* Posts by Anon5000

77 publicly visible posts • joined 20 Nov 2013


UK govt sneaks citizen database aka 'request filters' into proposed internet super-spy law


Re: I seem to have lost the plot

Police will be able to access all this information too. Without a warrant.

Has anyone lost 37 dope plants, Bolton cops nonchalantly ask on Facebook


Re: Does plod know?

"Once you have one good female, you are sorted for ever.."

Unless it's one of those feminised types that hates males.

OnePlus 2: The smartie that's trying to outsmart Google's Android


The original OnePlus One also had these same features and they are actually useful. I have multiple cameras installed so the gesture brings up a list asking which one to use although you can choose a default one to load if you want. Can also double tap the screen to wake it when it's off.

The original OPO recorded 4k video and also in high speed camera mode, so recording things like birds flying in slow motion was pretty cool. Also 3GB ram. All this stuff for about a third of the price of similar powered phones made the OPO very special. The OnePlus doesn't seem so special, just a cheap phone with similar specs to others on the market.

I'm surprised they didn't increase the ram and screen resolution in this newer model. So lazer focus camera, better EU LTE support, usb C (over hyped in their forums), a faster cpu with known overheating problems and a fingerprint reader seems to be the main differences, not tempting enough for me to upgrade.

Going by the certifications they have applied for, there may be different size versions of the phone. My only gripe with the original OPO was it was slightly too big to be used in one hand comfortably.

Latest Snowden leak: NSA can snoop internet to catch 'hackers' – no warrants needed


The spying network is mostly used for corporate espionage and gaining political advantage over the rest of the world. Just so happens that by spying on hackers they can get some 0-day exploits that their guys missed or they would otherwise have to buy from Vupen type companies.

Not that it matters as the only reason they do it all is...because they can.

Wordpress munching contagion turns Linux servers into spam bots


Re: Targeting platforms not OSes

Someone should make a Wordpress plugin vulnerability scanner and call it WPScan...


Re: I'm alright jack

The sarcasm is extremely misplaced in relation to this article. Both Windows and Linux servers would be vulnerable to the same Wordpress and/or Plugin vulnerabilities if this was the infection method. The only reason Linux is mentioned here is that the spam program is coded in Perl and hidden in an ELF binary, which would not run on a Windows box, thus the hackers only install it on pwned Linux boxen.

Can't fix stupid.

Apple Watch RIPPED APART, its GUTS EXPOSED to hungry Vultures


Watches for Dummies

Does one see instructions for how to do up the strap on the actual strap in the photo? Love the faith that Apple has in the IQ of the people who would purchase one of these watches...

UK rail signals could be hacked to cause crashes, claims prof


Thanks Prof David Stupples

Would never thought about hacking the system to help my train jump the queuing system at London bridge or Victoria at rush hour, but now....

CREEPS rejoice: Small biz Cisco phones open to eavesdrop 0-day


Love the story graphic, as listening with 3 eyes is better than 2 ears!

What was the vulnerable device story about again? Got distracted...by the big shiney picture at the top of the last site on the internet not to use HTTPs for their login.

Would YOU touch-type on this chunk-tastic keyboard?



If it was half the size and a tenth of the price, I would buy it.

A mini Bluetooth keyboard or even a small £5 usb keyboard connected might not look or feel as good in the hands as this product, but defo feels better on the wallet for what is essentially a plugin keyboard.

Don't count on antivirus software alone to keep your data safe


Zero day exploits do not bypass antivirus protection, no do they have anything to do with AV software as the article suggests. A 0day might be used as the initial step to get the malware on the machine but they are entirely different things.

Crypting your malware to avoid signature based detection, splitting and scattering the malware across many memory locations, unusual hooks to existing processes and also tricks to make individual AV's think they have crashed or timedout are just a few of the things that are done to bypass AV's.

'Legitimate work sites' should not be considered malware free. AD server farms sites that serve many top web sites are often compromised to serve malware and some even slip through the front door in that way. Both Google and Microsoft have had their ad servers serving up malware.

Take a layered approach to security and make sure to include network traffic analysis.

Pirate Bay data now tugged by IP-address-tracking current


Makes no difference for the general public if the pirate bay is behind cloudfare or not. It's not illegal to browse the site or download a .torrent file or magnet link from there. If anything illegal is done it's done at the users end and away from the site. Nothing logged by cloudfare is of any relevance. I would expect staff login in a different way, bypassing the cloudfare part and going directly, so that their details are not logged.

Connecting to a swarm of a torrent gives away your IP address anyway so that is where someone would have to worry, not over cloudfare logging their ip as visited a site.

