Sounds rather like what Bruce Schneier used to call "movie plot threats".
Posts by Tom Paine
2153 posts • joined 19 Aug 2008
Page:
You wait ages for a mid-air collision spoofing attack and along come two at once: More boffins take a crack at hoodwinking TCAS
One does not simply repurpose an entire internet constellation for sat-nav, but UK might have a go anyway
They've only gone and bloody done it! NASA, SpaceX send two fellas off to the International Space Station
Windows Terminal hits the big 1.0: Fit for production?
Microsoft announces official Windows package manager. 'Not a package manager' users snap back
Saturday 23rd May 2020 00:04 GMT 
"Still to come..."
the current preview is limited to installation; it does not even have a remove option for packages. It does not auto-update packages or even have any mechanism to update them, and there is no specific dependency management.
Oh, come ON, Microsoft - pulling this sort of nonsense, presumably in the name of agile, is getting silly now. This is pre-alpha. "As a Windows users, I need to be able to update packages". A package maager that can't update or uninstall isn't a usable package manager, any more than an aeroplane that can take off but can't land except in a ball of flames isn't really ready to fly. Neither is this.
To test its security mid-pandemic, GitLab tried phishing its own work-from-home staff. 1 in 5 fell for it
Thursday 21st May 2020 21:56 GMT 
Not bad
20% is a pretty good hit rate for a first-pass phishing test (I've run a couple in my time, using commercial services.) The first place we did it started with something like 45% click thru, from memory. Got it down below 10% after a year. Of course, there'll always be someone, sooner or later, which is why it doesn't matter if they give away a password, because they're all using hardware token 2fa. Right kids?
EDIT: Mildly surprised they were able to send realistic looking phish from a fake domain via GApps
TensorBlow? Data boffins struggle with GPU shortage in Google Cloud, opposition offers to help out coders
We dunno what's more wild: This vid of Japan's probe bouncing off an asteroid to collect a sample – or that the rock was sun-burnt
20 years deep into a '2-year' mission: How ESA keeps Cluster flying
Second-wave dotcom Uber-investor Softbank forecasts gargantuan losses as world economy faces slump
Tuesday 14th April 2020 20:54 GMT 
Prospects for the global economy
"...the worst recession since the 1930s will hit the global economy, which could shrink by 3 per cent during 2020..."
The OBR's -35% scenario for the UK economy looks much more likely to be typical of the impact worldwide. Bear in mind the UK is able to borrow at a scale unavailable to many other European countries, let alone the RotW, which theoretically enables otherwise bust UK firms to keep the lights on until the bright new dawn of tomorrow when they can call back all their furloughed staff and call all their old customers to let them know the firm's back in business.)
The Return Of The World As We Knew It is now scheduled for early 2022, according to the vaccine-monger on PM this evening. Actually -- she spoke enthusiastically of being able to produce "hundreds of millions of doses" by "the end of next year", but (with everyone needing at least two shots, and it being by definition a worldwide problem and all) that's an order of magnitude less than will be needed. Let's be generous and assume they can churn out 10x the doses three months later, so "normality" returns around Q2-22.
Signal sends smoke, er, signal: If Congress cripples anonymous speech with EARN IT Act, we'll shut US ops
Monday 13th April 2020 18:13 GMT
Re: EARN IT
As I understand it, the contact tracing app's supposed to use Bluetooth to sense proximity to other users, so presumably you can turn that off -- in the unlikely event they try to force-install the thing, which I really can't see. They wouldn't need to: simple social pressure would do it. Especially if the thing had a way of alerting you that there's a phone in your vicinity that's NOT running the app...)
You wouldn't need 100% coverage to get substantial benefit for the stated purpose, anyway; IDK what the curve would look like - the square of the number of users?
Of course that's just the stated purpose of the "NHS app" -- there's already a leak in the Grauniad suggesting that they're perfectly well aware of the potential for illicit, malevolent misuse by the state:
https://www.theguardian.com/world/2020/apr/13/nhs-coronavirus-app-memo-discussed-giving-ministers-power-to-de-anonymise-users
Neo4j has this great IDE-a: How about we stuff all our graph workspace, database, algorithms and visualisation wizardry in one place?
