Quite simple really. Because women don't want to do physically difficult jobs like oil worker, construction worker, mechanic etc.
If there are cushy office jobs where you have to sit most of the time, women are clamoring for equality in those. If you have to do a lot of physical labor, not so much.
Where is the feminist outcry to put women on oil rigs in the middle of the gulf?
I don't know if it is a lack of want but there is definitely a small pool of capable women. Women are on average significantly weaker and smaller than men so the pool of women who are as capable to perform hard physical tasks is very small compared to the pool of men.
Feminism is about an equal playing field, and that means that all work roles should be available to both genders.
Of course women (and men) want equal access to comfortable, high-paying jobs. That being said, there has certainly been an outcry to allow women to enter combat roles in the military, partially because the highest-paying roles tend to go to people with combat experience.
On the other hand, while I am not familiar with oil rig workers, there are many female truck drivers complaining about what they perceive as unsafe, unwelcoming work conditions. I suspect you just haven't been reading their stories.
I know this was just a hypothetical question but as a scuba diver I actually pay for a completely separate insurance on top of my standard health plan called DAN insurance: http://www.diversalertnetwork.org/insurance/dive/
So stuff like a helicopter evac, access to a hyperbaric chamber and the ability to call a number and speak to a doctor who specializes in diving related illness means I already do pay more for insurance than someone who isn't a diver.
I was being a bit hyperbolic but I think the level of anger is nearly there, yes. For all but the highest skill brackets of the workforce, real wages have fallen since around 1970 while everything else (food, energy, real estate, tuition, health care) has gone up. You can't do that to people and expect anything good to come of it.
I think Trump (and to a lesser extent Sanders) is only a preview. We'll see a full-blown fascist or hard-line socialist candidate eventually if this doesn't reverse.
I also wasn't meaning to badmouth blue collar folks. On the contrary, I was trying to communicate just how much anger there is out there outside of BubbleLand. Sometimes you have to be hyperbolic to get your point across and get people to wake up and see what's happening. The middle of America has been in a depression since 2000... that's going on 15 years.
A false flag operation initiated by America is an absurd idea? What about all the documented and public comings and goings of when America has done just that?
How in the hell is the notion of America creating an enemy to rally against absurd when there is proof of it occurring in the past?
Many people say the Gulf of Tonkin incident which initiated the Vietnam "conflict" was also one.
I'm astounded that you can make a statement like that when there is such black and white proof of such incidents occurring in the past. I'm not talking about 9/11, I'm just saying that it isn't out of the realm of possibility for a government to manufacture an enemy.
What I'm wondering is, are you just ignorant and you've never heard of these documented false flag operations? Or instead have you heard of these things and choose not to believe it?
You present evidence that the US has done such things in the past as evidence that it is not absurd to believe that 9/11 was a false flag operation.
But why is the idea that 9/11 was an inside job absurd? Is the only reason because people consider it absurd that the US would ever do such a thing? Or is it possible to believe that, yes, the US has done such things, but it is absurd to think that 9/11 was one of them?
I submit that it is possible to believe that the US has done such things, and also possible - even reasonable - to believe that it is still absurd to think that 9/11 was such an event.
Whether or not 9/11 was a priori suspicious is irrelevant. It's not September 12, 2001, it's nearly 15 years later and the investigations are long-finished and utterly conclusive.
> A false flag operation initiated by America is an absurd
> idea? What about all the documented and public comings
> and goings of when America has done just that?
I am confused by the links you follow up with. The first is a _rejected_ false-flag operation against American civilians, the second is CIA action overseas. The Gulf of Tonkin incident saw ... no American casualties.
And you use these as some kind of proof that the idea of the US government knowingly killing 3,000 of its own citizens, causing massive economic damage to the US, isn't absurd?!
> What I'm wondering is, are you just ignorant and you've never
> heard of these documented false flag operations? Or instead have
> you heard of these things and choose not to believe it?
What, the first one, which never happened, or the second one which wasn't a false-flag incident against the American people, or the third one which involved no American casualties?
3-5 years of linux system administration experience
3-5 years of windows 2000/2010 administration experience
3-5 years of networking level tcp/ip experience with custom protocols
3-5 years of c++ experience
3-5 years of .net experience
3-5 years of .....
I think more than half the job postings out there are created by entry/mid level hr persons who find similar job descriptions on other sites and copy paste requirements. This then has propagated into monster job descriptions you see now.
I noted this as well, for the pay these companies are offering, anyone with that level of experience they are asking for would laugh and move on. It's almost as if it's a trojan horse of a job post. Only those stupid enough to apply to a job post like that are the kinds of employees they are looking for.
