Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
Get a devDuck
Rubber duck debugging has never been so cute! Get your favorite coding language devDuckBuy Now
Search - "no malware"
Definitely my security teacher. He actually expected us to actively learn the stuff and put effort into our education. He guided us through malware analysis and reverse engineering, simplifying it without insulting us.
We had students who thought they knew everything and he corrected them. We had arrogant students he put in place.
He treated us like adults and expected us to act like adults.
That's the only class I enjoyed studying for, because he would tell us exactly what wasn't on the exams (it was an intro course, didn't need to know the math). There were no trick questions.
I told him about the shitty teacher and he helped me through that confidence block. He helped me realize I *can* make it through the workforce as a female in security because I will work my ass off to be the best I can be. He reminded me why I love computers and why I want to go into forensics.
He's been a great mentor and role model and hiring him is one of the few things my department did right.7
Navy story time, and this one is lengthy.
As a Lieutenant Jr. I served for a year on a large (>100m) ship, with the duties of assistant navigation officer, and of course, unofficial computer guy. When I first entered the ship (carrying my trusty laptop), I had to wait for 2 hours at the officer's wardroom... where I noticed an ethernet plug. After 15 minutes of waiting, I got bored. Like, really bored. What on TCP/IP could possibly go wrong?
So, scanning the network it is. Besides the usual security holes I came to expect in ""military secure networks"" (Windows XP SP2 unpatched and Windows 2003 Servers, also unpatched) I came along a variety of interesting computers with interesting things... that I cannot name. The aggressive scan also crashed the SMB service on the server causing no end of cute reactions, until I restarted it remotely.
But me and my big mouth... I actually talked about it with the ship's CO and the electronics officer, and promptly got the unofficial duty of computer guy, aka helldesk, technical support and I-try-to-explain-you-that-it-is-impossible-given-my-resources guy. I seriously think that this was their punishment for me messing around. At one time I received a call, that a certain PC was disconnected. I repeatedly told them to look if the ethernet cable was on. "Yes, of course it's on, I am not an idiot." (yea, right)
So I went to that room, 4 decks down and 3 sections aft. Just to push in the half-popped out ethernet jack. I would swear it was on purpose, but reality showed me I was wrong, oh so dead wrong.
For the full year of my commission, I kept pestering the CO to assign me with an assistant to teach them, and to give approval for some serious upgrades, patching and documenting. No good.
I set up some little things to get them interested, like some NMEA relays and installed navigation software on certain computers, re-enabled the server's webmail and patched the server itself, tried to clean the malware (aka. Sisyphus' rock), and tried to enforce a security policy. I also tried to convince the CO to install a document management system, to his utter horror and refusal (he was the hard copy type, as were most officers in the ship). I gave up on almost all besides the assistant thing, because I knew that once I left, everything would go to the high-entropy status of carrying papers around, but the CO kept telling me that would be unnecessary.
"You'll always be our man, you'll fix it (sic)".
What could go wrong?
I got my transfer with 1 week's notice. Panic struck. The CO was... well, he was less shocked than I expected, but still shocked (I learned later that he knew beforehand, but decided not to tell anybody anything). So came the most rediculous request of all:
To put down, within 1 A4 sheet, and in simple instructions, the things one had to do in order to fulfil the duties of the computer guy.
I. SHIT. YOU. NOT.
"What I can do is write: 'Please read the following:', followed by the list of books one must read in order to get some introductory understanding of network and server management, with most accompanying skills."
I was so glad I got out of that hellhole.6
“Hello sir, you have to renew your subscription before tomorrow else you’ll be charged $299.99 from your bank account.”
Me: And what’s this subscription you’re talking?
“Your Microsoft antivirus subscription, sir.”
Me: Oh wow, and when did I subscribe to this?
“Three years ago, sir.”
Me: lmbo. Please find someone else to scam.
“No sir, it shows here that you subscribed to Microsoft antivirus 3 years ago.”
Me: Dude, I was in college three years ago. I was too broke to be subscribing to useless stuff like this.
“But sir, its an antivirus. You subscribed to protect your Windows PC from viruses, malware so that bad people and hackers don’t get into your computer to do bad things and steal your info.”
Me: Well, what a coincidence. You’re describing yourself except you’re trying to attack my bank account not my pc. And oh, I’ve been using Linux for the past 5 years and currently own a MacBook so good luck finding someone to fall for this.
“Oh, I see. Sorry.”
*Scammer hangs up.
Lmbo, like dude seriously?
Unfortunately though, someone at my work mother fell for this and had to close all her accounts and create new ones.19
This rant is a confession I had to make, for all of you out there having a bad time (or year), this story is for you.
Last year, I joined devRant and after a month, I was hired at a local company as an IT god (just joking but not far from what they expected from me), developer, web admin, printer configurator (of course) and all that in my country it's just called "the tech guy", as some of you may know.
I wasn't in immediate need for a full-time job, I had already started to work as a freelancer then and I was doing pretty good. But, you know how it goes, you can always aim for more and that's what I did.
The workspace was the usual, two rooms, one for us employees and one for the bosses (there were two bosses).
Let me tell you right now. I don't hate people, even if I get mad or irritated, I never feel hatred inside me or the need to think bad of someone. But, one of the two bosses made me discover that feeling of hate.
He had a snake-shaped face (I don't think that was random), and he always laughed at his jokes. He was always shouting at me because he was a nervous person, more than normal. He had a tone in his voice like he knew everything. Early on, after being yelled for no reason a dozen of times, I decided that this was not a place for me.
After just two months of doing everything, from tech support to Photoshop and to building websites with WordPress, I gave my one month's notice, or so I thought. I was confronted by the bosses, one of which was a cousin of mine and he was really ok with me leaving and said that I just had to find a person to replace me which was an easy task. Now, the other boss, the evil one, looked me on the eye and said "you're not going anywhere".
I was frozen like, "I can't stay here". He smiled like a snake he was and said "come on, you got this we are counting on you and we are really satisfied with how you are performing till now". I couldn't shake him, I was already sweating. He was rolling his eyes constantly like saying "ok, you are wasting my time now" and left to go to some basketball practice or something.
So, I was stuck there, I could have caused a scene but as I told you, one of the bosses was a cousin of mine, I couldn't do anything crazy. So, I went along with it. Until the next downfall.
I decided to focus on the job and not mind for the bad boss situation but things went really wrong. After a month, I realised that the previous "tech guy" had left me with around 20 ancient Joomla - version 1.0 websites, bursting with security holes and infested with malware like a swamp. I had never seen anything like it. Everyday the websites would become defaced or the server (VPN) would start sending tons of spam cause of the malware, and going offline at the end. I was feeling hopeless.
And then the personal destruction began. I couldn't sleep, I couldn't eat. I was having panick attacks at the office's bathroom. My girlfriend almost broke up with me because I was acting like an asshole due to my anxiety issues (but in the end she was the one to "bring me back"(man, she is a keeper)) and I hadn't put a smile on my face for months. I was on the brink of depression, if not already there. Everyday I would anxiously check if the server is running because I would be the one to blame, even though I was trying to talk to the boss (the bad one was in charge of the IT department) and tell him about the problem.
And then I snapped. I finally realised that I had hit rock bottom. I said "I can't let this happen to me" and I took a deep breath. I still remember that morning, it was a life-changing moment for me. I decided to bite the bullet and stay for one more month, dealing with the stupid old server and the low intelligence business environment. So, I woke up, kissed my girlfriend (now wife), took the bus and went straight to work, and I went into the boss's office. I lied that I had found another job on another city and I had one month in order to be there on time. He was like, "so you are leaving? Is it that good a job the one you found? And when are you going? And are you sure?", and with no hesitation I just said "yup". He didn't expect it and just said "ok then", just find your replacement and you're good to go. I found the guy that would replace me, informing him of every little detail of what's going on (and I recently found out, that he is currently working for some big company nowadays, I'm really glad for him!).
I was surprised that it went so smoothly, one month later I felt the taste of freedom again, away from all the bullshit. Totally one of the best feelings out there.
I don't want to be cliche, but do believe in yourself people! Things are not what the seem.
With all that said, I want to give my special thanks to devRant for making this platform. I was inactive for some time but I was reading rants and jokes. It helped me to get through all that. I'm back now! Bless you devRant!
I'm glad that I shared this story with all of you, have an awesome day!17
What seems to be the problem? Oh, is your wordpress site hacked/infected with malware?
So I guess you decided to disable updates because it might break your shitty little site? And I guess you thought those warnings you got from me and multiple colleagues about what could happen when you didn't update your wordpress bullshit weren't that serious?
Hold on, you want *US* to restore *YOUR* hosting backups?
Go clean up your own fucking bullshit. But, before you click that restore button, please take a cactus, carve 'I am a stupid wordpress cunt' into it, dip it in a bathtub of with blood mixed-infected cum and shove it up your ass.
Oh yeah I'm aware that that won't help your situation but it might keep you from reproducing and at least it'll give me some satisfaction.23
I'm getting ridiculously pissed off at Intel's Management Engine (etc.), yet again. I'm learning new terrifying things it does, and about more exploits. Anything this nefarious and overreaching and untouchable is evil by its very nature.
(tl;dr at the bottom.)
I also learned that -- as I suspected -- AMD has their own version of the bloody thing. Apparently theirs is a bit less scary than Intel's since you can ostensibly disable it, but i don't believe that because spy agencies exist and people are power-hungry and corrupt as hell when they get it.
For those who don't know what the IME is, it's hardware godmode. It's a black box running obfuscated code on a coprocessor that's built into Intel cpus (all Intell cpus from 2008 on). It runs code continuously, even when the system is in S3 mode or powered off. As long as the psu is supplying current, it's running. It has its own mac and IP address, transmits out-of-band (so the OS can't see its traffic), some chips can even communicate via 3g, and it can accept remote commands, too. It has complete and unfettered access to everything, completely invisible to the OS. It can turn your computer on or off, use all hardware, access and change all data in ram and storage, etc. And all of this is completely transparent: when the IME interrupts, the cpu stores its state, pauses, runs the SMM (system management mode) code, restores the state, and resumes normal operation. Its memory always returns 0xff when read by the os, and all writes fail. So everything about it is completely hidden from the OS, though the OS can trigger the IME/SMM to run various functions through interrupts, too. But this system is also required for the CPU to even function, so killing it bricks your CPU. Which, ofc, you can do via exploits. Or install ring-2 keyloggers. or do fucking anything else you want to.
tl;dr IME is a hardware godmode, and if someone compromises this (and there have been many exploits), their code runs at ring-2 permissions (above kernel (0), above hypervisor (-1)). They can do anything and everything on/to your system, completely invisibly, and can even install persistent malware that lives inside your bloody cpu. And guess who has keys for this? Go on, guess. you're probably right. Are they completely trustworthy? No? You're probably right again.
