* Posts by taxman

428 publicly visible posts • joined 14 Sep 2010


Infosec big dogs break out the bubbly over UK government's latest cyber strategy emission


Re: They can keep their mitts off

I just hope it wasn't too taxing for you, and that you didn't spend too much revenue on a custom job.

Zuckerberg wants to create a make-believe world in which you can hide from all the damage Facebook has done


Niantic's Version

It's not just this guy who wants to change the world as you see it. Niantic (you know, that Ingress, Pokemon, Harry Potter and failed Catan company) aslo want a version of the same thing - except John Hanke calls it AR instead.


Calling the Metaverse a Dystopian Nightmare, his vision (no pun) is for people to walk around the world wearing glasses that "transform" what is there into an alternate world laid over the real world. To get this Niantic are using the players of Ingress and Pokemon to scan street images that will then be incorporated into these "alternate worlds".

Tied up with Nintendo, Niantic have just released a new "experience", Pikmin Bloom, which I hope the world will not look like in the future. If it does then you'll know that the Teletubbies have taken over.

G7 countries outgun UK in worldwide broadband speed test


For no extra cost?

Could someone in El Reg contact this spokesperson again and find out where these "deals" are available? I think that there would be a big rush if we knew! Or do they mean all these "Special Deals" where you pay a small amount for a set period then have your pockets and wallet ripped apart by the huge hike to the "normal" charge plus the obligatory 3.*% annual increase in charges that now exist.

But just had to have the wire from pole to house replaced (free through EE/OpenReach as there was a fault, as in old 1960's cable broke and was exposed to the elements). Chatting to the engineer about cable developments and he mentioned that they are now undertaking quite a number of FTTP bits of work where by the fibre goes from pole to house.

You walk in with a plan. You leave with GPS-tracking Nordic hiking poles. The same old story, eh?


Blind Faith anyone?

The Nivana album cover was pretty tame compared with the cover of that from Blind Faith. Another child sold for fame by her parents.

And if you have a copy of said album it might be worth putting it in a brown paper bag in case you get snitched on for, ahem, child pornography!

Impressive band line up though.

Flushing roulette: Southern Water installing digital sewer monitors to prevent blockages


Re: Well considering

Ah, Budds Farm!

Certainly has expanded from my childhood and teen years of going to the next door tip with catapult or air rifle for ratting. Hot summer days were interesting when working at the Havant IBM plant in the "temporary" office buildings with the pervading odour of said farm wafting through the closed windows.

But that part of Langstone did have (and perhaps may still have?) the most wonderful smelling black mud that gave up large numbers of cockles and also rag and lugworm for bait.

What you need to know about Microsoft Windows 11: It will run Android apps


Only Some Android Apps....

Read the small print. Only those available from the Amazon App store, @500k. So not all those other couple of million on the Google Play Store. Not really big news then.

Britain to spend £22m influencing Indo-Pacific nations' cybersecurity policies against 'authoritarian regimes'


Gov Overseas Work

This has been going on for some years now, with Civil Servants from the UK getting a couple of weeks in the sun looking at African countries set ups, writing a report while sat round the pool and topping up the tan. Nice jolly that may attract a promotion or sometimes a gong.

Most advice goes along the lines of lock doors and windows when office is closed, put decent locks on doors and bars on windows, don't write down passwords, carry bags away from the roadside and so on.

Mike Lynch-backed Darktrace to file for London IPO in aftermath of Deliveroo flop


As I recall....

....this company tried over the years to get a handhold into the UKs money taking Gov Dept without success.

Makes one wonder on how well their deep-dive into networks and reporting mechanisms were viewed if that Dept would not engage with them.

UK taxman plonks £23bn (sorry HMRC meant £23m) on the table, asks vendors: OK, so what can you do for us in terms of 'mobility services'?


Correction made

Might have guessed that it wasn't the right info (CapGemini/Fujitsu services on offer)

Correction published https://find-tender.service.gov.uk/Notice/005321-2021

Splunk junks 'hanging' processes, suggests you don't 'hit' a key: More peaceful words now preferred in docs


Obesity reference objection

As in heavy forwarder - surely they should not be using such a term? Unless they realise that this does appear to be a problem in the US?

Legacy IT kit is behind 80% of UK taxman's pandemic costs, says spending watchdog


Re: You pays your money...

"Even without knowing which government department this was it would be plain that said department was run by accountants."

Most are, but their budgets are set by the accountants the departments work for. In the end it is Treasury that determines what funding a department will get and it often works out that it is not enough. For the past decade HMRC has had to give up a huge amount to meet the Austerity Challenges the government set. This delayed even further any plans for modernising and only just about let development go ahead to meet new requirements from government.

