* Posts by Steve

20 posts • joined 6 Mar 2008

Yahoo! mocks Google Privacy Theatre


@Freedom of choice

"Google is providing a service free of charge

There is no requirement to use said service"

Unless you go to one of the millions of sites running the google urchin system, which in nearly every case is used by an imbecile who has no idea what sort of security risks they're presenting their users and themselves by such action, but they do to see some pretty graphics (sorry, useful statistics) for free.

Hackers ahead of the game despite McColo shutdown

Paris Hilton

@ac - "...a block list of IPs"

A block list of IPs just doesn't work.

I had trouble a while back when a number of websites I deal with all disappeared from Virgin. After some discussion with Virgin's techs, it was determined that these sites were on their blocklist (a copy of which was sent to me for analysis). Because these sites were hosted by a server that handles many websites (the most common way small websites are hosted), they were on the same IP as a single dodgy site. Further discussion revealed that normally such all catching blocks aren't employed because, as in this case, it may remove a single dodgy site but in the process takes out thousands of legitimate websites.

Took Virgin 4 days to remove that block, along with the others wrongly applied by their PFY.

They weren't sure about unblocking at first, but the idea of a court case caused by thousands of sites losing business from a potential 50% of the UK's internet users may have been a contributing factor to removing the blocks.

Paris, because she doesn't want things blocked willy nilly either!

Obama urged to create White House cybersecurity chief


Any else thinking...

the San Francisco network blocking admin would be ideal for this job?

Home Office screws prison data bunglers

Black Helicopters

other contract worth blah blah blah

So, they've lost a bit of data and "PA Consulting" will be stripped of other work totaling X million pounds.

10-1 they hand the work to another external team, "PA-2-1 media Consulting" for example

Let's face it, most of these consulting companies could easily tweak their name and everyone wins. UKGov looks like it cares, the company carries on and everyone's unware of what's actually happened.

Besides, 8 million for government work sounds like very small projects...

Google to ‘anonymize’ user IPs after 9 months

Paris Hilton


"If one is worried about Google, it's spying and data retention practices there is a solution: Don't use them."

good luck avoiding the many sites that now use google urchin/google syndication.

Of course, these can be blocked by that's less likely than users not typing google for searches, or accidentally having google search bar installed by a friendly app.

Paris - knows all about googling.

Dabs.com courier goes titsup

IT Angle

Didn't know dabs were now part of BT

As others on this board, I used to use Dabs as the preferred supplier.

However, back in 2001 they spent nearly a week going over "security footage of their packaging" to see if they could proof the 80GBP motherboard that was missing from an order was actually packed. This delayed a contract to build machines for someone, and upset my customer.

Since then I've been very wary, though the occasional order has been made. No more though, as they won't allow you (the customer) to choose the courier, instead deciding to randomly choose. Having had hard drives stepped on and kicked by Home Delivery Network (boot prints clearly visible, reliability of drive single figure pecentage) and having parcels delayed because "I was too busy yesterday", Dabs have for the past 3 years been used only as a *very* last resort.

That another company owned by them is suffering is most likely due to that (previous excellent) company's basic mismanagement.

To save the other parts, they should allow the customer asking to place an order for 10KGBP the choice of courier. They refused, even knowing that it could lead to many other similar orders... they lost the business.

AVG disguises fake traffic as IE6


@ swich off - fair enough. but please fix the icon.

I had a word with them about this a few weeks ago, and it's fixed in the latest version.

Go to tools->advanced settings->ignore faulty conditions and tick link scanner.

I'm standing by AVG in general because it's small, fast and does a good job. The firewall doesn't cause any noticable slowdown and, at whoever suggested it wasn't needed with SPI in the router, well, let's just hope another machine on the network doesn't get infected, eh :)

Still think the link scanner is a dumb/dangerous waste of effort. Wait til I choose to click, then check what it's returning. That's all I want the software to do.


AVG is a good tool

But 5 minutes after upgrading to AVG 8.0 I turned off the linkscanner and moaned at them about it on the grounds that if a search result link was suspicious, I probably wouldn't have gone there but now my IP would have communicated with their system. Lovely :0

This could lead to other issues too, such as visiting "honey trap" sites that just happen to come up in the search list inappropriately (a mother searching for new design of childrens swimwear, for example).

Dell guilty of defrauding New York customers

Paris Hilton

Not just me who doesn't like Dell then?

I agree completely with the advice of tempemeaty; get one built to order from a friendly local place.

Dell was used in the office years ago, because they were "good value"... Hmmm. They supplied a couple of machine without sound cards due to a shortage, and sent an engineer to install them on-site several days later. Someone had to show him how to install said sound card.

Then of course, there's the machine that went faulty within a few weeks. The engineer came on-site and agreed it was faulty, then reported it was fine to his line manager. This went on for a couple of weeks, until they blamed the attached development hardware as being incompatible. Only after I suggested I tell the manufacturers of said hardware (two 'small' Japanese companies names ending in ony and ega) that Dell have said their system can't be used with their development kit did Dell replace the machine (rather rapidly too for some reason).

Glad they're finally receiving a slap of some sort :)

Paris, because she knows more about plugging things in than Dell's 'engineers'

Revenue admits another IT cock-up


Not (unsurprisingly) their only bugs

The online tax return has numerous errors in it too... like not being able to enter 0 for a rounded down value and not accepting a date range in a box needing a range of dates.

