* Posts by JeffUK

146 publicly visible posts • joined 28 Sep 2009

Page:

Oh, no one knows what goes on behind locked doors... so don't leave your UPS in there

JeffUK

At least they could get into the mystery cupboard

Reminds me of the time I went to a warehouse to re-patch a few network points; The factory had just been renovated, which included lining the old asbestos-and-corrugated-mouse-poo walls with uPVC panelling.

When I got to the door to the cupboard that housed our comms equipment, it wasn't there, I searched for a bit in case I was looking in the wrong place, checked my site map etc, but instead of a door, there was just an expanse of shiny white plastic.

I must have looked quite a sight, stood in front of a perfectly empty expanse of wall laughing my tits off at the absurdity of the situation.

Watch out, everyone, here come the Coronavirus Cops, enjoying their little slice of power way too much

JeffUK

'Orwellian' is such a cliché:

Constant attack from an invisible enemy.

Mandatory weekly group applause

Public shaming of people who do not conform

Getting neighbours to turn each other in to the police

Being arrested for failing to tell the police who you are and what you are doing outside of your home

Entertainment banned.

Proletariat forced to work while everyone else shelters safely at home.

Hawaiian fake nukes alert caused by fat-fingered fumble of garbage GUI

JeffUK

Re: Confirmation checkbox needed

Send what message? If they think they clicked 'Test Message' then they're going to click yes on the confirmation too.

How about confirmation boxes that provide useful information like "Send message to 4,000,000 recipients?"

JeffUK

Re: Confirmation checkbox needed

I prefer "Cancel Message? "Yes" / "No" / "Cancel"" Just to make it even more confusing.

Quentin Tarantino in talks to make Star Trek movie

JeffUK

Wesley Snipes vs Wesley Crusher, Ideally something akin to the Subway fight scene from Blade

JeffUK

Re: "Michael Madsen - cutting Farengi ears off while whistling"

You could cut to it throughout the film whenever you need a little comic relief

Terry Pratchett's unfinished works flattened by steamroller

JeffUK

Re: I'm touched by the weirdness of this request...

Start at the beginning and carry on until you reach the end.

The first few are a bit amateurish, but there are so many in-jokes and references in the rest you'll miss out If you don't read them.

Nuclear power station sensors are literally shouting their readings at each other

JeffUK

So they're installing a built-in way to communicate to otherwise air-gapped systems in a nuclear facility.. Stuxnet Mk2 here we come!

Peace-sign selfie fools menaced by fingerprint-harvesting tech

JeffUK

Re: For the 1,000th time

Good point, I'd never use '00000000' as the password to my car. I suppose it makes sense, the US Govt. has LOADS of nukes laying around and I've only got one car.

Hackers could turn your smart meter into a bomb and blow your family to smithereens – new claim

JeffUK

Re: There are many different definitions of "smart meter"

Ok, I see why you would want to, than (I seem to remember this being trialled with Aircon in big hotels...) how would it work? would it need to be connected via wifi, or or would it use some sort of Ethernet-over-power malarkey?

JeffUK

I don't understand the statement "Smart meters can communicate with networked devices inside homes, such as air conditioners, fridges, and the like." why would the meter be connected to your LAN? I thought they used GSM to communicate back to base.

Terrified robots will take middle class jobs? Look in a mirror

JeffUK

Re: Terrified robots will take middle class jobs?

I know several people who could easily be replaced by a magic-eight ball..

Ducks, Lord of the Rings, movies and maths: The GCHQ Xmas puzzle solutions revealed

JeffUK

I found it interesting that they made it progressively harder to cheat on the puzzles, they could have made it impossible to cheat from the start, but chose not to (brute forcing #2 was made possible when they could have just hashed the answer like they did in #3.. for instance. I took this as a sign that cheating was allowed and did so to get to level 4... then I gave up, because I couldn't work out how to cheat and I hate number sequence puzzles.

This is why copy'n'paste should be banned from developers' IDEs

JeffUK

Re: It's all about the annual review

Message_First_Word = 'H' + \

'e' + \

'l' + \

'l' + \

'o'

etc. etc.

Lincolnshire council IT ransomware flingers asked for ... £350

JeffUK

Re: I'm not buying the "0-day exploit" story.

Well; it was a zero-day at some point...

JeffUK

Re: Zero Day Exploit

I'm guessing the IT service providers, or the AV company told them it was 'It was a zero day, That's why it wasn't stopped' and they have no reason not to believe them.