Not that long ago there were numerous dependent legacy systems still running on NT4.0 let alone Windows 2000 or Server 2003. Can't guess how many still are. These all need bringing up to date to be able to run on later OS. But it's not a simple matter of switching over as many of the services running on the old kit are interlinked and need to run 24 hours a day.

Perhaps it would have been better if the government had paid for system integration when HM Customs initially joined with the Inland Revenue than let it drag on for a couple of decades, retaining separate systems then slowly merging when the string holding them together started to unwind.

Big trouble now is that many of the folk who knew the systems, network and code have left. So it costs another arm and leg in getting network surveys undertaken, then understand the interdependencies and critical nature of system use.

Another bite on the bum

What can the 1944 OSS manual teach us before we all return to sabotage the office?


21st Century Quibbles

Sorry, I can't work from home due to the Tier restrictions on travel. Oh, you want me to work at home not from home! Why didn't you say so. You were going by the HR instructions? Well, if you think about it the only folk here who work from the office are those who travel about. The rest of us work in the office. So yeah, really we should be being told to work in the home or at home.

Do you think we should get something put together to present to HR so that we can have clarity on just where they want us to work: at home or at the office or from the office or from home depending on what the job role is and tier restrictions are?

Are you really sure you meant that?

Funny, that: Handy script for wiping directories is capable of wreaking havoc beyond a miscreant's wildest dreams

Paris Hilton

The Story of 'O'

Doesn't quite follow the book or film that 'a friend of mine' has in their library.....

Although being 'beaten into submission' does appear .....

Irony, thy name is SANS: 28k records nicked from infosec training org after staffer's email account phished



The words hoisted and petard come to mind on reading this news item, but then again it really just goes to show that what is taught and tested to those of us who pay should also be preached and tested to those who are employed (consultants and full time staff) by SANS.

Perhaps SANS should in future make it a condition that all their employed staff undertake and pass their own courses in addition to putting in robust measures to filter or indicate potential "bad" emails?

Pokémon Go players fined for breaking down-under COVID-19 lockdown rules


Re: Crazy

So playing a GPS game based on being at real world locations (except that isn't the case) but doing it in a "virtual world" just seems to imply that the game you play could be run from being in a virtual world anyway ?

Going back to the item tho'. It just goes to show that there are a number of adults who think chasing after imaginary creatures based on code held in a database being actually on their streets is healthy.

E-scooter fanboy so hyped for Teesside to host UK's first trial


You obviously don't have any experience of Teesside, Have had 35 years there I agree you won't see many left lying around. Most will be lifted off the streets and later found around South Bank, Redcar, Cargo Fleet, Stockton, Thornaby and Haverton Hill.

Easyjet hacked: 9 million people's data accessed plus 2,200 folks' credit card details grabbed


That's a first!

So it is earier getting data and creadit card details from EasyJet than getting a refund on a cancelled flight!

Was due to go to Krakow in March but as Poland shut the airport EasyJet cancelled the flights. Got a refund for the flight out - but the flight back has been deleted from my bookings making the task of applying for a refund a tad difficult. Trying the creditcard route but they are similarly in being un-cooperative.

Capita, Fujitsu and pals tuck into slices of £3bn London NHS framework


3 Billion for IT?

Well I just checked the calendar because, well you know, it's easy to lose track of days at present. But nope. It's not April 1st!

We're doomed! Doomed, I tell you!

Crooks set up stall on UK govt's IT marketplace to peddle email fraud services targeting 'gullible' punters


Replacement for TITSUP

You guys need words for COCKUP, for future Cabinet Office efforts to confirm their continued qualification of the IT equivalent of the Darwin Award.

Brit competition regulator will soon be able to seize rogue traders' domains – and even Amazon accounts


So by saying...

"........ that the new powers are entering UK law as a result of changes made at EU level.", does that mean that if the UK had not been in the EU that this would have gotten onto the statute books?

If so then perhaps a good job things were delayed a tad.

Dutch spies helped Britain's GCHQ break Argentine crypto during Falklands War


Great name, great beer

From Augustiner. Delicious dark 7.5% beer. One to drink slowly, and goes great with a venison stew and rye bread. Can understand why the BND staff liked it.

Interesting that news of this group is now open source. But like all good secrets....

As Brit cyber-spies drop 'whitelist' and 'blacklist', tech boss says: If you’re thinking about getting in touch saying this is political correctness gone mad, don’t bother


May we still use

the terms of Dr Death and the Hobbit when referring questions to NCSC?

Bye, Russia: NASA wheels out astronauts, describes plan for first all-American manned launch into orbit since 2011


Ah, the memories

Looking at the capsule and fins behind it I am strongly reminded of the capsule of Fireball XL5!

Browse mode: We're not goofing off on the Sidebar of Shame and online shopping sites, says UK's Ministry of Defence


Re: Amazon

Why are they looking at amazon.com rather than .co.uk? Probably because there are regular visits to the US by MoD staff who could buy for themselves or pickup for colleagues without having to pay import tax. And not just visits to the US but they have a number of staff across the globe who would not use .co.uk.

