* Posts by Frank Bitterlich

419 posts • joined 9 Nov 2007

Page:

Apple network traffic takes mysterious detour through Russia

Frank Bitterlich

Re: Yet IPv6 networks were built to rely on and assume both BGP and DNS work perfectly.

If I were an author of espionage novels, this would give me a few plot ideas. Like that they might have identified some Apple internal service or system that carries unencrypted or easy-to-break traffic; because it is used exclusively within Apple's network, nobody bothered to fix it...

But I'll leave that to John le Carré and his colleagues.

Info on 1.5m people stolen from US bank in cyberattack

Frank Bitterlich

Re: Seems a bit odd.

Thought that too. Are they going to buy every batch of CCNs and SSNs now that are posted on any of these markets from now on, to "monitor" them? Or are they just waiting until any of the suppliers there are stupid enough to mention the source they got the data from? Or are they just repeatedly entering "Flagstar" into Google?

Amazon puts 'creepy' AI cameras in UK delivery vans

Frank Bitterlich
Big Brother

"Encourage"...

... the cameras were installed to encourage or help workers...

Isn't it nice how cameras are always used to "encourage" and "help" people, especially those who are monitored by them.

As in, "Riot police used batons on the innocent protesters to help and encourage them lying on the ground and bleed."

And how on earth is a telescreen camera which is monitoring the driver "help[ing] folks keep track of their packages"? Maybe if the van is on fire or lying upside-down in a ditch, the camera will send out an email to all customers having deliveries on that van that it will be delayed?

Okta now says: Lapsus$ may in fact have accessed customer info

Frank Bitterlich

Wolf, goat and cabbage problem

Hmmm. "Laptop", "[external] support engineer", "customer data"... looks like those three terms always appear together in articles which also contain the term "compromised", and "[company name] takes the security of its customers' data very seriously."

I wonder why...

Fresh concerns about 'indefinite' UK government access to doctors' patient data

Frank Bitterlich

"Emergency powers"

Another case of "there is nothing more permanent than a temporary solution."

Thailand bans use of crypto for payments

Frank Bitterlich

Re: "due to the cryptocurrency's current price fluctuations"

"80% of US dollars currently in existence were printed in the last 22 months.[...]" [citation needed]

FBI seizes $3.6bn in Bitcoin after New York 'tech couple' arrested over Bitfinex robbery

Frank Bitterlich

Re: 20 years stir?

Her next lecture:

"#102 | How to social engineer your way out of anything". Like jail, or so.

UK.gov threatens to make adults give credit card details for access to Facebook or TikTok

Frank Bitterlich

Re: Dead Cat

You probably mean "curdling".

Support specialist Rimini Street found in contempt of court for continued Oracle copyright infringements

Frank Bitterlich

Reasonable?

"... reasonable attorneys' fees ..." - that's an oxymoron if I've ever seen one.

Police National Computer not pwned by Clop ransomware crims, insists Home Office

Frank Bitterlich

So "only" ANPR data....

... then how did they get pictures of passports? From drivers holding them up while speeding to a) hide their face behind them or b) assist with their identification?

AsmREPL: Wing your way through x86-64 assembly language

Frank Bitterlich

Re: Dodgy link?

The site expired some time ago, but it was just a redirect to the GitHub site (https://github.com/tenderlove/analog-terminal-bell) anyway.

Calendars have gone backwards since the Bronze Age. It's time to evolve

Frank Bitterlich

Re: Amen to all that

If some shitty proprietary software companies are too lazy to make their programs work with it [...], that's their problem.

Nope. That's exactly the point of the article: It's the users' problem. Not everybody can or will use any given calendar SW (be it iCalendar or whatever), and if they don't cooperate well, the user will suffer.

We are indeed in stone age when it comes to PM and calendar syncing, you always have to worry whether software A works nicely with software B.

This post is best viewed with Netspace Navigator on an 640x480 screen.

Remember the 'guy in a jetpack' seen flying close to passenger jets? Probably just balloons, says FBI

Frank Bitterlich
Black Helicopters

It was...

... swamp gas. Reflecting light from Venus. Or a blimp. Or something.

User to chatbot: Help! My kid has COVID! Chatbot to user: Always wear a condom

Frank Bitterlich

Re: Boris to launch new health chatbot for England

You mean in a Happy Vertical People Transporter, right?

American schools' phone apps send children's info to ad networks, analytics firms

Frank Bitterlich

Re: Really ?

"48% of people ar bad at math. That's almost one third!"

