* Posts by Frank Bitterlich

404 posts • joined 9 Nov 2007


US legal eagles representing Apple, IBM, and more take 5 months to inform clients of ransomware data breach

Frank Bitterlich

Re: Let me guess

Yes. By an unauthorised actor. And probably affecting a limited number of their clients. So, no way to prevent it. Move on, nothing to see here.

You want a reboot? I'll give you a reboot! Happy now?

Frank Bitterlich

Re: Assumed Rank

Wow, that's the first time I heard that rules were put in place to actually *consult* the consultant. Seriously, IMHO the standing order more often seems to be "hire a couple of expensive consultants and then completely ignore what they say."

Name True, iCloud access false: Exceptional problem locks online storage account, stumps Apple customer service

Frank Bitterlich

Re: Could have been worse

That was my first thought - little_bobby_tables@icloud.com...

Dating apps swiped left on Pakistan’s request to clean up their acts, bans followed

Frank Bitterlich

Oh, does that mean...

[...] offer “immoral/indecent content streaming” that has negative effects on society.

Oh, I guess that means goodbye for Facebook in Pakistan... come to think of it, most of the internet, actually.

Smash-and-grabbed: Chinese AI academic cuffed by Feds after 'binning hard drive' amid software leak probe

Frank Bitterlich

I know, based on my training and experience, that GPU machines can be used to analyze cat videos, solve Sudokus and even render realistic output for video games.

North Korean hackers pwned cryptocurrency sysadmin with GDPR-themed LinkedIn lure, says F-Secure

Frank Bitterlich

Re: Enable Content

Not sure what the "facepalm" is about.

The behavior of the targeted sysadmin? I see no mention in the article that (s)he actually fell for the trap.

The fact that they (the authors, apparently APT38) sent out such badly disguised attacks? Normal procdure. Send that to 1000 people (whether IT security "professionals" or not), and you will definitely get a non-zero number of people falling for it.

Tech's Volkswagen moment? Trend Micro accused of cheating Microsoft driver QA by detecting test suite

Frank Bitterlich

Re: Am I Misunderstanding?

Not exactly a backdoor. More like a fake lock on your front door, because you can never remember to take your keys, and temporarily replacing it with a real lock when the insurance guy visits.

Looks like their software has problems doing its job when the dirver is working in a secure fashion, and they have to resolve to insecure memory allocation to work around the issues.

Frank Bitterlich

Exactly. When you're caught cheating, "responsible disclosure" doesn't apply.

Xiaomi Mi 9 owners furious after dodgy Vodafone software patch bricked their mobes

Frank Bitterlich

Interesting response...

If you look at the forum, the issue had been marked as "Resolved" as soon as Vodafone came around with a message that a fix is in the making.

Also, I don't see the word "sorry" or "apologies" anywhere in their response. Only "... to get you all connected to what you love again". As if the fix for bricking the phones was a "feature."

What a nice, modern approach on customer service...

Serial killer spotted on the night train from Newcastle

Frank Bitterlich

Re: Hayes commands

"Trust me, I know what I'm doi+++ATH


Apple: EU can't make us use your stinking common charging standard

Frank Bitterlich

Re: I've been wondering...

Alternatively they could mandate the companies provided free and more importantly with the product an adaptor. You would be amazed at how quick they would change "special" designs to avoid any extra production costs...

Well, in a way that's already happening. At least with Apple phones, you get a USB Type-A charger and a USB Type-A to Lightning cable.

So the cable is the adaptor already. I supect that with moste phones today, you get a charger like that and the matching cable (whether it has USC-C, Lightning or Micro-USB on the other end.) Forcing the phone makers to switch to an actual, additional adaptor just to make the cable "universal" would be silly in my opinion.

Frank Bitterlich

I've been wondering...