But as a CS person of some years I am really surprised that the Daily Fail is so high up the list. That rag is not really read by the majority of CS staff.

Hey, Brits. Your Google data is leaving the EU before you are: Hoard to be shipped from Ireland to US next month


Government and Personal Data

Offshoring of Government data (that is any data held by Gov Depts being) has been fairly strictly controlled to a few countries. If memory serves me right it doesn't like any data going outside the EEA.

So I wonder if the Cabinet Office OGSIRO has issued a missive to Depts to ask which of them still us Google services. It wasn't all that long ago that some *large* ones did.

See also https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2020/01/statement-on-data-protection-and-brexit-implementation-what-you-need-to-do/



Latest battery bruiser Android from budget Moto G range appears ahead of MWC after an Amazon whoopsie


Working outdoors

...in the UK it is really useful having a phone that can stand being used in rain - often. Shame this phone is only rain resistant (so would need drying off thoroughly before being put int a pocket again).

Not call, dude: UK govt says guaranteed surcharge-free EU roaming will end after Brexit transition period. Brits left at the mercy of networks


Has it started?

Try looking around for SIM only monthly deals. There used to a lot around at one point but now you have to be spending over £20 pm for data you don't want for the most part. GiffGaff still provide lower data levels for reasonable amounts, if you want to rely on the O2 coverage - not so good if you are in the Western part of the Isles. There are a couple of other smaller players too offering monthly deals. However, the big players have pulled out of these deals (latest being Three)and now require you to sign up for 12 or 24 month contracts if you want SIM deals at a similar price to their "old" monthly price.

El Reg tries – and fails – to get its talons on a Brexit tea towel



Still, we have ours on order anyway (£2.50 postage is not included). While it won't be here in time to mop up the spilled Champagne/floods of tears (delete as appropriate by the end of the month), hopefully it will survive to the end of 2020, when the real excrement will start.

Then it will be a bit damp, sport a few distressing stains and suffer a little fraying at the edges.

Welcome to The Reg's poetry corner... hiQ once again / beats LinkedIn on web scrape case / more appeals await


Take control

So if LinkedIn used, say, a WAF in front of their services that utilised rate limiting and repetition request rules to protect their customers being able to access their services how would the Courts deal with that? Could also go by reputation rules so that anything that looked like a scraper would be blocked if the browser action continued for several minutes it would get blocked for a cool down period.

All in the interest of protecting their service availability and customer access of course.

Pokemon No! Good news: You can now ban the virtual pests, er, pets to stop nerds wandering around your property


And the Rest of the World?

With respect to Pokémon GO in the United States:

So what about the rest of the world that also has to put up with these "players" cluttering up the streets and hanging around our homes?

And will this also be relevant to their other games like Ingress that uses the same locations, and the new Harry Potter "game" due out soon?

Veeam. Veeam. Veeeeeeeam. What was that? Oh, just the sound of half a billion bucks hitting backup biz's bucket


Veeam veeam

Does this mean that we can hopefully expect some interesting freebies at Infosec this year?

Word up: Embedded vids in Office docs can hide embedded nasties, infosec bods warn


MS Word conduit?

See icon

Got a new Surface? Have some firmware. Old Surface? La la la la la, we can't hear you


HP Sauce

Well my HP Touchpad is still working fine.

But I wonder how many UK Gov workers are having problems seeing as some Depts switched over to SP3s and 4s a couple of years ago.

Why are sat-nav walking directions always so hopeless?

Thumb Up

And even the free version provides you with access to enough maps and bells and whistles to enjoy while working out what those close brown wiggly lines mean to your rate of breathing!

Perfect timing for a two-bank TITSUP: Totally Inexcusable They've Stuffed Up Payday


Too much a coincidence?

One or two banks perhaps, but so many different businesses within a short space of time should make one think is there more to this than meets the eyes? Or is that just my normal suspicious self?

Still, glad I never made the decision to move over to using a mobile application. Never liked or trusted them.

Fallover Friday: NatWest, RBS and Ulster Bank go TITSUP*


Banks, banks and banks

Today the RBS group of banks (that all use the same firewall with such a single point of failure?), Barclays yesterday, Lloyds not so long ago along with Halifax. And so the list of names goes on. Seems to becoming more prevalent - and at a time when King Cash is being threatened. It does make you wonder if somewhere in the world there is a rubbing of hands.

Like tax? Love networks? UK taxmen have a job just for you


Re: Twaddle

At this grade it could be a CBE.

And how likely that the successful candidate could also be a Scot (or if an outsider some one from Sainsbury - HMRC appear to have given up on folk from Severn Trent and mobile phone companies for the time being).

Email security crisis... What email security crisis?


Re: Email is absolutely broken...

To secure YOUR sending emails you'll need the SPF/DKIM/DMARC trio applied - but that doesn't stop fraudulent email from coming in to you. In addition to setting up your own email receipt rules (like how can an email purporting to be from your own business be coming in from outside your domain) you need every other email sender to apply the trio - and/or use (read pay for) a propriety protection or alert system. Which is a growing industry.

The IETF have had plenty of time - and examples - to examine how broken email RFCs are and, along with the apwg and MAAWG, could have started to address some of issues (like checks on the header from address in addition to the envelope from address, IP/domain chains....). But perhaps they have realised that as use of email has progressed beyond that envisaged that it may be easier to try to educate to end user. Unfortunately that cannot be applied in many cases.

Dixons Carphone 'fesses to mega-breach: Probes 'attempt to compromise' 5.9m payment cards


Half a story

What I find interesting about a large number of these data breach stories is that so often there is one piece of information missing that is really useful - the period of the breach. This is not even mentioned in the press release from Dixons.

Techies! Britain's defence secretary wants you – for cyber-sniping at Russia


Joint Cyber Reserve

Had a thought about this way in, extra pay, chance to mess a bit with some more interesting pentest/hack/cracking stuff...then realised that perhaps the joint bit wasn't what I thought it could be when I read about the sailor being busted on HMS Queen Liz for peddling.

Sherlocks bong is the nearest thing

UK 'wife'-carrying champion named

Thumb Up

The Alternative one

Perhaps a little more trying for competitors with there being a little more up and down involved....it being Wales of course


Hypersonic nukes! Nuclear-powered drone subs! Putin unwraps his new (propaganda) toys


Trumps pal (allegedly)

Great announcement from the Russian Leader to enable the current US of A Leader demand greater spending on Defence (and De-Wall).

You don't think this is another way of "controlling" the US of A folk now that the social media front has been blown?

Scouse marketing scamps scalped £70k for 100,000+ nuisance calls


Re: And people wonder why we dumped our landline ?

And have you seen all the permissions the TrueCaller app wants to have on your phone? Microphone, picture gallery, camera, wifi connection info, com sec permission read and write......

Former UK.gov IT man and Python king's guide to neural networks


Re: Well...

Indeed. "That enabled them to expand from using just BlackBerry devices into support for Android, iOS and Chromebooks. "I was proud of that," he adds" Most still using Blackberry phones, odd bits like MoD accept Apple in "some" places. Some are using Windows OS phones.

Android? CESG passed Samsung Knox a couple of years ago but hasn't got traction yet.

But yes, Seems a nice guy. But why years working in a relatively low paid job!

MPs accuse Amazon and eBay of profiteering from VAT fraudsters


Ahem *Whois* cough

So HMRC, nay but also GDS and central Gov use Amazon for their own services.

Less of an elephant in the room, more a Brontosaurus!

Cybersecurity world faces 'chronic shortage' of qualified staff


Endemic problems

One of the issues often seen is that "management" are keen to be known as "experts" but do not have the aptitude or passion for the subject.

Once you get "management" to understand that they have to recognise that those with the correct aptitude and passion for the work should have money spent on them to obtain qualifications rather than "managers" who use the cash to attend "cyber" conferences, then you might, just might, get an improvement.

And Senior Management also need to start understanding that they need IT managers in place who also have an aptitude and passion for the work - and these need to be listened to. So often you see IT Dept managers who have no operational interest or ability but know who to appease Senior Management as that is where they have set their target to get to.

DMARC anti-phishing standard adoption is lagging even in big firms


“Deploying a DMARC policy where p=none along with a relevant SPF record is simple, but it is only the first step......"

Just having a DMARC record in place is a chocolate fireguard. Perhaps when writing reports like this the folk concerned really should make it clear that you also need a SPF or DKIM as well - as a minimum. But best to have both.

And yes we all know that DMARC+SPF alone "can" break when mail servers forward mail when p=reject. Particularly when mail forwarders or loadbalancers overwrite/insert their sending IP address in the header :-(

UK uni warns students of phishers trying to nick their tuition fees


Perhaps GoDaddy are having problems contacting the site admin Walid Sayed

Nearly three-quarters of convicted TV Licence non-payers are women


Re: See me...

"Cleveland topped the charts for the number of suspected evaders....."

Another very basic error. That county was abolished over 20 years ago and the area divided into 4 unitary borough councils. So really Warwickshire was top and London second.

Specsavers embraces Azure and AWS, recoils at Oracle's 'wow' factor

Paris Hilton

Re: Interesting

More interestingly will Louise McCarthy be leaving too. She was under Pavitt in TfL, HMRC, Aviva and now Specsavers.

Track record suggests.....

And could Pavitt return to HMRC now Dearnley has left?