* Posts by wimton@yahoo.com

32 publicly visible posts • joined 22 Jun 2022

Pornhub lockdown and fact-free Zuckbots – welcome to 2025

wimton@yahoo.com

Re: It's an easy go to

Freedom of speech makes only sense if there is a level playing field: if one party is yelling trough a battery of megaphones, it is well possible that other speech cannot be heard anymore, although you are free to utter it.

Put your usernames and passwords in your will, advises Japan's government

wimton@yahoo.com
FAIL

Re: deathbox

What happens when both of you die at the same time, in an accident for example?

Data is the new uranium – incredibly powerful and amazingly dangerous

wimton@yahoo.com

Re: Data is worthless

Long time ago, I had a manager that required extremely detailed project breakdown reports.

I knew that this data was not used afterwards, so I wrote a spreadsheet generation these randomly, with the total amount of hours spent and the weight of the individual items.

Everybody loved it, but the manager was a bit miffed when I told the story at my goodbye party.

Huawei's farewell to Android isn't a marketing move, it's chess

wimton@yahoo.com
FAIL

Re: Time to slow down and think...

Because the apps become more bloated and resource hungry every year. I had to upgrade my 4 year old phone because beyond the Google suite there was only space left for about 20 apps. The Revolut app was already struggling and there was no space left for updates.

Cards Against Humanity campaigns to encourage voting, expose personal data abuse

wimton@yahoo.com

Re: A Different Kind of Question

May democracies have a system where one chamber is based on the popular vote and a second chamber where each state/provice/canton has the same number of representatives.

Now Dell salespeople must be onsite five days a week

wimton@yahoo.com
FAIL

Re: How can large companies engender trust when they behave like playground bullies

Large companies are not here to engender trust. Paying huge boni for the manglement is the first priority, and create some short-term shareholder benefit with the leftover money. /sarcasm

Green recycling goals? Pending EU directive could hammer used mobile market

wimton@yahoo.com
Unhappy

Is the charger the only problem for reuse?

Except for the charger, there are other problems with blocking reuse:

1. lack of updates (varies by brand)

2. apps getting more bloated every year.

Starlink's new satellites emit 30x more radio interference than before, drowning cosmic signals

wimton@yahoo.com

Re: How come there's no regulation?

FCC Spectrum Enforcement Division:

<qoute>Investigates and resolves unlicensed operation/operating without a license or outside the scope of a license (generally non-broadcast spectrum issues).</quote>

Other regulators like BAKOM in Germany have the power to seize or shutdown misbehaving equipment (and issue substation fines).

CISA boss: Makers of insecure software must stop enabling today's cyber villains

wimton@yahoo.com

Re: Easy to say

There have been security standards for software since the 1990s, and these are regularly updated and expanded. For example Common Criteria and all its derivatives.

Also, security was added to other standards such as ISA-IEC62443 for industrial control.

And there is a whole raft of industry specific standards, such as PCI (payment), HIPAA (healthcare)

Torvalds weighs in on 'nasty' Rust vs C for Linux debate

wimton@yahoo.com

Re: vi vs emacs?

That sounds a bit exaggerated. The 5% of the vi functionality needed to make small configurations changes should be no major hurdle.

And, often some vi variant is the only thing available in Busybox.

But I prefer nano or joe if I have a choice.

wimton@yahoo.com

Unusual syntax

What puts me off with Rust is that parts of the syntax is in reverse order than most other languages.

Example: why put the parameter type after the name, and the function return type after the function name?

Not something that makes porting from any other language easy.

Bargain-hunting boss saw his bonus go up in a puff of self-inflicted smoke

wimton@yahoo.com
FAIL

The company I worked for used data aquisition system where half of the components used 110 volts and the other half 230 volts. Inside the rack, there were usually a few leads with C13 connectors floating around.

One day, I installed a new disk drive, and after powering up, I thought the fan was quite noisy. 10 seconds later, the capacitors on the primary side of the powere supply exploded with a loud bang.

Fortunately, the capacitor casing had burst on the foreseen weak point (no ribbons of wet aluminium foil flying around).

After everything had cooled down I sealed the capacitors with hot melt glue and the PSU worked fine (with the correct input voltage) till I received a replacement.

Firefox's Mozilla follows Google in losing trust in Entrust's TLS certificates

wimton@yahoo.com

Re: a spelling mistake a forgot reference..... validity of CABF ?

The reasoning might be: if your prodedures do not work well enough for format errors, why would we assume that they would work for security errors?

The list of complaints is the handling of a dozen or so format errors over several years.

Google cuts ties with Entrust in Chrome over trust issues

wimton@yahoo.com
WTF?

When I look at the issue list, I do not see any insecure situation, but mainly format errors and missed deadlines.

Most of the issues are more than 4 years old and put on a "compliance whiteboard" recently.

