* Posts by YetAnotherJoeBlow

351 publicly visible posts • joined 5 Apr 2015

Page:

UEFI flaws allow bootkits to pwn potentially hundreds of devices using images

YetAnotherJoeBlow

On the other hand...

On the brightside, when a business type asks a tech - can he fix it so that when his computer boots can it display a picture of my daughter?

Sorry, security risk...

Linux luminaries discuss efforts to bring Rust to the kernel

YetAnotherJoeBlow

How I think about it: The crates that Rust needs will have to be kept in tree - certain dependencies are not easy to maintain in tree.

Former Reg vulture takes on Nominet – by running for board seat

YetAnotherJoeBlow

Will he get the votes to force the board to act?

I hope so!

NHS data platform procurement delayed for a second time

YetAnotherJoeBlow

So...

Matthew Swindells swindles?

Unhappy about excluding nation-state attacks from cyberinsurance? Get ready to pay

YetAnotherJoeBlow

Cherry picking...

If a miscreant wanted to really stick it to a company - Engineer the malware on a, say Iranian (false flag), computer with the proper time zone, language, GPS, etc. I would bet now some companies might pay the ransom.

Insurance companies must not be allowed to cherry pick events to avoid covering say a hack. In the U.S. some states have laws like that. Or else floods, earthquakes, or fire insurance would not be sold. Sorry, those are the risks in the insurance industry.

Quantum computing startup IonQ lands on Microsoft's Azure

YetAnotherJoeBlow

"Chapman claimed Aria was "a computer that is over 130,000 times more computationally powerful than our previous cloud offering..."

Only if you can express your problem as a combinatorial optimisation problem, for example.

I wonder how many people would bet the farm on quantum computing - like our friend Peter is doing?

The truth about that draft law banning Uncle Sam buying insecure software

YetAnotherJoeBlow

"...submitted bill of materials is free from all known vulnerabilities or defects affecting the security of the end product or service."

It does not sound ambiguous to me, especially since the supreme court is full of constitutionalists.

What this would stop is selling software with a known bug - like Apple selling IOS to Uncle Sam with a known security vulnerability, like a VPN data leak for instance.

Oh wait...

Two years on, Apple iOS VPNs still leak IP addresses

YetAnotherJoeBlow
Thumb Up

"Apple's awareness looks indistinguishable from ignorance."

I have never been able to figure out why Apple ignores El Reg...

Russian invasion has dangerously destabilized cyber security norms

YetAnotherJoeBlow
Trollface

Your posting history makes for interesting reading, comrade.

Virgin Galactic delays commercial suborbital flights again

YetAnotherJoeBlow

I can not help to wonder what was the actual status of the rocket that launched the first flight?

Sage accused of misselling perpetual licenses it knew would soon be obsolete

YetAnotherJoeBlow
Megaphone

One day...

These companies that obviously lie unforced, deserve the black book. How could you ever trust them again, especially so if it is your accounting data!

One day the SaaS pendulum will swing back the other way - I'll be there when it does.

FileWave fixes bugs that left 1,000+ orgs open to ransomware, data theft

YetAnotherJoeBlow
Unhappy

I stopped reading when I read "...uses a hardcoded shared secret..."

Uh huh.Rank amateur.

Analysts question pace of SAP users moving to S/4HANA

YetAnotherJoeBlow

Re: "60 per cent of customers committing to run S/4HANA on the cloud were new to SAP"

"So basically he's saying fuck the old customers, welcome to the new..."

SAP also says this to their employees as well.

Crypto lender Celsius in Chapter 11 deep freeze

YetAnotherJoeBlow
Flame

What I want to know is why the judge gave Celsius so much money for operating expenses and to retain their employees. What exactly is everyone going to be doing? It sounds like another expense that will come out of their customers pocket - but hey, they keep their jobs.

It seems that the principals were made mostly whole already with their customers funds as well - that is the real reason for halting withdrawals - so those in on the "deal" can exit nicely.

As an aside, I hate that they call these scams crypto. I work with cryptography quite a bit. If someone asks what kind of software do I write - I have to bother to explain that no I'm not one of the scammers.

