* Posts by David Eddleman

217 publicly visible posts • joined 20 Jun 2007

Page:

World's ugliest mutt pops paws

David Eddleman
Unhappy

Aww

Poor dog. It's always sad when an owner has to put their beloved animal companion down due to disease or disability.

US Navy SEAL uniforms: Now with built-in tourniquets

David Eddleman

Armour

"Um.. then why not develop flexible armour for those areas then.... A healthy, able soldier is better than an incapacitaded one.. especailly considering he/she still has use of said limb!"

Because the best method of stopping a kinetic-energy round is a thick layer of absorbent material (kevlar) or for extra strength stacking ceramic plates (trauma plates in Interceptor, located only around the heart/lungs). Making armor that works around flexible areas without cutting out mobility is not possible with current technology. You might be able to stop a low-power round like a .32 or a .38 by wrapping the limb in kevlar, but if you get any kind of KE-focused round like a 5.56 or a 7.62 it will punch right through the protection. And let's not even talk about the restrictions caused by wrapping the limb...

Dutch court convicts teens for stealing pixels

David Eddleman
Joke

Runescape?

If you're going to mug someone for virtual items, at least do it for a better game, ferchrissakes.

Link spammers set up shop on GMTV sofa website

David Eddleman
Stop

Not Spammers

This is common for registrars. I believe that Tucows (our registrar of domains where I work) does the same thing. They may first show a "hey, this domain name has expired" page, then when it fully lapses they put the link farm up there via changing the nameservers. Renew the domain name and poof, it goes back to the original nameservers.

'Malware-friendly' Intercage gets PIE in the face

David Eddleman
Stop

Re: Spamhaus

lolwhat?

Holy crap, I can't believe the load of trite you uttered there.

Spamhaus does not block IP ranges. Hell, if they did, the webhosting company where I work would have a lot more blacklisted IPs (as we get customers forwarding spam, not maliciously). Hell, if you want a "criminal organization", go look for SORBS. They blacklist massive ranges and extort (yes, extort) the holders to pay to have them unblocked.

Methinks that you're just burned because you were slammed by Spamhaus for bad practices or because you weren't smart/savvy enough to secure your own network/boxes...

IBM rolls up (discounted) AIX Enterprise Edition

David Eddleman
Joke

Discounted AIX?

Isn't that like a polished turd?

US Air Force halts plans to establish a Cyber Command

David Eddleman
Flame

Re: Done Deal

Oh what a conspiracy theorist. I bet you think that Majestic 12 are real and there's alien research going on at Area 51.

Virgin Media ADSL punters suffer 2-day email meltdown

David Eddleman
Thumb Down

@Duncan

...what? OpenSRS is their domain name system.

Windows XP crashes out of Olympics?

David Eddleman
Flame

Answer

It's China. They're using pirated versions of Windows. Unpatched and likely hacked into.

Please don't tell me there's people out here who are surprised at this.

Colchester Hospital sacks manager over lost laptop

David Eddleman
Flame

@Jason Pugh

No, I live in Southern California. Right near some ghettos.

Point is, if you take reasonable methods to secure an item from physical theft with the tools available to you, how can you fault someone for breaking in and stealing it? Hell, I'm the last one to leave the office about half of the week, so it's my job to ensure the doors are locked and the alarm is activated before I go. If someone breaks in and makes off with our equipment, is it my fault? Fuck no, not unless I left the door unlocked or something stupid. At which point, it *is* my fault and being disciplined isn't unfair.

David Eddleman
Stop

Not his fault

You really can't fault the guy for leaving his laptop in the car. That's not the real issue here. He left it in a secure location (behind a locked door) and that's responsible enough. Different story if he left it out in the open for anyone to take -- now we're talking gross negligence.

The problem comes from not encrypting the data and making reasonable safeguards against third-party access. The ones who should be disciplined are the company's IT staff (assuming that this guy's not on that -- if he is, well, yer fault buddy!). They gave him remote access to company data that should be secured properly in the first place.

VMware admits 'time bomb' rolled past quality control

David Eddleman
Happy

So glad I'm not using VMWare

So glad we use Virtuozzo for our virtual machines here at work. So, so glad.

Spam filtering services throttle Gmail to fight spammers

David Eddleman

Re: spam filter on the output?

That wouldn't work -- it could catch legitimate e-mail on the way out. If I start sending friends and family e-mails about great deals I found on eBay (that's germane to their interests) or craigslist or ..., then those mails will almost certainly be flagged as spam, even though they may *not* be spam to them.

And most non-SPF reliant spam filters rely upon word/phrase detection, so if you included a few "bad" phrases into your mails, legitimately, you'd be in the same spot as above.

Apple lags MS in security response

David Eddleman

Geez

"Macs are coming under as much fire as PC's these days. I guess the its safer on a mac stance was basically because they were largely ignored now they are a contender its not just good attention they are getting."

WAIT A SECOND!

...I made this exact same prediction with the bloody iPhone!

Maybe, just maybe, it's proving to be true!

"There are tens of millions of zombie windows computers out there and no zombie Macs. Which user has more to worry about?"

How do you know there's no zombie Macs? Saying there are no zombie Macs is like saying there are no zombie UNIX/Linux boxes -- just not true, I've seen some myself.

You fail at argumentum ad populum.

Hacking attacks can turn off heart monitors

David Eddleman

Cost

Many of you keep flaunting the cost as a limiting factor.

It cost 30k in laboratory conditions, to find the exact equipment needed. Now that they know what's necessary, compacting and cheapening it is right up the market.

Scotland Yard careers website defaced

David Eddleman

"Noob Script Kiddies"?

No, not noob script kiddies. More like a bunch of 4chan kiddies. The text makes it blindingly obvious.

Boro council in child data theft flap

David Eddleman

"Some encryption"

Doesn't mean much. If they were serious, they'd have all the data locked up on a single server with good encryption, and that server locked up somewhere secure (ie, within a cage).

This stuff is akin to Networking 101. Why can they just not follow it properly?

Excuse me sir: there's a rootkit in your master boot record

David Eddleman

'Undetected'

b166er: Says only Symantec's AV (Norton) can detect it.

To me, this sounds like a scaremongering tactic to get people to buy Norton AV.

If it is, shame on you, Symantec. I've not had any respect for your product for years and my opinion can't go much lower.

McAfee spies malware in legit JavaScript apps

David Eddleman

Sandbox...

Is not always effective. Do you know just how much software they'd need to test? Many different versions of Java, Flash, etc. -- and that's just counting the "popular" software.

Now RIAA says copying your own CDs is illegal

David Eddleman

Bad news for the RIAA...

Apparently they've not read the United States Copyright Act, sections 107-122.

Hint: It has to deal with FAIR USE. Copying your own media is one of those protections offered under Fair Use.

As long as he bought the CDs/received them as a gift and can provide proof that they're his, there's no legal basis for the RIAA.

Unless he distributed copies, he's perfectly in the clear.

Ad hijacking Trojan targets Google

David Eddleman

Easier way

Simply use Spybot Search & Destroy. Latest version actively locks the hosts file, preventing changes. And there's the added bonus of more security on top of that and active monitoring.

US tech support outfit seeks pocket sniffer

David Eddleman

I think I know what they want...

They want a *packet* sniffer. The clod who sent the e-mail isn't tech-literate enough and mistook "packet" for "pocket". In other words, they want someone to run Ethereal on promiscuous mode.

Now where's my cheque?

Microsoft on the hunt for 'serious' Windows flaw

David Eddleman
Coat

Consider

"...that could allow attackers to take control of vast numbers of machines, particularly those located off US shores..."

What, like in China?

</rimshot>

Win XP also prone to random number bug

David Eddleman

Err...