There is absolutely no reason for this sort of thing to exist, and its existence can only makes things worse. It enables spying of literally all kinds, it enables cpu-resident malware, bricking your physical cpu, reading/modifying anything anywhere, taking control of your hardware, etc. Literal godmode. and some of it cannot be patched, meaning more than a few exploits require replacing your cpu to protect against.
And why does this exist?
Ostensibly to allow sysadmins to remote-manage fleets of computers, which it does. But it allows fucking everything else, too. and keys to it exist. and people are absolutely not trustworthy. especially those in power -- who are most likely to have access to said keys.
The only reason this exists is because fucking power-hungry doucherockets exist.27
One comment from @Fast-Nop made me remember something I had promised myself not to. Specifically the USB thing.
So there I was, Lieutenant Jr at a warship (not the one my previous rants refer to), my main duties as navigation officer, and secondary (and unofficial) tech support and all-around "computer guy".
Those of you who don't know what horrors this demonic brand pertains to, I envy you. But I digress. In the ship, we had Ethernet cabling and switches, but no DHCP, no server, not a thing. My proposition was shot down by the CO within 2 minutes. Yet, we had a curious "network". As my fellow... colleagues had invented, we had something akin to token ring, but instead of tokens, we had low-rank personnel running around with USB sticks, and as for "rings", well, anyone could snatch up a USB-carrier and load his data and instructions to the "token". What on earth could go wrong with that system?
We got 1 USB infected with a malware from a nearby ship - I still don't know how. Said malware did the following observable actions(yes, I did some malware analysis - As I said before, I am not paid enough):
- Move the contents on any writeable media to a folder with empty (or space) name on that medium. Windows didn't show that folder, so it became "invisible" - linux/mac showed it just fine
- It created a shortcut on the root folder of said medium, right to the malware. Executing the shortcut executed the malware and opened a new window with the "hidden" folder.
Childishly simple, right? If only you knew. If only you knew the horrors, the loss of faith in humanity (which is really bad when you have access to munitions, explosives and heavy weaponry).
People executed the malware ON PURPOSE. Some actually DISABLED their AV to "access their files". I ran amok for an entire WEEK to try to keep this contained. But... I underestimated the USB-token-ring-whatever protocol's speed and the strength of a user's stupidity. PCs that I cleaned got infected AGAIN within HOURS.
I had to address the CO to order total shutdown, USB and PC turnover to me. I spent the most fun weekend cleaning 20-30 PCs and 9 USBs. What fun!
What fun, morons. Now I'll have nightmares of those days again.9
(I wrote most of this as a comment in reply about Microsoft buying GitHub on another rant but decided to move it here because it is rant worthy. Also, no, I'm not a Microsoft employee nor do I have any Microsoft stock).
Microsoft buying GitHub makes sense. They contribute more to the open source community on GitHub than any other company. (Side note, they also contribute/have contributed to the Linux Kernel).
Steve Ballmer isn't running the show anymore. Because of that, we have awesome things like:
* Visual Studio Code - Completely free and powerful light weight IDE for coding in just about any script or language. This IDE is also open source, hosted on GitHub. It can be installed on Win/Mac/Linux.
* Visual Studio Community Edition: fully featured flagship IDE free for solo developers and students, can be installed on Win/Mac.
* Fully featured Sql Server running in a Docker container.
* .Net Core, which can be compiled to native binaries of Windows, MacOS AND Linux. You can't even do that with Java, you have to first have the JVM installed in order to run any kind of Java code on any of those operating systems. .Net Core is also an absolutely beautiful framework with so many features at your disposal.
Yes, they've done bonehead things in the past but who/which company hasn't. Yes, they have Cortana. Yes, they force Bing on you when searching with Cortana (does anyone actually regularly use Cortana? Or Bing?). Yes, their operating system costs money. Yes, their malware-style Upgrade-to-Windows-10 tactics were evil and they admitted such. Yes, they brought ads and other unfortunate things to Skype. I'd be lying if I said I wasn't concerned about that Skype bit translating over into GitHub. BUT, the fact that so many of their employees use GitHub daily means they are dogfooding the platform, which is a positive thing.
Despite the flaws, from the perspective of a software engineer they really should be given a lot of credit for all these new directions they are moving in now. They directly aim to help and contribute to the developer community. Plus, Windows 10 is finally getting a dark theme! haha.
I think Microsoft buying GitHub makes a lot of sense. Of course do what you want about it, feel how you want about it, but casting the same ol' shade at them for anything they do seems a bit like automatic reflex more than anything else.
I'm bracing myself for the impending wave of angry hornets from the nest I just kicked. In all seriousness though, I welcome discussion on the topic even if you feel differently than I do. I'm not saying there's no reason to dislike them, just saying there are lots of new reasons to hate them less and/or appreciate what they are doing now.20
"Thank you for choosing Microsoft!"
No Microsoft, I really didn't choose you. This crappy hardware made you the inevitable, not a choice.
And like hell do I want to run your crappy shit OS. I tried to reset my PC, got all my programs removed (because that's obviously where the errors are, not the OS, right? Certified motherfuckers). Yet the shit still didn't get resolved even after a reset. Installing Windows freshly again, because "I chose this".
