* Posts by 78910

9 posts • joined 15 Sep 2016

Register-Orbi-damned: Netgear account order irks infosec bods

Thumb Down

Absolutely 100% If they want to give me the option of registering for accessing additional warranty or remote-management features then fine. But there's NO technical reason I should be forced to register online somewhere just to configure or monitor a bit of equipment that's local to me.

Imagine if you had to check-in with Toyota or BMW in order to change the radio presets or A/C settings in your car. How about registering an account and touching base with Sony before being allowed to setup your new telly to watch the news? It's ridiculous. For what possible reason other than to tell them what you're doing and when and how often? I'm thinking of a word right now, it begins with double-eww and ends with ess.

No big deal... Kremlin hackers 'jumped air-gapped networks' to pwn US power utilities


Air gapped? With vendor remote access?

Clearly my understanding of 'air gapped' is wrong. I understand the need for patching systems and regular maintenance but I had always assumed air gapped meant exactly that, that there was air in between this here system and any possible outside influence i.e. not wired up to any outside network at all ever.

Wouldn't stop malware-ridden patches being deployed in the normal course of things, if the vendors were pwned of course, so a timebomb could still be planted. But it would stop the ability for said systems to phone home, to be taken over at will.

Never worked in that environment so it's a genuine question. Is it just too hard to patch and maintain genuinely air gapped large systems?

Big bad Bluetooth blunder bug battered – check for security fixes


Re: "within radio range and transmitting while the gadgets were pairing"

I'm not so worried about my fitness gadgets or navigation stuff either.

But this sounds like it could affect bluetooth keyboards - them things that people use to type passwords with.

Linus Torvalds may have damned systemd with faint praise


Re: replacing init with something "sane"

I get the very unscientific feeling that my newer systemd distro boots up just slightly slower than my older upstart distro. I guess that could be other factors at play but they all boot in <10sec now anyway with SSD drives.

I've also run into a seemingly random problem on a few systems where systemd halts for 90 seconds while booting, searching for btrfs file systems which it will never find because they don't exist. Extremely irritating.

If we could just get a word in Edgewise... New kid says it can do data center firewalls better


Rather than 'anti-spam for network', maybe this is more like 'selinux for network'?

I'm not an expert in either but that's what it sounds like to me. Who can elaborate more?

EC fines Facebook €110m for 'misleading' data on WhatsApp deal


Re: EU Competition Commissioner said:

I agree. Their $19 Billion dollar purchase just became a $19.1 Billion dollar purchase. Not exactly much of a punishment, just a cost of doing business that was probably already budgeted for.

Brit behind Titanium Stresser DDoS malware sent to chokey


Re: Sounds like...

Did you not read the bit about the millions of pounds of costs incurred because of him and this software?

How would you feel if that were your company forced to spend 6million?


You're right - only it's worse than the 400k. This report states one single company spent 6 million trying to defend or recover from the attacks. So the damages he and his 'clients' caused far outweigh the paltry 400k he was paid. It's like pulling a 6 million pound bank job or worse.

It's OK for the FBI's fake hacks to hack suspects' PCs, says DoJ watchdog


Re: Old trick works

But this was not the trick used by the FBI on this occasion.


Biting the hand that feeds IT © 1998–2021