* Posts by Philip Virgo

26 publicly visible posts • joined 9 Apr 2010

Indian call centre scammers are targeting BT customers

Philip Virgo

Re: How on earth can you tell the difference?

The data used by the fraudsters after the Talk Talk hack did not actually come from the hack. It came from these who knew details of installation/maintenance visits. Guess where that came from?

Facebook claims a third more users in the US than people who exist

Philip Virgo

Re: Dual accounts?

And the most active accounts are those run by the Botnet Avatars said to account for between 25% and 80% of advertising clicks.- according to whose extrapolated hype you beleive.

US Treasury to launch pre-emptive strike on EU's Ireland tax probe

Philip Virgo

Will Ireland join the UK in exiting before any real risk of the EU taking action.

Philip Virgo

I thought they took most of their profits, after deducting lobbying pay-offs in Washington, via the Bahamas, Panama and assorted Carribbean Crown Dependencies.

Cisco rewards massive profit jump with thousands of layoffs

Philip Virgo

Does this mean 5,500 experienced staff available for retraining as network security specialists.

Philip Virgo

Does this mean 5,500 technically experienced staff available for retraining as network security specialists?

Microsoft won't back down from Windows 10 nagware 'trick'

Philip Virgo

Was this the software equivalent of the Ford Edsel? Or is it more profound - a tipping point that well finally enabled the Chinese to do to the US software industry what the Japanese did to their car industry half a century ago?

Philip Virgo

Re: Upgrade losses

Excellent point. That is why I stopped after moving one of my laptops to Windows 10. I also lost access to e-mail accounts hosted in the UK and has have yet to find out how to get them back.

Philip Virgo

Re: N.W.O.

This was the day I decided I really must find out how to use Linux. Oh the hassle of weaning myself off Microsoft and Google. Will it be worth the effort?

Apple: Another bug fix. Er, thanks, GCHQ

Philip Virgo

It could always be to do with GCHQ wishing to demonstrate that they are worthy hosts for the new National Cyber Centre. We will know if they stop trying to prevent funding for the development of UK security products which block all executable code unless expressly permitted - thus sodding up (technical term) most current attack vectors - and also (potentially) the business models of much of the current on-line industries.

MPs slam mandarins over failed GP IT system

Philip Virgo

Tomorrow came yesterday

Back in 1984 the NCC Microsystems Centre has a contract to test six GP systems. Each contained routines for recording, collating and exporting adverse reaction data (still not standard across) and not just record export (albeit on floppy discs) for transfer to other practices. Most also contained field level security (including "named doctor only" envelopes for "sensitive" information such as "says he caught it off the senior partner's daughter").

How cyber insurance actually works

Philip Virgo

This is a good introduction. For a deeper understanding of why things are as they are, I recommend reading the Long Finance report on Cyber Catastrophe re-insurance http://www.longfinance.net/lf-research.html?id=937 . I attended some of the workshops leading to that report, have blogged on the likely consequences http://www.computerweekly.com/blogs/when-it-meets-politics/2015/08/the-ashley-maddison-hack-illus.html

The key point is that cyber is being routinely excluded from mainstream policies leaving policies which cover the cost of "incident management" (hopefully including business continuity), provided the organisation has an agreed incident management plan in place.

BT reveals vanishingly small detail about its fibre broadband network

Philip Virgo

Re: "STATE Monopoly?"

Telegraph and voice were brought to the UK by the private sector but the General Post office exercised its monopoly powers to license them (after Indian Mutiny has revealed their importance) and then nationalised most of them in 1912 - to facilitate mass eaves-dropping, justified by the spy scares during the run up to the First World War. Abut that time the suffragette's began causing chaos by cutting the lines. Were the suffragettes cutting the lines as a protest against the government because they had been nationalised? The historical articles I have consulted do not contain any clues.

Insurance companies must start buying security companies

Philip Virgo

Why buy? Already the big UK Insurance Companies are more sophisticated in their approaches to Cyber risk than almost anyone else. The delete it from the policy unless you take out a specific policy which mandates best practice and, even then, covers only the cost of implementing a pre-agreed incident management plan - which commonly includes using a mix of leading security forensics consultancies to identify who attacked you and how so that they can decide whether to fund an "asset recovery" programme along the attack vectors used (including to launder the proceeds). .

Universal Credit white elephant needs 'urgent breakthrough' says MP

Philip Virgo

This is what happens when a minister tries to impose good practice on the "professionals"

Right at the very start the Minister said he wanted the "pathways" checked before any code was cut.

The officials ignored him. Ministers set policy - they do not decide how it is to be implemented.

So the "usual suspects" burned through several hundred million before what they had produced was tried out on real humans. Surprise, surprise - it did not work - other than technically.

The "reset" was to go back to testing processes with real humans before they were enshrined in code for large scale roll-out.

It looks as though a subset does indeed work with real humans - and the phased roll-out of that subset can now begin - at an accelerating pace.

Next will come the task of "folding in" the other benefits - but at each stage checking that the changes work with those who are intended to use it. Hence then open-ended timescale.

I find it interesting that the Register should not be a fan of good practice.

Use snooped data in court? Nah, says UK.gov - folk might be cleared

Philip Virgo

The other way of looking at this is the abuse of legal aid to enable criminal lawyers to trawl through everything collected by (or available to) law enforcement, whether or not it might be relevant. What is being said is that it is too much hassle to review the way that court procedures have become skewed in favour of organised crime as a whole: not just in favour of well-lawyered terrorist groups.

Scot Nationalists' march on Westminster may be GOOD for UK IT

Philip Virgo

Re: "... would not seek another referendum ..."

I thought the "real" stone sat safely in Scotland while the English were conned into having their monarchs crowned above an ancient cesspit cover.

Philip Virgo

Remove the requirement for a deep water inlet (questionable) and there are a number of obvious choices for basing the Trident replacement, from Barrow (where they are built), to Falmouth, Plymouth and Portland. More interesting would be whether the SNP really does want to lose the jobs from Clydeside and Rosyth. The Royal navy predates the Act of Union.

UK.gov SLASHES ICT frameworks by more than HALF

Philip Virgo

Re: CCS is very badly resourced.....

Looks like an overdue, step by step, reversion to the days of the CCTA list prices in the 1970s - but with a lot more suppliers. If that were to be accompanied by well-supported routines for assessing and approving products and services from SMEs so that risk-averse customers could purchase from them with confidence that would be a great step forward. If not ...

STAY AWAY: Popular Tor exit relays look raided

Philip Virgo

US spook comms saved from attack by who: North Korea?

Remembering that TOR was created by US Naval Intelligence to protect its secure communications, including from leak from other agencies, I read the e-mails from the TOR organisers rather differently. My conclusion is that they have now reviewed the situation and are satisfied that those agents whose security was not breached by Manning and Snowden remain safe. Whether or not you believe that they not know or suspect who attempted the breach is up to you. My guess is that it was not the FBI or NSA but a foreign power, perhaps North Korea as a proxy for ... take your pick ... they need the money now that the falling oil price has destroyed their sales of conventional weapons.

Elderly Bletchley Park volunteer sacked for showing Colossus exhibit to visitors

Philip Virgo

Re: They could learn some lessons....

This is not such a bad idea. Recreating some of the wartime security barriers (complete with sentries examining tickets for your security clearances - i.e. what you have paid to visit) between the different parts of the site might help the theme park experience.

Philip Virgo

How and why has the conflict arisen

I suspect that the planners of the Bletchley Theme Park have a carefully sanitised version of history in mind. This does not include the "special relationship" between Bletchley and Fort Meade from 1941 until GCHQ moved to Cheltenham. They fail to recognise that the elderly volunteers are fully aware of their obligations under the official secrets acts (plural). Hence the current situation, instead of a win win way forward which would have preserved the spirit of Bletchley.

We should remember that a core part of that spirit was the tension between the invaluable eccentrics and those trying to keep order between several thousand, largely female, twenty somethings and a rather smaller number of men of varying ages, with few of either knowing what they were really doing. Luckily many of those who were truly invaluable were more interested in what they were doing than in the opposite sex, if they were interested in the opposite sex at all.

At this point I have some sympathy, albeit not a lot, for those trying to create a sanitised theme park which will protect the young of today from the realities of the past.

Security guru Bruce Schneier to leave employer BT

Philip Virgo

Why are you all thinking negatively. Perhaps one of the insurance companies looking to underwrite well-managed cyber risk (and thus dictate the future) made him an offer he could not afford to refuse.

MPs blocked from ogling 'web smut' 300,000 times – while in Parliament

Philip Virgo

Re: Likely Cause

I wonder if Nik Dakin MP, or the former steel town which he represents, was in the news. I have not mentioned its name but the first letter is "s" then comes "c" , then "u" then "n" then "t" then "thorpe". My browser and security software is among those which obliterate his constituency from the on-line world and tells that they offend a mythical "acceptable use policy" that I appear powerless to over-ride.

Google says it can predict movie box office with 94% accuracy

Philip Virgo

Re: Er....

If I am typical the measure is indeed reactive rather than predictive. I typically do three or four searches to check the showings (times and locations) before going to see a film, having already decided what to see and when. In making that decision I may indeed look at the trailers, but rarely suficiently in advance for anyone to make a meaningful "decison" based on collating the search patterns of "millions like me". If movie-makers and distributers were to want infomration of predictive value it would be more sensible to give me a discount (or other benefit) in returning for responding to a survey on what I like to watch and where, when and how I like to do so. That said, using such data to find search spikes which do not correlate with spikes in box office takings (or vice versa) and the looking at the causes might indeed be an intersting exercise. The value of using search engine analyses should not be under-estimated - even though this example has been over-hyped.

Guy Kewney, pioneer, guru, friend - RIP

Philip Virgo

He checked his stories

When I ran the NCC Microsystems Centre (New Fetter Lane 1982 - 4) he was almost the only journalist who took nothing on trust - he checked it all out. A great source of knowledge and also very discrete on his sources. He never quoted any of my youngsters on anything not cleared by myself or one of my consultants. He independently checked what we gave him to use from our tests when we were not willing to be quoted. He was also happy to sit beside the youngsters explaining what he was looking for and showing them how he looked for it. A lovely man - and a very good, and patient, teacher.