Re: If it costs less than half a mil
Be ok unless they passed the -y flag. Then all bets are off.
109 posts • joined 6 Jul 2009
I passed one the other week that went 90->70->30->70->90 in the space of 200m. The camera was hidden behind the old stone bridge forming it. And on the same journey I noted the police radar set up on the closing filter on a dual -> single carriageway stretch , just where a quick burst speed to finish that overtake of that artic before you run out of road might actually be safer. Clearly its about safety as you say.
Not completely isolated, I really like it when my home automation sends me a urgent mail to my smartphone that a camera recognition event was triggered. When I had hard wired only systems this would have been a major thing, and one property we had a ADT monitored and installed system that had so many false alarms the police refused to attend a alarm event from it.
Now, I've got a small collection of images of 3am "spiders that like looking very closely at IR emitters" images on my server and it saves having to ring someone and get them out of bed at stupid o clock for a false alarm while we're away for the weekend or something. And if I ring, everyone knows there's a genuine reason because its passed the human filter system.
Connected done properly = good , connected open with its pants down waiting just so you can write "cloud" or "IoT" on the box = bad.
Or, if your technically competent, just give it a static ip on your local subnet, and give it a device as its default route that can't route out the subnet. Everyone on the local subnet can still access it, but it can't phone home.
If you need it "on the cloud", zoneminder on a trusted machine that can route out but doesn't have made in shengzen budget firmware. Or let it upload its images to a local server and rsync over ssh that somewhere public etc.
We should be designing routers with firewall features like isolation zones for devices like this out the box. But then the routers themselves would have to be made properly and tested.
Can we swap IoT for a PLoT model please? (protected lan of things). Then we can at least get normal people to make a attempt to bolt the stable door. Add a outer layer to the onion and all that?
Because Jim, for all the thousands of eyes that miss your criteria, having the stuff around to take a peek at when something catches your attention, does very occasionally catch a gotcha before its a problem. And the more eyes that look at it, the more chance of that odd neuron firing in the brain of someone who hasn't been trained to think in a certain way by our method of social conditioning known as education.
Of course, unless its a self promo seeking consultancy with a website with a logo for the vuln etc, this process is transparent. Even more so if paid to check, as the client buys stealth, its no-ones interest to tell anyone, except maybe finance when they come round trying to get rid of all the people who make a difference because it doesn't show in some beancounters spreadsheet because its almost unquantifiable.
Just because you don't know someone who's found something and worked to get it fixed quietly, doesn't mean in any way shape or form that's not going on continually around you. Even with closed source and binary things too.
Had a play with wayland and gnome3 on debian after reading these comments about it. Found it broke my synergy install, reverted back to E17.
I dont want a entire session remoted like rdp, if I did, I'd install vnc and be done with it. I want a single window from a single app on the remote machine without all the weight of the entire desktop.
No remote, no usey.
I have similar though not on a DJ1, and its good. Although not so good the only time I forgot and powered the drone up still in the office then walked out into the garden with it. Lost sync, flew to home. Into side of stone house at about 30km/h. The rebuild took quite a long time...
There was 3 comments on this story yesterday, 2 of them somewhat critical of Huawei and their claimed market impact. I went into my history having made one of the comments and its marked as deleted so no, I'm not going mad.
Has el reg "lost" a portion of its comment database or is this a new sponsored listing value ad feature for prefered sponsors?
Because that tank design your refering to was already existing and rejigged lightly for the role. A existing spanish tank. With spanish design. And spanish production lines to make nato issue tanks.
There's nothing wrong with british tanks being built in britain, except they'd be a magnitude more expensive than repurposing whats there already with a minor refit. Has brexit Britain has a chequebook fat enough right now to achieve that currently?
A screwdriver? you younguns dont know your born :D my new old car doesnt even have door locks. Sorry it has internal latches you can flick, but the sliding windows dont lock either. It is from 1977 however and was designed to be driven by people with guns (land rover 101fc)
Ask yourself this. You get in your car and someone has cut your brake pipes. Do you notice when you come to the first time you need it rolling out the drive and its not there, or half a hour later when your barrelling up a motorway?