Give me a break, Microshaft. If it wasn't for your crappy OS, I would've gone to sleep hours ago. Yet me disabling your shitty telemetry brought this shit upon me, by disabling me to get Insider updates just because I added a registry key and disabled a service. Just how much are you going to force data collection out of your "nothing to hide, nothing to fear" users, Microsoft?
Honestly, at this point I think that Microsoft under Ballmer might've been better. Because while Linux was apparently cancer back then, at least this shitty data collection for "a free OS" wasn't yet a thing back then.
My mother still runs Vista, an OS that has since a few months ago reached EOL. Last time she visited me I recommended her to switch to Windows 7, because it looks the same but is better in terms of performance and is still supported. She refused, because it might damage her configurations. Granted, that's probably full of malware but at this point I'm glad she did.
Even Windows 7 has telemetry forcibly enabled at this point. Vista may be unsupported, but at least it didn't fall victim to the current status quo - data mining on every Microshaft OS that's still supported.
Microsoft may have been shady ever since they pursued manufacturers into defaulting to their OS, and GPU manufacturers will probably also have been lobbied into supporting Windows exclusively. But this data mining shit? Not even the Ballmer era was as horrible as this. My mother may not realize it, but she unknowingly avoided it.6
Ugh, fxk. I got a promotion, I'm now a team lead for 4 developers, and I fxking hate it.
They never asked me if I wanted the position, they just threw me into it this week. They ripped me away from the team I had great chemistry with and put me on this other team with people I have no connection with.
To make matters worse, I'm also responsible for production servers of the clients of this team, one has malware even.
On top of all of this, they made me move desks for a new developer to fill my spot.
How do you demote yourself? Why would a company want someone to perform poorly (on purpose, I don't care) than to just keep their employee happy?
Had the Windows Insider Preview for a month or so to get Ubuntu Subsystem early back when it was Insider-only.
Turns out that your license policy changes when you use Preview builds: if your PC isn't updated to a certain build by checkpoints set throughout the year, your license expires and you have to reinstall Windows. No way to recover anything already on the device. So if you get Insider Preview and shut your laptop off for too long...
Thus began a killer combo attack on my Surface Pro 3.
While trying to figure out what was going on and loading up a recovery on a flash drive, the Surface Pro 3 BIOS was sitting idle behind me. On 100% CPU. The only reason I think this is that by the time I noticed the insane fan noise, the screen was hot enough to burn my finger as I tried to turn it off. The heat sensor triggered it to shut off before I could, though.
That heat sensor, however, won't turn it off if it's busy installing Windows, supposedly to keep anything from getting hopelessly corrupted. What followed we're 3 hours of fan whirring from a slab of metal hot enough to cook an egg with.
Windows is back and working. The battery indicator, however, melted during reinstallation. And the battery lasts an hour, max. Thankfully I'm not out of a tablet, but it seems to me that W10 is becoming more and more like malware, just waiting for you to activate one of it's delightful payloads.4
Before 10 years, a WordPress site hacked with sql injection. They had access to site, they modified many php files and installed commands to download random malwares from over the internet.
At first I didn't know that it hacked and I was trying to remove any new file from the server. That was happening every 1-2 days for a week.
Then I decided to compare every WordPress file with the official, it was too many files, and I did it manually notepad side notepad!! :/
Then I found about over 50 infected files with the malware code.
Cleaned and finished my job.
No one else knows that I did a lot of hard job.2
There has been a lot of confusion on devrant lately as to whether windows sucks or not. Let me clear it up for you quickly; from the checked c compiler from Microsoft research:
‘*Note:* do not use the words “install”, “setup”, or “update” in test names where the files will be compiled and executed. Windows x86 has heuristics that decide executables with those words in the name need elevated privileges to run because they might be an installer, even if they don’t actually install anything. Documentation is here: https://msdn.microsoft.com/en-us/...
I say this every week, but if you are being a Windows fanboy and defending it and calling Linux engineers stupid, you need therapy. There is no argument.
This is just like the wonderful surprises that I used to receive day after day when I was a Windows user. For those who don’t understand this basically says Windows tries to use “a heuristic” which in this case I’m fairly certain is a fancy way of saying whitelist based on how easy this problem is, to decide whether to launch these programs with super user privileges. So if you want to make malware for Windows, just call it installer!61
Taking IT classes in college. The school bought us all lynda and office365 accounts but we can't use them because the classroom's network has been severed from the Active Directory server that holds our credentials. Because "hackers." (The non-IT classrooms don't have this problem, but they also don't need lynda accounts. What gives?)
So, I got bored, and irritated, so I decided to see just how secure the classroom really was.
So I created a text file with the following rant and put it on the desktop of the "locked" admin account. Cheers. :)
1. don't make a show of "beefing up security" because that only makes people curious.
I'm referring of course to isolating the network. This wouldn't be a problem except:
2. don't restrict the good guys. only the bad guys.
I can't access resources for THIS CLASS that I use in THIS CLASS. That's a hassle.
It also gives me legitimate motivation to try to break your security.
3. don't secure it if you don't care. that is ALSO a hassle.
