* Posts by spellucci

28 posts • joined 30 Jun 2011

The AN0M fake secure chat app may have been too clever for its own good


Re: One Time Pads.

Keys can be exchanged securely in public, for example via Diffie-Hellman key exchange (https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange).

But you are right as rain about the rest of it. If you want to communicate securely, don't use cell phones.

Now that Trump is useless to Zuckerberg, ex-president is exiled from Facebook for two years, possibly indefinitely


Re: On the other hand ...

There's a long line of "The republican party can't possibly be suicidal enough" prognosticators who have been wrong over the last 5 years. I am not looking forward to the Republicans' next moves.

Facial recog firm Clearview hit with complaints in France, Austria, Italy, Greece and the UK


File That Complaint!

Matthias Marx said, "It is not a solution that every person has to file [their] own complaint." I say, let's do it anyway. What if 1 million Europeans filed individual court complaints, or whatever the kind of filing it is that Clearview would have to respond to.

Barclays Bank appeared to be using the Wayback Machine as a 'CDN' for some Javascript


Good code control practice

To be fair, the Internet Archive is especially designed for managing versions.

Rotherwood Healthcare AWS bucket security fail left elderly patients' DNR choices freely readable online



I second this comment. Someone had to intentionally override the default settings in order to make this data public.

Careful now, UK court ruling says email signature blocks can sign binding contracts


My Sig

IMPORTANT: This email is intended for the use of the individual addressee(s) named above and may contain information that is confidential, privileged or unsuitable for overly sensitive persons with low self-esteem, no sense of humor or irrational religious beliefs. If you are not the intended recipient, any dissemination, distribution or copying of this email is not authorized (either explicitly or implicitly) and constitutes an irritating social faux pas. Unless the word absquatulation has been used in its correct context somewhere other than in this warning, it does not have any legal or grammatical use and may be ignored. No animals were harmed in the transmission of this email, although the Yorkshire terrier next door is living on borrowed time, let me tell you. Those of you with an overwhelming fear of the unknown will be gratified to learn that there is no hidden message revealed by reading this warning backwards, so just ignore that Alert Notice from Microsoft. However, by pouring a complete circle of salt around yourself and your computer you can ensure that no harm befalls you and your pets. If you have received this email in error, please add some nutmeg and egg whites and place it in a warm oven for 40 minutes. Whisk briefly and let it stand for 2 hours before icing.

Facebook: Remember how we promised we weren’t tracking your location? Psych! Can't believe you fell for that


Re: Facebook: Remember how we promised ...

Slight modification to the two parts: one goes to /dev/null, while the other goes to /hell/in/a/handbasket.

Bright spark dev irons out light interference


Office 365 Slogan

I had the devil of a time parsing the Queen's English title to this story. Yes, I'm from the other side of the pond.

"Bright spark dev irons out light interference"

What is the verb in the title? Spark? No, sparking a dev iron doesn't make sense. Out? Better, in the sense of exposing or "outing" something. But what does it mean to have a dev iron expose light interference? Light? No, too far into the sentence. Iron, as in iron out? Ah, now we're getting somewhere. But what is a spark dev, and what does it mean for a spark dev to iron out something? I think I need to go back to school to study English at Cambridge on the River Cam instead of Cambridge on the Charles River.

Bruce Schneier: You want real IoT security? Have Uncle Sam start putting boots to asses


Really Lousy Idea

A big IoT issue is the number of devices that do not auto update, and as a result fall prey to being commandeered into botnets. My Really Lousy Idea (TM) is that if a consumer owns a device that gets taken over and used in, say, a DDOS attack, that consumer is held accountable for damages. Imagine the damper that would put on buying IoT devices that are not really damn secure, or at least auto update.

Security MadLibs: Your IoT electrical outlet can now pwn your smart TV


Help from America


You are big consumers of this IoT stuff. And big producers of law firms. Can we arrange for you to create a class action lawsuit or two? Lawsuits that hold individual IoT owners liable for their unpatched devices contributing to, say, the DDOS attacks that those devices take part in.

"If you own device X, and you cannot show it was fully patched, you are hereby assessed $50,000 for damages your device caused." When said device cost $50. That will slow down sales. And have the manufacturers make sure their devices can be patched so we can at least have a chance at keeping them secure.


Well, everybody

Windows 10 Insiders see double as new builds hit the deck – with promises to end Update Rage


Office 365 Slogan

I get the frustration but YIKES is managing an update stream as complex as the Windows Update stream a complicated beast. I am happy for Microsoft to test all the interactions of all the different updates and make sure that that particular mix of updates works together. For me to disable one of those updates would require me to have knowledge of the update interactions that I would not want to have to wade through, thank you very much.

Open Internet lovin' Comcast: Buy our TV service – or no faster broadband for you!


Verizon, too?

I asked Verizon how much I could save if I cancelled the TV part of my TV + Phone + Internet bundle. They said it would be $5 more per month for just Phone and Internet. I kept the 3-way bundle.


Verizon, too?

I asked Verizon how much I could save off my TV + Phone + Internet bundle if I cancelled the TV and gave them back the set-top box. They said it would be $5 more per month. I kept the bundle.

Here we go again... UK Prime Minister urges nerds to come up with magic crypto backdoors


How Hard Can It Be?