Software can do remote connections, and it can do timed attacks or tie things into gps or cell towers. Yes you can partially saw through a brake pipe or remove a few crucial nuts holding wishbones secure etc, but you still have no real control over where it might fail. MIght work, might just put the wind up someone and alert them to the fact that next time they won't be lucky.
I'm not Charlie, but I'd like to see evidence of your IT credentials too raised by the AC post and commented on by Charlie. While you might have a silver badge, all of your posts in your history appear to be political.
Should it matter? it does to me & it probably does for others here. I like coding in various languages & I've done a fair bit of it over the years, it makes me a borderline aspergers slave to logic but I value logic. I don't have a silver badge because I normally only contribute when I have something to say about tech & IT, and not fishing for upvotes. A bit like being on twitter as a apparent placeholder, only to spring into life when it matters.
So are you a Code junky, or are you a opinion steerer? There's no shame in the latter, provided your not trying to pretend to be the former.
Anyone who wants their control network to survive a determined attack. Someone with a scada network controlling assets isn't in the same category as your local webhost or SME with a single server in the corner and they should realize the value of protecting it properly. I've worked on projects where a unprotected device put upstream of the boundary firewalls would last maybe a minute or two before getting compromised such was their exposure to attack. They had rigid control, quality targets, correct processes and investment and boy did they need it.
High profile attacks like Talktalk and others have highlighted the need to do a thorough job of securing things to a wider audience given the beancounters saved them a small sum skimping on security only to find significant amounts of value wiped off shortly after the attacks.
Talktalk have been recruiting security staff like mad since then given the amount of times I've been messaged on linked in from recruiters about it, so its a good chance at least their subset of investors and accounts are acutely aware of that lesson. If your an influencer at early adoption stage, its part of your overall governance to instill the need for security best practices at the procurement stage too, not just slap them on as a afterthought and there are some from that procurement involvement here I hope taking notes to improve things.
The industry at large has massive amounts of work to do on this front, and the security industry has to sort its own house out also. If you give recommendations to secure things and the business decides to take the risk against your advice for financial reasons, that is their decision but you have done what you can and they must own the fall out if it happens. And you get to say "I told you so" in a very sombre and professional manner...
How would virtualizing a out of date operating system with vulnerable ports protect it any better than installing it on bare metal?
The fail is how the airgapped network got compromised, however I once was involved with writing scanning software that went hunting for interconnects amongst other things on a global "secure" airgapped network, and we found significant numbers when digging through our results. Some people breached with wifi modems to make laptops easier, some as it transited less -ahem- lawful areas etc. Most of the problem was people being lazy and processes not being rigid enough nor penalties severe enough for doing stupid things which compromised the network's security.
Lock it down, secure it, get maintainence agreements including code fixes for the life time of the kit in the original contract when buying, take steps to establish a in house policy and responsibilities and delegation to keep it patched and integral but sticking it in a vm isn't going to help, especially as the next step would be to combine all of those windows machines into a single host, giving yet another vector for a sophsiticated attack to jump about sight unseen by any network probes..
The reason the malware looks for the vm environment is a large amount of security researchers spin the vulnerable machine up in a vm because theyre looking at x different device types a week, and to have each one as a physical box to be maintained for the audit record of testing would make life awkward. Its a lazy convienience thing, not a good practice one, you cant beat electrical seperation done properly.
I used to be afraid of wasps after a mega sting incident as a kid and a nest with hundreds of stings left in my scalp, but then I met asian hornets, and after that it kind of focuses your mind on how harmless the average wasp is in comparison. Wasps are a bit of a pain in the bum near bins and in beer gardens, but not the apocolypse I used to imagine them as.
I was soldering something with a blowlamp when a extremely large asian hornet came for a persistent look, and I got it square on with the flame, and it flew off on fire with poisen running out of its sting like a hypodermic needle being purged mid flight. The singed crispy remnant managed to make it out of the garden before disappearing under its own power still.
Another year we got a actual nest up one of the tall trees, and the fire brigade were on about getting private contractors in at thousands cost with specialist suits and cherry pickers because of where it was. I was harbouring plans to buy/equip a larger drone with some kind of remote release spray and nip up and do the job, until a early test reconnisance flight with my AR ended up with a crashed drone after they all mobbed it as it got near the nest. In the end, the nest "fell out" the tree with what looked like a large hole in it following a suspicious bang noise from the direction of a neighbors and the fire brigade came back and dealt with a bunch of peed off hornets on the ground in special suits instead. The nest went away for scientific analysis and some of the grubs and smaller pieces were used in exhibits to do science at local schools.
