* Posts by Fitz_

63 publicly visible posts • joined 14 Jul 2015


Codename Brainwave: Microsoft reveals tricks and tips for whipping cloud FPGAs into shape


Re: More FLAs please

For the benefit of anyone wondering, it stands for Field Programmable Gate Array and they are basically fancy chips that can reprogram themselves on the fly.

They are used in high end networking kit, and if memory serves, someone quite a few years ago hooked up a proto-machine learning algo to some with the goal of transmitting a message between two points. They returned to find the message being sent and received, but could not work out how it was occuring until they realised the FPGAs had reconfigured themselves in a primitive radio.

Nosey ex-NHS staffer slapped with fine for illegally peeking at medical records


Re: How many more ...

"If you access patient x's records then are you currently treating,dealing with or recently dealt with said patient, if not then it throws up a flag."

...why do unrelated people have access to records that do not concern them in the first place?

Aah, all is well in the world. So peaceful, so– wait, where's the 2FA on IoT apps? Oh my gawd


Apple’s macOS Sierra update really puts the fan into 'fanboi'


Well all I can say is... I have a 5-year old MacBook Air and it runs Sierra just fine. No overheating, no fans spinning up (well - unless I visit the awful Odeon website...)

I'd be checking for any apps, services or launchdaemons you might have installed that might not be Sierra-friendly.

Aussie Aussie Aussie, oi oi oi you, you're fired: Apple sacks staff secretly snapping shoppers


"if you hand in a Mac for repair the form you fill in on a tablet they give you asks you to give them your user password."

I've never been asked for a password for Apple hardware repair, but then I am the sort of person who takes an image of the drive and zeros it before taking it in.

What's losing steam at Apple? Pretty much everything


Re: Wrong turns

'Save as' is still there - just hold option when you click the file menu.

Meet Riffle, the next-gen anonymity network that hopes to trounce Tor


If it's sending messages to all nodes, and an attacker controls some of those nodes in known geographic locations with precise clocks, could the attacker analyse traffic to determine geographic location of the client based on packet timing and latency?

Apple crumbles: Mac sales slump while Dell, HP Inc, Lenovo shift PCs


I know it doesn't fit the anti-apple circlejerk narrative, but the reason for this is Apple haven't updated their laptops for a while, and are strongly rumoured to be announcing new models in September. Buyers are anticipating new models in a few months.

No means no: Windows 10 nagware's red X will stop update – Microsoft


Re: Yes, I know, but Apple --

"Well that's bullshit. Every fecking day I go to my iPhone and it'll say "Oh I need to update. Do you want me to update?". So you press later, then it wants to know a time when it can remind you."

This is happening because it's already downloaded the update and is wanting you to kick off the installer. If you don't want this to happen:

Settings -> iTunes & App Store -> Turn off 'Updates' to prevent updates automatically downloading in the background.

After that, Settings -> General -> Storage -> Manage Storage -> tap the update, delete it.

It won't bug you any more.

iOS10 bloatware deletion


Re: I agree some of that is bloatware, but Contacts?

As they are listed on the Apple Store to re-download, it looks like they will free up space while allowing Apple to update individual apps without an entire iOS upgrade.

Forget Game of Thrones as Android ransomware infects TVs


Re: Killing TVs, a step too far

"Last time I checked, a Smart TV is incapable of plugging in a network cable itself, or even attaching to your WiFi without the password. If it is on your network it is because you put it there."

I'm guessing you don't deploy anything within arms reach of users. Aside from that, many TVs are pretty useless when not on the network, particularly in enterprise environments where they will be used for information display etc.

Wayne Rooney razzles in X-Men: Apocalypse plug


...having now seen the film

...this doesn't look so bad in comparison. More like 'X-Meh'.

Fox certainly know how to ruin something.

Bypass the Windows AppLocker bouncer with a tweet-size command


...so block regsvr32.exe with AppLocker.

Toshiba notebook disk drive slims down. You like that, gamers?


Re: I fail to see the point

" if the controller on that goes bang... you have a lot of NAND chips sitting there with bits and bytes on them that are rather useless without the associated controller to know where everything is, thus necessitating a rather expensive trip to said experts"

If only there was some way we could keep some form of 'copy' of our data to protect against such a situation. You would think someone would have come up with something by now.

Unpatched stealthy iOS MDM hack spells ruin for Apple tech enterprises


Most surely the hack of the century.

Here is the actual paper as it seems to be missing from the article (wonder why...). And here is the pertinent paragraph:

1. Install a malicious iOS configuration profile. This is a native way to distribute a set of configuration settings like networking, security settings, root CAs, and more. A threat actor can craft a configuration profile that will install a root CA and route traffic through a VPN or a proxy to a malicious server, and then initiate a MitM attack. This configuration could be deployed using phishing attack.

So basically, they are using MDM maliciously. i.e. you trick a user into installing a malicious MDM Profile.