US legal eagles representing Apple, IBM, and more take 5 months to inform clients of ransomware data breach

Frank Bitterlich

Re: Let me guess

Yes. By an unauthorised actor. And probably affecting a limited number of their clients. So, no way to prevent it. Move on, nothing to see here.

You want a reboot? I'll give you a reboot! Happy now?

Frank Bitterlich

Re: Assumed Rank

Wow, that's the first time I heard that rules were put in place to actually *consult* the consultant. Seriously, IMHO the standing order more often seems to be "hire a couple of expensive consultants and then completely ignore what they say."

Name True, iCloud access false: Exceptional problem locks online storage account, stumps Apple customer service

Frank Bitterlich
Facepalm

Re: Could have been worse

That was my first thought - little_bobby_tables@icloud.com...

Dating apps swiped left on Pakistan’s request to clean up their acts, bans followed

Frank Bitterlich

Oh, does that mean...

[...] offer “immoral/indecent content streaming” that has negative effects on society.

Oh, I guess that means goodbye for Facebook in Pakistan... come to think of it, most of the internet, actually.

Smash-and-grabbed: Chinese AI academic cuffed by Feds after 'binning hard drive' amid software leak probe

Frank Bitterlich

I know, based on my training and experience, that GPU machines can be used to analyze cat videos, solve Sudokus and even render realistic output for video games.

North Korean hackers pwned cryptocurrency sysadmin with GDPR-themed LinkedIn lure, says F-Secure

Frank Bitterlich

Re: Enable Content

Not sure what the "facepalm" is about.

The behavior of the targeted sysadmin? I see no mention in the article that (s)he actually fell for the trap.

The fact that they (the authors, apparently APT38) sent out such badly disguised attacks? Normal procdure. Send that to 1000 people (whether IT security "professionals" or not), and you will definitely get a non-zero number of people falling for it.

Tech's Volkswagen moment? Trend Micro accused of cheating Microsoft driver QA by detecting test suite

Frank Bitterlich

Re: Am I Misunderstanding?

Not exactly a backdoor. More like a fake lock on your front door, because you can never remember to take your keys, and temporarily replacing it with a real lock when the insurance guy visits.

Looks like their software has problems doing its job when the dirver is working in a secure fashion, and they have to resolve to insecure memory allocation to work around the issues.

Frank Bitterlich

Exactly. When you're caught cheating, "responsible disclosure" doesn't apply.

Xiaomi Mi 9 owners furious after dodgy Vodafone software patch bricked their mobes

Frank Bitterlich

Interesting response...

If you look at the forum, the issue had been marked as "Resolved" as soon as Vodafone came around with a message that a fix is in the making.

Also, I don't see the word "sorry" or "apologies" anywhere in their response. Only "... to get you all connected to what you love again". As if the fix for bricking the phones was a "feature."

What a nice, modern approach on customer service...

Serial killer spotted on the night train from Newcastle

Frank Bitterlich

Re: Hayes commands

"Trust me, I know what I'm doi+++ATH

NO CARRIER

Apple: EU can't make us use your stinking common charging standard

Frank Bitterlich

Re: I've been wondering...

Alternatively they could mandate the companies provided free and more importantly with the product an adaptor. You would be amazed at how quick they would change "special" designs to avoid any extra production costs...

Well, in a way that's already happening. At least with Apple phones, you get a USB Type-A charger and a USB Type-A to Lightning cable.

So the cable is the adaptor already. I supect that with moste phones today, you get a charger like that and the matching cable (whether it has USC-C, Lightning or Micro-USB on the other end.) Forcing the phone makers to switch to an actual, additional adaptor just to make the cable "universal" would be silly in my opinion.

Frank Bitterlich
Boffin

I've been wondering...

Economic and vanity issues aside, I've been wondering what a mandatory, unified "charger" port would mean would mean for the future. Regardless of how that actual standard would be defined (use the one which is used most today; or specify one standard explicitly), it would basically outlaw any other port type. Imagine if this had happened in 1999, then our phones would probably have had USB Type-B connectors then, and since no other standard could be sold (at least in the EU), we would probably still use that today.

Or would our phones have two connectors now, one up-to-date (USB-C or Lightning), and the other, outdated one for "legal" reasons?

It looks a bit like those trying to solve this "problem" fail to understand that the "charging" port of a modern phone is much more than that.

WTF, EFS? Experts warn Windows encryption could spawn nasty new ransomware

Frank Bitterlich
Meh

This fails to surprise me...

OK, so what's the takeaway from this finding? Is it that system-provided encryption is good enough that it is useful for the bad guys, too? Kind of obvious for me.