"If an attacker has already compromised a victim machine, a theoretical attack could occur on Windows XP."

So...what is the compromise considered? Not an attack? Because, y'know, to compromise a machine you typically have to /attack/ it with something...

I'm not sure why people may piss themselves over this. If you already have to breach the machine to gain access to a crypto generator, why not, oh, install a keylogger or screen-grabber?

Tesco punts Xbox 360 bundle for £33.24

David Eddleman

Down for good.

Now it's reporting that the page isn't found. Bummer.

NATO ministers get to grips with cyber defence

David Eddleman
Flame

Good gods

Someone stop amanfromMars from posting. Please.

Spammers turn YouTube into spam relay channel

David Eddleman

Worthwhile to note...

That it's increasingly happening on MySpace as well. I got a MySpace simply out of pure necessity (and to leave a small footprint on the web), and the amount of "Come look at my nude profile on this site" and other spam profiles has increased over the last few days.

Spammers target hamsters after Ig Nobel winning research

David Eddleman

Re: What's that got to do with spammers ?

No, it probably has to do with the fact that spammers push Viagra.

Jack Thompson sets about Halo 3

David Eddleman

Wooooow

"Lee Boyd Malvo, the younger of the two “DC Beltway Snipers” was trained on Halo to kill residents within Virginia, Maryland, and Washington, D.C. His “mentor,” John Muhammad, knew the efficacy of the first Halo video game in this regard, because the Army in which he served used this same murder simulator to train snipers to kill."

Wow. Just wow.

Apparently Mr. Thompson has never fired a rifle at long range. He apparently knows that in real life, to scope with a weapon, you click on a thumb stick. And, just like in Halo, you don't need to adjust your sights for windage, elevation or movement and you don't need to set up a proper breathing pattern and watch your heartbeat. Everything has a point-and-click interface.

Yahoo! hopes Mash will be a monster

David Eddleman

Dead horses don't move any faster when you beat them

Seriously folks, that joke is old. Give it up already.

ISPs turn blind eye to million-machine malware monster

David Eddleman

Wrong name there, buddy.

Not "Cheek of Microshite". It should be "Crock of Shit". Because hearing you yammer on about "omg Linux!!!1one" shows that you're a faceless and ignorant *nix fanboy who knows absolutely sod-all about Windows save what the earpieces you so desperately cling to tell you. If you'll skip back to the letters of about 2 or 3 weeks ago, you'll see a comment that I made came true -- the iPhone was attacked by malware en masse simply due to the fact that it's a popular device -- just like how Windows is attacked because it's a popular OS.

When you're ready to remove your anonymity and realize that this is a news site, not your local 4chan /moron/ section, you can reply in a coherent manner. Erstwhile, I'll be notifying the GNAA that one of their own has escaped and they need to claim them.

Anyways.

Similar situation. I had to deal with a machine that was constantly flooding my network with virii-laden e-mails. This was back in 2003/4 or so, when Sobig and Swen were in power. The ISP? Charter. Total number of communications needed to get the infected machine pulled so my network wouldn't get hammered with e-mails every (literally) 5 minutes? About ten, including several phone calls to the NOC.

I do feel sorry for those poor sods. I just hope that ISPs will realize, before it's too late, that having a successful abuse and security department will help them in the long run.

US special forces buy electric stealth golf carts

David Eddleman

Ground troops?

"AFSOC doesn't have any "troops" as such, being mainly an organisation providing air support to other US spec-ops arms such as Navy SEALs, Green Berets, Delta Force, MARSOC and all the rest of them."

Yes they do. They have their own branch of special operations troops, dubbed "HALO" (High Altitude Low Orbit), so named after the gear they use.

Are you serious about security?

David Eddleman

Lo!

"With this in mind, an improved approach is to deploy a perimeter defense system that intercepts penetration testing attacks as they occur, concealing network resources from the hacker and sending back false information. This defense is known as anti-reconnaissance technology."

