* Posts by storner

152 publicly visible posts • joined 25 May 2011


Microsoft slammed for lax security that led to China's cyber-raid on Exchange Online


Re: But the Cloud is more secure

At least Microsoft does patch their cloudservers. A lot of people don't. https://www.theregister.com/2024/03/28/germany_microsoft_exchange_patch/

Supermium drags Google Chrome back in time to Windows XP, Vista, and 7


Yeah - our Palo Alto firewall also deems it as "malware". Bet that is Google and Microsoft doing their thing to push us to upgrade :-)

Watchdog calls for more plugs, less monopoly in EV charging network


Re: Meh... Either way

Fast-charging stations use cables that are firmly bolted onto the charging station, so nicking those means robbing the entire charger. Good luck with that, given the power it is connected to.

Low-power cables (your typical 11k-22kW or less cable) are usually locked to the car. You can probably (given enough force) rip them from the connector of the car, but it is not something that you just pick up when passing by.

Airline puts international passengers on the scales pre-flight


Happened to me in the 1990's

Before boarding a flight from Boston to Marthas Vineyard, I was asked how much I weighed. That was in my younger days when I was quite fit and normal weight.

The reason was that they needed to distribute tthe weight evenly. The Marthas Vineyard airport had such a short runway that the flight was operated with a 1950's DC-3, so balancing the weight was important. Rumor has it that the local oligarks refused to extend the runway, because it worked very well with their private jets, and they preferred not to have too many tourists.

It is the oldest plane I have ever flown.


CPH uses full body scans.

Fresh GDPR ruling says even 'minor anxiety' could mean payouts for EU folks


Re: Can I sue the EU

Sue the website for requiring you to hand over your personal data. Don't shoot the messenger.

Working from home could kill career advancement, says IBM CEO


Re: Metrics for success


The number of working hours here in Denmark has decreased from 60 hours/six days per week around 1900 to 37 hours/5 days per week in 1992. Mandatory (by law) required holidays has gone from 1 week to 5 weeks per year, and 99% has an extra week as part of their contract.

Need I say that productivity and wealth has increased immensely over the past 125 years? Or just over the past 25 years?

Requiring that you are physically present in the office when working is just plain dumb. But I guess that is a fine description of lots of middle-layer management, and a fair share of C-level as well.

Microsoft Defender shoots down legit URLs as malicious


Yes, but ...

can anyone come up with a better alternative for endpoint protection? Which is easy to install, does not cost a fortune, works across Windows, Mac, and Azure, and has *zero* false positives?

--> see icon

For password protection, dump LastPass for open source Bitwarden


Re: Why not share via Bitwarden?

Completely agree - there are lots of password I want to share with a limited set of users. Like the password for the online newspaper subscription, passwords for various accounts at webshops that the whole family uses etc.


Not correct. They use a pre-shared key (some 30-odd mix of letters and numbers) which is generated when you setup the 2FA - this key is combined with the current time to give you the 6-digit token.

There's an RFC for that, if you want the details.

Oh, no: The electric cars at CES are getting all emotional


Re: "buttons replaced with touchscreens"

No need for buttons, just use voice recognition and talk to your car. Allows you to keep your eyes looking at traffic and your hands on the steering wheel.

Microsoft 365 faces more GDPR headwinds as Germany bans it in schools


Re: What about Google's stuff?

Danish schools have been using Google Chromebooks and Google tools for several years. Then the Danish Data Protection Agency (which is definitely not very eager to tread on anyones toes) came up with a ruling saying "you cannot use Google in schools" after a parent complained that their kids' personal data ended up in the US.

It's just the same as the german Office 365 decision.

And of course all of the schools and local governments are up in arms about it.

Australia to 'stand up and punch back' against cyber crims


So the Aussies have a bullet-proof way of determining who is behind an attack, and are completely ready to go after the evil-doers in Russia, China and North Korea. Sounds like a plan ...

May I suggest that the government sanctions the companies who have such lax protection of their citizens' highly sensitive data? Eg fine them so hard that it actually pays off to really protect data instead of merely doing checkbox-compliance meaningless "audits".

Swiss Re wants government bail out as cybercrime insurance costs spike

Thumb Down

It's a scam

Cyberinsurance doesn't work. 1) it will never cover the actual cost; 2) it gives companies an incentive to just pay up instead of fixing their rotten security; and 3) it simply tells the criminals to increase their demands because someone else is paying.

Adding state funds to the pot just makes the whole thing worse (except for the insurance companies, obviously).

I know from personal experience that you can get a *lot* of real security for the cost of cyberinsurance. So drop the insurance, and use the funds for something better.

Rookie programmer's code goes up in flames ... kind of


Re: Is this me or not?

Management calls it "thinking outside of the box" ...

You've heard of the cost-of-living crisis, now get ready for the cost-of-working crisis


Re: Email remains the most used communication method for work

"warm office"?? Dream on - here in Denmark, there is a government mandated max of 19 C at all offices during the winter.

Officially, it only applies to government and municipality offices. But of course every penny-pinching beancounter will jump on it.

So the only place I have a warm office is when working from home. Which is what I plan to do as much as possible.

Major IT outage forces UK emergency call handlers to use 'pen and paper'


They need not be. Only takes one bad click on an email and your internal network is exposed.

Most cyber incidents these days happen that way - attacking from the outside is a lot more work unless you have *really* poor security.

Wash your mouth out with shape-shifting metal


Re: While the prospect of toothpaste that DOESN'T taste like mint is appealing

There are toothpastes which are not mint-flavored. Google 'boiron homeodent toothpaste anise' if you would like something else.

Contractor loses entire Japanese city's personal data in USB fail


"SmartTub, like other IoT products, lets users control their appliance from outside the home using an app."

Why oh why would it be useful to control my Jacuzzi *from outside my home*??? I mean, it's not like I can teleport into the hottub from 200 km/miles away, after setting it to a comfortable temperature.

Woman accused of killing boyfriend after tracking him down with Apple AirTag


I look forward to the day

that gun manufacturers commit to making their products "less useful for misuse".

We can bend the laws of physics for your super-yacht, but we can't break them


"Unfortunately superyacht owners really do seem to believe the laws of physics don't apply to them."

That belief applies to more laws than merely those of physics, I'm afraid.

Robots are creepy. Why trust AIs that are even creepier?


Re: Toni Veloce

You mean like Pelosi (Nancy)?

Toni has the better looks of those two ...

Linux 5.17 debuts after 'very calm' extra week of work


Re: NEW (pseudo-) random number generator in 5.18?

It is in good hands - comes from Jason Donenfeld (author of the wireguard VPN). Read all about it here: https://www.zx2c4.com/projects/linux-rng-5.17-5.18/

Microsoft veteran demystifies Abort, Retry, Fail? DOS error


Re: Ah "Abort"

"Ignore" would be -CONT

To err is human. To really tmux things up requires an engineer


Immediate feedback


Did the same thing during a penetration test with SNMP management of a mainframe network interface.

Definitely wiped the smug grin off the local mainframe God who had claimed his dinosaur was "not hackable".

COVID-19 was a generational opportunity for change at work – and corporate blew it


Re: I think this is too bleak - especially for Tech

Submit the LinkedIn ID of the HR droid you're sending the application too. If they don't get the joke, they are not worth working work.

Open source isn't the security problem – misusing it is


Re: log4j works as specified

I would argue that the idea of putting Java bytecode in an LDAP attribute is also so horribly confused that it counts as a security issue in itself.

Predictive Dirty Dozen: What will and won't happen in 2022 (unless it doesn’t/does)


"two of them within walking distance from my front door"

Walking distance on the way to the brewery, not after you've tasted their 'warez.

Happy New Year to everyone.

Good Grief! Ransomware gang has only gone and pwned the NRA – or so it claims


Re: I'm happy for them

So the DA should pay the ransom and get all the NRA documents in return? That could be interesting ...

BOFH: So you want to have your computer switched out for something faster? It's time to learn from the master

Paris Hilton

Re: Roll down

"some faded and worn out sofas that were no longer good enough for the Director;s Office. ( I have no idea why the Director of Education would have needed this stuff)"

Ask the secretary of the Director of Education, s/he probably knows.

Boeing's Starliner capsule corroded due to high humidity levels, NASA explains, and the spaceship won't fly this year



They'll install AI-controlled sledgehammers on each valve, rebrand the capsule as StarlinerMAX - and ... LIFT-OFF!

How long till some drunkard puts a foot through one of BT's 'iconic, digital smart city communication hubs'?


Gone in 3.. 2.. 1..

Looks like an iMac on the picture - gotta give them credit for providing some nice kit, but I doubt it will last long.

Don't rush to adopt QUIC – it's a slog to make it faster than TCP


Patience, my dear

TCP has evolved over some 40-50 years. I suppose QUIC will eventually deliver on their performance promises, but sure isn't going to be a simple quic-fix ;-)

Sysadmins: Why not simply verify there's no backdoor in every program you install, and thus avoid any cyber-drama?


Focus on detection, not prevention

Requiring that normal software customers must verify the integrity of software distributed via official channels is completely impossible.

Get some detection systems instead and keep an eye out for behaviour that indicates a compromise. That will catch not only supplychain attacks, but also any other kind of attack.

BOFH: They say you either love it or you hate it. We can confirm you're going to hate it


Incredibly sloppy BOFH's

Going on holiday without securing Mission Central with bank-vault level locks and auto-firing machine guns/cattle prods? Serves them well to have their machines encrypted.

The world is chaos but my Zoom background is control-freak perfection

Big Brother

Show'em where I live? No way!

My webcam has one of those slide-to-cover-the-lens plastic things. It is never open. And as I work with IT security, it is for "security reasons".

Icon should be obvious.

Pyjama bottoms crew, listen up: In 2022 we'll still be at home


Re: Be careful what you wish for

Then go BYOD - even more savings for the company beancounters, yay!

