Never seen a SCADA system compromised yet...
...without some random technician plugging in a "sheep dipped" USB stick or "clean" laptop absolutely hoaching with malware.
Posts by CommanderGalaxian
306 publicly visible posts • joined 21 May 2013
Air-gapping SCADA systems won't help you, says man who knows
French say 'Non, merci' to encryption backdoors
Sunday 17th January 2016 00:15 GMT 
"So, the watered down alternative proposal is for everyone to provide a set of spare keys to the police, who may use them to enter when they please, in the name of national security of course."
Why exactly do you think insurance companies insist that you have British Standard compliant locks?
Hello?
Ross Ulbricht lodges (another) appeal of Silk Road verdict and sentence
Friday 15th January 2016 20:06 GMT
Of course, confession evidence has never been coerced and never been shown years later to have been falsified. We shouldn't worry though on this one, as the main prosecution investigators are now convicted fraudsters. What could possibly go wrong when the state employs people of such high integrity?
Remember - "beyond all reasonable doubt".
Brit 'naut Tim Peake preps for Space Station launch
Tuesday 15th December 2015 20:34 GMT 
Not the 1st Brit in Space or on the ISS
At last. Finally. Finally, Finally. An article that doesn't repeat the utterly incorrect: "Tim Peake will be the first British Astronaut in [Space|ISS]".
Well done El Reg for accurate reporting in the face of Establishment and Mainstream Media hooraying propaganda.
No root for you! Google slams door on Symantec certs
US government pushing again on encryption bypass
Goldman Sachs to patent Bitcoin
The Edward Snowden guide to practical privacy
Friday 13th November 2015 02:17 GMT
Re: The word is out - TOR is compromised!
TOR has never claimed to be immune to types of traffic flow analysis (i.e. the "intercept all traffic" thing). The problem is balancing usuability in real time with anonymity. If you want to play with those that are designed to deal with that kind of attack, you need to look at using CypherPunk remailers and FreeNet.
IT contractors raise alarm over HMRC mulling 'one-month' nudge onto payrolls
Friday 13th November 2015 01:48 GMT
Re: This does not compute
No. That's not the case. You could be on the payroll after one month.
Believe it not, this is actually a concession by the taxman/George Osborne.
In the previous recent statement on redefing the defintion of self-employment, freelance work and IR35 status, HMRC had proposed, from day one, to ignore contracts, ignore existing case law and ignore existing status tests (mutuality of obligation, substitution, direction and control (that's the how, rather than what and when)) [pass anyone and you are *not* an employee].
What HMRC proposed (and may still be proposing) was contacting the client and asking them whether or not they thought the contractor was under the employer's direction and control - knowing full well that somebody in the personnel department is not in a position to make this judgment - but would almost invariably reply "Yes" - and would instruct them to add the contractor to the payroll and begin deducting tax and NI as though they were an employee - unless the contractor agreed to have their own PSC payroll supervised by the engaging client - and make tax and NI deductions as though they were an employee of the client.
The contractor would be free to appeal the decision and if HMRC agree that he/she should be treated as self-employed, then they will refund what's due once he/she has done their annual tax return.
Friday 13th November 2015 01:24 GMT
Re: Long overdue
"how will this kill of the IT industry? you can still be a contractor, you can still do work for multiple companies, just the loopholes currently used to minimise the tax paid will be reduced or closed. You won't get away with earning £10K per year and taking £X0(0)k in dividends paying just 20% (or what ever) tax. Maybe you'd have to pay the same rate of tax as permies."
First off, the income tax position is relatively neutral regardless of whether you pay by salary or by dividend - what is now being proposed (among other things) is in effect an *additional* tax on people *who work* and earn and pay through dividends - noting that those who do not work but collect dividends will only pay at the normal prevailing rate(s).
Additionaly, expenses such as travel, B&B, other accommodation etc which are incurred as part of the job, will no longer be tax deductible. This rule will not be applied to large companies - only freelance workers.
It is certianly going to make it very difficult for anybody to take a contract anywhere other than local.
Shadow state? Scotland's IT independence creeps forth
Friday 13th November 2015 00:33 GMT
Re: What is driving this?
Simple - in the case of CCTV - many do not work now and need to be replaced. You're hardly going to waste money replacing them only to find they are incompatible with police control rooms.
And the Scottish Government does not have the intention of bringing in any sort of ID card scheme. This constantly seems to get exaggerated into something Orwelian when the intent is to rationalise different numbering systems across health care systems.
As for the Named Person Scheme (whose intent is to pick up on signs of abuse earlier rather than later) - those leading the campaign against it are not Civil Libertarians - they are the usual cluster fuck of anti-vaxers, home schoolers and right wing christian fundamentalist wingnuts.
PGP Zimmermann: 'You want privacy? Well privacy costs MONEY'
White House 'deeply disappointed' by Europe outlawing Silicon Valley
Police Scotland fingered for breaching RIPA code 'multiple' times
Tuesday 22nd September 2015 14:04 GMT
Re: Hold on there commander
Westminster elections are First Past the Post - and with 50.1% of the vote SNP took 56 out of 59 Westminster seats in Scotland (which is 95% not 89%).
But blaming the SNP for UK Westminster election rules seems bizarre.
Holyrood elections (which are the ones of relevance to the day-to-day governance of Scotland) are a combined First Past the Post system and a form of Proportional Representation (known as Additional Member System) - which means it is difficult (though not impossible) for any one party to hold an overall majority of seats; so sorry, no one party state results, despite the rantings of the swivel eyed zoomer Unionists and their lackey running dog press.
Here's an explanation of the electoral system in Scotland (complete with worked examples) if you are really that interested: http://wingsoverscotland.com/ams-for-lazy-people/
And yes, the Quango system needs fixed - yet another problem mess inherited from the incompetent Labour unionists. Funny how they said it was the dog's bollocks when they were running the show, but now that the boot is on the other foot...
Monday 21st September 2015 22:22 GMT
"Nice to see the SNP's brownshirts are doing their job."
Please expand - Anonymous Coward - as Police Scotland report to the Scottish Police Authority - a non-political quango (set up by legislation passed by Tory, Liberal, Labour, SNP, Green and SSP in the Scottish Parliament) that is not under the direct control of the Scottish Parliament let alone the Scottish Government let alone the SNP?
Symantec fires staff caught up in rogue Google SSL cert snafu
AVG Censorship
Sunday 20th September 2015 12:12 GMT
AVG Censorship
There's an article in Slashdot (http://yro.slashdot.org/story/15/09/19/1319201/avg-proudly-announces-it-will-sell-your-browsing-history-to-online-advertisers) noting that AVG will now sell on your browsing details to advertisers (apparently just for the freebie version).
However, what is really amusing, is that the paid version of AVG tries to block me from reading the Slashdot URL by informing me that "Could be a Trojan horse Hosts".
A similar article critical of AVG on Softpedia (http://news.softpedia.com/news/avg-proudly-announces-it-will-sell-your-browsing-history-to-online-advertisers-492146.shtml) also triggers the AVG anti-virus alert.
Bye, bye AVG.
Global warming stopped in 1998? No it didn't. If you say that, you're going to prison
Astroboffins EYEBALL 13 BEELLION-year-old galaxy far, far, farthest away from Earth
The Onion Router is being cut up and making security pros cry
Ashley Madison spam starts, as leak linked to first suicide
MIT boffins identify Tor hidden services with 88 per cent accuracy
New study into lack of women in Tech: It's not the men's fault
Ashley Madison hack: Site for people who can't be trusted can't be trusted
Facebook flings PGP-encrypted email at world+dog. Don't lose your private key
Wednesday 3rd June 2015 14:20 GMT
Re: Security from whom?
You misunderstand how PGP works - you are uploading your public key - whether to Facebook or a public searchable directory of keys - that then allows anybody (NSA/GCHQ included) to send you an encrypted message - but only you can decrypt that message with your private key.
The public key cannot be used to decrypt a message sent by somebody else to you.
