* Posts by David Shaw

305 posts • joined 23 May 2007

Page:

It's not every day the NSA publicly warns of attacks by Kremlin hackers – so take this critical Exim flaw seriously

David Shaw

do you want me to post the email embedded javascript obfuscated code that was included in an email from the BBC to a child of mine?, I attribute it to Gloucestershire.

Or I could add the mail-bomb script that the NSA embedded in a fake email to me "from the ITU"?

The Russian/GRU attack that I noticed was much more subtle, such that nobody seemed particularly interested - it involved a special offer on software, a slow social engineered creep of app permissions, to a full MITM - whilst pretending to be a cloud AV, over six months....

this information war stuff is very multilateral, read wider

Assange should be furloughed from Belmarsh prison, says human rights org. Here's a thought: He could stay with friends!

David Shaw

Sure...

a few more facts

https://www.ohchr.org/EN/NewsEvents/Pages/DisplayNews.aspx?NewsID=17012

The Working Group on Arbitrary Detention Deems the deprivation of liberty of Mr. Julian Assange as arbitrary

On 4 December 2015, the Working Group on Arbitrary Detention (WGAD) adopted Opinion No. 54/2015, in which it considered that Mr. Julian Assange was arbitrarily detained by the Governments of Sweden and the United Kingdom of Great Britain

and more recently , Belmarsh 2019

https://www.ohchr.org/Documents/Issues/Terrorism/FinalSRTStatementGA14Oct 2019.pdf (pdf, 6 pages)

Mr. Assange showed a pattern of symptoms typical for long-term exposure to psychological torture, I regret to report that none of the concerned States have agreed to investigate or redress their alleged involvement in his abuse as required of them under human rights law.

from Nils Melzer, United Nations special rapporteur on Torture, professor of international law at the University of Glasgow; holds the Human Rights Chair at the Geneva Academy of International Humanitarian Law and Human Rights in Switzerland

UK snubs Apple-Google coronavirus app API, insists on British control of data, promises to protect privacy

David Shaw

Re: Here in Belgium...

Hello Belgium, typing from Italy here, we can't yet see any travel, there are few planes, zero hotels

lockdown is being relaxed week by week starting next week, but the best offer is a travel within the same region (in my case Lombardy), and only occasionally to the neighbouring region (eg Piedmont) - if we go to Piedmont (which I can see from my window) then I will need all the certificates to travel, something to convince the military police (carabinieri), flying squad (pol-strada), police (polizia), local police (polizia locali, urbani, regionali, communale), tax-police (guardia di finanza) and forest police (really), any whom of which might demand WHY you are outside the home region?

I suppose as Italy has double the number of police-type officials than the UK, I can see why UK might be going for invasive digital technologies, UK plod don't do road-blocks, rather a lot of reliance on bulk-personal-datasets with fuzzy boundaries, rather overshared in teh past.

Italian beaches are getting ready to open, in Marche, Liguria etc - but it might just be for local consumption (from that actual region) law isn't yet clear, but might need 14 days iolation/quarantine after travel, there was a mention that any post-holiday isolation would be taken from annual holidays, and not paid otherwise.

back to Apple, has anyone else noticed how iOS devices are continuing to broadcast a Wi-Fi sharing hotspot from a fruity device with a SIM, even if said hotspot is turned OFF in Mobile Data, and OFF in Family Sharing. it is able to be turned ON, remotely, by any other apple device or Desktop that has same Apple ID... sounds like it is OFF in the same way that 'hiding' an SSID in Wi-Fi has little effect upon security.

at least their ultra-wide-band beacon in the newer iPhones is probably off, maybe

Zero-click, zero-day flaws in iOS Mail 'exploited to hijack' VIP smartphones. Apple rushes out beta patch

David Shaw

Re: It also bears repeating

Major government

Yep, I stored(*) all my mailboxes from around ‘08 when I was accidentally a consultant at the European Defence Agency and years later the free Bitdefender macOS AV found all sorts of historic goodies, sorry baddies at play. One bunch, obviously from Gloucestershire even slipped a few lines of malware script into the emails from BBC’s “the Secret Show” on CBBC to my nine-year old youth.

This was nicely confirmed by the BBC when I fairly recently complained to them about this alleged incident a decade earlier, targeting the family of a person of economic/scientific interest and my complaint was instantly treated as serious, escalated to a senior level of mismanagement and eventually analysed by their cyber security team & reported on, all highly unusual behaviour for our dear BBC.

The gov’s never give up either, as last year a phish email was sent to an aged parent’s iDevice. It was an impressive nation-state spoof that led to a zero-day website, which was gone minutes after the malware was delivered. These attacks are “expensive”, so mystify me, If our KGB wishes to know anything then just phone me up, I know they have my number as they’ve phoned me twice over the last decade - once pretending to be an Intel(chip) trying to send me a .pdf of the latest CPUs[**] and once when I registered my ‘play’ website in Lichtenstein- a scary phone call{***}

(* terrorbytes of Time Machine backups)

[** attempt to penetrate my work networks by socially engineered malware containing blob being phoned thru’ for acceptance before deployment; I declined, but they were very plausible & multilingual - from a UK 0345 number!]

{*** they have a job to do, hopefully some baddies are targeted, when they have the time/interest}

I assume my iPhone is stuffed with bad stuff from all sorts of other autocratic governments

Minister slams 5G coronavirus conspiracy theories as 'dangerous nonsense' after phone towers torched in UK

David Shaw

high frequency vibrations cause pandemic[1] - headline

[1]which is b0ll0cks, obviously.

the headline in fact should be

pandemic causes less vibration frequencies [2]

[2] https://www.unilad.co.uk/science/current-pandemic-is-making-the-earth-vibrate-less-scientists-say/

what with road traffic at maybe 1% of normal levels, air traffic at 40%(?) and much industry sloughed, furloughed, there must be lots of interesting research to do, on background levels of all sorts of things ... we still have quite high PM2.5 & PM10's here, probably pollen?

UK Information Commissioner OKs use of phone data to track coronavirus spread

David Shaw

Re: Hardly new

The country where I’m living mentioned recently that a local university built a mass monitoring tool for road/people tracking for helping the multitudes visiting expo2015.

They’ve simply switched it back on again, (according to national radio news) as lockdown can Improve the Rnought transmission ratio, bring it below 2.5.

The mass interception of persons private data continues, whether people are special or not. It’s nice to see it being used for something vaguely philanthropic.

That awful moment when what you thought was a number 1 turned out to be a number 2

David Shaw

squirrels

Not a very exciting reminisence, but I was trying to call William in Paris from the research centre in Italy, to go on the common object reference broker architecture software course.

I dialed his number 00 (int code) 33 (france) 1 (Paris) - number XXXXXX

except I forgot to dial the 0 for the external line

and I got through to 0 (outside line) 0 33 1 (local number) - number XXXXX

and I said "bonjour, J'aimerais parlarerz avec William" etc in a vague French,

the operator talked to me in French for a minute or two, and put me through to NATO C3 INTELLIGENCE, who had a William, who spoke french, who couldnt understand why I was asking him about the starting dates for a CORBA course. After vast amounts of confusion, how could I make a wrong number in a wrong language and actually get through to people that worked in that language, whilst in Italy, anyway they were very nice and didn't bomb me. Spooky...

...as it was when I finally got to Paris and I found the CORBA course was in fact filled with guys from.....[carrier loss]

UK enters almost-lockdown: Brits urged to keep calm and carry on – as long as it doesn't involve leaving the house

David Shaw

Re: What about the airports?

I’ve been locked down in Lombardy, now in third week of confinement. Rather stricter than UK, but Italians are allegedly aiming for an R0 of zero, at present.

Cuba has just arrived with spare doctors, Russia sent a squadron of super-SAS doctors and spare respirators, China sent some expert advisors and even a US NGO has quickly built a military field hospital in nearby Cremona. I like this international cooperation.

I’m replying to this “airports” sub-thread as although my local Milan airports are shut until about the first week of April, the nearby Geneva airport has EasyJet still flying in/out for a few hundred swizz frankles. Friends thought that was a potential route back to Italy, (rail from GVA to Brig, then over the Simplon) So a couple flew in yesterday from Manchester, arrived at GVA and were denied entry and deported back to UK last night! That’s the severity of the situation. Oh and a dear respected scientist at work, with underlying health conditions, has passed.

So stay at home.

UK spy auditor gives state snoops a big pat on the back for job well done – except MI5

David Shaw

except

for some reason Computer Weekly is rather less impressed with MI.5

https://www.computerweekly.com/news/252479661/MI5-slammed-by-watchdog-for-failing-to-delete-intercepted-phone-and-internet-data

their "slammed by watchdog" as opposed to your "cloud data storage blunder" - I'll read further, later...

After 1.5 million days of computer time, [email protected] heads home to probe potential signs of alien civilizations

David Shaw

Re: Pure fiction?

Decade ago, I met a serious youthful bearded USA tech geek, who was on holiday in Italy (from his dot mil base in Japan he told me), and he smirked widely when I explained that my lab was processing SETI when idle.

His suggestion was that NoSuchAgy *had* founds lots of stuff, thanks.

So it's not certain that *all* million+ days was spent hunting aliens, perhaps, hopefully some of it was

Windows 7 goes dual screen to shriek at passersby: Please, just upgrade me or let me die

David Shaw

found some shy JPG's

(2D layout) https://cdn.archilovers.com/projects/d9232647-c635-4c30-9603-7cddb7e47f3d.jpg

(3D artistic) https://cdn.archilovers.com/projects/5501e6e9-5c35-43aa-83e9-1885110d03d0.jpg

so it's just hundreds of monitors, not thousands - their HTML video wall (one of the many showing error messages) was just 54 super giant monitors in a wall. I tend to agree that if it was 100s of RaspPi's, the supermarket of the future - a place to get food and meet people - might have been a bit more responsive..

the food was nice tho'

David Shaw

There's a "digital supermarket" in Milan, near the Bicocca Village shopping mall & cinema complex.

By digital, I mean it is primarily a supermarket, selling cheese - cat food - etc

but it is a left-over from an expo of a few years ago - and has around a thousand interactive 24" screens.