Tech world may face huge fines if it doesn't scrub CSAM from encrypted chats

YetAnotherJoeBlow

Yet again...

I have been encrypting mail before I send it for several years now - all automated (meaning no mess, no fuss.) The feds do not think that this will become common? Remember more and more tech savvy kids are born every day.

If crypto is banned, then encryption will be used more than ever - plus that horse already left the barn.

W3C overrules objections by Google, Mozilla to decentralized identifier spec

YetAnotherJoeBlow
Unhappy

What makes it so difficult to give people what they want? Time and time again another spec gets forced down our collective throats. Nobody listens anymore - companies think that they are far too important to actually listen to anyone who knows what they are talking about - from program features to security to ease of use. Especially security.

Microsoft gives its partners power to change AD privileges on customer systems – without permission

YetAnotherJoeBlow
Stop

And what if one of those unapproved accounts gets used as the attack vector? While I am not litigious by nature, I would sue everyone and their grandmothers - then retire.

Cisco warns of security holes in its security appliances

YetAnotherJoeBlow

Slogan

Cisco - the Adobe in routing.

The internets back door - we've got your back!

Consultant plays Metaverse MythBuster. Here's why they're wrong

YetAnotherJoeBlow

To paraphrase...

It is clear that we are only at the beginning of the hype cycle as we know it today. As experimentation broadens, there will be an explosion of hype that will transform the way we work, play, connect, and engage. Brands will need to define their hype strategy – and the decision on which path to take will depend on what they believe about their own hype and the investment required.

Microsoft forgot to renew the certificate for its Windows Insider subdomain

YetAnotherJoeBlow
Happy

"Maybe Window's scheduling systems aren't all they are cracked up to be."

Maybe Microsoft is not all they are cracked up to be.

FTFY

HP turns back on $1b in annual sales by quitting Russia and Belarus

YetAnotherJoeBlow

I can not help but wonder if say HP (or others) think come tax time next year, there will be nice tax cuts for them based on what they claimed their hit was as the government says thank you.

IBM's self-sailing Mayflower suffers another fault in Atlantic crossing bid

YetAnotherJoeBlow

What is scary is the number of businesses that have bet the farm on automation and eliminating salaries (except theirs).

Wait tll that bill becomes due...

Safari is crippling the mobile market, and we never even noticed

YetAnotherJoeBlow

I sent some money to Waterfox - and I will keep doing that. Waterfox does not hate their customers either.

Export bans prompt Russia to use Chinese x86 CPU replacement

YetAnotherJoeBlow
Unhappy

Re: Russian politics aside

Looking at your other posts like this makes me feel sorry for your students.

Researchers find 134 flaws in the way Word, PDFs, handle scripts

YetAnotherJoeBlow

So we needed user supplied executeable code in a document for what reason again?

RAD Basic – the Visual Basic 7 that never was – releases third alpha

YetAnotherJoeBlow

When I taught my son scripting - for school, I used python. When I didn't see the light come on, I used FBC, and he was off. A month or so later he was into Python, after that C and C# on windows.

Windows 10 still growing, but Win 11 had another bad month, says AdDuplex

YetAnotherJoeBlow

The whole point of Win11 was to inflate the hardware requirements to initiate a hardware refresh cycle.

Accenture announces 'Accenture Song' – not a tune, but a rebrand

YetAnotherJoeBlow

Wow - so this is what our best and brightest are doing? For once I am at a loss for words.

Samsung, others test drive Esperanto's 1,000-core RISC-V AI chip

YetAnotherJoeBlow

Me too...

ditto

Cisco's Webex app phoned home audio telemetry even when muted

YetAnotherJoeBlow

"Webex uses microphone telemetry data to tell a user they are muted, referred to as the 'mute notification' feature. Cisco takes the security of its products very seriously, and this is not a vulnerability in Webex."

The arrogance is appalling. Caught.

Samsung boss Lee Jae-yong in trouble again – this time over financial filings

YetAnotherJoeBlow
FAIL

The problem is that the government will only do business with Samsung - hence the graft...

Beijing approves first new video games in nine months

YetAnotherJoeBlow
Thumb Down

China does not like video games because the games may plant the seed of discontent.

