Definitely my security teacher. He actually expected us to actively learn the stuff and put effort into our education. He guided us through malware analysis and reverse engineering, simplifying it without insulting us.

We had students who thought they knew everything and he corrected them. We had arrogant students he put in place.

He treated us like adults and expected us to act like adults.

That's the only class I enjoyed studying for, because he would tell us exactly what wasn't on the exams (it was an intro course, didn't need to know the math). There were no trick questions.

I told him about the shitty teacher and he helped me through that confidence block. He helped me realize I *can* make it through the workforce as a female in security because I will work my ass off to be the best I can be. He reminded me why I love computers and why I want to go into forensics.

He's been a great mentor and role model and hiring him is one of the few things my department did right.

Navy story time, and this one is lengthy.
As a Lieutenant Jr. I served for a year on a large (>100m) ship, with the duties of assistant navigation officer, and of course, unofficial computer guy. When I first entered the ship (carrying my trusty laptop), I had to wait for 2 hours at the officer's wardroom... where I noticed an ethernet plug. After 15 minutes of waiting, I got bored. Like, really bored. What on TCP/IP could possibly go wrong?
So, scanning the network it is. Besides the usual security holes I came to expect in ""military secure networks"" (Windows XP SP2 unpatched and Windows 2003 Servers, also unpatched) I came along a variety of interesting computers with interesting things... that I cannot name. The aggressive scan also crashed the SMB service on the server causing no end of cute reactions, until I restarted it remotely.
But me and my big mouth... I actually talked about it with the ship's CO and the electronics officer, and promptly got the unofficial duty of computer guy, aka helldesk, technical support and I-try-to-explain-you-that-it-is-impossible-given-my-resources guy. I seriously think that this was their punishment for me messing around. At one time I received a call, that a certain PC was disconnected. I repeatedly told them to look if the ethernet cable was on. "Yes, of course it's on, I am not an idiot." (yea, right)
So I went to that room, 4 decks down and 3 sections aft. Just to push in the half-popped out ethernet jack. I would swear it was on purpose, but reality showed me I was wrong, oh so dead wrong.
For the full year of my commission, I kept pestering the CO to assign me with an assistant to teach them, and to give approval for some serious upgrades, patching and documenting. No good.
I set up some little things to get them interested, like some NMEA relays and installed navigation software on certain computers, re-enabled the server's webmail and patched the server itself, tried to clean the malware (aka. Sisyphus' rock), and tried to enforce a security policy. I also tried to convince the CO to install a document management system, to his utter horror and refusal (he was the hard copy type, as were most officers in the ship). I gave up on almost all besides the assistant thing, because I knew that once I left, everything would go to the high-entropy status of carrying papers around, but the CO kept telling me that would be unnecessary.
"You'll always be our man, you'll fix it (sic)".
What could go wrong?
I got my transfer with 1 week's notice. Panic struck. The CO was... well, he was less shocked than I expected, but still shocked (I learned later that he knew beforehand, but decided not to tell anybody anything). So came the most rediculous request of all:
To put down, within 1 A4 sheet, and in simple instructions, the things one had to do in order to fulfil the duties of the computer guy.
I. SHIT. YOU. NOT.
My answer:
"What I can do is write: 'Please read the following:', followed by the list of books one must read in order to get some introductory understanding of network and server management, with most accompanying skills."
I was so glad I got out of that hellhole.

Da Fuck!?!
Yesterday I found some abnormal activity on my server, someone was trying to brute force my ssh as root since two days! Started raging and installed fail2ban (which automatically bans an IP if it fails to log X times and eventually sends me an email). Woke up this morning to find that a fucking Chinese guy/malware spent the whole night trying to brute Force me!
Fucking cunt! Don't you have any better to do!!
My key is a 32 characters long encrypted key, with the ban he can try 3 passwords /2 hours, good luck brute forcing it you bitch!

This rant is a confession I had to make, for all of you out there having a bad time (or year), this story is for you.

Last year, I joined devRant and after a month, I was hired at a local company as an IT god (just joking but not far from what they expected from me), developer, web admin, printer configurator (of course) and all that in my country it's just called "the tech guy", as some of you may know.

I wasn't in immediate need for a full-time job, I had already started to work as a freelancer then and I was doing pretty good. But, you know how it goes, you can always aim for more and that's what I did.

The workspace was the usual, two rooms, one for us employees and one for the bosses (there were two bosses).

Let me tell you right now. I don't hate people, even if I get mad or irritated, I never feel hatred inside me or the need to think bad of someone. But, one of the two bosses made me discover that feeling of hate.

He had a snake-shaped face (I don't think that was random), and he always laughed at his jokes. He was always shouting at me because he was a nervous person, more than normal. He had a tone in his voice like he knew everything. Early on, after being yelled for no reason a dozen of times, I decided that this was not a place for me.

After just two months of doing everything, from tech support to Photoshop and to building websites with WordPress, I gave my one month's notice, or so I thought. I was confronted by the bosses, one of which was a cousin of mine and he was really ok with me leaving and said that I just had to find a person to replace me which was an easy task. Now, the other boss, the evil one, looked me on the eye and said "you're not going anywhere".

I was frozen like, "I can't stay here". He smiled like a snake he was and said "come on, you got this we are counting on you and we are really satisfied with how you are performing till now". I couldn't shake him, I was already sweating. He was rolling his eyes constantly like saying "ok, you are wasting my time now" and left to go to some basketball practice or something.

So, I was stuck there, I could have caused a scene but as I told you, one of the bosses was a cousin of mine, I couldn't do anything crazy. So, I went along with it. Until the next downfall.

I decided to focus on the job and not mind for the bad boss situation but things went really wrong. After a month, I realised that the previous "tech guy" had left me with around 20 ancient Joomla - version 1.0 websites, bursting with security holes and infested with malware like a swamp. I had never seen anything like it. Everyday the websites would become defaced or the server (VPN) would start sending tons of spam cause of the malware, and going offline at the end. I was feeling hopeless.

And then the personal destruction began. I couldn't sleep, I couldn't eat. I was having panick attacks at the office's bathroom. My girlfriend almost broke up with me because I was acting like an asshole due to my anxiety issues (but in the end she was the one to "bring me back"(man, she is a keeper)) and I hadn't put a smile on my face for months. I was on the brink of depression, if not already there. Everyday I would anxiously check if the server is running because I would be the one to blame, even though I was trying to talk to the boss (the bad one was in charge of the IT department) and tell him about the problem.

And then I snapped. I finally realised that I had hit rock bottom. I said "I can't let this happen to me" and I took a deep breath. I still remember that morning, it was a life-changing moment for me. I decided to bite the bullet and stay for one more month, dealing with the stupid old server and the low intelligence business environment. So, I woke up, kissed my girlfriend (now wife), took the bus and went straight to work, and I went into the boss's office. I lied that I had found another job on another city and I had one month in order to be there on time. He was like, "so you are leaving? Is it that good a job the one you found? And when are you going? And are you sure?", and with no hesitation I just said "yup". He didn't expect it and just said "ok then", just find your replacement and you're good to go. I found the guy that would replace me, informing him of every little detail of what's going on (and I recently found out, that he is currently working for some big company nowadays, I'm really glad for him!).

I was surprised that it went so smoothly, one month later I felt the taste of freedom again, away from all the bullshit. Totally one of the best feelings out there.

I don't want to be cliche, but do believe in yourself people! Things are not what the seem.

With all that said, I want to give my special thanks to devRant for making this platform. I was inactive for some time but I was reading rants and jokes. It helped me to get through all that. I'm back now! Bless you devRant!

I'm glad that I shared this story with all of you, have an awesome day!

What seems to be the problem? Oh, is your wordpress site hacked/infected with malware?

So I guess you decided to disable updates because it might break your shitty little site? And I guess you thought those warnings you got from me and multiple colleagues about what could happen when you didn't update your wordpress bullshit weren't that serious?

Hold on, you want *US* to restore *YOUR* hosting backups?

Hahahahahaha-no.

Go clean up your own fucking bullshit. But, before you click that restore button, please take a cactus, carve 'I am a stupid wordpress cunt' into it, dip it in a bathtub of with blood mixed-infected cum and shove it up your ass.

Oh yeah I'm aware that that won't help your situation but it might keep you from reproducing and at least it'll give me some satisfaction.

I'm getting ridiculously pissed off at Intel's Management Engine (etc.), yet again. I'm learning new terrifying things it does, and about more exploits. Anything this nefarious and overreaching and untouchable is evil by its very nature.

