* Posts by FordPrefect

161 posts • joined 10 Feb 2010

Page:

Web trust dies in darkness: Hidden Certificate Authorities undermine public crypto infrastructure

FordPrefect

I'm seeing a lot of confusion here. Equipment generating a self signed certificate doesn't make it a root or even a trusted certificate, tahts why you get browser warnings when you attempt to load the page. Most chromium browsers on windows at least use the default windows certificate store, I think its mostly just firefox thats the hold out and still using its own store. Whatever else happens you are trusting the OS or browser vendor only to only install root certificates that should be trusted. You are then trusting the certificate authorities.

You've always been able to create your own root CA, most large enterprises have a PKI infrastructure of their own, windows domains create certificates that are loaded into your windows certificate store. Most security software now requires the install of a root cert on your machine to peruse and block encrypted bad content. I think its a stretch calling this hidden, you just have to trawl through the certificate store in use.

Tech bro CEOs claim their crowns because they fix problems. Why shirk the biggest one?

FordPrefect

It is fixable we already know how to fix it, however nobody is keen to actually do what's required. There are no simple easy fixes, we just have to all individually cut down the amount of CO2 and other greenhouses we are responsible for producing. For example suggest to people that they eat less(not no meat at all) and people make out like its a massive inconvenience. We could limit the production of new cars and vans which kick out more CO2 than is required, but I dont see many people signing up to get rid of there gas guzzlers even though nobody really needs a 3 litre V8. We have tech titans like Bill Gates telling the rest of us this is important whilst sat on his yacht with a small group of people pumping out CO2 thats the equivalent of a small town, Or billionaires many who were already in Rome taking their private jets individually to Scotland for COP26. Most people agree we need to do something but its everyone else that should cut consumption not them.

LAN traffic can be wirelessly sniffed from cables with $30 setup, says researcher

FordPrefect

So an attacker would have to get physical access to your environment, locate the actual cable(and I'm guessing isolate it enough from other cables so there wouldn't be too much interference) then slow your traffic to a crawl, and force you to use unencrypted UDP traffic. Given that pretty much everyone secures there locations these days anyway and if they hadn't you could easily slip in a network tap, and if you had physical access there is a whole load of other things you could do that would be far more efficient and effective I wont lose much sleep over this one. Its kinda cool and its very novel but I can't see it overtaking ransomware as the top threat for CIOs and being added to the CISSP/CISM course material anytime soon.

Oh and realistically how much traffic these days actually flows over a network unencrypted anyway? Even browsing static web pages has moved over to TLS secured now for the most part.

Apple warns sideloading iOS apps will ruin everything

FordPrefect

Re: App stores are de-facto monopolies and should be treated as such

I'm not saying I agree with it but legally for them to have a monopoly they'd have to have a monopoly on hardware supply which they do not, they don't even have a dominant market position as android outsells them substantially. People do have the choice not to be tied down. I've switched back to Android as previously I took the point of view that I'd rather have regular OS updates rather than a carrier or manufacturer taking there time releasing them. Now even before pegasus I'd changed my mind given a lot of information about memory resident malware in ios devices, at least with android you can have 3rd party security solutions such as bit defender. From a security perspective you really are piling all your eggs and trust in one basket with ios devices you have to trust that apple wont let anything slip onto the app store and in practice I dont see how they can realistically keep all malware out, and thats not even considering memory resident malware or transient stuff downloaded via the web or 0day exploits via whatsapp etc. I just feel the security model on apple ios devices is currently flawed, I dont think android is perfect but I think android plus some additional security software and keeping it all updated is probably safer than apple now.

Google says Pixel 6, 6 Pro coming this year with custom AI acceleration

FordPrefect

Let me guess yet again 64GB of storage...

Epic Games files competition lawsuit against Google in the UK over Fortnite's ejection from Play Store

FordPrefect

Regardless of what epic has or hasn't done with other people, I actually think they have a point here what is the justification for apple or google's 30% cut on everything sold via the play store and then microtransactions for digital content. Appreciate they are processing payments for the developers, appreciate they are hosting an infrastructure as well to download and keep upto date the apps and content. However 30% seems a little high for what is being provided especially given the lack of any real competition. For micropayments for digital content it has even less basis as its not like they hosting or providing updates for books purchased via kindle, or providing anything other than payment processing for game microtransactions

Dropbox basically decimates workforce, COO logs off: Cloud biz promises to be 'more efficient and nimble'

FordPrefect

On the other hand for business they have a plethora of options most of which bundle in other capabilities into neat little package ie google apps or microsoft 365. Whilst there are some that might just want a cloud drive and the ability to share files most organisations seem to want more than that and currently the big drive in organisations is for convergence of services instead of having 100 different providers and having to manage multiple contracts and having to somehow integrate hundreds of apps they can goto a handful of vendors.