Lets also not forget that downloading/uploading copyright content is not actually illegal in every country, so some tpb visitors will not be breaking the law of their land anyway.

Totally agree with the point made above that TPB should not be illegal as it hosts no copyright content at all, just links to places that do (or meta-data), in the same way as search engines and youtube search do.

Never use TPB back but glad to see it back and sticking its fingers up at the copyright cartels.

Anonymous: Snap on that Guy Fawkes mask, we're marching against child sex abuse


Re: Isn't this the equivalent of marching against malaria?

Think you will find this march is more about keeping the 'Westminster paedophile ring' (Pimlico house/Dolphin square?) investigation in the public eye so it cannot be swept under the carpet allegedly like many other investigation from around a similar time in history.

Not a general march against catching diseases from underage mosquito's or whatever.

Lizard Squad threatens Malaysia Airlines with data dump: We DID TOO hack your site


You are calling LizardSquad 'Hacktivists'? On what other planet does the author live on?

Almost as bad as labelling someone a hacker, when all they have done is purchased some time and zombies from a botnet owner.

Go Canada: Now ILLEGAL to auto-update software without 'consent'


Bono iPhone

Nothing in this that stops U2 albums being installed on your iDevice whilst you sleep though,

NSA: SO SORRY we backed that borked crypto even after you spotted the backdoor

Big Brother


....a complete load of utter bollocks spoken by that man.

We have the Snowden files that show the NSA is actively trying to subvert crypto standards so who is he trying to fool? Oh, the mathematicians that for some reason he thinks are stupid enough to believe anything the NSA says again.

What do UK and Iran have in common? Both want to outlaw encrypted apps


El reg appears to be the only site I frequent that allows logins that does not have https. Yay for backwards technology site.

Actually feel dirty logging in here naked. Time to finally get this sorted Reg!

Thumb Down

Encrypt Everything

Cameron is talking as if they have some pre-conceived right to view our private conversations. They don't!

I would rather the very small chance of being shot or blown up than to live in a totalitarian state where everything I say to someone else is added to a database where computers decide if I am potentially against the government or whatever,

The spooks are not worried about SSL as they can easily do man-in-the-middle attacks (some mobile carriers do this just to reduce network load) but they are having issues with the better encryption. Snapchat fixed an issue with symmetric keys which closed one hole and WhatsApp had proper advice from the guys who brought us TextSecure and RedPhone, meaning they are fairly robust in the encryption area.

TIme to start using encryption even when it's not needed, just to show disdain for the snooping laws.

Finnish bank takes cricket bat to wave after wave of DDoS varmints


A hunch says this is Lizard Squad kiddie related. So I gave him some change and he went back to his bell tower mumbling something about the queen,,,

NORKS? Pffft. Infosec bods BLAME disgruntled insiders for savage Sony hack


As much as I (and all the rest of you) would love to say 'I told you so', the evidence provided by Norse is as thin and circumstantial as the FBI's on North Korea's involvement.

Norse are putting their reputation on the line by saying all this publicly so they must believe they are right at least. No doubt they have witnessed the forum posts and irc logs with these Sony ex-employee's talking about their logins and there is a good chance this all stemmed from that. A lot more likely than NK being involved.

The FBI don't care about their reputation or livelihood as they will still have a job even if they turn out to be wrong. Like the Assad chemical weapons attacks and imminent Iraq attacks, after a while it can quietly be blamed on bad intelligence.

Until there is definitive prove (if there ever will be), i'll be trusting the one's not under employment of the US government.

JPMorgan Chase mega-hack was a simple two-factor auth fail


Cyberwar terrorism

Bank with 83 million customers effected, no blame on Putin/Russia and no one shouting cyberwar terrorists mericaaa!

MPAA connected Hollywood studio Sony gets hacked....

Someone wake me up when this perverse alternative reality nightmare ends

Misfortune Cookie crumbles router security: '12 MILLION+' in hijack risk


So many words - So little info

Really annoying to see a whole website full of loads of text that tells you nothing that could not have been said with just two sentences. Even advisories that give explicit details are a tenth of the size of all this twaddle.

It aint Shellshock or Heartbleed. Maybe a drip of a nosebleed.

El Reg Redesign - leave your comment here.


When the BBC changed their design a couple of years ago to something resembling this el-reg change, it was universally slated in comments in a similar way to what we see here. The BBC ignored all the comments about shit layout and gave lip-service about fixing the 'too much white' but basically changed bugger all. Full expect el-reg to do the same.

