* Posts by Trigun

49 posts • joined 5 Jan 2013

Cyber attack against UK power grid middleman Elexon sparks in-house IT recovery efforts


Ransomware - check your backup size daily

People have mentioned about ransomware infecting backups.

One of the things we do for our customers is a set of daily checks (something I expect all you sysadmins out there do...) the results of which we record in a spreadsheet. This includes checking the backups and recording the size amongst other things. If we see anything unusual (such as a size increase is the incremental which bucks the normal trend) we start looking into it and if we have a suspicion something is going on we take a separate copy of the older backups which are inaccessible to domain accounts - including domain admins (preferably subsequently made offline).

It's not absolutely infallible, but it's one of our ways for trying to catch this kind of thing.

Also, we also setup SRP whitelists, file screening, decent AV, etc. where the costomer will let us. Again, not infallible, but can stop a lot of things if implemente correctly.

And, of course, end user awareness and training (a constant battle).

As Brit cyber-spies drop 'whitelist' and 'blacklist', tech boss says: If you’re thinking about getting in touch saying this is political correctness gone mad, don’t bother


Re: Are there no other people of colour that read this rag?

Things are not bad - just ask a few people who are not involved in the 'culture war'. If you want bad then go to a non-western nation and see how things are there. Then try to change things there and see how far you get.

Also, consider that a very large number of people are now fed up with this idiological authoritarianism and are starting to fight back. They are not 'ists and 'phobes - they just don't agree with this narrative and being forced (literally at times) to along with it.

BTW do you know the stupid thing about changing these partilcar words? Allow and white lists, block and black lists all exist in filtering already and have different meanings.


Re: Are there no other people of colour that read this rag?

I totally agree. Just to be clear to all: When I said minority, I didn't mean actual ethnic minorities, but just a very small subset of people.


Re: Are there no other people of colour that read this rag?

I get where you're coming from on one level and I feel this myself generally. I abhore people being deliberately rude. However, this is not about that, being racist or a 'phobe' or whatever.

It's about Power.

It's about a vocal idiologically driven minority controlling everyone else under the guise of "won't someone please think of the children?" and relying on peoples' good will and reasonableness to do the rest. I don't think it started this way, but to me it's become more and more obvious that this is what is now going on.


Who thinks like this?

I keep seeing this kind of thing where some people (usually in a very vocal minority) conflate things to signal their virtue and I wish they wouldn't.

No one in their right mind would equate "black list" with something against black/ethnic people nor would they equate "white list" as being something in favour of white people. It's idiological nonsense and those coming up with it are generally fanatics with many being so far left they think Lenin was a centrist or even right wing.

QUIC, dig in: Microsoft open-sources MsQuic, its implementation of Google-spawned TCP-killer QUIC


Gah QUIC again

*sigh* Gonna be fun dealing with that as well as qQUIC. At least google have an ADMX template containg a GPO to disable it in Chrome. I bet Microsoft don't do the same as they love shoving their new tech down everyones throats :p. Probably be a case of blocking ports 80 and 443 UDP) again.

Astronomer slams sexists trying to tear down black hole researcher's rep


Culture war

The culture war appears to have arrived at the register. And no, I'm not backing either side in this instance. Just sick of it and was hoping it'd stay away from this forum.

How about we not turn oursleves into culteral zealots and just talk about tech stuff instead.

Windows Defender update: So secure, it wouldn't let Secure-Boot Windows PCs, er, boot



What on earth is going on over at Redmod? It's been more than a year of update hell from them and it's gotten to the point where admins just don't want to push out updates to clients unless they really must.

Don't pay up to decrypt – cure found for CryptXXX ransomware, again


SRP white list

A few years ago we had a customer who got bitten twice by ransomware in quick succession. Both times we got them back to where they were that morning using backups/shadow copies.

When it became clear that ransware was an increasing threat and that backups might also be affected, we configured a decent SRP whitelist with some restrictions on email attachments. Only stuff already installed may run or if it's in the white list (hashed). We also engaged in an end-user education campaign about what to look out for and if in doubt tell us - don't ignore/hide the issue as the quicker we know the less damaged may be caused.

So far, so good as they've not had issues since then.

Teen faces trial for telling suicidal boyfriend to kill himself via text


Physical or mental - it's the same

If I actively shove you over a cliff, or I deliberately coerce you into jumping over it when I know you're in a bad place mentally then both of these, in my book at least, are the same. One is physical, the other non-physical, but both would make me the cause of you jumping.

My two cents? Even if she gets off, she's guilty of being a deeply horrible person going by those texts and the circumstances reported.

Surrey teen charged over Mumsnet hack attack



Hacking is one thing, SWATing is another. The latter has the potential to get someone killed and give the cop that pulled the trigger life-time guilt. Twats.

Researcher arrested after reporting pwnage hole in elections site


Is it in the public interest?

In the UK the Police would look at it like this:

1) Was the law broken?

Answer: Yes.

2) Is it in the public interest to arrest?

Answer: Possibly, but unlikely.

3) Is it in the public interest to prosecute?

Answer: No.

Reason: The guy

a) found a large hole in the voting system

b) told the right people about it

c) helped seal that hole

d) gave further advice with regard to other internet related threats

e) does not appear to be motivated by malice or self gain

Also, an arrest and prosecution may discourage other whistle blowers in the future and in this age we absolutely need people to do the right thing and report such security issues. Otherwise the first that we know about is someone splashing our data across the 'net, black mailing people or even suborning the voting system.

One point of criticism that some folk have (rightly) made is that he should have stopped at the point that he discovered and managed to use the exploit. Perhaps take a few screen shots of the login (not any data). But that requires a verbal warning at most - at least for the first offence.

Anyhoo, we'll see how the Lee County cops / prosecutors deal with this as they might just tell him not to do it again (a caution). I.e. sensible heads may still prevail.

Woz says 'Jobs started Apple for money' – then says it must pay 50% tax like he does


"The Irish government has said “Ireland is confident that there is no breach of state aid rules in this case."

Ireland may feel confident about that, but the rest of the world isn't.

Russia sends exploit kit author to the GULAG for seven years

Black Helicopters

Re: Math doesn't add up here

I agree with regard to Mr Menezes, but I'm pretty (read VERY) sure that the Guildford Four we not killed by police as they went to prison and then acquitted many years later.

With regard to Russia - I suspect such killings were left to the GRU and/or KGB.

Dragon Age, Inquisition: Our chief weapons are...


Great game, but the combat system...

I've purchased DA:I and played a bit. I love the world and story line: Both are as engaging (so far) as DA:O. However, the combat system (specifically on the PC) is fairly bad. It has no action queue, you have to spam-click enemies (1 click = 1 attack), and if your enemy moves away slightly then you're left hacking at air. Over all, not designed well for keyboard and mouse controls, but apparently works ok with a controller which makes me suspect that this aspect of the game is a port from a console version of the game.

Looking around it seems that Bioware are looking at the PC version controls/interface, so I think I'll wait until then before continuing to play as the combat spoils what is otherwise a great game.

BTW I got mine for roughly £30 (can't justify £50-£60).

Microsoft left red-faced after DMCAs dished out to Windows bloggers


Microsoft... or Google?

Makes me wonder if Google may have "accidentally" misconstrued Microsoft's request(s)... I'm not defending MS here, but there's always more to a story, generally...

*doffs his tinfoil hat and heads of the door*

Microsoft buys Minecraft for $2.5bn. Notch: I'm getting the block outta here


Microsoft Minecraft EULA addendum

Now that Microsoft own Minecraft, there will be a number of changes ...



Minecraft Pro

*Licensing Models*

Minecraft OEM

Minecraft Retail

Minecraft VL via KMS

*Rough Guide Price*

Retail £189.99

OEM £105.99

VL = Gold mine

Updates: Minor updates FREE, Major updates: £100.00

*Game change implementation plan*

"The UI formerly known as metro" to be injected to the menu screen

Office Ribbon to be added into the HUD

Mouse support to be reduced

Touch screen support implemented

Activation mandatory within 3 days

Security back doors for special GCHQ/NSA firmware upgrades

COA to be displayed on the outside of the device is mandatory

Installation via WDS possible

Updates via WSUS/Windows Updates

Internet Explorer use mandatory

Sorry, chaps! We didn't mean to steamroller legit No-IP users – Microsoft



Fortunately, I've got my own domain name registered and coupled to my no-ip account, but my free no-ip domain name is definitely not working.

