* Posts by Blazde

93 posts • joined 11 Jan 2019


Get rich quick! Work from home! Earn $100,000 easy – just find a critical flaw in Apple's sign-in system


It's so dumb it must somehow be a clever staged marketing scheme to promote Apple's bug bounty programme, right? -.-

I feel cheated out of the gory technical details I was about to dive into.

Western Digital shingled out in lawsuit for sneaking RAID-unfriendly tech into drives for RAID arrays


Re: Storm in a teacup?

"all three [4TB] CMR drives comfortably completed the resilver in under 17 hours, the SMR drive took nearly 230 hours to perform an identical task"

Holy bejesus

Mulled Chrome API shines light on long-neglected privacy gap: Sites can snoop on your find-in-page searches


Re: Expectations

Firefox find-in-page finds hidden text. It is a bit useful and sometimes expected, because Google will index pages based on their hidden text and so people come to a page expecting to find something that's not visible. What's less useful is that it's still hidden after FF finds it and some text is hidden without a way to unhide it (eg. text for SEO). The Chrome solution won't address that either.

"Where's the logic in hiding text on a web page and waiting for the user to expand it later"

The same logic which gives us books printed on individual pages bound into a handy volume instead of a single 10x10 metre sheet of paper. It makes navigation easier. The alternative is text isn't there until you want it and it's fetched from the server, which makes slurping easy too.

Campaign groups warn GCHQ can re-identify UK's phones from COVID-19 contact-tracing app data


Re: Thank you

Supposedly they're setting the threshold at 10minutes to begin with. Most close 10min encounters aren't going to be 'walked past 20 different people with COVID for 30sec each' and they like, they're going to be encounters in small indoor areas or vehicles where transmission is easier, or stopping and talking at each other in the street (which produces lots of fine virus-laden spray), or at the very least sharing a semi-enclosed area like a bus-stop for 10 mins. Many encounters of at least 10 minutes will be way longer (imagine some kind of long tailed distribution) and involve more risky activity.

Essentially the contact time serves as a good proxy for the intimacy of the contact in addition to it's actual duration.

A lot of the actual transmission is between people living together not even attempting to distance, but the app isn't really needed for that. It has to capture the next most likely class of transmission events.


Re: Thank you

To add to this, yesterday Hancock gave figures from the ONS antibody survey (otherwise unpublished) indicating about 4.4million across the whole UK have antibodies, using a test which is deemed very accurate. Against the official death total of 36K that points to a case fatality rate of 0.82% with the caveat that both figures are likely to be underestimated, but not by huge margins. Similar to estimates from other countries and far, far above 1 in 1450.

(But of course optimists want to believe the madcap models thrown together by creative 'scientists' on twitter which show we'll have heard immunity by next Tuesday around 3pm - and who can blame them).


Re: Nothing to hide here

It doesn't matter if you're personally concerned about privacy issues or not. The fact that others are and therefore won't use it makes the app less useful than it could be. If you're for the greater good then surely you're for a functional app that the greatest number of people are willing to install?

Far-right leader walks free from court after conviction for refusing to hand his phone passcode over to police



"Crown prosecutor Samuel Main told Westminster Magistrates' Court '.. his disobedience'"

Sums up this law well. Not a crime, just failure to be a good boy in the eyes of a hectoring state. Since he's apparently not been charged with anything else we have to assume he's not a terrorist who just happened to store every last shred of evidence against him on his phone. More likely just had some embarrassingly legal porn on it. Probably cuckold kink.

Good on him for refusing.

And good on the magistrate for making a mockery of the legislation's pretence by allowing a now convicted 'terrorist' to walk free.

Huge if true... Trump explodes as he learns open source could erode China tech ban


Re: About Time

I'm imagining it went more like this..

Trade Advisor: I expect you're going to ask me whether since we passed this new law any of our companies are doing business with Huawei.

Trade Advisor: The answer is No, Mr Pres...

Trump: That's great. I'm great. We won a really great victory. I think my car is here. We should play golf sometime when this whole uh trade thing is over. Bye-bye.

Technology Advisor: ...

Dutch spies helped Britain's GCHQ break Argentine crypto during Falklands War


Re: Breaks it angle

Other sources claim the CIA was supplying UK with Argentine intel before and during war, and Ted Rowlands statement dates that back to at least the late '70s when he was in the Foreign Office. It's standard that they would have supplied the intel rather than the means to obtain the intel. Even with the closest possible sharing arrangement you still want to compartmentalise sources.

The other possibility is that GCHQ could already decrypt Crypto AG all by themselves, but wouldn't have revealed that to a TIVC technician and quite possibly would have continued to request intel from the CIA to conceal the ability from them too.

It seems unusual for TIVC to have given raw crypto details to GCHQ. Perhaps a result of the political and technical difficulty of achieving it any other way at such short notice, and thousands of miles away. And apparently the BND had to share it with Maximator counties because 'none of its members felt able to tackle the subject on its own'. So we have this unusually open secret known by most Western intelligence agencies and generations of junior ministers from various countries, all prone to blab for political or sexual gain. Given all that I feel a bit cheated we're only getting some of the juicy details four plus decades on :)

Vint Cerf suggests GDPR could hurt coronavirus vaccine development


GDPR 'an onerous chore' says distinguished tech website The Register

Irresistible quote for someone

One malicious MMS is all it takes to pwn a Samsung smartphone: Bug squashed amid Android patch batch


Re: Samsung 0 click details

Of course automatic thumbnail previews are part of the vector.

I think eventually we'll discover the invention and widespread implementation of these was a highly successful conspiracy by malware authors carefully infiltrated into major software shops across the industry, since they serve no other obvious purpose.

GCC 10 gets security bug trap. And look what just fell into it: OpenSSL and a prod-of-death flaw in servers and apps


Re: El Reg (or the readership) really has changed

It should be true everywhere. My pet hate is people who talk about their obscure health conditions in acronym.

"So... yea, I have TDH. Diagnosed about a year ago, so.. ya know"

No, no I don't know! Without a single medically descriptive word I can't even begin to calibrate my sympathy. Are you dying or have you just been scammed by a quack over a made-up disease?

So how do the coronavirus smartphone tracking apps actually work and should you download one to help?


Re: Good for data-less phone plans

No smartphone here. My reasons are perfectly valid: I have a computer and I have phone, and both function better in their respective roles for being separate from the other.

If you use Twitter with Firefox in a shared computer account, you may have slightly spilled some private data on that PC


Re: Say it ain't so!

I think this is literally the first time I've head the phrase "shared computer account", nevermind in the context of an attack vector

Brit housing association blabs 3,500 folks' sexual orientation, ethnicity in email blunder


Re: You have to wonder...

They'll be needing an 'Are you a violent homophobic racist? Y/N' question then!

There are various legal requirements for public bodies to do equality and diversity Impact Assessments. In my experience it's always emphasised that answering the deeply personal questions is optional, so preferably anyone with 'closet status' sexuality or religion doesn't blab it, but that's probably not the case.

California tech industry gets its first big coronavirus hit: RSA Conference attendee infected, in serious condition


Re: What preventative measures Japan is using? Best for UK to follow their example

Most of them are not wearing 'simple masks'. They're wearing decent masks with valves. Carefully designed ones which thousands of people in numerous dangerous jobs use daily without any of the problems you mention.

The UK government thankfully does have pandemic preparedness stockpiles of what they term respirators (decent masks) for health professionals, stashed somewhere under the half billion £s worth of Tamiflu. Appreciate in other countries they may well need reserving from the open market. France notably so far.


Re: What preventative measures Japan is using? Best for UK to follow their example

They're wearing masks, to a man: https://cdn.cnn.com/cnnnext/dam/assets/200303041657-01-coronavirus-tokyo-japan-0303-exlarge-169.jpg

While we keep being told wearing masks is pointless because we can't be trusted to wear them properly.


Re: media hype

"The novel coronavirus is not to be sniffed at"

To be fair to them, they have cut through the crap and identified really the first and only thing one should avoid doing with a deadly respiratory virus.

AMD, boffins clash over chip data-leak claims: New side-channel holes in decades of cores, CPU maker disagrees


Re: Impact?

In a multi-user or multi-tasked 8085 environment you had every security problem imaginable because it had no memory protection whatsoever.

Due to a variety of factors including - in my opinion at least - poor foresight, this wasn't fixable with a quick microcode update included in your regular patch Tuesday bundle, and so Intel were eventually forced to release an entire new chip design (the 286). Very embarrassing situation.

UK.gov is not sharing Brits' medical data among different agencies... but it's having a jolly good think about it

Big Brother

Re: Be careful what you tell us

We could just talk to our GPs in code.

"That business we talked about last week, it's.. finalised at last. What a relief. Your associate was able to provide some very helpful material assistance."

"Good to hear. And has there been movement on the new business this week?"

"None yet, is that a concern?"

"No no, delicate matter. It shouldn't be rushed. I hope there'll be less collateral damage this time."

"Yes I'm hopeful too. Do you think our friends up high suspect anything?"

"Ahh, I can't hear you. The line is going funny. I'll see you next week for your monthly height measurement anyway. No wait, we did your height last time. Probably no need to check it again so soon you know, hah! This one is uhh.. a cuticle check-up. We can discuss further then anyhow. Bye."

Wi-Fi of more than a billion PCs, phones, gadgets can be snooped on. But you're using HTTPS, SSH, VPNs... right?

Thumb Up

Nice Logo

10/10 for effort, creative, strangely descriptive, and most of all no cheesy over-dramatic thunderbolts, ghosts, zombies, or mushroom clouds.

LCD pwn System: How to modulate screen brightness to covertly transmit data from an air-gapped computer... slowly


Re: Another 007 scheme ?

I'd venture there are a fair few air-gapped systems out there that aren't going the whole hog on anti-TEMPEST.

Iran published photographs from the supposedly air-gapped Natanz facility computer room with dozens of people milling around and the place looked.. highly ordinary. It's not implausible that a short video clip published in similar circumstances could leak a passhrase or other short string from a screen which was otherwise free of sensitive information.


Re: S(n)ide feature

That really sounds like a job for the blue pixels

Oh ****... Sudo has a 'make anyone root' bug that needs to be patched – if you're unlucky enough to enable pwfeedback


Re: Why does it need both buffer pos and remaining length variables?

With one more variable they could have taken a poll on how much buffer space was left and the bug might've been out-voted.

Artful prankster creates Google Maps traffic jams by walking a cartful of old phones around Berlin

Paris Hilton

Re: Dispositive?

If we knew what the pretentious phrases meant they wouldn't be pretentious would they, silly.

What is WebAssembly? And can you really compile C/C++ to it? And it'll run in browsers? Allow us to explain in this gentle introduction


Re: Just another VM...

I'll take another VM if it comes without automatic garbage collection. It's over 20 years late but no less welcome.

We need to make it even easier for UK terror cops to rummage about in folks' phones, says govt lawyer


Re: Pushing too far.

"If terrorism isn't covered under the 'National Security' catch-all then WTF is?"

Presumably the problem is that anti-terror laws are now used so widely in many cases where there's no demonstrable national security threat. The legislation was originally aimed at defeating active terror plots against the clock so the bigger sentencing requirements reflect that imminent threat.

Nowadays if a schoolkid from an Islamic background viewed an ISIS vid on TikTok and the evidence is on his encrypted iPhone they want to be able to put him away for 5(*) years instead of 2 but it's very far from being 'in the interests of national security'. Indeed it may be counter to those interests by contributing to his radicalisation. It's a 'terrorist' offence by virtue of being a conviction under legislation that has the word terrorism in the title, not by being actual terrorism.

(*) 5 years is still nothing compared to the 15 he might get for the video offence so it's also proportionate, you see?

Who honestly has a crown prince in their threat model? UN report officially fingers Saudi royal as Bezos hacker


Re: How a video can be delivered through "an encrypted downloader ..

The report states "It should be noted that the encrypted Whatsapp file sent from MBS' account was slightly larger than the video itself". The 'downloader' is just a file containing the original video (and maybe more?). The video now is 4.22MB. We aren't told how much 'slightly larger' the encrypted file is, but they can't decrypt it because presumably the session key has long been discarded or actively purged by the malware. Possibly the original video was larger and contained exploit+malware that has since cleaned itself.

Crown Prince of Saudi Arabia accused of hacking Jeff Bezos' phone with malware-laden WhatsApp message


We're all missing the most important angle here..

Crown Prince hacks Bezos' phone to perv at dick pics. Classic case of homoerotic penis envy. Deserves many lashes, and ideally a well-funded UN inquiry to establish just how small the prince's thing really is.

He even hired a guy called Mr Pecker to do the cover-up! Just how obsessed can one man be?

Leave your admin interface's TLS cert and private key in your router firmware in 2020? Just Netgear things


Re: confusing article

It's not quite the same insecurity as using self-signed certs. If a self-signed cert were generated once per-device and private keys actually kept private as they should be (clue's in the name guys), inside each router, then you could blindly trust a cert once on first connection and add an exception but detect shenanigans in future.

With the global private key out in the open you have no confidence what you're connecting to each and every time you initiate a session, and it's right that browsers warn you about that.

Windows 7 and Server 2008 end of support: What will change on 14 January?


Re: "Although it is not unreasonable...

I really miss the old days when you could hate on a new version of Windows just because of the blue-green rolling hills UI with oversized title bars, and then turn it off 3 seconds after installing. We had it so good back then and we didn't know it.

GCHQ: A cyber-what-now? Rumours of our probe into London Stock Exchange 'cyberattack' have been greatly exaggerated


Re: Nothing to see here

An equivalent in financial markets is something like this:

A) Massive cover up by the state and relevant corporations to avoid market panic/board resignations/societal breakdown

B) A few anonymous individuals concocted a juicy sounding hit piece around a kernel of truth in an attempt to gain financially from resulting market uncertainty

(I'm not saying it's A but can confirm I'm not long in LSE)

Bad news: KeyWe Smart Lock is easily bypassed and can't be fixed


Re: Lots of bog-standard locks are easy to bypass.

Since it's arguably the biggest issue, worth mentioning bog-standard locks invariably can't be updated either.

UK tax collectors warn contractors about being ripped-off – and not by HMRC for a change


Giving the bad dudes ideas

Next year they'll be running scams with mindbogglingly confusing, contradictory pages filled with turgid text as well..

Q 26. Do you want to give all your money to a scammer?

[ ] Yes [ ] Maybe

Only tick Maybe if you have also completed and attached form K5368-P or K5368-Y, included the appropriate documentation and signed declaration of non-liability, were born before April 6th 1912 and are currently a Lloyd's underwriter.

(Oh shit I spent 6 hours doing form K5368-Y before reading the last bit)

Remember that competition for non-hoodie hacker pics? Here's their best entries


Re: Not a very strong lineup

Hello John, I would like to tell you that I've met someone. He's called Bob. Have a nice life, Alice

Tor blimey, Auntie! BBC launches dedicated dark web mirror site


Re: Why?

FCO funding of World Service was reinstated back in 2015, although at lower level and for the more specific purpose of expansion in specific areas of the world they feel need more 'soft power'. There seems to be some question whether it'll continue past 2020 but it's at least mentioned in the 20-21 spending round published in September.

Officially, BBC do say the World Service is funded by the license fee(*). I imagine there's some commercial benefit from general brand awareness that helps shift Top Gear DVDs etc around the world, and it helps domestic BBC news have access to a bigger network of reporters in oddball places, but because it's license fee funded it's not allowed to also be commercial (no ads, subscriptions, etc). Figures for 2018/19 apparently £238mil from license fee, £85mil FCO. (So not enough that it could be closed down and free licenses funded for all over-75s instead, even if that were a good idea).

(*) It's true though that 'license fee' means license fee plus income from the for-profit parts of the organisation.


Similar cycle iPlayer Downloads has been through a few times now. It starts off crap but they gradually release updates until it's somehow quite decent and everyone has forgotten how much more awesome the old software was. Then for vacuous 'modernisation' reasons they suddenly pull it and deploy a brand new stripped down, bug-ridden, CPU hungry app that's missing all the features users spent years lobbying for in the previous one. This repeats every 4-5 years and it's utterly infuriating.

Some fokken arse has bared the privates of 250,000 users' from Dutch brothel forum


Re: hmmm....

"Whores, lawyers, politicians"

Sounds like a fun variation on rock, paper, scissors.


Re: hmmm....

"sex workers in clogland are classed the same as say... independent plumbers, and are generally thought to give better value for money"

I'd say their respective service levels depend mainly on the kind of pipe you need unclogging.

Choose the wrong professional for the job and you'll always get a bad outcome. "Hi, I need someone who can do a good long rodding.. yes it is quite urgent, can you come over and get started right away?"

FBI called in to investigate 2018 Mountain State mobile voting system hacking


Uhh guuys, 's been a whole one year now and we still han't gotten the back of this ere damn votin machine thiin. Now a knows Gill said she be back with a-uh screwdriier but I'm havin some serious doubts that she ever comin back from uh mateurnity leave? So I'm just puttin this out ere, uh don't overreac or nothin, maybe it's time to ask the Feds if they know anythin about uh-ah hackiin?

WannaCry is still the smallpox of infosec. But the latest strain (sort of) immunises its victims


'Broadly Analogous'

Another key difference is that Smallpox was famously eradicated, and WannaCry.. well, the entire point of the article is that it hasn't been.

Eco-activists arrested by Brit cops after threatening to close Heathrow with drones


Re: So ... any constructive suggestions, then?

Reading most of the comments here gives an even greater sense of the planet being doomed. My hat goes off to the protesters, for trying at least with good intentions. This probably wasn't the most efficient way to protest, primarily because the potential for long prison sentences means they may be out of action for a while. However they do have to try different tactics and see what works best, and it isn't always obvious ahead of time because successfully raising awareness which leads to greater action on climate change is itself a complex sociological problem.