Although community created userscripts changed the layout back to something similar, ended up hardly visiting the BBC website after that change which is still the case to this day. Not only looked horrid but there was much less words and worded for twitter type first paragraphs and some crap about being 'media rich' to explain the stupid size graphics and limited text while pretending it had nothing to do with phones and tablets. A slippery slope to resentment which I hope the register do not continue to follow although deep down we know the answer already.

The Pirate Bay SUNK: It vanishes after Swedish data center raid


The world would be a better place without the likes of the MPAA and their lawyers that mock laws of every country before getting them changed using their donation accepting US government partners in crime.

Stopping the revolving door between government and the media industry jobs would help keep them more honest.

Some pirate just to keep money out of the hand of those nasty corporate lawyers and consider it their duty to protect their country.

All the time the media industry refuses to follow the market and tries to change it instead, there will continue to be piracy. How many other industries attack their potential customers instead of giving them the product they want?

EU law bods: New eCall crash system WON'T TRACK YOU. Really


I suspect this is because the security services are having problems with ANPR due to cloning of number plates, whereas a permanent tracker in a car gives a unique identifier. An added bonus of not having to pay for more ANPR cameras to gain better coverage and the cost is moved to the car manufacturer/motorist instead of the police/state/security services.

Needs a physical disable switch for the security conscious motorist. Or else Jolly John at the garage will be modifying unique identifiers in the engine management instead of turning back the mileage.

'Snoopers' Charter IS DEAD', Lib Dems claim as party waves through IP address-matching


ECJ / European Court of Justice

In April the ECJ declared the ISP data retention stuff invalid as it went against the “fundamental right to respect for private life and the fundamental right to the protection of personal data” which lead to some ISP's in Sweden deleting all the logged data of their customers. I would assume that UK isp's should be abiding by this ruling too while we are still in the EU. Theresa May is attempting to trump this ruling among the many other atrocities she is attempting to rush through without oversight.


3rd paragraph...

...before they mentioned PedoTerrorists.

Last one out turn off the lights


Re: Static addresses

It does make you wonder if they will force ISP's to have home routers firmware send MAC address info of devices and time of use in the future and are getting in the legal framework now. IPv6 will make it easier to identify individual machines too.

FTDI yanks chip-bricking driver from Windows Update, vows to fight on


Re: Question - what about MS folk who already installed?

Part of that long list of resurrection instructions includes running an EXE file from FTDI. So you have to trust an EXE from the very people who killed your device with software in the first place.

Like you say, most users of devices that stopped working will have no idea why unless they keep up with tech news and those who do may not have the expertise or confidence to attempt to fix it, if they can actually find the instructions. Even with el reg pointing to FTDI's tools page, I was unable to see which tool was needed for the job.

A complete clusterfuck yet FTDI are determined to keep going and continue to keep devices not working under the most used OS in the world, On top of that they have been totally unapologetic. They still think it's ok to stop consumers hardware working.

Chipmaker FTDI bricking counterfeit kit


Re: Microsoft stepped in ... ??

While the drivers have been withdrawn, FTDI are saying their replacement drivers will still contain code to make sure alternative devices still do not work under Windows.

Microsoft should tell them to get lost with any driver updates that stops equipment working. When Windows users start getting worried about driver updates and patches, MS will get the reputation hit with the fallout from unpatched systems.


Forget changing light-bulbs, how many FTDI employees does it take to downvote and post as anonymous cowards? 5 to down-vote and one to flash the AC box.


"Why is it that you feel that consumers who unwittingly purchase a counterfeit USB to serial gizmo deserve different treatment in the eyes of the law?"

Here in the UK it is not illegal to own counterfeit goods and i'm pretty sure it is not illegal to own them either. Certainly if you had a fake Gucci handbag it would not be removed from your person, unless you was selling the fakes. So that comment is is way off.

Many of these customers have no idea their product is fake or why a company has now broken it for them. As an example, I know next to nothing about electronics but recently got a chrome cast and wanted to root and a few usb micro controllers were suggested as cheaper alternatives to the Teensy to flash with the usb exploit. Even now I don't know if the one I purchased is a fake of something else, as electronics are not my area of expertise. For a company to kill that device with a driver update and for it to become useless to me cannot be seen as morally acceptable by anyone other than those with a twisted sense of judgement. The amount of lost hours such crippling could cause is also not acceptable.

Edit- Reading further this driver issue may actually affect me. After not having much luck trying to flash the image on to the Pro Micro board through linux I booted in to windows and tried flashing though an app there but had issues getting it recognised after the first flash, even though the drivers installed themself. Not been able to do anything with the controller since. Noticed the baud rate stuff so this board must have a usb to serial converter in and there is a good chance it's one nobbled by this update.

Thanks a lot for all that wasted time you utter twats at FTDI!

Put down that shotgun: Wi-Fi's the way to beat Zombies


Re: When I leave the house ...

Some devices and software versions still use the wifi and generate traffic with ssid info after you turn off wifi.

Far from a complete list of phones and versions that do and don't broadcast wifi after being switched off: https://docs.google.com/spreadsheets/d/14uMLtGAqHDlP505OEnkWbqRpyzO_FyPG72zBkinL26Q/edit?pli=1#gid=397346818

CSV versions for those allergic to google docs: https://www.eff.org/files/2014/07/02/ssid_leaking_devices.txt

How to marry malware to software downloads in an undetectable way (Hint: Please use HTTPS)


So, exactly the same as the techniques for 'targeted surveillance network injection appliances' that the NSA and co have been trying/using. Just a little bit late with this paper especially now this technique has come to light as already being used in recent leaks.

Kate Bush: Don't make me HAVE CONTACT with your iPHONE


The reason

Is she asking for 'crowd engagement' reasons or because someone somewhere has told she will lose billions to piracy if people record little clips here and there? That and the time the label wanting to get a fat wallet from selling the dvd/blu-rays will have to spend searching youtube so they can send DMCA takedown notices of 8 second clips.

People are usually happy to comply unless there is a profit reason behind such a request.

London cops cuff 20-year-old man for unblocking blocked websites


VPN's and proxies may be legal but expect the copyright police tell Paypal and other payment services to stop processing payments for public VPN services at some point. Rather than make them illegal they will try and bankrupt them out of business.

Someone needs to take the City of London police to court over their confusing name, as they are not real police. Even if they back out before it goes to court, the media attention would be enough to inform everyone that they are actually mickey mouse police. Maybe domain name registrars the other side of the world won't take websites offline after being sent misleading letters from the square mile corporate muscle.


Re: Jolly good work.

"If a store gives away free candy, I'm not going to go to the store next door to buy the candy."

I'm going to the store that gives me everything in one shop, with the least hassle.

Exclusive licencing deals = missing content, problematic silverlight, other drm blocking hdmi ports, etc compared to one website which has all the content and it works on any device. Not a hard choice.

I stopped buying media due to the way the media giants started getting heavy handed and interfering with the open internet. It's principle now. I'll happily run a not-for-profit proxy if this guy wins, which he should considering all the facts so far.

EU copyright chief: We could SMASH these infinite copyright contracts... just wait


Remote researcher

When you cannot stream legit copyrighted content due to having a rooted android phone or linux laptop because of DRM, even with a subscription that allows you to stream it, you can become a 'remote researcher' over a loosely secure VPN network and everything just works.

Sometimes it's not copyright laws that needs to change, it's the greedy corporations that try to keep an unhealthy amount of control through licencing clauses which would not be allowed in any other industry. The way they blocked VPN users from the US Netflix is another example of how they turned paying customers in to pirates.

Instead of you owning digital downloads it is often they are just rented or licensed to you so you never actually own them. They managed to sneak that one in under everyone's noses. So you can't lend your digital movie, music album or digital book to anyone else like you could a physical copy. Restrict people too much and they will pirate. Changing copyright laws won't change that.

YouTube in shock indie music nuke: We all feel a little less worthy today


Re: @ratfox

Comparing watching unlicensed content to stealing a car sounds familiar....

Microsoft: NSA security fallout 'getting worse' ... 'not blowing over'


Re: Duh!!!

Amazing that they thought it would just 'blow over'. It's not just a issue with their products that has not been fixed or won't be fixed in the near future, their reputation is shredded and their customers don't trust their data with them. That won't blow over even if there are claims they have fixed the US government problem through law, as we don't trust that will actually change anything.

Virgin Media boss AND ex-Murdoch man: BSkyB broadband is 'lousy'


Lousy VM Broadband

Sky's free broadband is the same as their paid adsl broadband. No different at all. Tom has lowered himself to the usual VM standard of misleading. No ASA to ban newspaper opinions like what usually happens to VM ads.

Having had both Sky and VM I would much prefer Skys lousy broadband over Virgins lousy oversubscribed broadband. Same with customer support and heldesk.

Mozilla agrees to add DRM support to Firefox – under protest



The media corporations want to control the internet and use it as their money making tool. Every time a company or country gives in to them, they get closer to that goal.

If the media companies want to utilise the internet than that's fine but then to change the internet to fit their business model is out of order.

Already I can't stream Sky go to my phone simply because it's rooted but even if I could, Sky block the OTG/HDMI port from being used due to ridiculous licencing agreements. So I can't use it because of DRM and even if I could, I couldn't plug it in to my TV even though I pay for Sky.

DRM also means there is no easy way to get it running on Linux. A HTML 5 DRM solution would be the best option but it's still DRM.

Don't get me started about Amazon prime streaming being only working on Kindle devices and not other tablets or Pandora not working because i'm in the UK. I could go on and on about most services, their DRM , geo location blocking and even blocking paying customers from using VPN's but it all boils down to the media corporations and their ridiculous licence agreements. Until everyone stands up to them and says NO, they will keep chipping away at usability to maximise their profit.

When it's more convenient to pirate something you have paid for, there is something wrong.

BSkyB broadband growth chopped in HALF


Re: Like rats from a sinking ship.

That is because you moved from a DSL service to a fibre to the cabinet product. Totally different to what you had before where the distance from the exchange played a part in the speed. It's likely that any FTTC isp you go with now will give you those exact same speeds.

UK bank heist-by-KVM gang sent down for 24 years after nicking £1.2m


The card swipe slot is on the keyboard so one would assume the data read from the card is pushed down the keyboards cable which is attached to the IP KVM switch. Probably not encrypted en-route but even if it was, there is a possibility that it doesn't matter as I suspect some sort of Port Replay was used. Just re-sent the data that had been sent previously through that keyboard port when a employee used the card to unlock the screen, which simulated the card swipe.

NSA denies it knew about and USED Heartbleed encryption flaw for TWO YEARS


Re: Not so unlikely after all

Loved their update in the the blog:

"This result reminds us not to underestimate the power of the crowd and emphasizes the danger posed by this vulnerability."

Just what could be inside Dropbox's new 'Home For Life'?


Re: Not my home since Snowden leaks

It's a Taiwanese company but I fail to see how that makes any difference unless you are inferring that every company with a US office backdoors their products? Tin foil hats are needed but cowboy hat sized is too big.

You have more control over your data when it's on your own devices and on your own network,


Not my home since Snowden leaks

Deleted everything on there as soon as it was obvious who had access. 50GB free due to having a Samsung phone isn't enough to persuade me otherwise. Stopped my phone from uploading photos there as soon as they were taken and now use a home NAS instead.

No amount of marketing or reputation rebuilding can bring back that sort of lost trust.

Italy has a clumsy new pirate-choker law. But can anyone do better?


@David W.

I just can't put my finger on whether you are pro or anti-copyright from that post. Similar to copyright lawyer waffle, lots of words but not really saying anything.



Similar to your Game problem, I have many issues with media DRM. Currently have a Subscription to Sky which gives me Sky Go tv streaming and also Amazon Prime which gives me their streaming service. I can't use either of them due to DRM and other protections.

Sky Go will not work on rooted android devices or devices that have a HDMI out port. They claim this 'protection' is necessary as right holders request it, even though they are fine for you to use the service on a Windows laptop with a HDMI port. Due to the Silverlight DRM protection you can't use their service on Linux either. Apparently there used to be an XBMC plugin which worked but they made sure that stopped working. So having a rooted android phone and being a Linux user, I can't use Sky go.

Amazon prime also uses Silverlight DRM so Linux is not supported. My Smart TV recently had it's final firmware update and Amazon prime wasn't added as an app. I did manage to get it streaming briefly on Linux using Pipelight (an emulated silverlight trick) but it was hit and miss and the quality was terrible.

So I have subscriptions to two services and can't use them. My server however can download Game Of Thrones/ripper episodes in high quality and then I can stream them to any room in the house using XBMC on some raspberry Pi's. I can also stream them to my android devices wherever I am. Am I considered a nasty pirate when I already pay for access to watch these series but none of the legal services can actually provide them to me due to limitations by the forced DRM and blocks? Remove that DRM and I can use the legal service I pay for.

UK cops: Keep yer golden doubloons, ad folk. Yon websites belong to pirates


Re: 'Evidenced and verified'

None of what the City of London Police do for their Hollywood friends has any basis in law.

Previously they have 'asked nicely' some admins, with public whois details who reside in the UK, to close down their site but not taken any legal action. They also wrote to domain registrars to ask them to suspend domains even though there was no legal basis and often the sites were not registered or hosted in the UK, so totally our of their jurisdiction too.

Now once again we see them attacking sites based on MPAA/RIAA wish list without any legal oversight and probably no jurisdiction again either.

The City of London Police are just corporate lap dogs using their name in an attempt to achieve results without any legal backing.