Parliament is little better
Head of Infosec Risk HMG Pariliamentary Digital services - £75k.
That's still joke money to deal with teh risk associated with the loonies that are using WhatsApp and TikTok to move government secrets around
Posts by 0laf
1915 publicly visible posts • joined 25 Nov 2009
Page:
Psst! Infosec bigwigs: Wanna be head of security at HM Treasury for £50k?
Friday 31st March 2023 12:56 GMT
Re: Can't pay more
As a counterpoint Renfrewshire Council in Scotland have a Security and Governance Manager job up right now - £56-59k.
But tbh I don't really know any qualified security guy who would even look at a salary like that for a job that is likely going to be one to drive you into an early grave whilst ministers use you as a blamehound for their failings.
NHS Digital exposes hundreds of email addresses after BCC blunder copies in entire invite list to 'Let's talk cyber' event
NASA's InSight lander expected to survive most of summer before choking to death on Martian dust
Price of Microsoft's Surface Duo plummets to better represent middling hardware ... but only if you're in the US
Wednesday 23rd June 2021 16:05 GMT
Re: Fool me once
I had one, I'm not a big app user so it's main functionality as a phone was good and price was good. Then it got dropped, or first MS attempted to ruin it with a W10 update which luckily I never applied.
At work we bought thousands of them as they could be centrally managed. Then MS dropped support and that probably cost us a couple of 100k to replace with android devices earlier than we would otherwise have.
So yeah, I'm not buying into anything that MS could easily dump.
UK health secretary Matt Hancock follows delay to GP data grab with campaign called 'Data saves lives'
Windows 11: Meet the new OS, same as the old OS (or close enough)
Wanted: Brexit grand fromage. £120k a year. Perks? Hmmmm…
Poltergeist attack could leave autonomous vehicles blind to obstacles – or haunt them with new ones
Monday 21st June 2021 09:39 GMT
Re: Automation
My personal opinion is that the term 'automation' or ' auto' in its use as 'automation' or 'automatic' should be banned (excepting gearboxes as an established norm) untill such time as the manufacturer is legally responsible for driving not the owner.driver.
I agree wholheartedly that 'semi-autonomous' driving is the worst of all worlds with drivers bored and unfocussed yet still expected to take control in a split second emergency.
I can handle cruise control but I found that the more advanced cc such as radar cruise is quite distracting. You either mentally hand over judgement to the car or you are on edge as you catch up to a slower car.
If your distance is set long to avoid the "will it slow" worry, invariably some arse will cut in on your and the car will brake suddenly to put the distance in again. I've given up on it. Nice idea buit doesn't work for me.
Amazon says it's all social media's fault for letting fake review schemes thrive
Thursday 17th June 2021 14:19 GMT
Re: Fake reviews?
I've never had a review rejected even those that were critical. I did have one Chinese company come back and offer me a refund if I upped my review from 4 to 5 stars. The review was actually quite positive towards the product but I don't often give 5* unless something is exceptional.
Ransomware-skewered meat producer JBS confesses to paying $11m for its freedom
The policy of truth: As ransomware claims rise, what's a cyber insurer to do?
Massive tech-for-British-schoolkids cash pot up for grabs as UK education buyers prep £140m agreement
Thursday 3rd June 2021 10:31 GMT
Oh you can't read very well, can't understand how to phrase or answer basic questions, think grammar is an old woman who lives a few streets away? Never mind, here is an iPad that'll make it all better. With the added benefit that your ill equipped teachers don't need to bother teaching or even talking to you any more.
It's the UK contractor tax factor: IR35 outsiders gaining leverage in skills market, survey finds
Wednesday 2nd June 2021 11:06 GMT
Re: Seems that the market functions like the Internet
It sounds like a bit of a Mexican standoff right now.
Businesses don't want to take on IR35 burdens but neither do they want to pay the required salary rate for specialisms they previously contracted for.
Contractors are unwilling to take poor salaries as full time employees.
So as businesses wait for contractors to starve and give in, they don't get their required work done. Who will blink first?
I've read both sides of the argument and it seems that although there may have been a requirement to reform tax arrangments for contractors, IR35 seems to have been a cackhanded way to do it which in the end suits no one, not even the treasury.
Remember those wacky cyberpunk costumes in Hackers? They're on display in London this week
Wednesday 2nd June 2021 09:14 GMT
Re: Capsizing oil tankers via software
"Accessing a ship's cargo control system would be problematic as they are not normally connected to the outside world and neither are bridge/engine controls."
Yeeess except that most of us have run into SCADA systems that should never be connected to the outside world that have in fact been plugged into the internet in an insecure cludge to save $100 on training for a member of the crew or so some exec can keep an eye on something they should have no access to at all.