I know you don't care because you left secure boot off, no BIOS password, and nothing
stopping someone from using a different OS with fewer restrictions, or USB tethering,
or some sort malware, probably, in addition to security practices that are
wildly inconsistent, which leads me to the final and largest grievance:
4. don't give admin priveledges to an account without a password.
seriously. why would you do this? I don't understand.
you at least bothered to secure the accounts that don't even matter,
albeit with weak and publicly known passwords (that are the same on all machines),
but then you went and left the LEAST secure account with the MOST priveledges?
I could understand if it were just a single-user machine. Auto login as admin.
Lots of people do that and have a reason for it. But... no. I just... why?
anyway, don't worry, all I did was install python so I could play with scripting
during class. if that bothers you, trust me, you have much bigger problems.
I mean you no malice. just trying to help.
For real. Don't kick me out of school for being helpful. That would be unproductive.
Plus, maybe I'd be a good candidate for your cybersec track. haven't decided yet.
-- a guy who isn't very good at this and didn't have to be
have a nice day <3
oh, and I fixed the clock. you're welcome.2
Some of the penguin's finest insults (Some are by me, some are by others):
Disclaimer: We all make mistakes and I typically don't give people that kind of treatment, but sometimes, when someone is really thick, arrogant or just plain stupid, the aid of the verbal sledgehammer is neccessary.
"Yeah, you do that. And once you fucked it up, you'll go get me a coffee while I fix your shit again."
"Don't add me on Facebook or anything... Because if any of your shitty code is leaked, ever, I want to be able to plausibly deny knowing you instead of doing Seppuku."
"Yep, and that's the point where some dumbass script kiddie will come, see your fuckup and turn your nice little shop into a less nice but probably rather popular porn/phishing/malware source. I'll keep some of it for you if it's good."
"I really love working with professionals. But what the fuck are YOU doing here?"
"I have NO idea what your code intended to do - but that's the first time I saw RCE and SQLi in the same piece of SHIT! Thanks for saving me the hassle."
"If you think XSS is a feature, maybe you should be cleaning our shitter instead of writing our code?"
"Dude, do I look like I have blue hair, overweight and a tumblr account? If you want someone who'd rather lie to your face than insult you, go see HR or the catholics or something."
"The only reason for me NOT to support you getting fired would be if I was getting paid per bug found!"
"Go fdisk yourself!"
"You know, I doubt the one braincell you have can ping localhost and get a response." (That one's inspired by the BOFH).
"I say we move you to the blockchain. I'd volunteer to do the cutting." (A marketing dweeb suggested to move all our (confidential) customer data to the "blockchain").
"Look, I don't say you suck as a developer, but if you were this competent as a gardener, I'd be the first one to give you a hedgetrimmer and some space and just let evolution do its thing."
"Yeah, go fetch me a unicorn while you're chasing pink elephants."
"Can you please get as high as you were when this time estimate come up? I'd love to see you overdose."
"Fuck you all, I'm a creationist from now on. This guy's so dumb, there's literally no explanation how he could evolve. Sorry Darwin."
"You know, just ignore the bloodstain that I'll put on the wall by banging my head against it once you're gone."2
rant || !rant
My father-in-law wants me to buy a new computer for him. He's currently using an old Acer minitower running more malware than real software on shitty Windows Vista. He only uses Email (Outlook 2003), Facebook and Youtube. I'm gonna get him a MSI Cubi Intel N3700/4GB/120GB SSD with Linux Mint and problem solved. No more malware/virus calls from him. I'm installing Mint on Vbox right now and I'm loving it from second 0.16
I've just revived an old desktop computer today. Turns out that it was running Windows XP, Avast free antivirus, and had Bearshare as a default search engine (in other words, that thing is NOT going to be connected to my network).
But, it also had Chrome installed. So I thought to myself, with 1.25GB of RAM, there's no way that it could run Chrome smoothly. Opened it, and....
It consumed 80MB of RAM. 80 MEGABYTES. And that's not even a clean installation of it, it's a (likely) malware-infested one from a user! Compare that to the Chrome of today.21
So... Intense pillowtalk with the wife the other night regarding the coming enforcement of the new General Data Protection Regulation (GDPR) law in the EU after a while turns into nerdy dirty talk.
Me: *Whisper in a sleazy voice like the dirty malware that I am*: So... Why don't you just open up all your inbound firewall ports for me...
Her: Hell no... But I might just make an exception in the private domain just for you...4
A guy who's parked next to me in the RV asked me today if I know anything about computers. Sure, what's it about?
He has forgotten his password for a Word .doc file, already installed all possible tools for password cracking, but none of them worked, and now
he can't find his vacation photos and surfing the internet suddenly doesn't work anymore.
Okay, no problem, I'll take a look at it. Windows 7 Home Edition, completely covered with malware, everywhere popups with pr0n ads.
I told him that I can't do much more than trying to recover the data and reinstall the OS. But before that, I'll make a image of the hard drive (thank god, only a 250 GB hdd). Then we'll see.
Unfortunately neither he nor I have a Windows DVD, so he will probably become a proud user of Antergos tomorrow.5
What kind of developer are you and what is your opinion on other development areas?
Me: Junior dev, oriented towards full stack and Android(with a sysadmin background):
-Low-level(kernel development, embedded, drivers, operating systems, reverse engineers)- Badass, I wish I could do that.
-Mobile apps- awesome but too high level sometimes.
-Full stack/Backend- awesome.
-Web Frontend- fuck HTML+CSS. JS is cool I guess.
