SudoJudo

Forum Replies Created

Viewing 15 replies - 1 through 15 (of 17 total)
  • Replies
  • SudoJudo
    Participant
    none
    Finally, the evidence of these fake Chinese masks starts coming out.. Remember, this is what I was banned for over on MalwareTips with their punk mods.

    https://globalnews.ca/news/6751303/counterfeit-face-masks-pulled-from-sales-website-global-news-probe/

    https://krcgtv.com/news/local/sema-recalls-about-48000-masks-statewide-that-were-distributed-to-first-responders

    https://www.bostonglobe.com/2020/04/12/metro/medical-workers-share-concerns-about-masks-delivered-by-patriots-plane/

    https://www.nytimes.com/2020/04/11/business/china-mask-exports-coronavirus.html

    Facts are facts, Chinese Corporations/Govt. are taking advantage of this and flooding the market with fake, even dangerous masks. But post anything REMOTELY critical of China over on Malwaretips and you’ll get the Ban Hammer.  (are they Chinese Funded perhaps?)

     

     

    • This reply was modified 1 month, 3 weeks ago by SudoJudo.
    • This reply was modified 1 month, 3 weeks ago by SudoJudo.
    0
    0
    SudoJudo
    Participant
    none
    Tried to post this in OT on Malwaretips and the Nazi Mods banned me.

    I’m not sure what to make of MT anymore.. But the mods are morons. I’ll just make a fake account on a corporate VPN and keep rolling. The ‘level’ over there is meaningless anyway.

    • This reply was modified 1 month, 3 weeks ago by SudoJudo.
    0
    0
    SudoJudo
    Participant
    none
    Well, since most of us left Malwaretips the place is absolutely boring and uninteresting now. I checked in today (but didn’t bother to login)

    Much fewer new posts. Incredibly fewer interesting posts. Industry experts and professionals have largely vacated it, and new ones won’t be coming because of experiences of the previous ones.

     

    They’ve really brought this upon themselves by letting agents, state actors, and disruption specialists to drive off any of the important, relevant, and product centric discussions.

     

    1
    0
    SudoJudo
    Participant
    none

    Geri123: @SudoJudo If they live in the usa I can totally understand why they would want to avoid any problems with 3letter agency’s.
    How did spilling “secrets” worked out for the last person who did it in public…
    Not saying that this is right but I could understand it…
    If Dan is ok with it maybe start posting stuff here?

    Good point. It was pretty clear they were having influence exerted over them. Especially when I pointed out that Heilig Defense was a CIA front (w/evidence). That got me a major warning tick and the post was completely deleted. I can see spilling state secrets, that’s one thing, but pointing out what is readily available so people can make informed decisions? That’s actual suppression of information that could be important for forum members to make informed decisions. However in all cases, they couldn’t cite any specific rules violations whatsoever.

    So I would be very careful over there based on that. Also posting credentials, security profiles, and personal details is likely going to get you nicked with some active surveillance from that place.

    Remember, their so-called Giveaways require  you to not only post identifying system/security information, but to also give them access to your social media. Effectively datamining exactly who you are, where you are, and what security/hardware you use. They call that public domain intelligence mining.

    • This reply was modified 5 months, 3 weeks ago by SudoJudo.
    0
    0
    SudoJudo
    Participant
    none
    Karma always catches up.

    Speaking of which, can someone tell those clowns that run MalwareTips to delete my account? (SlyGuy) I will never login or post over there again, so they can just be done and delete it. I blacklisted MT domains on my router to make sure I am not tempted to login or visit.

    A couple days ago they raised my warning level from 10% to 81% in one day and the posts they cited for rules violations didn’t actually have any rule violations in them AT ALL. When asked them to point out specific rule violations they couldn’t actually do and it just kept saying to review the rules. (LOL) A few trends I noticed about MT – people that defend VoodooShield over there don’t last. People that expose intelligence operations and methods (and more importantly defenses) don’t last. Criticize the CIA, NSA, Mossad/Unit8200 and you won’t last. They have an agenda over there but work to keep the agenda from being publicly disclosed.

    1
    0
    SudoJudo
    Participant
    none
    Based on what I have seen lately, I suspected a DDOS and more direct targeting on VS.

    A few things I believe are happening, at least from my perspective and experience in such matters.

    1) Dan’s latest incarnations are going to prove to be very serious competition for some firms down the road in the fairly close timeline.

    2) Using some methods (and sources I can’t disclose) a couple beta versions back the application when setup a specific way was proving close to 86% effective against not only all known threats, but most undisclosed/unknown methods. (including state sponsored this or that) I knew this was going to attract some attention to Dan and his resources.

    So keep it up Dan. The worse they get the better it means VS is becoming. Pissing them off is probably important validation for pointing yourself in the right direction.

    3
    0
    SudoJudo
    Participant
    none
    Brave is also not recognized as a webapp. I manually added it.

     

    Otherwise, 5.52 seems to be running really good.

    0
    0
    SudoJudo
    Participant
    none
    The problem I found with SRP are the incessant blocking of good things, and constant prompts.

     

    AppGuard, even after just a couple days nearly drove me to drink. AppGuard, IMO, is so limited in usability that I don’t really know anyone that can/would use it, even on the commercial level. When you block almost everything, it isn’t hard to achieve nearly perfect protection!

    Speaking from enterprise market.. This is what we do to secure the average enterprise environment;

    1) Strong lockdowns with Group Policies.

    2) Limited (Standard) user accounts.

    3) Security Profiles for folder/drive access.

    4) Install Endpoint Security Product.

    5) Implement a quality backup solution.

    Done…

    For anything needing even stronger security we setup a VDI (Virtual Desktop Environment) which allows complete isolation in HyperV for desktops, and at the same time, an instant wipe and restore of them with any issues.

    There really isn’t any need for AppGuard/SRP at the enterprise level. HOWEVER, there would be a need for WLC-Enterprise, because it would provide great insight into what is running that is safe.

    For VS, the fact it does so much and does it without breaking systems like AppGuard does, and without incessant, annoying prompts, means for almost everyone it is a superior product. It also explains why AppGuard generally speaking, wouldn’t have much of a widespread market.

    I think if VS offered some of the lockdown options within OSArmor it would be really helpful. Maybe a couple of footprint options on install that enable OSArmor type lockdowns depending on desired profile ‘Light, Firm, Paranoid’.  Would something like that be helpful at all?

    0
    0
    SudoJudo
    Participant
    none
    I guess that Umbra dude doesn’t understand that DLL’s are called by executables, does he?

    My guess, people like him aren’t going to shut up until VS can function as a full SRP. I have little doubt that Dan could write something like this in a weekend.

    Dan, I am not really appraised with exactly how an SRP works. AppGuard to me, is pretty basic and works like a group policy editor in terms of software. It allows software to execute in many cases, but restricts what they software can do. For example in my testing it allowed Brave Browser to run, but prevented Brave from writing to some registry keys.  Is this where AppGuard differs from VS/WLC?

    I know when I tested AppGuard I had to quickly remove it as it impacted the functionality and usability of the system to such an extent that it rendered it basically a brick. Even with tweaking, it required more tweaking. Eventually I was spending so much time trying to get things to work I removed it.

    So my question is – the firewall aspect of WLC isn’t helpful to me, I use a stand alone, powerful firewall. However, what happens when WLC encounters an unsafe file right now other than the firewall rule? Would giving WLC an option to ‘kill’ an unsafe program and it’s activities essentially make WLC into an SRP?

    If so, I would say go for it. As WLC’s intelligent quantification of software would reduce the alerts from a traditional SRP whilst providing SRP activity?

     

    0
    0
    SudoJudo
    Participant
    none
    I’ve had some issues with this, also I have some confusion…

    Installing both, it said unsafe file and was red. Clicked it, it said everything was fine.

    Also I am becoming very confused as to what VS and WLC are now, and how they interact. If I am confused, I think others may be as well. I guess I would put it like this;

    1) Is a separate icon necessary?

    2) Is WLC necessary if I have a third party firewall installed? If so why? If not, should that be stated somewhere?

    3) How does WLC activated in VS change how VS operates? What are the pros and cons of having it activated or not?

    To me, I thought WLC was going to be integrated entirely into VS so it was rather seamless, and basically replaced the VirusTotal aspect of VS to be more reliable and less false positive prone. Not integrated as another, potentially confusing layer of the product.

    Others can weigh in, but honestly I think WLC should just be fully integrated. No new icon. Then the firewall rule aspect could be enabled/disabled depending on if a third party FW is installed. WLC at that point would function like a VT authentication of good/bad files?

    Maybe someone can help alleviate my confusion.

    3
    0
    SudoJudo
    Participant
    none
    LOL!

    Wonder if it is someone from NSA/DISA/CIA or whatever seeing if they can sneak signed files past it? Hehe

    • This reply was modified 6 months, 4 weeks ago by SudoJudo.
    2
    0
    SudoJudo
    Participant
    none
    I pair VS (5.03B beta) with a third party, lightweight AV that is basically a raw signature AV with strong privacy policy and a distinct lack of logging.. It’s not one on VirusTotal, but actually has some excellent signatures and is well under the radar of most intelligence organizations because there just isn’t enough people using it to garner any attention. Also the company has a policy to detect state sponsored malware.

    So my goal is, a good light signature based, basic AV to compliment computer locking and exploit protection from VoodooShield. So far the combination is exceptionally nice, especially with WLC added to the mix. Combined with Gryphon Router and some other network based security, I am confident of the protection. (even from State Actors)

    1
    0
    SudoJudo
    Participant
    none
    Check out the various SIEM’s out there. There are some that are opensource.

    https://www.dnsstuff.com/free-siem-tools

    2
    0
    SudoJudo
    Participant
    none
    Last day for 40% off Gryphon Guardian. Also they are adding an ‘AP Mode’, where you can literally string these out like mesh units across a location and each one will connect automatically to the closest one.

    I can honestly see putting these into a business in place of some overpriced WAP systems.

     

    https://gryphonconnect.com/gryphon-guardian-preorder/?utm_source=Gryphon+Guardian&utm_campaign=269ffe1c40-GryphonGuardian_Email_08272019_COPY_01&utm_medium=email&utm_term=0_daf0068542-269ffe1c40-86332600

    1
    0
    SudoJudo
    Participant
    none
    I dislike Firewalla. If you don’t think Gryphon is polished, Firewalla is going to drive you insane.

    The two (current) best protections for home are RATtrap and Gryphon.

    Since Gryphon just launched the Guardian, it’s about $75 for it, and the $75 one is still very powerful and long range.

     

    1
    0
Viewing 15 replies - 1 through 15 (of 17 total)