* Posts by robert_swift

12 posts • joined 3 May 2018

Brit bank Barclays probed amid claims bosses used high-tech to spy on staff, measure productivity

Big Brother

Most contractors there didn't have a regular desk...

...I was fortunate that the area I was contracting into had a desk I could use when I was there.

Anyone who cares to check the little black box under the desk (far corner of a first floor desk in Babbage House) might still find the folded up post it note with "Do not spy, not cool!" trapped between the battery and the contacts of a "desk utilisation monitor" :)

Data-stealing, password-harvesting, backdoor-opening QNAP NAS malware cruises along at 62,000 infections


My 6 bay QNAP has been fabulous for the last 15 months or so...

...as a door stop!

no use for anything else after the previous malware infection!

Sketchy behavior? Wacom tablet drivers phone home with names, times of every app opened on your computer


utter arseholes!

this behaviour is why Little Snitch is a must for me… it is staggering how many apps connect to google and a plethora if other tracking services…

AWS has new tool for those leaky S3 buckets so, yeah, you might need to reconfigure a few things

Big Brother

Re: Customers can enable Access Analyzer

It is free, although as I and a fellow AWS user discovered, there is at least one strange behaviour as we noted on their forum: https://forums.aws.amazon.com/thread.jspa?messageID=925452

Definitely odd that their own tooling showed an impossible-for-the-customer-to-achieve configuration, that has magically vanished, and a slight worry as this related to AWS managed key in KMS!

Video-editing upstart bares users' raunchy flicks to world+dog via leaky AWS bucket


Re: I wonder if....

AWS provides a number of tools for this, and other monitoring approaches… But this seems to be such a basic failing that mo amount of tooling is likely to help them… It’s situations like this that fuel the “uurgh! cloud!” negativity in relation to security, yet AWS (as the cloud host) have done nothing wrong here… Look up their “shared responsibility model”, they don’t shy away from this topic at all…

Teletext Holidays a) exists and b) left 200k customer call recordings exposed in S3 bucket


Look up Amazon Connect… it’s a managed service that sits on top of AWS services, recordings are stored in S3, although that bucket is under the customers control, it is still fed by (and therefore open to) the Connect service…

Obviously this may not be using Amazon Connect, but it’s an example of how AWS and a random organisation could come together.

My two pennies, this won’t be the last time a telephony platform is in the news for this, Amazon Connect doesn’t wow me with some of its security approaches! Amazon Connect does permit encrypted customer input, via DTMF, not speech recognition, at least not at the moment.

W[ho]TF is Github_Debbie?


W[ho]TF is Github_Debbie?

I feel like I've been subject to some bullshit-sleight-of-hand by LinkedIn, seems that on Sunday the 19th of May I "submitted basic profile information about yourself to GitHub_Debbie"... At least that's according to LinkedIn and their "How LinkedIn Uses Your Data" section...

I don't recall any interactions with LinkedIn, Microsoft, GitHub and definitely not GitHub_Debbie (or any Debbie, GitHubby or otherwise) on the Sunday in question!? A quick check of my mail doesn't reveal anything on or around then either... Seems that Microsoft are applying their "partner" status to use my LinkedIn details to originate messages from marketing@github.com to me (on a unique-to-LinkedIn mail address), with employment data from LinkedIn in the mail...

FFS... Now I've got to figure out which levers to pull in order to prevent my details from being used, why can't life be simple?!

Peak Apple: This time it's SERIOUS, Tim


Re: Telescope?

Greedy bastards indeed... Aperture. macOS Server. Airports.

None of these things can cost a tremendous amount, in real terms, to maintain - and yet provided genuinely integrated capabilities that had been engineered to jive well... Aperture and macOS Server could have been dropped into the public domain and turned feral, who knows, maybe the community would have ignored 'em, but at least someone would have had the chance.

UK taxman told: IR35 still isn't working in the public sector, and you want to take it private?


All this, for £500M

Surely there are easier, more media friendly targets, like the big firms with their creative accounting processes... In 2014, my IT contracting limited company paid nearly five times the corporation tax Facebook did?

Besides, for every £1 I invoice, approximately 42p goes to the state... My PAYE self would expect about 35p to go for every £1 earned.

To quote 6music's Radcliffe and Maconie "What a world we live In today..."

Watchdog slams TSB boss for underplaying extent of IT meltdown


I said it before...

...I'll say it again - I really hope they have their banking licence revoked. It's the perfect time for the regulator to actually make a difference.

The media friendly bullshit spouted by the bank during the "main event" should be torn to pieces, nonsense references to "upgrades" not "migrations" etc. which downplay what the bank had committed itself to (and therefore, little things like not being half-pregnant having started to migrate and having no realistic way back after any transactions had been processed on the net system) but also the reports of errors in applications that could only be caused by techies being given carte blanche to "whatever was necessary" to get things sorted (read: if it compiles, ship it!).

Nothing will change, as has already been commented "You ain't seen nothing yet..."

TSB's middleware nightmare: Execs grilled on Total Sh*tshow at Bank


Re: It's TSB. This time around...

"You can't just go around closing down great lumps of the banking industry and hoping there'll be no effect on the rest. Do you not remember the Northern Rock debacle? And that was only a tiny ex-building society."

Personally, I'm not seeing the link between the TSB migration screw up and a [globally] screwed up approach to how retail finance organisations were capitalising themselves.

I'm guessing you haven't worked in IT for a big bank, at least not recently? If nothing is done to affect change, then at some point hence, there will be another El Reg forum thread for us armchair experts to dissect and cogitate over. And if that thread relates (say) to a black horse, cyan eagle or a peculiar shaped red triangle, the potential impact is far larger to the banking public.


It's TSB. This time around...

But all the banks are the same, cost cutting, offshoring, ever shifting "location strategies", an executive bonus culture that engenders short term motivations, blah, blah...

I believe TSB should lose their banking licence - moving banks is easy nowadays, so customer impact isn't huge (certainly nothing compared to the recent debacle). Maybe a proper reprimand would actually have an affect for all the banks, and stem the ridiculous cost-cutting-race-to-the-bottom by the big banks.


Biting the hand that feeds IT © 1998–2020