Posts by Usually Right or Wrong 91 publicly visible posts • joined 7 Jul 2011
I hope all these people with cameras are complying with the law and have the obligatory CCTV warning notices posted in the house so that burglars and other visitors (the milkman?) know where to call to view the footage and have any recordings erased if those recordings are considered inappropriate.
If your computer is compromised with malware, someone else is calling the shots, so it doesn't matter what other security measures are in place if there are transactions that rely on the compromised computer for processing and transmission.
Using two factor authentication with a one time code defeats the vast majority of attacks, most of which use stolen credentials. Even if the token is stolen, (assuming some numpty has not scribed the pin on the back) there is still one piece of information missing and the device locks out after a number of incorrect pins.
One down side is that if the computer was compromised at token registrable time, the pin is also disclosed, but the attacker still has to target and get the token, which if missed, would, I presume be cancelled the same as a missing bank card.
Compared to secret words, numbers and pick lists, using something you physically have, something you know and generating a one time code is a big step forward in security for on-line banking authentication.
It looks just like an iPhone, with its coloured screen and metal like sides. And Samsung can't argue that it is a different shape like they did for the Tab 10.1, this is definitely the same shape(ish) as an iPhone AND it can be used to make phone calls as well. Cue the lawyers.
On a more serious note, with the litigation that is going on between Samsung and Apple, it will be interesting to see whether this phone gets dragged into the maelstrom.
for any i message, droid message, win message, raspberry message software and service, it is basically what is mine is mine, what is yours is mine and what is everyone else's is mine and if I leak it it is your fault and if I choose to give it away you have just agreed to that.
So what issue would a provider have with not wiping or allowing messages to continue being delivered? No skin off their nose and its your fault for not wiping your missing phone properly.
It was only 7,000 going to the conferences, now 15,000 fly in and eat, drink and live in style at tax payer's expense. Qatar should be able to grow this to 20,000, and as everyone knows, the more people at a meeting, the less chance of agreement, so lots of conferences needed going forward until we get agreement or the earth cooks.
Unless I miss-read it, if you volunteer to work at some organisations, these records may not be accessible by those organisations.
I have helped out at a local church, scouts and a school for special needs, that was 3 enhanced CRB checks plus an additional basic disclosure to take a short contract in a financial institution. Non are transferable, though I may be able to re-use the basic disclosure.
That aside, previous experience of government access controls means that there will be DVD's of the database available soon and probably a database dump on a drop-box near you within the year, so everyone will know about everyone else and the issue of multiple CRB's may go away.
I remember at school chemistry a small piece of lithium being dropped into a container of water and seeing it dance around furiously and spout flames.
Who in their right mind would want to put lithium in their trouser pocket? Not me anyway.
Mines the one with the fire extinguisher in the pocket.
“I’m slightly concerned that if the view of the threat landscape is too cyberwarfare/GCHQ-dominated, it may not always work to the best advantage of the private sector and home users, whose priorities and assumptions may be very different," Harley said.
This will be no help in selling 1/2 price security bloatware in PC World to Joe public and selling the anti-virus, vulnerability scanner, port locking, disk encryption, firewalls and rules analysers, IDS, IPS, HID, HIP, VPN setup tools, DLP, User provisioning, UAM tools, password vaults etc. to industry, all of which fail to stop even the simplest of DDOS attacks and do little to counter cyber warfare. They do allow industry to pass audits and comply with the law, and home users to say 'how did I get infected, I have anti-virus installed.'
Cyber attacks have been talked about for years, STUXNET seems to be the first to emerge to the public at large. The guys at GCHQ could and probably do write similar code, so currently are the best placed to advise how to defend against these types of attack.
The security industry will no doubt catch up with their fully featured latest security tool that will also secure your uranium enriching centrifuge or water pump, and is selling for 1/2 price at a PC World nearby.
"He pointed out that media outlets have given such online petitions significant coverage when they came close to 100,000 signatures"
Make it a threshold of 75,000,000 and even with Ms May's open immigration policy it would take a few years to have that many people voting.
Will save parliament being forced to debate whether to schedule a motion to consider debating bringing back capital punishment for serious offences such as tax evasion, or in the borough of Westminster, for parking. Instead they can all go home (on expenses) and have a nice cup of tea.
Does anyone know why we have politicians? Just wondering, it bound to be my fault somehow.
If you go into the basement bar of the Old Cheshire Cheese in Fleet Street for lunch, it is a mobile phone blackout zone and a wonderfully peaceful lunch venue.
Stick in one of these gubbins and it will be the same as other pubs with hooray henrys and henriettas, chavs and chavettes all howling into their phones.
Only a matter of time I suppose.
Barnaby Jack had not been on the case, so the conclusion was that you needed physical access to the device to get the serial number, so the risk was relatively low.
Now it has been revealed that these devices will transmit their serial numbers, so the stakes are higher. The serial number will be used to confirm that the patient and device are the same as the medical records before adjustments are made, a requirement for medical safety, but it seems implemented with insecure protocols.
I have just finished a series of security awareness presentations in regional offices and highlighted how long it took mobile phone network providers to force people to put a pin on voicemail before it could be accessed from another phone, 4-5 years, i.e. you cannot trust manufacturers to fix security weaknesses in a timely manner.
Red Hat fixed this quickly, but admins failed to patch, so while we can moan about industry being slow to respond, we need to look to ourselves as well. There was probably a false sense of security in that linux is is not often a terget, but these days, everyone is a target and when there is a security patch released, there should be someone applying it.
'Finally, 419 advance fee frauds featuring rewards beyond the dreams of avarice in exchange for help in siphoning Gaddafi's millions out of Libya..'
Got one the other day from Miss Rose Carman, single, from Libya, one of the rare Christian Libyans loyal to Gaddafi, holed up in Benin, with $48.5m and 500 kilos of gold that she needs shifting, by me, her trusted friend.
I have no doubt that there were many other trusted friends on the bcc list and the scarey thing is the probability that one of them will respond, but you have to admire their agility in adapting to world news.
there will be a compromise, and the motive is not always financial, sometimes it's ego or malice
I run annual penetration tests and the subsequent remediation programs to fix the weaknesses found. I have done this with various organsiations for many years and not one year have the pen testers failed to gain access, so I am never under any illusion, even applying defence in depth, that I could have systems configured 'securely' and this would prevent a breach.
the best I can achieve is to make the effort not worth any rewards, but if the motive is ego or malice, not financial, I would probably fail.
" We are investigating with them why equipment that we have a destruction certificate for was subsequently sold online."
"A NATS spokesman told Channel 4 News that unspecified actions taken since the breach came to light"
Hopefully the actions were the removal of certain appendages attached to the disposal contractors, which is why they remain unspecified.
The disposal firm should be named and shamed, what they did was fraudulant and dangerous.
The maps should have been published in Digital Line Graphs format so that extensive details, including contours accurate to mm if required would be available.
Then, all people would need to do is buy some software such as Canvas GIS Advanced at $1000 a pop to see the boundaries and get accurate information on whether you could vote for John Polly when standing on this blade of grass or another blade of grass and the Guardian would be as happy as they could ever be.
What, you think people might complain? Really? No pleasing some people is there.
would go along the lines of not being 30 years old, but being 17,000 units of alcohol old.
(Assumptions, 9 drinks a week is 18 units, drinking started at 14, no sliding scale applied).
Being a bit long in the tooth and having enjoyed a few tipples during my life, using a sliding scale to correct the weekly intake, I am about 120,000 units old, but there may be some errors in the total due to alcohol related brain cell depletion, where some of the cells have forgotten what they got me to drink.
Using toilet paper to wipe your arse. Probably plenty of patents out there on making toilet paper, pills for and against shitting and all that, but none on how toilet paper should be used. (Feel free to correct me on this.)
So the process to be patented would go: Sit on toilet - deposit faeces in toilet – take sheets of toilet paper – wipe rectal opening – deposit toilet paper in toilet.
Including flushing of the toilet would probably infringe on other patents, so I have omitted this. By implication, the patent covers shitting somewhere other than a toilet and using different paper, for example, printouts of patents.
in case your information is deleted from current web sites. Currently does not support word searches, but easy enough to trace personal information if you know which sites to search.
It is a current fact that any personal information published onto the web is in the public domain and very persistant and widely distributed. I can't see that changing anytime soon, regardless of legislation. Maybe they can enforce something when they have finished locking up the hundreds of millions of people currently breaking the EU cookie law.
At my last organisation we needed data breach insurance, and this was a separate policy to the normal business insurance. In order to get the cover, we had to complete a security questionnaire, using our weakest security globally. Year 1 was an eye opener, years 2 and 3 improved because our security improved, and the premiums dropped and the cover offered increased.
Had Sony taken out this type of insurance, maybe the breach would not have happened because they would have had to carry out a global risk assessment of the likelihood of a data breach, and there would have been a cost associated with this risk.
Zurich will not be responsible under a standard policy, (unless there are extensions), the standard policies normally cover injury, failure to deliver goods, etc under the public liability section. I expect that Zurich did reject the claim, Sony had a public hissy fit and now Zurich is defending their reputation by starting a legal squabble, but children will be children.
"It's not just the cost of mopping up after the hacker(s), but it's the cost of putting things completely right after the event," he said.
recovering the cost of what should have been fixed in the first place. Cheap way to implement security if you can fine the right people, though they (hackers) should be allowed a reduction for the senior management justification campaign that they ran on NASA's behalf, last time I checked a good awareness campaign across a large organisation was about 1/4 million dollars.
' iPhone malware remains even rarer than the low levels of Droid Trojans '
Every day I travel into London and see hundreds of iPhones being used, they are a large target and worth criminal effort to set up drive by attack sites, so lets hope this gets fixed soon.
I spend my life trying to keep out the bad guys, but I can't do it unless manufacturers respond when a weakness in their product is found. If an exploit comes out before a fix, I will have to think about disconnecting iPhones from our network, which will not be a very productive or popular move.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