2 weeks and they still haven't fixed these, though they did recommend workarounds which would require me to accept a false declaration.

For the icon, I've chosen the lovely night sight image of Gordon Brown helping the poor[9][9][9][9] himself.

Police go slow with encryption key terror powers


The act misses something important

many programs (including one I'm working on at the moment) require configuration data to be stored as encrypted data on the end user machine.

You end up with two situations:

1) The end user can't decode that data, so the data could be classed as whatever the investigation team want it to be. As you've played online poker, the server data file must be some form of terrorist plot.

2) The investigation team presume the data is attached to the software in question. A fine place to hide your data...

All laws should be a guideline; it's rather unfortunate that people treat them as gospel.

School crossing guards join CCTV panlollycon


More council staff powers?

I'm sure there are legitimate reasons for this, and the protection of children on the roads is a pretty good one.

However, more and more powers are being given to council staff each day. How long before this is extended to the lollipop ladies being able to issue fines and tickets? Anyone else concerned that a binman (waste recepticle operative) can issue fine to a homeowner for the wrong type of recycling in a box, even when that item was placed in the box by a passer-by.

What point needs to be reached before the encroaching ends?

More and more each day considering grabbing my coat and going anywhere else in the world!

FIPR: ICO gives BT 'green light for law breaking' with Phorm


re: Dressing up - Flash Mob?

Well, that's one then. Anyone else interested in meeting up for a pint?

I'll be easy to spot: the chap with the following t-shirt on:



Phorm et all... a more personal discussion

There's the infosec exhibition at Earls Ct later this month. Anyone else here going to that? If so, and I realise this may be a scary suggestion, who's for meeting up for a jar and a chin wag? Get to know your fellow posters and all that nonsense.

If nothing else, a few drinks and the world's wrong seem to be more easily sortable :)

Paris Hilton

Virgin Media and Phorm

Morning all,



I've got a Virgin Media business account, and sort out PCs for several neighbours with Virgin residential lines.

I actually spoke to VM's lawyers about Phorm last Friday. After the public drubbing BT got, they seem very anxious to be seen to be doing the right thing.

What I got from the call was:

1) They are still looking at whether or not to implement

2) No trial would be carried out without prior notification

3) They're watching with interest what is happening with regard BT and Phorm

4) They're aware (and concerned) about Phorm's history

5) They aren't planning to implement it on business accounts (though as these pass in part over domestic network I can't see that makes any difference).

Try calling them, voice your opinions... if nothing else it's their time and call cost!


General stuff

That the ICO can see no breach of the DPA isn't a shock, but we should probably be writing en masse to the home secretary to ask them to investigate the breach of law vis-a-vis RIPA.

Do it by pen and paper and cc it to your local MP. If you don't get a reply, push it up the scale with a few newspapers, watchdog etc. "Home Secretary fails to look into illegal interception" is just one conceivable headline.

I'm typing my letter this morning. Anyone else joining in?


Paris - because even she can understand what's going on

Phorm agrees to independent inspection of data pimping code


Phorm, BT, Virgin etc... the matter is very simple!

I don't want my web traffic read by your machines.

You have no right to read it without a court order.

Therefore, don't read it!

Patricia Hewitt joins BT as non-exec director


And people wonder...

how the likes of Phorm are allowed to get away with their abuses of our supposed freedoms...

UK CITIZEN #19972008 - I am a number, not a free man!

Top security firm: Phorm is adware


Re: Phorm Comms Team (techteam@phorm.com)


First, would you care to provide a clearer description here? No? Really? What a surprise...

Second, the main problem I have is just your system parsing, in any way, shape or form, any internet traffic of any description requested by my hardware to be served to my hardware via my ISP.

You have:

1) No legal right

2) No moral right

3) No permission from me

So, no matter how clever you think you're being in your methodology, the merest act of parsing the data is unpalettable and if mandatory with an ISP should require that ISP be investigated for gross invasion of privacy.

As a tertiary issue, just how dumb would a hacking group have to be to *not* target your sytem?

Phorm launches data pimping fight back


Data categorising

I'm sorry Phorm/BT/Virgin,

I do not see how you can suddenly decide to start reading the streams of data that you're not allowed to read, for any purpose.

This is disgusting!

The only even slightly palettable way to handle this is have, at an account level, an ON/OFF option. If that account connects from any computer, the option applies.

All this playing with cookies nonsense means an excuse to read the data due to "user error".

Requiring the cookie to turn this off means people will:

1) No longer be able to block cookies for safety as yours will be needed

2) When clearing any cookies that were required (happens sometimes) they may delete your "opt out" cookie. That would mean they're opted in again.

I'm up for contacting ofcom as often as needed until this is squashed... anyone else?

BT targets 10,000 data pimping guinea pigs


re - bt sending spam

I found a good solution to this; having given bt their own email address (ie. bt@...) whilst a customer, they started spamming it after I'd stop being their customer.

So, tell them to stop or all future emails automatically forward to their abuse team and their head office will a covering note explaining that they were still sending unwanted emails, before being deleted from the server.

Every now and then I'd remove the autodelete to see if it was still being spammed, and if so put it back again. It took them several months, but eventually they got the message.


Biting the hand that feeds IT © 1998–2020