2020 10:41 PM

H. K. Telemacher on Hacking a Coffee Maker :

But, I can still get a half double decaffeinated half-caf, with a twist of lemon, right ?

September 29, 2020 8:08 PM

Clive Robinson on Hacking a Coffee Maker :

@ Suferick,

After 22 years, an implementation of HTCPCP

Does that mean I have to wait another 16 years for an RFC 7168 (April 2014 which documents how the TEA extension to HTCPCP) compliant “teas-maid” to be implemented?

Man that’s a long time to wait for a high tech Brownian motion generator…

At this rate of progress how many years before a RFC detailing a “COCO” extension?


September 29, 2020 6:00 PM

Andres on Hacking a Coffee Maker :

@David Leppik

Yep, same with printer’s ink cartridge.
Or cell phones batteries. Special chip
inside. Use only our. I remember iphone
chargers with special resistor patterns
they control.

But “specially designed” firmware makes
very easy to cripple the product. Just
order programmer to introduce some time
related bug – after 3 years some variable
wraps over and you have expensive brick.
Essentially hidden ransomware – pay or no...

September 29, 2020 5:57 PM

Hison Hison on 2017 Tesla Hack :

By the way, guys, since we are talking about cars, I can’t help but say that here you should definitely think about how to find out the details of the same crankshaft without any special difficulties and problems. You know, for many motorists to find out the details of the crankshaft is like nothing new, but in fact, even they do not know the details of its structure and often in case of failure go to the SERVICE station and spend a lot of money and could fix it themselves if they understood its details. It’s actually not as difficult as it may seem, because I tell myself that then you should read this article ...

September 29, 2020 5:20 PM

David Leppik on Hacking a Coffee Maker :


It’s already happened, only they are upfront enough to let you know that it will only brew coffee from the manufacturer’s pods. Also, they can discontinue that kind of pod at any time, although that would simply invite you to change brands.

Sidebar photo of Bruce Schneier by Joe MacInnis.