These screens are supposed to interact with customer, as you wave your hands near a particular item,

say - frozen artichokes - a pop-up should tell you all about it, price etc. how fresh, nice recipes

needless to say, digital decay has set in, and an extremely high number of screens are/were showing

the full gamut of Redmond's best & brightest errors. I was laughing so much, that I was incapable

of actually taking any photographs. I'm sure it is still kaputt, guasto, SNAFU'd.

If anyone dares to visit, (I think flights to Milan are around £3 return at present), it's just behind the

KFC - it's called "Fior-Food" " "Supermarket of the Future" by (Italian) Co-Op

Supermercato del future, Cibo e Incontri, Via Friedrich Von Hayek, 20126 Milano MI

In view of the pictures or it didn't happen meme. I'll try and visit that currently surely

deserted shop centre and see if anyone has learned how to deal with "the future" yet.

London's top cop dismisses 'highly inaccurate or ill informed' facial-recognition critics, possibly ironically

David Shaw

Re: "database...comparing...to...suspected criminals...is thought to contain 12.5 million faces"

just 12.5Million?

Prüm, Prümpity, Prüm

Prüm is a town in the Westeifel, Germany. Formerly a district capital, today it is the administrative seat of the Verbandsgemeinde Prüm. (it is where the ██████████ of the ██████████ Database ██████████ Prüm ██████████ extensions ██████████ Prüm DNA ██████████ ██████████ Prüm ██████████ sharing with USA'ians biometric ██████████ Prüm, Prüm, Prümpity, Prüm.)

doomed.....we're all doomed Cap'n ██████████

Assange lawyer: Trump offered WikiLeaker a pardon in exchange for denying Russia hacked Democrats' email

David Shaw

Re: Human Rights, where Assange is concerned

I maintain that other people are welcome to their point of view on Assange - even the UN human rights torture guy thought Julian was a really bad guy - until he started to research further.

The 'medical isolation' and torture facts comes from the alt media, Craig Murray etc, the "100 concerned doctors" over the last year - it is obviously hardly reported on in the UK. Look for news on the 1000's of concerned senior journalists who signed the latest petition, out this week - I can't find it on Google. I noticed (from memory as I can't find this docu) that only a couple of BBC journalists consider Assange a journalist enough to sign that petition - I think John Sergeant was the only UK journo that I had heard of!

Well done John Sergeant, integrity & initiative - without being controlled, and thanks phuzz for your sensible questions. There is background on this matter, but you really have to dig for it.

David Shaw

Human Rights, where Assange is concerned

according to recent news, Julian was being seriously tortured and held in "medical" isolation - thats TORTURE in UK, way before anything the USians might have thought to do

which Human Rights managed to extricate him? - the Glasgow Professor/the UN Swiss Swedish speaking Nils? (nope, not him), the EU (nope), the CoE (Council of Europe - nope)

it was Belmarsh Inmates Prove More Ethical Than Entire Western Empire

the detained murderers, and assorted ne'er-do-wells who forced him into less torture, amazingly.

https://consortiumnews.com/2020/01/25/belmarsh-inmates-prove-more-ethical-than-entire-western-empire/

David Shaw

well done El'Reg for actually mentioning this

serious Swiss Professors were complaining about media bias in July last year

https://www.kcrw.com/culture/shows/scheer-intelligence/the-media-is-complicit-in-julian-assanges-torture

and seven years ago too

https://www.theguardian.com/world/2012/mar/12/bradley-manning-cruel-inhuman-treatment-un

but I accept that other people have a different viewpoint, such as Assange's senior judge, Lady Arbuthnbot, if one can believe the documents that these wikileaks people reveal:-

https://www.dailymaverick.co.za/article/2019-11-14-julian-assanges-judge-and-her-husbands-links-to-the-british-military-establishment-exposed-by-wikileaks/

but No Conflict of Interest, nope, look at the orange guy instead....

LCD pwn System: How to modulate screen brightness to covertly transmit data from an air-gapped computer... slowly

David Shaw

Re: Another 007 scheme ?

I designed a covert comms channel based exactly on this principle

what that guy is doing two desks back, holding his smartphone at their back while not moving at all for over an hour not moving , much, for an hour or two

but not for an office situation, just exfiltrating data across a national border or similar

relied on a few keen anglers and the usual PVdF piezo-acoustic transducers, possibly fish/bait shaped

I wonder if it was ever used (stego digital acoustic monitoring of all waterways surely IS implemented chaps?)

Finally, that cruel dust world Mars proves useful: Helping scientists understand Earth's radio-scrambling plasma

David Shaw

Re: Thunderstorms

@IvyKing

yes, the Thunderstorm connection is possible - ongoing research work suggests that many thunderstrikes are triggered ('enabled' might be a better choice of word) by incoming galactic + solar protons - as you say, the sprites are particle/energy jets apparently accelerating back out, but there seems to be a lot more work to do on simply thunder - before Sporadic E is added to the scientific questions! The actual enabling of lightning by incoming radiation is not yet quantified.