All too often the stupid plots of 20yr ago become the stupid mangement decisions of today
Why did automakers stall while the PC supply chain coped with a surge? Because Big Tech got priority access
Tuesday 1st June 2021 10:41 GMT
Re: Everything needs intelligence these days, except my Harley.
Autonomous cars my arse.
I'm sticking to my own definition of true self-driving cars -
When I can legally climb into the back of my car drunk as a skunk, slur "home" to it and have it take me there safely, THEN I have an autonomous/self driving car.
If I legally need to be able to take control at a moments notice then I'm still driving the damn car.
Have I Been Pwned goes open source, bags help from FBI
Space junk damages International Space Station's robot arm
American insurance giant CNA reportedly pays $40m to ransomware crooks
Monday 24th May 2021 11:15 GMT
Re: so, let me understand
The public knowledge that a company/organisation has cyber insurance is already being flagged as a risk factor.
If the bad guys know you have insurance you are much more likely to be a target simply because they know your insurance will likely pay them. And it'll all be kept quiet so there is unlikely to be a political motivation to make paying ransoms illegal.
ESA signs off on contracts for lunar data relay and navigation
Internet Explorer downgraded to 'Walking Dead' status as Microsoft sets date for demise
Thursday 20th May 2021 14:03 GMT 
Yeah easy to forget about at home but there is a pile of legacy crap out there that won't work on anything but IE (half of it probably still demands IE6).
Lots of very large companies make some very big and expensive products which they spend fuck all on development to keep up to date with current dependencies.
Basically screw the customers, it's their risk to run old bit of crap on their networks even if our critical software demands it.
Space is hard: Rocket Lab's 20th Electron launch fails
Train operator phlunks phishing test by teasing employees with non-existent COVID bonus
Tuesday 11th May 2021 09:32 GMT
What do they expect, phishers to send a nice header that says "THIS IS A PHISH!!!"
If they were using this as a screen to take disciplinary action against staff then it might be a bit rich but to identify areas for education tough, suck it up buttercup.
I've done the same exercises internally and had the same kickback, Unions insisting that we were "entrapping staff" despite there being nothing at the end of failed test except awareness training. Interestingly those who pushed back hardest against training were usually the worst at spotting them.
I'm aware of one organisation that was forced to alert staff that a test was being carried out.
NASA ups price of a private stay aboard the ISS to reflect true expense of keeping tourists alive in space
US declares emergency after ransomware shuts oil pipeline that pumps 100 million gallons a day
Monday 10th May 2021 12:25 GMT
Re: One word:
Voice of experience....
Backups aren't worth shit if they're not tested and used regularly.
I've seen backups that were logged as sucessful that had 0k or 64kb of a multi terabyte backup.
I've seen backups that IT didn't know how to restore
I've seen attack ships on fire off the shoulder or Orion
Backups should be tested, restoration should be tested and loss of systems should be tested as exercises.
Microsoft reveals what a growth mindset does to the letter ‘A’
Not so fast, SpaceX: $3bn NASA Moon landing contract blocked by rivals' gripes
Ingenuity Mars Helicopter cleared for further, farther, flying after landing on 117-second fourth flight
Tuesday 4th May 2021 09:29 GMT
I'm sure NASA always had a part 2 in their back pocket if things went as well as they'd hoped.
After all Ingenuity could have tipped over and broken a rotor before it ever left the ground.
It's always a delight when these top boffins contraptions exceed expectations.
Fingers crossed they get some good work out of it before the dust and cold wins the day as it inevitably must.
Michael Collins, once the world's 'loneliest man,' is dead. If that name means little or nothing to you, read this
Friday 30th April 2021 10:55 GMT
God Speed sir
I've seen him take part in many documentaries and he spoke of his time in the space program with eloquence and pride but what really came across was happiness, an almost childlike joy in what he and his collegues did. I think we've lost a real gem of humanity.
That seems to be a rare thing in life but common with Apollo. Hardworking, professional, dedicated, supremely talented and happy.
RIP Michael Collins.
Australia proposes teaching cyber-security to five-year-old kids
British IT teacher gets three-year ban after boozing with students at strip club during school trip to Costa Rica
Monday 26th April 2021 09:18 GMT
Re: I am disappoint...
Yep I was regularly attending a local hostelry from the age of 15/16 under the wind of the older guys from my local air cadets.
All very sensible really when you think about it, we got introduced to drinking under supervision and we never got wasted or did anything stupid.
The local landlord (RIP) was well in on it to the point where he's come and give us a bottle of (awful) fizz on our 18th birthdays, even though we'd been going to his place for a number of years.
This sort of thing is missed these days in the world of box ticking rules. There is no tolerence for being gentle introduced to the adult world. One day you're a kid, the next you can drink all you want.