Not original, but I cannot find the original author:

If we can land a man on the moon, surely if we put our minds to it we can land a man on the sun.

Fine, OK, no backdoors, says Deputy AG. Just keep PLAINTEXT copies of everyone's messages


I tried to start a movement once of everyone printing out the call detail records from our phone records and sending them to the NSA so they would have hard copy, and lots of it, but I didn't get very far.


Dear Mr. Rosenstein

Here is what I wrote to Mr. Rosenstein today.

Dear Deputy Attorney General Rosenstein,

You made an important case for public/private partnership in your remarks to the 2017 North American International Cyber Summit. At the end of your remarks, however, you undermined the credibility of your message by asserting, without proof, that it is possible to have strong encryption that is both secure and available to law enforcement, and that the challenges involved are simply engineering ones.

I was taught in school that ignorance of the law is no excuse. Likewise, ignorance of the fundamentals of encryption does not excuse the fallacy in the both-secure-and-available claim. If authorized individuals can access an encrypted message, then so can unauthorized individuals. Please do not set policy based on the false assumption that this issue can be somehow worked around by engineering. This is not an engineering problem and does not have an engineering solution.

Zero-day hole can pwn millions of LastPass users, all that's needed is a malicious site


Already fixed

This bug only affected Firefox users and was fixed in version 4.1.21a. See https://blog.lastpass.com/2016/07/lastpass-security-updates.html/ for details.

Empty your free 30GB OneDrive space today – before Microsoft deletes your files for you


Decent Security has a workaround for Windows 7 clean install issues: https://decentsecurity.com/enterprise/#/windows-7-fast-update/.

This is more of an enterprise solution, as the author says the solution is "unwieldy" but it might get you past the known issues of trying to use the unpatched Windows updater.

Put your private parts on display if you want to keep earning a living


Re: The first three paragraphs

Could you, or any other kind readers, determine the actual topic of this article? I read through it a number of times, but could not tell what was real, what was the author enjoying the writing, and what the story was about. Many pardons if it is obvious to others, but I didn't get it.

Hello Kitty hack exposes 3.3 million users' details, says infosec bod


Easy Fix

"The information exposed in the breach includes the first and last names, birth dates, genders, countries of origin, and email addresses for 3.3 million accounts."

Easy fix: just change your child's birth date.

UFOs in the '50s skies? CIA admits: 'IT WAS US'


UFO at Otis AFB

There is a family story from the '60s or '70s about a man in Bourne, MA, USA who covered a box kite in aluminium foil, attached battery-powered lights, and flew it after dark on a r-e-a-l-l-y long string. He was listening to the police radio to see who noticed. The nearby Otis Air Force Base, that's who. He reeled the kite in rather quickly when the Air Force scrambled two fighter jets to intercept it.

Why Apple had to craft a pocket-busting 5.5in Plus-sized iPhone 6 (thank LG, Samsung etc)


Gaining hardware but losing software = losing market share?

My teenage sons both have iPhone 4 phones that are just about to be able to replaced for free through my mobile carrier's two year contract renewal plan. I showed them the new iPhone 6s yesterday, and both of them said they wanted to go Samsung. What?!

My eldest said he uses his phone primarily for music, and he is tired of the loss of more and more of the features he likes due to software bugs. That resonated for me, because the only reason I buy iPods, and I have bought several, is to listen to podcasts. The podcast features I like have slowly disappeared over time due to software bugs. (E.g., I used to be able to sync the podcasts to my iPod and listen to them in order--feature now broken. E.g., the podcasts used to be removed from my smart playlist as I listened to them on the iPod so the most recent unheard podcast was always at the top--feature now broken.)

Is the technical debt of Apple's software catching up to them in a way that will dampen new sales? In my small market survey,100% of iPhone users' reaction to the new iPhone is not to get a new one--for free--or even an old one, when their contract is up, but to switch to Android.

EBay, you keep using the word 'SECURITY'. I do not think it means what you think it means


Pardon my American ignorance: what is a "tat bazaar"? Is eBay's "tat bazaar" a subset of eBay's service, jargon for an online auction, or something else. Mr. Google links to lots of articles by El Reg on the topic, but using a term to define a term is term-inally unhelpful.

Google spews out 'privacy' email to Sky punters too


Apple next?

I can't wait for Apple email addresses to start getting these privacy notices.

A simple HTML tag will crash 64-bit Windows 7


For safety measures

For safety measures, I'm deleting kernel32.exe from my 64-bit Windows 7 machine as soon as I finish this post.

Judge orders search giants: Delist Chanel rip-off merchants


Wouldn't it be a shame

Wouldn't it be a shame if somehow the Nevada district court's web site got mis-identified by Chanel as an offending site because of all its discussion about counterfeiting Chanel, and got seized.

Microsoft: Office 365 outages 'will' happen


Office 365 Slogan

When it absolutely, positively has to be available eventually.

'Indestructible' rootkit enslaves 4.5m PCs in 3 months


Microsoft Standalone System Sweeper

Microsoft has in beta a program called Standalone System Sweeper. It creates an ISO to boot from. When you do, it checks for rootkits that cannot be checked when booting from the MBR. See http://connect.microsoft.com/systemsweeper for details.


Biting the hand that feeds IT © 1998–2022