My first worry is that Es mirrors probably happen around 100 km up, whilst a lot of the thunderstorn physics is inferred to happen between 10 - 20 km above the ground (the emission spectra of Thunderstorm "intense fluxes of electrons, gamma radiation and secondary neutrons correlated with thunderstorms/lightning" seem to be only 20% as high as Es) from this next 2018 paper. There are however some elements of thunderstorms that appear to be located at 500 km altitude...

looking on https://scholar.google.co.uk gives quite a lot of reading, I'll just choose one recent paper, for this short reply

e.g. https://link.springer.com/article/10.1007/s10712-018-9469-z

[ref:Surveys in Geophysics, September 2018, Volume 39, Issue 5, pp 861–899 "Lightning Discharges, Cosmic Rays and Climate", Sanjay Kumar, Devendraa Siingh of Indian Institute of Tropical Meteorology Pune & BHU Varanasi]

(might be ashamedly paywalled so some 'review' quotes follow from this long and interesting read)

"Gurevich and Zybin (2001, 2005) proposed the runaway breakdown mechanism operating at a lower threshold voltage (~ 2.16 kV cm−1) which involved the passage of high-energy particles (cosmic rays) through the thundercloud" (it was previously thought that a 23 kV cm−1 electric field was needed to trigger the lightning flash)

some other keywords from just this paper: particle nucleation & cosmic rays, thunderstorm electrification & cosmic rays, triggering of lightning by cosmic rays, high-energy radiation & thunderstorm ground enhancements (TGEs), terrestrial gamma ray flashes (TGFs), the global electric circuit & climate, atmospheric general circulation lightning & climate, cloud condensation nuclei (CCN), terrestrial electron beams (TEBs), Sprites= transient luminous events (TLEs), gigantic jet (GJ), etc...loads more acronyms available

The thunderstorms apparently even accelerate muons (downwards) and might have energetic electron interactions. Physicists can measure "intense fluxes of electrons, gamma radiation and secondary neutrons correlated with thunderstorms/lightning", and " the observed spectra were consistent with the simulation results when the source region was considered at 21 km altitude and below and the derived spectrum was inconsistent for sources above 21 km altitudes. This supports the theory that TGFs are produced either inside a thundercloud or just above a thundercloud, and anyway they are not associated with high-altitude discharges (sprites)"

CERN is experimenting with trigger rates in CLOUDs (Cosmics Leaving Outdoor Droplets)

It would be nice to add Es to this area of climate research, directly or indirectly as lower atmosphere plasmas, and cosmic induced & other ion clouds are mentioned by the paper, some of which get 'scooped-up' by a forming thunderstorm -

Q: so does Es preceed the series of storms,

Q: or is Es as a result of the *lots of physics* happening during a typical storm,

so much is still apparently unknown.

this above 2018 paper has a nice (simplified) thunderstorm model here

https://media.springernature.com/lw785/springer-static/image/art%3A10.1007%2Fs10712-018-9469-z/MediaObjects/10712_2018_9469_Fig1_HTML.gif

David Shaw

some of those rare 2-metre Es are recorded here

https://amunters.home.xs4all.nl/eskiplog.htm (DX robot text feed)

other planetary anaprop not yet on this list!

Remember when Europe’s entire Galileo satellite system fell over last summer? No you don’t. The official stats reveal it never happened

David Shaw

Re: WTF?

I'm not sure when the Galileo beta ends - but there was a sensible Q BTL about GPS and the availability targets of GNSS as a whole.

A few years ago , when we all just relied on the impressive GPS space vehicles and their civ SPOF L1 frequency, I was able to demonstrate in a scientific paper turning off the ████████ nuclear ████████ at ████████ by use of a ████████ banana. Then I was able to ████████ disable the entire country of ████████ by ████████ ████████ ████████ and that GPS banana.

So I'm quite happy with anything other than SPOF (single point of failure), roll on Brexit-sat-UK-nav and all, and I'd like all the historic time/signal/nav's restored too, as backup-backup, and Droitwich moved back 2KHz HF, etc etc

No backdoors needed: Apple ditched plans to fully encrypt iCloud backups after heavy pressure from FBI – claim

David Shaw

Re: That would not have gone over well

I was surprised to hear on BBC Radio 4 this morning a short interview with Yuval Noah Harari

(never previously heard of him) (home page https://www.ynharari.com/) (I think he's in Davos today)

His opinion seemed to be that we could potentially see a totalitarian data-driven hegemony, based upon a state (or two) knowing everything about everyone, and possibly knowing us more than we know ourselves. He didn't name names or States, other than China, but he implied there was of course at least one other unitedly serious place where bad things could grow.....

As I have been tangentially involved in data-retention, ILETS, and Lawful Interception, and know their names, nice chaps on the whole. Yes Yuval, that gloomy-doomy scenario came to me too.

Cheque out my mad metal frisbee skillz... oops. Lights out!

David Shaw

Re: Kiting Cheques -- passing dud cheques

@WSG

except, re:French cheques, I gave mine up in the early nineties when Credit Agricole mentioned casually to me that writing a cheque for slightly more than was in the account had become a criminal offence in France.

I can see why the gov might guarantee them, (much like how in the EU our governments are responsible for car insurance in case of incident when your car transits another EU/EFTA country, the number plate has effectively become the 'green card'.... allegedly)

And now for this evening's space weather report. We've got a hotspot of satellite-wrecking 'killer electrons' in the outer Van Allen belt...

David Shaw

"Starfish Prime" did break a few things

valve/tube based car-radios in Hawaii for example

https://www.discovermagazine.com/the-sciences/the-50th-anniversary-of-starfish-prime-the-nuke-that-shook-the-world

and careful with that xmas wrapping paper & sticky tape, but that's around 15KeV not 2 MeV

https://www.newscientist.com/article/dn15016-humble-sticky-tape-emits-powerful-x-rays/

It's time you were T0RTT a lesson: Here's how you could build a better Tor, say boffins

David Shaw

Re: Tor

it seems that the Tor protocol bug-doors were deliberate traffic staining, presumably by someone on the development team - this was fine as I mostly trust 5EYE, knowing them well, but then the IRANIANS noticed these bugs and people/activists who HAD been led to believe that it was magic, suddenly were detained etc...

and as for the political prisoner who is arbitrarily detained, not my opinion, but the same UN panel who have criticised the IRANIANS over arbitrarily detained Nazanin-Ratcliffe have made the call, over quite a time period

https://www.nytimes.com/2016/02/05/world/europe/julian-assange-un-panel.html

https://news.un.org/en/story/2019/05/1039581

https://www.ohchr.org/EN/NewsEvents/Pages/DisplayNews.aspx?NewsID=24665

I think with several agencies having mastery of the internet, any anomising/cloaking technology will likely have bug-doors, still.

I can refer to some of my own related papers https://ieeexplore.ieee.org/document/6986977

https://ieeexplore.ieee.org/document/7289150

but I respect that other might have a different point of view

David Shaw

Tor

was famously a US navy patented idea...I'm sure that's behind them now

the political prisoner Assange became famous partly after he ran a Tor exit server... probably still an unhealthy thing to do

and Tor has had a surprising amount of 'bug-doors' for the unwary user (typified by unique traffic staining visible by those who have mastery of the internet)...I'm sure that's all been solved

/sarc

How much cheese does one person need to grate? Mac Pro pricing unveiled

David Shaw

Re: Finance

I've been looking (briefly) at the titanium and the ceramic from the point of view of extreme Nickel sensitivity, some family members can't tolerate some of the early gold coloured alu models, nor some fitbit watches. I think a (approx) half-priced 'Refurbished Apple Watch Series 4 GPS + Cellular, 44mm Silver Aluminium Case' with its ceramic back sensor might be better than the extravagant costly 'showoff' exotic material watches....at least with the series 5 watch they have starting to show the time, all the time!

Oh, and I'm typing this from an old-style £5k Mac Pro (Mid 2012) 3.33 GHz 6-Core Intel Xeon Cheese Grater, it is still very functional for a desktop, is now maxed out to >8Terabyte storage.

i don't think I'll be immediately ordering the new cheese grater, it's reasonably priced at just £4582 (exVAT) for the stock entry version (no display) (or display stand)(or wheels) but the main problem is that they can't get it to Leeds before xmas

You had one job, Cupertino: Apple's Intelligent Tracking Protection actually gets tracking protection

David Shaw

Re: The Solution to all Stasis?

Sorry, I think the advertisers and spooks have pretty much everything sorted

on the subject of Stasi - part of the virtuous data-sharing between agencies and advertising . which happens everywhere, is getting an extremely rare oral hearing in Karlsruhe.

Should the BND be allowed to spy on the telephone calls of foreign nationals in third countries and analyse their internet data ... will now be debated before the Constitutional Court in Karlsruhe....

The anticipated landmark ruling by the Federal Constitutional Court will be the first on the BND’s surveillance activities in over 20 years. .... in the light of the massive increase in surveillance possibilities resulting from digitization. ....

seems journalists, politicians, citizens are not that much protected by the constitution - but everywhere else on the planet is in a worse situation. From what I've seen.

Europol wipes out 30,000+ piracy sites, three suspects cuffed to walk the legal plank

David Shaw

involving 18 pol squads

That's the point of europol, they develop a system - make it as good as is reasonably possible - then deploy it in some/most of the EU countries to help the local police who don't necessarily have on hand such a budget for high tech enforcement. I suspect therefore that quite a few of those 18 police forces wouldn't have been able to do this takedown alone.

I have helped in quite a few of their earlier projects, and they are pretty sensible people in Den Haag, very good track record - in my opinion

EFF warns of 'one-way mirror' of web surveillance by tech giants – led by Google

David Shaw

attack cookies?

I was recently being 'attacked' by a 3 gigabyte cookie, just one site

Safari/local-storage/https_www.(fairly mainstream site).co.uk_0.localstorage

I guess it's from my annoying habit of annoying TLA's

(one of the TLAs had intercepted my visit to this .co.uk site, sent me to a succession of "congratulations you have won $prize" very random IP sites - all based in Bulgaria - then a day or so later I noticed the super cookie. not sure if it was data being exfiltrated or compromising data being installed. I have that supercookie archived somewhere off-line, for when I'm bored and can be bothered picking it apart.

So yes, gig sized cookies are being used against ppl, so why not send 'em back!

(The TLA fun seemed to stop when I switched my machine to the Pi-hole address range)

Vote rigging, election fixing, ballot stuffing: Just another day in the life of a Register reader

David Shaw

2004-ish

a famous "sugar flavored water" company entered the internet era with a code on the inside of their labels.

Some of these codes entitled the "winner" to download a free music track from the new iTunes, (there might have been some sort of ultimate prize. other than insulin resistance, but the kids just wished for music to populate all 4GB of their iPod minis)

I think it took a single pack of 500ml bottles, and about three minutes with an excel spreadsheet, to predict all the winning numbers, from just the first six samples. The sequence had about two winning numbers in a row, then a gap of around three, to stop simple experimentation, but it was fun to see the release of a totally 'not ready for the real world' project - and to notice that the next year's similar competition had a much better RNG. (ahem...)

disclaimer: it never happened, at least not from any IPv4 associated with me, and any sums involved remained around a fiver as it was still much simpler to use napster/kazaa P2P for the music than to type in the many codes on the sugary website, then fight with iTunes to redeem the 99p vouchers.

I hence do not trust most online voting, opinion polls etc - but in passing I did notice that "someone" used the article described vote-rigging automatic script voting to cleverly vote FOR a pop-music video on YouTube in 2014 in order to get it banned, real cyber-attack stuff! un-noticed by most.

the context here was that a northern state was having a vote about going-it alone, and a rag-tag group of musicians put together a wee catchy tune, with some guid lyrics. It had the potential to go viral, and that might just have 'nudged' a vote one way. the southern realm did all the usual normal stuff to get the vote to narrowly go their way - but a bunch of mathemagicians in a sweet ring-shaped fried cake took this you-tube song and massively upvoted the "views" counter to an impossible several million in the short hours after the clip launched. result: YT 'temporarily' banned the patriotic video "due to irregularities" (and they YT suggested that after two weeks of analysis, it would then be free to be viewed again) northern popular vote took place just a few days later, unmolested by viral media. well done chaps, or молодцы товарищи if it was the other lot instead, sowing confusion!

Why can't passport biometrics see through my cunning disguise?

David Shaw

ePassport was originally a German project

I know that as I had an ePassport reference lab, and the German ISO/IEC BSi wonk mentioned to me that they had my lab shut down, due to it "becoming too strong" wow.

Machine Readable Travel Documents (MRTD) or more accurately the devices defined under ISO JTC-1/SC 17 "Cards and personal identification" subset WG3 "Identification cards - Machine readable travel documents" are amazing, nevertheless. They work well, tho' limited a bit by the speed of data transfer from older ISO14443 protocols.

What always shocks me is that the actual RFID hardware, inlays, processors etc that fit onto the data page only have a two year warranty. So it's not uncommon to find that as you near the end of the decade of your individual ePass. that the flash which stores your JPG will have bit-rotted, or the 13MHz antenna might have micro-cracked - so unlike say Switzerland who moved to a 5-year replacement cycle - in UK, good luck on passing those eGates at the EOL of your ePass!

UK until recently didn't apparently even bother checking both keys (=~ OCSP status) of the digital sig of the inlay, and still my friends from overseas report inconsistencies on the UK gates, ICAO PKD connection always up?

It was a very interesting project to be a part of.

What do you get when you allegedly mix Wireshark, a gumshoe child molester, and a court PC? A judge facing hacking charges

David Shaw

Re: Oh come on...

@AC 4-days ago: didn't Germany rule *nix distros as "being illegal" (due the inbuilt or easily added pentest tools)

David Shaw

Wireshark with lasers

as a tiny step towards preventing malware I always install Wireshark on all friends and family 'puters.

Also throw in a few virtualisation tools, such that any self-respecting spyware will notice its environment and possobly self-delete, just in case it is being tested in a VM.

I still haven't worked out why those "Russian Hackers" from Glos. managed to grow/gift me a 3.1GB single cookie file from a .co.uk website, so don't actually listen to me for security stuff....

One man's mistake, missing backups and complete reboot: The tale of Europe's Galileo satellites going dark

David Shaw

Re: Hiding in plain sight and disguised as another Global Navigation Satellite System

No, amfM1, I don't think so. though I don't know how random the pseudo codes are, so in stego theory, yes, but that's only a downlink - so no mesh.

I think it (Galileo) primarily came from the fact that L1 was unreliable due SPOF, serious CIP required a backup, "A-GPS," where A should be as many things as possible. Why not build one's own!

And there will always remain a serious question mark over your statement outside of ...3P C&C, to which I just answer, really?

Cubans launching sonic attacks on US embassy? Not what we're hearing, say medical boffins

David Shaw

Re: "Science" ?

I've always thought that it could have been a similar directed energy attack, a few kilowatts carrier at a microwave frequency to power another "Thèremin Thing"

if the microwave carrier interacts with another microwave carrier, you can have audio/sonic, due 'rusty bolt mixing' but there's also the https://i.blackhat.com/us-18/Wed-August-8/us-18-Guri-AirGap.pdf [pdf 5MB] considers Air-gap/faraday-cage room with cute plastic table & chairs, data jumping techniques ‘covert channels’ badBIOS, Fansmitters, high power infrasound, ultrasound, hypersound.

