Chinese electronics firm Hangzhou Xiongmai is set to recall swathes of webcams after they were compromised by the Mirai botnet.
 
Mirai exploits the low security standards of internet-connected devices, from routers to webcams, and after enslaving them with malware uses their network connections to launch DDoS attacks, such as that hobbling Dyn's DNS services last week.

Sauce of regret: http://www.theregister.co.uk/2016/10/24/chinese_firm_recalls_webcams_over_mirai_botnet_infection_ddos_woes/

Fixed again, whatever mod is taking the plural out of CPUs and making it into a possessive CPU's, please stop.

@Dashrender said in Indian Authorities Arrest Seventy and Question Over Six Hundred in IRS Scam Bust:

Damn.

"We had a mole go in to the call centres to verify. The best part is that they were actually recording all their calls. We have recovered 851 hard disks on which the calls were recorded, so we’re going through those now," Singh told The Guardian.

Awesome - I wonder who paid them to do that?

Better ask another question: Who wrote precise instructions to do so.

It's quite a good show, I watch it often. Good place for science news.

@Dashrender said in Yahoo Caught Giving Email Contents to Government Agencies:

Can't gmail act like a Pop3 client and go get the mail? So this really doesn't keep people from using another service like gmail.

O365 does too. And any client like Thunderbird or Outlook would fix this too.

@scottalanmiller said in Did HP Break the Law Vandalizing Your Printer?:

@IRJ that sums things up. We've not advanced past Okidata.

Gah, stop with the painful (yet colorful) memories!

@scottalanmiller said in Yahoo Breach Hit Half Billion Users:

Attack on Yahoo hit 500 million users
http://www.bbc.co.uk/news/world-us-canada-37447016

I was wondering when it was going to be confirmed. Yahoo kept wiping their brow and saying "Man, this is going to lower our value to Verizon... how do we spin this?"

@scottalanmiller said in Cambridge Proves FBI Lied About Needing iPhone Backdoor:

@NattNatt said in Cambridge Proves FBI Lied About Needing iPhone Backdoor:

@pchiodo said in Cambridge Proves FBI Lied About Needing iPhone Backdoor:

The goal was never to get into just one phone. They wanted a legal precedent that would allow them to force a manufacturer to assist in breaking any phone, along with the potential to use the same case to force manufacturers to provide an encryption back door.

But they already have that? The smurf toolset gives all of that anyways doesn't it...?

Yes, but they'd have to admit having it. So mostly this was probably an attempt to get people to think (And it worked too) that they didn't have a capability that they already clearly have. It wasn't just about getting legal power, it was about trying to hide their actual toolsets.

It's not called Smurf in the US, but we buy Smurf from the UK and rebrand it, I'm told.

Yeah, the good old Snowden leak gave away far more than they ever wanted to be known...

Yeah, I knew it's a joint op between GCHQ and the NSA, wasn't sure as to which side "made" more of it etc

@travisdh1 said in Seagate Sued by Own Employees Over Security Breach:

@IRJ said in Seagate Sued by Own Employees Over Security Breach:

@scottalanmiller said in Seagate Sued by Own Employees Over Security Breach:

Tagging @stus

I read the Knowbe4 Blog Daily. I love it!

I saw this attack on there this morning.

I signed up for the email summaries. Great blog site.

I love how their blog articles are technical, but also include a summary for non-technical people.

@Dashrender said in Sophos False Positive with WinLogon.EXE:

@StrongBad said in Sophos False Positive with WinLogon.EXE:

@Dashrender said in Sophos False Positive with WinLogon.EXE:

other than webroot, who's had more false positives at my one client who uses them than panda that I have been running for 10+ years.

I'm not understanding your statement. This feels like only part of a sentence. Is this a question?

It's a statement - I'll re-word.

Webroot has had more false positives in the 3 years a client of mine has been using Webroot, than I have had in the 10+ years another client has been using Panda AV.

So while I love Webroot (primarily the journaling), it does require more support than other options I have/do use.

I see, thanks for the clarification. That's not what I had read you to mean at all. That makes more sense.

I think that he skips mentioning that PPP, the Point to Point Protocol is not a VPN protocol. Even in the 1990s it was not considered that as it is not virtually private, as a VPN is. It's useful to have mentioned here and the Network+ might require it and it is certainly good to know and understand, but he lists it along with VPN protocols and I didn't hear him ever point out that it isn't a VPN Protocol even though it was the first one mentioned in the VPN Protocol list.

@Richard_Cylance said in Cylance Questions:

FTFY - Sold = Lost. Exec = guru

This reminded me of the following Simpsons clip:
Youtube Video

@DustinB3403 said in RDP support for VMs or Console only Access:

Opening up RDP access (not necessarily from the Internet) but in general just opens more ports, more firewall changes etc.

Sure, but granting unnecessary access to the console does that, too. You need access to the VMs from far more places than you need it to the console.

@DustinB3403 said in Talking security during the server talk, question for you all.:

Are you going to be discussing Kali linux, or just touching on it?

Security is a very broad subject matter.

As this is supposed to be server, just talking about the basics to secure a Linux server. I'm thinking just cover the basics of "I've got my widget configured, what should I do before exposing it to the world?"

Kali would be bullet point, something like "Run the Kali hacking tools on it"