>What does the language have to do with the program?
I happen to agree with you whole heartedly, if you spend enough time here though you'll see the inevitable comment about how anything made in php is worthless insecure garbage and anyone who spends their time developing a php application are amateurs at best.
This isn't really a comment at you, just wanting to point out how much that convention is challenged.
Wow. Can you step back for half a second and really examine what you're saying? You're saying, these people you are bringing up: women, minorities, etc. are weak, are not strong enough to pick themselves up, and require people to, "do what you can to support these people in your life, in all their endeavours". Can you turn your white guilt off for two seconds and realize maybe these people don't require your saving?
Well quite frankly if you've been in the scene for a while, you'd be able to tell using other clues, speech patterns, and reused nicks.
Julius Kivimäki aka zee, aka Zeekill (https://encyclopediadramatica.se/Zeekill) has an extensive history, he actually has been dox'd and outed numerous times prior to this.
I knew lizard squad was zee by zee's idiotic behaviour. He constantly used the moniker "Ryan" or "Ryan Clearly" the name of another unrelated hacker. Well sure enough he gave an interview to someone using that moniker. Having even the tiniest bit of inside knowledge it was easy to piece together 1 + 1 = 2 and lizard squad is zee, aka julius.
There are other clues too, believe it or not, not too many entities are capable of massing as large a ddos as they were. Those that have the technical capability, normally don't advertise as such.
Zee was a "special" case, in that he had the capability, and advertised it as such, I was astounded the boy hadn't been jailed years prior. As I mentioned earlier he has an extensive history, and was involved in many of the large site take downs and ddos's that have made public news.
Zee/"ryanc" has indeed been involved in things like these for many years. HTP (Linode + much more) is just a small part of it.
I'm also very surprised it's taken this long for him to be arrested. He's completely brazen and has committed countless crimes despite knowing full well the general public and law enforcement know exactly who he is.
And if he truly was/is involved in carding, he probably won't get out for a while. I can hold some respect for blackhat groups, and hell, even a tiny, miniscule bit of respect for script kiddies like Lizard Squad, but once they get into financial fraud and theft my sympathy is gone.
Just because someone knows who I am does not mean that'll matter when it comes to proving things in court, which in real life isn't as easy as one might imagine.
Well, I live in a country that will not extradite it's own citizens. And even if I somehow did manage to get extradited the US has a legal system where you'd actually have to prove a persons guilt, not just speculate it based on some IRC log of dubious origin.
That's a popular view, but I don't think that in real life it's an entirely correct one. At the very least those with money tend to be able to have a fair trial in the US.
I think you'd be facing the choice between a trial with a 500 year prison charge plus millions in damages and lawyer costs or accepting 10 to 15 years in prison avoiding the trial.
I hope you have lots of money to guarantee a fair trial, but anyway, I'd strongly suggest you to never ever travel anywhere near the US for the rest of your life.
The reply to your question is already on point. There is a sickening amount of open systems on the net. I know zee used tends of thousands of routers as only some of his ddos tools. I also know of dudes who wrote custom scripts specifically for zee's ddosing, would scan for incoming connections matching whatever signature identified at the time, automatically connect to the router using whatever exploit to get in, change the root pass and restart it.
Zee got his net taken away from him numerous times hitting the wrong people.
But yes in a nutshell, the digital world is mostly unprotected open and unlocked houses, with little pockets of protected castles here and there, and some locked houses too.
I wonder what the payoff is for running a script to secure the CentOS box you just rooted versus leaving it open to additional attacks. On one hand, you have potential loss of your work due to disruption of services leading to someone noticing and re-imaging the box. On the other hand, I don't particularly like sharing with randoms.
It also makes me wonder if optimized command and control networks have been developed. Most of the code I see floating around public drops goes to very little effort to conceal data exfil, if it even makes an effort to identify data to exfil at all. This seems like a real waste given that some large percentage of machines you steal are likely worth more than just their cpu time and bandwidth. Obviously the more code you run, the higher your chances of detection, but it seems like a huge creative space. How do I find interesting files without tripping all the alarms? How do I efficiently take over someone else's LSM hooks?
By incoming connections, do you mean web visitors who fell victim to CSRF/XSS exploits in their router management web panels? Or was he hijacking routers another way?
Then it is just a matter of figuring out where these routers are, and then writing a few scripts to exploit and command them in mass. I don't think CSRF/XSS would net him the vast numbers he'd need to make a significant ddos.
And to more specifically answer your question, by "incoming connections", I mean like monitoring the ddos via netstat on a box zee was actively attacking.
Well, problem is those vulns require either the attacker to share or control the victim's LAN in some way, or the router's management panel to be exposed to the Internet (which is usually not the default for the vast majority of consumer routers).
For cases where they're remotely exposed, just about anyone can scan the Internet and try to exploit these routers. I'm sure he was doing that, but I'm sure hundreds or thousands of other people were as well.
When combined with something like a CSRF, you can use those exploits against a victim even if their router is locked down (only listening on LAN, strong admin password). All they need to do is visit a site you control, without something like NoScript. If the admin password is not guessable, then they'd need to have an active login session. That can be circumvented if the router has an auth bypass vuln, which has been found in at least a few models.
Also, I believe a lot of routers can be used for DDoSing without exploiting or compromising them at all if they're exposing SSDP (UPnP). SSDP reflection, possibly combined with NTP reflection, is likely how Lizard Squad launched their DDoS attacks.
P.S. I know you and have talked to you (and Zee and some others), briefly, on some IRC networks long ago.
Of course. I was just speculating based on the comment about using routers to DDoS; I don't know if an uptick was actually observed during the outage. I know SSDP has been the hip new thing for the past few months though.
Majority of our bandwidth does not come from these so called "reflection attacks". But is in fact "real" bandwidth.
We are using actual 0days to compromise the (about 100k-150k) servers we have.
I'm actually rather excited for the eventual technical analysis of our net by someone with actual technical competence. It might end up causing quite a bit of noise.
Oh, that's pretty interesting, and a refreshing change from what you normally see in this space.
I seem to recall you guys (I think it was you guys, may be mixing up with another group; I also know you were supposedly kicked out of HTP at some point, which adds to my confusion) using one of the Rails YAML handling 0-days to acquire bots a while ago. I think someone was logging the IRC channel where they were being joined to.
Would it be fair to say the other bots are mostly a result of other web app vulns, or are you guys actually finding 0-days in native applications as well?
Do you actually have a full vulnerability research team, or is it just like 1-2 guys finding vulns? HTP's stuff like Coldfusion and MoinMoin was definitely pretty impressive.
I understand you may not want to reveal much for opsec purposes, but just one question: the Lizard Squad guys seem like very run of the mill script kiddies. Why would you help them, if you are? Kind of seems like a skill and motive mismatch. Forgive my ignorance if the situation is more complicated than that; I'm just going off of what Krebs wrote.
Ones public actions do not necessarily equal ones skills. The motives behind LS are more complex than some journos believe, something that should be obvious by the darkode connection alone.
Krebs seems to be pretty lost, especially considering that he thinks we've been attacking his site for past 40 days or so. That's just not true (and anyway, if Prolexic couldn't keep PSN up why would they be able to keep his site up?), only thing linking us to attacks against him was a joke in the topic of our fake recruitment channel telling people to take his site down for an hour or so.
Anyway, as for my motives (besides money, of course)? You don't get access to this many boxes without stumbling on at least something interesting.
The darkode thing was certainly interesting. It just doesn't seem to match up with what you see coming out of the @LizardMafia twitter. Though perhaps that's intentional deception.
I'm guessing part of the plan is to continue gaining infamy and notoriety to sell services, starting with the stresser. I also wouldn't be too surprised if perhaps the stresser is a sting op or honeytrap on your part, with the money as just an added bonus.
One thing you should understand, we currently have basically two types of clients. First is of course the kids who go to lizardstresser.su and buy the $20 plan so they can attack people they play video games with.
Now, on the other hand we have our corporate clients. These corporate clients usually contact us via email or over forums and either make us a fixed offer or request a quote for a given target and time-frame. Now, these types of clients are usually willing to pay tens, if not hundreds of thousands of dollars to disrupt their competition for a couple of days.
The second type of customer is obviously our main source of income, and what better way to find those clients than worldwide media publicity?
It'd be funny if this ended up being a sting op, wouldn't it?
The bar is pretty low. When there are tens of millions of unpatched machines floating around on the internet, and hundreds of weaponized exploits already written by other people, all it takes is patience and lack of good judgement.
If they're taking over Paypal accounts or stealing credit card numbers, it can be as simple as buying a lot of capacity at the various VPN provider. We know from the attack on Tor that they had many thousands of google compute instances, and the same may be true on the many, many other providers.
Just search for the term, "hate speech" and you'll see this pervasive cancer trying to erode the very fabric of our free society.
If anyone uses the term hate speech unironically, I'd like you to take a long walk off a short pier.