-Enterprise applications(e.g SAP) Pajeet, my son.
-Malware development- Holy shit that is awesome.
-Video Game development- was my dream since childhood.
-Desktop apps- No opinion.5
This was a long time ago, when I was working part time in my uni helpdesk. as part of the uni IT service, they offered ISP services at the dorms. It was cheap, and fast. This essentially allowed students living in the dorms to connect thier personal computers to the uni LAN. Then one day...
An ARP poison malware infected some of those computers. An arp poison attack is simple (look at ettercap) - it redirects network traffic via the affected computer, and adds malware to webtraffic to infect more computers. One of these on a network is bad enough, but when there more then one... traffic was redirected a lot. this caused the Dorm switches to collapse under the load. Fun times to work at the helpdesk...
The IT guys came up with a solution for this: they blocked the arp poision attacks at the firewall, and then disabled the switch port for the infected computer for 24 hours. so, when someone called with 'I have no internet!', we told them to bring us the computer, and installed an AV on it.
3-4 month the problem was cleared.1
So one of my clients got their wordpress site hacked and basically just redirects to scam links and well.. I looked at in the server file manager and their are like three directories with this wordpress site (not clones but the same?) one in the root, a version in a folder called old and another in temp.. with 3 separate wp databases.. DNS entries had malware redirects, the wp-content folder was writable to the public and contained a temp folder with tons of encoded malware and ip links to malicious sites.. there was encoded malware in index.php, has like 20+ plugins, oh and the theme uses a dynamic web builder so the code is basically unreadable in source and scattered.. and the redirects seem to happen randomly or at least on a new session or something. Oh.. and did I mention there are no backups? 😃2
"Suggest an AV/AM product, Avast refuses to install."
I do malware research as a hobby and have for a while, so I can generally spot when something's up before I even run a program. If i'm unsure about it (or know something's up and wanna see its effects for S&Gs) I throw it into one of a variety of VMs, each with a prepped, clean, standardized "testing" state.
I see no point to AV/AM products, especially as they annoy me more than anything since they can't be told not to reach into and protect VMs (thereby dirtying up my VM state, my research, crashing the VM hypervisor and generally being *really* annoying) and they like to erase samples from a *read-only, MOUNTED* VHDX.
However, normal people need them, so I usually suggest this list:
• MBAM is good and has a (relatively) low memory footprint, but doesn't have free realtime protection.
• Avast is very good as it picks up a lot, but it eats a FUCKTON of resources. It also *really* likes to crash VM hypervisors if it sees anything odd in them.
• AVG is garbage. Kill it with fire.
• Using Windows Defender is like trying to block the rain with an umbrella made of 1-ply toilet paper.
• herdProtect is amazing as it's basically a VirusTotal client but it's web-based and not currently available to be downloaded. (Existing copies still work!)
• Kaspersky. Yes, it spied on US gov't workers. No, they don't care about anyone BUT US gov't workers. Yes, it's pretty good.
• BitDefender: *sees steam game* "Is this ransomware?"
hope this helps15
Just finished setting up PiHole on my RaspberryPi.... no more adblock extensions with shitty performance... no more custom hosts files... and network level adblocking for all devices...
oh, and I added so many lists that it now blocks about 350k domains (ads and malware)
Today was a good day.. time to hibernate...4
>80 apps removed from Google Play for being adware but they were trending
Welp... let's get hunting, they'll look nice in my malware collection!3
Each time I try firefox after somebody mentions it again or it's in my rss feed, it still seems to never actually advance
It's stuck and either gets worse or goes back to its stable non improving level again, how come do they still not have a proper mobile responsive tester, why are even the upgraded addons still suffering the same container and rendering bugs
how is it more important getting bad image by implementing mr robot malware, than getting on an actual competitive level
why is it default bloated with random pocket addon bullshit, why did it begin to lag, ..
I remember when I was using firefox for a good portion of my life and laughed at how google chrome is laggy, but nowadays theres simply no competition to chrome, its stability and developer tools
I wish there was competition, the grid tools were a great start, but then nothing followed and they just went back to their never improving flatline16
For the last 20 years, there's one thing I've not been able to do reliably:
Share a folder on a windows computer.
Why the fuck can I write /etc/smb.conf from scratch with a blindfold on and make it securely work from all client devices including auth & acl, but when I rightclick and share on windows it's either playing hide and seek on the network (is it hiding behind //hostname/share? No? Maybe in the bushes behind the IP addresses?), or it's protected by mysterious logins requiring you to sacrifice two kittens a day.
Yes, finally it works! One windows update later... aaaand it's gone.
JUST GIVE ME A FUCKING CONF AND A MAN PAGE, MICROSOFT. I DON'T CARE THAT YOU'RE ORALLY PLEASING ALL THESE MALWARE RIDDEN GUISLUTS ON THE SIDE, JUST GIVE ME A FUCKING TEXT FILE TO STORE AND EDIT.4
Ok seriously is Microsoft mining Bitcoin on my computer? If I leave it idle for >5 minutes it starts using intense amounts of CPU and I have no clue why (doesn't show up in task manager, all the processes added up in taskmgr are like 15% max). It's super annoying since I have a razer and high cpu turns on BOTH VERY LOUD FANS.
I checked for malware and stopped any update or useless background tasks (cortana, indexing, etc) and it has not helped one bit. If I click the screen or move the mouse it subsides immediately.
