* Posts by Rimpel

151 publicly visible posts • joined 24 Aug 2010


What's that? Encryption's OK now? UK politicos Brexit from Whatsapp to Signal


Re: "Tinge of irony"

Labours policy on encryption: 'For the few not the many'

HTC U12+: Like a Pixel without the pratfalls, or eye-watering price tag


Re: HTC Sense

look for 'sense flip clock and weather' on the play store...

Gmail is secure. Netflix is secure. Together they're a phishing threat


Re: Or: Netflix ignores periods in addresses.

It does mean that I can't register an email address Vince.H@gmail.com and send phishing emails that tricks the recipient into thinking it is from you.


>Ignoring dots when registering is a good idea. Doing so for receiving/sending mail however is not.

If you ignore the dots when registering it makes no difference at all whether you ignore it for sending or receiving because there can't be a separate email address at that domain that differs only on punctuation.

Who wants dynamic dancing animations and code in their emails? Everyone! says Google


El reg ads

I have many rules set up to block parts of this site to make it tolerable for me, such as the masthead, that annoying sticky menu I've never used, all images (yes really), that right hand column, the social buttons etc. To have ublock origin do this I can't whitelist the site so the ads get blocked too.

This has been asked before but not answered: How much revenue do you make if I read roughly a third of the articles you publish and never click on an ad? I'd probably be happy to donate that amount to you and continue reading the site as I want to.

Who's using 2FA? Sweet FA. Less than 10% of Gmail users enable two-factor authentication


Re: SMS 2FA shouldn't even count as "security"

@ adrian 4 "you're suggesting passing the authentication secret over the open phone network"

yes, so what - it's a one time secret. If you manage to eavesdrop on that message somehow, how are you then going to enter it into my browser that requested it?

Proposed Brit law to ban b**tards brandishing bots to bulk-buy tickets


decent seat

wait - who sits down at gigs??? :-)

Investigatory Powers Act: You're not being paranoid. UK.gov really is watching you


Re: No surprise

@James 51 >The ECHR will be next.

That's always been the plan. Theresa May made a speech calling for us to withdraw from the ECHR while she was home secretary before the brexit vote had happened and while she was a remainer.

Facebook's send-us-your-nudes service is coming to UK, America


Re: Hash?

It's not just a hash of the file. According to the article in ahem the guardian which has significantly more information than this article, it does use Photo DNA whose ' “hash” matching technology made it possible to identify known illegal images even if someone had altered them'

At least soon facebook will have all of the 'necessary hashtags'.

ATM fees shake-up may push Britain towards cashless society


Re: Cash just in case

Come January all retailers are banned from charging surcharges for using a debit or credit card. Unfortunately this means your 70p chocolate bar will now cost £1 but at least you won't be penalised for using a card...

FBI: Student wrestler grappled grades after choking passwords from PCs using a key logger


@johnfbw Re: FBI make federal case out of school keylogger

"The university, meanwhile, told FBI investigators it had cost $67,500 to probe and clear up his alleged actions."

I read that as that was only the cost to the university, so nothng to do with FBI salaries etc. So I read the actual pdf: I quote #39

"According to the Uni of Iowa, the IT costs associated with their internal investigation, response to the discovery of the breech (sic) and remedial steps taken to update the Uni security is approx $67,900. This does not include the non-IT costs associated with professors reviewing their grades and updating their exams"

so yeah i call utter BS.

VPN logs helped unmask alleged 'net stalker, say feds


Re: Not sure why they outed PureVPN

> As far as I know, PureVPN has never claimed not to retain logs

quote "We Do Not monitor user activity nor do we keep any logs.". "PureVPN specifically chose Hong Kong (HK) for its headquarter because there are "No Mandatory Data Retention Laws" in Hong Kong"


AI slurps, learns millions of passwords to work out which ones you may use next



see diceware, it's based around rolling dice to select the words from it's dictionary. www.diceware.com

As suggested by The Intercept. https://theintercept.com/2015/03/26/passphrases-can-memorize-attackers-cant-guess/

"The Diceware method is secure even if an attacker knows that you used Diceware to pick your passphrase, knows how many words are in your passphrase and knows the word list you used. The security of Diceware comes from the huge number of combinations that an attacker must search through even with that knowledge . The Diceware word list contains 7776 words, so if you pick a five-word passphrase, there are 7776 x 7776 x 7776 x 7776 x 7776 combinations. That is over 2**64 (2 to the 64 power or 2.6 X 10**19) possibilities. A six word Diceware passphrase confronts an attacker with 2**77 (2 X 10**23) combinations; seven words 2**90 (1.5 X 10**27)."

So thoughtful. Uber says it won't track you after you leave their vehicles


Re: App update descriptions

Like the mysterious windows 10 update KB4033637 that was released yesterday and doesn't have an entry on the MS website



UK.gov snaps on rubber gloves, prepares for mandatory porn checks


Re: "The government is also expected to ... appoint a regulator to police the sex websites"..?

>I wonder what kind of qualifications they'll be looking for ...

O & A levels...

50th anniversary of the ATM opens debate about mobile payments


Re: Extinct in ten years?

To pay a stripper you must use contactless, that's the rule in a strip club...

Google wants to track your phone and credit card through meatspace


Cashback sites receive your card transaction details

The 2 main cashback sites in the uk both have similar schemes whereby you can register your credit/debit card with them and then by using that card for purchases in certain high st retailers you automatically receive a % cashback in your account.

I'm not sure exactly how they get the data but I've never been particularly comfortable with the fact that this is possible. So I presume it must be fairly easy for anyone to get hold of all of your credit card transactions, google included.

Webroot antivirus goes bananas, starts trashing Windows system files


Re: They're running Norton Antivirus too...

Take a look at the current av tests here. I was using Avast but I got fed up of it's nagware, currently I'm using bitdefender (free)



Mastercard launches card that replaces PIN with fingerprint sensor


re It seems to require a permanent connection to check it against MC's servers?

From the article, sentence 3.

"Their fingerprint will then be verified against a template stored on the card"

SPY-tunes scandal: Bloke sues Bose after headphones app squeals on his playlist


you need to have both GPS and Bluetooth turned on to use it

Does it actually need GPS or just location services? On android I believe location services have to be enabled in order to use bluetooth because google. That doesn't excuse Bose for slurping data tho.

The play store says the required permissions are:

bind to an accessibility service

view network connections

pair with Bluetooth devices

access Bluetooth settings

full network access

WWW daddy Sir Tim Berners-Lee stands up for end-to-end crypto


Re: No, it's not settled

Amber, is that you?

Alabama joins anti-web-smut crusade with mandatory opt-out filters


Wow the bill has just 27 lines per page and a giant font (courier why???). Guess his eyesight is failing, maybe it is true that it makes you go blind after all.

From the definition of obscene material it states "The term includes material to which ALL of the following apply". If so the 4th clause thwarts it's application to most things.

(9) OBSCENE MATERIAL. a. The term includes material to which all of the following apply:

1. The average person, applying contemporary community standards, would find, taken as a whole, appeals to the prurient interest.

2. Depicts or describes, in a patently offensive way, sexual conduct or excretory functions.

3. Taken as a whole, lacks serious literary, artistic, political, or scientific value.

4. Facilitates or promotes prostitution, assignation, human trafficking, or sexual cyberharassment.

Home Office accused of blocking UK public's scrutiny of Snoopers' Charter


So they expect people to respond to the 413 page document in 6 weeks, yet it will take them 3 of those weeks (20 days) to respond to a letter???

Huge if true: iPhone 8 will feature 3D selfies, rodent defibrillator


Re: Don't forget the female sex toy feature

rounded corners?

Republicans send anti-Signal signal to US EPA


Re: Plausible deniability

It can only be detectable if either the communication was using a department issued device or was sent using the departments network.

You seem to be a bit confused talking about message headers and virus checkers. Are you thinking of email, which is not what the article is talking about.

So, the new font, then

Thumb Down

I dislike it

Stylish to the rescue...

Firefox bares teeth, attacks sites that collect personal data


Re: Good job...

I didn't notice as the articles are still using http. However none of my rules include the scheme so I wouldn't have to change them for a switch to https anyway.

As for the images - I just block regmedia.co.uk :-)

Jimbo Welshes on pledge to stop fundraising





Information on smart meters? Yep. They're great. That works, right? – UK.gov


Re: Gosh, but it is sooooo useful

Sorry - why did you stick your kettle in a drawer?

Guessing valid credit card numbers in six seconds? Priceless


Re: Partial article

Frmo the paper it starts from a known card number. 60 guesses gets you the expiry date, a further 1000 to get the cvv.

You don't need to guess the whole address "Different websites perform varying levels of verification on the address field’s numerical digits, ranging from verifying just the numerical digits in the postcode (partial match), to the complete numerical digits in postcode plus the door number".

But 291 of the ~400 sites listed don't validate the address anyway so you would be able to use those sites with just the expiry + cvv.

I'm quite glad I'm accidentally with mastercard.

Firefox hits version 50


Re: Android

Does it support text reflow yet? That was the deal breaker for me.

Google's home tat falls flat as a soufflé – but look out Android makers

Thumb Down

The extra 96Gb in the 128Gb version comes at a premium of £100

A 128Gb SD card can be picked up for <£30, 200Gb for £60.

Oh and I already have a 128Gb SD card so for me the premium is £0

Will US border officials demand social network handles from visitors?


Re: Stupid questions...

"Mr northhants you seem to be attempting to bring a foreign burner phone into the USA. Would you like to follow me to the 'interrogation room'"

Great British Great Bake Off gets new judge


Re: "Most watched TV Show"

>I don't believe any of us (other than the householders) would have counted towards the viewing stats.

It's unlikely that any of you actually counted towards the viewing figures - do you realise that they are just estimates based on monitoring a few specific households?



Re: "Most watched TV Show"

>I don't believe any of us (other than the householders) would have counted towards the viewing stats.

It's unlikely any of you actually counted towards the viewing figures - do you realise that they are just estimates based on monitoring a few specific households?


Delete Google Maps? Go ahead, says Google, we'll still track you

Thumb Down

Impeccable timing

Last night I got a notification from google maps saying 'Caffe Nero - Answer quick questions to help others'. I nearly had a heart attack :-)

Tim Cook: EU lied about Apple taxes. Watch out Ireland, this is a coup!


Re: Show your working

> It's not like the iCloud is based in a different plane of reality.

no - but it is behind a reality distortion shield

Corbyn lied, Virgin Trains lied, Harambe died

Paris Hilton

Re: "Rammed"




1. roughly force (something) into place.

2.BRITISH informal

(of a place) be very crowded.

"the club is rammed to the rafters every week"

icon - Paris knows what it means

Vivaldi's tweaky grinders fire out another release: Add themes, security


You can disable the speed dial tiles so you just get the one plus, bookmarks and history. Go to settings/start page and uncheck speed dial layout/show add button. I find that unobtrusive enough personally.

I much prefer vivaldi to chrome and they are the only 2 options I have here at work. sllimjet is blocked so that's a non starter.

Citrix's GoTo goes to LogMeIn in $2bn merger


Re: LastPass and LogMeIn

Did you try keepass as it seems to fit your criteria?. It runs on unix (under wine), integrates with firefox and chrome (using keefox and chromeipass respectively), supports any cloud storage as it is just an encrypted database file, it does have a BB10 app and KeePassDroid is on the amazon app store.

US standards lab says SMS is no good for authentication


Lost phone

SMS is an advantage over an authenticator app if you lose your phone. Getting a replacement phone and sim set up is pretty quick and straightforward, however contacting the customer services for each authenticated service to regain access is a pita.

I went through this recently when my phone broke and I no longer had access to the authenticator app, I've switched to SMS now where possible.

Ad blockers responsible for rise in upfront TV ad sales, claims report


Re: What the eye doesn't see, the heart doesn't grieve over.

I extend that policy to any company I see advertising on the displays installed on the top of london taxis, and I wouldn't use a taxi that has one on top either.

Cracking Android's full-disk encryption is easy on millions of phones – with a little patience


inevitably weak pin/password

Android uses the same pin/password for FDE as the lock screen. Due to the inconvenience of having to enter the code every time you unlock your phone it is likely to be weak so brute forcing the FDE should be trivial.

Meet the grin reaper: Password manager now snaps login SELFIES

Thumb Down

Re: Terrible idea

re 2. they claim they don't

" Each user has his or her own access and encryption key, and no one else knows what that key is. LogmeOnce’s employees and servers do not have access to your credentials"

I agree with your other points though. And taking a photo adds no more security than any other 2FA, personally using google authenticator or a push notification like google have just introduced is far more convenient.

If they don't have your master password you will have to enter it, so you can't 'choose to no longer type it in' (from the article)

Password reset: 45 million creds leak from popular .com forums



Not exactly - the built in password generator you refer to is called 'Hex Key - 40-Bit' as per your examples. However the passwords in the article include non-hex letters. So similar, but not the same.

Welcome to the jumbo: Axl Rose tries to take a bite out of 'Fat Axl' internet meme


Re: Missed one

There is no point getting to a GnR gig early as Axl will be 3hrs late as usual.

Why does an Android keyboard need to see your camera and log files – and why does it phone home to China?


Gmail requires microphone permission

slightly OT... On my phone I recently denied all apps access to the Microphone (running Cyanogen OS). Viewing mail in the gmail app works as normal but while composing a msg I get the following message every 30s or so:

"This app won't work propertly unless you allow Google Play services' request to access the following: - Microphone. To continue, open settings, then Permissions and allow all listed items. [Cancel] [Open Settings]"


You've got a patch, you've got a patch ... almost every Android device has a patch

Big Brother

We can't have apps spy on victims

That's googles job.

'Windows 10 nagware: You can't click X. Make a date OR ELSE'


Re: Then again...

But will that still be possible once the switch to monthly rollup bundles is complete? What is the likelihood that the first update contains all recommended kb's including the telemetry?