back to article Stunning infosec tips from Uncle Sam, furries exposed, Chase bank web leak, and more

Happy weekend, everyone. Here's a roundup of computer security news beyond everything we've already reported this week. Last week a consortium of biz giants got together to set the bar on computer security because governments weren't getting their act together. Sadly, based on Uncle Sam's actions this week, it's clear such …

  1. This post has been deleted by its author

    1. DrowningCatsIsFun

      Re: Companies won't take security seriously...

      This will never happen, the rich pay too much

  2. Pascal Monett Silver badge
    Thumb Up

    Moxie Marlinspike

    Now that seems to be a name worthy of being put on my personal whitelist of people to pay attention to.

    Encryption is a complicated affair and my own pathetic dabbling in that area has taught me that you need a solid mathematical mind to go about it properly - which I sorely lack. That's one good point for him, but an even better one is that he seems to have principles and is not afraid of standing up for them.

    And for us at the same time.

    Thanks for that, Moxie.

    1. Anonymous Coward
      Anonymous Coward

      Re: Moxie Marlinspike

      You might even say he has.... chutzpah.


    2. FlamingDeath Silver badge

      Re: Moxie Marlinspike

      According to Wikipedia, he's the guy that released the sslstrip tool

      Well, you learn something new everyday

    3. GIRZiM

      Re: Moxie Marlinspike

      The one responsible for TextSecure, RedPhone, the Signal Protocol (that even WhatsApp uses for its belated E2EE), Signal Private Messenger - that Moxie Marlinspike?

      Have I just got the wrong end of the stick here or do people really not know who he is?

      We all move in our own little worlds and have a false sense of "everyone knows/does <something or other that actually only about five people know/do worldwide>" but I thought he was pretty famous thanks to SPM - Snowden and Schneier have both recommended OWS and SPM.

  3. Korev Silver badge

    Word attachments

    The Word's Online Video function instead opens an Internet Explorer window and plays the video that way.

    The downside of this is that a canny adversary can use this window to run a coin miner. It's a bit limited, in that the user has to be actively watching the video for the coin miner to work, but it's a good example of how sneaky these digital thieves are getting.

    If your staff are already opening Word documents from outside of the organisation and then following links then you’ve probably already got a bigger problem than someone mining coins.

  4. Anonymous Coward


    How many millions does it take to maintain an app?

    Signal is already becoming bloated and buggy. The extra cash will only accelerate that trend.

  5. JeffyPoooh

    El Reg published, "...shit down."

    Copy and Paste: "The mining software ran as expected for some time before it was discovered by researchers at security shop Redlock and shit down."

    Yes, I'll report the typo...

    1. Mark 85

      Re: El Reg published, "...shit down."

      Given the nature of things lately in IT, maybe it was intentional?

      Yes, it's Saturday. We all seemed to survive another week... beer for all including El Reg.

    2. JeffyPoooh

      Re: El Reg published, "...shit down."

      Fixed. :-)

      1. frank ly

        Re: El Reg published, "...shit down."

        Maybe that was fixed but the mice are still thinking about putting a bell around the bat's neck.

        I prefer that spelling mistakes are left in because they're often funny.

        1. Old Coot

          belling the bat

          Maybe not a typo. A bell around a bat's neck would interfere with its echolocation.

          1. Muscleguy

            Re: belling the bat

            Not unless the bell rings in the ultrasonic. Though it should be noted that mice can hear, and sing, in the ultrasonic so the mice may well be thinking of using such a bell.

            I'm trying to think of any flying mice who prey on terrestrial mice but I cannot think of any so why the mice are thinking of belling the bat is beyond me. Maybe they are simply creeped out by them or they are jealous about the flying thing.

            BTW I have the sound files of mice singing, slowed from the ultrasonic. They sing like canaries. The males sing to the females. Ultrasound noise is also known to interfere with romantic entanglements of mice. They stop having nooky so the singing would seem to be necessary or maybe they all have headaches from the noise.

          2. MrDamage Silver badge

            Re: belling the bat

            Bounder: So, you're interested in one of our adventure holidays, are you?

            Tourist: Yes I'm sorry I can't say the letter 'B'

            Bounder: C?

            Tourist: Yes that's right. It's all due to a trauma I suffered when I was a sboolboy. I was attacked by a bat.

            Bounder: A cat?

            Tourist: No a bat.

            Bounder: Can you say the letter 'K'?

            Tourist: Oh yes, Khaki, kind, kettle, Kipling, kipper, Kuwait, Keble Bollege Oxford.

            Bounder: Why don't you say the letter 'K' instead of the letter 'C'?

            Tourist: What you mean.....spell bolour with a K?

            Bounder: Yes.

            Tourist: Kolour. Oh thank you, I never thought of that. What a silly bunt.

    3. diodesign (Written by Reg staff) Silver badge

      Re: El Reg published, "...shit down."

      We really need to lay off the Friday martinis :(


  6. Amos1

    Perhaps someone needs to read the 2018 SEC guidance a bit closer...

    "The executive summary is: companies should advise investors of risks, and use law enforcement investigations as an excuse to keep quiet."