To do this on iOS, the user must tap install, then enter their passcode (cannot Touch ID). They then see a warning:

"Installing this profile will allow the administrator at (MDM server address) to remotely manage your iPhone. The administrator may collect personal data add/remove accounts and restrictions; list, install and manage apps; and remotely erase data on your phone."

...after which the user must again tap 'Install'. After tapping install, the user must agree to another dialog:

"Remote Management

Do you trust this profile's source to enrol your iPhone into remote management?"

Presumably their 'attack' then involves distributing a CA cert to the device, then using that trust to install self-signed apps, along with possibly MITM the device using the CA cert and routing traffic through a proxy.


Fake Flash update malware targets gullible Apple users


Re: A genuine version of Adobe Flash is downloaded in the background onto Macs alongside the malware

The malware doesn't try to install McAfee or hijack your search settings.

Apple: FBI request threatens kids, electricity grid, liberty


Cognitive Dissonance

It is fascinating seeing The Register cover this case with their strict policy of Apple negative spin; obviously Apple are in the right, but how to paint Apple as the bad guys? Quite the conumdrum but I see it's happening with a negative twist as expected.

FBI says it helped mess up that iPhone – the one it wants Apple to crack


Re: Cook is just grandstanding

"Apple has been running ALL OSX and IOS traffic (including Phone backups and email traffic) through their services for ages, scouring every bit of their users information to see what they can monetize. This is well documented, even in their own EULA's."

Well in that case you will have no problem posting links to said documentation and EULAs will you?

What we all really need is an SD card for our cars. Thanks, SanDisk


Card sellers

Sandisk seem to be taking cues from Hallmark. Cards for every occasion, and inventing new occasions for when business is slow.

Who would code a self-destruct feature into their own web browser? Oh, hello, Apple


...*did* you disable Safari Suggestions during the service problem..? Seems to have fixed it for everyone else.

Apple had more CVEs than any single MS product in 2015, but it doesn't really matter


>>"The site doesn't differentiate between micro-versions, so iOS 9.0, 9.0.1, 9.0.2, etc. aren't going to rack up multiple counts for a vendor for the same issue. "

Yes it does.




The problem here is it depends on how many versions of an OS a vendor releases and how they are counted.

For example, for every OS X point release (i.e. 10.10.1, 10.10.2, 10.10.3, 10.10.4, 10.10.5) then the CVE list is counting, say, a PHP vuln once for every release, so that's five exploits, right?

Note also there is a lot of overlap between iOS and OS X, so now we have a vuln that might also affect iOS 9.0, 9.0.1, 9.0.2, 9.1 so we should add another four to that list, so is that nine exploits for Apple?

Or is it one?

Mozilla looses Firefox 43, including Windows 64-bit variant


Re: er sure?

I hope Firefox64 doesn't share Waterfox's horrendous memory leaks.

VDI comes to the Raspberry Pi


Re: Woot

It's the same reason that download games on XBox Live are more expensive than physical copies that have to be manufactured, stored, printed, packaged, transported, delivered, stored again, put onto shelves by hand and manually sold or posted by staff.

'Because they can.'

US government pushing again on encryption bypass


Re: PGP Anyone?

PGP (along with any strong encryption) is also classified as a munition.

I do find myself wondering how interesting it would be to promote that fact to the NRA and gun lobbies and watch the whole argument turn into a 2nd amendment 'dun tak mah guns' issue.

UK research network Janet under ongoing and persistent DDoS attack


That's the problem with academic anything though - looks great on paper, but the reality is usually lacking.

Those that do make it into the real world often end up as over-engineered solutions to problems that don't exist.

Samsung yanks plug out of rumors of networking biz sell-off


They probably copied Cisco IOS thinking they were getting in on some Apple action, then had to make an actual switch to avoid a lawsuit.

Second Dell backdoor root cert found


Cryptowall 4.0: Update makes world's worst ransomware worse still


Re: new disk format

"How would you go about detecting encryption? How would any program be able to tell the difference between encrypted data and raw random noise?"

Actually that might be relatively easy for certain data - you could abstract the filing system, perhaps by virtualising it, from the apps and probably also the OS itself (perhaps using off-box storage for everything, such as a NAS / SAN that the machine boos from, this could possibly be built into a hard drive at some point, but it must be accessible only at high level) with a system that was 'data aware'. For example, it knows what a .docx should look like, and if anything didn't fit into that data definition, it could be flagged, the storage cut off and the original recovered from snapshot.


Re: Straw poll...

Deploy AppLocker policies so that only executable code placed where users cannot write to can be executed.

Use shadow copies and keep backups. The one that encrypted / decrypted on the fly to poison backups sounded particularly evil, however would have been defeated by AppLocker.

Superfish 2.0 worsens: Dell's dodgy security certificate is an unkillable zombie


Hang on a minute...

Shouldn't the story angle here be how anyone who removes these CAs are borking the proper operation of a Dell computer over 'privacy concerns' (complete with sneer quotes)?

Perhaps we could have a picture of Michael Dell looking crestfallen while behind him a photoshopped picture of users laughing and pointing at him with a suitably snippy quote along the lines of '...and then we said it was due to 'increased risk' *snigger*'.


What the Investigatory Powers Bill will mean for your internet use


Re: Can anyone* see my web requests if I use HTTPS?

"They can if you don't have complete control over which certificates are (pre-)installed on your system"

Hands up anyone who doesn't think that the UK and US security services don't have copies of major root CA private keys.

Facebook conjures up a trap for the unwary: scanning your camera for your friends


Re: This is why, kids

The worst part is that Facebook probably already have your mobile number and details from siphoning it off from other people's phones.

Coupled with if you use Whatsapp for example, they know who you are and who your friends are, and could probably deduce what you look like from friend's photos, even though you don't use Facebook.

Linus Torvalds targeted by honeytraps, claims Eric S. Raymond


Time for OSS bodycams.

MacBooks are so hot right now. And so is Mac OS X malware


Re: been saying it for decades...

Oh fuck off.

Windows 10 is an antique (and you might be too) says Google man


Re: Please don't damn me! I do have a Windows base for my Linux VMs

"And I wouldn't even have it running underneath except I had already paid for the license."

...you know Hyper-V is free, right? Or are you running Windows Server OS with the Hyper-V role installed? In which case I tut in your general direction.

Millions of people forget to cancel Apple Music subscription


Re: Sign up seamlessly?

This is The Register in full-on anti-Apple diatribe. How dare you come in here with your 'facts'.


Re: $10 bucks a month?

The big secret of streaming services is... *you can still buy CDs*.

Well populated streaming services are great for discovering new bands, and if you really like something enough to buy the CD (and that band still sells CDs in this age), trust me when I say the band will really appreciate you buying one. (And a shirt... and ESPECIALLY show tickets).


Re: Satisfied Customer

"You have apple routers?"

Presumably you are not familiar with Apple's Airport series of wifi routers?

Apple borks Apple News ad-blocking app due to 'privacy concerns'


"the apps were installing root certificates"

That is a Big Fucking Deal and rightful that they have been pulled. If you can get a CA on the device and get it to proxy or fake a logon screen (such as throwing up a 'sign in to iCloud!' box), you can MITM any traffic and decrypt SSL to get logon details including encrypted passwords.

But go ahead El Reg - spin it like Apple are the bad guys here like you usually do.

TRANSISTOR-GATE-GATE: Apple admits some iPhone 6Ses crappier than others


Re: I don't think the vast majority of people would even notice

"When at the office or at the airport, I have to spend quite a bit of time to find a power outlet that isn't filled with those white power adapters. But what I find odd is that I see an even mix of Android, Apple, Blackberry, and Windows phones in the hands of my coworkers and fellow passengers. So why the discrepancy in the brands of phones being charged?"

An 'even mix' of Blackberry and Windows phones next to iPhones and Android? You wouldn't be bullshitting for dramatic effect here would you?

Porsche-gate: Android Auto isn't slurping tons of engine data, claims Google – but questions remain



"Someone really needs to teach The Register about the art and craft of non-denial denials."

I just find it curious the totally different style of writing. If it was specifically Apple doing this, the story angle would be ridiculous hyperbole about how the world was ending and how it was all Apple's fault with a negative spin on literally anything at all, no matter how insignificant.


...Apple who are not over-collecting data. Carplay is only interested in if the car is moving or not so that it can restrict the controls to force the driver to focus on driving. It's not siphoning off all kinds of telemetry such as speed which could be used to convict you or push up the price of your insurance premium for example.

Surface Book: Microsoft to turn unsuccessful tab into unsuccessful laptop


Re: Waiting for third party test

...ah but they didn't specify *which* MacBook Pro. I'm sure it's at least twice as fast as the 2008 model.

iOS malware YiSpecter: iPhones menaced by software nasty


Sorry to rain on El Reg's daily Two Minutes Apple-Hate

...but this issue was fixed in iOS 8.4.

Apple CEO Tim Cook: Email keyword sniffing? We'd NEVER do that!


As Siri is not linked to your Apple ID, but Cortana is linked to your Microsoft ID, then that's the difference.


Re: Good...... (?)

Siri can see data in your phone, but it's not tied to your Apple ID. Obviously some data (such as questions) gets sent to 'the cloud' for analysis, but because it's not linked to your ID then for example an analyst that might need to listen to something that Siri had difficulty with, doesn't have any way of knowing who you are.

It's BACK – Stagefright 2.0: Zillions of Android gadgets can be hijacked by MP3s, movie files


Re: So it's a choice of..

Apple are the ones being threatened with fines for not allowing back doors into iPhones and messages. The lack of other companies receiving this attention should be cause for concern.


Hands on with Google's Nexus 5X, 6P Android Marshmallow mobes


"apple phones are £800"

No Apple phone costs £800. The latest model starts at £539 actually, but don't let facts get in the way of your bullshit.