Entrust has some QA problems, but how much better are the other CAs?

Truck-to-truck worm could infect – and disrupt – entire US commercial fleet

wimton@yahoo.com

Security certification

The EU requires a quite rigorous security certification (Common Criterial EAL4+) of tachographs since 2019. The main concern is data integrity, to prevent fraud with the driver's work- and rest times.

Raspberry Pi Pico cracks BitLocker in under a minute

wimton@yahoo.com

Re: A brilliant testament to analysis

There are methods of securing the communication to a secure device. One of them is the PACE key agreement protocol. One of the uses is in electronic passports, where an attacker can listen to the wireless communication. A more exotic application is between the security module and the processor in German smart meter gateways.

Chinese Coathanger malware hung out to dry by Dutch defense department

wimton@yahoo.com
Pint

Re: Timezone?

Most state employed attackers work during normal office hours.

Double trouble for Fortinet as it issues critical FortiSIEM vulns

wimton@yahoo.com
Coat

The Dutch experienced an attack on the MoDs Fortigate appliances using CVE-2022-42475. The malware is named "coathanger" after one of the strings in the program.

Guess the company: Takes your DNA, blames you when criminals steal it, can’t spot a cyberattack for 5 months

wimton@yahoo.com
Headmaster

The headline "Takes your DNA" is a bit inaccurate. The DNA was given voluntatily to 23andme, the the donors even paid for it.

UK water giant admits attackers broke into system as gang holds it to ransom

wimton@yahoo.com

I would not consider this as an attack on a utility.

An IT system that was used by the water works was attacked, but this is not different from an attack on the IT system of a supermarket or a garage.

Very few of such attacks impacted the distribution of services (exceptions: Stuxnet, Dark Energy and a few more).

The attack on the "Capital" pipeline: the petrol kept flowing (technically), but if you cannot bill for it, there is a serious busines problem.

wimton@yahoo.com

Re: Wait a minute...

Often, passport data of visitors is also demanded. But, this should not be retained forever.

DPD chatbot blasts courier company, swears, and dabbles in awful poetry

wimton@yahoo.com
Coat

Re: The solution

And all interactions with customer service must beging with the text: "we are only allowed to follow the scripts, so there is nothing what we can do what you cannot do online."

National Grid latest UK org to zap Chinese kit from critical infrastructure

wimton@yahoo.com

Re: Oh dear

The smart meters in the UK are manufactured in Europe (Greece in case of the L+G electricity meters and Manchester for the L+G gas meters)

All smart meters in the UK are certified by NCSC for security

wimton@yahoo.com
FAIL

These aspects must be part of the selection criteria: if your product has hard coded password, or does not accept our firewall policies when calling home, we do not buy it.

Cloud engineer wreaks havoc on bank network after getting fired

wimton@yahoo.com

The company laptop was not well secured either. I worked for a big financial organisation. The firewall rules would not permit access to porn (and lots of other things), the whole PC was full of corporate spyware, and USB ports were disabled. Often difficult to get work done, but the organisation never has been in the news for IT mishaps.

Resilience is overrated when it's not advertised

wimton@yahoo.com
FAIL

More fail over lore.

A military lab was surrounded by a moat. For resilience, it was powered by 2 electricity cables, crossing the moat at different locations, with automatic failover.

One day the moat had to be dredged out. The dredger cut one of the cables, the failover worked perfectly and nobody noticed. The dredger processed its work, till it also cut the second cable....

Typo watch: 'Millions of emails' for US military sent to .ml addresses in error

wimton@yahoo.com

Re: Beware, Johannes Zuurbier!

The Netherlands does not extradite its citizens.

Google toys with internet air-gap for some staff PCs

wimton@yahoo.com
Stop

It is a common setup in companies and organisations that handle highly classified information to have 2 separate networks.

UK smart meter rollout years late and less than two thirds complete

wimton@yahoo.com

A smart meter can give a consumer immediate and detailed information about his consumption. This enables him to adjust this by switching things off "I did not know that was using so much" or moving consumption to cheaper hours. That is where the 5%reduction comes from. After a few months of optimizing the new consumption stays the same.

Roses are red, algorithms are blue, here's a poem I made a machine write for you

wimton@yahoo.com
Coat

Remember Stanislaw Lem's "electronic bard". Who was so good that it threatens to put all poets out of a job. To quell an uprising among the poets, the machine was evicted to a galaxy far far away.

Founder of cybersecurity firm Acronis is afraid of his own vacuum cleaner

wimton@yahoo.com

Or switch the tumbler on when you have excess PV electricity.

Smart homes are hackable homes if not equipped with updated, supported tech

wimton@yahoo.com
Coat

Lifetime update

I had a TomTom GPS that promised lifetime update. Unfortunately, "life" is defined by TomTom as "the period that we decide to provide updates".