Economic and vanity issues aside, I've been wondering what a mandatory, unified "charger" port would mean would mean for the future. Regardless of how that actual standard would be defined (use the one which is used most today; or specify one standard explicitly), it would basically outlaw any other port type. Imagine if this had happened in 1999, then our phones would probably have had USB Type-B connectors then, and since no other standard could be sold (at least in the EU), we would probably still use that today.

Or would our phones have two connectors now, one up-to-date (USB-C or Lightning), and the other, outdated one for "legal" reasons?

It looks a bit like those trying to solve this "problem" fail to understand that the "charging" port of a modern phone is much more than that.

WTF, EFS? Experts warn Windows encryption could spawn nasty new ransomware

Frank Bitterlich

This fails to surprise me...

OK, so what's the takeaway from this finding? Is it that system-provided encryption is good enough that it is useful for the bad guys, too? Kind of obvious for me.

I don't think that any "anti-ransomware" can ever be effective by controlling if/which encryption functions are used. If you got a process running on your machine that you don't want, you're compromised. Trying to control whether that process uses specific functions/techniques is kind of missing the point. At this point, your best anti-ransomware is probably that offline backup that you made last week.

There's something fishy going down in the computer lab

Frank Bitterlich

Bones and Cookies...

Probably around the same time as this tale occurred, a friend of mine got a copy of ResEdit into his paws and was thrilled to find out that you could alter all kinds of menus and alerts both in applications and the OS on the Macs of the newspaper he worked for. So the most logical thing was to spend multiple hours to work through all resource forks he could find and replace the work "file" with "cookie", and "folder" with "bone."

At that time, data between the machines was mostly exchanged by floppy (well, rather "stiffy") disks. I still don't know how it happened, but soon after, the madness spread to other machines, more and more eventually asking stuff like "Are you sure you want to copy this cookie into this bone?" Took a lot of effort to clean that up, but it was really funny. Especially seeing him try to explain that to the boss...

SanDisk's iXpand Wireless Charger is the unholy lovechild of a Qi mat and a flash drive

Frank Bitterlich

Re: Wait, what?

Exactly. And, if asked whether I trust the storage in my phone or some fancy mouse mat more, the answer is pretty clear.

Would be interesting to know whether you can back up the "backup".

The IoT wars are over, maybe? Amazon, Apple, Google give up on smart-home domination dreams, agree to develop common standards

Frank Bitterlich

Re: If I were to guess....

If the stuff is really IP-based, it's probably the app developrs who take up the support, not Apple in its role as OS vendor. If they don't support it, it won't be deeply integrated in iOS (read: Siri etc.), but it should be trivial for third-party apps to support and maybe integrate it.

FBI extends voting security push, LA court hacker goes down, and more D-Link failures

Frank Bitterlich


Because D-Link is not providing updates to the devices listed above, it is important to replace any affected device with one that is currently supported by the vendor.

Slight correction: "... it is important to replace D-Link on your list of suppliers with a company that actually takes security seriously."

That time Windows got blindsided by a ball of plasma, 150 million kilometres away

Frank Bitterlich

Re: Sometimes I miss...

Squashing bugs.

Wunderlist creator asks Microsoft to sell him back his biz as Redmond updates To Do

Frank Bitterlich


in which it announced that Wunderlist would “eventually be retired” as its “best elements” are incorporated into Microsoft To-Do.

"Best elements" = "customers."

Job done. Now let's shut down those servers and have a massive lunch break...

Equifax is going to make you work for that 125 bucks it owes each of you: Biz sneaks out Friday night rule change

Frank Bitterlich

What a great legal system...

It's not exactly news that with most "class action" settlelemnts, the people actually harmed get little or no recompensastion at all.

But this is taking the whole thing to a new level: The FTC allows the defendant to install arbitrary hurdles for any claimant, including bullying those who have suffered damage by that firm to buy even more of their services.

"Nice credit rating you have, there. Would be a shame if something happened to it..."

Effectively, a US federal agency is siding with the perpetrator, to keep the financial damage (to Equifax) as small as possible.

That level of corruption is amazing, even when you take the current government into account.

Valorous Vikram lunar lander – or Star Wreck: Enterprise? India's Moon craft goes all silent running during descent

Frank Bitterlich

Ark Fleet Ship B?

With Chandrayaan-1, at least they admitted that it was not so much of a landing, more of a crash "impact probe".

They wouldn't attempt to get rid of a few telephone sanitizers, hairdressers and account executives that way, would they?

Hacktivist skids nip at Mounties' ankles, Emotet ransomware rides again, and more

Frank Bitterlich

I don't think so...

"MoviePass leaked tens of thousands of customer account details, including payment cards numbers and mistyped passwords, via a poorly secured public-facing database [...]. The system has since been secured."

I don't think they have secured their systems. They may have closed the public-access hole, but if they indeed store mistyped passwords, that's just one step less horrible than storing unhashed actual passwords. Unless they hire someone with actual security skills, "securing" their system is a hopeless endeavour.

My MacBook Woe: I got up close and personal with city's snatch'n'dash crooks (aka some bastard stole my laptop)

Frank Bitterlich

On a side note...

You mentioned that you're using 1Password for your passwords. Honest question, what is your motivation for using this vs. the built-in Keychain Access app? I've seen a few people using 1Password so far, but none of them could explain to me why they chose it over the built-in solution.

In any case, I would keep the laptop associated with your Apple ID. If you remove it, you lose the chance of finding it through Find my Mac should it ever connect to the net before it is being wiped.

KNOB turns up the heat on Bluetooth encryption, hotels leak guest info, city hands $1m to crook, and much, much more

Frank Bitterlich


That's what I thought too. Really, somebody must have tried to register a plate with drop all tables;.

Or at least try CURRENT_DATE, that way you will probably never get tickets – or they disapper after a day...

We've, um, changed our password policy, says CafePress amid reports of 23m pwned accounts

Frank Bitterlich

Re: Honest question...

What happens if your password manager goes titsup (or the disk it's installed on)?

Same answer as with your family photos, music collection, and business documents: You restore from your backup.

It's Friday lunchtime on International Beer Day. Bitter hop to it, boss'll be none the weiser

Frank Bitterlich

Pedigree <-> Beer?

When I looked at that map first, I thought the maker had a pint to much already, as here in Germany, "Pedigree" is a brand of dog food, not beer. However a quick trip to the pub Google solved that mystery for me.

So, beer does make you smarter after all!

Azure consultant to sue Google for linking his cached pics to cloned site, breach of copyright

Frank Bitterlich

Not sure, but...

As I understand this, somebody (Monaco Telecom? Or is it just hosted with them?) has allegedly created a clone of this guy's website, pilfered the images, added some SEO, and Google is indexing (and showing search results for) that cloned website. So Google cached the (allegedly stolen) images from the clone.

So suing Google for this is a bit far-fetched IMHO... either he is going for the low-hanging fruit (why isn't he suing Bing?), or he doesn't understand how search engines work. So much for "Azure Consultant"...

US Air Force probes targeted malware attack, blames... er, the US Navy? What?

Frank Bitterlich

Re: Active emails

As usual, the description of the "computer code" reportedly contained in the email is somewhat lacking.

I wouldn't be surprised if it was just a tracking pixel.

Apple hits back at devs of axed kiddie screen-time apps

Frank Bitterlich

Re: Who to side with....

According to Apple's resonse in the article, "Several developers released updates to bring their apps in line with these policies." Unless that means that they just pulled their apps off the market (or Apple is lying), apparently there are ways to do this without MDM.

Is that a stiffy disk in your drive... or something else entirely?