I won't go to town (yet) on Microsoft for doing what they did as I don't know all of the details. However, their continued incompetence with regard to blocking legitimate users' domain names beggars belief and they need to pull their collective finger out and fix it.

Also, although in a way it makes sense that Microsoft be the ones to do this "filtering", it seems odd for a non-government agency to be handed what is effectively seized assets from another company. In no other industry that I can think of would this happen.

Today in IT news: iPad Fleshlight a reality


I wonder if it comes with an optional sticky label to cover the front facing camera... :D

USB charger is prime suspect in death of Australian woman


There's a number of issues that you have to deal with when it comes with cheaper/fake mains powered electronics: bad/poor design, bad/poor components, fake CE marks, not properly rated for the item being charged (so the charger heats up and catches fire if left on). Just for fun you can end up with a combo.

BTW, here's another good vid (from EEV blog) demonstrating cheaper/fake USB chargers:


Personally, I never leave chargers on unattended (even the best can develope issues over time or if you're very unlucky) and I *never* buy cheap ones. The guy who posted earlier who said that it's just the likes of apple making money is probably only 10% correct. Do they make extra profit? Yes, I bet they do. Do they also design & test their gear so that it doesn't kill people? Again, I bet they do. Why? Who in apple (or any other reputable company) wants to see a headline "<company> kit burns down house, kills family of 4!!" or "<company> kit electrocutes man, 40!"?

Chap rebuilds BBC Micro in JavaScript



I swapped my (then) new Atari ST for a BBC B+ in my youth. Parents weren't at all impressed until they realised that I learned more on the beeb than on th ST by a long way.

As for the js based emulator: very good indeed, although the real thing is better :)

Imprisoned Norwegian mass murderer says PlayStation 2 is 'KILLING HIM'


It's got to be done : "Cardinal Fang! Fetch... the Comfy Chair!"

Judge orders Yelp.com to unmask anonymous critics who tore into biz


Due process

You've got several issues here:

- anonymity

- free speech

- the right to defend one's reputation

I'm normally with the free speech crowd and (limited) anonymity, but when it comes to people actually making very damaging claims against either another person or a company then those claims need to be examined.

However. I think Yelp's resistance in handing over the personal details of the posters is something that I think they need to do due to their business model. More importantly it stops a trend of social media companies (in fact, any type of company) handing over members details carte-blanche & without challenge. If this resistance disappeared then I think we'd have something to worry about.

So, the process should go as it has:

- plaintive asks for users details as they claim to have been slandered

- yelp resists this

- court makes a decision against yelp

- yelp resists again and appeals

- higher court makes a decision against yelp

- yelp resists and once more appeals

- even higher court makes final decision

- posters data is then handed over or not depending on outcome

The above is, although not perfect, a justifiable process. the only down side is that the lawyers get rich and every other bugger gets poorer. However, it does discourage companies casually going after people unless they feel that they have a genuine grievance.

Is your IT department too tough on users?


Offline Files & DFS

Hmmm. If we could dump Offline Files and Microsoft DFS not only would end users throw a party - I would join them! Those two cause the most complaints.

As for being too strict... not really. The worst is not being able to use social media websites. But that's what their mobile phones are for.

Drug dealer demands jail to escape 'unbearable' missus after NYE row


Deserves it

Normally I'd have some sympathy, but as the guy is a drugs dealer then what they should do is build a special cage in his house, label it 'prison' and let his wife have free visits any time she wants. :p

British Second World War codebreaker Alan Turing receives Royal pardon


Makes me see red

I'm happy that there's now been an apology and a pardon (both very much over due), but it still makes me see red to know that anyone was treated in such a criminal and shabby manner because of their sexual leanings - especially as they guy was so instrumental in bringing the WW2 to a close.