(No, I won't get a mac--I have two and they lacks compatibility with the software I need as well as the specs for what I usually work with)14
A client's site got malware infected, so we decided to remove everything and replace the site with a fresh WordPress installation (very basic site with 4 pages of content).
Contacted iPage live support asking them to check and unsuspend the account (with no files on it), but they kept on insisting that I buy their "firewall" and "SiteLock" services, with zero reply related to suspension. I've had live chat with many other hosting companies, never had such a lousy fucked up conversation. Without providing technical support, they keep marketing their useless expensive services. Fuck you iPage, you just lost a customer.2
Back in grammar school we started programming in TI-Basic on a TI89 Titanium as it was part of math class (calculus and geometry). I didn't really understand much because the teacher thought it was a great idea to start with recursively calculating GCD (and we were in a sort of "linguist profile", nobody had ever touched a line of code in their lives before). I still liked it though and by some coincidence I got an old Win95 compaq notebook to play with from a friend.
I started playing around with the CMD prompt and batch files and could apply some of the things I had learned on the TI, like GOTO or If statements. I still didn't know what I was doing of course, and so it happened that I used the > file pipe when trying to compare two values. Suddenly there was a file with some code fragments and I started to get what I had done. I put the file pipe into an endless GOTO loop and was amused how those few lines filled up the whole desktop with nonsense files. I went on to refine this a little so I could control it with another file that acted as a kill switch when present. Over the next weeks I played some more with it and made it write out and start another batch file that would check whether the original script was still there and recreate it if not.
That notebook was so large and heavy I could not bring it to school, so I wrote all code by hand on paper and typed it in when I got home, that way I could still code in class when I was bored and no one would notice.
So my first ever "program" that I wrote myself was some lousy malware.5
Just got a lovely update on Windows 10. It pops up on login and informs me of this great new browser called edge. Then it fucking takes over the screen and gives me one fucking option: "Get Started". I cannot escape, I cannot close the app, I cannot right click the app icon on the toolbar and close this POS. My only option is to fucking ctrl-alt-del and kill this piece of garbage. You also cannot uninstall this shit either. I even found a thread where the MS guy was trying to help them uninstall, but the end result is that you cannot on newer Windows 10. So I have this POS thing that keeps updating flash and other shit periodically that is nothing but a security hole. Now I never want to ever run this garbage.
The irony is this. I have read a lot of good things about Edge. I was considering it as an alternative to Chrome for specific use cases. Now I absolutely no longer want to run this fucktard pos software. This one experience has now tarnished any gains MS has in the browser arena. It is just more overbearing malware being pushed by assholes. Tech these days is defined by assholes. Apple is assholes, Google is bigger assholes, and MS is still the classic assholes.
Microsoft LET ME FUCKING JUST WORK! Is this not the pro version or what?
Fuck you edge and your pos os.
Now I feel better!
Edit: That was a rendition of the evil caption Kirk from episode 27.10
I really don't get why creators of already-suspicious looking software (and the related suspicious looking website) put terms like "NO VIRUS" or "100% free of malware" next to the download area.
I mean, why would that help anything?
(I understand those typical virustotal scan widgets though, those are fine)1
I wrote a parody of Sound of Silence based on the struggles of cleaning up people's shit in the shop
Hello problems, my old friends
I've come to talk with you again
Because a driver softly creeping
Left its seeds while RAM was leaking
And the vision that was planted in my brain
Within the sound of crashing
In restless dreams I walked alone
Narrow bands of networking
'Neath the halo of a burned-out fan
I turned my collar to the hot and spinning
When my eyes were stabbed by the flash of an LED light
That split the night
And touched the sound of crashing
And in the naked light I saw
Ten thousand tasks, maybe more
Programs malloc with no swap
Programs writing with no space
Programs writing bits that voices never play
And no one dared
Disturb the sound of crashing
"Fools, " said I, "You do not know
Malware, like a plague, it grows
Hear my words that I might teach you
Take my tools that I might help you"
But my words, like silent raindrops fell
And echoed in the wells, of crashing
And the programs bowed and prayed
To the malware god they made
And Windows flashed out its warning
In the words that it was forming
And Windows said, "The words of the prophets are written in the event log
And dumped over COM"
And whispered in the sounds of crashing3
Why do windows users keep installing those bloated anti viruses and firewalls that just slow the hack of their system when windows essentials is enough with near to no impact
Those are the same people that got their system full with malware4
For those of you who want something comparable to the full Dark themes people have used on Linux for years here's a high contrast windows theme that doesn't look like garbage. I'm absolutely in love with it and will never go back. It's my favorite theme since the Windows classic theme. Also it's just a theme profile, so no worries about modding files or installing some malware infested theme manager.
Whelp, I made the switch to android about a week ago. Didn't go two days without getting malware on it. I only browse hacker news and used devRant, standard messaging app, no root, so no shady things, just fairly standard things besides devRant. When I called Samsung support, they said it was a known issue and sent me some links to some forums where people were having the same issues. After digging through those threads, there was an official answer from Samsung saying they weren't going to fix the issue (at least in any foreseeable future). That's unacceptable for a phone that was released less than a year ago.
I'm done with Samsung phones for good. I might come back to Android on a google phone.