Frank Bitterlich

Re: Disassemble before applying brute force

A long time ago a coworker managed to put a DAT cartridge backwards into the tape drive of our RS/6000 system (don't ask me how. But it wouldn't come out again.) Since these drives were painfully expensive at the time (although being just regular DAT drives, but apparently with custom firmware) I didn't dare the old "yank, then yank a little harder" technique and had to disassemble the drive. Took me hours, but saved us a four-digit amount and got me a case of beer from said coworker :)

Plus, it gave me an opportunity to remove the solid block of dust that occupied all the free space inside the RS/6000 – at first I thought it was some kind of insulation. A miracle that the machine had not overheated (or spontaneously combusted.)

There's NordVPN odd about this, right? Infosec types concerned over strange app traffic

Frank Bitterlich

Don't get this...

I have not much experience with commercial VPN providers, but why would their client send keep-alive messages outside the VPN? Would that not a) defeat the purpose of staying under the radar in sensitive regions, and b) make more sense to do inside the VPN connection?

Now here's a Galaxy far, far away: Samsung stalls Fold rollout after fold-able screens break in hands of reviewers

Frank Bitterlich

Re: Need better testing

"... you're folding it wrong."

The one with the Galaxy Fold in the pockets please, one half in each.

BT Tower broadcasts error message to the nation as Windows displays admin's shame

Frank Bitterlich

Re: "A technical issue"

But you've got to admit, the phrase "Choose operating system to start..." seems like step in the right direction. (Assuming one of the choices is Linux...)

It is but 'LTE with new shoes': Industry bod points a judgy finger at the US and Korea's 5G fakery

Frank Bitterlich

Not surprising...

To avoid this kind of BS starting as soon as the standard is on paper, names for new technologies are usually trademarked. It looks to me like this didn't happen with 5G or 5G NR. So this was kind of predictable...

Ex-Mozilla CTO: US border cops demanded I unlock my phone, laptop at SF airport – and I'm an American citizen

Frank Bitterlich

Re: @taken handle...

"What isn't being said is why he got flagged in the first place."

No. Because nobody but the CBP agents know. But what they grilled him about is probably a clue.

Ask Jacob Appelbaum about this. He has a few stories like this one to tell.

"I used to do a bit of globe trotting and never got flagged."

Congrats. And that means... what? That it's probably his own fault?

/shakes head

Frank Bitterlich

Re: Don't travel to the US.

Isn't having an obviously clean and pre-prepared phone or laptop just used as an indication of trying to hide something?

Yes it is. I have seen cases where people get grilled on why they have only a few contacts in their phone address book, why there is no Facebook app on the phone, and whether they have anything to hide. (Other countries immigrations officers do that too, though. For example Australia.) Don't bring a phone at all? Highly suspect.

The idea of using a "burner" phone or laptop may not be really working any more. Avoiding the country altogether sounds more and more like the only reasonable recourse. What a sad world.

Super-crook admits he nicked $122m from Facebook, Google by sending staff fake invoices for tech kit

Frank Bitterlich

Some math...

Ok, the guy milked $122m with his scam. He will give back $50m. Subtract $300k fine. So he spent, or hid, $71.7m.

Facing (up to) 9 years of federal accommodation, that makes +/- $7.9m per year.

See, kids, crime doesn't pay!

From MySpace to MyFreeDiskSpace: 12 years of music – 50m songs – blackholed amid mystery server move

Frank Bitterlich

Currently down

Hearing that MySpace appears to be still a thing (in the same way that AOL email is still a thing, apparently) I went over there to see what they're doing now, and found that today they're doing...

... exactly nothing. "Sorry, we're just experiencing some technical difficulties right now. Nothing major. Our developers are working on it and Myspace will be back up very soon."

Maybe they found the backup CD-ROMs and are restoring the lost files now?

Frank Bitterlich

Re: BOFH at work?

For some reason the BOFH archive isn't working properly...

... is it hosted on MySpace?

Uber driver drove sleeping woman miles away from home to 'up the fare'. Now he's facing years in the clink for kidnapping, fraud

Frank Bitterlich

"You get the weirdest workers..."

I'ts the other way around. Businesses that operate on shady/questionable business models tend to pay only minimum wages for their minions.