'Best tech employer of the year' threatened trainee with £15k penalty fee for quitting to look after his sick mum

FordPrefect

Re: "top business and technology professionals"

I think you also have to be able to demonstrate where that cost is derived. If you want someone to repay an external training course where you have directly paid out for example 3k to a CISCO partner for the ICND courses is easy to justify. Where you've told someone who is unpaid here are a few online seminars with one of our people who has limited experience thats far harder to justify. Where do you get that cost from? When breaking a contract generally you have to be able to account for direct losses you are trying to recoup. An internal trainer shared across numerous people is unlikely to amount to that much.

Microsoft is designing its own Arm-based data-center server, PC chips – report

FordPrefect

Well I can see the attraction for device manufacturers of apple's model with ARM in consumer products stick everything including RAM on the SOC, that way you have to replace the whole device just to add some RAM... As for the server chips again we've known for years ARM is far more energy efficient if that saving is passed onto the customer if you are a large customer scaling to hundreds or thousands of machines thats a lot of saving!

Overpriced, underpowered, and over here: Microsoft to bring the Surface Duo to British shores in early 2021

FordPrefect

Its considerably cheaper than the Galaxy fold. However I think I'd rather stump up the extra for the Samsung. That device just looks awkward.

What's that coming over the hill? Is it native Office? Microsoft's flagship arrives on Apple Silicon, but you'll have to wait for Teams

FordPrefect

Hurrah for the death of Flash!

We did NAT see that coming: How malicious JavaScript can open holes in your firewall for miscreants to slip through

FordPrefect

Re: What's this? I know, I'll plug it in...

No ALG is a service that runs on various firewalls and proxies that allows devices sitting behind a hide NAT to work with the SIP protocol which requires an inbound connection for VOIP calls. It sits and brokers the connection by listening into the packet stream on the initiation of a SIP session and dynamically opens up inbound service ports as required similar to uPNP. You don't need it for skype, or a lot of the consumer application based voice services. In many cases assuming your router isnt horribly hobbled you can probably turn it off, although some people might have corporate VOIP systems and some people even have home VOIP systems. I know when I've seen it in corporate environments before normally the actual server is behind a corporate firewall and requires users to VPN in, meaning the ALG would probably not be needed.

Ancient telly borked broadband for entire Welsh village

FordPrefect

Well I'd guess this can't be a very common problem otherwise it would probably happen far more frequently and every engineer would be trained to look for this first. In every diagnostic field you always get that problem that crops up once every 10 years do you test for it every time, or do you attempt the fixes that work the other 9,999 times out of 10,000 ?

Google bans stalkerware apps from Android store. Which is cool but... why were they allowed in the first place?

FordPrefect

Great they are doing this...

However whats to stop a jealous, abusive spouse from installing the app thats fine because its just for tracking kids?

Amazon Lex can now speak British English... or simply 'English' if you're British

FordPrefect

Well British English doesn't really exist. English English is one variant, Scottish English is another and from what I've heard Northern Ireland has its own unique variant.

Cisco’s 'intuitive security' tool can’t handle MAC address randomization out-of-the-box

FordPrefect

True I suspect this will cause a problem with forescout and pulse NAC. Also maybe other network discovery tools which base the results on MAC addresses, as upto now its been about the only static fingerprint for networked devices. Oh and thinking of it, it will potentially cause problems with DHCP if for some reason you are assigning static IP addresses to iOS and Android devices, not commonly done but maybe for VIPs in large organisations. Assigning static IP addresses and allowing URL filtering rules and firewall rules based on an IP is easier than going down the whole rule of user authentication on devices or full blown NAC functionality.

Apple takes another swing at Epic, says Unreal Engine could be a 'trojan horse' threatening security

FordPrefect

Re: Did Google back off?

I think google and apple have the same policies if its purchased via the app it has to go through there store. However you have always been able to pay direct through a browser. For example with kindle and the amazon app you can't buy ebooks, however if you open chrome or safari on your mobile or tablet you can still purchase direct from amazon.

FordPrefect

Is anyone stupid enough to believe....

This is nothing more than an attempt by apple to enforce there 30% revenue stream from app developers. I mean basically they provide the hardware and OS. Charge users a premium then enforce any purchases through apps on the platform gives them 30% great business model if you can keep it going...

UK govt: It's time to get staff back into the office! Capita: Hey everyone... about that...

FordPrefect

Well we all know what the governments concern is...

Large commercial landlords staring into the abyss if large companies reduce the size of there offices, knock on effect with pret and other large businesses is a secondary concern. Look at where the money is that props up the tory party....