I've been told that an Excel macro virus was 'A Zero Day' just because the AV signatures didn't pick it up. The AV crowd have realised that if they define 'Zero Day' as 'Anything we miss' they can get away with murder.

NSA’s top hacking boss explains how to protect your network from his attack squads

JeffUK

He's pretty much just talked through the syllabus of a CEH course... not exactly ground-breaking insights!

It's 2016 and idiots still use '123456' as their password

JeffUK

Sampling bias

Massive sampling bias here... These are passwords from sites that have been hacked... So only tells you that people use crap passwords for sites that can't be trusted.

Also, these passwords were either A. stored in plaintext, in which case complexity is irrelevant, or B. stored hashed, in which case only easily crackable passwords would be released; skewing the results even further.

ALSO... as all the 'good' passwords are probably unique, they will never be at the top of the list of passwords. So the non-unique passwords will inherently have more people using them.

The more I think about it, the more meaningless this information becomes.

Trustwave failed to spot casino hackers right under its nose – lawsuit

JeffUK

Re: Budgets, constraints and

Something I've experienced before is security companies giving assurances that they shouldn't give based on the scope of the testing, and not giving adequate caveats.

E.g. testing a web application and not testing the infrastructure yet declaring a web service 'secure.'

'T-shaped' developers are the new normal

JeffUK

Re: |Hmmm... click bait

Agile: I literally had someone tell me "We don't want all the project management and testing, can't we just use agile?"

Certainly, But you'll want to double your budget for project management and testing...

JeffUK

Except in the wacky world of "Manufacturing Execution Systems" where enterprise and embedded collide...

JeffUK

Re: small iterative changes will be the norm

Ha! A more accurate analogy would be building the second, third and fourth floor anyway and papering over any subsequent cracks (or calling them 'features') until it all falls over... then you leave the rubble where it lies and start building again.

Windows for Warships? Not on our new aircraft carriers, says MoD

JeffUK

Re: Ah joke wallpaper ...

(Except for Johnny Castaway of course)

Just gave me a massive wave of nostalgia, Someone's compiled the whole lot into this youtube vid:

https://www.youtube.com/watch?v=PqXIKeTVcyA

T'was the night before Christmas, and an industrial control system needed an upgrade

JeffUK

Re: “A less than really sharp manager agreed,”

As per the Dilbert Principle.. the 'less than sharp' people are consistently promoted to management positions where they can do the least amount of damage. sounds like WG's manager is due a promotion.

Screenshot malware targeted innocent online poker players

JeffUK

I wonder if this was invented by a Criminal mastermind by the name of Rolando ... we will never know.

Electrician cuts wrong wire and downs 25,000 square foot data centre

JeffUK

We had a few occasions where truck drivers tried to drive off with our forklift drivers still in the trailer unloading... after discussing lots of high-tech and convoluted processes to stop it happening we solved it for £5. By putting a hook on each of the roller-doors in the loading bay.

When the truck comes in, their keys are hung on the hook before the roller-door is opened, leaving the keys hanging 15ft in the air. Then they physically can't get their keys back (or drive off) until the door's closed again.

JeffUK

Re: opps

Nope, Risk = Impact X Likelihood .. The boss asked for the likelihood of something going wrong, OP assumed that he was aware of the Impact

Russian nuke plant operator to build on-site data centre

JeffUK

Re: Can't see why nuclear power is a danger for a data center

Presumably it helps provide some measure of guaranteed base load for the reactor. For cloud processing, you could even offer discounted cycles based on excess power generation (Amazon have a 'run X when it's cheap' option.)

JeffUK

Re: Whole new level

But there's only one nuclear power plant on site....

Cyber-terror: How real is the threat? Squirrels are more of a danger

JeffUK

Re: Cyber Warfare vs things that go boom

Someone in the local area took out a major transmission mask with a badly (well?) aimed firework a few years ago... (Google 'Morborne transmitter'))

Doctor Who: Even the TARDIS key can't unpick the chronolock in Face the Raven

JeffUK

I think they've left themselves an 'out' here.

When the first guy got killed, one of the guards said something like "Don't run,... why do they always run?" implying that running is somehow a bad idea, even though they're facing 'certain death' .. so I wonder if there is a catch in there about it only working if you're scared or some other hand waving ..

we shall see.

CIA boss uses AOL email – and I hacked it, claims stoner teen

JeffUK

Re: I'm not sure which is funnier...

