Main Menu

Recent posts

#21
General Discussion / Re: Hacking taken to a whole n...
Last post by Shadowwolf - February 18, 2015, 12:59:23 PM
Yea like I said they once had a place and a purpose but now the world has changed but they still work as though it hasn't.

I think this might be the catalyst to finally force manufacturers to change and fix a problem thats existed for a very long time but has gone otherwise ignored because of the rarity of issue and in favor of profits. Even if this area gets fixed and this kind of attack can be negated, there will always be another around the corner. Its a never ending game of staying ahead of those who seek to use technology for malicious purpose but most people don't view that as an important thing to consider in modern business.

Just look at the Sony hack. It happened because of bad if not non-existent security practices and poorly educated Admins. There also needs to be checks and balances in government sanctioned spying to insure that it isnt abused. We have allowed these agencies to operate autonomously for so long though that they've found loopholes and ways around laws and regulation to hide things from oversight. To further complicate that, the vast majority of those political leaders who are tasked with such oversight are ignorant to the ways of how technology works.

Even the appointee of the White House Cybersecurity guy is ignorant of the technology and has even bragged about that as if it is somehow a positive when it isnt. - https://www.techdirt.com/articles/20140821/12255328276/white-houses-cybersecurity-guy-proud-his-lack-cybersecurity-knowledge-skills.shtml

I believe privacy is an intrinsic right for everyone. Unfortunately these days it feels as though I live in the minority with that opinion. Atop that, its difficult to fight for privacy when people willingly give up and sign away that right to companies for the sake of being better connected with friends online. I don't believe there should be such a tradeoff.
#22
General Discussion / Re: Hacking taken to a whole n...
Last post by Grendeel - February 18, 2015, 03:22:04 AM
I began reading the article with the mind thought of "oh here we go again, more intrusions into our privacy".  After getting a little ways into it, that mind thought changed.   Reading this is the type of spyware that was used to destroy 1000 centrifuges in Iran made me think it has its potential for good usage.   I get why agencies like NSA exist.

.   Back in earlier years, one could trust a government to use these types of agencies for altruistic purposes (or at least that's how i viewed them....might have been just wishful thinking).  In todays world those agencies have morphed into something that is used to hide all kinds of things not related to national security.  Its become a political tool to hide wrong doing,  or used to gather/provide data to the private sector for economic benefits.   It happens at all kinds of levels too.  You take the "no fly list" for example.  Something where if you are put on it, your life can become extremely difficult if you need to move around a lot.  And no one "knows" how one gets on it.   Joseph Kennedy, a senator from Massachusetts was place on it.  Im absolutely sure that was done out of political motivation.   This is just one simple example about "secrets" and how they are used to cover up non national security issues.

I also found this report by Kaspersky Labs very disturbing.  While it does and will continue to have benefits,  i have no doubt it will be used for nefarious purposes.  Not only by the NSA and agencies like that around the world, but the private sector as well.   The stealing 40 million target customer accounts issue might just be the beginning of evil things to come.

Very disturbing report :(
#23
General Discussion / Re: Hacking taken to a whole n...
Last post by Shadowwolf - February 17, 2015, 08:05:20 PM
Ah its on that? Havent read it yet still. TBH idk how I feel about this "news" because it's technically what the NSA was supposed to be doing if it only targeted those foreign countries. Doesn't make it "okay" but thats what the agency is for. As with everything though it can be used to further mass spying here too, but then it also has to be with consent of network owners so if they were using it here, they shouldnt shoulder the blame entirely.

One can argue that they have no official mandate to be doing anything, but then governments as a whole operate through invented purposes and without mandate so that doesnt necessarily invalidate them.

Something tells me that this wasnt entirely unknown previously and is only being reported on because these countries found out and are now pissed, rightfully so.

I'm honestly not sure how I feel about it, but as with everything NSA these days, how much of this effort was used within US borders or against US people. I know some folks might think ill of me for just considering the US as there are other countries, but we have to stop pretending the NSA and the US is the only country and agency doing spying on others. The problem is that admittedly, ours are a lot better than most which is a bad thing in the sense that they have gained an inflated ego and now operate beyond their intended limits and permissions.

Truth be told I don't really agree with the NSA as an existing agency. I think during the cold war and prior it had a function, but that function is long over and it like most government agencies formed at a time where the world was different than it is today, has tried to evolve and find a use to fill, only the function they've performed to date has done little to benefit this country and more to harm reputation and trust globally. Granted I am only aware of public records and have a little inside knowledge of specific events. With the abuse of "Eyes Only" and "National Security Privilege" as well as "Presidential Privilege" its hard to get accurate info from any agency anymore as to its effectiveness. The expected and not at all surprising end result of the establishment of the FOIA. While the premise was good and the motivation behind FOIA was positive, it's implementation and the loopholes available to avoid it are vast and should have been addressed as well if not first.

