* Posts by Halfmad

821 posts • joined 16 Jan 2013


Autodesk was one of the 18,000 firms breached in SolarWinds attack, firm admits


I was a CAD draughtsman back in the 90s on a DOS version of AutoCAD. I remember the costs back then were insane and I joked that one day they'd find a way to do away with the dongles and screw the company over some other way.

Later on I found out about the subscription models they were adopting, constant need for updates etc and realised they'd found that mechanism..

Facebook sat on report that reveals most-shared post for months was questionable COVID story


Re: Why the outrage?

It would be different if they didn't publicly bang on about transparency, fairness etc.

Then do the opposite. This is just people calling them out on their BS.

SolarWinds urges US judge to toss out crap infosec sueball: We got pwned by actual Russia, give us a break


It won't, it'd just create more, smaller ones doing the same thing.

Monetary penalties which put the C-suite at risk personally would help.

UK public sector should be mandated to grade procurements with a weighting of cyber security at 20-30%, currently any procurement I've been involved in security is worth at most 5%, in many cases less. While cost will be 40-60% of the weighting.

All that does is mean we buy cheap insecure products over and over again and then people like me are given the impossible task of trying to manage risks around products we thought were horrendously insecure.

When companies fail to get business because they are insecure they will start to take it seriously.

We can't believe people use browsers to manage their passwords, says maker of password management tools


Why on earth would I want to entrust my info to MS or save in a MS keychain?

Eggs in one basket much?

There's little difference between the use of something like kwallet and say bitwarden.

It had to happen: Microsoft's cloudy Windows 365 desktops are due to land next month


Re: The way forward?

Not reliable, little change control, zero business continuity etc.

Where does my senior management sign up?

8-month suspended sentence for script kiddie who DDoS'd Labour candidate in runup to 2019 UK general election


How do you know both my PINs ?

*calls police*

Nominet is back to 'the same old sh*t' says Public Benefit campaign chief as EGM actions grind to halt


Re: "the company must be run on a commercial basis"

10 Instigate purge

20 Same old sh!t

30 goto 10

'Set it and forget it' attitude to open-source software has become a major security problem, says Veracode


This is just vulnerability management though, doesn't matter what OS or application it is - the same methodology can work fine.

It's not even a Windows V Linux discussion point tbh.

UK gains 'adequacy' status on data sharing with EU, but making that stick all depends on how much post-Brexit law diverges


Re: It's a feature not a bug

Given the way NHS England are planning to use GP data I'm surprised this hasn't been a warning to the EU already.

VMs were a fad fit for the Great Recession. Containers’ time has finally come


honestly because experts are paid to tell us otherwise.

But yeah, fit the tool to the job, not the other way around.

South Korea’s nuclear research agency breached by North Korea-affiliated cyberattackers, says malware analyst group


Re: Why is North Korea connected to the Internet ?

Even if split along national lines it will be trivial to link up a PC to that national "internet" and remotely access it via satellite etc even if there is no physically connection to do so - which there would be anyway thanks to telephone lines.

Even if there's an entirely different networking technology underlying it there will always be a way around it

Ex-Brave staffer launches GDPR sueball in Germany over tech giants' real-time bidding for ad inventory


Re: Previous approach

and Amazon will ask Microsoft, who will ask Yahoo and they all all cite each other as reliable sources.

The corporate circle jerk will be endless.

UK product safety regulations are failing consumers online, in the IoT, and … with artificial intelligence?


The EU safety regs didn't stop Grenfell, product safety tests done in the UK may not either.

Proper on site surveys of buildings, which used to be done years ago may do so - if the companies conducting them can be held liable should they miss something.

It's not just a case of checking products though, especially in construction and manufacturing but also how they are applied, what methods of treatment are used, what products are near, touching, heating/cooling, have current going through them etc.

It's a bit like welding box sections in bridge construction, it CAN be effective but if done incorrectly introduces stresses within the material which MAY affect performance depending on the type of bridge the box section is part of.

It needs a layered approach to safety.

Ryuk ransomware recovery cost us $8.1m and counting, says Baltimore school authority


Re: Erm

This is the problem with Cyber/Info Sec, some products are easier to show ROI on than others and many it's very much a benefit which end users don't see or don't notice e.g. less down time.

I frequently use incidents like this, Wannacry etc to show what can happen and I'm a huge fan of risk assessments as a way to make senior management accountable for what is or is not done. Sadly that doesn't seem to be done in many companies though.

After staff revolt, Freenode management takes over hundreds of IRC channels for 'policy violations'


Don't worry we can shoehorn in "cyber" and "AI" so we get the best buzz words.


Re: Sinking

Almost feels like an attempted to force closure of Freenode to be honest. It's digital self harm.