Hopefully there was a control fight with fighting wasps with reverse painted faces to test. But have to wait for paper rather than clickbait for that.
Whoa there, I'm not in the UK but I was eligable to vote in the referendum being a british national and it being less than 15 years since I left the UK. I could quite legitimately sign that pettition, put my address as France and be within those terms.
The fact that Leeds fubar'd my postal vote due to "proceedural errors" then failed to tell me despite us calling the hotline on 3 occasions to check it was all still going through and told me I could vote in person if I picked up a ballot paper on the day when I was supposed to be in a business meeting on another continent is a moot point.
It would be so trivial to do a select based on useragent data from the script I saw being claimed as responsible, and just mark all of those rows bad in the database. And, I think thats exactly what some BOFH at PCCS has done.
Geez Andrew, I thought you had enough fun trolling the global warming people, but obviously you've been allocated a new target to play with now.
Has El Reg sucumbed to a bit of click bait and attention grabbing with its spate of op ed's now most people have made up their minds?
I'd be voting remain by the way, having worked in and around europe for years, and benefited massively from all the benefits it brings having got on my bike literally as norman tebbit told us to.
Re the "Yet, without exception, everyone I have spoken to wants to leave Europe."
I think there's some kind of style guide been issued by the bodies funding the brexit crowd as nearly every shouty post making this point I've seen has said this exact phrase. And you have to pepper the discussion with END OF and absolutes if its the BBC HYS or similar swivel eyed loon locations.
There's one forum I frequent it was quoted and the main shouty people were all saying "WHEN we leave" and "NOBODY will vote" I posted up actually I know quite a lot of people voting to stay for logical reasons. THere was this short pause, then it continued with the same rhetoric.
Speaking on behalf of absolutely everyone, having someone correct you, then carrying on doing the same thing is a huge insult in my book. It might work on the weak minded, but I'm hopeful there's enough logical people who think for themselves to resist this tactic.
Now by and large we are logical here, we deal in logic (IT), have brains wired for it (ok maybe not some of the phb's). I for one would like it better if you could lease keep your reasoning to logic not the daily fail style sheet responses.
It also had no memory protection so a single bug in a single application could bring down the entire host machine. It also supported no concept of permissions or different privilege layers during execution, nor protection to prevent a simple text handler from suddenly writing bytes into the main control registers for the bit blitter and doing bad things for instance.
When you only ran a single application, didn't care about security and could just power cycle it when this happened then it was a minor annoyance. Today it would be unthinkable.
I loved the Amiga, but systems engineering has progressed significantly since. And I have a accelerated amiga and a peg2 ppc based machine running morphos next to me. And lovely as the peg2 is for demo's and being responsive, it also has no mmu and falls flat on its face fairly often.
Had to laugh at the irc bot set up to spew insults. Takes me back "quite a few" years to the days of that cesspool of attacks known as efnet and writing tcl scripts for eggdrop bots (and having lots of geographically diverse hosts for a gaggle of eggdrops to stop someone smurfing all the opers off, we had a very desirable room name and erris free lacked any protection for chanops then). Ours just served beer and stuff when you did a !beer though. Learned a lot about ddos and keeping things secure though. I'd just laugh if all the attack bot did was shout a few insults in response to a !tosser or something. Its a bit monty python french taunter isnt it :D
Have to read up why the "security consultancy" couldn't just ban it or get it a kline or worse.
One method to cool industrial computers is to have filters on the intakes to the cabinet housing the electronics for the machine and plenty of room in the cabinets to deal with reduced airflow when they are reaching the end of the filter exchange period. These are changed out to a maintenance schedule along with other service items and everything is happy.
Another method is to totally seal the case, but use the case itself as the heatsink to disperse internal heat, this way there is no filters to clog but it requires the machine to be designed that way from the start.
Excellent, look forward to this being generally available for tinkeration.
Looking at a fpga implementation of a zx spectrum running on a altera cyclone iv on the desk near me currently and trying to program a cpld into a sewing machine stitch regulator in another window.
A man's got to have a hobby after all...
We won't because some of us are gentoo users :-)
Equally we can't be smug either for the same reason, because I don't code review every single line of every single package to the depth I should be doing to be able to claim that. And if someone else does, why did you miss shellshock and the glibc bug for so long if so :-)
This, wordpress, on the same server serving out the iso images. Physical seperation 101 or complete lack of it. I did read some comments in their announcement post that they're rattling a can for money for more hardware to buy another server just for the wordpress machine to at least give it some seperation.
For a few clients that wanted wp no matter what we advised we ended up having to deal with the devil, and so we ran the wordpress server on a local lan machine not accessible from the internet and automated scraped/rsync over ssh'd off a static version to host as a static html page on the public server.
Probably someone will pop up in a minute and offer them a cloud solution, because that's really well physically and electrically isolated also.
They need to stop with the fanboy rahrah, lick their wounds and do things betterer in future.
It wont be take it or leave it (the internet). It wasn't take it or leave it before all the advertising as a business model came along, and it wont kill off everything. It wont kill off manufacturers sites with product information as a online brochure, it wont kill off SME websites supporting a bricks and mortar business.
I run a site for something non IT related, main site, discussion forum etc. Not a single banner ad, hosted on some spare capacity on a vhost I tend for other purposes. Sure it wont ever make me rich or even cover its bills in theory (though I've had people offer to give me free money to pay its hosting fees who are conditioned into paying to support things and can't get their head around the fact I think like this), but I'm doing it because I'm passionate about supporting the focus of the site, not because I want it to fund my retirement or keep the kids in shoes.
I think you mean "take it or leave the commercial spam infested crapware shallow internet", facebook, and the other "social" sites and not the actual bit of the internet thats actually of any real use.
So, those files becoming corrupted can brick the device. Ergo a disk error could do the same without any os interaction regardless of what is loaded on it.
Design implementation flaw if it won't let you back into the bios to nuke efi & a bit of a gamble all round to run with regardless of what your flavour of os happens to be.
I came here to post mad Jack Churchil for the last RECORDED longbow kill in a military conflict, but he's already up there ^
Also Wingate was a interesting chap, and his chindit unit's activities went on to form the basis of the para's. Not to be confused with the modern repurposement of the title for the geeks...
Thats mostly because they cost more than ordering it with windows and blatting the hard disk on day 0 of ownership. Or as I do, taking it out and putting it in a storage cupboard so if it has hardware poorly sick issues I can RMA it knowing they can't wriggle out of fixing it.
And this fine bit of marketing has enabled people like you to carry on doing microsofts marketing for them.
Not just "pc" in scope for the usb key issue. A Dell 1950 does that if usb hd is enabled as a target in the bios and the bootloader on the key is borked. The first time its nearly had me napping because I thought I had video issues on some of the boxes by the time I wandered back to the kvm station on another floor before deciding to get someone else to perform the complex task of pushing the on button on the contents of a rack one by one while I stood at the station and being able to see all the perc controller crap etc before going into blinky underscore of death mode.
To the original story, as a *owner of dell 1u hardware, there was obviously a requirement to be utterly deaf with no skin sensation of draft in addition to colour blind for the local IT support. When they first power before the environmental sensor tells the board thingy that no its not about to melt (this is a achievement...), all the considerable amount of very small high rpm fans arranged across the middle of the chassis accelerate to max speed and it has a go at making the rack move from the rearward thrust if you leave the rear doors off the cab/had to find a creative solution a too short rack cab...
* now ex, I ripped the xeon's and ram for my workstation out the last still twitching still overly hot carcass of the last one this week, and it felt good to finally slay the last of the beasts.
I think I know where they got jobs anyway... Or maybe its endemic. Except now they'll be "cyber" not security as cyber is the current lightbulb job title the moths are drawn to.
Isn't letting it automatically "fix" problems without intervention flying a bit close to the edge?
Usually when something has been altered you want to know about it to go poke around and see why, its often a good way to see early on when someone might need some re-education, or that someone is up to no good or early warning signs to nip a incident in the bud before it becomes worse. Plus, there's always the chance that someone has done something for a good reason, and without understanding that reason your tool might just be rebreaking something that just got fixed before someone remembers they have to teach the fix to it too...
