* Posts by EJ

242 publicly visible posts • joined 9 Jul 2007


Cops raid home of ousted data scientist who created her own Florida COVID-19 dashboard


Welcome to Trumpistan.

Days before the US election, phishers net $2.3m from Wisconsin Republicans


Criminals stealing from criminals...

Top doctors slam Google for not backing up incredible claims of super-human cancer-spotting AI


"We're calling the effort: Theranos II."

FCC accused of colluding with Big Cable to game 5G legal challenge


Re: I hope they nail Pai and his cohorts

Under normal circumstances, this wouldn't be an issue. However, when Penguin was elected president and he's hired the Joker, Riddler, et al to fill out his administration, Batman is up against it.

Stalk my pals on social media and you'll know that the next words out of my mouth will be banana hammock


... but throw in your friends are Eric, Michael, Terry, John, and Graham, coupled with the fact you're a recently arrived Hungarian, and we could completely surmise it.

Oracle boss's Brexit Britain trip shutdown due to US government shutdown


It's in there

I'm surprised it isn't buried in the Oracle licensing agreements that Mark Hurd and Larry Ellison are to be considered world citizens and are not subject to mortal law.

My 2019 resolution? Not to buy any of THIS rubbish


Re: Hospitality sector had it coming

Booking.com buried my bed bug horror story about the small motel where I experienced enough discomfort to seek medical treatment (photos of my neck and arms still make me itch). TripAdvisor.com did not.

Guess which one I recommend folks use for researching their stays?

What happens when a Royal Navy warship sees a NATO task force headed straight for it? A crash course in Morse


Re: The Polish ship in the photo is not a destroyer..

Disappointed this wasn't pointed out in Morse code...

Your two-minute infosec roundup: Drone arrests, Alexa bot hack, Windows zero-day, and more


Re: When we're told to use a password manager

As long as your browser's password manager has a password assigned to it as well (last I knew, Firefox does, Chrome recently added it, and IE still doesn't, as well as IE's not being sync'd between machines), I'd say you're good.

Uncle Sam fingers two Chinese men for hacking tech, aerospace, defense biz on behalf of Beijing


Re: Facing Justice

Translated: "We're hoping they make the mistake of leaving the mainland and enter a country that looks the other way while we grab them and bring them to justice."

A few reasons why cops didn't immediately shoot down London Gatwick airport drone menace


HERF gun

Time to get going on the ol' HERF gun again.

US told to appoint a damn Privacy Shield ombudsperson already or EU will take action


I'm retiring at the end of January..

... and will be available after then. You can just put my name down.

American bloke hauls US govt into court after border cops 'cuffed him, demanded he unlock his phone at airport'


"The officers also insist such searches are rare." *

* More frequently if you're of "suspicious" descent.

You're legit and you know you are... Thanks to chanting racist footie fans, linking to dodgy stuff isn't necessarily illegal (well, in Europe)


Re: So......

As the great US journalist Norm Chad says... "Pay the man, Shirley."

He's not cracked RSA-1024 encryption, he's a very naughty Belarusian ransomware middleman


Next you're going to tell me...

... that he's not a real doctor.

Customers baffled as Citrix forces password changes for document-slinging Sharefile outfit


On the bright side

Nearly every user who received one at my company reported it as a potential phishing attack. Even our security team was confused by the message when we evaluated it (suspicious content but legit links). Wasn't until we saw a Twitter conversation by ShareFile claiming they were legit before we finally gave the thumbs up on performing the password resets.

Wanna save yourself against NotPetya? Try this one little Windows tweak


Like a US drug commercial...

What are the side effects?

Q: If Pesky Pepper had a peek at patient papers, at how many patient papers did Pesky Pepper peek? A: 231


...people "have been placed in a position of trust, and with that trust comes added responsibility".

But of course, no added compensation.

Wow. Apple's only gone and killed off Mac, iPad, iPhone family... figures for units sold to fans


Re: Revenue up, units down

Just keep raising prices and removing features. There's nothing unsustainable about that.

What? That's mad. The obvious solution is to convince consumers they need 6 of everything.

Bomb squad descends on suspicious package to find something much more dangerous – a Journey cassette


Be good to yourself

Nobody else will.

This one weird trick turns your Google Home Hub into a doorstop


Re: So the HomeHub has an undocumented API backdoor

Is it Larry Page or Sergey Brin that are the single down votes of all the critical opinions in here?

Sorry friends, I'm afraid I just can't quite afford the Bitcoin to stop that vid from leaking everywhere


Re: Racist?

Frank Ly - Don't worry, I got your irony.


Re: Racist?

As a white hetero I'm unable to rule on that, but it was otherwise brilliant.

You patch my back(up) and I'll patch yours... Arcserve bugs burrow remotely exploited holes in UDP storage systems



Anyone else notice the shadow cast by the flyswatter in conjunction with that fly? Either that flyswatter is amazingly small or it's the end of days...

Equifax exec's inside trade shame: Software boss sentenced for mega-hack stock profit


Crime pays - more so for the others mentioned in this story than Bonthu.

Mozilla grants distrusted Symantec certs a stay of execution, claims many sites yet to make switch


Name and shame, name and shame.

Why are sat-nav walking directions always so hopeless?