Seriously, with my company going all-in on Microsoft 365 solutions and other SaaS stuff, it is quite rare that I actually need my company laptop for work. Even the company VPN connection is rarely needed.

A trip to the dole queue: CEO of $2bn Bay Area tech biz says he was fired for taking LSD before company meeting


I see a trend here

"Alcohol-fuelled Danish film directed by Thomas Vinterberg takes the top prize for non-English language film at the Academy Awards"


(Too obvious an icon, sorry...)

Greenland's elections just bolstered China's tech world domination plan


Indeed. And greenlanders - including the winning IA party - really would like to separate from Denmark and gain independence. That costs a lot, so at some point they'll have to decide between independence and mining, or remaining part of the Kingdom of Denmark and keeping the RME's buried beneath Kvanefjell.

But keeping the chinese out of the loop would probably be a good idea.

Two ransomware strains target VMware’s ESXI hypervisor through stolen vCenter creds


Hopefully nobody has vCenter directly on the Internet.

But most compromises these days happen when people read mail and click "Open" when they should have clicked "Delete" instead. And then the attack comes from your internal network.

A Microsoft bork at the heart of The Oracle? Whatever next?


Re: What do they expect with a consumer version

Even worse, a display sign controller should *never* have Internet access.

Death Becomes It: Who put the Blue in the Blue Screen of Death?


Re: And with W10

Load constantly at 1.0 after 1087 days of uptime? That'll be the Bitcoin miner that was installed by a hacker because you haven't patched the thing in 3 years!

Takes from the taxpayer, gives to the old – by squishing a bug in Thatcherite benefits system


Oh the joys of data formats

Somewhat along the lines of this story...

Every danish citizen has a unique identity-number issued at birth. System was designed in the 1960's, so obviously had to carefully consider how much data to store - meaning they ended up with a number including the date of birth in the DDMMYY format: DDMMYY-NNNN, the last 4 digits being a sequence number.

Except it wasn't quite a sequence number, because some bright fellow decided that it would be nice to distinguish between men and women, so the last digit is odd for men and even for women. (You can guess how the transgenders feel about that). Another bright fellow discovered that in 1960 they actually had grandparents born in the 1800's, so the first digit of the sequence number was used to encode the century: 0-4 if you were born in the 1900's, and 5-9 for the old people from the 1800's. Guess how that worked once year 2000 turned up, and we still had some people alive from the 1800's.

As the final twist, the sequence number also acted as a checksum of the entire identity number, with each digit multiplied by a specific factor, added together, and the sum had to be divisible by 11. Bizarre, and with the additional "feature" that you can only have about 250 people born on any one day. This wasn't really a problem until people started arriving from countries where you really don't care much about when you were born, so a third bright fellow decided that if the date of birth was unknown, assume Jan 1st of a year that seems plausible. Guess what happened when a surge of asylum seekers arrived one day...

So the checksumming was abandoned. But the identity number is used by every single public and private sector business, so quite a bit of scrambling when they had to remove that check from the customer entry forms.

Public sector IT disasters - you cannot make them up, they are for real.

Confessions at a Christmas do: 'That time I took down an entire neighbourhood'


Rubbish. Pure Unix tradition is to keep commands short - that's why the "delete" command is "rm".

For the equivalent of this story, "rm" should delete all files. Why bother with this asterisk thing? That'll teach the newbies a lesson!

World+dog share in collective panic attack as Google slides off the face of the internet


Re: Ain't those Cloud services supposed to be up 100% of the time?

Supposed to? Yes.

Did Google/AWS/Microsoft/Oracle/RedHat promise that they would be? No.

Are they? Apparently not.

A 1970s magic trick: Take a card, any card, out of the deck and watch the IBM System/370 plunge into a death spiral


Perfection is reached - not when there is nothing more to add, but when there is nothing more to take away.

(Not sure where I read that, but it sounds good).

PC makers warn of battle for air freight capacity, will have to fight for cargo space with... the COVID-19 vaccine



Could someone hit them - hard - with a suitable cluebat? That airfreight capacity is needed for battling a *pandemic* FFS, so get out of that plane RIGHT NOW! In fact, if they had any decency they would sponsor the cost of flying the vaccine into a couple of 3rd world countries.

VMware reveals critical hypervisor bugs found at Chinese white hat hacking comp. One lets guests run code on hosts


Re: Hang on...

First exploit requires that you are admin on a CLIENT machine running off the VMware host. It gives you control of the VMware host, so it is a break-out from the virtual machine to the host.

Second exploit raises your privileges on the host machine to admin.

Not on your Zoom, not on Teams, not Google Meet, not BlueJeans. WebEx, Skype and Houseparty make us itch. No, not FaceTime, not even Twitch


Have used it once during the past couple of months

A virtual friday-afternoon bar with some ex-colleagues. For work purposes, the camera stays off (hidden behind a slider, actually) - and since I am IT security, I have the "for security purposes" excuse if someone asks my why.