I hate how Android is distributed and the manufacturers don't take ownership of their issues. They just work on the new phone without caring for anything older than 6 months. If I had to get a new phone every time a major security issue was found and the company refused to fix it, I'd spend more money than on an iPhone.
It seems like Google keeps their devices up to date better, presumably because they have better control of OS releases. But non-google Android devices are dead to me.
Back to my iPhone for now...
🎵sad Charlie Brown music🎵9
Tody I finally decided to go Google free in my device. Now I have 0 Google services in my phone and so far I'm loving it.
All apks can be found on apkmirror and f-droid but devRant is not available on any of those platforms so I have to restore my previous backed up apk from playstore.
Yeah and I'm not on any socialmedia whatsoever like FaceCrap and InstaHeadache. Feels like my phone would last for 2 days on single charge.2
I have no idea why and how people get adware/malware/spyware/viruses, ransomware, and the like on Windows machines. I've been using Windows since I was a small child and on the machines I've used (mainly my older brother's), automatic updates were always off. I only had a virus issue once because I was small didn't know what I was doing at the time, but that was easily fixed by my brother.
Bottom line: Fuck Windows and all the drivers it broke that one time I decided to enable updates
P.S. I started using Linux a few years ago, and it's been pretty wonderful! I've used dozens of different distros, but I still can't get away from Windows because games, certain programs, and compatibility issues (like some drivers and devices not properly working in Linux), so oh well6
Microsoft ends support for Windows 7
Support for Windows 7 ended this week which means that security or software updates will no longer be provided by Microsoft.
Windows 7 will continue to run however it will be more vulnerable to viruses and malware. The best way to remain secure is to use the latest operating system available.
Microsoft have a dedicated webpage for user questions, next steps and detailed advice. 👇
TL;DR - Getting married can lead to installing life malware.
A young husband wrote this to a Systems Analyst -
(Marriage Software Div);
Dear Systems Analyst,
I am desperate for some help! I recently upgraded my program from Girlfriend 7.0 to Wife 1.0 and found that the new program began unexpected Child Processing and also took up a lot of space and valuable resources. This wasn't mentioned in the product brochure.
In addition Wife 1.0 installs itself into all other programs and launches during systems initialization and then it monitors all other system activities.
Applications such as "Boys' Night out 2.5" and "Golf 5.3" no longer run, and crashes the system whenever selected.
Attempting to operate selected "Soccer 6.3" always fails and "Shopping 7.1" runs instead.
I cannot seem to keep Wife 1.0 in the background whilst attempting to run any of my favorite applications. Be it online or offline.
I am thinking of going back to "Girlfriend 7.0", but uninstall doesn't work on this program. Can you please help?
.... The Systems Analyst replied:
This is a very common problem resulting from a basic misunderstanding of the functions of the Wife 1.0 program.
Many customers upgrade from Girlfriend 7.0 to Wife 1.0 thinking that Wife 1.0 is merely a UTILITY AND ENTERTAINMENT PROGRAM.
Actually, Wife 1.0 is an OPERATING SYSTEM designed by its Creator to run everything on your current platform.
You are unlikely to be able to purge Wife 1.0 and still convert back to Girlfriend 7.0, as Wife 1.0 was not designed to do this and it is impossible to uninstall, delete or purge the program files from the System once it is installed.
Some people have tried to install Girlfriend 8.0 or Wife 2.0 but have ended up with even more problems. (See Manual under Alimony/Child Support and Solicitors' Fees).
Having Wife 1.0 installed, I recommend you keep it Installed and deal with the difficulties as best as you can.
When any faults or problems occur, whatever you think has caused them, you must run the.........
C:\ APOLOGIZE\ FORGIVE ME.EXE Program and avoid attempting to use the *Esc-Key for it will freeze the entire system.
It may be necessary to run C:\ APOLOGIZE\ FORGIVE ME.EXE a number of times, and eventually hope that the operating system will return to normal.
Wife 1.0, although a very high maintenance programme, can be very rewarding.
To get the most out of it, consider buying additional Software such as "Flowers 2.0" and "Chocolates 5.0" or "HUGS\ KISSES 6.0" or "TENDERNESS\ UNDERSTANDING 10.0" or "even Eating Out Without the Kids 7.2.1" (if Child processing has already started).
DO NOT under any circumstances install "Secretary 2.1" (Short Skirt Version) or "One Nightstand 3.2" (Any Mood Version), as this is not a supported Application for Wife 1.0 and the system will almost certainly CRASH.
I'm not sure if this is a repost - if it is I apologise, but it's too good not to share.1
Ok ok ok. I see y'all have nice plans for the new year. Some of you even made a list that will be barely completed or remain unchecked.
Let me tell you my real issues/plans for 2020.
- First things first, I have to update the documentation of the projects that I maintain. Especially the copyright information. (2019 -> 2020)
- I have to check if any of the old software that I use is broken because of the year/date bugs. (you know, that happens)
- And finally I should check my Windows PC. If it's still OK than it means that no malware/virus is activated with a year payload. (it happens too, watch @danooct1 on YT)
Hope it helps someone.1
I know this question sounds dumb but when i google 50% say no and 50% say yes. So my question is, can i spread (a Fileless) Malware with cookies?8
I use a Windows 10 OS and the browser popup sometime (not always so it hard to debug) when I open my computer.
Does the browser goes to other website?No the browser just show default page.
Is it a malware?I always keep my update AV so I am not sure.16