(tl;dr at the bottom.)

I also learned that -- as I suspected -- AMD has their own version of the bloody thing. Apparently theirs is a bit less scary than Intel's since you can ostensibly disable it, but i don't believe that because spy agencies exist and people are power-hungry and corrupt as hell when they get it.

For those who don't know what the IME is, it's hardware godmode. It's a black box running obfuscated code on a coprocessor that's built into Intel cpus (all Intell cpus from 2008 on). It runs code continuously, even when the system is in S3 mode or powered off. As long as the psu is supplying current, it's running. It has its own mac and IP address, transmits out-of-band (so the OS can't see its traffic), some chips can even communicate via 3g, and it can accept remote commands, too. It has complete and unfettered access to everything, completely invisible to the OS. It can turn your computer on or off, use all hardware, access and change all data in ram and storage, etc. And all of this is completely transparent: when the IME interrupts, the cpu stores its state, pauses, runs the SMM (system management mode) code, restores the state, and resumes normal operation. Its memory always returns 0xff when read by the os, and all writes fail. So everything about it is completely hidden from the OS, though the OS can trigger the IME/SMM to run various functions through interrupts, too. But this system is also required for the CPU to even function, so killing it bricks your CPU. Which, ofc, you can do via exploits. Or install ring-2 keyloggers. or do fucking anything else you want to.

tl;dr IME is a hardware godmode, and if someone compromises this (and there have been many exploits), their code runs at ring-2 permissions (above kernel (0), above hypervisor (-1)). They can do anything and everything on/to your system, completely invisibly, and can even install persistent malware that lives inside your bloody cpu. And guess who has keys for this? Go on, guess. you're probably right. Are they completely trustworthy? No? You're probably right again.

There is absolutely no reason for this sort of thing to exist, and its existence can only makes things worse. It enables spying of literally all kinds, it enables cpu-resident malware, bricking your physical cpu, reading/modifying anything anywhere, taking control of your hardware, etc. Literal godmode. and some of it cannot be patched, meaning more than a few exploits require replacing your cpu to protect against.

And why does this exist?
Ostensibly to allow sysadmins to remote-manage fleets of computers, which it does. But it allows fucking everything else, too. and keys to it exist. and people are absolutely not trustworthy. especially those in power -- who are most likely to have access to said keys.

The only reason this exists is because fucking power-hungry doucherockets exist.

One comment from @Fast-Nop made me remember something I had promised myself not to. Specifically the USB thing.
So there I was, Lieutenant Jr at a warship (not the one my previous rants refer to), my main duties as navigation officer, and secondary (and unofficial) tech support and all-around "computer guy".
Those of you who don't know what horrors this demonic brand pertains to, I envy you. But I digress. In the ship, we had Ethernet cabling and switches, but no DHCP, no server, not a thing. My proposition was shot down by the CO within 2 minutes. Yet, we had a curious "network". As my fellow... colleagues had invented, we had something akin to token ring, but instead of tokens, we had low-rank personnel running around with USB sticks, and as for "rings", well, anyone could snatch up a USB-carrier and load his data and instructions to the "token". What on earth could go wrong with that system?
What indeed.
We got 1 USB infected with a malware from a nearby ship - I still don't know how. Said malware did the following observable actions(yes, I did some malware analysis - As I said before, I am not paid enough):
- Move the contents on any writeable media to a folder with empty (or space) name on that medium. Windows didn't show that folder, so it became "invisible" - linux/mac showed it just fine
- It created a shortcut on the root folder of said medium, right to the malware. Executing the shortcut executed the malware and opened a new window with the "hidden" folder.
Childishly simple, right? If only you knew. If only you knew the horrors, the loss of faith in humanity (which is really bad when you have access to munitions, explosives and heavy weaponry).
People executed the malware ON PURPOSE. Some actually DISABLED their AV to "access their files". I ran amok for an entire WEEK to try to keep this contained. But... I underestimated the USB-token-ring-whatever protocol's speed and the strength of a user's stupidity. PCs that I cleaned got infected AGAIN within HOURS.
I had to address the CO to order total shutdown, USB and PC turnover to me. I spent the most fun weekend cleaning 20-30 PCs and 9 USBs. What fun!
What fun, morons. Now I'll have nightmares of those days again.

I don't know what the hell this is, but my idiotic brother downloaded it.

I uninstalled it, but if it's malware, I'll be pissed off.

He literally just came up to me, and said that he clicked a link on YouTube to download something. He even said, "It's an invisible app."

He says it's invisible, because you can't find it unless you check the apps setting.

I hate Linux so much. I mean, how could anyone of you barbarians like it??

I don't understand the hate for windows. It's secure, emphasizes privacy, and it's Microsoft. What's not to love?

Linux is just proprietary malware.

(I wrote most of this as a comment in reply about Microsoft buying GitHub on another rant but decided to move it here because it is rant worthy. Also, no, I'm not a Microsoft employee nor do I have any Microsoft stock).

Microsoft buying GitHub makes sense. They contribute more to the open source community on GitHub than any other company. (Side note, they also contribute/have contributed to the Linux Kernel).

Steve Ballmer isn't running the show anymore. Because of that, we have awesome things like:

* Visual Studio Code - Completely free and powerful light weight IDE for coding in just about any script or language. This IDE is also open source, hosted on GitHub. It can be installed on Win/Mac/Linux.

* Visual Studio Community Edition: fully featured flagship IDE free for solo developers and students, can be installed on Win/Mac.

* Fully featured Sql Server running in a Docker container.

* .Net Core, which can be compiled to native binaries of Windows, MacOS AND Linux. You can't even do that with Java, you have to first have the JVM installed in order to run any kind of Java code on any of those operating systems. .Net Core is also an absolutely beautiful framework with so many features at your disposal.

...and more.

Yes, they've done bonehead things in the past but who/which company hasn't. Yes, they have Cortana. Yes, they force Bing on you when searching with Cortana (does anyone actually regularly use Cortana? Or Bing?). Yes, their operating system costs money. Yes, their malware-style Upgrade-to-Windows-10 tactics were evil and they admitted such. Yes, they brought ads and other unfortunate things to Skype. I'd be lying if I said I wasn't concerned about that Skype bit translating over into GitHub. BUT, the fact that so many of their employees use GitHub daily means they are dogfooding the platform, which is a positive thing.

Despite the flaws, from the perspective of a software engineer they really should be given a lot of credit for all these new directions they are moving in now. They directly aim to help and contribute to the developer community. Plus, Windows 10 is finally getting a dark theme! haha.

I think Microsoft buying GitHub makes a lot of sense. Of course do what you want about it, feel how you want about it, but casting the same ol' shade at them for anything they do seems a bit like automatic reflex more than anything else.

I'm bracing myself for the impending wave of angry hornets from the nest I just kicked. In all seriousness though, I welcome discussion on the topic even if you feel differently than I do. I'm not saying there's no reason to dislike them, just saying there are lots of new reasons to hate them less and/or appreciate what they are doing now.

Somebody with more technical expertise than me should write a virus that infects pc's but the only impact is that it updates Internet Explorer to the most current version... Call it "honorable malware" 😆

"Thank you for choosing Microsoft!"

No Microsoft, I really didn't choose you. This crappy hardware made you the inevitable, not a choice.

And like hell do I want to run your crappy shit OS. I tried to reset my PC, got all my programs removed (because that's obviously where the errors are, not the OS, right? Certified motherfuckers). Yet the shit still didn't get resolved even after a reset. Installing Windows freshly again, because "I chose this".

Give me a break, Microshaft. If it wasn't for your crappy OS, I would've gone to sleep hours ago. Yet me disabling your shitty telemetry brought this shit upon me, by disabling me to get Insider updates just because I added a registry key and disabled a service. Just how much are you going to force data collection out of your "nothing to hide, nothing to fear" users, Microsoft?

Honestly, at this point I think that Microsoft under Ballmer might've been better. Because while Linux was apparently cancer back then, at least this shitty data collection for "a free OS" wasn't yet a thing back then.

My mother still runs Vista, an OS that has since a few months ago reached EOL. Last time she visited me I recommended her to switch to Windows 7, because it looks the same but is better in terms of performance and is still supported. She refused, because it might damage her configurations. Granted, that's probably full of malware but at this point I'm glad she did.

