* Posts by Gareth79

17 posts • joined 3 Feb 2014

Schools email marketing company told us to go away when we told them of exposed database creds, say infoseccers


The content of the email was published - it had full details of the issue and exactly how it needs to be fixed, with no demands for payment or use of their services. There was also no "hacking" involved. Basically the company got a free warning of a serious vulnerability.

Their 'next job could be in cyber': UK Cyber Security Council launches itself by pointing world+dog to domain it doesn't own


Can confirm, I knew a group of Morris Dancers and many were programmers/IT, mostly retired, and beer drinking was a significant part of the culture.

The UK's super duper 1,000mph car is being tested in Cornwall


Re: Cool, but why?

The education aspect was a key part of the plan as a hook to get public funding and support.

The team would have done it purely for the challenge anyway (like climbing a mountain, "it was there") but they clearly enjoy that it's helping encourage children into STEM education, and pushing schools into teaching younger children at a more advanced level than before.

His Muskiness wheels out the Tesla Model 3


Re: It will retail for just $35,000

I had a brand new Leaf and the insurance was about £320 - so for me about £100 more than a worthless shed. I think at the moment electric car drivers are likely to be a much better risk than the general population so it offsets any increased repair costs, obviously a mass market car will produce different statistics eventually. It's also possible that they aren't subject to certain types of damage, eg. a front-end impact might run critical parts of a petrol engine but the motor in an electric car might survive. Likewise I have waded my Leaf in flood waters I probably wouldn't have risked a petrol car (and in retrospect, probably wouldn't have taken it again, but there you go).

Oops! Facebook outed its antiterror cops whilst they banned admins


I'm not surprised that employees do moderation on their personal accounts. I know a few people who work there and I recall that they often do testing/dev using their personal accounts even though there is an "internal Facebook" for that, and sandbox/test accounts available.

Another interesting thing - to visit their offices you have to sign into your Facebook account to get a pass.

Dishwasher has directory traversal bug


An example of a devastating exploit would be to wash everything at 20 degrees C but report out that it was washed at 200.


By the looks of it, the 8528 is a very high end labatory glassware cleaner and disinfector with many programmes and reporting facilities, so it's not surprising it might have a fully featured controller (heck, some hospital beds have touchscreen TFT controllers!)

However, you'd expect software updates for your £tens of thousands dishwasher.

Smart meter firm EDMI asked UK for £7m to change a single component


Re: The pi-zero w is less than £10 and I bet it would do all they need and more.

Powered by a turbine wheel in the water supply perhaps? I guess that wouldn't work for constant low usage though.

Cloudbleed: Big web brands 'leaked crypto keys, personal secrets' thanks to Cloudflare bug


The only difference between sites with malformed HTML and not is that the malformed sites would look like they were hosting the other site's sensitive data. Ohwait that's not good actually!

'At least I can walk away with my dignity' – Streetmap founder after Google lawsuit loss


The problem is that I'm sure Google is ranking their site on each page's merits, and it looks they are auto-generating millions of pages for each postcode and street name. Each of those would be ranked fairly badly since the page content is almost identical (even if the map tiles are parsed). Obviously Google is detecting place name searches and plugging automatic links straight into Maps.

One other interesting thing - their robots.txt has some curious entries. It looks like when people make a complaint about their personal data somehow being included in page data, the admins put the URL into the robots.txt file rather than an on-page meta noindex.

Heathrow airport and stock exchange throw mystery BSODs


Re: Ancient coin counter

Glad it's not just me who was boggled at how the coin machine needs the customer to type in the account details but the notes machine has a card reader! Still it's better than most other banks which have no way to pay in coins other than going to a cashier (and possibly needing to bag them up).

Brits unveil 'revolutionary' hydrogen-powered car


Brake feel

I wonder how the brakes feel on this - I have a Leaf and there is a B mode (and Eco which is similar) where the regenerative effect is increased, and the brakes take less effort to engage. The unnerving part is that when the battery is full charged there is NO regen (because there is nowhere to 'put it') and the brakes need a greater effort. It's one thing to wake you up in the morning when you forget!

edit: Oh yes, I'll add to the chorus of comments that the design is pretty poor. I know they are constrained with having to use pre-made lighting components and maximising aerodynamics but jeez....

OnePlus One cut-price Android phone on sale to all... for 1 HOUR


I managed to pick up one of these in the "20,000 invite warm-up" thing after randomly spotting it on Twitter, and it is a nice bit of kit really, nicely made for the money, and Cyanogen is an excellent version of Android of course.

One *major* problem - they shipped it with a Shucko-type charger and one of the nasty-cheap UK adapters that you (or a child) can do all sorts of dangerous things with:


DVLA website GOES TITSUP on day paper car tax discs retire


I suspect a lot of the load is people who think they need to do something today, but actually don't.

The media were all "the car tax system is changing 1st October and you could get a £1,000 fine!" so I expect there are people panicking over nothing.

Forget bonking, have ONE OFF THE WRIST with Barclaycard's bPay


I have a bPay band, it works fine and it's a neat idea with a few flaws at present:

- All your purchases are batched under a single top-up on your bank account, you need to review the bPay account to see what was bought

- The card is quite small (a bit larger than a mini-SIM) but it's inserted into a thick pocket in the wristband and the overall 'bulge' is HUGE and uncomfortable.

- Because it's "one size" the wristband is fastened by pressing a very flimsy plastic clip into holes, this takes AGES and doesn't seem safe at all. It's far too thick to stretch over your hand and I'm sure the clip would break very quickly.

- You can't go out with just the wristband because obviously not everybody accepts contactless, and it can fail.

Hacktivists dish out DNS hijack to PayPal, eBay


Re: Saturday evening...

This is what I saw at around 16:48:


It reverted to a cPanel default page fairly quickly, and then the DNS entries were dropped from the "dnforu" servers.

This was the Nominet whois at the same time, clearly showing the rogue DNS servers:


It was like that for at least an hour and a half, a crazy slow response. I assume they were locked out of the Markmonitor systems!


"a very small subset of people visiting a few marketing web pages of PayPal France, UK"

A FEW marketing pages? The FRONT PAGE, ie. ebay.co.uk was hijacked for two hours, and visitors' cookies would have been spewing to the rogue server. I didn't check PayPal at the time (I was an affected user) but I assume it was the same.

They changed the DNS servers to a couple of random ones. If the attacker had been more malevolent they could have put a fake login form on and had a field day.

An interesting problem is that when whoever owned the server that was hosting the hijack page discovered the problem they disabled the account, which 301 redirected to a "site suspended" page. On many browsers a 301 is cached for a very long time, so when the affected people visit ebay.co.uk they will be redirected to something like www.ebay.co.uk/cgi-bin/suspended.cgi (which 404s) until they clear their cache.


Biting the hand that feeds IT © 1998–2021