* Posts by greenwood-IT

30 posts • joined 25 May 2016

Here's how 5 mobile banking apps put 300,000 users' digital fingerprints at risk


Same old same ild

This comes down to the old issue of logging into a system as "Administrator" rather than a restricted user. We all know it's wrong, but it makes coding, testing and support soooo much easier.

Everyone is rushing their development, and we know security & testing only ever finds problems and causes delays :-(

Keyless cars, what a great idea - security will be in version 2.

Philippines orders fraud probe after paying MacBook prices for slow Celeron laptops



Maybe it included a years Office 365 and McAfee for free :-)

Tweaks to IPv4 could free up 'hundreds of millions of addresses'


Re: first Vs last


Well I've stuck with a setup we developed for a 50,000 PC deployment with over 2000 sites. The router goes at .200 with clients on DHCP below, and "important stuff" on the higher numbers above. It does mean the first PC on site is .1, so names and IP addresses can match if you really want :-)

Chat soon.

Voyager 1 space probe producing ‘anomalous telemetry data’


Re: I'm smarter...

Ping -w 151200000

If voyger1 a .com, .space or .extraspace TLD?

AMD reveals an Epyc 50 flaws – 23 of them rated high severity. Intel has 25 bugs, too


Having these security bugs also means the kit will have a shorter life span. Who wants to run a processor with known security bugs, best to just replace it with a new one every 3-5 years. Everlasting lightbulb anyone?

Schools email marketing company told us to go away when we told them of exposed database creds, say infoseccers


Good luck with that argument..

"we do not hold any confidential information on any of our servers"

I understood name, email, job description, company and password were classed as personal and confidential. I'm pretty sure I can't just publish my list of contacts from my database on a web page - which is what they have basically done! ICO, do your job.

G7 countries outgun UK in worldwide broadband speed test


What about the other 15%...

Who comes up with this stuff?

So the target is to get "high speed" to 85% of the population. That means those who live in cities or already have decent infrastructure will get even fast broadband, while those 10million who live on the end of a bit of wet string in the country will be left behind, forgotten and ignored.

I bet the "Tax break" is targeted at new technology, ie, subsidised 5G or FTTP, rather than providing a reliable 50Mbps to home & business users via DSL or a strong 3G/4G signal.

Anyone seen the UK plans for how to run 6 office phones off of a 0.25Mbps ADSL link in 2025 when there's no mobile coverage in the area?

Thanks UK planners and Government regulations.

Remember the bloke who was told by Zen Internet to contact his MP about crap service? Yeah, it's still not fixed


"Please" leave us without a penalty..


It definitely sounds like an OpenReach issue - so you can see why ZEN want this guy to leave ASAP. Any future ISP will have the same issue, so he'd be far better staying with ZEN and insisting that based on the contract that he's been paying, THEY need to get it sorted.

I've had problems with BT recently (not naming the product), and after months of zero support, I started "abusing" every one of their adverts on Facebook - all done very politely by just pointing out how bad they were. Within a month of my campaign, I'd got a call from someone high up who asked "if I'd had problems?" :-) He's not put me in direct touch with someone technical who actually understands the product - almost a happy ending - it's still not working correctly, but they guy I'm talking too actually understands the problem and appears to be kicking arse and getting some progress.

This article, and a lot of public exposure of the issue will do more good than writing to your MP - in fact, despite my local MP having broadband and a website, he doesn't "do" email? :-( (he does do email, but only for his friends - not for his constituents!).

Chat soon.

Airline software super-bug: Flight loads miscalculated because women using 'Miss' were treated as children


Primary concern, really?

"The health and safety of our customers and crew is always our primary concern," a TUI spokesperson said.

Clearly their primary concern was getting cheaper software developed offshore and not fully testing it.

Out "thoughts and prayers" are with the non-UK developers and shareholders.

US national parks to be smothered under blanket of liquid-hot Magma. Yes, the open-source 5G software



Has anyone asked "why" you need 5G in the Forest? From my physics memory, wouldn't 4G provide more coverage with fewer masts, and also be cheaper?

Unless the touted benefit of being able to do virtual brain surgery over mobile relates to a specific surgeon planning a camping weekend?


Re: "vendor agnostic and free from lock-in"

There's also a lot of benefit in actually "owning" a version of the software on your system.

Looking at cloud based software, or software that auto updates when it feels like it can cause more problems than it fixes. A lot of the "managed" platforms get updated with features many clients don't actually want, most businesses also hate the way the software they use, updates outside their control thus causing support and training issues.

I had one medical client who was unable to print legally required labels from their 12 label printers across 3 sites last month - all because they had "auto update" turned on as their "security policy" requires them to install "official updates within 14 days". Look at the Android issues last month as another example of lack of control and how it impacts YOUR business.

You can have Microsoft Office for £7/month or a one off fee of £70 - what are you paying for? Most users already have Email and Cloud Storage, so why pay monthly? Nobody rents their TV, Video or Fridge any more do they?

Partial beer print horror as Microsoft's printer bug fix, er, doesn't



Well we have a legal requirement to print labels when we prescribe meds - and a dozen Dymo label printers all started missing life threatening details over the weekend.

The "patch" also included un-fixes for DNS and FTP, which also broke this week after the reboot.

Whoever wrote the security policy that said manufacturer released security fixes need to be applied within 14 days clearly never worked with Microsoft :-(

Baroness Dido Harding lifts the lid on the NHS's manual contact tracing performance: 'We contact them up to 10 times over a 36-hour period'


Damn numbers and facts.

Don't get me started on "r" numbers (I believe r is a short for RAND() as it's somewhere between 0 and 1)

Knowing that one person has reported positive, then surely knowing how many contacts they have had and how many of those became infected, would be a very accurate way of calculating a more accurate r value? It seems so bloody obvious compared with the current dozen committees who vote on a random number that they then seem to average before saying it's somewhere between 0.5 and 0.999 but less than 1.

Barclays Bank appeared to be using the Wayback Machine as a 'CDN' for some Javascript


Re: I'm smarter...


Years ago (before ZIP, ARJ and LZW), I wrote a compression utility that would compress any data down to a single byte. Unfortunately I never managed to complete a working decompression method though. Maybe I should resurrect that code now - anyone got a working Vic-20 I can borrow?

WTF is Boeing on? Not just customer databases lying around on the web. 787 jetliner code, too, security bugs and all


Re: One Network to Rule Them All

So just having one maintenance system to monitor & manage all 3 networks? That there is exactly the problem, one system plugged into everything - that would be the target. Would it be so expensive and inconvenient to have a separate maintenance system for the public network?

More nodding dogs green-light terrible UK.gov pr0n age verification plans


Who you gonna trust

So the porn sites will now have to "subscribe" or "register" with a central body to verify visitor ages. The porn sites will also presumably have to invest in securing their site to handle this personal data, as well as comply with GDPR (will they have to keep a copy of the personal details?). I'm guessing this will just push the porn sites off of UK soil and beyond UK Government control.

"Free Porn" - site verified dirty by UK Government and clean by McAfee

I wonder if there will be a page on gov.uk with links to approved porn sites? That would seriously help with SEO :-)

London Gatwick Airport reopens but drone chaos perps still not found


Spare Drone Dome?

I do hope that that Drone Dome is a spare and hasn't been removed from it's job of protecting our military. I'd hate to think we are putting our servicemen and women at risk just so kids and see Santa in Lapland this Christmas.

A few reasons why cops haven't immediately shot down London Gatwick airport drone menace



I seem to remember something about Nimrods tracking cars from dozens of miles away. Surely 30 years on a simple helicopter up high can track the drone to it's landing site? How about thermal imaging looking upwards? These things use a lot of power and need to be recharged regularly... by returning to the owner. The drone may well be streaming live video back to the pilot, listening in to that broadcast may give you clues as to where it's coming and going from. There seems to be a total lack of facts, photos and information on this. The police saying "we're confident we have it under control" when they seem to have done nothing doesn't boost confidence.

Suunto settles scary scuba screwup for $50m: 'Faulty' dive computer hardware and software put explorers in peril


Why run out of air?

Why would someone run out of air? Surely as part of your dive plan, you will have considered how much air you need, and arranged to take enough?