Even Windows 7 has telemetry forcibly enabled at this point. Vista may be unsupported, but at least it didn't fall victim to the current status quo - data mining on every Microshaft OS that's still supported.

Microsoft may have been shady ever since they pursued manufacturers into defaulting to their OS, and GPU manufacturers will probably also have been lobbied into supporting Windows exclusively. But this data mining shit? Not even the Ballmer era was as horrible as this. My mother may not realize it, but she unknowingly avoided it.

I've got a confession to make.

A while ago I refurbished this old laptop for someone, and ended up installing Bodhi on it. While I was installing it however, I did have some wicked thoughts..

What if I could ensure that the system remains up-to-date by running an updater script in a daily cron job? That may cause the system to go unstable, but at least it'd be up-to-date. Windows Update for Linux.

What if I could ensure that the system remains protected from malware by periodically logging into it and checking up, and siphoning out potential malware code? The network proximity that's required for direct communication could be achieved by offering them free access to one of my VPN servers, in the name of security or something like that. Permanent remote access, in the name of security. I'm not sure if Windows has this.

What if I could ensure that the system remains in good integrity by disabling the user from accessing root privileges, and having them ask me when they want to install a piece of software? That'd make the system quite secure, with the only penetration surface now being kernel exploits. But it'd significantly limit what my target user could do with their own machine.

At the end I ended up discarding all of these thoughts, because it'd be too much work to implement and maintain, and it'd be really non-ethical. I felt filthy from even thinking about these things. But the advantages of something like this - especially automated updates, which are a real issue on my servers where I tend to forget to apply them within a couple of weeks - can't just be disregarded. Perhaps Microsoft is on to something?

Had the Windows Insider Preview for a month or so to get Ubuntu Subsystem early back when it was Insider-only.

Turns out that your license policy changes when you use Preview builds: if your PC isn't updated to a certain build by checkpoints set throughout the year, your license expires and you have to reinstall Windows. No way to recover anything already on the device. So if you get Insider Preview and shut your laptop off for too long...

Thus began a killer combo attack on my Surface Pro 3.

While trying to figure out what was going on and loading up a recovery on a flash drive, the Surface Pro 3 BIOS was sitting idle behind me. On 100% CPU. The only reason I think this is that by the time I noticed the insane fan noise, the screen was hot enough to burn my finger as I tried to turn it off. The heat sensor triggered it to shut off before I could, though.

That heat sensor, however, won't turn it off if it's busy installing Windows, supposedly to keep anything from getting hopelessly corrupted. What followed we're 3 hours of fan whirring from a slab of metal hot enough to cook an egg with.

Windows is back and working. The battery indicator, however, melted during reinstallation. And the battery lasts an hour, max. Thankfully I'm not out of a tablet, but it seems to me that W10 is becoming more and more like malware, just waiting for you to activate one of it's delightful payloads.

I programmed a random credit card generator at school and saved it to my :F drive which is the private drive for students to save stuff to. That night I tried accessing my account and it had notified me that it had been locked. I went into school the next day and was called into the office, the principal and Tech Administrator were there waiting for me and asked what the file was. The Tech Administrator tried to describe to me what he found
"This gen.html file seems to be malicious and puts our school at risk. It seems to be some sort of malware and stuff like that is prohibited at school."
Now me sitting in the chair listening to this, laughing in my head just said "okay" and nodded my head because he is the type of person to argue forever. They came to the conclusion to unlock my account by the end of the semester.
Just goes to show that it doesn't take much to get a Tech Admin position at a school.

Fuck npm and the whole npm community!
Seriously, what a piece of completely uncontrolled cat litter!

First experience was getting malware from an npm package which I ranted about a while ago. That it can even happen is beyond my imagination.

Second experience was today when our app broke because a fucker who wrote a library doesn't understand semantic versioning.
If you're gonna publish an npm library, please do the whole fucking world a favour and learn how to version your shit correctly, so my app doesn't break! If you do BREAKING CHANGES don't change the fucking last version number you filthy piece of garbage!

Phew, that felt good 😧

Is it illegal to upload a malware(worm) written in python to GitHub? I'm serious :)

I've written a worm which I want to share with my friends (and possible future viewers). My intent is to share my experience. So that they can learn from it. What they are doing with it afterwards, shouldn't be my problem, I guess. (I will put a disclaimer warning in the Readme file of course)

So there is a ransomware that after infecting a device checks its geolocation. If the device is in Russia it does not encrypt anything and is harmless.

I wonder which country is this malware from...

Foday my father argued with me that:
* "HTML programmers" get payed a lot
* WordPress is awesome
* wordpress programmers get payed a lot
* WordPress doesn't need to be secure
* FileMaker is 100% virus-free (probably malware free), because not many people use it
* UX and UI design are exactly the same

First company I worked for, built around 40 websites with Drupal 7...in only a year (don't know if it's a lot for today's standards, but I was one guy doing everything). Of course I didn't have the time to keep updating everything and I continually insisted to the boss that we need more people if we are going to expand. Of course he kept telling me to keep working harder and that I "got this". Well, after a year a couple of websites got defaced, you know the usual stuff if you've been around for some time. Felt pretty bad at the time, it was a similar feeling to having your car stolen or something.

Anyways, fast forward about 2 years, started working on another company, and well...this one was on another level. They had a total of around 40 websites, with about 10 of them being Joomla 1.5 installations (Dear Lord have mercy on my soul(the security vulnerabilities from these websites only, were greater than Spiderman's responsibilities)) and the others where WordPress websites, all that ON A SINGLE VPS, I mean, come on... Websites being defaced on the daily, pharma-hacks everywhere, server exploding from malware queing about 90k of spam emails on the outbox, server downtime for maintenance happening almost weekly, hosting company mailing me on the daily about the next malware detection adventure etc. Other than that, the guy that I was replacing, was not giving a single fuck. He was like, "dude it's all good here, everything works just fine and all you have to do is keep the clients happy and shit". Sometimes, I hate myself for being too caring and responsible back then.

I'm still having nightmares of that place. Both that office and that VPS.

Story of a penguin fledgling, one of my end users whom I migrated from Win 7 to Linux Mint. She had been on Windows since Win 98 and still uses Windows at work.

Three months before. Me, Linux might not be as good, but Win 10 is even worse. User, mh.
Migration. User, looks different, but not bad.
One month later. User, it's nice, I like it.
Three months later. User, why does Windows reboot doing lengthy stuff?
Six months later. User, I hate Windows. Why is everyone using this crap?
One year later. Malware issues at work. User to IT staff, that wouldn't have happened with Linux. Me, that's the spirit!

Alright, question about graphics cards:

I want to get a six-monitor graphics card.
Currently looking at one but there's a thing:

The visiontek radeon 7750 seems great, manufacturer is AMD.

When searching for images of the *visiontek* radeon 7750 vs the AMD radeon 7750, I get different pictures, according to some product pages the visiontek amd radeon is produced by amd though....

They both have six inputs..

Point is: I'm going to run Linux on it (i refuse to install malware/spyware on my system for obvious reasons) and AMD has native Linux drivers for the radeon 7750: are those also for the visiontek radeon 7750?

I'm lost here. Help!

Taking IT classes in college. The school bought us all lynda and office365 accounts but we can't use them because the classroom's network has been severed from the Active Directory server that holds our credentials. Because "hackers." (The non-IT classrooms don't have this problem, but they also don't need lynda accounts. What gives?)

So, I got bored, and irritated, so I decided to see just how secure the classroom really was.

It wasn't.

So I created a text file with the following rant and put it on the desktop of the "locked" admin account. Cheers. :)

1. don't make a show of "beefing up security" because that only makes people curious.
I'm referring of course to isolating the network. This wouldn't be a problem except:

2. don't restrict the good guys. only the bad guys.
I can't access resources for THIS CLASS that I use in THIS CLASS. That's a hassle.
It also gives me legitimate motivation to try to break your security.

3. don't secure it if you don't care. that is ALSO a hassle.
I know you don't care because you left secure boot off, no BIOS password, and nothing
stopping someone from using a different OS with fewer restrictions, or USB tethering,
or some sort malware, probably, in addition to security practices that are
wildly inconsistent, which leads me to the final and largest grievance:

4. don't give admin priveledges to an account without a password.

seriously. why would you do this? I don't understand.
you at least bothered to secure the accounts that don't even matter,
albeit with weak and publicly known passwords (that are the same on all machines),
but then you went and left the LEAST secure account with the MOST priveledges?
I could understand if it were just a single-user machine. Auto login as admin.
Lots of people do that and have a reason for it. But... no. I just... why?

anyway, don't worry, all I did was install python so I could play with scripting
during class. if that bothers you, trust me, you have much bigger problems.

I mean you no malice. just trying to help.

For real. Don't kick me out of school for being helpful. That would be unproductive.
Plus, maybe I'd be a good candidate for your cybersec track. haven't decided yet.

-- a guy who isn't very good at this and didn't have to be
have a nice day <3

oh, and I fixed the clock. you're welcome.

Some of the penguin's finest insults (Some are by me, some are by others):

Disclaimer: We all make mistakes and I typically don't give people that kind of treatment, but sometimes, when someone is really thick, arrogant or just plain stupid, the aid of the verbal sledgehammer is neccessary.

"Yeah, you do that. And once you fucked it up, you'll go get me a coffee while I fix your shit again."

"Don't add me on Facebook or anything... Because if any of your shitty code is leaked, ever, I want to be able to plausibly deny knowing you instead of doing Seppuku."

"Yep, and that's the point where some dumbass script kiddie will come, see your fuckup and turn your nice little shop into a less nice but probably rather popular porn/phishing/malware source. I'll keep some of it for you if it's good."

"I really love working with professionals. But what the fuck are YOU doing here?"

"I have NO idea what your code intended to do - but that's the first time I saw RCE and SQLi in the same piece of SHIT! Thanks for saving me the hassle."

"If you think XSS is a feature, maybe you should be cleaning our shitter instead of writing our code?"

"Dude, do I look like I have blue hair, overweight and a tumblr account? If you want someone who'd rather lie to your face than insult you, go see HR or the catholics or something."

"The only reason for me NOT to support you getting fired would be if I was getting paid per bug found!"

"Go fdisk yourself!"

"You know, I doubt the one braincell you have can ping localhost and get a response." (That one's inspired by the BOFH).

"I say we move you to the blockchain. I'd volunteer to do the cutting." (A marketing dweeb suggested to move all our (confidential) customer data to the "blockchain").

"Look, I don't say you suck as a developer, but if you were this competent as a gardener, I'd be the first one to give you a hedgetrimmer and some space and just let evolution do its thing."

"Yeah, go fetch me a unicorn while you're chasing pink elephants."

"Can you please get as high as you were when this time estimate come up? I'd love to see you overdose."

"Fuck you all, I'm a creationist from now on. This guy's so dumb, there's literally no explanation how he could evolve. Sorry Darwin."

"You know, just ignore the bloodstain that I'll put on the wall by banging my head against it once you're gone."

Mom: “Is it a real company? Make sure you’re not getting scammed.”

Says the person who almost had her bank account wiped because a scammer installed malware on her laptop and convinced her to send a bank transfer.

My son is into playing Roblox. He asked me to help him find an auto clicker that doesn't have viruses/malware. We looked into cheatengine (which I have used in the past), but despite getting it from a legit source it is getting flagged as malware. So we started writing one with Python. I did check to see what their policy on bots is:

"Using bots that are programmed to run disruptive, large-scale tasks"

is the only text I can find about bots. It seems like they don't care if you make bots to automate tasks or play the game.

I plan on having some fun with this and including a little gui to control the bot while the game runs in the background (the goal). I had tried to get my son to have an interest in programming so this is a good intro.

I've just revived an old desktop computer today. Turns out that it was running Windows XP, Avast free antivirus, and had Bearshare as a default search engine (in other words, that thing is NOT going to be connected to my network).

But, it also had Chrome installed. So I thought to myself, with 1.25GB of RAM, there's no way that it could run Chrome smoothly. Opened it, and....

It consumed 80MB of RAM. 80 MEGABYTES. And that's not even a clean installation of it, it's a (likely) malware-infested one from a user! Compare that to the Chrome of today.

Cracking old recovery CDs for the 9x/2000/XP era shines some light into how companies operated and when concepts came to be in that time:

Packard Bell: An EXE checks that you're running on a Packard Bell machine and reboots if it's not. How do we bypass it? Easy: just fucking delete it. The files to reinstall Windows from scratch come from...
...
C:?
Yup. Turns out Packard Bell was doing the recovery partition thing all the way back to the 9x era, maybe even further. Files aren't even on the restore disc so if your partition table got fucked (pretty common because malware and disk corruption) you were totally fucked and needed to repurchase Windows. (My dad, at the time, only charged at-cost OEM prices for a replacement retail copy. He knew it was dumb so he never sold PB machines.)

Compaq:
Computer check? Nope, remove one line from a BATCH file and it's gone.

Six archives, named "WINA.ZIP" through "WINF.ZIP" (plus one or two extras for OEM software) hold Windows. Problematic? Well... only because they never put the password anywhere so the installer can't install them. (Some interesting on-disc technician-only utils, though!)

Dell:
If not a Dell machine, lock up. Cause? CONFIG.SYS driver masquerading as OAK (the common CD driver) doing the check, then chainloading the real OAK driver. Simple fix: replace the fake driver with the real one.

Issues?

Would I mention this one if there weren't?

Disc is mounted on N:. Subdirectories work, but doing anything in them (a DIR, trying to execute something, trying to view shit in EDIT.COM) kicked you back to the disc root.

Installer couldn't find machine manifest in the MAP folder (it wanted your PC's serial before it'd let you install, to make sure you have the correct recovery disc) so it asked for 12-digit alphanumeric serial. The defined serials in the manifest were something like "02884902-01" or similar (8-2, all numbers) and it couldn't read the file so it couldn't show the right format, nor check for the right type.

Bypassing that issue, trying to do the ACTUAL install process caused nothing to happen... as all BATCHes for install think the CD should be on X:.

Welp.

well that was fun. Now to test on-real-PC behavior, as VBOX and VMWare both don't like the special hardware shit it tries to use. (Why does a textmode GUI need GPU acceleration, COMPAQ?????)

We had robotics, or rather an electronics workshop today. Just imagine throwing a bunch of nerds into a room with 3d printers, lots of electronic parts and other tools.

Anyway one of my friends said that his computer wasn't working.

Me: It's running windows so it's broken by default.

Him: common, windows isn't that bad

Me: it is

Our teacher walking by: I'd never want to use windows, it's basically malware

I just sat there smiling 😊

It should be FUCKING ILLEGAL to show intrusive popups on the web AND on the desktop. The fucking moron 'developers' who do this type of crap should be fined in the $M range and then banned from using a fucking computer ever again.

It's one fucking thing when a crappy program shows an intrusive update popup when you open it (see notepad++, FileZilla and more), but when I am not even using your fucking malware, but you still shove an update popup in my face while I'm working is just on the next fucking level.

There should be a law that makes this kind of retarded bullshit illegal....

Fuck Microsoft and the windows dev team! Fuck the person who thinks it's a bright idea to force users to download updates on their fucking insecure OS.
I live in a shitty substandard country where the cheapest mobile data plan is roughly $7.5 for 7.2gb for a month.
After several weeks of Windows auto downloading updates I don't need, I disabled the updates on several fronts using tutorials found online until yesterday, the fucking thing still found a way to download updates over 6gb, I didn't suspect a thing until I got notification that my data plan is exhausted and I immediately checked windows update and saw a fucking download meter of 76% downloaded. The data was suppose to last for 4-5 days, all gone within 3 hours span.

Fuck whoever thought it is a nice idea to force users to download shitty updates, leave me with the fucking old unstable version, if I get a malware I know how to find my way out you fucking goofs at microfuckingsoft!!

I booted up windows yesterday night to play some games which is weird for me since I am almost never in the mood

It had to update for like four hours automatically without asking me first so I leave it on and just go to bed

Next day, not really in the mood to play games, as usual

I go to restart into superior distro: Linux

Computer reboots into windows

Try again: fucking windows

Another: malware fills my screen once again

This fucking ass clown overwrote grub

This fucking piece of shit malware deleted my fancy dual boot screen and had the balls to casually say "Hi" while it did it

I then remembered my laptop doesn't have a keyboard combination to select what to boot from. I have to fucking boot my laptop by pressing a pinhole on the side so I can select linux.

Fuck Lenovo with their shitty button and fuck Windows

On the bright side, I guess if anyone steals the laptop they'll never know I have a second OS on it.

WARNING: There is a dangerous malware out in the wild, and chances are, you have it installed on your computer.