Take Note: Schneider's teeny-tiny Galaxy VS li-ion UPS set to explode onto data centre scene

Frank Bitterlich

Coming up next...

... a 100 kW LiPo UPS.

Uber won't face criminal charges after its robo-car killed woman crossing street

Frank Bitterlich

Re: What? The car can't do emergency braking on it's own?

function impact_pending() {

// apply_emergency_brakes();

// 2014-03-17/JD - Disabled because it activates too often.

///@todo IMPORTANT - Fix before public release!


When the bits hit the FAN: US military accused of knackering Russian trolls, news org's IT gear amid midterm elections

Frank Bitterlich

Not sure if I get this...

From a technical point of view, I don't understand the (claimed) attack vector.

"... automatically launched iTunes when connected to a USB cable, prompting synchronization and Windows updates on the host PC, which apparently allowed the takeover of the connected computer."

What does the (automatic) launching of iTunes have to do with "prompting [...] Windows updates", and how does that create/activate a vulnerability?

Of course the iPhone could have malware that attempts to take over the Windows PC it is connected to, but this doesn't sound like what is described here...

Tens of millions more web accounts for sale after more sites hacked, Mac malware spreads via Windows.exe, and more

Frank Bitterlich

Facbook "protecting" its employees?

"On one hand, Facebook can and should be able to protect its employees from any threat of harm."

No. It should not. Since when should Facebook take over law enforcement duties? So in order to "protect their employees", they do what even police wouldn't be allowed to do - they track and monitor people 24/7 without their knowledge...?

If someone is threatening Facebook employees, they should refer that case to the police instead of taking the law into their own hands and using illegal actions against these so-called "threats."

Worried about Brexit food shortages? North Korean haute couture has just the thing

Frank Bitterlich

Let them eat shirts...

The items are aimed at outdoorsy types that might come unstuck on a mountain somewhere and need something to chow down on while awaiting rescue rather than for citizens enduring food shortages.

Just assuming that this is a clever marketing campaign to target the many adventure-loving North Korean folks who love nothing more than taking their SUV for a quick weekend trip to their luxurious mountain cabins for some free-climbing fun and maybe some heli skiing...

OK, so you're stuck somewhere up on a North Korean mountain for an extended period (maybe your snow mobile broke down, and as usual the heli taxi needs forever to pick you up), such that starvation might become a factor. Outside temp around freezing point. What do you do? Eat your shirt and freeze to death?

Ever feel like all your prayers go unheard? The Catholic Church has an app for that

Frank Bitterlich

Re: Development question

I'd be more interested in his IP address and what the whois record looks like...

Frank Bitterlich
Thumb Up

"Pray for me that the Greek test will be canceled."

"... and the English test, too!"

Me fail English? That's unpossible! -- Ralph Wiggum

Cops: German suspect, 20, 'confessed' to mass hack of local politicians

Frank Bitterlich

Re: "Hacker Attack"

There were a few bank account statements and invoices in the dumps, hardly what I would call publicly accessible. More typically what you would find if you rummaged through someone's email or cloud storage accounts.

Frank Bitterlich

"Hacker Attack"

So far there has been zero mention of how he got his hands on all that data. I can't believe that he actually did all of the actual hacks himself.

My guess is that he got all that data from multiple (probably more or less publicly accessible) dumps and just dumped them in a somewhat organized way.

You were told to clean up our systems, not delete 8,000 crucial files

Frank Bitterlich

Re: Backups

Stuff you want to use again is kept in the recycle bin, that's why it's called "recycle"

A long time ago (not too much later than Sam's story) I was doing routine maintenance on a Mac for an office worker of the company I was working for... and that included emptying the trash can (as the Recycle Bin is called in Mac OS). Cue some serious berating about how I dare empty the trash – she was "keeping important files in there"...

Sounds funny, but apparently some people have trouble understanding what the word "trash" means, and still get beyond flipping burgers in their professional carreer.



Biting the hand that feeds IT © 1998–2021