* Posts by 0laf

1915 publicly visible posts • joined 25 Nov 2009

Psst! Infosec bigwigs: Wanna be head of security at HM Treasury for £50k?


Parliament is little better

Head of Infosec Risk HMG Pariliamentary Digital services - £75k.

That's still joke money to deal with teh risk associated with the loonies that are using WhatsApp and TikTok to move government secrets around


Re: Can't pay more

As a counterpoint Renfrewshire Council in Scotland have a Security and Governance Manager job up right now - £56-59k.

But tbh I don't really know any qualified security guy who would even look at a salary like that for a job that is likely going to be one to drive you into an early grave whilst ministers use you as a blamehound for their failings.

NHS Digital exposes hundreds of email addresses after BCC blunder copies in entire invite list to 'Let's talk cyber' event


But why?

Ok they cocked up like pretty much every business does every other day. But why is it so hard to set BCC as a default option?

Yeah it's possible but it's not simple.

why no easy end user option to "send as BCC unless"?

NASA's InSight lander expected to survive most of summer before choking to death on Martian dust


Re: Learning point.

I guess the landers will get through their primary mission without dust causing a problem just fine, so why bother with an expensive solution to what isn't really a problem.

Price of Microsoft's Surface Duo plummets to better represent middling hardware ... but only if you're in the US


Re: Fool me once

I had one, I'm not a big app user so it's main functionality as a phone was good and price was good. Then it got dropped, or first MS attempted to ruin it with a W10 update which luckily I never applied.

At work we bought thousands of them as they could be centrally managed. Then MS dropped support and that probably cost us a couple of 100k to replace with android devices earlier than we would otherwise have.

So yeah, I'm not buying into anything that MS could easily dump.

UK health secretary Matt Hancock follows delay to GP data grab with campaign called 'Data saves lives'



Well I guess that title is more acceptable that "Do as you're told pleb".

Although what a wasted opportunity not to use "All your data are belong to us".

Windows 11: Meet the new OS, same as the old OS (or close enough)


I object

"Windows 10 is so much better than its antecedents that it has stopped being a problem"

I appreciate it is subjective but no I don't find W10 better than its predecessors.

Wanted: Brexit grand fromage. £120k a year. Perks? Hmmmm…


Dido isn't going to get out of bed for £120k

Poltergeist attack could leave autonomous vehicles blind to obstacles – or haunt them with new ones


Re: Automation

My personal opinion is that the term 'automation' or ' auto' in its use as 'automation' or 'automatic' should be banned (excepting gearboxes as an established norm) untill such time as the manufacturer is legally responsible for driving not the owner.driver.

I agree wholheartedly that 'semi-autonomous' driving is the worst of all worlds with drivers bored and unfocussed yet still expected to take control in a split second emergency.

I can handle cruise control but I found that the more advanced cc such as radar cruise is quite distracting. You either mentally hand over judgement to the car or you are on edge as you catch up to a slower car.

If your distance is set long to avoid the "will it slow" worry, invariably some arse will cut in on your and the car will brake suddenly to put the distance in again. I've given up on it. Nice idea buit doesn't work for me.

Amazon says it's all social media's fault for letting fake review schemes thrive


Re: Fake reviews?

I've never had a review rejected even those that were critical. I did have one Chinese company come back and offer me a refund if I upped my review from 4 to 5 stars. The review was actually quite positive towards the product but I don't often give 5* unless something is exceptional.

Ransomware-skewered meat producer JBS confesses to paying $11m for its freedom


Re: High Steaks

Probably, if the $200M spent on security had actually worked there would have been no need to pay out $11M in ransom.


Re: "Resolve" is an interesting word

Yeah my thought exactly. "We paid bugger all on security and training and put the money in a pot to pay ransoms for when we get hit, this groundbreaking strategy allowed JBS to recover quickly from the ransomware incident".

The policy of truth: As ransomware claims rise, what's a cyber insurer to do?


Yes, and I suspect it will be soon.

Massive tech-for-British-schoolkids cash pot up for grabs as UK education buyers prep £140m agreement


Oh you can't read very well, can't understand how to phrase or answer basic questions, think grammar is an old woman who lives a few streets away? Never mind, here is an iPad that'll make it all better. With the added benefit that your ill equipped teachers don't need to bother teaching or even talking to you any more.