Pretty sure that sentence could do with a comma! "was motivated by opposition to US Foreign policy, and support for Palestine"

Here are the God-mode holes that gave TrueCrypt audit the slip

JeffUK

Re: Lateral thinking

Yeah, Although unfortunately this probably falls under the 'conspiracy theory' banner simply because there's no way of proving it either way, I'm tempted to agree with you!

Without other supporting evidence, there's no way of telling the difference between a genuine vulnerability and a cleverly placed backdoor.

Want your kids to learn coding? Train the darn teachers first

JeffUK

Re: Dunno for teachers, but ...

"or just RTFM and have 2 cents of common sense as an architect." .. ityf 2 cents makes you a Senior Architect

Virgin Galactic SpaceShipTwo crackup verdict: Pilot error

JeffUK

Re: Seems little margin for error...

Interlocking anything to speed relies on the measuring devices working perfectly. e.g. if you couldn't lower your landing gear unless the plane believed you were under 80kts, and your air speed indicator failed (frozen pitot tube f'rinstance) it would be somewhat inconvenient to have to get out and fix the problem prior to landing.

Krebs: I know who hacked Ashley Madison

JeffUK

The most popular of the passwords he was able to successfully crack...

ClearSky: Keeping your premises free of unwanted clouds

JeffUK

Re: "having [..] storage silos is a costly nightmare of managing [..] storage infrastructure"

You have exactly the same problem if you have a centralised data centre. In both scenarios, of course you would keep things local that have a true high-availability requirement. There are, however, lots of other reasons not to want to hand over all your data to a start-up . . .

Are you a Tory-voting IT contractor? Congrats! Osborne is hiking your taxes

JeffUK

Re: Annoys me sooo much

so.. who's the mug?

Pan Am Games: Link to our website without permission and we'll sue

JeffUK

Ironic, that theregister tries to impose conditions upon people linking to their website..

"The Register permits any website to link to any of our stories, provided it clearly states its source and does not include the full text of the story on its own site"

Pretty much implying, that they too believe it is within their power to permit (or not) people to link to their site.

LastPass got hacked: Change your master password NOW

JeffUK

Re: Once again ...

OWASPs Application Security Verification Standard is a good starting point. IT has some weight to it (a lot of people have heard of OWASP) and it's quite pragmatic in its approach.

JeffUK

Re: My method

Red Lion

The Globe

Hunters Rest

Greengate

or

Watergrove

Am I Close?

JeffUK

Re: You see...

Nah, get them tattooed on the bottom of your foot; that way you'll almost certainly notice if someone steals them.

JeffUK

Re: I need to access my accounts ...

One option, off the top of my head: take a piece of paper, write your passwords on it, stick it in your wallet.

That way, you'll know what they all are (primary function), they will be almost completely secure (primary requirement) and you'll know who has access to them, and if/when they've been stolen.

Don't have to be particularly techno-savvy to drive a biro.

JeffUK

Re: OOH OOH!!! I know what the weak point is

You're basically storing all of your passwords on someone else's computer, using software you have no way of validating, running on servers who's configuration you have no way of validating.

I always get looked at like the internet-age version of a luddite for saying 'maybe some things shouldn't be on the cloud' ... but I'm glad I stuck to my principles on this one.

JeffUK

There's no guarantee all of your passwords haven't been exposed.

Step 1: Hack the webserver

Step 2: Change the code on the page that shows you your passwords, after they're decrypted to also save them somewhere on the server in plaintext

Step 3: ????

Step 4: Profit!

City of birth? Why password questions are a terrible idea

JeffUK

Off the top of my head; assume they do actually have access to a working email account. (Pushing the 'password reset' problem onto the email provider, in effect) But if everyone did this, you'd only need one password anyway...

Log them in by sending a one-time link to that email that sets an authentication cookie. They want to log in again, they click, 'log in' and get a new link via email.

Simples.

JeffUK

I failed to create an account with a certain UK bank because the required me to provide answers to 3 of 10 'secret questions' and I didn't know/have answers to any of them..

E.g. I don't have a 'Favourite colour' because I'm not 7.

Never trust a developer who says 'I can fix this in a few minutes'

JeffUK

Re: Trust

As I responded to a complaint of "You only changed one line of code, why did it take so long?"

"Changing one line of code: 3 minutes"

"Changing the right line of code: 3 weeks"

Page: