* Posts by mikepren

37 publicly visible posts • joined 11 Jan 2019

Post Office threatened to sue Fujitsu over missing audit data


Perverting the course of justice

SolarWinds says SEC sucks: Watchdog 'lacks competence' to regulate cybersecurity


Re: No mention of the alleged method for delivery of the hack.....

But they should still be securing their supply chain. Where was their module signing

UK air traffic woes caused by 'invalid flight plan data'


Re: S/360

The old yellow cheat sheet. Amazing how much debugging assembler dumps translates into debugging hava stack dumps

Warning: JavaScript registry npm vulnerable to 'manifest confusion' abuse


Yes it's been rediscovered several times since then. The j-frog security guys nligged about it in 2022, from memory.

Any enterprise organisation who is using uncurated npm repositories is in for axworld of pain.

As liquid cooling takes off in the datacenter, fortune favors the brave


the more they change

Takes me back to 1983 ish and IBM 3033 /3081.

The local ibm ce got given a mounted fire axe after he used it to open a hole in an outside, locked, door after the water cooling sprung a catastrophic leak.

World Cup apps pose a data security and privacy nightmare


Re: I would like to see the not-so-subtle racism in this article applied elsewhere

But but But your insta stories..

Emma Sleep Company admits checkout cyber attack


Re: "sophisticated"

Well they're deploying CORs and CSP headers, now. Good thing they've only just been invented, and not been around for a decade. If you run a payment site without those, then you're not serious about security. Especially on Magneto.


Re: "sophisticated"

Now adding CORS and CSP headers. Good thing they've only just been invented, and not been around for a decade.

Check your bits: What to do when Unix decides to make a hash of your bill printouts


Re: Not a Cossie, but...

When I worked for vendors, always carefully used wife's car on site, for first few calls, unless I knew customer was full of petrol heads

Computer and data scientists should be as highly regarded as 'warriors' says top UK cybergeneral


Re: General Sanders said the MoD should be developing …

I did Latin at school, and additional maths. After an IT career of 30+ years,none as scrum master or product owner, not sure which was the better choice.

Splunk spots malware targeting Windows Server on AWS to mine Monero


Re: Splunk's advice for those hoping to avoid the attack is simple

Guardduty from AWS has a specific finding on brute force RDP ports. Of course it has to be turned on, and some one has to read the alert. I'm ignoring the ability to automate a response on the basis that anyone who would leave an exposed RDP port is unlikely to have automated remediation.

Deloitte settled HPE's Autonomy lawsuit for $45m back in 2016 and agreed to cooperate with US DoJ


Re: Smells bad

Weren't they Autonomy auditors? Their duty of care is to Autonomy, and the current shareholders, not to any prospective purchasers.

I think therefore IAM: It's not cool, it's not sexy, but it's one of the most important and difficult areas in modern IT


Wgzt about non staff identity

There's a big discussion ti be had around consumer /customer identity management. In theory the number of roles is less, but the volumes are higher. And of course you may then get into federated identity between different components or even different companies.

HP loses attempt to deny colossal commission to star sales staffer


Re: Coin operated and risk/reward

Incentives drive behavior

UK taxman is supposed to know how IR35 reforms work but still lost appeal against TV presenter Kaye Adams


Re: I'm maths challenged, sorry.

But aren't track and trace mainly consultancies.

Those guys are employed. Apart from the partners, seeing the comments higher up.

How I found a bug in YouTube that let me watch private videos I wasn't allowed to, says compsci student


And denying that the looked data has actually been used

AWS reveals it broke itself by exceeding OS thread limits, sysadmins weren’t familiar with some workarounds


Re: I think they are Nerfing...

I think it's worse than that. I think there design is wrong, for massive scale. Status messages shouldn't Nedd to be p2p, that's what you have topics and messaging for. In the days of on pi rem app servers you used to have state replication like that (p2p) but as you scale you moved to a different paradigm, like a central HA dB, or some broadcast technology.


Re: Plan One

It's their immediate plan. It's going to take time to rearchitect from many to many to something more scalable, like a service mesh.

Microsoft reveals slow, staccato, disruptive auto-patching service for some Windows VMs on Azure



Surely you just rebuild most of your vms on the new base image rather than repatch. Isn't that one of the whole point of dev ops?

Longer lived, you buy paas.

Southern Water customers could view others' personal data by tweaking URL parameters


Re: Sharepoint ??

It makes me sad too

No wonder Brit universities report hacks so often: Half of staff have had zero infosec training, apparently


It's not if they click on the first link, it's if they still click after round 3.

This has to be iterative

Don't like Mondays? Neither does Microsoft 364's Outlook Exchange Online service


Re: Exchange Server

The mere fact you talk about upgrades, and then patches, means you aren't 90% of the remaining on prem exchange sites

IBM's sacking spree reaches Australia – and as staff wait to exit, they're offered AU$4k to find new workers


Love the Long for manager bonus, great touch

Magecart malware merrily sipped card details, evaded security scans on UK e-tailer Páramo for almost 8 months


Re: Quarterly

Given that it was operating over 8 months and hence I assume two scans, I'd suggest the frequency wasn't the issue.

To be fair to the scanning company, you need to understand the terms of reference they were engaged on.

Atlassian issues advice on how to keep your IT service desk secure... after hundreds of portals found facing the internet amid virus lockdown


Re: Not just coronavirus

Really if you are using atlassian you should be tieing it to some identity store, and ideally name Corp 2fa. BOTH AWS AND AZURE MAKE THIS EASIER (shouting intended). JFDI

/rant over

In fact this should be for any SAAS service, that be ns you Service Now admins!

Zoom's end-to-end encryption isn't actually end-to-end at all. Good thing the PM isn't using it for Cabinet calls. Oh, for f...


Re: most senior officials and ministers were using bog-standard Zoom

Secretly they are competent, it's just a misdirection to fool the enemy /french

Southern Water not such a phisherman's phriend, hauls itself offline to tackle email lure


Re: Another SCADA attack

Nisr imposes legal responsibility on the utilities, around their critical infrastructure. SCADA controlling the fresh water systems certainly fits that definition. I imagine ofwat is very closely examining this

Internet of crap (encryption): IoT gear generates easy-to-crack keys


Re: The embedded gear is often based on very low-power hardware

Doesn't it say all the devices are from azure? Surely that's the issue? All that virtulisation means limited entropy feed

'Big Bang': Great for creating the universe, but not as an approach to IT migration, TSB told


Re: Had They Never Cut Over A System Before

Don't forget that all previous integration was with v3 of their code. They'd decided to let tsb, really lloyds, pay for a system upgrade. New Middleware, Web interface and mobile apps, and they also used the project to get rid of their legacy VB code.


Re: Congratulations TSB Another waste of Money

The one thing that really surprised me was the lack of preprod. If you are doing active active you really need preprod, as you won't have dual running any where else

UK Info Commish quietly urged court to swat away 100k Morrisons data breach sueball


Re: The question is: what are reasonable efforts

The failing here is to insist on a secure data transfer mechanism.

Just a friendly reminder there were no at-the-time classified secrets on Clinton's email server. Yes, the one everyone lost their minds over


Re: But Benghazi!

Don't forget the comb over...

Banks bid legacy tech farewell as they sail to the cloud – but now all that infrastructure is in hands of the big three


I wonder what bit they have migrated to the cloud. Have they moved their core systems of the m/f yet

Galileo, Galileo, Galileo, where to go? Navigation satellite signals flip from degraded to full TITSUP* over span of four days


Like a bit of lizard. All hail our alien overlords

Industry reps told the UK taxman everything wrong with extending IR35. What happened next will astound you


Re: Not 20%

They changed the rules on dividends, after the first 2k it's taxed as income.

The main advantage of contracting are expense costs and liability.

If you can't get expenses then you can't travel. That will hurt the economy at the same time that kids aren't moving due to the increased city living costs.

Here's a great idea: Why don't we hardcode the same private key into all our smart home hubs?


Re: RE: TonyJ

Convenient for car thieves

Amazon Mime: We train (badly) an AI love bot using divorce bombshell Bezos' alleged sexts to his new girlfriend


Reg.. Funny but you are better than this. But funny...