'Millions' of Dell PCs will grant malware, rogue users admin-level access if asked nicely


Re: Windows 10

I'm all for MS bashing but this pre-dates W10 and is entirely on Dell. Doesn't look like they have any interest in updating other operating system drivers according to the article, either that or El'Reg hasn't dug into it any deeper.

Even in the 90s we'd always wipe vendor PCs before deploying, this might have snuck on though if it was part of a driver package and not identified as bloat (which some drivers were).

Vivaldi update unleashes the 'Cookie Crumbler' to simply block any services asking for consent (sites may break)


Re: This.

INFORMED consent, not just consent.

They also require that you are not penalised for not consenting, you know like made to jump through hoops to disable individual options, get a spinning "we're changing your settings" dial then a wait for the site to reload.

It should be accept all, accept only functional, reject all or edit. Not what we currently get.

To have one floppy failure is unlucky. To have 20 implies evil magic or a very silly user


Re: I've done the same thing

I use to get called out to primary schools because slot loading imac had swallowed a CD etc. In reality the kids had managed to insert it between the drive and case in a tiny gap above the drive.

Oddly enough I'd normally find lollypop sticks in the drive itself, at £130 a pop.

What the FLoC? Browser makers queue up to decry Google's latest ad-targeting initiative as invasive tracking


Ironically may be the push some users needed to look at alternatives.

I'm not sure moving to Brave (which I use) is a great idea, probably best leaving Chromium based browsers entirely.

Chrome and Chromium updated after yet another exploit is found in browser's V8 JavaScript engine


Re: This is why a monoculture is bad

I use Brave and Firefox. Brave for day to day browsing, firefox for anything involving money.

I prefer Brave by a long shot but like splitting up the use between them.

Thousands of taxpayers' personal details potentially exposed online through councils' debt-chasing texts


Assuming they know of the breach most will.

Public sector "has the most breaches" because they are by far (especially Healthcare) far more likely to self-report.

OVH says burned data centre’s UPS, batteries, fuses in the hands of insurers and police


Re: “Some customers do not understand what they bought”

Elevated heat signature..

AKA the server that glows when the lights are out.

'Screen access technology has existed for decades': Visually impaired man sues Dell over 'inaccessible' website


Re: not overly surprised

Most of those GDPR cookie pop ups aren't compliant with GDPR anyway as they default to max tracking or make disabling any part of them challenging on desktop, nevermind on a mobile device. I was once asked to disable individually the companies I didn't want to track my usage, I think the list was around 110 companies long, each with an individual tick box - or I could accept.

Smartphones are becoming like white goods, says analyst, with users only upgrading when their handsets break


Re: Not a lot of new features?

You mean you DON'T want a folding phone which will be more bulky and cumbersome to use and mean slightly large images and less scrolling?

Me neither, in fact I think it's one of the most daft ideas they've come up with since the last re-try at 3D TVs. No doubt that'll come back around again.

Dropbox basically decimates workforce, COO logs off: Cloud biz promises to be 'more efficient and nimble'


This is my problem too, value.

Dropbox just can't seem to compete with alternatives and rather than realising it's the root cost that's the issue they think throwing useless fluff on top will tempt me. Not going to happen.

I just want the basics, so why can't I have somewhere to backup to cheaply on their service and pay for what I use, rather than what they want to sell me? That's fundamentally the issue - value for money, it's better elsewhere.


Re: Literally decimates?

Also technically decimation in the Roman Legions meant the other 9 co-workers beating the 10th to death. It wasn't a simple execution. It was murdering someone who'd perhaps spent a decade living beside, it was collective punishment, not just for the person with the short stick..

89% of Dropbox's workforce will be largely untouched by these changes.. except IT who will obviously be expected to pick up "the slack" with fewer resources.

SolarWinds takes a leaf out of Zoom's book, hires A-Team of Stamos and Krebs to sort out its security woes


Re: Papering over the cracks

No they took a business decision based presumably on risk.

What's missing is the part where those who took that decision collectively or otherwise are now paying the price of doing so.. which would be another business decision shareholders should be voting on.

World’s largest dark-web marketplace shuttered after Euro cybercops cuff Aussie


Re: Continued co-operation assured?

Potential we won't too.

How good are you at scoring security vulnerabilities, really? Boffins seek infosec pros to take rating skill survey


Re: Bucket effect

I agree, CVSS is generally one of several factors to be considered. I always take it as a starting point then look at how that particular vulnerability could/can impact the business.

I've seen some vulnerabilities scored in the low 6s which could have impacted us far higher than many of the routine types scoring 9+ due to how the business operated.

Anyone relying solely on the CVSS score needs to rethink their processes. It's purely a generalised indicator.

Julian Assange will NOT be extradited to the US over WikiLeaks hacking and spy charges, rules British judge


Re: I'd rather we keep Assange

When did he do this?

Sorry not been that interested in him tbh.

SolarWinds mess that flared in the holidays: Biz confirms malware targeted crocked Orion product


Re: Trust noone

But the pointers were there if we'd looked I'd suggest.

A simple good search for "insert product here" and "anti virus exception" will generally give an idea of whether or not a product is taking security seriously or if performance is king, if performance is even a factor in whether an exception of this kind.

Dell Wyse Thin Client scores two perfect 10 security flaws


Think of it as lots of free happy honeypots on the network.

Unintended.. but fully functioning.



Or as we use to call them..

Why Guys?

Delay upgrading the UK's legacy border systems has added £336m to taxpayers' bill


and he's missed..

One of the few politicians who'd just say it as it was.

He also said no sane person would plan the NHS to be as it is and the only way to reorganise it is to scrap it and start again to make it fit for the modern era, anything else is moving chairs as insane expense.

It's happened: AWS signs Memorandum of Understanding for fluffy white services with UK.gov


Re: Lock-in by the back door

This is why retention periods for data is so important, less to pull back.

Amazon are a company, not a charity though - so they expect to make a profit and will do what they can to maximise it. I don't hold that against them but I will hold it against our government is it's excessive.


Re: I think you have it the wrong way round

Government would sue AND jump.

Much like the British on holiday, NHS COVID-19 app refuses to work with phones using unsupported languages


Re: What about multiple languages?

Scottish Gaelic is in use in parts of Scotland.

It's really not, it has a handful of houses and some enthusiasts but that's it in a population of 5.5Million there's only something like 11K are classed as speakers of it and it's dying out rapidly.

Oh, the humanity! Microsoft congratulates itself for Teams inflicted on 115m daily users


Re: Constant interrupts

Set yourself to busy, don't answer. Same as telephone calls when you were in the middle or something.

I mean heaven forbid an adult has to adult..

Brit accused of spying on 772 people via webcam CCTV software tells court he'd end his life if extradited to US


Re: Team America: World Police

Most laws can be applied internationally, otherwise you wouldn't have international arrest warrants etc as they wouldn't be valid.

Where a crime was committed is key here, the crime technically was committed on US soil FROM the UK (allegedly) that allows for extradition.


That's not a reason to stop.

There are victims here, can he give evidence from the UK? If found guilty he's extradited?

I'm not a fan of the rather one sided extradition treaty we have with the US but that's a lot of potential victims to deny justice due to a threat, which is all frankly it is at this point.

How the tables have turned: Bloke says he trained facial recognition algorithm to identify police officers


Re: Portland

Unpopular opinion here and likely to get abuse from both sides but the problem isn't the police or policing of society in general.

It's the fact that police, particularly in the USA isn't by consent and holds itself separate from the society it was created to police. It adopted a "them and us" attitude which frankly has been reciprocated by mostly left leaning in that society.

The answer isn't bigger guns or more of them, it's both the police and society rebalancing, that's likely to happen after the USA election (whichever way it goes - that old man or the other one) I just hope it's without violence and BOTH sides accepting whatever the result is, because frankly neither is great.

British Airways fined £20m for Magecart hack that exposed 400k folks' credit card details to crooks


They should be forced to display a warning on any checkout pages for 5 years stating they have screwed up the past and that consumers should consider carefully before spending with them.

UK, French, Belgian blanket spying systems ruled illegal by Europe’s top court


Re: Nothing rhymed

Not all politicians enter into the field for power, most do I agree but there are many who don't.

Nominet refuses to consider complaint about its own behaviour, claims CEO didn’t mean what he said on camera


Re: Clearly out of control

They have reset the communications with everyone so that's OK then?

That communication will now be one way and F you if you don't like it.

Don't bother complaining as we have an excellent 100% track records of handling complaints we accept.

UK Parliament's human rights committee pushes for better protections of coronavirus contact-tracing data in law


Re: Next Steps

I'm convinced when he said "Bring me the Dido" he had a cold and they misheard.

Next thing we know she's in charge of stuff.

Nvidia to acquire Arm for $40bn, promises to keep its licensing business alive


Re: I would also have accepted


Apple to Epic: Sue me? No, sue you, pal!


Re: Monopolistic behaviour

It's not proof of anything, Epic broke contracts with both around the same time so it's hardly surprising.


Re: Monopolistic behaviour

Struggling to see how it's anti-competitive when the competitors are all forced to pay the same fees on the same platform. Likewise everyone who has signed up and paid the developer fees knows in advance.

Apple: Yeah, about those ground-breaking privacy features in iOS 14 – don't expect them until next year


Re: Disappointing they are delaying this change

I don't mind having the choice of whether it's enabled for specific apps as there are a few I probably wouldn't mind allowing in order to support them e.g. alternative streaming platforms.



Biting the hand that feeds IT © 1998–2021