Adult FriendFinder hack EXPOSES MEELLIONS of MEMBERS
Ukraine conflict spilling over into cyber-crime, warns former spy boss
Sony tells hacked gamer to pay for crooks' abuse of PlayStation account
Thursday 2nd April 2015 12:00 GMT
Don't assume that people who purloin details splurge massive amounts. Afterall, how many people actually check there credit card bills thoroughly - and how many would simply think - if they see an unusual 49.99 - "...damn, must have been something I bought, can't remember what it was now though...".
Belgium to the rescue as UK consumers freeze after BST blunder
Monday 30th March 2015 12:19 GMT
Stuff BST
I'm guessing you don't live in Scotland - since if you did - rather than accussing "Jock farmers", you'd find just about everyone can't be arsed with BST and would prefer if the damn time was just left at GMT the whole year round - and for exactly the reason you've managed to get arse about face - BST makes it darker in the mornings the further North you live - so as far a light levels go, people in Scotland *are* effictively getting up an hour earlier than people in the South of England.
Princeton boffins sniff Tor users' IDs from TCP ACKs and server sweat
Monday 16th March 2015 13:11 GMT
TOR is a rather better VPN than most VPNs! A 2009 study compared various anonymity systems. VPNs in general came up short. Presumably you are envisaging using a commercial VPN to connect to the entry node to obfuscate things further - then it depends on assumptions - the most significant being that those wishing to deanonymise users haven't already backdoored or are actively monitoring the VPN.
Using a VPN with TOR is a bit like putting a layer of 64bit encryption on something already encrypted with 4096 bit encryption. It's better, but the effort to deanonymise the VPN traffic will be a lot less than the effort to deanonymise TOR traffic.
Snowden leaks LEGALISED GCHQ's 'illegal' dragnet spying, rules British tribunal
Friday 6th February 2015 13:11 GMT
Re: soo.. illegal things are ok as long s they were done in the past?
No, no, no....not that either - it is because a third party told on you and thus it became known what you had done, that things went from illegal to legal (and henceforth for ever more).
Previously I had thought that sort of thing (witness evidence) formed an excellent basis for prosecution - but apparently I was mistaken.
Fascinating really when you think about - if you rob a bank, then just as long as nobody knows it was you, then you are a criminal, but as soon as somebody grasses you up, that act of grassing by a third party automatically causes you to become innocent!
Superb!
David Cameron: I'm off to the US to get my bro Barack to ban crypto – report
Peers warn against rushing 'enhanced' DATA SLURP powers through Parliament
What do UK and Iran have in common? Both want to outlaw encrypted apps
Erik Meijer: AGILE must be destroyed, once and for all
Computer misuse: Brits could face LIFE IN PRISON for serious hacking offences
Hey, non-US websites – FBI don't have to show you any stinkin' warrant
Radio hams can encrypt, in emergencies, says Ofcom
Smart meters in UK homes will only save folks a lousy £26 a year
Uber, Lyft and cutting corners: The true face of the Sharing Economy
Friday 29th August 2014 12:48 GMT
IR35
"By contrast, London’s biggest firm Addison Lee provides its own cars, but registers its drivers as self-employed."
Surely the whole point of being self-employed is that you provide your own tools and equipment to do the job? Anything else and you are a "disguised employee".
This is the sort of practice that allowed HMRC to bring in the IR35 legislation in the first.
Boffins attempt to prove the universe is just a hologram
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Dungeons & Dragons relaunches with 'freemium' version 5.0
FBI: We found US MILITARY AIRCRAFT INTEL during raid on alleged Chinese hacker
Monday 14th July 2014 12:31 GMT
Re: So
I guess they could have done the same as the Chinese guy who used to work at the same place as me. Just drag and drop endless amounts of functional specs and test documents into an online Chinese portal. When quizzed about it he just said that it was to translate English documents into Chinese so he could better understand them. Management shrugged their shoulders and said - "oh ok then, whatever".
UK gov rushes through emergency law on data retention
Thursday 10th July 2014 12:06 GMT
Re: No problem for me then !
"Can someone actually provide a detailed definition of "dangerous indiviual"."
Well according to the most recent information, that would be anyone who:
1) Uses Tor
2) Uses Tails
3) Reads Linux magazines
4) Uses Linux?
5) Reads websites whose content is privacy or security orientated.
For example - a website like this https://prism-break.org/en/
HTH.