* Posts by Shrek

15 posts • joined 20 Mar 2012

We've, um, changed our password policy, says CafePress amid reports of 23m pwned accounts


Re: Honest question...

You print out the username and password (plus any emergency 2FA codes) of your email account(s) and stash it somewhere safe, that way you can generally bootstrap your recovery using "Reset my Password" links on websites.

You may want other important accounts saved in the same way.

FWIW I use 1Password... if you really want to move elsewhere it is possible to export everything to a text file if you need to. It does pose a risk in terms of being a single target but, on balance, it allows me to easily have a unique password for every single site (as well as unique email - as was mentioned earlier using + addressing/sub-domaining).

Bloody vultures! Cheeky Spanish paraglider firm pinched El Reg's mascot


Must be the same designer as Rich Energy used...

Hmmm... I wonder if they used the same designers as Rich Energy used to design their logo (Very, very similar to Whyte Bikes...)


Oh and likely something of a Streisand effect with their shouty Twitter responses.

Fake broadband ISP support scammers accidentally cough up IP address to Deadpool in card phish gone wrong


Re: Who is to blaim for being taken by scammers?

So, in an air crash investigation scenario, no matter how you slice and dice it, the victim did something they have been told not to ?

To take that analogy sure, it's virtually always human error somewhere in the chain, but it is so often exacerbated by external factors, and frequently the Human-Computer Interface or misunderstandings/miscommunications. So sure, technically the pilot, say, (by your tone) was a moron and did "something they'd been told not to do" but if you look into all the compounding factors it's often not so clear cut.

If I could find the podcast I'd post it, because sure ultimately she got it wrong, but it was easy to see how under pressure, and the sustained period of time they worked the mark for, she made those mistakes.

Technically, by the letter of the law/contract/whatever you're correct, but to err is human.


Re: Who is to blaim for being taken by scammers?

Sorry, but as others have noted, it is not as straightforward as that. A few years back I was listening to a podcast (BBC R4's Money box I think) and the played the actual audio of someone who had been scammed of a large sum of money.

Before hearing it I was nearer to your point of view regarding how on earth anyone could fall for this, but hearing it back I think the mark only made maybe one or two mistakes at key moments. Add to that the fact that the scammers were very persuasive and I can see how someone not 100% up on security could have been scammed. Given the audio that was played I don't think I would have been caught as I'd have terminated the call earlier - but I certainly had sympathy for the victim, it wasn't as clear cut as "they obviously shouldn't have done X".

DocuSign forged – crooks crack email system and send nasties


Re: world+dog

In the process of selling our house and our agent uses DocuSign for the contract and we are at a stage where we are nearing exchange so not impossible (although unlikely as it's with the solicitors at this point of course) that there would be something we needed to sign.

It's a pretty good fake and it was mainly because a couple of things looked off (i.e. no mention of the property, the domains in the links/from address, etc) and it had been trapped by my mail providers spam filter that I went looking for news of a leak. Considering the amount of spam they send about signing up for their service it's piss poor not to have been notified about this - plus it guarantees I wouldn't be paying for their service in future.

Having a monopoly on x86 chips and charging eyewatering prices really does pay off – Intel CEO


Re: Headline

> It's a flippant headline for effect: it's all explained in the story.

Shocked! Shocked I am that The Reg would use such brazen flippancy...

TVs are now tablet computers without a touchscreen


Re: Oh you optimist

Basically this, I'd be very happy for manufacturers to produce 'dumb' TVs where (a bit like hi-fi separates) you add the bits you need. I know that's not for everyone, but my temporary(ish) Sony Android TV very rarely ends up being used for its smart features, and a 'dumb' but a high-quality screen would be my preference.

Personally, I'd be happy to ditch smart features and pay about the same - assuming, of course, you are paying for a better quality image.

Forgive me, father, for I have used an ad-blocker on news websites...


Re: No guilt at all

While I would not mind to contribute some ad revenue for my favourite site, it is definitely not going to be at the cost of using half of my CPU.


It's not the Ad's per se that are annoying but the amount of resources they take. Many sites become virtually unusable without some form of ad blocking. Either through the dozens of trackers and beacons or intrusiveness of ads or both.

So long as websites serve ads that ruin the viewing experience I'll keep blocking them without guilt.

Come in HTTP, your time is up: Google Chrome to shame leaky non-HTTPS sites from January


Re: Dumb idea IMO..

As others have said this isn't really an issue any more with SNI, see here for more info regarding Apache.

Lester Haines: RIP


Sad news.

What an embuggerance.

Man hauled before beak for using drone to film Premiership matches



Admittedly this is somewhat pedantic - but have the perjured themselves? Incriminated, yes, but unless they've lied to the police/courts then I don't think it's perjury... Sorry I'll get me coat.

Give biometrics the FINGER: Horror tales from the ENCRYPT


Re: @John Miles -- no other option than to work on an offline PC

The motivational critique of my handwriting was the teacher describing it as looking like "a drunken spider had fallen into an ink pot and crawled across the page"...

NHS grows a NoSQL backbone and rips out its Oracle Spine


Re: SQL Injection/Developer incompetence isn't limited to Oracle

That may be true but I'm sure that NoSQL will have its own class of vulnerabilities when subjected to poor coding.

The point is that poor coding is the fault, not the technology in the case highlighted. Oracle is my background so I know it is easy to prevent, I assume that it is similarly trivial in other SQL implementations to avoid SQL Injection.

Your original point is not an Oracle problem, but a coding problem, of which I'm sure NoSQL has its own versions of such problems...


Re: Name change by deed poll to include...

*sigh* - only if you are an incompetent developer that doesn't use bind variables to avoid SQL Injection.

SQL Injection/Developer incompetence isn't limited to Oracle now, is it?

Braben sticks knife into secondhand games market


Re: Why not?

To be fair, a comparison to the car market doesn't exactly hold up...

Car manufacturers (or at least the dealers of those manufacturers) do have the opportunity to compete with the non-manufacturer market by adding value to the sale (e.g. increased warranty and 'approved used' schemes). I appreciate that not everyone will feel that there is any value being added, but there is at least the opportunity to compete by adding value or supplying OEM parts etc.

Again the consumer has a choice and the manufacturer can gain a slice of the action, as I see it with the games market there is simply no secondary revenue stream for games of the type mentioned in the article.

Likewise with food you will have to consume more (new!) food to produce more waste, i.e. the process sustains itself.


Biting the hand that feeds IT © 1998–2020