    What it actually says:

    "We also recognize that it may be necessary to cooperate with law enforcement and that ongoing investigation of a cybersecurity incident may affect the scope of disclosure regarding the incident. However, an ongoing internal or external investigation – which often can be lengthy – would not on its own provide a basis for avoiding disclosures of a material cybersecurity incident."

    Note the use of the word "not" in there.

    "It also virtually identical to the advisory the SEC released in 2011, and the threat landscape, for want of a better buzzword, has changed considerably since then."

    What it actually says:

    "In addition, we address two topics not developed in the staff’s 2011 guidance, namely the importance of cybersecurity policies and procedures and the application of insider trading prohibitions in the cybersecurity context. "

    And a nod to removing generic language:

    "We expect companies to provide disclosure that is tailored to their particular cybersecurity risks and incidents. As the Commission has previously stated, we “emphasize a company-by-company approach [to disclosure] that allows relevant and material information to be disseminated to investors without boilerplate language or static requirements while preserving completeness and comparability of information across companies.”Companies should avoid generic cybersecurity-related disclosure and provide specific information that is useful to investors."

    Some previous wiggle room got removed:

    "For example, if a company previously experienced a material cybersecurity incident involving denial-of-service, it likely would not be sufficient for the company to disclose that there is a risk that a denial-of-service incident may occur."

    And a smackdown to Equifax:

    "Additionally, directors, officers, and other corporate insiders must not trade a public company’s securities while in possession of material nonpublic information, which may include knowledge regarding a significant cybersecurity incident experienced by the company."

    Note the use of the word "must" in there, a term rarely used in government guidance?

    Perhaps a vulture needs new glasses or read the 2011 guidance by mistake. :-)

    1. ds6

      Re: Perhaps someone needs to read the 2018 SEC guidance a bit closer...

      I feel like this article is not quite up to the Reg's usual bar of quality, what with the copious spelling and grammatical errors and misinformation. Had to finish fast to scurry on home to the wife?

      1. Old Coot

        Re: Perhaps someone needs to read the 2018 SEC guidance a bit closer...

        Maybe it's like the smith's fingerprint as a sign of handmade silverware. If they had a bot write that article, there would have been fewer errors, or maybe a different type of error.

      2. diodesign (Written by Reg staff) Silver badge

        Re: Re: Perhaps someone needs to read the 2018 SEC guidance a bit closer...

        "I feel like this article is not quite up to the Reg's usual bar of quality, what with the copious spelling and grammatical errors and misinformation."

        Argh, ok, we'll go back over it. It was a Friday afternoon piece - but that's no excuse.


    2. diodesign (Written by Reg staff) Silver badge

      Re: Amos1

      Argh, ok. Apologies. It was a case of a missing word "not" from the article's sentence, rather than deliberate misinformation or someone not reading the doc.

      It's fixed. Thanks.


  7. STrRedWolf

    The Reg hack forgot to research outside the fursuit.

    Only 20%-25% of the furry community actually "fursuit" or cosplay. So that "people who dress up" line is an old, tired, inaccurate statement. (Yeah, I sent the correction in)

    More info from Anthrocon:

    1. ds6

      Re: The Reg hack forgot to research outside the fursuit.

      To go on a bit of a digression, even in the furry community fursuits are often viewed as niche or even creepy. Doing it at a convention or other public event is no different than cosplaying and is usually done for similar reasons; you will find many fursuiters that don't believe they are anything but human, and do it for the fun and the community. There certainly are those that dress up to try and let out their "true selves" but these people are much less outspoken now and harder to find among the masses of those that aren't like them. Furthermore, the ratio of people that "yiff" in their suits to those that don't has drastically widened since the culture has become more mainstream.

      In modern parlance, "furries" generally defines a community and subculture of people that appreciate and enjoy anthropomorphic arts. Some are just in it for the art and community, or as a vector to finding an identity; others believe they're "otherkin" and either identify as another species, think they're in the wrong body, or were another species in a past life; some enjoy putting on fursuits, either for fun, to show off at cons, or because they feel it helps them connect with their inner self, spirit animal, etc; and of course, a percent enjoys the more dirty side of things, as is true with any fandom or subculture... But even then, most people stick to drawings.

      1. onefang

        Re: The Reg hack forgot to research outside the fursuit.

        You left off virtual furries, those that participate in online 3D virtual worlds using avatars that are anthropomorphised non human animals.

    2. diodesign (Written by Reg staff) Silver badge

      Re: furries

      I think you're nitpicking a little - or reading too much into a simplified description, simplified for brevity.

      I've tweaked that part to try to keep everyone happy.


      1. onefang

        Re: furries

        Dammit, now I have to go RTFA again.

  8. Geekpride

    Fur suit?

    "And, for the record, no Reg journalists have a penchant for slipping into a fur suit."

    I, for one, totally believe this. Vultures have feathers, not fur.

    1. Sir Runcible Spoon

      Re: Fur suit?

      "And, for the record, no Reg journalists have a penchant for slipping into a fur suit."

      And there I was about to post something about El Reg's standards slipping.

  9. Anonymous Coward
    Anonymous Coward

    First hint of web site crypto mining that I saw

    Was on the Register last April fools day. Another first for the Reg.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon