* Posts by Jim Cosser

97 publicly visible posts • joined 11 Apr 2007


Ah, um, let's see. Yup... Fortnite CEO is still mad at Google for revealing security hole early

Jim Cosser

*Vulnerability, not exploit.

UK local gov: 37 cyber attacks a minute but little mandatory training

Jim Cosser

Re: No chance

Not to mention pay, I have friends contracting to local authorities on a good day rate (let's not get into IR35) but the permanent rates of pay are dire, that seems to apply across the public sector when it comes to InfoSec roles.

They seem to be around 30% off the average salary.

IT resellers, this is your future: Shifting driverless cars within 5 years

Jim Cosser

I agree about the fleet autonomous vehicles but I think the Powerwalls are unrelated, they are a benefit if you have solar rather than directly related to private vs fleet autonomous vehicles.

There are interim advances being made where the privately owned elec vehicles can be used in a similar way to a powerwall but it's not likely to benefit the consumer unless your car is parked at home all day being charged on solar, it seems like it's a big boost to smoothing out the peaks in the grid.

Dyson to build electric car that doesn't suck

Jim Cosser

Re: Pollution impact

The vast majority of plastic products are single use, that's the main problem, cars don't really fit the bill there...

Largest ever losses fail to dent Tesla's bulging order book

Jim Cosser

Re: 16 billion

I agree price would decline (and needs to) but the market will dramatically increase, a patent on something revolutionary in that energy storage sector would be of real value.

Jim Cosser

Re: 16 billion

Seems like the real value would be in the battery tech, energy storage is going to be an exploding market...I'm not sure if battery will be the tool of choice but it's probably going to have its place.

I'm not close enough to know who is owning the patents in this space on next gen if it is Tesla then that would be a reason to invest, if it's just a brand using other folks tech then the yeah it's a ponzi.

Hacked Chrome web dev plugin maker: How those phishers tricked me

Jim Cosser

^ This 'We take security very seriously, we have reviewed and improved our processes' I'd much rather have someone say 'I dropped one here' as this guy has.

UK ministers to push anti-encryption laws after election

Jim Cosser

A backdoor is a backdoor for all

As shown by the NSA exploits, backdoors will not just be used by 'the good guys' surely we can get that across to Joe public given the recent Wanacry publicity?

Rap for chat app chaps: Snap's shares are a joke – and a crap one at that

Jim Cosser

Really good and interesting write up

Reminds me of the Wolf of Wall Street book.

Revealed: Malware that skulks in memory, invisibly collecting sysadmins' passwords

Jim Cosser

Re: Cybercriminals and open source exploit code

Find a vulnerability on the machine that will allow remote code execution (Scanning with Nessus/OpenVAS whatever floats your boat) and set meterpreter as the payload within Metasploit...Done

Escalate privs if required, dump hashes, have fun.

Dark web hubs paying workers to leak corporate secrets

Jim Cosser

Re: Insiders as a threat

It doesn't change the problem but it likely increases the scope, the ability to monetise financial information without these kind of forums in a safe way is more difficult.

When it comes to purposefully installing malware it again it removes the requirement to handle the end to end engagement as well as plausible deniability.

I think it's a significant shift.

D-Link sucks so much at Internet of Suckage security – US watchdog

Jim Cosser

Re: Sympathy for the Devil

I'd be really surprised if the weaknesses that are public with the D-Link products are forced on them by government organisations. I suspect occams razor, it's more likely a lack of focus on security.

Why bother forcing someone if there are plenty on table just through incompetence?

'Fappening' hacker gets 18 months in US federal clapper

Jim Cosser

Re: Huh?

Hacking is a pretty broad term these days, many people including social engineering/phishing within hacking.

Chinese hacker jailed for shipping aerospace secrets home

Jim Cosser

Re: Is this an article from the future?

That or he has been arrested a LOT

Kids’ shoes seller Start-rite suspends sales following breach

Jim Cosser

Re: Lawyer speak

I get your point but I think it's over egged. A statement to say they are secure would be meaningless I agree, but that wasn't what was proposed, industry best practice salted and hashed is different from the statement 'they are secure', but it's also a huge improvement on not giving any details in that area.

Recommendations to change if re-used elsewhere would be issued anyway as you point out, why not?

As we know it's all about time and effort to crack rather than it being impossible to break.

Air-gapping SCADA systems won't help you, says man who knows

Jim Cosser

Re: Excellent

Agreed, technologies such as this:


Will help IoT explode.

Trouble originating between chair and keyboard caused most UK breaches

Jim Cosser

Re: And this will KEEP happening...

I think the GDPR will change the priority, the stick is now pretty large.

First ATM malware is back and badder than ever

Jim Cosser


Application whitelisting seems like a no brainer here. These things must be pretty static so well suited to that kind of control.

This tool detects then ATTACKS evil twin access points

Jim Cosser

Re: There are no legal issues! The tool doesn't attack the hacker!

Ok replying to a REALLY old thread here but I'm reading up on this in general.

I agree you aren't attacking the AP as such but you would be denying anyone connecting to it, so is it no longer functioning? Are you denying service? Yes, obviously that is the point of the Deauth.

So it is kind of a DoS on equip you don't own but for the greater good...I think it's grey at best.

Correction: 220,000 kids weren't exposed in VTech mega hack – it's actually 6.4 million

Jim Cosser

Re: Secret questions and answers

True true

Jim Cosser

Re: Secret questions and answers

Yes and no, you could reset and get it but you couldn't read the password and re-use on another site.

Though in this case with MD5 hashing, no salt you can do both ;)

More POS malware, just in time for Christmas

Jim Cosser

Re: What is the attack vector ?

This is changing with things like self service in the UK, we have a greater exposure to the user.

Also these machines don't exist in a network vacuum as such depending on how the network is configured there is exposure here.

With regards to prevention, it seems like a no brainer candidate for application whitelisting.

Cryptowall 4.0: Update makes world's worst ransomware worse still

Jim Cosser

True there are different motives but the only motive here is money, Stuxnet isn't really comparable it was also low and slow trying to hide itself and the damage it was doing for as long as possible.

It's a profit exercise, as another poster points out sometimes to stop these kind of things as a government you would need to show your hand in terms of tooling and control. It doesn't always mean they couldn't stop the attackers just that it's a balance.

It could be a government but I think it's way less likely than an organised crime group.

Jim Cosser

Unlikely to be state sponsored generally they are after information and so are low and slow. The last thing a state sponsored attacker would do is raise a flag.

This is classic organised crime, lots of these gangs are moving from drugs into malware because of better margins and less chance of getting caught.

'T-shaped' developers are the new normal

Jim Cosser

Securing DevOps

I'm working this space at the moment and enjoying the challenge of securing this approach. It's going to be a new adventure for a lot of folks, more tools and rules/pattern driven and less time to directly interact.

Microsoft gives EMET divine powers to repel God Mode attack

Jim Cosser


Kudos on the regular reporting of EMET it seems a big undersell on a nice bit of software.

We have been using it for over a year in the enterprise and it's low maintenance and a good layer of additional protection. It doesn't get enough coverage.

GOTCHA: Google caught STRIPPING SSL from BT Wi-Fi users' searches

Jim Cosser

I agree with AC, Google don't shove the data they gather in your face.

It's a smart move but at some point a drive for profits will cause Google to play the cards they so carefully gather in a more overt way. I think if/when they overstep the mark people will finally think about the broad amount of data they are gathering and that may drive some competition in the search space again.

'Supermodel' glow-in-the-dark pocket monkeys created

Jim Cosser

Glowing...but not

I dont get how these creatures are described as 'glowing' but they only glow under UV light...bloody useless! We need the nightlight monkeys and we need them now.

Admittedly they could be useful for working in nightclubs as glowing waiters.

Obama pledges 3% of GDP for science

Jim Cosser
Thumb Up

Great news

Now this really is good news, not good for the UK though we need to do something similar. Investment is Science will bring serious financial benefits in the future if directly correctly.

Amazon UK kicks off low-end price scuffle with iTunes

Jim Cosser
Thumb Up

Amazon Top it

It may just be a stunt and short lived re: 29p tracks but I've used amazon a fair bit for MP3s and they have been V. competitively priced with no DRM and high quality.