It's the UK contractor tax factor: IR35 outsiders gaining leverage in skills market, survey finds


Re: Seems that the market functions like the Internet

It sounds like a bit of a Mexican standoff right now.

Businesses don't want to take on IR35 burdens but neither do they want to pay the required salary rate for specialisms they previously contracted for.

Contractors are unwilling to take poor salaries as full time employees.

So as businesses wait for contractors to starve and give in, they don't get their required work done. Who will blink first?

I've read both sides of the argument and it seems that although there may have been a requirement to reform tax arrangments for contractors, IR35 seems to have been a cackhanded way to do it which in the end suits no one, not even the treasury.

Remember those wacky cyberpunk costumes in Hackers? They're on display in London this week


Re: Capsizing oil tankers via software

"Accessing a ship's cargo control system would be problematic as they are not normally connected to the outside world and neither are bridge/engine controls."

Yeeess except that most of us have run into SCADA systems that should never be connected to the outside world that have in fact been plugged into the internet in an insecure cludge to save $100 on training for a member of the crew or so some exec can keep an eye on something they should have no access to at all.

All too often the stupid plots of 20yr ago become the stupid mangement decisions of today

Why did automakers stall while the PC supply chain coped with a surge? Because Big Tech got priority access

Thumb Down

Re: Everything needs intelligence these days, except my Harley.

Autonomous cars my arse.

I'm sticking to my own definition of true self-driving cars -

When I can legally climb into the back of my car drunk as a skunk, slur "home" to it and have it take me there safely, THEN I have an autonomous/self driving car.

If I legally need to be able to take control at a moments notice then I'm still driving the damn car.


I'd probably be happier if cars weren't filled with piles of touchscreen crap.

Have I Been Pwned goes open source, bags help from FBI



I know Troy has been working with UK security people as well.

The site is a very useful resource and a significant help just by flagging the staggering number of compromised accounts to senior managers.

At least someone is working and trying to help.

Beers for that man.

Space junk damages International Space Station's robot arm


Re: the robot arm’s performance is unaffected.

They were lucky that no cabling was cut I guess. I assume that patching / soldering in space isn't easy

American insurance giant CNA reportedly pays $40m to ransomware crooks


Re: so, let me understand

The public knowledge that a company/organisation has cyber insurance is already being flagged as a risk factor.

If the bad guys know you have insurance you are much more likely to be a target simply because they know your insurance will likely pay them. And it'll all be kept quiet so there is unlikely to be a political motivation to make paying ransoms illegal.

ESA signs off on contracts for lunar data relay and navigation


Will they remember to include deorbiting as standard with all this new kit that going to be flying around the moon?

Internet Explorer downgraded to 'Walking Dead' status as Microsoft sets date for demise


Yeah easy to forget about at home but there is a pile of legacy crap out there that won't work on anything but IE (half of it probably still demands IE6).

Lots of very large companies make some very big and expensive products which they spend fuck all on development to keep up to date with current dependencies.

Basically screw the customers, it's their risk to run old bit of crap on their networks even if our critical software demands it.

Space is hard: Rocket Lab's 20th Electron launch fails


Re: What one has to remember is.......

Insurance is probably cheaper than the payload cost of an emergency system.

Train operator phlunks phishing test by teasing employees with non-existent COVID bonus


What do they expect, phishers to send a nice header that says "THIS IS A PHISH!!!"

If they were using this as a screen to take disciplinary action against staff then it might be a bit rich but to identify areas for education tough, suck it up buttercup.

I've done the same exercises internally and had the same kickback, Unions insisting that we were "entrapping staff" despite there being nothing at the end of failed test except awareness training. Interestingly those who pushed back hardest against training were usually the worst at spotting them.

I'm aware of one organisation that was forced to alert staff that a test was being carried out.

NASA ups price of a private stay aboard the ISS to reflect true expense of keeping tourists alive in space


Re: $88,000 to $164,000

Yeah still cheaper than Centre Parks during the school holidays

US declares emergency after ransomware shuts oil pipeline that pumps 100 million gallons a day


Re: One word:

Voice of experience....

Backups aren't worth shit if they're not tested and used regularly.

I've seen backups that were logged as sucessful that had 0k or 64kb of a multi terabyte backup.

I've seen backups that IT didn't know how to restore

I've seen attack ships on fire off the shoulder or Orion

Backups should be tested, restoration should be tested and loss of systems should be tested as exercises.

Microsoft reveals what a growth mindset does to the letter ‘A’


Looks like....

Looks like an arrow pointing down to me.

Seems to accurately reflect most people opinions of MS development right now. I approve

Not so fast, SpaceX: $3bn NASA Moon landing contract blocked by rivals' gripes

Paris Hilton

Even in Space...

Even in space procurement can make you scream.

But it's not really a shock they are all fighting to get into the pork barrel.

Ingenuity Mars Helicopter cleared for further, farther, flying after landing on 117-second fourth flight


I'm sure NASA always had a part 2 in their back pocket if things went as well as they'd hoped.

After all Ingenuity could have tipped over and broken a rotor before it ever left the ground.

It's always a delight when these top boffins contraptions exceed expectations.

Fingers crossed they get some good work out of it before the dust and cold wins the day as it inevitably must.

Michael Collins, once the world's 'loneliest man,' is dead. If that name means little or nothing to you, read this


God Speed sir

I've seen him take part in many documentaries and he spoke of his time in the space program with eloquence and pride but what really came across was happiness, an almost childlike joy in what he and his collegues did. I think we've lost a real gem of humanity.

That seems to be a rare thing in life but common with Apollo. Hardworking, professional, dedicated, supremely talented and happy.

RIP Michael Collins.

Australia proposes teaching cyber-security to five-year-old kids


Might be better to teach the parents something about not letting 5yrs old loose on the internet without supervision

British IT teacher gets three-year ban after boozing with students at strip club during school trip to Costa Rica


Re: I am disappoint...

Had a primary school teacher that would lob things at us (late 80s). Best teacher I ever had. He let us do all sorts of inappropriate things at that age (11). Usually involving power tools.


Re: I am disappoint...

Yep I was regularly attending a local hostelry from the age of 15/16 under the wind of the older guys from my local air cadets.

All very sensible really when you think about it, we got introduced to drinking under supervision and we never got wasted or did anything stupid.

The local landlord (RIP) was well in on it to the point where he's come and give us a bottle of (awful) fizz on our 18th birthdays, even though we'd been going to his place for a number of years.

This sort of thing is missed these days in the world of box ticking rules. There is no tolerence for being gentle introduced to the adult world. One day you're a kid, the next you can drink all you want.

As for this teacher, he sounds like a bit of an arse but he was probably well liked by the pupils he was in the club with. However, sharing a room with a female staff member that isn't your romantic other, that's doesn't sound very clever at all.

NASA’s getting really good at this flying a helicopter on Mars thing


Re: Very cool

Bloody Martians coming down in their 4x4s to stare at the Rover

On a dusty red planet almost 290 million km away... NASA's Ingenuity Mars Helicopter flies


Re: Why is radio comms so slow?

I'm sure there will be a reason it's just not being mentioned since most people don't really care that much. El Reg readers being a slightly odder breed like to know the details.

Myself I'd like to know what NASA plan to do with the drone if it does last beyond it's planned life. I'm sure they've given some thought as to how to use it if it proves tougher than expected. I doubt they'd just say "ok it flew now dump it".

If nothing else it's a nice bit of PR to humanise the probes as little companions.


Re: Well done!

I'd echo the comments above wholeheartedly.

Well done to all involved and I have my fingers crossed it is able to greatly extend its design parameters.

British gambling giant Betfred told to pay stiffed winner £1.7m jackpot after claiming 'software problem'


They 'win' 25% in general but don't forget the treasury who will add VAT onto that figure as well..

So Mr Green will lose about 30% of his award unless he has an alternative arrangement with his legal firm.

Jeff Bezos supports US tax rise after not paying it for two years – and paying tiny amount in 2019


Yeah she'll be down from $57 Billion to $55 Billion. I'm sure we'll see her registering for her local foodbank while Jeff laughs at her misfortune.

Money can buy you insurance against network break-ins but investing in infosec hygiene wouldn't go amiss, says new NCSC chief


I don't think the C-Suite are ignoring it but many companies and organisations have been around for a long time and their networks have grown like slime moulds over decades. If these were brand new networks then securing them would be far easier. It's like trying to find a way to make a horse and cart carry a shipping container.

The board probably do see the problem but it seems nearly impossible to fix in a financially viable way, plus they've spent many of the last 5yr decimating their IT departments so they have no resources or skills to do the work even if they wanted to. This is something I've always found hard to understand, C-Suite falling over themselves to proclaim a new digital future yet forgetting who actually has to do the work on anything that is digital.

What happens when back-flipping futuristic robot technology meets capitalism? Yeah, it’s warehouse work


Re: There's a few things....

The video made me think of physicists who work on problems using perfect models.

These robots will work great and be hyper efficient if they are working on perfect cardboard boxes, loaded with perfect goods, transported perfectly ending up stacked in the perfect way.

When they can cope with a Yodel van carrying cheap carboard overloaded, ripped boxes, packed by a disgruntled and probably hungover human loader, driven through a potholed UK road network at excessive speed then parked haphazardly in the vacinity of the loading dock THEN I think this might work.


Re: There's a few things....

Yep my thoughts too. These beasties are picking up boxes using the sidewalls. Never mind the cardboard being slack crumpled or weak, all it would take is a heavy box that needs lifting by handles and these guys are fecked.

Sadly, the catastrophic impact with Apophis asteroid isn't going to happen in 2068


Is everyone remembering this is 2021

With this year's current record Apophis will probably ( despite the improbably huge nature of space) hit some piece of old space junk which will send it into an inescapable death dive towards Earth which it will hit on December 25th, striking the site a large nuclear waste/weapons dump with uncanny accuracy and just outside the blast radius causing an armoured van filled with an unlawfully developed weaponised new Covid/Flu/Ebola/ variant to crash and burst open next to a crowded area filled with people waiting to go to the airport on holiday all around the world.

I'm just saying, don't buy a lottery ticket yet.

NASA sets the date for first helicopter flight on another planet – and the craft will carry a piece of history


Re: What are the chances...

Doesn't matter the colour of their hair, you just know they'll have a fine green tan.

William Shatner and Chris Pine will be banging on Elon's door demanding the first flight out there.

I genuinely wish them luck with this. Looking forward to the pictures

Thousands of taxpayers' personal details potentially exposed online through councils' debt-chasing texts


Re: They'll have to increase the council tax to pay the fines.

Banks use email because it's cheap.

Banks use SMS as a MFA toke not because it's secure (it's not any more due to sim swap fraud bringing the entire mobile phone industry into your attack surface), but because it's easy and cheap.

And banks know what they should be doing, they hire people that know security good practice, they CHOOSE not to do it.

Fines and compensation are just operating costs for them. Until the hit on their bottom line is significant they'll continue to make bad choices.

Big problem: Nominet members won't know how many votes they're casting in decision to oust CEO, chair


What is the legal recourse for a determined board of dubious morality and questionable legality that chose to (allegedly) abuse power in order to bunker down and extract liquid assets from such an organisation?


And the Scottish branch - Bodgit and Leggit

PSA: If you're still giving users admin rights, maybe try not doing that. Would've helped dampen 100+ Microsoft vulns last year – report


Re: Why do I need admin rights? Well, because of IT

That's a governance issue not an IT issue.

Senior mangment need to set the rules which IT will operate within. If they don't and leave IT hanging out there to 'deal with' IT stuff because those execs are scared of IT (or scared of looking stupid) then it's their failure not IT's.

But IT will get the blame, because that's what always happens.


It's not just users but sloppy development, or lack of development resource by the vendor, means a lot of legacy applications demand excessive rights as well as out of date dependencies before they will work.

It's not as big a problem as it used to be but it's still there. Particularly bad with behemoth suppliers of near monopoly niche systems.

Space station dumps 2.9-ton battery pack to burn up in Earth's atmosphere after hardware upgrade


Ballistics Officer

That's a job title I want.

I thought they were just called "Gunners" in the old days