Im just not surprised by the news as Ive know there to be methods of embedding malware and viruses within hard drive firmware as well as other device firmware for a while now. It's just very hard to do and requires a whole lot of information to pull off. To those outside the tech arena, yea, this can feel like a gut shot and a "HOLY CRAP!?" kind of moment but there are a lot more things that the general public probably arent aware of with technology that are right up along side with this if not worse with regard to spying. The "Internet of Things" for example is an absolute mess and has opened the world up to spying in more than just on your computer. Manufacturers have know this problem for years but no one really did a lot to remedy or combat it because the abuse again required a lot of knowledge and info and it was rare to see. Microsoft's whole "Secure Boot" nonsense was their attempt at solving it and in usual MS fashion they screwed it up beyond belief by trying to profit off it.

This may be the catalyst in the media spotlight that finally pressures manufacturers to fix this hole thats existed...well since embedded software existed. I remember doing all sorts of things back in the 90s with embedded firmware on different devices and components. Was a printer at the Space and Naval Warfare Research Center in San Diego back then that was found to be sending copies of every print job over the net to an address in Russia so this isnt something inherently new to the US alone. The network card had a set of malware embedded within its firmware that carried out the task. I demonstrated back in 2001 at a convention similar attacks and risks also.

I look at things this way. Technology is not intrinsically good nor evil, it falls down to how it is used. Spying will never go away and will always exist and governments who carry it out will always get greedy for more and more information which is why citizens of every nation need to take measures to protect themselves and not rely on the word or good will of governments to not abuse their skills or power.
#24
General Discussion / Re: Hacking taken to a whole n...
Last post by Grendeel - February 17, 2015, 04:57:14 PM
You certainly would know more about this than me :)   I think though the article from that particular website is more just  reporting on the report kaspersky made at the security forum.    That report is probably something you would find interesting as opposed to the websites take on it.

There was several articles on that security forum report including one in the NYT.  I just happened to link that particular article :P
#25
General Discussion / Re: Hacking taken to a whole n...
Last post by Shadowwolf - February 17, 2015, 03:12:14 PM
Not sure about this as theres been viruses and malware that embed into the HDD firmware a while now so idk if this is new. I tend to avoid Ars because their writers are not really good. They like to sensationalize a lot and are heavily biased on their opinions and quick to attack critics. I'll give it a read though in time, just not sure how "new" or accurate this is.

There may have been some collusion between the NSA and the Malware/Virus programs on the market that can actually scan MBRs and all which wouldnt surprise me since they collaborated with RSA on encryption and various other companies like Cisco. I'm just a little skeptical because breaking news doesnt typically come from that site.

I tend to stick to TechDirt and Packet Storm. Occasionally some good nuggets come out of Ars, but they are owned by Condé Nast now which tends to limit the amount of quality.
#26
General Discussion / Hacking taken to a whole new l...
Last post by Grendeel - February 17, 2015, 03:36:40 AM
Or more aptly put, its been going on for several years at this level.

"Some group" (cough NSA) has developed ways to install malware that is impossible to detect and impossible to erase.  Among other things this technology actually embeds itself into the firmware of harddrives.  Drives its been located on include Western Digital, Maxtor, Samsung, IBM, Micron, Toshiba, and Seagate.

Its rather technical to read (for me) but this article still gives a good perspective of what has/is happening in the espionage world these days.   This article is produced based on a Kaspersky Lab report (they make what i consider one of the better anti-virus software packages available)  presented at a risk assessment/security conference.

Its worth a read imo

http://arstechnica.com/security/2015/02/how-omnipotent-hackers-tied-to-the-nsa-hid-for-14-years-and-were-found-at-last/
#27
Website Fixes and Changes / *FIXED* Gamer Profile Tag Popu...
Last post by Shadowwolf - January 19, 2015, 06:29:49 PM
The popup displays for profile tags of Steam and PSN have been fixed.

[attach=1]

[attach=2]
#28
Website Fixes and Changes / Re: Changing Signup System Soo...
Last post by Shadowwolf - January 14, 2015, 09:25:08 AM
Some preliminary testing has yielded some unfortunate conclusions where Blizz is not allowing access to the Events/Calendar via the API. So I will explore other means but this means keep using our system for the time being.
#29
Website Fixes and Changes / Re: Changing Signup System Soo...
Last post by Tolwen - January 13, 2015, 11:32:25 AM
Thanks Shadow, That would be awesome! Didn't know you could view the in game sign up system from the mobile app.
#30
Website Fixes and Changes / Changing Signup System Soon
Last post by Shadowwolf - January 13, 2015, 10:04:18 AM
Just a heads up,

I will be altering the signup system here on the forum to integrate directly into Blizzards in-game events system. The reason for this is because you can use the Blizzard Armory app on phones to view and sign up for guild events easily as well as the web via BattleNet. It makes invites easier and other things easier as well.

[attach=1]

How long this integration will take I dont know, depends on how cooperative the API Blizz provides is. More than likely the signup system we have now will be removed entirely and the links to events both on the main page and on the navigation menu will take you to the BattleNet page for that event.

The eventual plans for the Signup system was to build an app or make mobile viewing easier as most people use their tablets/phones to peek at the site these days for the schedule, so this saves me from having to build an app for something that already exists and utilizes more information directly from WoW that I wouldnt have access to.