I acknowledge that society has changed and that what was acceptable at the time is not the same as it is now. I just feel very bad for the guy and all those like him that had to hide their leanings, or were caught and jailed and/or "chemically castrated" by the state.

Ho, ho, HOLY CR*P, ebuyer! Etailer rates staff on returns REJECTED


Customer Service Ethic

I've never dealt with ebuyer so I don't know what they're like. However, for many years I worked as a tech support guy making my way up the ranks (I've now moved on, department-wise).

Fortunately for me, the company I work for have always tried to stay within the spirit of the law (as well as the letter) and customers pick this up very quickly. This means that although the person calling might not be overly happy that their goods turned up late/something has gone faulty/etc, they are at least confident that things will be sorted out as quickly as they can be. This goes a long way to getting the customer back - the reason for customer service.

What I find strange is that some companies don't have this view point. How can you think that a customer will come back if they feel that they have not been dealt with properly when something has gone wrong? Of course, you can't always keep a customer if what they are asking for is very unreasonable - but most people are not like this if they are being helped properly.

Astroboffins spot HOT, YOUNG GIANT where she doesn't belong


Re: That's not going to happen

"(unless we find a shortcut.)".

Yep, we need to do an "Event Horizon" (minus the going to hell bit) if we're going to get anywhere apart from 2 feet from out door step.

I wish I could be around to see it when we get out and about in the galaxy (if we ever do). Time to invent the Holly-Hop drive methinks!

Mexican Cobalt-60 robbers are DEAD MEN, say authorities


Re: @Trigun

Oh I agree totally, but that still doesn't stop me from feeling a bit of compassion for these guys and that's what I was trying to get across.


Theft is a crime, but it doesn't deserve a (lingering) death as punishment. I feel bad for these guys.

Five critical fixes on deck for Patch Tuesday


Re: Can't Win!

@John Smith 19

Probably because the more that you over-plumb a piece of software, whether it be an OS or an app like Adobe Reader, the more it's a nightmare to detect and plug security holes.

There's a (small) excuse for OS's - especially windows which is a generalised OS designed for non-tech people. With Adobe and other app producing companies? I don't think they have as much excuse.

Bring Your Own Disks: The Synology DS214 network storage box



I used to have a DS108j, moved to a DS212+ and now run a DS412+ with 4xSeagate Baracuda 3TB hard drives using SHR (Synology Hybird RAID) - gives a total of 8.11TB storage, is fast, has 1 disc redundancy and can cope with the RAID being upgraded to larger hard drives (4TB in the future possibly). I don't regret spending the money on the NAS as it can do so much, utilising relatively low power, and is incredibly easy to set up.

My only criticism (as others have already said) is that the lower end Synology NAS' (notably the J version in each series) are a little too weak for the job. I'd suggest buying either a non-J Synology or, if you don't have the money for that, then build an atom-like system instead.

Other than that I have nothing but good things to say about Synology's products thus far.

El Reg Contraption Confessional No.1: The Dragon 32 micro


Ahh yes, old micros...

My original BBC Micro B+ died a long time ago and I sold my Amiga which still makes me annoyed that I did it - but the £100 came in useful at the time.

Fortunately, I was given an Amiga 500 by someone who didn't want it and purchased a BBC Micro model B on eBay. UHF output is incredibly bad on my LCD TV, with the RGB output being tolerable for both.

Good thing about the Beeb is that I managed to pick up one of those MMC card-to-User port kits (one 128MB card stores stores over 100 BBC floppies with lots of room to spare :)).

Anyone remember trying to turn their 40 track single sided BBC floppy discs into 40 track double sided ones by cutting a section out of the plastic sleeve (also known as a flippy-floppy)?

Ahh the good old days! They don't make 'em like they used to..... ;)

I want to play with VMs


My recommendation:

(there's something weird going on with the formatting of this post so I've added asterisks as multiple blank lines etc don't work)


** If you want to play around a bit, but nothing too serious (i.e. just to see what VMs are like):

Install in existing windows or linux host

Use VMplayer or VirtualBox

H/W spec:

CPU: Dual core with hyper-threading (so you get 4 virtual cores), or quad core (with or without hyper threading). CPU must be able to virtualise - most desktop ones can, but not all. Speed per core is not overly important unless you're setting up something that number crunches alot.

