Posts by Doctor Syntax

HSBC

@Voland's right hand

I doubt they've improved since I also fired them about 10 years ago.

At that time the process for settling an HSBC credit card via an HSBC bank account was clunky - I'm sure it was trying to hand over from one system to another and trying to make it look seamless. Whatever, one night it clunked a little too much and failed. I tried to give them a friendly heads up and their sole response subsequently confirmed in writing was that "we don't support Firefox and Linux"; no attempt to even listen to the information they were being given or recognise that I wasn't looking for support for my software. Neither Lloyds, Barclays or the Coop had any such restrictions. Together with the fact that they'd closed my preferred branch they got the push.

About a year ago I took a look at their First Direct arm. Their internet banking page stated that "PCs and Macs connected to Local Area Networks are not supported". I pointed out that any broadband connection uses a LAN to connect to user's machines. They promised to look into that and get back to me. I'm still waiting and that nonsense is still on their site today.

Re: Demarcation?!?

" It beggars belief that all these utility companies don't have better network designs."

In the circumstances "design" seems too strong a word.

Re: Waste Of Time

' if the international community just owned up and said "look our satellite spotted the plane going in to the sea at this point"'

Relies on a fact not in evidence as Parry Mason used to say.

Re: Of course the FBI's effort was a smoke screen or for precedent-setting purposes...

As I wrote in another thread, never start a fight you don't know you can win. They thought they were OK & then found out they were starting that fight.

Re: format before any use...

"can penitentially attack your gadget or PC."

I confess I'm still trying to get my head round that.

@Symon

At the level the guys in the article are dealing with you paranoia is SOP.

"Even those you get at discount IT shops might be suspect."

My point was that, given the complexity of today's supply chains, how do you know that any item is trustworthy?

Re: Sigh. Windows vs Linux again.

"If I decided to switch my 200 user company over to Linux....where do I get professional hands on service and support for users and infrastructure?"

How should we know, we don't even know where you live? But you could start by looking. You could well find that there are half a dozen local Unix freelancers who are looking for the opportunity to add another line of business. Maybe some of them are even reading these comments.

Re: And the moral is.......?

"iding file extentions....yes, fine i get it, but doris the 50 year old secretary doesnt and bnever will."

That's another thing your IT dept needs to do: training. Include a little testing - like a phishing email that will check whether she's still falling for it.

If she proves untrainable then maybe it's time to think of moving her somewhere where she can't damage things. The security of your business is worth more than your secretary's feelings, especially if it's a hospital where life & limb could be at stake.

Re: Sigh. Windows vs Linux again.

"I've bought a new HP colour laser printer (Ethernet connected) and I'm trying to get it to work with Mint."

It's just the old device/ driver/OS issue. It can affect any OS. I've never had problems with Linux and HP. OTOH when I tried the preview of W10 it wouldn't recognise the HP printer I've been using for years. It's more the attitudes of the device manufacturers than anything else.

Re: And the moral is.......?

"what's your source for pinning the blame on Windows?"

I'm not sure what the OP had in mind but there are a few possibilities. One is the way Windows is normally set up to be "helpful" by hiding file name extensions so as not to confuse the users. As in confusing them into thinking that something labelled, for instance, invoice.jpg.exe might be harmful.

Then there's the fact that Windows often seems to be run with the user as a local administrator so that anything they've been tricked into running has more privileges than it ought to have.

Taken together those make Windows users more vulnerable than they should be. Add to this that, being the most widespread platform it's a major target but make no mistake, if Linux was common enough to be worthwhile it too would be targeted. In fact, malicious Javascript could attack any browser of client that doesn't run with scripts blocked. The dependence of the modern web on JS makes such blocking inconvenient but that's a different complaint.

But Windows itself really isn't the problem.

One problem is the nature of email: it's too easily forged. The From: line can say anything and there's no way of even attempting to check without the time and skill to delve into the headers, two resources which a busy office worker probably doesn't have. A big improvement would be an email system which requires signing so that the signature could be checked against the public key of the alleged sender and bounced if it failed.

Another is that every operating system allows any program to write to any file based on user privileges only. If, for instance, only your office suite was allowed to write to word processor files and spreadsheets a random encryption program couldn't touch them (I exclude powerpoint files - encryption might be an improvement).

A third is that file systems generally don't have separate permissions for deletion or versioning so it's possible for malware to delete the old file if it applies a new suffix to the encrypted file or to overwrite the old one if it doesn't.

We need to design systems on the basis that they will be under attach - at present everything assumes well-intentioned and well-trained users in a benign environment. We're not there any more.

Re: Or join the 21st century.....

"avoids silly Stand Ups, and only have good Stand Ups "

The "no true Scotsman" approach.

Re: Or join the 21st century.....

"what the hell is happening in the business"

This may be a very brief requirement but it's a actually quite a good one and one which suits an iterative process. To any given level of detail it has a deliverable and if more detail is required another iteration will produce another level. When the client says they've got enough or spent enough it can stop. A different requirement might not be so suited to that approach.

What's really problematical about it is that the board didn't know what the hell was happening in the business in the first place.

Re: Nation-state?

Simple to describe, simple to implement utter nightmare to run to completion.

FTFY

Re: The tinfoil hats are strong with these ones.

You forgot 4. They want a precedent that can be gradually widened to get a backdoor inserted into any S/W they choose. That's the really dangerous one.

" wonder if the FBI had suspicions the judge assigned to the case may come down on the side of Apple and decided that wasn't a precedent they wanted setting."

This is my suspicion. There's an old saying 'don't start a fight you can't win'. They thought that they could do this by taking it to a magistrate, assuring her it was all straightforward and getting a warrant without letting Apple be heard. What with Apple contesting it, with heavy-weight amicus briefs and a few influential voices saying that other parts of the govt favour encryption they're now thinking this is a fight they can't win. Maybe the recent zero-day is what they're using to back down gracefully. Maybe Zdziarski's right (I'd have thought this would have been something NSA would have looked at way back).

I'm sure what they really want is a precedent to get backdoors put into whatever they want and if this looks as if there's any possibility that this could go against them they'll wait for another chance somewhere else.

Re: Phone in hand.

There's also a big difference, in principle, between cracking one phone in hand and cracking a few dozen other also in hand together with an unlimited number not yet in hand. In practical terms there isn't. But principles matter.

Re: Not a win for Apple

"Not really a win for Apple if it turns out the phone can be easily cracked without help from Apple."

It could well be this zero-day: http://www.theregister.co.uk/2016/03/21/zero_day_apple_grapple_dredges_imessage_photos_videos_in_ios_9/ in which case it'll be fixed for regular users.

Re: Govt Property.

"What kind of IT Manager issues a Govt owned device where he doesn't know the pw?"

From what I've read, one who bought a device management package and didn't use it.

Re: precedent

"The prevalence of homophones" is good reason to take care in selecting the right one.

Re: Infected industry

@Gray

You have a point but please realise that some of us who are saying that users shouldn't be blamed for not knowing what they need to know in order to know what they need to know* are also pros (or retired pros). Personally I'm shocked at the number of people here who expect that a SOHO user or whatever should be an experienced sysadmin.

The public should be better served. They should be better served by the platforms they're sold, they should be better served by the vendors and they should be better served by Government who have better things they ought to be doing than mass-surveillance.

*Yes, Sir Humphrey got there first.

Re: Infected industry

"But it could be avoided if a little effort was made to understand the 'beast' and how to tame it."

The fact remains that she went to people who were supposed to help her.

Another poster mentioned front-line support & heart surgeons. Let's pursue that line of thinking and imagine that medicine isn't regulated. You feel ill. You roll up to someone at a good address with an impressive brass plate beside the door. You are you to know whether you're visiting a heart surgeon or an apothecary with a good address and a brass plate? You tell them your symptoms and accept their diagnosis and assurances in good faith; you've "made a little effort" but you don't have the required knowledge to tell whether it was the right effort and you didn't realise that you needed to do 1st MB to be able to tell the difference.

Re: Starved of information: 3 things never learned from Randomware tech articles...

"users may think they're saving without an .ext but really, the file has an extension and Windows is just hiding "

This little gift of Windows is part of the problem. cat_piccy.jpg is really cat_piccy.jpg.exe and Windows lied to you.

Re: Great sympathy with the User but ....

"They are a retail outlet that has grown quite large and diversified into Computer Retail (mainly Domestic & Small Business end of the market.)."

Not quite correct. They started out as a specialist computer retailer - in Croydon IIRC. They grew into a chain and were then taken over by a bigger chain.

Re: No! No! No!

"The restore strategy dictates the backup strategy, not the other way around."

They are not two separate things. There isn't a backup strategy and a restore strategy. There's a keeping-things-going strategy whose components are backup and restore.

Re: No! No! No!

"tell me, in detail"

Do that and user's eyes glaze over. What they want to hear is reassurance. That's what she was given when she bought it.

Re: "a virus flooded my laptop instantly corrupting all my files "

"There's no way it could have instantly encrypted all of her documents immediately after opening the dodgy email...."

This is true. What probably happened was all sorts of oddities which panicked her. When that happened to my cousin-in-law she did the right thing - maybe by chance - and switched off. In this case it's difficult to say what happened but I do wonder if she tried to do the recovery with the virus still active and got her recovered files encrypted - or tried to do a backup and backed up the encrypted files, or both.