Sunny Cali goes ballistic, this ransomware is atrocious. Even our IT bill will be something quite ferocious


From the SD Tribune story:

"The Port of San Diego said Wednesday it is investigating a highly sophisticated cybersecurity threat to its technology systems that is currently affecting the public agency’s ability to process park permits and records requests, and perform other business services."

... "highly sophisticated cybersecurity threat"... sounds much better than "some plonk clicked on a link/attachment that they shouldn't have".

NSA dev in the clink for 5.5 years after letting Kaspersky, allegedly Russia slurp US exploits


Re: So let's look at this again (again).

You're conveniently leaving off the most important step:

"Classified spyware ends up in Kremlin agent hands"

That'll help you with the Kaspersky guilty logic jump... makes the leap that much easier to make.

Ooof! Cisco Webex has been down for 7 hours – and counting


Still issues

The Webex icon on my business iPhone is still reporting "Waiting...", as it has since this debacle first started. Or is that some fresh hell they've stepped into?

Virus screener goes down, Intel patches more chips, Pegasus government spying code spreads across globe


Re: Scanning for viruses is illegal?

1) Read the EULAs - my guess is this case likely violated agreements in some fashion. 2) Aiding and abetting is a crime last I checked... you'd probably ring up some charges if you tried to run an Uber-like service for bank robbers, too.

Couldn't give a fsck about patching? Well, that's your WordPress website pwned, then


How hard can it be to keep patched?

Newer versions of WP simply update themselves, and as far us plug-in updates I get an email notification when a plug-in needs updating, and that's simply logging into the site, clicking 'Updates', and then checking the box for the plugins to update. A minute later, it's all updated. Total time spent updating the site? Literally less than 2 minutes.

Check out this link! It's not like it'll crash your iPhone or anything (Hint: Of course it will)


Defused now?

403 Forbidden on iOS 12 Safari...

Princely five years in US big house for Nigerian biz email scammer


They've got controls - they don't send money until it's been requested.


1) " attempted to con their targets out of more than $25m" - key word being 'attempted'.

2) It never says what they netted total out of their attempts - the few examples they give add up to $710,000 - so the ability to compare the fine to their proceeds is impossible.

Trend Micro tools tossed from Apple's Mac App Store after spewing fans' browser histories


Re: 1 - 2 - 3 - Not it!

I know no one is reading the EULAs for anything because if you did, you wouldn't consent to most of them. Our Procurement department is now going over EULAs with a fine-tooth comb. Purchases that used to take 60-90 days from selection to product-on-site are now taking upwards of a year, if the vendor agrees to negotiations in the first place. I'm still waiting to hear how they made out with negotiations with Fydor, who they told me they were going to contact to hammer out an agreement. "Fine," I said, "but while you're doing that we're going to go ahead and use his Nmap product anyway."

Feel the shame: Email-scammed staffers aren't telling bosses about it


Re: Tech Savvy Millenials

"Sweeping generalisations about groups are stupid..." <Step 1. makes complaint about sweeping generalizations>

"They are amoung the youngest in the company, meaning the most naive and lowest down the food chain..." <Step 2. makes sweeping generalization>

Welcome! Mimecast finds interesting door policies on email filters


Re: A study?

I have no doubt that Mimecast saw the less-than-stellar performance of Microsoft's filtering. How you address that weakness is where the advertising then comes in.

If you have to simulate a phishing attack on your org, at least try to get something useful from it


Re: Seeking The Best Phishing Education and Testing

Sounds like KnowBe4...

No, eight characters, some capital letters and numbers is not a good password policy



And it's free... except for the inevitable dialogue with their sales team, but they are low pressure and actually pretty good to work with.

Microsoft: We busted Russian Fancy Bear disinfo websites

Paris Hilton

I read this story on The Register's sister site over at theREALregister.co.uk and it says this is all a misunderstanding, and that all of these foes of Trump are foreign agents.

SentinelOne makes YouTube delete Bsides vid 'cuz it didn't like the way bugs were reported


The update should be added to the top of this story, El Reg...

India's Cosmos bank raided for $13m by hackers


More than banks get those FBI

"a confidential alert sent from the FBI to US banks" - it's sent to more than just banks because I got it, too, and we're not a bank. It was from an FBI-issued PIN (Private Industry Notification, # 20180809-001) and was marked "TLP: AMBER" (Traffic Light Protocol), meaning it can be shared among others in your peer and partner organizations.

Google Spectre whizz kicked out of Caesars, blocked from DEF CON over hack 'attack' tweet


Time to find another host city.

Firefighters choke on Oracle's alleged smoke-and-mirrors cloud


"In truth, Oracle drove sales of cloud products using threats and extortive tactics,"

Welcome to Oracle's business model!

FCC sets a record breaking $120m fine for rude robocalls


Re: "As for fixing the robot all problem"

In a country where it's legal to shoot someone who has come into your house uninvited, it should be the same for a phone call. You can't bring your soapbox in unannounced, set it up in the kitchen, and exercise your first amendment rights.

Castaway hacker guilty of sedating children's hospital computers


It's a bit further of a sail to Cuba from Canada than from Florida.

How hack on 10,000 WordPress sites was used to launch an epic malvertising campaign


Resource allocation. Invest in the product, which sorely needs the support and attention.


Security researchers at Check Point should quit messing around and fix their incredibly buggy security blades that charge arms and legs for.

A curious tale of the priest, the broker, the hacked newswires, and $100m of insider trades


Re: Not a priest

You missed the "Slavic" part....