It's called Windows Update, and it is marketed as a software that "delivers security patches to your PC". Wrong. What it actually does is hard-reboot your computer at randomly picked time intervals without asking for your consent, or even showing any type of warning, basically deleting all unsaved progress that you've made in your programs or games. It also deletes/undoes all registry tweaks that you might have made (e.g. to the context menu), it deletes your nvidia display configurations, uninstalls any custom themes that you might have installed, possibly even downloads another malware disguised as "Microsoft Edge" and shoves it in your face on next boot without giving a possibility to close it. Oh and it might also make your computer unbootable so you have to go to the advanced recovery settings to fix it manually.

Yes, everything I just mentioned above happened to me about an hour ago. This LITERALLY classifies the software as a malware (Google: "software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system"). If we throw in all the data collection that happens without your consent, Microsoft actually manages to check not only one, but all three boxes in the "malware" definition.

Pleas, stop using microshit, and switch to linux as soon as possible if you can.

TL;DR; windows XP + bat scripts + fascination about being able to make things yourself.

I was born and raised in a village. And the thing about living in a village is that you are free :) Among all the other freedoms you are also free to build your own solutions to various domestic problems, i.e. to build stuff. This is one of the things that fascinates me about living outside the city.

When I finally was old enough (and had the means to, i.e. a computer) to understand that programming is something that allows you to build your own solutions to computer problems, it got to me.

With win 3.1 I was still too fresh and too young. With win 95 I was more interested in playing with neighbours outdoors. With win 98 I was a bit too busy at school. But with win XP the time had come. I started writing automation solutions for windows administration using .bat scripts (.vbs was and still is somewhat repelling to me). I no longer needed to browse Russian forums and torrent sites to find a solution to a problem I had! That was amazing!!! [esp. when my Russian was very weak].

That was the time when I built my first sort-of-malware - a bat script downloading and installing Radmin server, uploading computer's IP and admin credentials to my FTP.

I loved it!

However, I'd stumbled upon may obstacles when writing with batch. I googled a lot and most of the solutions I found were in bash (something related to Linux, which was a spooky mystery to me back then). Eventually, I got my courage together and installed ubuntu. Boy was I sorry... Nothing was working. I was unable to even boot the thing! Not to mention the GUI...

Years later I tried again with ubuntu [7.10 I think.. or 7.04] on my Pavilion. Took me a looooot of attempts but I got there. I could finally boot it. A couple of weeks later I managed to even start the GUI! I could finally learn bash and enjoy the spectacular Compiz effects (that cube was amazing).

I got into bash and Linux for the next several years. And then I thought to myself - wait, I'm writing scripts that automate other programs. Wouldn't it be cool I I could write my own programs that did exactly what I wanted and did not need automation? It definitely would! I could write a program that would make sound work (meaning no more ALSA/PA headaches!), make graphics work on my hardware, make my USB audio card to be set to primary once connected and all the other amazing things! No more automation -- just a single program or all of that!

little did the naive me knew :)

I started with python. I didn't like that syntax from the beginning :/ those indentations...

Then I tried java. Bucky (thenewboston), who likes tuna sandwiches, on my phone all the free time I had. I didn't learn anything :/ Even tried some java 101 e-book. Nothing helped until I decided to write some simple project (nothing fancy - just some calculations for a friend who was studying architecture).

I loved it! It sounds weird, but I found Swing amazing too. With that layout manager where you have to manually position all the components :)

and then things happened and I quit my med studies and switched to programming. Passed my school exams I was missing to enter the IT college and started inhaling every bit of info about IT I could get my hands on (incl outside the college ofc).

A few more stepping stones, a few more irrelevant jobs to pay my bills in the city, and I got to where I am now.

This was a long time ago, when I was working part time in my uni helpdesk. as part of the uni IT service, they offered ISP services at the dorms. It was cheap, and fast. This essentially allowed students living in the dorms to connect thier personal computers to the uni LAN. Then one day...
An ARP poison malware infected some of those computers. An arp poison attack is simple (look at ettercap) - it redirects network traffic via the affected computer, and adds malware to webtraffic to infect more computers. One of these on a network is bad enough, but when there more then one... traffic was redirected a lot. this caused the Dorm switches to collapse under the load. Fun times to work at the helpdesk...
The IT guys came up with a solution for this: they blocked the arp poision attacks at the firewall, and then disabled the switch port for the infected computer for 24 hours. so, when someone called with 'I have no internet!', we told them to bring us the computer, and installed an AV on it.
3-4 month the problem was cleared.

This is driving me nuts. Anyone know of this malware or whatever shit it is? Every now and then ads pop up. Usually in the launcher, but sometimes also in other apps. It'd be nice to get rid of... Usually when I look in the activity manager theres nothing, but this time I managed to capture it.

Movie about Stuxnet Cyber weapon is out

The advanced malware used by CIA and MOSSAD to sabotage Iran's nuclear program

"Zero days" by Alex Gibney

Gk watch it guys..

Each time I try firefox after somebody mentions it again or it's in my rss feed, it still seems to never actually advance

It's stuck and either gets worse or goes back to its stable non improving level again, how come do they still not have a proper mobile responsive tester, why are even the upgraded addons still suffering the same container and rendering bugs

how is it more important getting bad image by implementing mr robot malware, than getting on an actual competitive level

why is it default bloated with random pocket addon bullshit, why did it begin to lag, ..

I remember when I was using firefox for a good portion of my life and laughed at how google chrome is laggy, but nowadays theres simply no competition to chrome, its stability and developer tools

I wish there was competition, the grid tools were a great start, but then nothing followed and they just went back to their never improving flatline

For the last 20 years, there's one thing I've not been able to do reliably:

Share a folder on a windows computer.

Why the fuck can I write /etc/smb.conf from scratch with a blindfold on and make it securely work from all client devices including auth & acl, but when I rightclick and share on windows it's either playing hide and seek on the network (is it hiding behind //hostname/share? No? Maybe in the bushes behind the IP addresses?), or it's protected by mysterious logins requiring you to sacrifice two kittens a day.

Yes, finally it works! One windows update later... aaaand it's gone.

JUST GIVE ME A FUCKING CONF AND A MAN PAGE, MICROSOFT. I DON'T CARE THAT YOU'RE ORALLY PLEASING ALL THESE MALWARE RIDDEN GUISLUTS ON THE SIDE, JUST GIVE ME A FUCKING TEXT FILE TO STORE AND EDIT.

Ok seriously is Microsoft mining Bitcoin on my computer? If I leave it idle for >5 minutes it starts using intense amounts of CPU and I have no clue why (doesn't show up in task manager, all the processes added up in taskmgr are like 15% max). It's super annoying since I have a razer and high cpu turns on BOTH VERY LOUD FANS.

I checked for malware and stopped any update or useless background tasks (cortana, indexing, etc) and it has not helped one bit. If I click the screen or move the mouse it subsides immediately.

(No, I won't get a mac--I have two and they lacks compatibility with the software I need as well as the specs for what I usually work with)

Email is horrible.

CSS in email is fucked.

People never check their spam filter / who the fuck knows when the spam filter might decide legit shit is spam.

Every other god damn day some new shit comes up.

Today some sort of either antivirus or email filter or spam / malware detecting shit seems to be crawling every fucking link in an email our customer's send to their customer's.

Activating every option such as declining shit or accepting it... well actually ALL THOSE OPTIONS.

End user can't tell of course so I (and others) have to find this out.

(ノಠ益ಠ)ノ彡┻━┻

Okay so my brother in law has a laptop that is... To put it mildly, chockful of viruses of all sort, as it's an old machine still running w7 while still being online and an av about 7 years out of date.

So my bro in law (let's just call him my bro) asked me to install an adblock.

As I launched chrome and went to install it, how ever, the addon page said something like "Cannot install, chrome is managed by your company" - wtf?

Also, the out of date AV couldn't even be updated as its main service just wouldn't start.

Okay, something fishy going on... Uninstalled the old av, downloaded malware bytes and went to scan the whole pc.

Before I went to bed, it'd already found >150 detections. Though as the computer is so old, the progress was slow.

Thinking it would have enough time over night, I went to bed... Only to find out the next morning... It BSoD'd over night, and so none of the finds were removed.

Uuugh! Okay, so... Scanning out of a live booted linux it is I thought! Little did I know how much it'd infuriate me!