Not a huge fan of fixing things by script as you can imagine, I worked one place that borked most of their infrastructure with a automated change system that applied exactly the logic someone loaded into it in the most efficient manner possible. Only took about a weeks downtime and a few hundred thousand in resource to recover.
Just my experience. YMMV.
I would think this *should* be targetted for realtime monitoring of things in the field as early warning and early mop up of issues to stop more serious issues deeper in being missed, to clear the wood from the trees, not to replace skilled compliance testing during intergration testing. Its in the same space as Tennable's security centre coupled with nessus probes or IP360, though hopefully the logic in it might actually be better designed than them.
I've been involved with the latter for quite some years, and we have written some in house scripts which do the basics which hopefully will get the devices into a roughly ready for test scenario, then we dig round each component for more information and for things more complex as detailed by yourself and check the output from our scripts for false positives. Differentiating between the two end products is sadly something management and non security specialists are unable to manage. Or they don't want to manage to understand because pretending you don't lets you get rid of that resource for a immediate impact on your departmental costs. Ask talktalk and others where that leads...
This is not a pancea for everything, but in its niche its a useful and complemental technology to a wider security solution. Something I personally will download and see if I can recommend it to any future clients should my next job as pianist in a whorehouse prove not quite as palateable as its looking right now :-)
230vac and 16amp limit is the norm on the continent, smidge over 3.6kW. CEE 7/5, 7/6 & 7/7 are 16amp 7/17 can be 16 or 10, ze german's shuko standard aka CEE 7/3 should be 16 as it accepts europlugs and 7/17 plugs so is requried to cover that capability and 7/4 can be 10 or 16, but originally was 10 which may be where your 10amp figure is coming from.
TL,DR; mostly continental europe has 3.6kW.
I reported this via the city of london site on tuesday I think, origin ip of the mailserver was in india, no spf on the domain, provided full headers and original content.
It spoofed a genuine police.uk domain, the funny bit was the attachment was a mswrod (spelt like this) filetype, with the usual macro virus payload embedded.
I only bothered reporting it because they had got most of the detail that normal people would trip up on. And well, spoofing the police is bound to actually get the police interested in sorting it out...
I can't believe its taken until capslock's post for the obvious leopard spots history of microsoft and new protocols to come out although someone hinted at it with kerberos earlier. What short memories you all have while bickering about posix and permissions systems...
Matt, she's french, in France crowned miss Brittany. This is the same France that it was culturally ok to give 50 shades of Grey a 12 rating while the rest of the world went into hysteria overdrive and made it a 18 rating or higher.
I can't come up with any reasoning for this to happen apart from the American organizers imposing prudish values on the compettition, without needing to even hint at desending into anti american bashery.
<sarcasm> Just wait till they develop the next level of sophistication, zip of exe.</sarcasm>
Anyone running a milter that lets through a exe or zip of contect without blinking wants shooing with a length of ftp, ESPECIALLY those in a position of a company large enough to be a target. Its not point and click for monkeys people role, test your own stuff, do a professional job.
Of course then you might find people killing your mail server cluster with recursive zip attacks, but hey, its not 1999 anymore and you should be capable of stopping that too.
I did bring down a entire cluster sending someone carrying the EICAR test string inside this exploit payload via mail who absolutely insisted on pain of my dismissal to do so despite my dire warnings.Fun call with the cluster admin at 10pm on a friday who put in place proceedures to not have managers strong arm security staff with requests against their better judgement... And I hope harden the cluster of mailservers that it took out...
Good! You might scoff at networks for farmers, but modern farming is enhanced by having good connectivity. Forgot your image of a bod on his clapped out fergie scratching a living, modern farms are massive and professionally run enterprises with huge amounts of automation and computerization of assets, self driving tractors, uplinks for remote maintenance and diagnostics on kit etc.
Having infrastructure in place for this sort of thing rolls across the entire commercial spectrum and is massively beneficial for the countries concerned as a whole, and is a bit beyond having a few people extra getting facebook access.
Biting the hand that feeds IT © 1998–2020