No DRM and cheap, why would you use iTunes again? I think Apple needed some serious competition to kick them into gear and this might do it.

Apple iTunes Store goes '100% DRM-free' - allegedly

Jim Cosser
Thumb Up


Regardless of how it happened the facts are Amazon is generally cheaper (albums from £3 songs from 59p) and DRM Free, it doesn't seem a hard choice really.

Fair enough upgrade your old albums on iTunes then buy everything from Amazon from now on ;)

Microsoft slashes US Xbox 360 to sub-Wii price

Jim Cosser

Wii Vs Xbox

Mmmm flames, I don't own an Xbox but it is more powerful and has a wider range of games. I don't know anyone who has owned a wii for more than 6 months who is still using it.

They get Wii fever and then they get over it. Wow special controllers quirky games big whoop.

Sony e-book reader to debut in UK tomorrow

Jim Cosser
Thumb Up

Can Do

Yes it can do PDFs and its not 'late to market' its 'late to this market' been out in the US for longer than the kindle. They previous version has been out for well over a year.

I bought one from the US and its one of my fav gadgets.

Privacy watchdog hoists Google by its own petard

Jim Cosser

Blank out

Not just in the article:

I assume the article blanking is a joke with reference to the linked PDF as simply copying the text or images in the PDF reveals what is blacked out.


Alan Sugar leaves Amstrad

Jim Cosser

@ Ben Cross

I think the £800 was a joke about a probably property crash... :)

Will your mobile squeal to the police?

Jim Cosser

Re: Confused


I think thats what the article is saying, the the area used least is generally blank space especially on something as large as the iPhone.

If it constantly puts it in blank space then the deleted files are rarely overwritten until the whole 16GB is used.

Google unveils Image Search image ads

Jim Cosser

Images in google

They already shoe-horn in images in the normal search results. Anyone remember google being quick and image free once upon a time?

I hate the YouTube vids they shoe-horn in (Who owns YouTube again?) with thumbnails.

But now ads in image search, another fine way to slow down your searching and bloat your bandwidth.

Thanks google for 'improving my experience'

Someone recommend and competitor I wont feel dirty using.

French sites fined for linking to privacy-invading Kylie content

Jim Cosser

Re: Google?

Google is automated, this was as they said 'An editorial decision' so its very different.

Whether is right or not is another matter.

Sony pledges Blu-ray Profile 2.0 PS3 update this month

Jim Cosser

Interactive content

Why do I have a feeling this is going to be more irritating than useful?

Also what happens when companies forget to renew their domains and the naughty people get hold of them? Can we expect PS3 Targetted malware? or just porn ads on our Blu-Ray discs?

Chancellor props up SMBs with loans, gov work

Jim Cosser

Corp tax rise

No mention of the *small* business corporation tax rise then?

"While business was pleased to see the main rate cut, there was dismay among smaller firms that the rate they pay would rise from 19% to 22% in 2009"

HMV blames rival for PS3 PlayTV pre-order puzzle

Jim Cosser

Re: Nice try

The PS3 has standard laptop HDs user upgradeable, and accepts USB HDs, who cares what comes as standard?

Coastguard, plods swoop on fake Facebook yachtmaster

Jim Cosser


'The writer is a former professional seafarer...He was also for some of those years an RYA-qualified sailing instructor.'

I dont believe you lewis, upload your certificate :)

Dial-a-phone 4u?

Jim Cosser

Dial-A-Phone bad!

Seriously bad company, took them 3 months to delivery my PS3 that was supposed to come with my contract and that was after much hassle.

Why would you keep that brand? oh right Phones4u is mildly more hated, I see.

Nintendo kills Wii ads due to console shortage

Jim Cosser

Demand restriction

I know many people who have got interested in the wii purely because they have heard about the stock shortages, it creates intrigue and its great marketing.

If you get plenty in stock in early/mid December you gain sales not lose them.

Dell punts $4450 World of Warcraft notebook

Jim Cosser


Ok it may not be the strangest thing about this story but surely anyone who likes WoW that much is going to already have a copy of the bloody game?

UK database of children delayed

Jim Cosser

Poll tax

Rioting in the streets please, or at the very least more people donating to no2id.