If I was planning a no-stop 30m dive, say 18mins, I know a 12l cylinder will be enough - if I'm 18mins into that dive and my gauge still shows a full cylinder, I wouldn't just stay there for another 18mins!!!! This person died due to blindly trusting the artificial brain rather that their own. What happened to the buddy in this situation? If this person ran out of air much quicker than the buddy, then perhaps they should not have been diving to 30m or have had a larger cylinder.

Anyway, seeing as they sell the same models globally, what are Suunto doing for the UK divers?

Marriott's Starwood hotels mega-hack: Half a BILLION guests' deets exposed over 4 years


It's ok...

It's ok, the hackers got the "communication preferences" data - I selected the "no email" option.

World's oldest URL – fragments 73,000 years old – discovered in cave


Who did that?


If they ever find out who did that "art", please let me know. Some toss pot did the same pattern on my car door last month and it can't be a coincidence :-( I'm in Hampshire.

Top Euro court: No, you can't steal images from other websites (too bad a school had to be sued to confirm this little fact)


Actually I've got almost exactly the same photo taken years ago, does that mean this photographer is "passing off" by copying my creative works? Total nightmare for "generic" images like this :-(

You know that silly fear about Alexa recording everything and leaking it online? It just happened


Registered Business Address is now private?


Love it, you have to turn on "Parental Control" to get privacy! How the world changes, I used to lie about being over 18 to see nude pictures, now I have to lie about being under 13 to get some privacy! :-)

Consent, datasets and avoiding a visit from the information commissioner


Records for removal requests

Seeing as one of the rules relates to data loss, what's the position in verifying and retaining records of removal requests?

If I have someones email address on a mailing list and they phone up and ask to be removed, do I need to request a written requests and a copy of their ID to verify this is in fact the correct person making the request? How long do I need to retain a copy of their driving license? What if they then request removal of the removal request????

Oh joy!

IBM bans all removable storage, for all staff, everywhere


Easy options

You're missing the easy answers;

1) If IBM engineers aren't allowed to use USB sticks, then they can just outsource the maintenance to a 3rd party who do use USB sticks - ie, me! :-)

2) They can always revert to CD's for installations and upgrades, most servers do still have CD drives.

3) They are going to ban laptops, cameras, wifi, email and internet access next, that will really help improve security :-)

Chat soon.

TSB's middleware nightmare: Execs grilled on Total Sh*tshow at Bank


Customers at fault?

Yep, ALL of my projects work perfectly and as intended... if you remove the middleware and stop those damn pesky customers from accessing it :-o

Nominet drains mug of tea, leans back, calmly explains how to make Whois GDPR-compliant


Registered Business Address is now private?

Physical shops and businesses legally have to provide a "registered address" on their websites and paperwork, so what;s the problem with having a registered address on a business domain registration - and making that publicly visible too?

If the registration is non-business, then keep the personal details secure - if it's a business, then make the information available to all for free.

As an IT businesses I regularly have to use WhoIS to try and locate who is controlling a domain name registered years beforehand. Last month I had to track down a guy who'd sold his business, which had then changed hands again, but he had forgotten to transfer the domain - this only came to light a week before renewal. Without access to the WhoIS information in this case, the businesses could have lost the domain name and had to re-brand.

Eight months after Equifax megahack, some Brits are only just being notified


GDPR Deadline...

Equifax better get a move on - if my notification of the hack arrives after May 25th I'll be up for 2% of their global revenue won't I? :-)

Black Horse Down: Lloyds Banking Group goes TITSUP*


Logically I'm more interested in the common link between these banks - they all have outages at the same time???

Are they all outsorced to the same partner, are they all in the same data centre, do they all run the same codebase? Perhaps even someone has attached the UK banking industry?

As many say, we will never get to hear the truth - it would make someone high up look bad and ruin their future earning potential (in an ideal/dream world).

In the 80s when I asked why senior managers had IBM PCs and lower grades had Zenith I was told "nobody ever got sacked for buying an IBM" - I'm guessing this rule still applies for cloud based services.

Hate Windows 10? Microsoft's given you 'Insider' powers anyway


Still biased...

It seems the Feedback App only works on Windows 10 - so anyone who's had a failed upgrade or has had to revert will be denied the ability to offer constructive criticism! :-)


Biting the hand that feeds IT © 1998–2022