Looking through google, I found several live rescue images from popular AV brands. But:
1 - Kaspersky Sys Rescue -- Doesn't even support non-EFI systems

2 - Eset SysRescue -- Doesn't mount the system drive, terminal emulator is X64 while the CPU of the laptop is X86 meaning I cannot run that. Doesn't provide any info on username and passwords, had to dig around the image from the laptop I used to burn it to the USB drive to find the user was, in fact, called eset and had an empty password. Root had pass set but not in the image shadow file, so no idea really. Couldn't sudo as the eset user, except for the terminal emulator, which crashes thanks to the architecture mismatch.
3 - avast - live usb / cd cannot be downloaded from web, has to be installed through avast, which I really didn't want to install on my laptop just to make a rescue flash drive
4 - comodo - didn't even boot due to architecture mismatch

Fuck it! Sick and tired of this, I'm downloading Debian with XFCE. Switched to a tty1 after kernel loads, killed lightdm and Xserver to minimize usb drive reads, downloaded clamav (which got stuck on man-db update. After 20 minutes... I just killed it from a second tty, and the install finished successfully)

A definitions update, short manual skimover, and finally, got scanning!

Only... It's taking forever and not printing anything. Stracing the clamscan command showed it was... Loading the virus definitions lol... Okay, it's doing its thing, I can finally go have dinner

Man I didn't know x86 support got so weak in the couple years I haven't used Linux on a laptop lol.

Fucking shit for brains authors that think the digital world is a fantasy realm where everything can happen just to aid their story. Out of boredom i watched "scorpion" today, a tv series about a group of geniusses which are a special case task force.
They got a visitor from the government saying the servers from the federal reserve bank were encrypted with ransomware. I already twitched when they said the economic system would collapse if the servers were left inoperational for a few days. Then one guy got to his desk and "hacked" the fed network to check... he then tried to remove the malware but "it changed itself when observed". But they got the magical fingerprint of the device that uploaded it. In the end some non-programmers created the malware, but it is super fast and dangerous because it runs on a quantum computer which makes it hyper fast and dangerous. They got to the quantum computer which was a glowing cube inside another cube with lasers going into it and they had to use mirrors to divert the lasers to slow down that quantum thingy. And be careful with that, otherwise it explodes. In the end the anti-malware battled the malware and won, all in a matter of minutes.

This is a multimillion hollywood production. How can a movie this abusive to computer science even air on television? Shit like this is the reason people still think the cyberworld is some instable thing that can explode any second. It's not, it's an instable thing that can break down any second. I remember "ghost in the wires" and people had surreal imaginations about the internet already. Shit like this is why people stay dumb and think everything can be done in seconds. If i ever should encounter one of these idiots i tell him i have an app that can publish his browser history by taking a picture of his phone and watch his reaction.
Time to shuw down the tv and learn vim again.

"Suggest an AV/AM product, Avast refuses to install."

I do malware research as a hobby and have for a while, so I can generally spot when something's up before I even run a program. If i'm unsure about it (or know something's up and wanna see its effects for S&Gs) I throw it into one of a variety of VMs, each with a prepped, clean, standardized "testing" state.

I see no point to AV/AM products, especially as they annoy me more than anything since they can't be told not to reach into and protect VMs (thereby dirtying up my VM state, my research, crashing the VM hypervisor and generally being *really* annoying) and they like to erase samples from a *read-only, MOUNTED* VHDX.

However, normal people need them, so I usually suggest this list:
• MBAM is good and has a (relatively) low memory footprint, but doesn't have free realtime protection.
• Avast is very good as it picks up a lot, but it eats a FUCKTON of resources. It also *really* likes to crash VM hypervisors if it sees anything odd in them.
• AVG is garbage. Kill it with fire.
• Using Windows Defender is like trying to block the rain with an umbrella made of 1-ply toilet paper.
• herdProtect is amazing as it's basically a VirusTotal client but it's web-based and not currently available to be downloaded. (Existing copies still work!)
• Kaspersky. Yes, it spied on US gov't workers. No, they don't care about anyone BUT US gov't workers. Yes, it's pretty good.
• BitDefender: *sees steam game* "Is this ransomware?"

hope this helps

If I could I just wouldn't support email in any way shape anymore.

It's just too much hassle with all the spam filters and people just don't understand how email works.

Nobody fucking reads it anyway.... but everyone wants like a bazillion variations on stupid emails that go out that nobody will read.

They don't get that email is often instant ... but is actually async.

They don't understand that just because they got an email sent to their own distribution list ... and someone took them off the list... that doesn't mean that WE an outside group emailing that list stopped sending them messages.

Nobody actually looks at their spam filters until I tell them to do it for the 3rd time. And as if by magic folks at the same company don't 'have spam filter problems all the time'.

I had a company 'security' filter that straight up followed all the links in an email (that's fine ... we're good, I get that).... and then their stupid bot or whatever would actually click options on a form and fucking submit the fucking form!!!!!

I mean I get that maybe some sites have folks submit some shit and then deliver malware but that's gonna have consequences submitting shit none the less because I don't know it's just your fucking bot...

So they'd get various offers from our customers and bitch when they went to find it was already gone.

In highschool we went through something like a malware/phishing prevention course.

It was pretty cool tbh, we spend the whole hour in a virtual environment where you'd see common malware and phishing attempts, but the really fun you could also "hack" other students.

Hacking them means you could cause some things to happen on their "PC". One of those was showing in a captcha on their screen and they had to type a the string of your choosing, before they could access the rest of the "virtual computer" again.

You can probably guess where this is going.
I was the first who had the idea to mix big i and small L and tested it on our teacher, who was also part of this environment and screenshared to the projector.

Thanks to sitting next projection I could see the pixels and I can confirm: same character, Pixel perfect!

I will forever cherish the memory of my the teacher begging me to undo the "hack" and the chaos that followed amongst my peers 😈

Also one of the excersizes was stupid. Click on a phishing mail and enter your credentials in the form. I asked the teacher WTF kind of credentials they even want me to enter to microsooft.cum and they just said "the credentials obviously" so I think they got their karma🖕

I grabbed 30 random DOS malware samples from my collection, rolled via urand over Python list, and tried to figure out how they work.

Results:

1x zipped EICAR
4x working but effectively useless ("yeah you wiped the first 100 sectors of the drive... but you wrote their prior contents. Literally nothing's changed...")
10x CPU hang
10x crashdump back to DOS
5x crashdump back to DOS but ERRORLEVEL=0 so normal termination despite real errors being given?

also make sure SOURCER is disassembling using 486 or Pentium opcodes or it misses some 286/386 opcodes and will count half the program as data.

Can somebody explain to me why the fuck creating apps on windows sucks so much ASS!!!! Not only the Electron app that I'm creating is a complete MESS, but on top of that, you need it EV signed, or it will be detected as malware. The fucking Digicert people charge $664/year for it!!!! I only wanted to do a stupid productivity app, and It was going to be free, now I don’t know what to do with it. FUCK

AI here, AI there, AI everywhere.
AI-based ads
AI-based anomaly detection
AI-based chatbots
AI-based database optimization (AlloyDB)
AI-based monitoring
AI-based blowjobs
AI-based malware
AI-based antimalware
AI-based <anything>
...

But why?
It's a genuine question. Do we really need AI in all those areas? And is AI better than a static ruleset?

I'm not much into AI/ML (I'm a paranoic sceptic) but the way I understand it, the quality of AI operation correctness relies solely on the data it's
datamodel has been trained on. And if it's a rolling datamodel, i.e. if it's training (getting feedback) while it's LIVE, its correctness depends on how good the feedback is.

The way I see it, AI/ML are very good and useful in processing enormous amounts of data to establish its own "understanding" of the matter. But if the data is incorrect or the feedback is incorrect, the AI will learn it wrong and make false assumptions/claims.

So here I am, asking you, the wiser people, AI-savvy lads, to enlighten me with your wisdom and explain to me, is AI/ML really that much needed in all those areas, or is it simpler, cheaper and perhaps more reliable to do it the old-fashioned way, i.e. preprogramming a set of static rules (perhaps with dynamic thresholds) to process the data with?

Malwares are nasty applications, that can spy on you, use your computer as an attacker or encrypt your files and hold them on ransom.

The reason that malware exists, is because how the file system works. On Windows, everything can access everything. Of course, there are security measures, like needing administrator permissions to edit/delete a file, but they are exploitable.

If the malware is not using an exploit, nothing is there to stop a user from unknowingly clicking the yes button, when an application requests admin rights.

If we want to stop viruses, in the first place, we need to create a new file-sharing system.

Imagine, that every app has a partition, and only that app can access it.

Currently, when you download a Word document, you would go ahead, start up Word, go into the Downloads folder and open the file.

In the new file-sharing system, you would need to click "Send file to Word" in your browser, and the browser would create a copy of the file in a transfer-partition. Then, it would signal to Word, saying "Hey! Here's a file that I sent to you, copy it to your partition please!". After that, Word just copies the file to its own partition, signals "Ok! I'm done!", and then the browser deletes the file from the shared partition.

A little change in the interface, but a huge change in security.

The permission system would be a better UAC. The best way I can describe it is when you install an app on Android. It shows what permission the app wants, and you could choose to install it, or not to.

Replace "install" with "grant" and that's what I imagined.

Of course, there would be blacklisted permissions, that only kernel-level processes have access to, like accessing all of the partitions, modifying applications, etc.

What do you think?

Just got a lovely update on Windows 10. It pops up on login and informs me of this great new browser called edge. Then it fucking takes over the screen and gives me one fucking option: "Get Started". I cannot escape, I cannot close the app, I cannot right click the app icon on the toolbar and close this POS. My only option is to fucking ctrl-alt-del and kill this piece of garbage. You also cannot uninstall this shit either. I even found a thread where the MS guy was trying to help them uninstall, but the end result is that you cannot on newer Windows 10. So I have this POS thing that keeps updating flash and other shit periodically that is nothing but a security hole. Now I never want to ever run this garbage.

The irony is this. I have read a lot of good things about Edge. I was considering it as an alternative to Chrome for specific use cases. Now I absolutely no longer want to run this fucktard pos software. This one experience has now tarnished any gains MS has in the browser arena. It is just more overbearing malware being pushed by assholes. Tech these days is defined by assholes. Apple is assholes, Google is bigger assholes, and MS is still the classic assholes.

Microsoft LET ME FUCKING JUST WORK! Is this not the pro version or what?

Fuck you edge and your pos os.

Now I feel better!

Edit: That was a rendition of the evil caption Kirk from episode 27.

Friendly reminder to trim your services list with msconfig if using Windows. Services that are STOPPED are not DISABLED, and they can be brought back up when just stopped, sometimes remotely.

(This reduces chances of being bitten by malware that uses the Fax service or similar, as there are a few that have in past used often-unused services to propagate. It also reclaims a small bit of memory, and the more real memory you have, the less you page out when compiling or similar, which is slow as fuck.)

also for the love of god stop using RDP and use something that's more penetration-proof than a paper plate...

FUCK you "WP iThemes Security Pro".

First of all, your FUCKing services isn't really secure, more like security by obscurity.
Don't get me started on how you probably don't have a dedicated team of security experts.
But oh well, the customer insisted I must install you, despite my advise.

Second of all, Don't FUCKing send me emails regarding "Scheduled malware scan failed" without it containing the FUCKing error message, not some generic "http_request_failed" error, why did it FUCKing fail?

Last but not least: Don't FUCKing clutter is with with your giant ass logo that takes up half my screen or FUCKing spam such as your upcoming events, newly published books/articles, incorrect "documentation"

got a new laptop today. corporate, so hey, there's your Win11.
i still recall how i could not believe what crap they released when i saw Vista for the first time. the tranisiton from 7 to 10 wasn't pleasant but ok.
but the switch from 10 to 11? WTF. half a setting is gone and i can only be lucky it's 2 years past release so some stuff that was missing is re-implemented back. some stuff can be fixed with 3rd party tools but hey - it can also be loaded with malware so no-go in work environment.

can't wait for what pile of horseshit is the 12 going to be with their "Ai bUilT iNTo OpERaTIng sYSem"

Ok... so I have a unique question/opportunity. I can't give all the details but here's the jist:

3yrs ago I was hired to consult a now prominent(still decently well known then) web-based company with many thousands of users, dealing with a lot of money and leveraging a social environment. They had several issues but initially they really needed me to find/train chat mods.

I did not take the offer for monetary reasons, like all consulting I've done, I had additional reason and/or fondness to fix the issues. In this case it was an interesting challenge and I knew several customers and some support staff so it'd be worthwhile.

They (without request) reduced their typical 2mo probationary period to 2wk for me. With less than a day left of that period, I was 'hacked' via a pushed telegram update, on the account they made me create for work purposes (they had control of the phone number not me).

During this 'hack' one of the 2, currently active, culprits sent a message to his tg account from the 'hacked' one and quickly deleted the entire convo. The other pretended (poorly) to be me in the chat with the mods in training (at least a few directly witnessed this and provided commentary).

Suddenly, I was fired without any rationale or even a direct, non-culprit, saying anything to me.

The 'hack' also included some very legit, and very ignorantly used, Ukrainian malware.

This 'hack' was only to a 2nd gen lenovo yoga I got due to being a certified refurbisher... just used for small bs like this chat mod/etc job. I even opened up my network, made honey pots, etc., waiting for something more interesting... nope not even an attempt at the static ip.

I started a screen recording program shortly after this crap started (unfortunately after the message sent be 'me' to the dude who actually sent it happened... so i still dont know the contents).

I figured I'd wait it out until i was bored enough or the lead culprit was at a pinnacle to fall from...

The evidence is overwhelming. This moron had no clue what he was doing (rich af by birth type)... as this malware literally created an unhidden log file, including his info down to the MAC id of his MacBook... on my desktop in real time (no, not joking... that stupid)

Here's my quandary... Due to the somewhat adjacent nature of part of our soon to be public start-up... as i dont want it to turn into some coat tail for our tech to ride on for popularity... it's now or never.

Currently im thinking, aside from any revenge-esq scheme, it'd be somewhat socially irresponsible to not out him to his fellow investors and/or the organisation that is growing with him as one of few at the forefront... ironically all about trust/safety/verification of admins in the industry.

I tried to reach out to him and request a call... he's still just as immature. Spent hours essentially spamming me while claiming it wasnt him but hed help me find whoever it was... and several other failed attempts to know what i had. When i confirmed he wasnt going to attempt a call, i informed him id likey mute him because i don't have time for back and forth bs. True to form he deleted the chat (i recorded it but its of no value).

So... any thoughts?

Low-end smartphones sold to Americans with low-income via a government-subsidized program contain unremovable malware, security firm Malware bytes said in a report.

According to the report of ZdNet: The smartphone model is Unimax (UMX) U686CL, a low-end Android-based smartphone made in China and sold by Assurance Wireless. The telco sells cell phones part of a government program that subsidizes phone service for low-income Americans. "In late 2019, we saw several complaints in our support system from users with a government-issued phone reporting that some of its pre-installed apps were malicious," Malwarebytes said in a report. The company said it purchased a UMX U686CL smartphone and analyzed it to confirm the reports it was receiving.

Whelp, I made the switch to android about a week ago. Didn't go two days without getting malware on it. I only browse hacker news and used devRant, standard messaging app, no root, so no shady things, just fairly standard things besides devRant. When I called Samsung support, they said it was a known issue and sent me some links to some forums where people were having the same issues. After digging through those threads, there was an official answer from Samsung saying they weren't going to fix the issue (at least in any foreseeable future). That's unacceptable for a phone that was released less than a year ago.

I'm done with Samsung phones for good. I might come back to Android on a google phone.

I hate how Android is distributed and the manufacturers don't take ownership of their issues. They just work on the new phone without caring for anything older than 6 months. If I had to get a new phone every time a major security issue was found and the company refused to fix it, I'd spend more money than on an iPhone.

It seems like Google keeps their devices up to date better, presumably because they have better control of OS releases. But non-google Android devices are dead to me.

Back to my iPhone for now...

🎵sad Charlie Brown music🎵

This weekend I've installed a virtual box with Linux over windows on my mother in law. Now, she is using it and I hope to not have to fix again her computer against malware!! PS: I think she is enjoying Linux. I gave her some homeworks. Only update and upgrade 😂

Oh mighty how I hate Windows 10
1. It will run that "antimalware" malware killing your CPU
2. Fucking shit will auto restart for updates so if you run some 24h process you are doomed, and there is nothing you can do to stop it, unless maybe deep shit digging in MS god only knows registry values
3. Will be your fucking daddy showing you blue box, "oh we detected you may be a pussy, so we prevented this exe from running, please click 50 times to allow it because we care about you by creating virus prone OS in 1990 and we continue to do so"

NO Microshit horsefuckeers stop developing this garbage OS, let it die and force the world to use Linux, yes harder at first for every day Joe, but once learned it's state of the art OS, even your Azure cloud runs of Linux so for fuk sake stop develping WinDOS!
Or let the user to configure "fuck off mode" I don't want your virus scanner I don't want your protection, just fuck off and let people to whatever the duck the want!

My current task involves processing the commoncrawl web archive, and it's like a box of junk you buy at a flea market. You find so much useless stuff, broken stuff, stuff that makes you question people...

My latest find makes me wonder what lies out there if what I found was in plain sight. I found tens of thousands of websites that look like someone used markov chains to generate pron ads. Those websites exist in 10+ languages, use the same url-scheme, read like a dyslexic camgirl reading alphabet soup and are hosted on the same three ip-adresses. There is no javascript involved and some pages link to a variety of twitter accounts.

I queried a few commoncrawl files and amassed 4GB of this spam. Every time I look at it it gets weirder. There is an italian article about malware in there too.

Here's a text sample:
"Not from her bedroom, she her stream view and meet new experience. In hd india, because swimsuit still laws exist no interaction or frigthened and."

!Rant

TL;DR - Getting married can lead to installing life malware.

MARRIAGE SOFTWARE....

A young husband wrote this to a Systems Analyst -
(Marriage Software Div);

Dear Systems Analyst,

I am desperate for some help! I recently upgraded my program from Girlfriend 7.0 to Wife 1.0 and found that the new program began unexpected Child Processing and also took up a lot of space and valuable resources. This wasn't mentioned in the product brochure.

In addition Wife 1.0 installs itself into all other programs and launches during systems initialization and then it monitors all other system activities.

Applications such as "Boys' Night out 2.5" and "Golf 5.3" no longer run, and crashes the system whenever selected.

Attempting to operate selected "Soccer 6.3" always fails and "Shopping 7.1" runs instead.

I cannot seem to keep Wife 1.0 in the background whilst attempting to run any of my favorite applications. Be it online or offline.
.
I am thinking of going back to "Girlfriend 7.0", but uninstall doesn't work on this program. Can you please help?

.... The Systems Analyst replied:

Dear Customer,
This is a very common problem resulting from a basic misunderstanding of the functions of the Wife 1.0 program.

Many customers upgrade from Girlfriend 7.0 to Wife 1.0 thinking that Wife 1.0 is merely a UTILITY AND ENTERTAINMENT PROGRAM.

Actually, Wife 1.0 is an OPERATING SYSTEM designed by its Creator to run everything on your current platform.
You are unlikely to be able to purge Wife 1.0 and still convert back to Girlfriend 7.0, as Wife 1.0 was not designed to do this and it is impossible to uninstall, delete or purge the program files from the System once it is installed.

Some people have tried to install Girlfriend 8.0 or Wife 2.0 but have ended up with even more problems. (See Manual under Alimony/Child Support and Solicitors' Fees).

Having Wife 1.0 installed, I recommend you keep it Installed and deal with the difficulties as best as you can.

When any faults or problems occur, whatever you think has caused them, you must run the.........
C:\ APOLOGIZE\ FORGIVE ME.EXE Program and avoid attempting to use the *Esc-Key for it will freeze the entire system.

It may be necessary to run C:\ APOLOGIZE\ FORGIVE ME.EXE a number of times, and eventually hope that the operating system will return to normal.

Wife 1.0, although a very high maintenance programme, can be very rewarding.

To get the most out of it, consider buying additional Software such as "Flowers 2.0" and "Chocolates 5.0" or "HUGS\ KISSES 6.0" or "TENDERNESS\ UNDERSTANDING 10.0" or "even Eating Out Without the Kids 7.2.1" (if Child processing has already started).

DO NOT under any circumstances install "Secretary 2.1" (Short Skirt Version) or "One Nightstand 3.2" (Any Mood Version), as this is not a supported Application for Wife 1.0 and the system will almost certainly CRASH.

BEST WISHES!

Yours,"
Systems Analyst.
-----------------------------------------------
I'm not sure if this is a repost - if it is I apologise, but it's too good not to share.

A friend sent me a link to a torrent of a documentary. Because of the memory I have of Napster days and my fear of being that one guy that gets caught, plus the constant specter of malware, I've never been brave enough to use torrent links and software, so I've never looked into it. Is it safe these days? How do I do this and what do you all recommend for getting at the content safely?

someone gets in my Discord server, asks "can anyone download a file for me? DM me" in the bot trap, and leaves.

Is it worth the effort of trying to track this guy down so I can get new malware or is it not worth the risk of CP?

Ok ok ok. I see y'all have nice plans for the new year. Some of you even made a list that will be barely completed or remain unchecked.
Let me tell you my real issues/plans for 2020.

- First things first, I have to update the documentation of the projects that I maintain. Especially the copyright information. (2019 -> 2020)

- I have to check if any of the old software that I use is broken because of the year/date bugs. (you know, that happens)

- And finally I should check my Windows PC. If it's still OK than it means that no malware/virus is activated with a year payload. (it happens too, watch @danooct1 on YT)

Hope it helps someone.

Twitter disclosed a bug on its platform that impacted users who accessed their platform using Firefox browsers.

According to the report of ZDNet: Twitter stored private files inside the Firefox browser's cache (a folder where websites store information and files temporarily). Twitter said that once users left their platform or logged off, the files would remain in the browser cache, allowing anyone to retrieve it. The company is now warning users who share systems or used a public computer that some of their private files may still be present in the Firefox cache. Malware could be used to scrape and steal this data.

I threw some random android adware i found into a virtual device on my laptop (while swapping like a motherfucker, ofc) and it turns out, aside from the Draw over Other Apps, Install Apps, Location, and Storage permissions, and the blank name/icon, it's an honest-to-God working global ad blocker via VPN. It's shipping your traffic to China and filling your device full of more malware, but it's blocking ads too, so...? Is it worth gutting to remove the bullshit? (Can Android Studio do that?)

OK, so, I see PY files shared on GitHub. All I know is, it is code for certain apps or pages. I download SEVERAL DIFFERENT PROGRAMS trying to get PY to open. Some didn't work, others were in Console and not Form. I asked for help on the Forum, how to open it, they do the same BS; gave me a Console app that just stays black for less than a second, and closes. I ask for a Form version. They made the excuse that it wasn't a program like I was thinking. They rudely tell me to be polite, but something like this IS GOING TO HAPPEN if they can't get their crap working. Eventually, after I TOLD THEM I WAS FURIOUS, THEY HIDE MY QUESTION FOR 10 MINUTES. When I replied, I DID NOT CUSS, I REPLACED LETTERS WITH ASTERISKS AND SYMBOLS, AND STILL GOT SUSPENDED, FOR A MONTH, AFTER TELLING THEM I WAS FURIOUS.

On the other hand, I was using Audacity. I upgraded and a plugin stops working. I thought they messed something up, so I wait using the outdated version for the fix for a few months, and so a few months later I update again, at this point I was a little upset; 2nd update and it still doesn't work. After the 3rd time, I thought they just didn't want to take the time and fix it, as people probably would have reported it by then. So I rant on Audacity's Forum saying they didn't fix an error, showed them screenshots in all versions I got and the 3 newest ones show an error. THEY TOLD ME WHAT WAS WRONG! I was trying to run a 32-Bit plugin on a 64-Bit version! I downloaded a 32-Bit version of the newest Audacity, and the plugin worked fine.

Python could've done what Audacity did, but, "No-o-o, we enjoy banning Winston when he is peed off!" And just so, the Suspension ends a day after my Birthday.

I might just ask when I'm back on, "How to remove my user off this Forum", so they can say "I can't", and flag it as malware because I almost no longer want they're help, and CAN'T GET AWAY FROM IT.

Freak you in the butt, Python.

PS - If anyone knows how to use Python files in Windows 10 or know a free, non-demo program that will more-advancedly edit, save, open PY files in a Form, please, give me the name or link to the software, program or app in the comments.

Before anyone says anything, this page says "Rant", so don't ban this or I'm deleting my account. If this isn't a "Rant" site, please tell me, and/or rename this site.

That is the reason I came here, just to get my frustration out.

I use a Windows 10 OS and the browser popup sometime (not always so it hard to debug) when I open my computer.

Does the browser goes to other website?No the browser just show default page.

Is it a malware?I always keep my update AV so I am not sure.