* Posts by allan wallace

26 posts • joined 8 Jun 2007

If you want to hijack widely used JavaScript packages, try phishing for devs through these DMARC-shaped holes in key Node.js domains

allan wallace

No DMARC in this day and age!?!?

That's just like theregister.co.uk

and theregister.com

and let's not mention the issues with SPF...

Incidentally while the password reset emails are not signed with DKIM,

they are at least delivered with TLS...

£10k offer to leave firm ASAP is not blackmail, Capita told by judge

allan wallace

IANAL... but unless I'm mistaken...

IANAL... but unless I'm mistaken...

a continuous 12 day period falls within a 14 day period,

with a period of 24 hours rest on day 1 and day 14...

thus the first 6 days of work fall within a 7 day period with 24 hours rest on the first day, and the last 6 days fall within a 7 day period with 24 hours rest on day 7....

Financial Conduct Authority fines Tesco Bank £16.4m over 2016 security breach

allan wallace


Feel free to hide this post until you have resolved the issues with your DNS records.

On the subject of SPF:

tescobank.com doesn't have SPF,

tescobank.com DOES have DMARC.(nothing about strictness of aspf or adkim...)

tescobank.com DOES NOT have PCI DSS compliant MX

- thought this was a requirement for a bank?...

theregister.co.uk DOES have SPF - but it's broken: "too many DNS lookups" and two a: mechanisms that point to FQDNs that don't have any A records....

theregister.co.uk DOES NOT have PCI DSS compliant MX

theregister.co.uk DOES NOT have DMARC

forums.theregister.co.uk DOES NOT have DMARC or SPF

openspf.org has a good guide about the 10 dns lookup limit

- near the bit about reducing the risk of DOS attacks.

To fix TheRegister's SPF record, remove the following:


(you don't need this! - your mx are google and you include:_spf.google.com .......)


(no a record published in DNS)


(no a record published in DNS)

You could simply use "a" if you wanted to allow future domains without having to publish each individual one, but please remember:


KEEP -all on the end, it's a good bit.

Have you considered DMARC, DKIM, DNSSEC and DANE?

Would you like a quote?....

- one of my favourites is "lobbest thou thy Holy Hand Grenade"


TheRegister's password reset page allows the enumeration of registered email addresses (different message given if email address is not registered....)

- you might want to take a closer look at this too, I think it was a DPA issue, and I'm pretty sure GDPR could say similar.

I couldn't give a Greek clock about your IoT fertility tracker

allan wallace

The Antikythera Mechanism is surely the FIRST recorded piece of Information technology!

The Antikythera Mechanism is surely the FIRST recorded piece of Information technology!

Awesome tech! Can't wait to see it at some point soon!

Registrar Namecheap let miscreants slap spam, malware on unlucky customers' web domains

allan wallace

Re: Ya your site breaks Canada laws also

If this is true then this probably already breaks PECR, and will certainly break GDPR compliance (when the registrant is an E.U. citizen)

Rogue PIs found guilty of illegally snagging personal financial info

allan wallace

Re: How times have changed.

Re: "It's still legal to go through rubbish I think."

- it's not been legal for a very long time - have a quote:

"One precedent-setting example from 1877 was the case of a diseased buried pig. According to legal text Archbold's Pleading, Evidence, and Practice in Criminal Cases, even if someone discards something and does not intend to use it again, they can retain ownership of it."



Scotland, now is your time… to launch Brexit Britain into SPAAAACE!

allan wallace

Re: The ideal location

"Not sure what the buckfast could be used for."

Not sure?

- it's rocketfuel!

National Cyber Security Centre boss: For the love of $DEITY, use 2FA on your emails, peeps

allan wallace

Re: WTF? / "But if people encrypt their emails then how will GCHQ be able to read them"

DKIM is NOT "encrypting emails" it is simply DIGITALLY SIGNING THEM using a public key.

SPF is (can) say "these servers are allowed to send my emails, everthing else cannot ( -all )

DMARC says "if an email passes SPF and DKIM checks, it's genuine, otherwise do x,y, or z.

The issue with uptake of SPF, DKIM and DMARC is primarily that I.T. people that understand it seem to have difficult explaining it to a layman, or implementing it....



not only does your www. lack an SPF record but your DMARC policy at microsoft.com does not contain an "sp=" value, so DOES NOT apply to ANY subdomains of www.microsoft.com

- so you (or a malicious third party) could send emails from any address ending @www.microsoft.com addresses - because they cannot be validated as genuine....

If microsoft added "sp=reject;" to their DMARC record it would fix this. (sp is subdomain policy!)



is no better - in fact their DMARC record is worse. "p=none;"

(p is "policy - i.e. the primary domain policy - is no policy at all)


www.ubuntu.com is worst.

Letting the side down guys.

With DKIM the emails remain in plain text and the sending server uses a private key to digitally sign the email in such a way that the receiving server can mathematically compare the digital signature against a public key that the sender's domain has published as a TXT record in that domains public DNS records.

If the sending domain also has a strict(ish) SPF record and publishes a DMARC record then those emails can (in some cases) Automatically be validated as genuine.

(DMARC is essentially a policy - published as another TXT record in the sending domain's DNS - that can* provide instructions to the receiving server on how to AUTOMATICALLY handle emails that pass or fail SPF, or DKIM or SPF & DKIM checks. The DMARC policy can also enable a (DMARC compliant) receiving server to report back email successes and failures - i.e. you can find out AUTOMATICALLY if people are spoofing your emails.)

Unlike SPF, DMARC can also apply to a subdomain of the domain at which the DMARC record is stored - as long as the "sp=" modifier is set.

SPF is another matter. If you have a www.something.com A record but DO NOT have an SPF record that matches the name of that subdomain, then there is NO SPF applying to that subdomain and people can spoof your emails..

This is the tip of the iceberg.

Microsoft beats Apple's tablet sales, apologises for Surface 4 flaws

allan wallace

So, how many of you have seen a dead Surface Pro 4?

I've seen 3...

A pause in global warming? What pause?There was no pause

allan wallace

Re: Scammed Again

but increased carbon emissions (at least in the form of co2) could lead to global greening - where plant life can grow more efficiently as a result - so surely reducing carbon emissions would have the opposite effect?...

As an example, the carbonatite emissions of the Volcano of Ol Doinyo Lengai in Africa have an interesting effect:

"The carbonatite ash spread over the surrounding grasslands leads to a uniquely succulent, enriched pasture. This makes the area a vital stage on the annual wildebeast beast migration, where it becomes the nursery for the birth of several thousand calves."


(and whilst I don't always treat wikipedia without a pinch of salt, in this case there is the science to back it up)

We stand on the brink of global cyber war, warns encryption guru

allan wallace

Re: Just as well...

"BTI Survival Skills"

- I call them "Books"

You can crunch it all you like, but the answer is NOT always in the data

allan wallace

A coin flip ABSOLUTELY DOES NOT have a 50/50 ratio.

I've seen it myself - a 50 pence piece land on it's edge, wobble momentarily, and then come to a halt vertical.

What's the percentile chance of that then?

Archaeologists and robots on hunt for more Antikythera pieces

allan wallace

Re: A truly amazing device

How very true - some civilisations burnt their libraries, other's merely closed them due to austerity...

NSA's TURBINE robot can pump 'malware into MILLIONS of PCs'

allan wallace

Re: Skynet already alive?



Privacy group damns Ubuntu's Amazon search marriage

allan wallace


"Pathetic Penguin"

STEC thrusts fat solid disk with godlike stamina

allan wallace
Thumb Up

On the bright side....

two of the STEC Zeus Iops 200GB drives cost a lot less than $10,000......

Facebook offers 500 million users SSL crypto

allan wallace

Facebook SSL, great idea, but not an option available to me yet.

Facebook SSL, great idea, but not an option available to me yet.

Guess that's a fail then...

M-Audio Pro Tools Recording Studio

allan wallace

Lacking a stereo Input ????

I read as far as it lacking a stereo input, then realised the rating of 45% is very generous.

Tories would scrap 50p broadband tax

allan wallace

Tories would save you £6 a year on your landline..

This is such an inconsequential amount I can't see the tories gaining any votes with this policy. Why can't they just talk about REAL policy, like putting an upper limit on local government wages, and limiting local government pensions to a reasonable amount.

'HD TV gas' 17,000 times worse for planet than CO2, claims boffin

allan wallace

@James Butler

You should note, than a Tonne is a different weight from a Ton...

Duff UK nukes risk 'popcorn' multi-blast accident apocalypse

allan wallace

@ anonymous coward's reply to Eddie Edwards.

Quote "Plutonium is actually pretty safe, you can even handle it safely for short periods of time as it only really throws out alpha particles"

Don't forget plutonium is actually VERY POISONOUS even if it's not, radioactively speaking, that dangerous.

and if you dropped it on your toe and didn't have safety boots on, it could really hurt....

HMRC mislays 1.5kg of Bolivian marching powder

allan wallace

So why did they have it there in the first place?

So why did they have it there in the first place? - after all, HMRC are not the police, they are not MI5, nor MI6, and they're not staffed by celebs, surely they were breaking the law by storing it!.....

Toyota Prius is not so green, says ads watchdog

allan wallace

I hope people dont forget that a United States Gallon is Different From a UK Gallon!

I hope people dont forget that a United States Gallon is Different From a UK Gallon! - it makes such a difference when calculating MPG......


Biting the hand that feeds IT © 1998–2021