Posts by 0laf

I used to work in a school that was based in a building which was ~150yr old. One day there was a break in the network. did the usual stuff and ruled out everything else so had to inspect the cable.

The cable went into the foundations so I had to go down with a torch and trace it. About 10m in the cable passed under a boulder that had been left from construction. the boulder must have weighed a good few tons and had moved on level ground to roll over and nip the cable. Spooky.

The only thing we could think of is that we were in a known UK earthquake area. It might have been a tremor which wasn't noticeable to us but which was enough to tip over the rock.

I also found love poetry from the 1800s in a pigeon shit filled loft and incredibly racist comics from the 1920s in a coom.

If it was someone else

Would there be any controversy if she'd encouraged him to kill someone else? Would she not be accessory to murder?

I don't know genuine question.

Shiny thing make it all better

It's the politicians answer to everything. They think they sound knowledgeable without knowing anything.

Kids can't read and write - throw tablets at them

Cancer services crap - throw servers and outsourcers at it

Any problem the answer is = technology

Sounds good, easy (just buy more shit), keeps donors happy (outsourcers) and shift the problem into the next election cycle.

Get to the root of the real problem? Fuck that! It's hard, doesn't make headlines and will take longer than 4yr.

Certs are good mmkay

Clearly all certs are a meaningless racket, created as a self fulfilling business for cert companies to fool HR robots into insisting that having a cert is the be all and end all of infosec.

Except for the one I've just done, you have to be a technical genius, business guru and sexual tyrannosaur to get that one. Natch.

And £87k, many lols. I've seen a few advertised above 60k outside London and they are invariably CISO roles or CHECK team leaders.

Many big suppliers refuse to invest in the development of their own products leaving customers hanging with out of date vulnerable systems.

CRAPTA and NGA being prime culprits.

Microsoft's instance on bundling up all their patches doesn't help either.

Boom

Mate of mine used to be a submariner on a Trident boat and wangled a tour for a few mates including me.

The systems on those boats look like well maintained relics from the late 70s early 80s (probably because they are). I can't imagine there is much hacking that can be done without a screwdriver and a soldering iron.

My mate's work console had a worrying resemblance to Homer Simpson's station at the power-plant.

So no, not really worried about a v boat being hacked by hippies with iPads.

Egress

It does have to be said that Egress has a vested interest in showing up these stats since they sell a product suite that addresses the issue.

However being fair I do actually quite like the product

From another forum and a friend of a friend that works with BA IT.

The outsourcer was told to apply security patches which they did and powercycled the whole datacenter.

When it came back up it popped many network cards and memory modules when the power spiked.

The outsourcers lacked expereince in initiating the DR plan and it didn't work. Or maybe DR wasn't in the contract.

True or not I dunno.

Businesses not read?

Government isn't ready either.

Plus UK Gov hasn't produced all the derogations yet so no one knows quite what they have to be compliant with. They'll have to roll out a derogation sharpish to deal with Rudds encryption fuck-up-in-progress / pending-u-turn.

Compliant?

Is there such a thing as a GDPR compliant service. As I understood it the details of the implementation of GDPR in each state is still in development.

https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/national-derogations/

The UKs derogations will probably be written to support cost saving exercises such as this retrospectively using 'public interest' as the excuse for an exemption from the rules.

ROI

Well they've seen the success of large companies forcing their customers into a subscription model so it's not surprising they would do the same.

[You need a "follow the money icon"].

Oh FFS

I've spend the whole morning fire fighting a executive management that are in abject panic over this. Despite the facts that we

1) Have no windows XP left

2)Patched MS17-010 over a month ago

3)Have tweaked the security appliances to catch this stuff

4) Issues alerts on Friday and primed the helldesk

and ultimately, we've had no fucking incident!

It's almost like they're upset nothing has happened. FFs we had more bother with the emotet version the week before. This didn't even register it was a non-event.

And I must say how much I'm enjoying every department in the company trying to climb on the infosec bandwagon all of a sudden. It's almost like they can smell resources and influence or something. Strangely they're nowhere to be seen when it's risk assessment or PIA time.

Awareness issues, tech will do so much but some spam will always get in. You can't sop the signal Mal! Someone somewhere clicked.

I imagine hospitals are a bit like schools with lots of staff that feel very important and that security measures are not for them because they must not be impeded in doing their important stuff (even if that is playing on their new phone).

Ok I'm generalising but I've yet to be proved wrong.

Clever

Low cost, negligible risk, potentially significant reduction in enemy's effectiveness.

Sound tactic I'd say.

Fine fine fine

Oh please let them be fined under the GDPR.

4% or global turnover would make such a nice headline.

Ya boo

We politicians demand to at the forefront of any and all decisions about this shiny cyber digital shit even though we have absolutely fuck all idea what we're talking about.

It's all electric magic anyway so you nerds just piss off and don't come back until it works just the way I have it in my head or I've moved onto a new job.

Stupid is a universal constant

Fucking idiots.

They'll be the first ones to wheel out the fine-gun under GDPR when companies start to lose date through the legislated back doors.

Or I could just tailgate you through a door with a badge tucked into my top pocket, mumble I've a meeting with 'John' at 11am find an empty seat and plug in my hacking kit of choice.

Ok not nearly as 'Bond-like' as the story but will work in a large number of sites without 6 months of fecking around.

So really, worry about the basic threats before you start defending against Ninjas and SMERSH.

Wow

Russian Head-Honcho steps off hype-wagon and acquires mystical rare ability known as 'common sense'.

Is there a six step program for all executives to bring them to a moment of clarity and stop them buying into whatever shiny shite is dangled in front of them?

Did you really expect a Government consultation to consult with the stakeholders? Really?

You must know that a 'consultation' is a political opportunity to publicly justify a position already decided upon in private.

Forced upgrades

Fucked updates

Adverts on a paid for platform

Withdrawal of services at short notice

Lack of support on their own platforms

Any excuse to ramp prices

Yeah we're all fucking fans of that MS we're fucking just loving it.