Apollo 13 set off into space 50 years ago today. An ignored change order ensured it did not make it to the Moon...
Saturday 11th April 2020 19:45 GMT
Perrow
Normal Accidents by Charles Perrow was also useful in researching this article,
+1 for "Normal Accidents", one of the best books on IT failures I've ever read, especially as it's about complex systems in general rather than digital computers in particular (though they make a few appearances in passing.) I once worked at a shop with an office bookshelf staff were encouraged to contribute to: I bought two (used) copies of Normal Accidents for it -- used, because - inexplicably - it's out of print. Can't recommend strongly enough.
Boeing 787s must be turned off and on every 51 days to prevent 'misleading data' being shown to pilots
Cloudflare family-friendly DNS service flubs first filtering foray: Vital LGBTQ, sex-ed sites blocked 'by mistake'
Starship bloopers: Watch Elon Musk's Mars ferry prototype explode on the pad during liquid nitrogen test
Maersk prepares to lay off the Maidenhead staffers who rescued it from NotPetya super-pwnage
Tuesday 3rd March 2020 11:06 GMT
MMMMMMMUUUUUUUU
Well, that's an absolute bag of shit. My sympathies to everyone potentially at risk. (Currently resting between engagements myself after being made redundant in favour of cheaper offshore replacements.) One nasty surprise I got was discovering that the already small minimum payouts have been cut even further; after 3.5 very intense years I got two weeks pay. The timing is terrible! What sods.
Wi-Fi of more than a billion PCs, phones, gadgets can be snooped on. But you're using HTTPS, SSH, VPNs... right?
Thursday 27th February 2020 01:07 GMT
Unpopular opinion
(Devil's advocacy!)
MitM attacks on unencrypted network traffic do happen, but unless you're the target of a nation state, they're not really worth worrying about.
There, I said it!
Now -- of course -- I've been making myself and the sec dept unpopular for donkey's years by whining on about telnet and FTP to management, just as much as the next grunt in the infosec trenches, but in retrospect the benefit was more about compliance than actual security benefit. (And of course it helps getting stuff patched, or skipped of its EOL, making at least some token effort to harden configs, etc.
Zyxel storage, firewall, VPN, security boxes have a give-anyone-on-the-internet-root hole: Patch right now
Rotherwood Healthcare AWS bucket security fail left elderly patients' DNR choices freely readable online
Wednesday 26th February 2020 20:28 GMT
Re: What's good for the goose
You may be mixing up medics who are careless with patient data, with medics who turn whistleblower, are sacked, forced out of their career and then vigorously pursued through the courts, threatened with financial ruin, etc. (Search Chris Day whistleblower for just one example.)
If only 3 in 100,000 cyber-crimes are prosecuted, why not train cops to bring these crooks to justice once and for all, suggests think-tank veep
SLS goes vertical at Stennis while NASA practises SRB stacking
Buzzwords ahoy as Microsoft tears the wraps off machine-learning enhancements, new application for Dynamics 365
Apple drops a bomb on long-life HTTPS certificates: Safari to snub new security certs valid for more than 13 months
'An issue of survival': Why Mozilla welcomes EU attempts to regulate the internet giants
Hey, Brits. Your Google data is leaving the EU before you are: Hoard to be shipped from Ireland to US next month
Friday 21st February 2020 01:24 GMT
Aaargh! Curse you, El Reg!
After years of therapy and mindfulness I thought I was healed.... But no! Once again my head is infested with a My fucking Chemical fucking <Paul Calf> Rrrrrrowmance</Calf> song. You will be hearing from my solicitors!
(Don't click this. Really: don't. Makes Flat Eric, Jonah Lewie and the Matey bubblebath jingle seem mildly annoying.)
...just realised I said that aloud, hastily toggled the anon flag. Whatever you so, please don't tell my wife..!
https://youtu.be/Ol63bo1mv6s
Researchers trick Tesla into massively breaking the speed limit by sticking a 2-inch piece of electrical tape on a sign
Thursday 20th February 2020 13:13 GMT
Adversarial attacks
What other sort are there?
Evidently there's an entire class of, effectively, spoofed command injection bugs here waiting to be found in any system that does image (or audio) processing and reacts to events it thinks it detects.
Trivial example - those black (usually) door holdback boxes you sometimes see on fire doors are only legal because they automatically disengage when they detect the sound of the fire alarm going off. Broadcast a tone through a building PA and all those doors will swing shut, "with hilarious consequences!"
'Tens of millions' of Cisco devices vulnerable to CDPwn flaws: Network segmentation blown apart by security bugs
Fire Brigades Union warns of wonky IT causing dangerous delays in 999 control rooms
Wednesday 19th February 2020 23:08 GMT
And also
The ECC is made up of four county fire services: Hertfordshire was the first to join in November 2017; Humberside joined in November 2019; Norfolk joined in the last couple of weeks; and Lincolnshire is due to go live today.
I can see how it makes sense for four geographically distributed local authorities to reduce the risk of SPoF and local emergencies overwhelming the resources that, say, Lincolnshire alone can provide. Not hard to conceive of circs that lead to lots of calls hitting all four control rooms simultaneously, though: apart from coincidence (which will always get you in the end), record book storms like Dennis can obviously affect places across the whole country. So why isn't this a national system? I know -- legs blame the EU!
Another Windows 10 build sneaks out amid all the foldable fandango
It's official: In May, Microsoft will close the door, lock the vault, brick over the entrance of dreaded Windows 10 1809
Astroboffins may have raged at Elon's emissions staining the sky, but all those satellites will be more boon than bother
An Apple a day might not keep the doctor away: iGiant's China stores face closures, deep cleans, staff temperature checks amid virus outbreak
Wednesday 5th February 2020 14:48 GMT 
Masks
I bought an expensive but very good 3M 7500 -series half-face mask with dual particulate and vapour filters, for DiY purposes*. You can't smell paint or cigarette smoke through it. Let's see how critical my GF is of my spending priorities when we're all on Wuhan-style lockdown! ;)
* (When I got the very good Makita trimmer with interchangeable bases, cos at high speeds it makes very fine dust rather than chips, & it hangs in the air for ages.)
In your face short sellers! Tesla goes two quarters in a row without losing money
Sunday 2nd February 2020 01:09 GMT
There was something that looked a bit like a 20y old Escort with a Tesla badge on the front outside my local tonight; I assume that was the model 3. It looked like they tried really hard to make it look completely bland and generic. There's a Chinese(!) badged 4x4 pickup that's does a really good impression of a Toyota Landcruiser that parks a bit further up the road, and that has a quirkier, more distinctive design than the Tesla. If you wanted to represent that GIF of Homer Simpson fading backwards into a hedge not through interpretative dance, but with metal, glass and plastic, that's what you'd get.
(I was a passenger in an all-electric Jaguar SUV recently that was far more convincing. Probably much more expensive and I gather the perf and range aren't great, but I know which I'd rather have.)
Not call, dude: UK govt says guaranteed surcharge-free EU roaming will end after Brexit transition period. Brits left at the mercy of networks
Thursday 30th January 2020 15:53 GMT
Re: Transition Period?
"should" is a load-beraing member there. You're saying the PM "should" do something he's sworn up and down he won't do, and which he's ruthlessly reshaped the parliamentary party in order to guarantee delivery. All the grown-up backbenchers were expelled or driven out last year, if you remember. That massive majority is packed with a blend of bulgy-eyed true believers and spineless opportunists who don't believe ibut are going along for the sake of their careers. And every one of them signed a pre-election pledge that they'd deliver the WA on 31st Jan and end transition on 31st December with no further extensions. You'd either need 40 of them to destroy their careers overnight on a point of principle*, or for Johnson to see the light, break his promise, *and* be able to carry all but 38 of his MPs with him.
* Not all MPs have lucrative careers in business or the law to fall back on when they're unceremoniously defenestrated, not even the Tories. That's especially true for those who've been there a long time, or those who've spent 10-15y as wonks and bag-carriers whilst working towards selection as a candidate, then got elected, and are now working towards a first junior ministerial position. IDK about you but I'd have been pretty fucked if I'd been kicked out of IT in my early 40s and had to develop a new career from scratch.
