* Posts by Halfmad

855 posts • joined 16 Jan 2013


Stop us if you've heard this one before: Exchange Server zero-days actively exploited



Always on a Friday.

Europe just might make it easier for people to sue for damage caused by AI tech


I don't see any issue with this.

Particularly as the NHS is using AI in many, many more health related decision making processes. Not that I think our government will for a second adopt similar legislation.

School chat app Seesaw abused to send 'inappropriate image' to parents, teachers


Colorued waffle?

Anyone for some coloured waffle?

UK hospitals lose millions after AI startup valuation collapses


Heads should roll

I am not a fan of cancel culture or firing for the sake of it but there are serious ethical issues at these hospitals and arguably compounded by financial incompetence.

You could argue that it was an exchange and not purchase - but I'd argue that value was purchased with patient information, highly unethical and is in financial reports = it's been bought somehow, exchange of goods.

ICO should have it's big boots on and the boards need clearing out.

UK, South Korea strike data-sharing pact


Re: Pi-Hole

For the lols go to the daily mail before and after setting it up. The difference is insane.

Sadly it's not an entirely blank page which would be the ultimate improvement.

British Army Twitter and YouTube feeds hijacked by crypto-promos


Re: The standard

Oh they care.

Bigwigs will not be pleased.

Start using Modern Auth now for Exchange Online


Re: "it essentially hardens all email users who rely on Microsoft Exchange Online"

Don't forget it also encourages them to adopt other related products to secure their Microsoft Exchange Online.

Not much of this actually from 'China anymore,' says Northern Light Motors boss


Re: Sourcing everything from the UK

and most of that coal comes from one place, a surface level mine that's almost the size of a city.

Cisco compresses Catalyst switches to compact size


Re: None of those are "home office"

I'd be happy with a 5MB/s thanks.

NSO claims 'more than 5' EU states use Pegasus spyware


Because those supplying the phones are happy with the status quo.

Your data's auctioned off up to 987 times a day, NGO reports


As an added bonus.

For your added benefit we also fingerprint your activity, device and track your usage all over the internet even when someone else uses your device we help you by attributing that use to you as well.

You are welcome.

FBI warns of North Korean cyberspies posing as foreign IT workers


Outsourced development

Reminds me of the developer who outsourced his own work abroad and simply rocked up to work, switched his PC on and let the third party remotely do his work for him each day. Took a while for him to be caught.


Legacy IT to blame for UK's inflexible benefits system


Blame the IT but..

I would put money on it being a LACK OF KNOWLEDGE problem instead with the people who knew or understood the system in depth having left for retirement etc and there being insufficient documentation.

They likely need to more or less start from scratch.

Engineer gets Windows 11 working on a Surface Duo


Requirements are included to ensure a consistent experience and reduce support calls due to under spec'd hardware but they should always been seen as a guide.

I can't remember the number of times my PC in the 90s didn't meet requirements for AutoCAD or games - yet I used it perfectly happily.


Windows 7 could have been supported for longer but was becoming a complete mess of code. That was part of the bonus of Windows 10 although it's going the way route.

The need for new OS isn't always to punt new machines, Linux variants offer updates just as often, not from a commercial stand point. A lot of it is code housekeeping.

The bigger question is why MS can't keep it's code tidy on new OS for longer.

Study: How Amazon uses Echo smart speaker conversations to target ads


It's mining your interactions with it irrespective of whether you make a purchase or not. Any interaction can be used and that could also be accidental - or why not even expand that to be passive listening and mining since that's how the devices have to operate in order to be ready to respond?

It's not ridiculous to complain that you are unaware of essentially dubious use of your interactions

Former NHS AI leader joins US spy-tech firm Palantir


from her bio: "Break the silos and let's get S*** done."

Silos are sometimes there for a good reason.

Five Eyes nations fear wave of Russian attacks against critical infrastructure


Re: I have just one question

Those of us working in CNI were aware of it before the invasion. What you should be asking is what CRITICAL national infrastructure needs warning and to be told to "shields up" just on the days we might be at risk.

We're at risk 24/7.

Meta strikes blow against 30% 'App Store tax' by charging 47.5% Metaverse toll


Early tactics

Set the price high then claim you are oh so generous when you drop it later.


Re: leaving $0.53 for the Creator before any applicable taxes

No doubt their 47% will somehow result in almost or absolutely zero taxes going to countries the items are purchased in either because "Meta".


Re: Good news..

Who decides what the disinformation is though?

As per Facebook those with the biggest wallets whether it's Russia, US, UK etc.

Elon Musk's latest launch: An unsolicited Twitter takeover


Re: Money can't buy maturity

He never joined because of the restrictions over how much stock he could own.

That would suggest he planned to buy more from day one.

Google Play pulls sneaky data-harvesting apps with 46m+ downloads


Re: " D-Link suggest that you retire these models ASAP"

Planned obsolescence ?

Even accidental as may be the case here should result in some form of compensation.

Russia (still) trying to weaponize Facebook for spying, Ukraine-war disinfo


Re: Pull the plug , Scotty.

Not the brightest spark are we?

Even if we could disconnect them entirely, what about civilian reporters, journalists etc who are providing the truth of what's going on - do we really want to cut them off too? That's what would happen, the veil would fall and what little scrutiny and independent evidence gathering and exfiltration would stop.

UK Ministry of Defence takes recruitment system offline, confirms data leak


Re: "sources finger Capita-run system"

It's similar in most governmental frameworks or the price is weighted so heavily that other concerns can never be enough to counter balance it.

Research casts doubt on energy efficiency of 5G


Smart meter

Obvious solution. I've been told it reduces energy use, government said so.

Idea of downloading memories far-fetched say experts after Musk claim resurfaces in latest Neuralink development


Re: I don't see a problem in his statement.

He spouts about possibilities with little science backing it up. Hyperloop, fake electric truck etc etc.

Sure he occasionally gets it right and he's certainly someone worth following as I do think he's absolutely necessary to have - people pushing for more, better, faster and change but he's not worthy of the idolisation he gets, he's wrong far more than he's right.

Thing is when he is right he makes people wealthy so you can see why they speculate on his BS.


Re: I don't see a problem in his statement.

I think he's been watching too much Harry Potter, they essentially do this in Dumbledores study.

Put bluntly, Musk is an innovator but what he says rarely matches what is done by his companies and in many cases can be proven false by current science or his live displays - his truck glass for instance, his hyperloop which is just currently a 1KM tunnel with human driven cars in LA.

We need people like him but I'm sure investors wish he'd pipe down occasionally with the nonsense.

UK Home Secretary Priti Patel green-lights Mike Lynch's extradition to US to face Autonomy fraud charges


Re: It's complicated

All for it if we have anyone worth considering as a replacement. None of the parties are brimming with ethical competent people these days.

Crack team of boffins hash out how e-scooters should sound – but they need your help*


I'm more worried about us not having any strategy for recycling them, other than landfill.

should be illegal to use until this is in place and ideally owners pay.

You might want to consider the cost of not upgrading legacy tech, UK's Department for Work and Pensions told


Fingers crossed

This is done before I retire in about 20 years. Assuming the retirement age isn't moved again.

Cryptocurrency 'rug pulls' cheated investors out of $8bn in 2021 – report


I don't believe that for a second. I do however think that a VAST majority of people involved CLAIMED to have made good money out of it.

Nobody likes admitting they lost money on something like this to people they know.

Brit MPs blast Baroness Dido Harding's performance as head of NHS Test and Trace


Plenty of poster boys like that in politics too.

Sh!t floats.

Zoom-o-cracy: Wales MP misses vote, allowing COVID-passport rule change, blames the IT dept


Re: Can't fix

The same type that will grill you over business continuity while having no plans of their own.

Autodesk was one of the 18,000 firms breached in SolarWinds attack, firm admits


I was a CAD draughtsman back in the 90s on a DOS version of AutoCAD. I remember the costs back then were insane and I joked that one day they'd find a way to do away with the dongles and screw the company over some other way.

Later on I found out about the subscription models they were adopting, constant need for updates etc and realised they'd found that mechanism..

Facebook sat on report that reveals most-shared post for months was questionable COVID story


Re: Why the outrage?

It would be different if they didn't publicly bang on about transparency, fairness etc.

Then do the opposite. This is just people calling them out on their BS.

SolarWinds urges US judge to toss out crap infosec sueball: We got pwned by actual Russia, give us a break


It won't, it'd just create more, smaller ones doing the same thing.

Monetary penalties which put the C-suite at risk personally would help.

UK public sector should be mandated to grade procurements with a weighting of cyber security at 20-30%, currently any procurement I've been involved in security is worth at most 5%, in many cases less. While cost will be 40-60% of the weighting.

All that does is mean we buy cheap insecure products over and over again and then people like me are given the impossible task of trying to manage risks around products we thought were horrendously insecure.

When companies fail to get business because they are insecure they will start to take it seriously.

We can't believe people use browsers to manage their passwords, says maker of password management tools


Why on earth would I want to entrust my info to MS or save in a MS keychain?

Eggs in one basket much?

There's little difference between the use of something like kwallet and say bitwarden.

It had to happen: Microsoft's cloudy Windows 365 desktops are due to land next month


Re: The way forward?

Not reliable, little change control, zero business continuity etc.

Where does my senior management sign up?

8-month suspended sentence for script kiddie who DDoS'd Labour candidate in runup to 2019 UK general election


How do you know both my PINs ?

*calls police*

Nominet is back to 'the same old sh*t' says Public Benefit campaign chief as EGM actions grind to halt


Re: "the company must be run on a commercial basis"

10 Instigate purge

20 Same old sh!t

30 goto 10

'Set it and forget it' attitude to open-source software has become a major security problem, says Veracode


This is just vulnerability management though, doesn't matter what OS or application it is - the same methodology can work fine.

It's not even a Windows V Linux discussion point tbh.

UK gains 'adequacy' status on data sharing with EU, but making that stick all depends on how much post-Brexit law diverges


Re: It's a feature not a bug

Given the way NHS England are planning to use GP data I'm surprised this hasn't been a warning to the EU already.

VMs were a fad fit for the Great Recession. Containers’ time has finally come


honestly because experts are paid to tell us otherwise.

But yeah, fit the tool to the job, not the other way around.

South Korea’s nuclear research agency breached by North Korea-affiliated cyberattackers, says malware analyst group


Re: Why is North Korea connected to the Internet ?

Even if split along national lines it will be trivial to link up a PC to that national "internet" and remotely access it via satellite etc even if there is no physically connection to do so - which there would be anyway thanks to telephone lines.

Even if there's an entirely different networking technology underlying it there will always be a way around it

Ex-Brave staffer launches GDPR sueball in Germany over tech giants' real-time bidding for ad inventory


Re: Previous approach

and Amazon will ask Microsoft, who will ask Yahoo and they all all cite each other as reliable sources.

The corporate circle jerk will be endless.

UK product safety regulations are failing consumers online, in the IoT, and … with artificial intelligence?


The EU safety regs didn't stop Grenfell, product safety tests done in the UK may not either.

Proper on site surveys of buildings, which used to be done years ago may do so - if the companies conducting them can be held liable should they miss something.

It's not just a case of checking products though, especially in construction and manufacturing but also how they are applied, what methods of treatment are used, what products are near, touching, heating/cooling, have current going through them etc.

It's a bit like welding box sections in bridge construction, it CAN be effective but if done incorrectly introduces stresses within the material which MAY affect performance depending on the type of bridge the box section is part of.

It needs a layered approach to safety.

Ryuk ransomware recovery cost us $8.1m and counting, says Baltimore school authority


Re: Erm

This is the problem with Cyber/Info Sec, some products are easier to show ROI on than others and many it's very much a benefit which end users don't see or don't notice e.g. less down time.

I frequently use incidents like this, Wannacry etc to show what can happen and I'm a huge fan of risk assessments as a way to make senior management accountable for what is or is not done. Sadly that doesn't seem to be done in many companies though.

After staff revolt, Freenode management takes over hundreds of IRC channels for 'policy violations'


Don't worry we can shoehorn in "cyber" and "AI" so we get the best buzz words.


Re: Sinking

Almost feels like an attempted to force closure of Freenode to be honest. It's digital self harm.



Biting the hand that feeds IT © 1998–2022