IIRC there was a described very high power piezo device transducer to get energy into a spooky diplomatic closed chamber & return data, or simply power bugs, but I seem to remember that was developed by "the good guys"

surely all spooky premises are continuously monitored from DC to light (and beyond) for any coherent/incoherent energy emanation?

Radio nerd who sipped NHS pager messages then streamed them via webcam may have committed a crime

David Shaw
Black Helicopters

no "DSMA" Notice?

you mean I can link to https://wikispooks.com/wiki/Pablo_Miller

without the sound of helicopters.....

We can go our own Huawei! Arm says it can flog chip blueprints to Chinese giant despite US trade embargo

David Shaw

Re: Applying sanctions is costly to both sides

https://www.youtube.com/watch?v=xu29F8NfRvI [YT "Bomb Bomb Bomb" is a decade-old parody of The Beach Boys Barbara-Ann, but might soon apply]

Hoping for an end point of sanctions, as cold sanctions are simply 'economic warfare' = at some point gets hot?

I'm not Boeing anywhere near that: Coder whizz heads off jumbo-sized maintenance snafu

David Shaw

Re: 737 MAX

Not only has the MAX a problem with the single sensor, its main problem , according to pilot friends, is because they fitted the extra powerful CFM LEAP engines (same as actually work on newer Airbus320) but the 737 MAX geometry, location of engines , is compromised by its lower loading height (almost no lifter required to delicately toss in the hold-bags)

Throw in the dubious poorly tested corrective anti-stall fly-by-wire software, and the fact that the actual BEST position for the CFM International LEAP-1B engines in the Beoing 737 MAX airframe would be about a foot below the runway!, and let's hope that Beoing can successfully rewrite impossible moment of inertia physics problems, by code tinkering. All allegedly. As who really knows?

Uncle Sam demands summary judgment on Snowden memoir: We're not saying it's true, but no one should read it

David Shaw

Has "Uncle Sam" banned ISBN 1615770178 (again?) yet?

https://www.amazon.com/Presstitutes-Embedded-Pay-CIA-Confession/dp/1615770178

ISBN 1615770178, this book just released in English following purchase of the rights of Udo's Gekaufte Journalisten from Kopp Verlag (Bought Journalists) which has, let us say, had a very difficult time in being made available. English rights were first bought by a Canadian company, which then seemingly 'buried' the book (I had never heard the extreme publishing term "Privished" until now)

Obviously the (2014 best seller in German) book might be wrong, nuanced, even deliberately subversive - or it might be accurate. make up your own minds, 'nudge'.

Udo Ulfkotte, the author of this, will sadly not become a millionaire, tho' he was made an honorary citizen of Oklahoma

Daaa-aaad. She took my coding robot. No, I had it first

David Shaw

don't forget those cardboard VR kits etc to augment any Nintendo Switch owning families

Nintendo Labo Toy-con 04: VR Kit - Starter Set + Blaster (Nintendo Switch)

Nintendo Labo: Kit VR - Nintendo Switch & camera expansion pack

add a bit of velcro, bits of head-torch straps etc, and preferably a carpeted room, and your kids can experiment rather than just game

Haxis of evil: Russia, China, Iran and North Korea are 'continuous threat' to UK, say spies

David Shaw

a slight difference between totalitarian regimes and democracies

I cannot say that I have noticed this distinction personally, as when I bought a HP server from Canada for my work, the airwaybill showed that it was delivered from a Military Software Company based in Tel-Aviv.

Surprise, surprise - shortly after it was put into service (it cost €50K) - my research lab was hit by a mystery virus, massive exfiltration, until we unplugged the lab. Remnants of the virus (the signature left in windows Trash) seemed closely allied to the Duqu virus.

If my local democracies' allied squirrels had wished to know what my lab was doing, I would have willingly answered any and all questions by phone - would have organised and allowed visits from even those wearing sunglasses, but no - someone has to play with totalitarian toys, even in "democracies". I can of course NAME all of those involved, but that is not helpful, they were just doing their jobs.

Back to 5VEY "the continuous threat to"- meme it was summed up in the 1920's/30's by HL Mencken

The whole aim of practical politics is to keep the populace alarmed (and hence clamorous to be led to safety) by menacing it with an endless series of hobgoblins, all of them imaginary.

he also witticised that "Democracy is the art and science of running the circus from the monkey cage" - maybe, and Mencken even predicted, as befits his regard as one of the most influential American writers of the early 20th century

....On some great and glorious day the plain folks of the land will reach their heart’s desire at last and the White House will be adorned by a downright moron

I couldn't possibly comment

Assange fails to delay extradition hearing as date set for February

David Shaw

A British Ambassador was in the court hearing yesterday

and the judge seemed to be being briefed rather too closely by the US Embassy representatives

https://www.craigmurray.org.uk/archives/2019/10/assange-in-court/

Possibly Craig Murray's first hand account is wrong, I'll leave it to the 77th Brigade to reply

American intelligence follows British lead in warning of serious VPN vulnerabilities

David Shaw

Re: What's that ?

remote takeover and connection hijacking flaws in VPNs that were *first publicized in April of this year*

er... didn't a certain former Hawaii resident (now wearing a fur hat) mention several years ago that the start-up phase of any encrypted tunnel, sesh, VPN etc was highly targeted by his former contractual buddies; so I think VPN's are , and will always remain, virtually private, rather then being *actually* private in the real-world.

Just let us have Huawei and get on with 5G, UK mobe networks tell MPs

David Shaw

I think that all big data systems have always had a role for snarfing/scarfing as much IP & juicy contractual details as they can, whilst of course protecting against Hobgoblins. The FVEY ECHELON program has always been accused (often by the French, but Germany had some claims too) that it stole industrial secrets, compromised sealed bidding process for large contracts.

The political prisoner and former hacker Assange exploited some of this when he ran a TOR exit server, scarfing the plaintext outflow, (as many others were doing) as one of the first sources of the wikileaks project.

You are right that China presents a scary model of where our society might go, and serious thought should be given about allowing any particular nation as much access and control over big data, as our nations would like to have, or currently do have.

" A country known for stealing IP " is a very broad brush at present!

MacOS 'Catalina' 10.15 comes packed with exclusive security fixes – gee, thanks, Apple

David Shaw

Re: Apple's advert for Catalina/Sidecar on their website is potentially misleading.

good finds!

I personally have stuck at High Sierra as Mojave was so buggy (buggy as in a full 30 days of repeated repair effort required to get a retina MacBook pro to boot reliably with Moja)

I did get my 2012 Mac Pro running Mojave for a test (theoretically impossible to due 1GB GPU)

I booted from a fast 256GB SSD on USB2, Mojave worked fairly well for this short test, with some missing graphics elements. It ran fast, so must have cached something on my system SSD or a ramdisk.

i wonder if I can boot my 2012 beast (10TB HDD, 12G RAM) with Catalina over USB2, a hidden quirk that Apple seem not to have blocked yet

*Microsoft taps your shoulder* Hi sorry yeah, we're still suing US govt for right to tell people when they are spied on

David Shaw

there be squirrels

Having been invited to attend several standards development meetings of the committee for the Lawful Interception of telecommunications for my work in an oversight body, it was mildly amusing to be called to my local bank branch a couple of years later.

I attended the bank, and had a kilo of paperwork thrust at me, "purely routine" 'privacy regulations' "sign here, here & here to accept an anti-terrorism probe of all of your life, family, money & everything" - so I signed with a smile. (I have yet to find any other colleagues, out of the approx 46K in my work, who had to similarly undergo such a "routine" procedure)

Thank goodness for Italian privacy laws, as the rest of my 'spooky followers' & service-providers have not yet got around to mentioning that I am being followed/pinged/bulk-personal-datasetted etc, perhaps an oversight on their part?

[it continues, as I received 2 (instantly deleted) WhatsApp messages at 22:41 & 22:44 CET on Wednesday 17th April, and a quickly dropped call from the same +39.3347320513 - the weeks before WhatsApp was updated to protect against the “buffer overflow vulnerability in WhatsApp VOIP stack which allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number,” _ I have of course called the 'owner' of that number, and a startled young person in a rather echoey room answered, but could neither confirm nor deny that he knew anything about anything.]

there be $$$

macOS? More like mac-woe-ess: Google Chrome slip-up trips up SIP-less Apple Macs

David Shaw

Re: SIPping

there are more ICT SIP's out there, here's one that I remember, but then I worked for STET

Disgraced ex-Kaspersky guy made me do it, says bloke in Russian court on hacking charges

David Shaw

all true, Russia has always been corrupt, currently is corrupt and always will be corrupt!

as this court ruling from The European Court of Human Rights makes clear

... https://hudoc.echr.coe.int/eng-press#{%22itemid%22:[%22003-6486375-8551786%22]} .. (choice to d/l 145kb pdf in French or English)

tho' one of my antivirus is/remains Kaspersky, and I was rather surprised by some of the other findings in that ECHR judgement, rather counter-narrative

Nice work if you can grift it: Two blokes accused of swindling $10m from the elderly with bogus virus infection alerts

David Shaw

just saw a similar scam on an elderly person with a mac this week

they had a quite specific warning about malware in a Safari page, and to "click here to delete it" (actually d/l some crud)

but it was a double attack - either deliberately or accidentally, the first google hit with the specific virus text took me to a YouTube channel run by a Lithuanian IT 'doctor' whos ten minute 'clean your mac of this specific virus' suggested downloading a specific 'free' Mac virus scanner - which the community has noticed scans for hours, slowing the mac down (mining?) pops-up a warning that 24 files are infected - but won't reveal which ones, until you pay and claims that for just $80/year it will make things completely better again

more details available, should you need them, the YT page was just opened last sunday (but the video/malware/gouge-ware/"scanner" was much older)

at least there are (allegedly) less bank robberies

US government sues ex-IT guy for breaking his NDA (Yes, we mean Edward Snowden)

David Shaw

Oh, he has a book out?

I guess I'll go and buy it then!

(Was I the only person visiting/working in the Home Office who noticed when GCHQ started to phone senior mandarins on the afternoon of the start of the Snowden crisis?)

We were all having tea at the time, very nice hospitality too, very professional people

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020