Here's the uptime on my PBX:



Does Windows even do phones?

 

This is the sort of Windows crap you get with the systemd universe polluting Linux. "It's a dessert topping! No, it's a floor wax!"

"is more fun to use than sudo", i.e., "it will tint your terminal background"
https://outpost.fosspost.org/d/19-systemd-wants-to-expand-to-include-a-sudo-replacement

 

Here's the uptime on my PBX:

View attachment 321295

Does Windows even do phones?

PBX my @SS, here's a real, engineers PBX:



Uptime is seventeen years and counting.

 

PBX my @SS, here's a real, engineers PBX:

View attachment 321362

Uptime is seventeen years and counting.

I'd like to take a large hammer on that.
Tuning those switches with the special tools brings back bad memories. I once repaired Navy ship PBX systems. The only good thing about the old Strowger systems was EMP resistance.

 

https://www.bleepingcomputer.com/ne...-april-windows-updates-break-vpn-connections/
Microsoft says April Windows updates break VPN connections

While there is no workaround for this issue on affected systems until Microsoft provides a fix, you can uninstall the security updates to temporarily address the VPN problems.

"To remove the LCU after installing the combined SSU and LCU package, use the DISM/Remove-Package command line option with the LCU package name as the argument. You can find the package name by using this command: DISM /online /get-packages," Microsoft says.

However, it's important to note that Redmond includes all security fixes in a single update. Hence, removing cumulative updates removes all fixes for patched security vulnerabilities in addition to resolving VPN issues.

 

https://www.bleepingcomputer.com/ne...-april-windows-updates-break-vpn-connections/
Microsoft says April Windows updates break VPN connections

SOBs ...

 

https://www.reuters.com/world/us/fb...ered-spider-hackers-official-says-2024-05-10/
FBI working towards nabbing Scattered Spider hackers, official says

The young hackers grabbed headlines last year when they broke into the systems of casino-operators MGM Resorts International (MGM.N), opens new tab and Caesars Entertainment (CZR.O), opens new tab, locking up the companies' systems and demanding hefty ransom payments. From health and telecom companies to financial services, they have hacked a range of organisations over two years, piling pressure on law enforcement agencies to thwart them.
"We are working towards charging individuals where we can with criminal conduct, in this case, largely around the Computer Fraud and Abuse Act," Brett Leatherman, the FBI's cyber deputy assistant director, told Reuters in an interview.
The group was a rare alliance of hackers in Western countries with veteran cybercriminals from eastern Europe, he said on the sidelines of the RSA Conference in San Francisco Wednesday.
"Often we don't see that mingling of geographical hackers working together outside the confines of like hacktivism, for example," he said.

 

https://www.reuters.com/world/us/fb...ered-spider-hackers-official-says-2024-05-10/
FBI working towards nabbing Scattered Spider hackers, official says

Ummm...yeah. A press release saying "We're closing in on you!"

Now they just have to watch the airlines and see which suspected Scattered Spiders skedadle (alteration never hurt anyone -- alloteration, well, you know.).

 

Ummm...yeah. A press release saying "We're closing in on you!"

Now they just have to watch the airlines and see which suspected Scattered Spiders skedadle (alteration never hurt anyone -- alloteration, well, you know.).

When you release a statement like that, one of two things are usually true.
1. You know exactly where they are and how many times they took a dump in the last 24hrs but are looking for a rat to tie-up the case with a bow.
2. You already have a rat and are hoping for a rabbit you can turn into another rat.

https://www.justice.gov/usao-mdfl/p...e-fraud-and-aggravated-identity-theft-charges

Jacksonville, Florida – United States Attorney Roger B. Handberg announces the return of an indictment charging Noah Michael Urban (19, Palm Coast), a/k/a “Sosa,” a/k/a “Elijah,” a/k/a “King Bob,” a/k/a “Anthony Ramirez,” with one count of conspiracy to commit wire fraud, eight counts of wire fraud, and five counts of aggravated identity theft. If convicted, Urban faces up to 20 years in federal prison on each wire fraud charge. He also faces a minimum mandatory penalty of 2 years’ imprisonment for the aggravated identity offenses which will run consecutive to any other prison sentence imposed. Urban was arrested on January 9, 2024.

https://krebsonsecurity.com/tag/noah-michael-urban/

On Jan. 9, 2024, U.S. authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. Sources close to the investigation tell KrebsOnSecurity the accused was a key member of a criminal hacking group blamed for a string of cyber intrusions at major U.S. technology companies during the summer of 2022.

https://thehackernews.com/2024/02/belarusian-national-linked-to-btc-e.html
Belarusian National Linked to BTC-e Faces 25 Years for $4 Billion Crypto Money Laundering

 

I haven't seen this discussed on the forum yet:

This is an example of one of the common fallacies pushed by proponents of the open-source community -- that there are so many eyes reviewing everything that it's virtually impossible for malicious code to make it in. While there's certainly some validity to that position in many situations, such as reviewing new crypto algorithms and protocols versus relying on security through obscurity, a OS like Linux is so complex that many parts of it are only maintained and reviewed by an extremely small number of people -- and bad guys know this and devise ways to exploit it.