Singapore to license pentesters and managed infosec operators

YetAnotherJoeBlow

Some regulation is OK.

If mandatory, it should cost no more than a drivers license.

HP finance manager went on $5m personal spending spree with company card

YetAnotherJoeBlow

Is it just me or does HP have a problem with due diligence ?

DoJ accuses Google of training staff to make 'false requests for legal advice'

YetAnotherJoeBlow

Re: Gee, Thanks Google

This is just standard legal practice for a big company. hahaha

So, how deep does the stench go? In fact, I would subpoena the employees that did so - let

them feel some heat - maybe the employees might say no the next time.

Microsoft's New Commerce Experience: Cloud resellers concerned

YetAnotherJoeBlow

So...

We are on step 3 already. Twist the screws.

Another data-leaking Spectre bug found, smashes Intel, Arm defenses

YetAnotherJoeBlow

Actually...

According to my friend (an EE for a large mfg.), Speculative execution was designed solely as a performance win.

so when a statement implying a discussion - "which engineers ended up prioritizing performance over security:"

that discussion never happened.

The long-term strategy behind IBM's Red Hat purchase

YetAnotherJoeBlow

Re: IBM will become RedHat

You better go to the doctor for that.

Analysis of leaked Conti files blows lid off ransomware gang

YetAnotherJoeBlow

Will people learn?

Like most cyber crooks, if businesses kept their kit patched, Conti would be out of luck.

CrowdStrike offers fully managed identity-threat-detection-as-a-service

YetAnotherJoeBlow

There was nothing in the article telling what they do different or better from the standard methods I use.

Intel blasts Bitcoin mining, unveils own mining kit

YetAnotherJoeBlow

Credibility...

"A single ledger entry in Bitcoin consumes enough energy to power your house for almost a day. That's a climate crisis. That's not okay,"

"But in under a minute in that same interview"

"Intel's bringing forward a blockchain chip that's dramatically better,"

And that is arguable.

Credibility it seems, is meaningless.

'Hundreds of computers' in Ukraine hit with wiper malware as conflict continues

YetAnotherJoeBlow

-And so it was - very underwhelming too... everyone waiting for the other shoe to drop.

Google offers privacy audit tool to app developers

YetAnotherJoeBlow

Google cares about privacy - to ensure that Google is not sharing that data with others.

Samsung shipped '100 million' phones with flawed encryption

YetAnotherJoeBlow

yet again...

For the life of me, why does industry refuse consultations with academia on encryption? It is beyond incompetence, it is malfeasance.

WeChat, AliExpress added to US Notorious Markets list

YetAnotherJoeBlow
Facepalm

So buying a hardened brake caliper cap screw from China a bad idea?

Cambodia cans critics of its snoopy Internet Gateway, says every nation has one

YetAnotherJoeBlow

“As the internet became a publicly accessible information and communication platform, there was no debate about whether it should fall under government supervision – only about how such control would be implemented in practice.”

As Rogier Creemers - a China expert said once.

Swipe left: Snoops use dating apps to hook sources, says Australian Five Eyes boss

YetAnotherJoeBlow

Re: Yes it's done in plain sight

Especially since the New York Times is such a stalwart of decency and democracy.

Vice Society said to be behind digital break-in at UK umbrella and accounting group

YetAnotherJoeBlow

More of the same...

"...we will inform you as a matter of urgency should we uncover that personal data which is likely to result in a high risk to you has been leaked."

That "high risk" should be Optionis' risk. Pay up.

As soon as they said Experian, you know that Optionis could not care less.

FBI seizes $3.6bn in Bitcoin after New York 'tech couple' arrested over Bitfinex robbery

YetAnotherJoeBlow

I read that the feds got their big break

from The Alpha Bay seizure. Walked right into it.

Always encrypt client side before storage anywhere.

I imagine if it was encrypted on the cloud, it was as

good as gone.

Somehow I have a feeling the cloud is very leaky.

After all, clouds make rain.

12-year-old revives Unity desktop, develops software repo client, builds gaming environment for Ubuntu...

YetAnotherJoeBlow

Best advice...

Do not steal his childhood.

Page: