It wasn't originally -- it was created in Palo Alto, by people not affiliated with Russia. It's gone through changes since then, though, and I don't know the current ownership status.
But that means the approach described above works perfectly. Fire the gun. Place a bullseye over the bullet hole. Then keep firing the gun until you hit the bullseye "again".
Well, if you consider that "perfectly," yes, but it could take all day. The ancestor post seemed to be suggesting that if it was so "stable, precise and deterministic" that you could do this trivially in a couple shots.
"Ox is easier to use than Vim because it doesn’t have modes where the keyboard is repurposed, however it takes the idea of being a keyboard-only editor and being able to act just like an IDE after some configuration."
Why would it? If no one else knows the password, just say it was a weak password (or even that you got lucky). There's $137m missing, so clearly something went wrong - one more mistake wouldn't be hard to believe. Even if it does, does it matter? "There's a vulnerability in <OS>" is not exactly news or useful.
0days are not magic. Stare enough at code and you will find them. E&Y and the other Professional Services companies have a big pentesting team, and they would have made discoveries on their own regarding system security. Any company with a large security / research team would have 0days. What they do with them, (report, sit, burn, etc) is up the organizational and individual ethics of the operator.
Because 0-days are accessible to anyone with money. And Ernst and Young would have a ton of money, and plenty of opportunities where clients would come to them and hire them privately about issues like this.
Coming up with 0-days is moderately hard with your own cracking team. Buying them is an easy thing to do.
Ultimately, that's what 0-days are for in the wider market. You find one and sell it.
Ernst and Young are huge and do a lot of very sophisticated forensic accounting work. If they don't have people in house, they almost certainly have the phone number to someone who does.
Unfortunately, OP's argument makes no sense (especially for someone who says they used to work in finance):
"In 2004, the rating agency Moody’s Investors Service downgraded the Bowie bonds (to Baa1, a step above “junk” status)...Yet this downgrade only would’ve been a problem had Prudential wanted to sell its bonds, as they were now considered to be of lesser credit quality. As far as we know, Prudential didn’t. Instead, the Bowie bonds sat in Prudential’s coffers, generating who knows how much in terms of royalty payments for a decade. It’s likely his royalties decreased in the early 2000s, but Bowie was never in any remote danger of losing his songs."
The price of a bond is merely the value of its future cash flows... If the price fell as Moody's thought (to just above junk!), that implies the expected cash flows (royalties) did too, because the royalties determine the price. It is irrelevant to the question of profit whether Prudential sold them or not - selling/holding was merely a question of whether they wanted to take their losses up front (by selling them at the now lower market value) or over time (by receiving lower royalties than they had predicted when they negotiated to buy the bonds).
And we can guess pretty safely that the Bowie bonds did not do well. They were sold at the height of a bubble before the Internet impact on sales became apparent, no one wanted to do such deals after a few imitators did, the decay in bond quality was so obvious a ratings agency would downgrade them, Prudential doesn't appear to want to discuss them given the paucity of available details in this and other writeups I've seen (despite the glamor of the association & being one of the very few financial instruments the public is interested in), and Bowie's career during the described bond period wouldn't've helped the royalties outperform the general music market either (some anniversary albums, plus a lot of live touring whose income presumably didn't go to the bonds - and perhaps that was precisely why he did so many, a kind of moral hazard).
He's not claiming that you can brute-force the encryption key -- he's proposing another way to brute-force the PIN itself that won't trigger exponential timeouts or auto-wipe of the device. I don't know if he's right or wrong, but let's at least make sure we're clear what his argument is first.
I remember doing this a few companies ago. Except we didn't have a modem, we just found a phone we could send commands to. It had some user interface that would pop up after every sent message, so we rigged up a terrible little hack to press the acknowledge button every few seconds to dismiss it. It worked surprisingly well :)
Side note to your post, the w800 in your picture was my all time favorite phone. I'm a full time Android developer now and I consider the Java programs I first worked on with the w800 to be the reason behind my interests :)
Haha, that's a nice solution. I recently did something like this and the process really makes you dislike the AT command set. If you don't want to take an old GSM phone apart to find its serial pins, a simple USB GSM modem, pretty much any USB GSM modem should be able to expose a /dev/ttyUSB* interface.
Source: I worked there a long time ago.