Butterfingers who don't bother with phone cases, rejoice: New Gorilla Glass 'Victus' tipped to survive 6ft drops

FordPrefect

Enough of Gorilla glass bring on the transparent aluminium already, that stuff will take a chunk out of the floor and not out of your phone!

Skype for Windows 10 and Skype for Desktop duke it out: Only Electron left standing

FordPrefect

Re: Oh Jesus, why?

Agreed. Teams UI is awful.

FordPrefect

Only problem is consumer skype seems to be so 5 years ago. Most people seem to have moved onto facebook messenger or whatsapp. I only of one person that is still a skype hold out.

Health Sec Hancock says UK will use Apple-Google API for virus contact-tracing app after all (even though Apple were right rotters)

FordPrefect

Its good they've finally seen sense. But who will take responsibility for 3 months and millions of pounds wasted? I bet it won't be Hancock or Dido, I mean she is a professional at avoiding any responsibility just look at the talktalk fiasco ?

Logitech G915 TKL: Numpad-free mechanical keyboard clicks all the right boxes

FordPrefect

I've used logitech mice and keyboards for years. Currently using a G910 which also has nice old school feel with noisy keys which hark back to the old IBM keyboards. You really can't go wrong with logitech in my experience. Some linux software for the lighting functionality would be nice though I have to admit although appreciate it will probably never happen.

Brit MP demands answers from Fujitsu about Horizon IT system after Post Office staff jailed over accounting errors

FordPrefect

Re: Heads ought to roll

As most Post Offices are franchise type businesses not entirely sure health and safety laws and a duty of care would apply in most cases ? What might apply is if the people in the relevant positions in Fujitsu and the post offices were aware of the problems and actively covered things up "Attempting to pervert the course of justice" or potentially for post office position holders as they were technically at the time a public body "Misconduct in a public office"? Maybe even perjury although for that they would have had to given evidence in the first place and lied in court.

FordPrefect

Re: Heads ought to roll

Given the time that has elapsed, in all probability given the turnover of directors and senior managers in corporate Britain those responsible will have either retired or moved onto pastures new at least 10 years ago. When is the last time you saw someone at director level or above stay in post for more than 5 years in big business Britain ? They've already moved on to mess things up somewhere else...

No more installing Microsoft's Chromium-centered Edge by hand: Windows 10 will do it for you automatically

FordPrefect

Re: Same old tactics

But you never know this time might be different on the 105876 time of asking the question you might actually have changed your mind on wanting music recorded in poor quality or suddenly have spawned 16 kids in the range 4-16 overnight !?!

Airline-chasing lawyers leap on Easyjet for £18bn after 9m folks' data, itineraries nicked

FordPrefect

Hmm arent most airlines at this point basically insolvent anyway ?

UK COVID-19 contact-tracing app data may be kept for 'research' after crisis ends, MPs told

FordPrefect

No chance

Not a snowballs chance in hell I'm installing this government sanctioned spyware. I dont trust central government databases just look at the misuse of the police PNC. Look at the misuse of personal data from projects connected to vote leave and Cummings and I believe him and his cohorts have some fingers in this pie as well. You can only trust the security of your data if you trust the people that have access to it. I dont therefore I wont be going anywhere near this.

The Adobe Flash Farewell Tour 2020: LibreOffice to axe export support for .SWF in version 7

FordPrefect

Lets just hope that Flash isnt a legacy technology that gets a COVID lifeline, flash needs to die on time and on budget! I mean something has to happen on time and on budget in the IT industry sometime?

Apple drops a bomb on long-life HTTPS certificates: Safari to snub new security certs valid for more than 13 months

FordPrefect

Re: It's optional

Which is fine if you don't want customers who have ipads and iphones to access your content. Even people with macs would have to download an alternate browser or be continually pestered about insecure web pages. Not a great look for your company. Granted its good practice to regularly replace your certs but its a bit more of a pain if you are intercepting TLS on a load balancer/firewall/IPS or similar as they don't all support automatic certificate re-enrolment. Even if they do, you don't necessarily want to hand over your CA credentials to another organisation that is running your network/security devices if you aren't running them in house.

Fujitsu warns HMRC Projects team that 30% of them could be out of a job come April

FordPrefect

Re: So Fujitsu has no other work?

They probably do have other work but if it's not UK government it can probably be done offshore. Why pay someone in the UK when you can pay someone in Asia or even Eastern Europe a tenth of what it costs to employ someone in the UK? Not my personal rationale as my experience is it often costs more in customer satisfaction, or more direct losses when you hastily have to pay onshore rates because the offshore teams just don't perform to the same standard, but well it looks good on the figures for this financial year so we'll just worry about the numbers for next year, well in 3 months time...