It's also called a bloody honeypot, you gits. They're well-known among the security-conscious and provides exactly this methodology. They're also open-source and don't require an advertisement.

"I know of only one OS that makes use of AV software, and we all know which one that is."

Well Rich, then perhaps you're not aware of the sendmail-based virus of about 5-8 years ago, if memory serves? A version of sendmail was released that contained a virus. Not intentionally, mind, but the server had been infected. Anyone who performed an MD5 check on it would instantly tell something's wrong. Installing it would compromise the machine, especially if you installed as root (as a lot of programs require to be compiled as root).

If you don't run any anti-anything software, how the bloody hell do you know you're *not* compromised? Gut feeling? Intuition?

What services are your BSD machine running? Let me know, because I'm damned sure I can find a way to break them within a few minutes and gain control. Just because your OS is "great" doesn't mean the entire system is great.

RIAA gets some class

David Eddleman

Thank you!

This woman is bloody brilliant. I love some of the reasons she's suing under:

"computer fraud and abuse, trespass, invasion of privacy, libel and slander, deceptive business practices, misuse of copyright laws"

The last one is just an utter slap in RIAA's face. The company that's charged with protecting copyright laws is abusing them. The irony is so sharp that they need to hire Billy Mays to advertise about it.

Jason Bourne disses James Bond

David Eddleman

Not quite

"Both are, of course, absolute representations of real life where you snatch any available vehicle and survive at high speed a rain of bullets that wouldn't have looked out of place in a Rambo movie."

Well anonymous coward, let me fill you in on a few things. Bourne has been shot. Twice. First on the failed attempt on Mumbosi, second time by an assassin in Russia. In the second scenario, he ran through the streets of St. Petersburg, stole a few bottles of vodka and some rags from a shop to use to tend to his wounds, and kept going.

He also gets bloodied and bruised in hand-to-hand fights. What're Bond's fights like? Jab jab, swing, it's over.

Forensic data stolen in server theft

David Eddleman

Irony

Machine that deals with security is stolen.

I know the British are the masters when it comes to plays on words and irony, but this takes the cake.

Upskirting Dutch bloggers head for court

David Eddleman

Whu...

Firstly, why is the damned bot still posting? Will no-one at El Reg remove his nonsense?

Secondly, I congratulate these men. Sometimes all it takes is a little shock and awe to get the legal proceedings going.

C'mon, *who* thought it was a good idea to have see-through floors and walls? Let's have that person live in a glass house for a while.

Universal tests DRM-free future

David Eddleman

Funny you mention Wal-Mart...

They're known to censor some of their CDs.

No DRM, fine.

Wait, why are my tracks bleeped out?

Free download empowers black hat hackers

David Eddleman

C'mon

"This tool in the wrong hands is going to create more zero days, more exploits and more code that ultimately puts people at risk, and I know that's not the intent."

Well, yes it will. Think about the flip side. A knife is a tool. It's primary use is cutting. It can be used to prepare food to feed hungry people or it can be used to cut someone's throat. Tools are subjective. The principle that should be focused on is limiting *who* has access to these tools, not *what* they do.

Teaching hacking helps students, professors say

David Eddleman

Title

"But how many of the people graduating with IT-related degrees got into computing because "the money is good" or "it's a growth industry", and how likely is it that such people will have the initiative or interest to learn anything beyond what their college spoon-fed them or what they accidentally pick up as they work?"

Too bloody many in the US, that's for sure. Which is one of the reasons why I'm bitter. IT employees can be churned out a dime a dozen, and many of them are so bloody unmotivated or have the entirely wrong mindset for the field that it causes legit people like myself to be diminished proportionally.

Will the iPhone be iPwned?

David Eddleman

Consider a new source, Reg

Apparently this "Hyppönen" chap doesn't read the news, or he selectively reads it.

"From the attacker's point of view, it is a hard device to attack, because there is no SDK (software development kit) - it's a closed system,"

Except for the fact that people have already figured out how to develop and run applications on it. And that existing applications, namely the OS, have been reverse-engineered in less than a month, say?

"Finally, some researchers question whether compromising an iPhone would gain anything of value for the attacker."

Well, it can be used as a listening device. I certainly see government-level espionage, def. corporate espionage, in the works with this. If a person uses their iPhone to access bank stuff, it apparently can be monitored just like a PC can with a keylogger.

"The iPhone's restrictions on installing non-Apple software can be seen as a security feature as well, as long as the protections make it difficult to create programs for the phone"

Except if it uses a simple check to verify that it's proper Apple software, then all a programmer has to do is reverse-engineer the legit Apple apps and find the string and inject it into their own programs. Even if Apple uses a grossly-ineffective method of checking over the 'net of a program's authenticity, well, that's simple! Redirect the authentication server to a malicious one via editing of the hosts file, and the methods employed there can easily be ascertained by running an Ethereal/ettercap scan and reading the packets.

Come on El Reg, don't get your soundbytes from F-Secure. Go back to Sophos. While Graham Cluely doesn't open his mouth much for the soundbytes, he at least doesn't sound like a twunt when he does.

Nokia to jump on music download bandwagon?

David Eddleman

Is it just me or...

Does the 82 (right) look disturbingly similar to an iPod?

Making open-source browsing safe for the masses

David Eddleman

Well!

"It's a problem on both sides."

Thank you and goodnight.

Techies blast big media over copyright warnings

David Eddleman

The warnings are no joke!

Seriously, in some circumstances, breaches of copyright law result in harsher penalties than voluntary manslaughter or murder 1.

Intelligent Finance upgrade downs web service

David Eddleman

Re: Simon Painter

There's a caveat here, however. Mainly, they rolled out a system without *fully testing it*: a major NO-NO in any systems development. You *always* roll it out on an isolated network for testing before implementing it on the mainstream.

OECD: broadband is unequal

David Eddleman

Missing a few things...

For starters, Japan. Where a 10Mb connection is about the equivalent of a 56K connection in terms of availability.

Dillon: Many ISPs in the US (and I'm guessing abroad) claim that you're getting so much speed, but they can never back it up unless you're using some BS "premium" package. My ISP, Cox, claims I should be getting about 5Mb/s, but it's more like 2-2.5 from my own testings.

Web contract changes are just not cricket

David Eddleman

A decisive blow!

Excellent to see this "your contract may be changed at our will without informing you" crap getting overturned. Precedent is a wonderful thing.

Crazed NZ fanboy mows down churchgoer

David Eddleman

Well now...

"I think that should read ".. a few fanboys" the rest of us are just watching the Windoze fanboys trying to come up with even smarter comments."

Judging by your use of the word "Windoze", you're a blind follower of Windows-bashing groups because it's "cool", when in reality you're more ignorant than the Apple fanboys.

Judging by your oh-so-clever name, I'd rate you as a moderate pest. Don't let the door hit your ass on the way out.

David Eddleman

Dare I say it?

Apple: Think Crazy

Apple: Think NOT THE STRAIGHTJACKET

I'm certain I could come up with hundreds more, but it's 3AM and I can't be bollocked to do it now.

Jesus Phone needs an exorcist

David Eddleman

Ludicrous

"Apple representatives didn't respond to a request for comment."

Well of course they bloody wouldn't, not when they tout 'security is our #1 goal lawl'.

And where have all of these exploits come from? All the attention that Apple has been hyping for it's new phone. Can you hear all the security pros and novices out there, Steve Jobs? The reason Windows gets so much flak is because of the so many people trying to break it. And the reason so many people are trying to break it is because it's the most widely used operating system. Since the iPhone is so pushed and hyped, everyone's (term used figuratively) going to have one. And that's going to mean a lot of targets, especially if it can be used in a manner to record things!

Page: