* Posts by Danny 2

2212 publicly visible posts • joined 6 Jul 2009

WW2 Enigma machine to be seized from shamed pharma bro Shkreli

Danny 2

Re: Fail

I'd suggest arbitrarily hiking his sentence by 56x would be appropriate. Because we can.

Anonymized location-tracking data proves anything but: Apps squeal on you like crazy

Danny 2

Re: Purely hypothetical question...

Not just your wifi, phone apps narrow your location by checking nearby wifi networks.

Danny 2

Re: But...

Indeed. Police still check for fingerprints because most criminals don't wear gloves despite knowing about fingerprint evidence.

I was part of a peace group that got arrested trying to break in to a military base, and in the debrief afterwards the organiser again stressed the need to leave mobile phones at home. Just then one of the protestors phones rang, and they took the call. And then the paranoid morons put our arrest down to an infiltrator, rather than the blindingly obvious phone mast in the base.

UK hospital meltdown after ransomware worm uses NSA vuln to raid IT

Danny 2

Re: Remove all external access?

Some actually do need to access web mail during working hours, and some do need to extract or enter files on removable media
Fair enough, then your employer should provide you with an insulated console for you to browse porn. Or, and this is just a suggestion, why not get internet access in your own home and update your kitty porn videos on your own time.

This is NHS medical testing systems that have been compromised, I totally expect deaths to come from this hack. There is no debate on the rights of the NHS worker to browse the internet at work.

Danny 2

"The hardest conundrum to crack is to balance security with end user requirements i.e. blocking personal email (gmail, yahoo, etc) and blocking all removable media. He did want to implement both restrictions but had received lukewarm support."

I understand the pressure from users but security should trump usability every time. No serious financial institution allows employees work access to the internet or personal emails or removable media. Your boss should treat other peoples most intimate data they way they treat our money. Provide terminals with no soundcards or USB or CDs to access the internet, unconnected to the local network, for people to browse their out of work nonsense.

Danny 2

Re: I for one, welcome the return of the paper patient notes.

I've been trying for years to be in charge on my own NHS files, or at least to correct some of the errors within, to no effect. Politicians assume I am mad to suggest such a thing.

The lack of logic in the NHS at every level is worrying. My medical records are so off they are funny and worrying. The time a cat attacked my hand, the senior nurse listed me as a possible heroin addict because I had fifty bloody puncture wounds in my hand - I really don't think that is the way junkies inject.

I was tested for breast cancer one afternoon - I didn't have it but the test is so painful that if you are ever in that situation then I suggest you ask for a second opinion before even having the test. Better than not having the test and actually having it of course. Still, at the start I was asked to fill out a standard NHS form, on of the questions was "Are you still having your periods? [Y] / [N]"

How do you answer that as an Aspergers male?

Danny 2

Not the whole NHS - yet

It's interesting that either by chance or design only certain trusts and practices have been affected so far.

I've got nothing better to do so I'll check on Monday morning if my dentist needs any help. He is my longest relationship with any professional and he does love his new tech without understanding IT. I doubt it is appropriate to offer my local hospitals as their data is more sensitive, but if any of you work for established IT companies with the relevant expertise then perhaps suggest offering your help for free to your local NHS trusts. It's the right thing to do and you can sell it to your boss as great publicity.

Hackers emit 9GB of stolen Macron 'emails' two days before French presidential election

Danny 2

Re: "far right" is a misnoma

All we have is left and right - what about authoritarian and libertarian?

Political Compass French Election

Leaked NSA point-and-pwn hack tools menace Win2k to Windows 8

Danny 2

Re: Let's stop pretending...

The only way to interact with a SWIFT server is via an internal telephone in their ops centre, giving verbal instructions to an operator. You have to pass through a body-scanner to stop anyone entering or leaving the building with a memory stick or DVD. There is CCTV everywhere. The toilets are analysed for drug use. The servers are setup to NSA standards, then modded to suit the internal SWIFT security group.

I've worked at ATC and the security was nothing like SWIFT. The one thing they shared were the foot of the walls of the buildings were curved, apparently a defence against truck bombs.

SWIFT on security: Fresh anti-bank-fraud defenses now live

Danny 2

Re: Shadow Brokers Release New Batch of Files Containing Windows and SWIFT Exploits

EastNets is a third-party umbrella group for banks who don't have their own in-house SWIFT accounts for some reason or other, so it's not SWIFT itself that's been hacked. EastNets have no more access to the SWIFT network than any other client.

Danny 2

Re: Not much of a 'Society' more like a faceless corporate.

https://www.swift.com/contact-us

6th floor, The Corn Exchange

55 Mark Lane

London EC3R 7NE

Tel: +44 20 7762 2000

The UK's Investigatory Powers Act allows the State to tell lies in court

Danny 2

Re: jury nullification

I read that when Russia ended serfdom then the peasants refused to convict anyone accused by the corrupt courts, but would then lynch the released prisoners they knew were bad. I'm not suggesting that.

If nothing else then if you want excused from jury duty then just wear a T Shirt saying 'jury nullification' on the first day. Mind you, a year ago I was thrown out a trial for 'wearing my jacket disrespectfully', and I was the accused.

Danny 2

@Adam This is from US law but it still stems from the Magna Carta -

Jury Myths and Misconceptions: Can Jurors Be Punished for Jury Nullification Verdicts?

Each and every one of you has the mettle and moral fiber necessary to claim this power as your own and to wield it for your highest purpose when serving on a jury: upholding justice, including upholding it above law when the two are in conflict. Do not be deterred by people invoking the chimera of punishment for acting in good conscience and doing what is right.

Danny 2

The principle of jury nullification basically means a jury decides what is legal, not a judge. A jury can refuse to convict even when told they have to - although nobody will tell a jury this.

Own goal for Scottish Football Association as fans sent phishy emails

Danny 2

Too greedy

They might have got away with it if they'd asked for £17, they obviously don't know Scotland fans.

It's an own goal for the SFA but we're still ahead of Malta.

Icelandic Pirate Party asked to form government

Danny 2

Re: Excellent!

Saga is cool, but I'm afraid she is Swedish. A great loss to Sys Admin.

Microsoft's nerd goggles will run on a toaster

Danny 2

Dentists chairs killer app

I had root canal drilling today and as the orange specs were placed over my eyes I realised I'd far rather be watching playful kittens or even Playboy bunnies, rather than my dentist transformed into Donald Trump.

No super-kinky web smut please, we're British

Danny 2

Re: Yep, that'll work

In 1958 even missionary was illegal in Britain - by definition you had to go to the colonies to do that. We used to reproduce asexually, by sharing a cup of tea then sitting on a toilet seat your spouse had just sat on. However until 1986 spanking leaving a mark wasn't just legal, it was mandatory,

Danny 2

Re: First they came....

First they came for the Socialists, and I did not spank out

Scotland's Skyscanner sold to Chinese rival Ctrip in £1.4bn deal

Danny 2

"The Edinburgh-based business"

The business based in the city formerly known as Edinburgh. Next week we are being renamed Garethwilliamsburgh.

And you mocked Scotland for having the unicorn as our national animal, but Skyscanner and Fanduel were real!

Computer forensics defuses FBI's Clinton email 'bombshell'

Danny 2

General Petraeus, by then Director of the CIA. It's not in the Wikipedia page but seemingly the investigators faced fewer legal hurdles due to the fact the communication was in a shared folder rather than emailed communications.

Alleged hacker Lauri Love loses extradition case. Judge: Suicide safeguards in place

Danny 2

Re: Suicide highly unlikely ...

Capital city.

Danny 2

Re: This should be simple...

A British citzen committing a crime on British soil should be charged in the UK under English or Scottish law and if found guilty imprisoned here close to their family, in this case under the Computer Misuse Act 1990 with a maximum 10 year sentence. Anything less is a betrayal of soveriegnty.

If the yanks don't like that then they shouldn't keep their sensitive military systems easily available online from the UK.

I've met Love near Glasgow, he is not that technical. There must be dozens of less naive hackers still in those systems undetected.

Filmmaker Werner Herzog interviews Elon Musk for internet doco

Danny 2

The Simpsons. His entire career was simply an apprenticeship for his greatest role as Walter Hotenhoffer.

Grandpa Simpson - What did you do during the war?

Walter Hotenhoffer - WWII? I wasn't born yet.

Grandpa Simpson - Funny how many Germans say that these days.

Brave idea: Ex Mozilla man punts Bitcoin adblocking browser

Danny 2

Opt in rather than creep out

I block ad's on some of the sites I like and would like to support because the adverts creep me out by mining my posts. Targetted advertising is just scary and almost always incorrect. For my favourite sites I'd be happy to fill out a form saying, 'there are the things I actually buy, or may be interested in adverts about, don't send me any others and don't personalise any of them".

We want GCHQ-style spy powers to hack cybercrims, say police

Danny 2

Re: Next, traffic wardens...

CCTV supposedly used to cut violent crime is already used to police parking violations. Councils and DWP little hitlers already do this too to cu down on dog poo, school admissions, rubbish bin abuses.

I was recently charged (wrongly) with a Breach of the Peace, over twenty months and with three days in jail, about fifteen court appearances, and several police raids/visits to my parents house. I realised fairly early on the police were going to their address soon after I'd arrived out of convenience, and must have been tracking my phone to save themselves a fifteen mile drive to my home. Later one of the officers interrogating me confirmed that inadvertently.

My case is utterly petty and minor but Police Scotland have also been doing the same stuff to journalists and other police officers. I got to talk candidly to a senior police officer about this sort of quasi-legal behaviour once and he was perfectly frank and unembarrassed, "What we can do, we will do". Meaning they will do anything they think they personally will not be prosecuted for.

And that is fair enough if they'd focus on serious criminals and terrorists, but they don't and they don't intend to.

Exploding Samsung Galaxy Note 7 phablets recalled immediately

Danny 2

Guardian of the Galaxy

Hands up, who left their Galaxy Note7 on the Space X Falcon? Or who designed it as the communications device just because it had the word Galaxy in it?

'NSA' hack okshun woz writ by Inglish speeker trieing to hyde

Danny 2

Re: The 'insider' theory

At one point it was part of my job to read log files to spot hacks. I must confess I am not sure I did it very well. My boss was better at it, but he always did it after the event. Once you know something has happened then it is relatively simple to look back for tell-tale signs. It was complicated by the fact we never got to choose what was logged, some invisible developer decided that months before without our input. So spotting it in real time requires pattern recognition skills that I doubt even Assange has. You stare at logs over and over and you can, sometimes, tell if something looks a bit different. If you are well slept and and not on 24 hour call out, and you didn't just have an argument with your girlfriend.

I used to be stuck between a yearly battle between Belgian and Dutch hacking conventions. These genius idiots weren't actual criminals as such, but they were trying their best to take us down for lolz. It was bloody annoying, and I had the best of support. As soon as they jabbed us, we'd get a direct patch from MS or whoever and have to install it organisation wide. You know how Space Invaders gets annoying after an hour or four? It was very tempting just to leave work, go to the convention and spike their drinks with LSD.

Danny 2

Re: The 'insider' theory

Snowden used a CD marked "Lady Gaga"

That was Manning.

If you can get remote access to everything on a server then you can likely ammend the log files too. Various crypto gurus are already recommending we look to a post-cypto future where you assume you are hacked and concentrate on blocking exfiltration, either by DVD as you said or straight over the network.

Danny 2

Short changed

I don't know if this is true or not but a commentator on another website said ten million Cisco shares were shorted in the weeks leading up to this story. I know El Reg pokes around in technical details but there might be a story in following the money.

Banking system SWIFT was anything but on security, ex-boss claims

Danny 2

Re: swift .... really archaic

Well, it was either you or your bank who can be described as really archaic.

Danny 2

Re: I interviewed there last year. . .

Culpepper. Aye, and I had a Virginian boss in the Netherlands who never liked the locals, and who in turn wasn't liked. That made him a bit paranoid too. I never met a single Indian there but I met many, many nationalities among my colleagues. Mostly western, mostly white, mostly male.

Danny 2

Half the money that passes hands each day is transferred across the SWIFT network. You are quite correct that actual money doesn't travel across their network, only messages, but duh! A physical £50 note is only a message too.

SWIFT do provide secure communications to their users, in the same way the Bank of England/ Bank of Scotland RBS and Clydesbank provide secure £50 notes to their users. If you get mugged walking down the street or accept obviously fake £50 notes then you can't blame the currency. The weak point is the banks, aka between the chair and the keyboard.

Danny 2

Re: Lack of trust

First, neither Linux or Windows is used on the main network.

Second, why on earth is SWIFTs self-signed root PKI cert a 'dodgy security practice'? It's entirely their network so outsourcing trust would be a vulnerability. Banks trust SWIFT for a good reason, they are unhackable. Other root certifiers are not.

Danny 2

I'm guessing you were working at the Begian HQ. In the OPs centres there aren't any contractors and the canteen food is, well,not exceptionally good. Security though is tighter than anywhere else I've ever seen, certainly far, far tighter than banks which just aren't comparable. I take it you were a developer, you wouldn't have got within sniffing distance of the actual networks.

As 2nd line support (only four managerial levels lower than Schrank since they only have four levels) I wasn't allowed to touch the active machines I was supporting. I'd have to talk an operator in a secure area through it.