I don't think that any "anti-ransomware" can ever be effective by controlling if/which encryption functions are used. If you got a process running on your machine that you don't want, you're compromised. Trying to control whether that process uses specific functions/techniques is kind of missing the point. At this point, your best anti-ransomware is probably that offline backup that you made last week.

There's something fishy going down in the computer lab

Frank Bitterlich
Devil

Bones and Cookies...

Probably around the same time as this tale occurred, a friend of mine got a copy of ResEdit into his paws and was thrilled to find out that you could alter all kinds of menus and alerts both in applications and the OS on the Macs of the newspaper he worked for. So the most logical thing was to spend multiple hours to work through all resource forks he could find and replace the work "file" with "cookie", and "folder" with "bone."

At that time, data between the machines was mostly exchanged by floppy (well, rather "stiffy") disks. I still don't know how it happened, but soon after, the madness spread to other machines, more and more eventually asking stuff like "Are you sure you want to copy this cookie into this bone?" Took a lot of effort to clean that up, but it was really funny. Especially seeing him try to explain that to the boss...

SanDisk's iXpand Wireless Charger is the unholy lovechild of a Qi mat and a flash drive

Frank Bitterlich

Re: Wait, what?

Exactly. And, if asked whether I trust the storage in my phone or some fancy mouse mat more, the answer is pretty clear.

Would be interesting to know whether you can back up the "backup".

The IoT wars are over, maybe? Amazon, Apple, Google give up on smart-home domination dreams, agree to develop common standards

Frank Bitterlich

Re: If I were to guess....

If the stuff is really IP-based, it's probably the app developrs who take up the support, not Apple in its role as OS vendor. If they don't support it, it won't be deeply integrated in iOS (read: Siri etc.), but it should be trivial for third-party apps to support and maybe integrate it.

FBI extends voting security push, LA court hacker goes down, and more D-Link failures

Frank Bitterlich
Mushroom

Correction

Because D-Link is not providing updates to the devices listed above, it is important to replace any affected device with one that is currently supported by the vendor.

Slight correction: "... it is important to replace D-Link on your list of suppliers with a company that actually takes security seriously."

That time Windows got blindsided by a ball of plasma, 150 million kilometres away

Frank Bitterlich

Re: Sometimes I miss...

Squashing bugs.

Wunderlist creator asks Microsoft to sell him back his biz as Redmond updates To Do

Frank Bitterlich
Terminator

Translation

in which it announced that Wunderlist would “eventually be retired” as its “best elements” are incorporated into Microsoft To-Do.

"Best elements" = "customers."

Job done. Now let's shut down those servers and have a massive lunch break...

Equifax is going to make you work for that 125 bucks it owes each of you: Biz sneaks out Friday night rule change

Frank Bitterlich
Mushroom

What a great legal system...

It's not exactly news that with most "class action" settlelemnts, the people actually harmed get little or no recompensastion at all.

But this is taking the whole thing to a new level: The FTC allows the defendant to install arbitrary hurdles for any claimant, including bullying those who have suffered damage by that firm to buy even more of their services.

"Nice credit rating you have, there. Would be a shame if something happened to it..."

Effectively, a US federal agency is siding with the perpetrator, to keep the financial damage (to Equifax) as small as possible.

That level of corruption is amazing, even when you take the current government into account.

Valorous Vikram lunar lander – or Star Wreck: Enterprise? India's Moon craft goes all silent running during descent

Frank Bitterlich

Ark Fleet Ship B?

With Chandrayaan-1, at least they admitted that it was not so much of a landing, more of a crash "impact probe".

They wouldn't attempt to get rid of a few telephone sanitizers, hairdressers and account executives that way, would they?

Hacktivist skids nip at Mounties' ankles, Emotet ransomware rides again, and more

Frank Bitterlich
FAIL

I don't think so...

"MoviePass leaked tens of thousands of customer account details, including payment cards numbers and mistyped passwords, via a poorly secured public-facing database [...]. The system has since been secured."

I don't think they have secured their systems. They may have closed the public-access hole, but if they indeed store mistyped passwords, that's just one step less horrible than storing unhashed actual passwords. Unless they hire someone with actual security skills, "securing" their system is a hopeless endeavour.

My MacBook Woe: I got up close and personal with city's snatch'n'dash crooks (aka some bastard stole my laptop)

Frank Bitterlich

On a side note...

You mentioned that you're using 1Password for your passwords. Honest question, what is your motivation for using this vs. the built-in Keychain Access app? I've seen a few people using 1Password so far, but none of them could explain to me why they chose it over the built-in solution.

In any case, I would keep the laptop associated with your Apple ID. If you remove it, you lose the chance of finding it through Find my Mac should it ever connect to the net before it is being wiped.

KNOB turns up the heat on Bluetooth encryption, hotels leak guest info, city hands $1m to crook, and much, much more

Frank Bitterlich
Pirate

Re: NULL

That's what I thought too. Really, somebody must have tried to register a plate with drop all tables;.

Or at least try CURRENT_DATE, that way you will probably never get tickets – or they disapper after a day...

We've, um, changed our password policy, says CafePress amid reports of 23m pwned accounts

Frank Bitterlich

Re: Honest question...

What happens if your password manager goes titsup (or the disk it's installed on)?

Same answer as with your family photos, music collection, and business documents: You restore from your backup.

It's Friday lunchtime on International Beer Day. Bitter hop to it, boss'll be none the weiser

Frank Bitterlich
Pint

Pedigree <-> Beer?

When I looked at that map first, I thought the maker had a pint to much already, as here in Germany, "Pedigree" is a brand of dog food, not beer. However a quick trip to the pub Google solved that mystery for me.

So, beer does make you smarter after all!

Azure consultant to sue Google for linking his cached pics to cloned site, breach of copyright

Frank Bitterlich
WTF?

Not sure, but...

As I understand this, somebody (Monaco Telecom? Or is it just hosted with them?) has allegedly created a clone of this guy's website, pilfered the images, added some SEO, and Google is indexing (and showing search results for) that cloned website. So Google cached the (allegedly stolen) images from the clone.

So suing Google for this is a bit far-fetched IMHO... either he is going for the low-hanging fruit (why isn't he suing Bing?), or he doesn't understand how search engines work. So much for "Azure Consultant"...

US Air Force probes targeted malware attack, blames... er, the US Navy? What?

Frank Bitterlich

Re: Active emails

As usual, the description of the "computer code" reportedly contained in the email is somewhat lacking.

I wouldn't be surprised if it was just a tracking pixel.

Apple hits back at devs of axed kiddie screen-time apps

Frank Bitterlich

Re: Who to side with....

According to Apple's resonse in the article, "Several developers released updates to bring their apps in line with these policies." Unless that means that they just pulled their apps off the market (or Apple is lying), apparently there are ways to do this without MDM.

Is that a stiffy disk in your drive... or something else entirely?

Frank Bitterlich

Re: Disassemble before applying brute force

A long time ago a coworker managed to put a DAT cartridge backwards into the tape drive of our RS/6000 system (don't ask me how. But it wouldn't come out again.) Since these drives were painfully expensive at the time (although being just regular DAT drives, but apparently with custom firmware) I didn't dare the old "yank, then yank a little harder" technique and had to disassemble the drive. Took me hours, but saved us a four-digit amount and got me a case of beer from said coworker :)

Plus, it gave me an opportunity to remove the solid block of dust that occupied all the free space inside the RS/6000 – at first I thought it was some kind of insulation. A miracle that the machine had not overheated (or spontaneously combusted.)

There's NordVPN odd about this, right? Infosec types concerned over strange app traffic

Frank Bitterlich

Don't get this...

I have not much experience with commercial VPN providers, but why would their client send keep-alive messages outside the VPN? Would that not a) defeat the purpose of staying under the radar in sensitive regions, and b) make more sense to do inside the VPN connection?

Now here's a Galaxy far, far away: Samsung stalls Fold rollout after fold-able screens break in hands of reviewers

Frank Bitterlich
Coat

Re: Need better testing

"... you're folding it wrong."

The one with the Galaxy Fold in the pockets please, one half in each.

BT Tower broadcasts error message to the nation as Windows displays admin's shame

Frank Bitterlich

Re: "A technical issue"

But you've got to admit, the phrase "Choose operating system to start..." seems like step in the right direction. (Assuming one of the choices is Linux...)

It is but 'LTE with new shoes': Industry bod points a judgy finger at the US and Korea's 5G fakery

Frank Bitterlich

Not surprising...

To avoid this kind of BS starting as soon as the standard is on paper, names for new technologies are usually trademarked. It looks to me like this didn't happen with 5G or 5G NR. So this was kind of predictable...

Ex-Mozilla CTO: US border cops demanded I unlock my phone, laptop at SF airport – and I'm an American citizen

Frank Bitterlich

Re: @taken handle...

"What isn't being said is why he got flagged in the first place."

No. Because nobody but the CBP agents know. But what they grilled him about is probably a clue.

Ask Jacob Appelbaum about this. He has a few stories like this one to tell.

"I used to do a bit of globe trotting and never got flagged."

Congrats. And that means... what? That it's probably his own fault?

/shakes head

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2022