Cloud, internet biz will take a Yellowhammer to the head in 'worst case' no-deal Brexit

FordPrefect

Don't worry...

That sound old bloke Nige down the pub was drinking a pint of London's finest, smoking a faaag telling us all how it was all project fear mark 2. Mark his words everything will be fine and suddenly UK trade will go through the roof. Dont worry about little things like data protection regulations, boats to move stuff around etc, this old bloke obviously knew what he was talking about as he used to sell shit on the commodities market and has just spent the last 20 years talking about stuff he has no actual experience of!

IBM to GTS: We want you to 'rotate' clients every two years

FordPrefect

Job rotation is a standard security practice. The idea being someone new in the job can pick up on irregularities and it makes it harder for people collude for nefarious purposes in privileged positions. Granted I don't think many outside of banks and financial services do this.

Stop us if you've heard this one: Adobe Flash gets emergency patch for zero-day exploit

FordPrefect

Seriously can't someone take flash out back and shoot it in the head and save us from flash misery!

Windows 10 to force you to use Edge, even if it isn't default browser

FordPrefect

Re: Fucking idiots

The difference is ios only has a small overall market share. The reason microsoft get a kicking is because they have a monopoly on the desktop OS market. If you have a dominant or monopoly position on one product you cannot use that to attempt to get a monopoly in another market.

Intel didn't tell CERTS, govs, about Meltdown and Spectre because they couldn't help fix it

FordPrefect

Well call me a cynic but you tell the US government about exploits, the NSA will be writing exploit kits based on it. Someone finds that exploit kit and figures out what its targeting and suddenly you are in the middle of a massive sh*t storm.

PPI-pusher makes 75 MEEELLION nuisance calls, lands £350k fine

FordPrefect

That's less than half a penny per call. That's a real deterant, they should be able to first fine the company any turn over created from those calls, and then a decent punative rate per call. How about £1 per call ? So that would be £75 million plus any money taken as a result of those calls?

UK.gov admits porn age checks could harm small ISPs and encourage risky online behaviour

FordPrefect

You seriously think service providers use firewalls and deep packet inspection technologies such as IDS/IDP on a connection that is charged out at 20-30 a month for connections that are probably starting to average over 20MB? Most of its DNS based filtering these days.

FordPrefect

Kids always find a way. And what would you prefer they experience something from a mainstream porn site or some sick shit from the dark web ?

Windows Store nixed Google Chrome 'app' hours after it went live

FordPrefect

Hah put chrome on the windows store and nobody will ever have a reason to use edge!

Russia could chop vital undersea web cables, warns Brit military chief

FordPrefect

I'd love to know the plan for realistically protecting literally thousands of miles of cables from stealthy submarine attack!

IBM reminds staff not to break customers in pre-Xmas fix-this-now rush

FordPrefect

Will senior management accept that there is a finite amount of resource so if the amount of change exhausts the amount of resource then no more work can be done? No it will be business as usual pushing for more and more work to be done quickly so it can be billed. Those same senior management will then blame the overworked stressed workers that make a mistake due to having to much work and too little time.

BT hikes prices for third time in 18 months

FordPrefect

Re: OpenRetch

Openreach which is a seperate entity which charges all communication providers a price agreed with ofcom...

Credit insurance tightens for geek shack Maplin Electronics

FordPrefect

Hah given maplin prices they only have to sell 3 items a week to break even.

Didn't install a safety-critical driverless car patch? Bye, insurance!

FordPrefect

I'd guess in practice you'd need some sort of marking system to decide how critical a patch was and something thats easy for a customer to understand ie 1-10 with anything above 5 being installed within a suitable window. ie give people a week or a month grace before it invalidates there insurance.

Co-op Bank's users moan over online wobbles

FordPrefect

I used to be a COOP bank customer back in around 2010. The online was useless as it was always a day behind.

What shocked Verizon more: The Yahoo! mega-hack or that it runs AIM (for not much longer)?

FordPrefect

All three people left using AIM must be devastated!

US Senators want Kaspersky shut out of military contracts

FordPrefect

Given the low level system access that AV and other security tools need to do their job on an endpoint I'd be surprised if the US military used software from outside the US.

America 'will ban carry-on laptops on flights from UK, Europe to US'

FordPrefect

Its going to get to the point soon where you must really want to goto the US to visit. Its already close to ritual humiliation with the security precautions and thats not even considering the fact the airlines treat you like crap. I'd be tempted to do the transatlantic trip to Canada or Mexico first then a smaller hop to get where you wanted. IE goto Toronto and goto New York from there, or if going to California, Texas or Florida transit through Mexico.

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2021