Posts by Pierson 24 publicly visible posts • joined 24 Sep 2010
I wonder what they'll log when J Bloggs accesses a site via SSL/TLS, because if it's a server hosting multiple sites, then all they'll get is the IP address - they won't even know if the underlying session was HTTP, or something more esoteric, aside from the port used.
Also, will running a webserver on a non-standard port be logged, or will they miss it?
"Maybe they'll add perpetual motion chargers to phones and require you to shake them to keep the screen on..."
I now have this image in my mind of the air in Starbucks filled with ballistic 'Droids and iThings, as their owners inadvertantly lose their grip during the cyber-fapfest recharging ritual.
Somewhat like the riverboat Derringer shootout in the Simpsons' Hucklebery Finn parody, only more lethal.
For applications such as verifying updates, etc, good practice should include secondary checks to make attacks against weak hashes harder.
In this instance the following would all have helped: verify data size as well as checksum (not always feasible); use more than one checksum, e.g. compute checksum for the data and also for the data plus a salt; use more than one checksum algorithm.
All of the above should significantly increase the workload for a potential attacker, hopefully making the attack unfeasible.
Oh, and of course, drop old and weak algorithms like a hot potato...
Of course, if your dowloads are vulnerable to MITM over TOR, then they're equally vulnerable to it over 'regular' Internet, too.
The main difference is that on TOR, there is a somewhat higher chance that someone is attempting to actually attack your traffic at any given time.
The linked article in the Times of Israel is so vague as to be nonsensical, and references the installation of malware on both the phone and the target computer, which then cooperate to form a covert channel over the air-gap - so far so conventional.
The article then suggests that the malware on the PC jumps the air gap during installation by some kind of EMI magic, also, but is painfully vague on the mechanism used.
One possibility, if the phone malware can access the baseband features of the phone's radio, is the injection of packets onto a wired LAN by inducing a current in the network cable - Phone radios can certainly operate in the high MHz / low GHz bands required, are quite powerful within the 6m range stipulated, and are well known as sources of induced EMI.
Whether this is feasable is extremely debateable, but, it approximately fits the hand-waving in the original article.
ISTR a series of odd and unexplaned sudden outages on various large Internet companies at around the time Snowden leaked PRISM etc - Google, Apple, Microsoft and others all dropped off of the Internet for hours or days at a time, one after another.
No credible explanations were given by the companies, and speculation was rife that they and/or the NSA were hastily removing black boxes and mirrored ports before their complicity was exposed.
"Michael Gove and the previous mindless c**ts that have held the role of education secretary have made comprehensive state schools into factories for young people. We are not educated, we are inculcated and cultivated to be a society of vacuous consumers. With tuition loans being a thirty-year education tax, we are slaves to the dime."
I just wish that some of the alleged graduates who periodically inflict their (unsolicited) CVs on my business had this sixth-former's ability to express himself cogently - some of them might then have half a chance of being considered for employment.
As of 2210, the whole of twitter.com appears down: just getting a blue banner page with "Something is technically wrong. Thanks for noticing - we're going to fix it up and have things back to normal soon."
"Technically wrong" my hairy arse - something's literally wrong! And, I LOVE the chutzpah they show, thanking the user for "noticing" their error screen. Do Twitter employ Mel Brooks to write their error pages?
Oh, and while I was writing this, it appears to have come back on line again - I expect it was due to Nargles.
I'd love to believe that this is just HMG trying to do a snowjob(*) on Miranda, Rushbridger et al, or that the journo's are working a sophisticated sting against the spooks; but, to be honest, it really does seem that the Graun and its fellow travellers are a bunch of incompetent innocents who aren't fit to be allowed near an abacus, let alone a sensitive computer system.
These documents would probably have been a lot more secure if Rushbridger and his crew had simply communicated with each other, carefully, via PGP/GPG encrypted emails.
It reminds me of that sniffy comment by Gandalf in LOTR about his exaggerated fear of Sauron vs. his overoptimistic faith in the Innkeeper Butterbur...
(*) well, they are anyway, but I simply can't stack up the comments by the Graun, Miranda and others and still assume that they are in any way competent.
"Hell all they need is the CGI and some decent actors since the scripts were so bloody good in the first place."
Do you think that some Peter Jackson type, in possession of a bevy of allegedly better actors and a heap of shekels, could ever resist the temptation to, ahem, improve those same 'bloody good scripts'?
Sets that wobble and billow as the actors walk past and props that Blue Peter were able to reproduce more realistically with detergent bottles and sticky-backed plastic really are not all that much of a problem on top of a good, innovative scripts.
<flamebait>
Compare the current well-meaning and angst-ridden mess that is Dr Who with its heyday in the 60s and 70s.
</flamebait>
An upvote is not enough to express my agreement with that suggestion.
Niven is the author of some of the best sci-fi ever written, IM not so HO.
It would, however, need a very good director, given the quantity of asides and introspection in some of the works - try getting the narrative from Protector, for example, into a TV/Movie friendly format without loosing the subtlety of the Pak's worldview and without turning the Pak into Hollywood Terminator-style psychos.
Some of the collaborative Kzinti Wars stories would be eminently filmable as long as the director could resist the temptation to portray the Kzin as Simba-in-a-Spacesuit, as some of the less able cover artists of the volumes on my bookshelves have regrettably done.
Oh, and I'll see your Larry Niven and raise you an Alfred Bester - The Stars My Destination would be a fun movie for those raised on sci-fi that relies more on thought than on CGI pyros.
There's a lot of written sci-fi out there, especially from the mid 20th century, that Hollywood and TV have overlooked and which could usefully be examined instead of the current vogue for weakly re-making other's works of twenty or thirty years past.
But then again, as a friend of mine was given to observing, the pictures are always better on the radio, not to mention the printed word.
Hum...
So, how many of these websites (especially the commercial ones) keep their primary copy of their data on the customer's local servers, where it is also fully backed up, including off-line copies?
Then this copy is used to regularly synchronise the online servers at the ISP, so that the ISP provided machines and accounts were merely an easily replaced conduit for traffic.
Now, hands up everyone who simply relies on their ISP, however cheapo, reliably hosting their data for ever and a day with no loss whatsoever...
Most of those suggesting that people learn to use maps for navigation, do not have high precision dead reckoning on the top of a mountain in adverse conditions in mind.
They are suggesting, for example, that people in cars learn to read a combination of road signs and an AA atlas, rather than blindly following the silky voice telling them to turn left into the next available swamp.
Your points are well made, but largely irrelevant to the bulk of the situations in which people will find themselves. The post to which you were replying, for instance, referred to people on their Blackberrys in an urban setting, not half-way up Snowdon on a foggy November night.
As an experienced Mountain Rescue volunteer, the reference to walking into lamp posts might have alerted you to the intent of the original poster - the damn things are pretty thin on the ground up most non-Narnian mountains that I'm familiar with.
You are confusing a requirement for expert, specialist knowledge of a subject with a call for a more people to take the trouble to acquire some basic skills that will be of use to them in many circumstances other than the demanding situations in which you have chosen to work.
One reason he got twelve years, more than e.g. a typical rapist, is the nature of his crime.
This guy tried to run a cart and horses through the legal system, attempting to subvert it to his own ends.
So, the court has given him a sentence that reflects at least what his intended victim would have got, had the plot succeeded (and it very nearly did), plus a few extra years to make it quite clear that his behaviour is totally unacceptable - with the current assinnine vigilante mentality in this country, he's lucky that his victim didn't end up dead or seriously injured at the hands of some belming knuckle draggers from the local sink estate.
And yes, the SOR *is* appropriate for him, given the nature of his crime and the materials he used in its commission.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