As for this teacher, he sounds like a bit of an arse but he was probably well liked by the pupils he was in the club with. However, sharing a room with a female staff member that isn't your romantic other, that's doesn't sound very clever at all.
NASA’s getting really good at this flying a helicopter on Mars thing
On a dusty red planet almost 290 million km away... NASA's Ingenuity Mars Helicopter flies
Tuesday 20th April 2021 08:34 GMT
Re: Why is radio comms so slow?
I'm sure there will be a reason it's just not being mentioned since most people don't really care that much. El Reg readers being a slightly odder breed like to know the details.
Myself I'd like to know what NASA plan to do with the drone if it does last beyond it's planned life. I'm sure they've given some thought as to how to use it if it proves tougher than expected. I doubt they'd just say "ok it flew now dump it".
If nothing else it's a nice bit of PR to humanise the probes as little companions.
British gambling giant Betfred told to pay stiffed winner £1.7m jackpot after claiming 'software problem'
Jeff Bezos supports US tax rise after not paying it for two years – and paying tiny amount in 2019
Money can buy you insurance against network break-ins but investing in infosec hygiene wouldn't go amiss, says new NCSC chief
Tuesday 30th March 2021 12:54 GMT
I don't think the C-Suite are ignoring it but many companies and organisations have been around for a long time and their networks have grown like slime moulds over decades. If these were brand new networks then securing them would be far easier. It's like trying to find a way to make a horse and cart carry a shipping container.
The board probably do see the problem but it seems nearly impossible to fix in a financially viable way, plus they've spent many of the last 5yr decimating their IT departments so they have no resources or skills to do the work even if they wanted to. This is something I've always found hard to understand, C-Suite falling over themselves to proclaim a new digital future yet forgetting who actually has to do the work on anything that is digital.
What happens when back-flipping futuristic robot technology meets capitalism? Yeah, it’s warehouse work
Tuesday 30th March 2021 12:10 GMT
Re: There's a few things....
The video made me think of physicists who work on problems using perfect models.
These robots will work great and be hyper efficient if they are working on perfect cardboard boxes, loaded with perfect goods, transported perfectly ending up stacked in the perfect way.
When they can cope with a Yodel van carrying cheap carboard overloaded, ripped boxes, packed by a disgruntled and probably hungover human loader, driven through a potholed UK road network at excessive speed then parked haphazardly in the vacinity of the loading dock THEN I think this might work.
Sadly, the catastrophic impact with Apophis asteroid isn't going to happen in 2068
Monday 29th March 2021 14:27 GMT 
Is everyone remembering this is 2021
With this year's current record Apophis will probably ( despite the improbably huge nature of space) hit some piece of old space junk which will send it into an inescapable death dive towards Earth which it will hit on December 25th, striking the site a large nuclear waste/weapons dump with uncanny accuracy and just outside the blast radius causing an armoured van filled with an unlawfully developed weaponised new Covid/Flu/Ebola/ variant to crash and burst open next to a crowded area filled with people waiting to go to the airport on holiday all around the world.
I'm just saying, don't buy a lottery ticket yet.
NASA sets the date for first helicopter flight on another planet – and the craft will carry a piece of history
Thousands of taxpayers' personal details potentially exposed online through councils' debt-chasing texts
Wednesday 24th March 2021 10:08 GMT
Re: They'll have to increase the council tax to pay the fines.
Banks use email because it's cheap.
Banks use SMS as a MFA toke not because it's secure (it's not any more due to sim swap fraud bringing the entire mobile phone industry into your attack surface), but because it's easy and cheap.
And banks know what they should be doing, they hire people that know security good practice, they CHOOSE not to do it.
Fines and compensation are just operating costs for them. Until the hit on their bottom line is significant they'll continue to make bad choices.
Big problem: Nominet members won't know how many votes they're casting in decision to oust CEO, chair
PSA: If you're still giving users admin rights, maybe try not doing that. Would've helped dampen 100+ Microsoft vulns last year – report
Wednesday 17th March 2021 11:37 GMT
Re: Why do I need admin rights? Well, because of IT
That's a governance issue not an IT issue.
Senior mangment need to set the rules which IT will operate within. If they don't and leave IT hanging out there to 'deal with' IT stuff because those execs are scared of IT (or scared of looking stupid) then it's their failure not IT's.
But IT will get the blame, because that's what always happens.
Wednesday 17th March 2021 09:10 GMT
It's not just users but sloppy development, or lack of development resource by the vendor, means a lot of legacy applications demand excessive rights as well as out of date dependencies before they will work.
It's not as big a problem as it used to be but it's still there. Particularly bad with behemoth suppliers of near monopoly niche systems.
Biting the hand that feeds IT
