* Posts by Al_21

66 publicly visible posts • joined 1 Feb 2011


Guilty: NSA bloke who took home exploits at the heart of Kaspersky antivirus slurp row


Re: Kaspersky PC "infected with loads of malware"??

1. No AVs are able to protect against 100% of malware, so things can get through

2. Apparently, the user paused Kaspersky for the initial malware infection, else Kaspersky would have blocked the infection in the first place - https://www.theregister.co.uk/2017/10/25/kaspersky_nsa_keygen_backdoor_office/

Why a security expert would trust using a keygen or cracked software on their live system is beyond me.

Mal Men men hit LiveJournal with Angler exploit kit


I just want to view content

I'm not a techie so don't understand how it attacks, but it's frustrating knowing this can happen via a web-browser without any prompts about the page wanting to go above and beyond what most users want it to do.

All I want to do is read websites and see pictures of cats, not even upload anything.

Testing Motorola's Moto G third-gen mobe: Is it still king of the hill?


I like the verdict comparing it up against other phones in the market.

Guess a differentiator other than specs vs others in the market at a similar price-points is things like screen size (5.5" is too large for some) and support (CS and software updates).

Moto's one of the best at keeping phones updated.

Biggest security update in history coming up: Google patches Android hijack bug Stagefright


Call me cynical

Monthly security updates sound good... although I suspect it'll be for vulns identified months before a fix actually reaches devices.

I don't have much faith in Android devices staying updated.

Throwing money at bug bounties won't beat zero-day dark markets


Re: Incentives

White hat sounds so vanilla

Flash flushed: Google's AdWords to convert ads to HTML5 automatically


Re: I don't mind ads...

or those which interfere with the main content - stupid ads which pop up in the middle of the screen and you have to find the well disguised "x" button - and struggle clicking on mobile even after you've found it

Google offers 'INFINITY MILLION DOLLARS' for bugs in Chrome


Re: $∞ million?

The "million" annoys me a lot more than I'd like to confess.

This one weird script continually crashes Android email



Useful for killing/injuring people, not as useful with OSs.

My biggest annoyance with Android.

Not an Apple fan, but Android should take a leaf out of their book - they do well with keeping OSs upgraded, on the phone and on the Macs.

Snapchat wants $19 BEEELLION for your selfies


"While $19bn may indeed seem like an eye-watering asking price for a photo-sharing app, it wouldn't come close to cracking the mark set by Uber last year. The ride-sharing service was able to convince investors that it was worth $41bn in its latest round of fundraising."...

Incomparable... Uber's generating lots of revenue and has potential for lots more... the other isn't.

VirusTotal wants YOU (but not you) to join its epic AV whitelist


Is this another version of digital signatures?

Hope AVs still scan the whitelisted programs on an ongoing basis to validate they're clean, else we won't have got anywhere.


Re: Are Chrome and Google Toolbar in the list?

McAfee Security Scan and Ask Toolbar... Who uses these things?

Most people's computers I see them on are unaware it's there... and its back on a few months after I uninstall it.

New fear: ISIS killers use 'digital AK-47' malware to hunt victims


It's still a trojan

Same with RATs... Have functional uses, but it all depends on how they were dropped and the intent they're used for

Microsoft says to expect AWESOME things of Windows 10 in January


And thats where wasted time over-thinking bollocks comes in

Thinking too much about what to call a branch name is wasted resources.

Just do it and move on.

Forget the 100+ hours thinking of ideas, discussing, voting for a shortlist, showing senior staff, discussing, voting, senior member changes his/her mind and starting the idea bashing again.

No idea how long MS takes and took with this one, but let's not make too much of a big deal over nothing eh?

Adobe Reader sandbox popped says Google researcher


I want my reader to read

It's in the name

Facebook shares flutter as firm reports user growth slowing


User growth's going to slow as they come closer to owning all potential users

I think the money is in adverts on other websites, a Google (DoubleClick) approach can pay off huge for Facebook and marketers.

Will suck for privacy champions though.

PS, I don't have shares in Facebook, so am not incentivised on looking at the potential future profits.

Men who sleep with lots of women lessen risk of prostate cancer

Paris Hilton

Sounds like a sexed up headlines and inference on the research

Can the same research be read as:

1. Sexy headline: men who sleep with lots of women have reduced chance of prostate cancer

2. Mediocre headline: men who sleep lots with women (or woman) have reduced chance of prostate cancer

3. Dirty headline: men who bash out often have reduced chance of prostate cancer

Sleeping with lots of women doesn't mean you finish off more than if you sleep with one woman lots or bash loads out often.

Researcher details how malware gives AV the slip


Isn't this already known?

Malware writers have been trying to avoid being detected for years - staying dormant till certain triggers are met (wait period, time/date, user activity), checking for other applications researchers use (IDA, Hiew, Wireshark, VM etc), hiding behavior from static analysis, heuristics and emulators etc?

Who needs hackers? 'Password1' opens a third of all biz doors


Down with the password length limitations

Should be able to add sentences or phrases.

Question: Who likes short shorts?

Password: We like short shorts!

Daddy, what will you do in the new security wars?



It's in %userprofile%\My Documents\passwords.docx

Slippery Google greases up, aims to squirm out of EU privacy grasp


How do you know if your name is being indexed on a search engine?

Google it.

New software nasty encrypts Android PHONE files and demands a ransom


Don't ban the streets, but also don't stop all the security cameras and be cautious about the person wearing gloves and a balaclava.

The security camera's more useful catching a criminal than stalking me going on a stroll.


... just goes to show anonymity isn't always a good thing.

Microsoft to get in XP users' faces with one last warning


Re: Woo hoo! Phishing opportunities galore!

If I hadn't read this article, I would have got out my arsenal of malware removal tools and sniffed around for ages.

Even if it mentioned online it's legit - there's no guarantee.

HTC offers FREEBIE repair on new models with cracked screens


Re: Aggressive and smart move

As a One S user, it makes me wonder though if they'll stick to their promise with this.

Although I see nothing wrong with the current phone and software, I'd still like the promised I was expecting - and I'm sure the phone can handle the upgrades.

Even if HTC release a semi-official ROM with the newer version I'd be happy. I shouldn't need to use a ROM released by other people.

(I do indeed like Sense which is partially why I chose HTC).

New password system lets planet Earth do the hard work


Ye old look over shoulder

Surely this will make it easier for people to look over your shoulder when you're logging in and make it easier to steal passwords?

Text passwords are harder because it's often too long and difficult for people to keep track when I type it in, especially with the use of the Shift key for capitals or special characters.

One good thing from the Flappy Birds crapp flap: It's a handy 'tech' media rating system


I'd class the sites which recommend alternative apps as more tailored to their audience than ignorant.

Won't be impressed if popular news sites for non-techie people advises to change settings to allow installation of apps not hosted on Google Play store and download and install the apk - malware writers will have a field day - or few months if the users get used to searching apks.

Hello Moto: Lenovo grabs Motorola biz for $3bn. But Google's KEEPING the patents


Re: My money's on Lenovo.

"I'm guessing Samsung are none too happy as Lenovo are certainly more competition than Google (owning Motorola) would have been."

I'm thinking Google were peeving Samsung (and other Android manufacturers) off by owning a competitor - the better Motorola does, the more Samsung is going to dislike Google - now Motorola's performance is out of the way.

Fine! We'll keep updating WinXP's malware sniffer after April, says Microsoft


False sense of security is also from MSE's no-so-good detection rate, let alone exploits for MS and non-MS software.

Malware! tainted! ads! infect! thousands! of! Yahoo! users!


Re: Is there a JavaBlock addon, ala FlashBlock?

Have you tried to use Google Chrome's "Click To Play" plugin setting? Works well for me.

Settings - Advanced Settings - (Privacy) Content Settings - Plugins... select "Click To Play".

Works well for me, quick and easy to add websites to permanent whitelists, session whitelists or allow individual plugins on a page with a click..

Merry Christmas? Not for app devs: That gold rush is officially OVER


Re: Achieved?

Time to start making apps for GGoggles (or any similar product - I cant think names of any other)?

Get ready for that wave to come - just not too early, else you'll sink before the wave arrives.

How the NSA hacks PCs, phones, routers, hard disks 'at speed of light': Spy tech catalog leaks



I'm impressed by the technology assuming everything on NSA/GCHQ's works as simple as this article makes it out to be in my imagination.

I doubt they're interested in any of us (sorry to deflate your bubbles), but now it's all out in the open, I want to see it be used to catch the bad guys. That's the only way it'll win back the public.

Then make a good movie or TV series like 24, The Wire(Cable) or Spooks and opinions will change.

We don't need no STEENKIN' exploit brokers: Let's FLATTEN all bug bounties


Great news for white hats and black hats :)

No doubt, the private brokers will start shelling out higher rewards.

Certainly market failure around this arena which needs to be addressed, but don't think a flat fine is the way to go, especially if its "per exploit found, irrespective of their severity" - ignoring severity/potential damage, number of impacted users and factors required for the exploit to be exploitable seems like it hasn't been thought through.

India's spooks prepare to peer through their own PRISM


At least they're honest and have been since before NSA's antics were leaked.

I'll just leave now before I get fired upon.

Judge upholds UK ban on HTC phones, but HTC One gets a pass – for now


Re: This will only

help counterfeiters and manufacturers in countries which have less of an anal patent system get on top of the western manufacturers (and Taiwanese and South Korean and Japanese - you get the idea :))

Huawei and ZTE have it easy


Re: HTC imploding

Agree, HTC are too short sighted - concentrate on the quick sale (of quality phones still), but forget about customer retention and brand loyalty (ongoing support and updates) - and that's what is harming them in the longer term.

This article http://androidandme.com/2013/07/devices/htc-kills-the-one-s-leaves-android-4-1-broken-promises-at-the-scene/ sums up my experience.

HTC One S user using Android 4.1.1 despite the phone having more than capable hardware.

Apple gets into Twitter data-mining biz with mystery Topsy buy


Call me cynical

... but something tells me this will make Topsy less useful for me.

Your browser may be up to date: But what about the PLUGINS?


Vulnerable plugins doesn't make end users vulnerable

What about browser security measures? - Sandboxes?

"Chrome has close to 40 per cent of its instances afflicted with a critical vulnerability" - Wonder how many of these are hackers actually able to exploit?

The blog post is only lacking depth - end result = exaggerated concern.

I still support the encouragement of keeping software updated of-course.

Google decides Chromecast TV-stick apps are a whole NEW THING


All it needs is a

PS3 MediaServer app or a similar app and it'll do well. That's the lifeline of my home entertainment.

Streaming videos, pictures (and music I guess while you're at it) from Windows, Android, iOS, OSx and Linux is what's missing.

PlayStation daddy on new PS4: She's ALL 'PLAY', NO 'Station' this time


Re: Not on my shopping list.

Same for me - the additional bells and whistles is the main reason I went for PS3 - an important piece of entertainment in my living-room, especially for USB playback and streaming media from my server.

My TV and DVD player are nowhere near as quick, easy and functional as the PS3.

XBOX One SHOT DEAD by Redmond following delivery blunder


"I can't for the life of me see why anyone would buy a device that can be bricked remotely"...

Depends on why it's been bricked.

For example, mobile phone operators can brick mobiles - not a problem, in fact I support that.

If my mobile network give my phone before release and it doesn't work till the release date, I wouldn't mind at all.

IMO MS have a good reason to add a temporary restriction to the kid as it shouldn't have been sent anyway - and the kid wasn't expecting it to arrive yet.

It'll work when the kid should have got it as planned, so nothing to hamper the schedule.

The kid must be over the moon having got the the xbox, MS's response and all the attention.

Europe, SAVE US! Patriot Act author begs for help to curb NSA spying


Re: In summary

Who said the government isn't controlling the agency?

The government?

Yeh, must be true then.

'Burning platform' Elop: I'd SLASH and BURN stuff at Microsoft, TOO


Google will miss you Bing

Surely Google will rather Bing still be around - else the EU folk will be more of a pain banging on about competition.

Rogue US-Israeli cyberwar weapon 'infected Russian nuclear plant'

Paris Hilton

Re: "Cyberterrorism"

I thought its a fight against terror if the US Govt is involved?

... Fight against terror doesn't equal fight for freedom.

Google Chrome: Extensions now ONLY from the Company Store


Re: Hey google

You can still install addons, only using a different method if you don't want it online.

This is about protecting the majority of users who unknowingly install addons.

We all remember the frustrating IE toolbar days - the Ask and Google toolbars were annoying enough let-alone the adware/junk toolbars.

In my experience, these days the unnecessary crap extensions are more junk from legitimate sources like antiviruses or Skype being added without prior consent.

Only find out about them when I see their icon in the browser or Chrome lets me know - thanks Google.

Google preps Chrome password-blab bug fix


By design

This wasn't a bug, but by design... bad design.

Glad Google have finally decided to cave in and listen to user feedback, but annoyed it took so long to add this feature.

Recall reading somewhere Google said it's because they didn't want to give a false sense of security - although it is a layer of security once the system is compromised.

Don't wait up for BBM on iPhone, Android – BlackBerry


Wait for BBM?

Don't worry, I don't know anyone who is waiting for this anyway... and I don't want another messaging app, already have Watsapp, Facebook, Skype, text, Google - need something which will consolidate all these.

People use what their personal networks use - mine (at least) have already chosen theirs.

That's a money spinner: iPod wheel patent bout bags bod £2m from Apple


Re: Wait, I'm confused

#Circular Reference Error!

Putting the security jigsaw together

Thumb Down

Note to self

Ignore articles which say "Reg reader research" in the description.

Give us a break: Next Android version to be called 'KitKat'


I'll sit back and wait for Grandma's Chocolate Brownies

Nothing beat's anyone's grandma's food - nothing.

Oh, and using locally sourced ingredients according to the average American citizen in Man vs Food and Diners, Drive-ins and Dives.

Your encrypted files are 'exponentially easier' to crack, warn MIT boffins



Encrypt twice :)