Mobo: Mobo must be able to virtualise. Most modern ones can, but not all.

RAM: 4GB+ (8GB+ highly recommended)

Disc space: Think of 30-40GB per VM you wish to run on top of what the host uses and you'll be fine. This can be juggled as different OS's have different disc footprint sizes.

** If you're a bit more serious (virtualising small to medium computer networks, MS exchange, etc):

Dedicate an entire PC (or server) to the project

Use Hyper-V (bare metal or Server 200R2/2012 w/Hyper-V if you have a spare Server 2008R2/2012 license) or (my favourite)VMware's ESXi (license is free for up to 32GB and one physical processor last I looked)

H/W spec:

CPU: Quad core (with (preferred!) or without hyper threading). CPU must be able to virtualise - most desktop ones can, but not all. If you can afford a Xeon or Opteron then get one, but if you're not rich then stick to a dekstop CPU. Speed importance as above.

Mobo: as above

RAM: 8GB+ minimum (16GB+ highly recommended). Server 2008R2 Standard RAM is capped at 32GB and I think ESXi's free licensing caps at 32GB as well.

Disc space: as above

** My home setup (which I use for testing network & server solutions for work and for hosting my mail server+DC) - it's probably a bit OTT :D -

OS: ESXi v5

CPU: Xeon E1650

RAM: 64GB (32GB usuable atm due to licensing)

Mobo: Super Micro Workstation board

Disc: 64GB SSD for ESXi booting, 4x1TB Seagates in RAID 10 for VMs, Seagate 750GB VM backup drive

File-NUKING Cryptolocker PC malware MENACES 'TENS of MILLIONS' in UK


Re: Lurking Ransomware ..

You mean NTFS advanced setting "Traverse folder/execute file"? ;)


Re: Lurking Ransomware ..

It doesn't require admin credentials - a standard user can run it as long they are able to run an EXE.


Re: Does anyone know...

The reason they decrypt is that it encourages victims to pay. If word-of-mouth was that they just rip you off (more than they have) then no one would pay up. If people know they can get their vital but foolishly un-backed up data back then will pay.

One of the companies I help sysadmin got this. Fortunately we ensured that they had 2 independent backups + shadow copies enabled so we could get them back to roughly where they were that morning.

Locked-up crims write prison software that puts squeeze on grub supplier


Re: do they get paid?

@ Prof Denzil Dexter

You're not supposed to make profit out of your crime (like writing a book about your foul deeds), but something like this? I'd have thought it would count along the same lines as working in the prison shop on number plates. I.e. paid a pittance, but yes actually earning money. I bet the ownership would belong to the prison/state though. Same as if you create something in paid work time for a company: they own the rights to it (I think that's how it works, anyway).

Microsoft reissues September patches after user complaints


WIndows Update

As all here know keeping ones security up to date is top of the list when dealing with servers (actually, any platform to be fair) and when it comes to MS server software that means updating from windows update as part of that. But I *loathe* doing it as there's always a chance they stuff something up, and every so often Microsoft issue something that's the server equivilent of Ebola. This patch tuesday has caused me an awful lot of work and I'm not very pleased. I can deal with users knackering their installs, but it hacks me off when the people who should know what they're doing cause the issue.

Manning's max sentence cut, may only spend up to 90 years in the cooler


136 years to 90 years...

It makes me deeply uneasy at how the U.S. judicial system works. I.e. stacking up charge after charge so that even if the dedendant has a good lawyer who can whittle those down, the defendant is still likely to spend a deeply unreasonable amount of time behind bars with little hope of getting out. The sentencing is so off kitler that it beggars belief and it still surprises me that no one has managed to change it. Also the pressure to plea bargain is so intense that I'm sure innocent people do time as well as the guilty.