UK IT consultant subject to insane sex ban order mounts legal challenge

Danny 2

Legal ordeal

I've just experienced 20 months of being charged with Breach of the Peace Section 38 ("a domestic"), only for the charges to be dropped earlier this week during the trial without me being allowed to say anything in court except "Not guilty". I've had to attend court at least 12 times, I eventually lost count. I've spent three days in jail on two occassions, my family suffered three police 'visits', I've chosen not to work or claim benefits during that period, and it's been hellish.

I will write it up and may post it here or at least link to it here because there are a few tech angles. First though I've got complaints to the police, the laywers and the prosecutors to write, in the hope of improving their awful performance rather than wanting vengeful disciplinary action.

I would've preferred a trial rather than a dismissal even though I had been told there was a good chance of being found guilty. I would far preferred if the prosecutors had accepted my initial offer to discuss the matter on record.

One of the things that came out of this is I asked and got to read my medical records, and they are appalling inaccurate and worringly demeaning. It's inhibited me from seeking medical help again, and I urge everyone here to ask to read through their own medical notes. Unrelated to my case I found suggestions that I was a heroin user when I attended hospital with cat bites - wtf?

As IT guys we recognise and laugh at our own professions incompetence, but in my experience we are far better at our jobs and more open about our failings than doctors or the judiciary who form 'closed ranks'.

By nature I don't have much sympathy for this guy the way he has conducted himself and has been portrayed in the media. Through bitter experience I'll hold my judgement on anyone I haven't shared a cell with.

Robo-buses join the traffic in Helsinki

Danny 2

Child's play

Why automate while child labour works?

11-year-old boy steals bus, passengers don’t notice

Snowden says Russia ‘probably responsible’ for NSA hack

Danny 2

“warning that someone can prove US responsibility for any attacks that originated from this malware server”. “This may be an effort to influence the calculus of decision-makers wondering how sharply to respond to the DNC hacks,”
Is he implying the DNC was hacked from the NSA malware servers?

Polish developer hacks Android rewards app for free beer

Danny 2
Pint

Olympian

I read German gold medal winners at the Olympics get free beer for life, which must work against them winning at the following Olympics.

SWIFT moves on security in wake of hacking attacks

Danny 2

Re: speedy

The money went to unregulated casinos in the Philippines. A local bank manager was caught leaving work with an armoured car full of cash, so that small portion of the money will presumably be returned. The rest of it went to upgrade the Chinese triads into quads.

Spied upon by GCHQ? You'll need proof before a court will hear you...

Danny 2

Re: I'm Spartacus

We appreciate your expression of willingness to participate. Unfortunately, the claims in this case had to be filed by 4 December 2015. The reason is that the Investigatory Powers Tribunal found that unlawful GCHQ surveillance, on which these claims are based, became lawful as of 5 December 2014. Once a claim is filed, the Tribunal will only search GCHQ’s records for unlawful activity during the year before the claim was submitted. What this means is that a claim submitted on 14 September 2015 would lead to records being searched for the time period between 14 September 2014 and 5 December 2014. Claims submitted after 4 December 2015 would address surveillance by GCHQ that was deemed lawful by the Tribunal and therefore not subject to a search.

It's even more of a con than the article conveyed! Apologies to PI but no apologies to the IPT:

"If Sir Jimmy abused you in the you before you first complained, then we would certainly consider accepting your proof".

Danny 2

Re: I'm Spartacus

I'm not one of the 663 but have strong and deep evidence I was spied upon, including but not limited to emails from a since exposed police infiltrator. I never applied to PI as I had no faith it would be taken seriously, but if it's being dismissed in this flippant manner then I perhaps should (reluctantly hold up my hand, sigh, and mumble "I'm Spartacus").

However, I'm still put off submitting a complaint as they are limiting it to the first ten cases, instead of the strongest ten, and I'm not sure if those ten have to be part of the six hundred and sixty three. Do you know if that is the case?

Inter-bank system SWIFT on security? User manual needs 'revamp’

Danny 2

Re: Purpose-built systems are never secure

SWIFT originally refused to cut-off Iranian banks so the US threatened to arrest all it's employees and management. SWIFT complained to the Belgian government who shrugged. So how can an organisation follow Belgian national laws without the support of the Belgian government?

As for monitoring terrorist funding, can you name one organisation with an operations centre in the US that doesn't comply with a legal request from US authorities to track terrorists?

Danny 2

Re: ~8 months ago, I interviewed with SWIFT. . . .

Your impression was incorrect. I'm working class, never went to Uni, and many of my colleagues were the same. It's probably the most meritocratic employer I've worked for, far better than any British employer. Only four seniority levels from bottom to top. There were a lot of white males, but no more so than other European IT organisations.

If you were competent for the role then you were maybe deemed a security risk, their background checking is a lot more in-depth than they you'd know.

Yet another SE Asia bank hit by a SWIFT credentials hack

Danny 2

You have an inadvertent 'Swift' in there. They are a car company, a delivery company, and a sausage company, unrelated to SWIFT.

My first week at SWIFT. First day I noticed the building had curved edges, same as Air Traffic - to deflect truck-bombs. Everyone gets a full body scan to enter and leave, to make sure nothing as big as a CD or memory stick gets in or out. There is CCTV everywhere. There is an ashtray placed on your desk, because they know in advance you smoke. You are allowed to smoke everywhere, including certain server rooms, because there is a constant updraft of ventilation that Dyson must've designed. You are not allowed anywhere near the servers you support, you have to talk operations staff through whatever minor or vital thing you want to do. Your colleagues at lunch joke that they analyse your piss and shit in the toilet for drugs. Except they aren't joking, although out of hours cannabis is permitted. You find your flat has been broken into overnight, fairly often, just to check. The mice have fingerprint readers. You are told security is everyone's prime responsibility, but when you actually check on security, you are questioned by an internal security team about your motives. There is no internet access, but the intranet tells you stuff about your hometown that you never knew. You are repeatedly warned about all the ingenious Mafia phishing and more serious threats. Your colleagues are introduced to you as 'John, from British security' and 'Paul, from French security', and these are actual state officers seconded to the role doing coding and tech support. When you have a tech support question yourself, your call goes directly to one of the world's experts - millionaires are your help-desk. They try to imprison their staff with high wages, and give you a weekly back massage.

Outside of GCHQ and the NSA, it is the tightest security in the world. Of course their end terminals are the weakest link, that's not their responsibility. They tell an anecdote about when Saddam invaded Kuwait they dodged a bullet because the terminal there was in an unopened cupboard.

But blaming SWIFT for end point attacks is like blaming BT for phishing scams. They are tighter than a sheep's behind at an Aberdeen game.

Microsoft phone support contractors told to hang up after 15 minutes

Danny 2

One down

I have read every tale of woe here, and though I am always amused I can always beat them from my own history of incompetence. I could write a short novel of comedic failures. The time I fixed a six month BT lease-line problem. The time I drove over my bag full of replacement video cards, and had to install them anyway. The obligatory rm -rf anecdote. The time I replaced a blind man's VDU without understanding why, only to stick my hand out excepting him to shake it.

In retrospect, most of my career was comedic. I once had a MS vice-president as my first line tech support though. You know you've made it when you have a millionaire at your beck and call.

We're calling it: World hits peak Namey McNameface

Danny 2

Parsey McParseface

As Scottish granny's everywhere used to say, "Yer arse in parsely".

I think the English equivalent is, "I don't believe it!"

Spying on you using fake social media profiles: One Scots council could

Danny 2

Re: Nicola Sturgeon=Rosa Klebb

Mars bar. Batter. Oil.

I have seen them, they are real, but I've only seen foreign students eating them. We Scots regard them as different courses.

Danny 2

Re: and people ask why I'm not on any (anti-)social media site?

"the less people knew about me the better"

Just over a decade ago you could search the internet for "Secret Project" + CV and get all the main engineers involved. They'd boast about it online, perhaps inadvertently through recruitment agencies.

In 2003 I found the main engineer behind the UK's '4 minute warning' of a nuclear attack. Brian Dreary. I wanted to trigger the warning, at least for high ranking officials, but I was persuaded by a wiser soul that was irresponsible and potentially dangerous.

For the record, at that time at least, the 'four minute warning' consisted of a pre-recorded telephone call to every British land-line, telling you Armageddon was imminent but not to panic. Guess whose voice they used to reassure us? Joanna Lumley!

Good choice. My plan was to either steal the recording or hire a voice impersonator, and call all the key folk just to panic them into heart attacks. I was talked out of that but I sort of wish I had.

Danny 2

However Jim Lamond, head of council resources, told councillors during a cabinet meeting on Tuesday that using social media to investigate people did happen.

Since you are now monitoring this website, how about you explain your "We didn't do it, but if if we did do it, this is how we did it" OJ Simpson defence?

While you are at it, do you want to explain why council-tax payers money is used to promote and fund the singing career of one Rena Gertz?

"He who fights with monsters should look to it that he himself does not become a monster. And if you gaze long into an abyss, the abyss also gazes into you."