Posts by petef

Post Office

This has shades of the sub-postmaster "fraud" debacle. How can a computer possibly get things wrong?

1½SV

This is likely to be 1½FA in practice. If your phone is compromised, e.g. stolen, then it will likely be able to disclose emails, texts, etc. So these "extra" factors are nothing of the sort.

I was called upon to make a 6,000 mile round trip from Scotland to the Sinai. Once there I swiftly resolved the problem by reseating the cards in the minicomputer. In addition I had just made it home from my previous assignment at 9 am and was in my first taxi at 11 am.

Good while Authenticator works

This afternoon my broadband dropped out twice for a few minutes at a time. Openreach are rewiring the cabinet round the corner from me. On both occasions I could not reconnect to my company VPN because Authenticator failed to respond. I reset the phone which seemed to jolt it back into life.

Reverse situation

I used to provide field service for systems in the deserts of the Middle East. There was one fault that was annoyingly intermittent. My approach was to turn off the AC and bake until the fault persisted. I was then able to diagnose it and so effect a repair.

Google News

Despite using RSS for many years I will not miss Google Groups. I rarely use that directly but it remains the prime source of spam into mailing lists that I read using RSS via gmane.

I do however have a couple of RSS feeds from Google News searches. I wonder how long those will survive?

You say Oslo-based but the ownership is Chinese since 2016.

Eternal September

The signal to noise of Google originated USENET content has been really low for years. So I am not sorry to lose their traffic.

Show me the money

I am a long time consumer of RSS (and indeed NNTP). The abandonment of Google Reader was a shock but I found that Feedly filled the gap.

RSS/Atom is a great way to disseminate content. It is poor at tracking personal user data and delivering ads. I genuinely wonder why Google choose to reinvest in it now.

Microfiche

I still have my portable microfiche reader. You just peer through a lens and hold it up to the light.

In my experience most features that enhance security are adopted more quickly by the bad guys.

Out of Touch

I used Touch for many months on Android. Flow was neat but limited to a pair of devices. And now it is available in the main Opera for Android.

The killer for me with Touch was the lack of password saving.

Public?

I do hope that they were only scanning public repos and not private.

Hold For Me?

I wonder how well Hold For Me performs. I have had too much experience recently of contacting utilities, etc on behalf of an elderly relative. The general pattern is to play muzak for a bit and then tell you how important your call is to them. I had my hopes raised the first few times, I don't think a bot would fare much better. The worst was AA insurance who I gave up on after 45 minutes on hold. Their repeated message was "we are here for you 24/7", patently not. They eventually responded to my earlier email after two days. I say the worst but I am into my third month of waiting for BT to switch to the Basic account we are entitled to.

Made in ...

So is Nokia gear all manufactured in Finland? Just asking.

BlueFrag

Leaving aside support for Android 5 and earlier, Android 6 to 9 are vulnerable to click-free exploitation by BlueFrag if you turn on Bluetooth as required by the app. Android 10 can only be DOSed.

Security patches may be available, a security update of March 2020 addresses the issue. Unfortunately my Moto G5s is two years old and security updates stopped at August 2019. Customer support told me that no more security updates will be released. YMMV.

I have no other need to enable Bluetooth so I am left with a dilemma. Risk infection of my phone or myself and others. Proof of concept code for BlueFrag is publicly available so even skiddies can write exploits.

The app will not allow me to scan a QR code if Bluetooth is disabled, dumb logic.

Clippy 2.0

"hopefully not obscuring that critical bit of information with a giant head"

Now here is an original idea. The presenter could be represented by an avatar that hides little. How about a talking paperclip?

Unix too

In the early days of Unix on PCs (Interactive Unix, pre Linux) my team had 386 workstations. My colleague asked me to remove my user account from their machine to free up space I did that but left just a login with a home directory of root. That should have been that but the owner then decided to completely remove my account, blithely answering yes to questions such as remove home directory. The re-install involved a box of floppies.

Excel users == skiddies?

HUGO have given up the fight on naive use of Excel. There are many pitfalls for average users.

https://www.theregister.com/2020/08/06/excel_gene_names/

I thought this would be a story of dual 5¼" floppies. Occasionally I had to retrieve one inserted between the two drives.

The devil you know

Leaving aside the performance hit for a moment what security analysis was done on the proposed feature? I'm not saying that it is obviously flawed but existing side channel attacks have taken a long time for white hats to identify.

BlueFrag

I have just had a reply from Motorola customer services confirming that my Moto G5S will not have its security level patched beyond its current Aug 2019 level. That is despite it being less than two years old. So my Bluetooth needs to remain disabled. A security level of Feb 2020 is needed BlueFrag can infect Android 8 or 9 without user interaction.

BlueFrag

Android 8 and 9 are vulnerable to BlueFrag. That can steal personal data without the owner clicking anything. Android 10 is also affected but it only crashes Bluetooth, no data is stolen.

This is not directly related to the NHS app or Google's alternative but it spreads over the same channel. The only mitigation for BlueFrag on unpatched phones is to keep Bluetooth disabled.

The dodgy Android code was fixed in the Android security patch of Feb 2020. You can find out your patch level in settings, somewhere near the bottom usually.

My phone, a Moto G5S, is less than two years old but is only at an Aug 2019 security level. The Motorola web site confirms that is the latest. It seems that security updates end 24 months after the launch of a handset. So I leave Bluetooth off. I might consider short sessions in private.

https://insinuator.net/2020/04/cve-2020-0022-an-android-8-0-9-0-bluetooth-zero-click-rce-bluefrag/

Correlation is causation

What this really proves is that the coronavirus is building the 5G masts.

Obligatory xkcd

It's not ESA but still https://xkcd.com/695/

RBS have many things to answer for but did you mean to say Bank of Scotland in your institutions who are ignoring you?

Travelex Is Totally Stuffing Unwitting Partners

I've been there. The colours were bleeding on my CRT TV so I got it down off its shelf, back off in front of a mirror, manual open to get going on static convergence. But the picture was fine. At that point I twigged that putting my HiFi speakers either side of the TV was not my brightest idea.

Premature disclosure

Why have Fidus gone public with this now? It is customary to give reasonable private notice so that security holes can be plugged before every skiddie is given a chance to exploit. According to Fidus they reported the vulnerability on the 18th and it was patched on the 19th. That is way too recent to have rolled out to all users. Fidus should have kept quiet.

I have often wondered how many autofills populate hidden fields in addition to the visible ones.

I thought that our licence fee was meant to pay for huge fees to stars (or their PSCs) quality programmes. This looks to be out of scope.