KEEP CALM and Carry On: PRISM itself is not a big deal


But not PPTP ;)

Anons torn over naming 'n' shaming of 17yo's gang-rape suspects



I won't make a judgement on the case as I'm not privy to the details, but it makes me very uneasy when people says they will "name and shame". I know the Anons in this case ahve not ultimately done that (yet, anyway), but it's a very dangerous thing to do. I can understand wanting to cattleprod the police in do properly looking at the case though.

What really sticks in my mind the when I see cases like this is that the trouble with any serious offence such as Murder, Rape, etc. is that no matter what, someone pays and ends up the victim.

In this case it will be one or more of the following:

1. The teenage girl because (if the boys are tried and found guilty) she will have been violated in a horrendous way. Also, whatever the outcome she has lost her life.

2. The family of the teenage girl as they have lost thier loved one in a terrible way

3. The accused boys (if they are innocent) as many will assume them rapists no matter the outcome and treat them accordingly for the rest of their lives.

4. The families of the accused boys will also have to watch their sons' lives blighted and have the stigma - again no matter what the outcome.

One can only hope the police do a better job in investigating this - whatever the result.

Congress plans to make computer crime law much, much worse


Utterly unfair

"Instead, these types of laws are designed to give prosecutors a strong negotiation position with which to threaten suspects and avoid all the expense and hassle of actually holding trials."

You'd have to be absolutely blind not to see the gob-smacking unfairness of both the proposed and even existing systems. Basically, intimidate someone into saying they're guilty whether they are or not.

There are many great things about the U.S. but this element of their judicial system is definitely not one of them.

Dongle smut Twitstorm claims second scalp

Thumb Down


I cannot believe this got as far as it did. Two people fired over inappropriate jokes?

Those guys should have kept their mouths shut due to where they were, Adria Richards should have had a quiet word with staff and not twittered, and (if it got that far) the "jokers" should have received a stern talking to or (at max) a written warning by their employer.

Victims of 'revenge pr0n' sue GoDaddy, smut site


As much as I hate new laws I think there needs to be one for this. You have to be an utter shit to post sensative material about someone on the net without prior consent.

How about a like-for-like punishment? Sentence offenders to being put in degrading scenarios with skimpy/no cloths on and then stick them up on a wall of shame website.

Dead Steve Jobs' patent war threat to Palm over 'no-hire pact'

Thumb Down

I've never been a great fan of Steve Jobs - mostly because of his personal behaviour in dealings with other people. Bascially the guy comes across as a user. I.e. he'd use you up for his own ends without a qualm. But I suppose that's not too different from many people at the top of business.

As the saying goes: Power corrupts, absolute power corrupts abslutely.

Fans of dead data 'liberator' Swartz press Obama to sack prosecutor


Re: Time to get real

I agree that he was guilty and should have been punished. Perhaps one or several of the following:

- 6 months to 2 years in jail.

- A moderate (uncomfortable, but affordable) fine passed to MIT as compensation.

- Community work - again possibly at MIT as compensation

The above is reasonable.

10-30 years in prison and fines/legal fees that would bankrupt J.R. Eweing is utterly disproportionate. Aaron Swartz wasn't a serial rapist, murderer or child molester - any of whch might deserve such punishment. He was a misguided guy who broke the law.

A witch hunt isn't what is needed here, but a good long hard look at the way the laws are implemented in the U.S. is, perhaps.

Big Brother

The law should work in both directions

The trouble is that Aaron was high profile so I suspect someone was trying to send a message to all such hackers. The trouble is that the prosecutors office went way overboard and went utterly overboard,

In the U.K. we have an offence called "Attempting to pervert the course of justice". It's not designed to be used against prosecutors but I don't see why it shouldn't be. If U.S. has something similar maybe that should be used given the circumstances.

Anonymous turns private eye in Ohio rape case


Outside intervention

This clearly needs outside intervention. I.e. someone from another area/state in the police force to come in and investigate what has happened and all of those involved.

This is the only way for this to be sorted out properly and those who are guilty of involvement punished and those not guilty delcared so.


Biting the hand that feeds IT © 1998–2020