Sure am glad that someone at the evil Microsoft Corp caught it and sounded the alarm.

 

I haven't seen this discussed on the forum yet:

We have discussed it.

This is an example of one of the common fallacies pushed by proponents of the open-source community -- that there are so many eyes reviewing everything that it's virtually impossible for malicious code to make it in.

And this is exactly what happened...

...someone at the evil Microsoft Corp...

Two of the many eyes.

 

Open source has good and bad points I suppose. Having multiple developers able to scrutinize changes and approve them before merging the change is great, as is the automatic execution of batches of unit tests on the resulting code.

A problem though is the "Issues" list, you can look in Github at most open source libraries and you'll see issues filed months ago that are not replied to and bug reports that never get progressed.

Giants like Microsoft keep their issues list under control but small teams, small libraries and stuff only have a small team and so committing to some library is a big risk unless one is prepared to make changes themselves and try to get them approved and merged in.

 

I haven't seen this discussed on the forum yet:

This is an example of one of the common fallacies pushed by proponents of the open-source community -- that there are so many eyes reviewing everything that it's virtually impossible for malicious code to make it in. While there's certainly some validity to that position in many situations, such as reviewing new crypto algorithms and protocols versus relying on security through obscurity, a OS like Linux is so complex that many parts of it are only maintained and reviewed by an extremely small number of people -- and bad guys know this and devise ways to exploit it.

Sure am glad that someone at the evil Microsoft Corp caught it and sounded the alarm.

Late to the show, discussed on the forum here: https://forum.allaboutcircuits.com/threads/privacy-lost.131989/post-1900654

The actual common fallacy is that the open-source community thinks that so many eyes reviewing everything that it's virtually impossible for malicious code to make it in. Only a fool would believe that is an effective security measure and is myth mainly propagated in the media by those that are opposed to open-source software in general. I've rarely seen or heard any actual modern open-source developer say such nonsense in the past or in today's environment of continuous, aggressive, state sponsored attacks. Not saying such nonsense has not been said by some but the are not the people writing secure open source code today.
https://opensource.com/article/17/10/many-eyes

And herein lies the problem: There is a view that because open source software is subject to review by many eyes, all the bugs will be ironed out of it. This is a myth. A dangerous myth. The problems with this view are at least twofold. The first is the "if you build it, they will come" fallacy. I remember when there was a list of all the websites in the world, and if you added your website to that list, people would visit it.**** In the same way, the number of open source projects was (maybe) once so small that there was a good chance that people might look at and review your code. Those days are past—long past. Second, for many areas of security functionality—crypto primitives implementation is a good example—the number of suitably qualified eyes is low.

Don't think that I am in any way suggesting that the problem is any less in proprietary code: quite the opposite. Not only are the designs and architectures in proprietary software often hidden from review, but you have fewer eyes available to look at the code, and the dangers of hierarchical pressure and groupthink are dramatically increased. "Proprietary code is more secure" is less myth, more fake news. I completely understand why companies like to keep their security software secret, and I'm afraid that the "it's to protect our intellectual property" line is too often a platitude they tell themselves when really, it's just unsafe to release it. So for me, it's open source all the way when we're looking at security software.

NSA has had systems (about a closed-source as you can get) compromised by the insider thread.
https://www.cryptomuseum.com/crypto/usa/kw7/

The Walker Spy Ring​

The most famous spying case is that of John Anthony Walker, born 1937, who worked for the US Navy and successfully spied for the Russians for nearly 17 years [2]. Walker joined the US Navy in 1955 and started spying for the Soviets in December 1967, when he had financial difficulties [3].​

From that moment, until his retirement from the navy in 1983, he supplied the Russians with the key lists and other critical cipher material of the KL-47, the KW-7 and other encryption systems.​

There's no telling how many have been hidden by Microsoft Corp over the years or what's currently in the windows code.

 

 

 

insane is an understatement ...

 

https://finance.yahoo.com/news/fbi-takes-down-massive-global-192248605.html

Wang, a Chinese citizen, was arrested in Singapore on May 24, charged in connection with allegedly deploying malware and creating and operating a residential proxy service known as “911 S5.” It was started in 2014 and relied on a network of millions of compromised residential Windows computers, according to the US government.

Windows is evil.

 

Windows is evil.

Sorry, but your statement belongs in the Captain Obvious Headlines thread instead ...

 

https://arstechnica.com/security/20...outers-from-a-single-isp-during-72-hour-span/

 

https://arstechnica.com/security/20...outers-from-a-single-isp-during-72-hour-span/

Sounds like a personal vendetta.