* Posts by Midnight

340 publicly visible posts • joined 24 Feb 2008


Encrypted mail service Proton hands suspect's personal info to local cops


Re: God Moaning.

"It is I, LeClerc!"

Plain sight indeed.

BOFH: Smells like Teams spirit


Politely redirecting your errant coworkers to https://www.nohello.com/ is one way. Unfortunately, the only ones who will understand the message are the ones who don't need it.

You can lead a dead horse to water, but no matter how much you beat it you can't make it drink.


It's polite, but I have a long chat history of receiving "Can I call you?" messages, replying "Sure. Go ahead", and then...


Until the next "Can I call you?"

Clearly what I had misinterpreted as a request for a conversation was just a form of availability monitoring.

Musk 'texts' Nadella about Windows 11's demands for a Microsoft account


Just wait until someone explains to him what Windows Update does.

Amazon Ring, Alexa accused of every nightmare IoT security fail you can imagine


Re: Lessons clearly not learned here

Personally, I was expecting an "our customer's privacy is our top priority" comment too, only with the usually unspoken words "violating" and "in ways that would make dedicated hentai fans say 'Oh, no, that's just not right'" spoken out loud.

Delicious irony: Credit rating builder Loqbox lets customer details and card numbers slip after 'sophisticated attack'


> "This was a sophisticated cyber-attack on our company which we are still investigating."

Ah, so the database was stored in an unsecured Amazon bucket then. Got it.

Time to burst out graphing: Get the Windows Insider experience... by taping a calculator to your monitor


Re: new "improved" search functionality

Did it work?

iFixit surgeons dissect Apple's pricey Mac Pro: Industry standard sockets? Repair diagrams? Who are you and what have you done to Apple?


Only if you want four or more tabs open at once, and what kind of madman is going to do that?

Intel end-of-lifing BIOS and driver downloads for dusty hardware


The entire download archive was mirrored by archive.org a few years ago, so you don't have to resort to downloading unsigned executables from totallylegitdrivers.ru for all your driver needs:


Jason Scott, of the Internet Archive, is working to ensure that that mirror is current before Intel makes it go away forever:


From AV to oy-vey: McAfee antivirus has security hole of its own


Well, looks like there's only one thing to do...


Are you coming to the party dressed as an IMP? ARPANET @ 50


So it wasn't until we saw the "gin" that we knew the network was working.

That sounds about right.

Larry Ellison tiers Amazon a new one: Oracle cloud gets 'always' free offer, plus something about Linux


Re: "And when you eliminate labor, you eliminate human error."

"Okay. Playing The Doors on Spotify..."

Tesla Autopilot crash driver may have been eating a bagel at the time, was lucky not to get schmeared on road


Re: Did he get a ticket?

https://youtu.be/vJG698U2Mvo , even though you already spoiled the ending.

Cortana makes your PC's heart beat faster: Windows 10 update leaves some processors hot under the cooler


Or you could install Linux for its superior audio support.


Re: Agile !

Thank you for coming to my TED talk.

GIMP open source image editor forked to fix 'problematic' name


Re: Eh?

And then there is EtherApe.

UK.gov must sort out its crap data and legacy IT, warns spending watchdog


Re: Did someone say 'Crapita'?

The article was about making terrible decisions related to IT, so it's understandable.

Must watch: GE's smart light bulb reset process is a masterpiece... of modern techno-insanity


Re: Video just gives the wrong explanation ...

A Morse once bit my sister... No realli!

She was Karving her initials on the Morse with the sharpened end of an interspace tøøthbrush...

Have I Been S0ld? Troy Hunt's security website is up for acquisition


HIBP is just not going to be the same after McAfee takes it over.

Tech support made the news after bomb squad and police showed up to 'defuse' leaky UPS


Re: You were lucky...

Err... so... what is a rubber button?

Navy names new attack sub HMS Agincourt


Re: So sad

"Right. Naming an expensive nuclear sub after a glorious British defeat would make so much sense?"

The H. M. S. Brexit, perhaps?

Fixing a printer ended with a dozen fire engines in the car park


Latest F-35 flight tests finish – and US stops accepting new jets


> > it's called socialism

> No, its classic capitalism.

It's called "The Aristrocrats".

The first rule of maths class: Don't start a fight club


Re: Spoiler follows if you haven't seen "Fight Club" after 19 years, but...

After watching the footage a few dozen more times he eventually concluded that it wasn't just the teacher, but also half of the class who only existed inside his head.

Wanna motivate staff to be more secure? Don't bother bribing 'em


Re: Dont' name and shame persistent offenders

"'don't shit in the boss's desk drawer' policy"

Where do you work that that is a policy?

And more to the point, just what happened the day before it became policy?

Feel like a little kid in the container world? Welcome to the club


Re: Serverless

Appless is so last Tuesday. We're going completely customerless nowadays.

As Apple fixes macOS root password hole, here's what went wrong


Re: Two stupid things happened

It was actually found weeks ago and spread around the Apple developer forums. By the time it went big yesterday it was already well known to a large group of people. This wasn't a case of a careless security researcher dropping a zero-day publicly because he didn't feel like reporting it, it was a developer who wasn't aware of the full impact of a bug complaining that Apple had not even acknowledged that it existed let alone discussed the possibility of a fix.

Was this the best way to handle the issue? Nah, not really. But is it "right" for one of the many people who discussed this issue publicly to be crucified for doing so, as you suggest? No, not that either.

Also if you read the technical details, the "root account without a password" already was eliminated from the auth DB and should have been completely inaccessible. The root of the problem was that the authentication code wrongly decided that it was time to enable the disabled account by creating it anew, with the (blank) password which had been provided by the user.

Sadly, things are never quite as simple as they look.

Researcher: DJI RCE-holes offered me $500 after I found Heartbleed etc on its servers


Clearly DJI would prefer that people in possession of information about critical vulnerabilities in their infrastructure offer it to other, more accommodating, buyers.

Samba needs two patches, unless you're happy for SMB servers to dance for evildoers


There's a bucketload of IoT devices out there with Samba sharing open to the world and nigh on zero chance of getting patched. Could get messy.

I have always wondered how people got the initialism "IoT" from the full name "Botnet of Things".

Drone maker DJI left its private SSL, firmware keys open to world+dog on GitHub FOR YEARS


I think you will find that the password is heavily encrypted with quadruple ROT13. That's the same encryption scheme that the NSA uses for their cafeteria menus, so you know it has to be good.

Thousand-dollar iPhone X's Face ID wrecked by '$150 3D-printed mask'


Re: and Added a SILICONE NOSE for realism.

But Picard would use 173467321476C32789777643T732V73117888732476789764376.

Sean Parker: I helped destroy humanity with Facebook


I believe the original name was going to be "The B-Ark", but they chose to change it to "The Face Book" at the last minute to avoid tipping off their Golgafrinchan investors.

Facebook's send-us-your-nudes service is coming to UK, America


Re: Why...

But the problem with that is, regular people aren't allowed access to that software unless they're a LEA or popular service like Facebook. (Which sucks, as I have a large anime artwork collection I'd love to sort through far more easily to remove duplicates.)


You're welcome.

I love disruptive computer jargon. It's so very William Burroughs


Re: Gif.

<quote>Don't get this - how can G(raphics) be pronounced as JIF.</quote>

The same way that the format created by the Joint Photographic Experts Group isn't pronounced Juh'Feg.

They've only gone and made a chemical-threat-detecting ring


If you can't see it, it can't bother you.

If they weren't a good idea, would the President of the Galaxy wear them?

Blade Runner 2049: Back to the Future – the movies that showed us what's to come


So 35 years between two "episodes" is a series?

Only if you are George R. R. Martin.

BYOD might be a hipster honeypot but it's rarely worth the extra hassle


Re: No hassle here.

This isn't a BYOD solution. It doesnt solve the issues discussed (laptops, desktops, macbooks etc).

Did you read the article?

I thought you knew. The comments section switched to a Bring Your Own Article policy several months ago. It adds a little bit of administrative overhead and may have some minor impact on the coherency of comments, but we feel that it makes the users happier in the long run.

Sysadmin tells user CSI-style password guessing never w– wait WTF?! It's 'PASSWORD1'!


...Followed by Feynman becoming quite unpopular with the secretaries and personal assistants due to a directive from On High that if he has spent any time at all in their offices, they needed to immediately change the combination of the filing cabinet and safe.


Re: Favourite

There are quite a few low-security systems around me where the password is "I already told you that."

Connect at mine free Wi-Fi! I would knew what I is do! I is cafe boss!


Re: Smart intercoms/bells are a good idea, that are usually badly implemented

"So a "ding dong" is a warning signal of visitor, post, or circular. If followed by a Westminster chime then it means someone is ringing the bell."

And if it is followed closely by the sound of barking dogs and screaming then the bell has been rung by a door-to-door soul saver, utilities fraud team or a salesperson from Citrix.


Re: Please to be using our free WiFimabob.

Fortunately, advanced devices[1] using MAC address randomisation when connecting to public wifi..

[1] iOS devices and some Androids..

Or Windows 10 and Windows Phone devices, which technically qualify as advanced.

Crowdfunding scheme hopes to pay legal fees for Marcus Hutchins


I know, right? Most people who go on vacation just spend the whole week in a youth hostel reading paperback romance novels.

It's unheard of for a 23 year old guy to be throwing money around like that, especially in Las Vegas, a city which prides itself on sober, quiet contemplation.

WannaCry-slayer Marcus Hutchins 'built Kronos banking trojan' – FBI


Re: Also Wannacry?

"There is something a little off with this."

There sure is. I think you should look at changing the vendor you purchase domain names from, as it really shouldn't take "a few hours minimum" to sign in to a control panel, type or paste in a domain name, check the box that says "Yes please put this domain on the same domain name servers I always use" and then push a button to buy it. It's a five minute job at most, and that includes typing your password wrong four times and swearing a bit before you turn Caps Lock back off. And if you're concerned about the cost, which is less than the price of buying warm drinks for the entire team one time, you can typically 'return' the domain a few days later and end up paying nothing.

What you may be missing is that checking in with a mysteriously named domain is a fairly common technique for malware to use, and that it is not unusual to take control of expired, unregistered or cancelled domains to 'sinkhole' them, effectively shutting down an entire botnet by not only removing its central command and control facility but also redirecting the C&C traffic to a friendly site where you can keeps tabs on botnet infections and activity. The value isn't just in stopping a single infection on your local network, but also in seeing what every other infected host in the world is doing, so taking a few minutes to register a domain and point it to your existing sinkhole server is a reasonable thing to do.

This is exactly what MalwareTech described in his original write-up of WannaCrypt ( https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html ), and he includes some data he was able to collect on global and regional infection rates through the sinkholed domain.

It may seem odd if you're not familiar with modern botnet hunting, but what MalwareTech did wasn't that unusual.

'Real' people want govts to spy on them, argues UK Home Secretary


Steve Bannon wants Facebook, Google 'regulated like utilities'


Re: YOS!

What you've just said is one of the most insanely idiotic things I have ever heard. At no point in your rambling, incoherent response were you even close to anything that could be considered a rational thought. Everyone in this room is now dumber for having listened to it. I award you no points, and may God have mercy on your soul.

Mac ransomware author is giving away malicious code to script kiddies


Re: Given how unsophisticated the average Mac user is

A hacker group known as "The Genius Bar" has been engaged in this kind of ransomware-as-a-retail-service for almost sixteen years.

'My PC needs to lose weight' says user with FAT filesystem


Re: Scuh-zee IS the official pronunciation in some circles

"There's never been a period that I've NOT heard SCSI pronounced that way."

When Larry Boucher invented SCSI he wanted it to be pronounced "Sek-see". Everyone else on the committee thought that sounded unprofessional and decided it should be "Scuh-zee" instead.

I'm pretty sure that this was the same group which later renamed the seventh planet to "Urectum" because its old name sounded impolite.

PAH! Four decades of Star Wars: No lightsabers, no palm-sized video calls


Re: future displays are rubbish

I used to think that way. Then I "upgraded" the antenna sitting on top of my TV to an IP-based...



...streaming ser...





Re: SW was never about our future.

"Thanks for pointing that out. I'd spent the last 40 years thinking it was a documentary."

I also get Star Wars confused with Galaxy Quest all the time.

Trump's lips sealed on surveillance, complains EU privacy chief


It's just temporary

It's just that nobody in the White House understands how the phones work. Once they figure that out, they'll be in touch.

Now... It's pick up the receiver, then select a line... No wait, select a line, then press the speaker button, then dial '9' for an outside line? Or is it '6' for international calls, then '011'? No, use '9', but drop the '0' and dial --

Hello? Is someone there?