Green electricity tariffs are a bit of a con unfortunately. There's plenty of green energy produced in the UK now and not that many households on the tariffs so the green certificates are traded between energy companies for pennies (while they make a bit of extra profit selling the green tariff). The regulation needs to keep pace with change, eg. heavy taxes on non-green energy so that green energy tariffs becomes the norm not the flashy thing you pay a bit extra for.

But sadly the last couple of UK governments believe the country has done enough simply by off-shoring the majority of our industrial emissions and replacing them with a nice big low carbon service sector as if that makes all our indirect emissions China's fault, and that somehow we'll be able to repeat that trick until 2050 when we'll be zero-carbon. Yea right.

The change needs to come from government I think. The odd concerned consumer quietly buying an electric car or boycotting fossil fuel companies or flights isn't going to make a meaningful difference. Voting. Joining a party that's serious about climate change and campaigning for their relevant interest groups. Of course, joining XR protests without doing anything illegal is a good option too. Most of those out on the streets in April were not breaking the law.

Infosec prophet Bruce Schneier (peace be upon him) is only as famous as half of Salt-N-Pepa


Re: I had to look that up

'metal chair' was sufficiently glib to give it away. I laughed anyway. They make some pretty boring sitcoms in America but who would actually make one about a non-specific metal chair?

The NetCAT is out of the bag: Intel chipset exploited to sniff SSH passwords as they're typed over the network


Re: SSH Timing attacks

A random delay in an interactive session would get annoying before it came close to properly defeating the attack. A better option is to send a constant stream of packets at a regular interval, inserting dummies when no key has been pressed. This is the original comprehensive paper on SSH traffic analysis, and research around that time did lead to some improvements in various implementations: https://people.eecs.berkeley.edu/~daw/papers/ssh-use01.pdf

(Note that this new attack is about getting timing data from the Intel chipset, where you can't otherwise observe network traffic. Attacking SSH is just used an example of one possible use for this timing data).


It leaks the timing of everything typed inside the SSH session. So yea you're correct, not the initial authentication, but leaking a password is sort of the worst-case but completely plausible scenario if you logged in and immediately change your password, tunnel elsewhere, use sudo, login to an http interface on a nearby router, etc, etc. All kinds of other useful surveillance could be done too without ever capturing a password.

Arguably the one marked 'victim machine' is really the victim's machine and the RDMA server is the victim machine? but it's just semantics.

Subcontractor's track record under spotlight as London Mayoral e-counting costs spiral

Thumb Up

Hmm I dunno, Venezuala or not, Smartmatic really sounds like a brand you can trust. I mean the product is obviously smart, and it's automatic. It's modern, even a little futuristic. And it doesn't sound at all like a made-up gizmo from an 80s cartoon episode who's plot pivots around the unexpected failure of said gizmo.

WTF is Boeing on? Not just customer databases lying around on the web. 787 jetliner code, too, security bugs and all


Yea but it's all completely fine because "hardware filters that only allow data to flow between networks rather than instructions or commands".

(Hopefully they publish the details of these mysterious hardware filters so the rest of the world can use them too).

And we all know you can't crash a plane with bad data...

Equifax to world+dog: If we give you this $700m, can you pleeeeease stop suing us about that mega-hack thing?


Re: This is just the US

There are several confident-sounding solicitors firms in the UK offering no-win no-fee group claims but they don't give the impression of representing many people yet. I suppose, ironically, the solicitors have trouble reaching affected individuals in part because their contact data is so well protected now by GDPR.

Palo Alto gateway security alert, FSB hack, scourge of data-stealing web plugins, and more


Bluetooth hair straighteners

"Whilst reverse engineering the BLE communications was an interesting challenge, it’s not actually necessary. As there is no pairing or bonding established over BLE when connecting a phone, anyone in range with the app can take control of the straighteners."

Good. This product doesn't deserve any security.

Rust in peace: Memory bugs in C and C++ code cause security issues so Microsoft is considering alternatives once again


Re: Eh?

"Scroll down to the bottom and move the pointer over the biggest culprets in the chart. What do you notice?"

Are you looking for this page? https://www.cvedetails.com/top-50-products.php

The worst Microsoft product doesn't even appear until #9 (I think if IE was added up properly instead of split across two entries that would be #9 instead of Windows Server 2008).

The idea that Microsoft code is somehow more vulnerable than their competitors' is a hangover from almost 20 years ago before they got really serious about security.



Biting the hand that feeds IT © 1998–2020