* Posts by IT Hack

355 posts • joined 29 Nov 2011

Page:

What's worse than an annoying internet filter? How about one with a pre-auth remote-command execution hole and there's no patch?

IT Hack

Show it works

Upvoted.

IT Hack

Re: It wouldn't make the slightest difference.

A good pun is by nature bad.

Lets not get hung up on the manager thing. Even though I brought it up.

Dammit.

IT Hack
Megaphone

Re: It wouldn't make the slightest difference.

Sir Spoon.

Bad punning is what I do. I am manager.

IT Hack

Re: Huh

The issue is that vendors don't really do much in the way of securing code or coding securely. Is it the fault of the devs? Perhaps but certainly the vendor should be ensuring devs get the correct guidance. On the flip side are customers who will take any s/w willy nilly with no concept of acceptance testing and indeed the security posture of the software is absolutely part of that acceptance.

IT Hack
Coat

Re: It wouldn't make the slightest difference.

Ha yeah you're ...not your. I didn't even catch that.

I note my critic has removed they're post!

IT Hack

Re: It wouldn't make the slightest difference.

Hide into nowhere

No...hiding to nowhere (also hiding to nothing) is correct. Hide into nowhere isn't even a phrase.

IT Hack

Re: It wouldn't make the slightest difference.

First you audit the software before implementing it. Not only what resources it requires but also how it 'does' security. So in terms of authentication ....network layer authentication to be the way to go coupled with MFA. Of course if your MFA is compromised then your on a hiding to nowhere.

IT Hack

No multi factor authentication? Pretty standard these days and if your system does not support these kinds of authentication you need to ask yourself how secure is this.

Normally I would add the beer icon and make a quip. However it's about 07:30 and I refuse to let the lockdown turn me into a booze hound.

ICANN finally halts $1.1bn sale of .org registry, says it's 'the right thing to do' after months of controversy

IT Hack

Re: What's Really Behind This?

RNLI...from its foundation to now is just incredible. The people who do the job are even more incredible. I hear some of them say that the day job is what lets them be able to do the rescue.

I'm not a seafarer by stretch but I do go to the beach often and when I do and there is a RNLI station I tend to slip them a twenty.

It isn't the heroics that makes me do that but rather the dedication they have that enables them to do the heroics.

Good: IT admins scrambled to patch 80 per cent of public-facing Citrix boxes to close nightmare hijack hole

IT Hack

Nice.

By that I mean what the fuck.

Patching and keeping track of patch releases is a daily house keeping task that every sys admin must do to be worthy of the title.

UK Home Office opens AWS cash firehose even wider with £100m public cloud services deal

IT Hack
Pint

Maxwell

The man who once compared government IT to twitter and therefore easy to do.

I kid thee not.

Beer coz its Firday.

Another senior Gov.UK bod makes a dash from public sector, falls into AWS's arms

IT Hack

Maxwell

Ahh Good old Liam...on the gravy train.

Amusing that the reason he joined the Cabinet Office was through his highly qualified tech career as an on line estate agent.

UK Home Office: We will register thousands of deactivated firearms with no database

IT Hack
Coat

GDPR

Interesting to see how they will meet GDPR requirements.

Dough! Jobs microsite for UK's data watchdog set hundreds of cookies without visitors' consent

IT Hack

Hays?

Really? Who the fuck uses Hays for a tech project?

Leeds IT bloke pleads guilty to hacking Jet2 CEO's email account

IT Hack
Linux

Re: Setting Up Generic

Sounds fishy to me....

IT Hack
Pint

Setting Up

Dunno...he was a project manager. An org like Dart would not give a PM that level of access. If they did then I bet it contravenes their ISMS.

Beer coz well...Beer

Like the Death Star on Endor, JEDI created a ton of fallout and stormy weather in cloud market

IT Hack

Re: Nope (space hunter)

Good grief! You and I are probably the only people to have watched that...blast from the past that!

Also Barbarella.

/mic drop

Haunted by Europe's GDPR, ICANN sharpens wooden stake to finally slay the Whois vampire

IT Hack
Pint

Re: RDAP web client

Much to my amusement I was returned the below message when I tried to look up our company domain name -

"No registry RDAP server was identified for this domain. Attempting lookup using WHOIS service."

Beer coz its the only solution.

IBM looks to boost sales the same way it has for 65 years – yes, it's a new mainframe: The z15

IT Hack

Re: "In The Box"?

Rules of teh fiziks

Not sure there are the normal network components at the bus level within mainframe architecture.

This summer's hottest sequels: BlueKeep II, III, IV and V – the latest wormable RDP holes in Microsoft Windows

IT Hack
Pint

Patch Levels

Don't laugh. No really.

Just joined a win 10 rds shop. Not used Win10 nor Server 2019 in anger. Previously I would use the various baseline/security tools to find the patch levels pre Win10. So I searched for a MS tool for these later OS versions. Nada. Nowt. Bollocks all.

Besides one person making a droll comment about Nessus is there a tool out there that provides this? Am I barking up the wrong tree? In fact am I losing my mind?!

Yes yes Linux...and mostly probably agree but MS shop.

A (web based) pint to all who help!

FBI, NSA to hackers: Let us be blunt. Weed need your help. We'll hire you even if you've smoked a little pot in the past

IT Hack
FAIL

Waiver

Only if you're white. Natch.

Hull be damned: KCOM shuts shop as UK High Court waves through £627m Macquarie deal

IT Hack
Pirate

Re: Network Engineers Celebrate!

Pretty standard for all private equity firms that...and indeed a good point.

Frankly the best thing for KCOM is to be nuked from orbit and let BT take over. Oh wait...

Pirate coz well pirate is as pirate does.

IT Hack
Pint

Network Engineers Celebrate!

Most likely short lived as you can't really improve a turd but I for one, who first encountered this lot in the late 80's...good riddance.

I have often said to those moaning about Microsoft that they are lucky the did not have to deal with KCOM and I am not a huge MS fan by any stretch.

Beer coz I do feel for the worker drones under the thumb of horrible management.

New UK Home Sec invokes infosec nerd rage by calling for an end to end-to-end encryption

IT Hack
Thumb Up

Re: More useless

Nice!

IT Hack

Re: More useless

Truly ruling on a wing and a prayer.

Watch as 10 cops with guns and military camo storm suspected Capital One hacker's house…

IT Hack

Re: Missing the Point?

It will be interesting to see how one can audit against GDPR requirements...

I recall having a robust discussion about why we (the company I worked for) need to be careful about transitioning our accounts package into the cloud. Partly about the risks of multi-tenanted environments and certainly about access controls to our data.

Sadly (for them as it turned out) costs efficiencies won the day (short term). In a strange twist it was an outage issue that did for them.

IT Hack
Pint

Off Boarding

I'm wondering if her ex-company took the appropriate measures like disabling accounts and the like. And of course regular password changes for admin or root accounts.

Beer coz why the hell not.

The inevitability of K8s: Pivotal CEO describes the pain and benefits of technology transition

IT Hack
Pint

Re: If a tree falls in the woods....

Leaf it to branch out and become the root of the business.

Barking.

There, I said it.

Beer coz its lunch time.

Oh good. This'll go well. Amazon's Alexa will offer NHS advice

IT Hack
Pint

Data Rape

I'd rather they trial it with BUPA first...

Beer coz el Reg doesn't sell anything stronger.

Oracle goes on for 50 pages about why it thinks the Pentagon's $10bn JEDI cloud contract stinks

IT Hack

Re: Rise of the machines

That might be a digit too far...

IT Hack

Amused

That Oracle, itself a predatory organisation was fucked over by Amazon and then took even more biz away from Larrys lawyers and the local Merc dealerships is hilarius. Not that Amazon is/are any better.

I suspect Admiral Hopper would be mortified at how things have turned out.

Why are fervid Googlers making ad-blocker-breaking changes to Chrome? Because they created a monster – and are fighting to secure it

IT Hack

FF

Bit annoying it hits Firefox as well.

JavaScript tells all, which turns out not to be so great for privacy: Side-channel leaks can be exploited to follow you around the interweb

IT Hack

Re: JavaScript is only a threat when it runs

Oh and by the way ds6 you'll find that that dial home feature? Not a default. You needed to actively opt into the scheme.

Ghostry were and always have been quite open and transparent so not really sure why you got your nickers in a twist. I mean you clearly didn't even read the article you posted! lol

IT Hack

Re: JavaScript is only a threat when it runs

Thanks ds6....that was 2013 and indeed not great but they have revamped their revenue model recently.

https://www.wired.com/story/ghostery-open-source-new-business-model/

IT Hack

Re: JavaScript is only a threat when it runs

Ghostry is quite fun as well. Nothing more enjoyable than going to a website and seeing a ridiculously long list of trackers and other assorted bollocks. Actually no...it isn't enjoyable at all! More like incredibly depressing.

Can't get infected via email if your messages aren't delivered: Seven-hour slowdown hits Symantec cloud filters

IT Hack

Caveat emptor

In this case the clue is in the word Symantec.

No, eight characters, some capital letters and numbers is not a good password policy

IT Hack

Re: Layers...like an onion

Probably though not the best policy for...

We are not talking about family pictures or drawings by ones kids. We are talking specifically about information that is considered sensitive.

So when you don't need it you lock it away. It is not difficult or complicated. Of course if you approach this like a bull in a china shop you will put peoples backs up. Much like any project that involves people...get the interaction wrong and you will have an uphill struggle. Basic management 101 (or should be). You are right in that regard. I find most reasonable people understand the reasoning if explained properly...not to viewed as a punishment but rather a best practice.

IT Hack

Re: Layers...like an onion

Best practice??? By whose definition?

Pretty much every infosec pro I've spoken to or worked with. On top of that we also consider passworded screen savers a best practice.

New regulatory issues also drive the adoption of these policies, the newest being GDPR. Of course GDPR does not stipulate clear desk policies but as a security manager one would consider a clear desk policy as a mechanism to reduce the risk of data breaches.

https://www.sans.org/security-resources/policies/general/pdf/clean-desk-policy

IT Hack

Layers...like an onion

Thing is that you cannot look at this as just a password policy. There are other security aspects that also impact on usage.

I see a lot of people say that post it's are vital to remembering a password. Well as we know that is also a risk. We mitigate that risk by using clear desk policies as a best practice.

Of course in and if itself will not solve the issue of bad passwords. There are plenty of other policies to deal with that. As already mentioned...monthly scans to blacklisting.

So yeah...onions.

Amazon, ditch us? But they can't do without us – Oracle

IT Hack

Data what?

Should have gone Access.

The above is an attempt at humour. Can't be arsed to slag off Oragivemeallyourmoneycle or indeed Amazlavelabouron.

Still if Oracle goes tots I bet a bunch of luxury car dealers will be sad.

IBM memo to staff: Our CEO Ginni is visiting so please 'act normally!'

IT Hack

Re: "Act normally! Ginni and the team are here to see what Austin is really like."

LDS - That's why true entrepreneurs show up unexpected and look at how things really work.

I wonder. I suspect you are right that many CEO's have a bit of a delusion going on when it comes to visits. Some not so much.

I used to work in a tech support centre for US based storage appliance company a few years, ok a lot of years back. Our CEO was coming to visit the place (not only the support centre but also euro HQ). I was (don't hate me!) a tech support manager there and was working to the of shift with the guys and we started talking about the CEO and the visit. On of the team said the CEO would never come up to the centre to see them hard at work as the clock headed towards 7pm. The company made a big thing of being a team etc so thought bugger it.

I went down to the reception area where the great and mighty had congregated and was lucky enough to catch the CEO sort of by himself at the buffet. Now not really having much truck with this kind of thing I asked him if he'd like to visit the tech centre. He readily agreed and I must say the look on the faces of the people in reception as I ascended like some tech support god (ok ok...maybe not but I enjoyed the look of horror/shock on my local compatriots assorted EVPs, SVPs and senior leadership very much). I engaged in some small talk on the way up, mainly about my team.

So we reach our floor and I introduce the CEO to the team. Who then went around to each of my engineers shook hands and spent a good twenty minutes chatting with the guys. He then went around the rest of the centre and met the other teams also working late shift.

Frankly if you cannot approach execs then there is a major problem.

Do UK.gov wonks understand sci-tech skills gap? MPs dish out Parliamentary kicking

IT Hack

Re: Stream the schools not the children

If our powers that be really gave a figs ear regarding the education of our nation we would not be having this discussion.

Grammar schools are not effective if you want to have a real open and democratic country (the number of MP's who went to comprehensive schools stood at 51% in 2017 - https://www.channel4.com/news/factcheck/factcheck-qa-how-posh-is-parliament).

The issue is actually quite simple to resolve. Problem is that it costs money and of course spending money on investing in the strategic future of the country is clearly socialist and utterly barmy magic money tree.

Kids are kids and have friends throughout their childhood. So why break those relationships up when instead those who need coaching get the required amount and those who are brighter or have specific educational needs or challenges get the support they need from their teachers but...shock horror their own friends! Imagine that!

Another huge error was made when idiots decided that renaming polytechnics to universities would be a good idea coz now we can offer degree courses in fucking golf fucking course fucking design.

Britain mulls 'complete shutdown' of 4G net for emergency services

IT Hack

Data - A slurp too far?

So part of the spec is 'data' and increasing the availability of data.

Talk about an open check! Clearly the idea is to allow Emergency Services more data in tactical situations. So we not only have the issue of high availability/high coverage data services but also issues around data management as well as device management.

I'm not a sales guy but even I salivate at the idea of such a project and the, shall we say - generous billing opportunities.

Of course Emergency Services have exemptions and the like in terms of legislation but that does not mean they are completely exempt from things like privacy rights covered by GDPR. So in the natural way of things the use of data will absolutely grow as will data breaches.

Still its good to know that the powers that be have already considered all these and even further issues for this roll out.

What larks.

Welcome to your sci-fi dystopia: Sonic firewalls to crumble inaudible ad-tracking phone cookies

IT Hack

Re: Where there's a way, there's a will

Lazy devs. Or devs who have been badly trained. Or devs who don't give a fuck.

I am sure management has some input into this as well.

Pentagon in uproar: 'China's lasers' make US pilots shake in Djibouti

IT Hack

Re: Binding Protocol?

Please! No fighting in the war room!

Amazon warns you have 30 days before Music Storage files bloodbath

IT Hack

NHS slackers

So who did Maybot screw to pay off the DUP? The NHS? Amazon tax breaks?

Ex-cop who 'kept private copies of data' fingers Cabinet Office minister in pr0nz at work claims

IT Hack

Firewalls

Nice to see the HoC IT bods allowing dodgy websites through their firewall.

May the excessive force be with you: Chap cuffed after Star Trek v Star Wars row turns bloody

IT Hack

Re: No contest

> "My vote for best goes to Bab5."

> And mine goes to Battlestar Galactica.

>Pfft! Firefly was best

That would be Blakes 7.

mic drop

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020