* Posts by This is not a drill

35 publicly visible posts • joined 21 Feb 2020

Lloyd's of London cuts off network after dodgy activity detected

This is not a drill

From March 2023, all standalone cyber insurance policies underwritten by members of the sprawling Lloyd’s of London marketplace “must exclude liability for losses arising from any state-backed cyber attack” the 300-year-old organisation has warned – telling members that cyber attack coverage “if not managed properly… has the potential to expose the market to systemic risks that syndicates could struggle to manage.”

Looks like they are getting their own attack in before the deadline they imposed.

Uber reels from 'security incident' in which cloud systems seemingly hijacked

This is not a drill

Password Only Admin access??

I assume that in UBER MFA stands for Major F***up Achieved.

VMware customers fear Broadcom acquisition will stall innovation, increase cost

This is not a drill
Joke

But Broadcom have such a good track record of improving the products and customer service of all the companies that they have acquired.......oh wait

We can bend the laws of physics for your super-yacht, but we can't break them

This is not a drill

8ms latency to India.

We had outsourced some our development to India and set up a VPN to their office. As I had experience of doing this at other companies, I explained to the development manager that trying to sync software repositories "over the wire" would be very slow due to latency and they should consider a thin client solution.

However the development manager knew better, Every week we would have a meeting about the performance and every week I said it was a latency issue and couldn't be resolved as we had said initially.

It came to a head in the twixmas period, which was really a slow period because we were in full change freeze. The development manager said that they were having problems with a piece of software and he had read the manual which said that the network must have a 'ping latency' of 8-10ms or less and that If the network team couldn't FIX the network VPN to India he would have to report our incompetency to the the IT director. I downloaded the manual for the software and the first paragraph said in capital letters "this product will only work on a LAN with a latency of 8-10ms. It will not work over a WAN"

I calmly replied to to the development manager that manufactures of the software stated that it would not work over a WAN, so a WWAN was out of the question. I then proceed to describe the lengthy calculations explaining why even with dedicated circuit, utilizing loss-less equipment, the most perfect fibre-optic and copper connections, the wind in the correct direction, etc, the best latency we could get on the 9000 mile round trip from London to Mumbai would be 80-90ms. I finished it off with the following

"I'm sorry that due to the laws of physics we can't provide you with the service you require. However I have read that CERN are doing some amazing work on theoretical quantum teleportation, and as soon as they prove this and release the associated technology to us we will endeavor to install it as soon as possible"

I ensured that the IT director was cc'd in.

The thin client project was initiated shortly afterwards.

Help, my IT team has no admin access to their own systems

This is not a drill

Useless service desk manager.

Sounds similar to a situation I was part of. I was network manager (Novell) for a company. Following best practise the "admin" account was not used, I delegated all rights and had a superuser role for my administration account. The "admin" account had a strong password which had been written down, put in an envelope in a locked box, and stored in the company safe "just in case".

Anyhow the company hired a service desk manager, who insisted the service manager and network manager (me) report to him. I wasn't consulted and this was effectively a demotion so immediately found a new job and resigned.

The service desk manager insisted that the help desk team needed the network "admin" account password, I held my ground and explained that they had all the rights necessary. On my last day I handed everything over, including the admin account and explained to the service desk manager that he should use it to add himself and whoever he wanted superuser role then change the admin password and put it back in the safe.

Rather than doing that he just gave the admin account to all the help desk team, after about a month they had managed to lock the admin account and because he hadn't added anybody to the superuser role, nobody could reset it.

This caused major problems and in the end they had to get Novell in to reset the admin account. Shortly after the helpdesk manager and the IT director were sacked.

Half of bosses out of touch with reality, study shows

This is not a drill

WFH - Not with current fuel prices

When we were locked down in the colder months my heating and leccy bills shot up. And with energy prices going up...... I like (and have) the flexibility to work from home occasionally when necessary. But the rest of the time I'm happy to let the company pick up the bill for keeping me warm.

Joint European Torus more than doubles fusion record with 59 megajoules

This is not a drill

But it's hardly the Mr Fusion unit I need to power my flying time car.

Bitcoin 'inventor' will face forgery claims over his Satoshi Nakamoto proof, rules High Court

This is not a drill

And I'm Keyser Söze.

RIP Sir Clive Sinclair: British home computer trailblazer dies aged 81

This is not a drill
Pint

Lots of us old timers on here.

Try explaining loading a game from tape onto your 48k Spectrum which you bought from WH Smiths to the latest generate of IT support guys and they look at you like your mad.

RIP Sir Clive, as ride you off into the sunset (on a C5), a lot of us probably you owe you our careers. We'll raise a cold one in your honour.

Apple emergency patches fix zero-click iMessage bug used to inject NSO spyware

This is not a drill

Truth in Advertising

MAC: Hi I'm a Mac

PC: And I'm a PC

MAC: Unlike PC, I don't suffer from security vulnerabil......... Oh shit

Amazon says Elon Musk's wicked, wicked ways mean SpaceX's Starlink 2.0 should not be allowed to fly

This is not a drill
Mushroom

There only one way to settle this...

Pity that you can't post images on El Reg forum, but to quote Harry Hill ... Fiigghhhtt!!!

Oh! A surprise tour of the data centre! You shouldn't have. No, you really shouldn't have

This is not a drill

Re: Why is everything I type Blurry?

As I said Retail. Retail doesn't work 9.00-5.00pm. Across Europe some of our stores were open until midnight.

It was quite a while ago and all involved including myself have since left that organisation.

This is not a drill
Pint

Why is everything I type Blurry?

Not out of hours, but definitely out of the office.

I was one of the 2 senior Techs at a major retailer with operations across Europe. Myself, my collegue and our Boss had been invited to an Friday afternoon jolly organised by our telco which being an Australian company meant a beach party, with lots of beer, BBQ and beach volley ball, in central London.

About 5.30pm we got a call from our Swiss operations, saying that their Internet provider had gone down and wouldn't be restored for some time, could we help. We mentioned to our Boss that we have considered that and had a contingency plan to route all their Internet traffic through the central core but we had never tested it. Luckily we had a office around the corner so we popped it to get onto our systems. The contingency plan involved making several changes to the central core routers and main HQ firewalls.

This is where it gets interesting, we had been vigorously enjoying the hospitality of out Telco all afternoon, and were very "tired and emotional" to use political speak. As I typed the commands on the console, I had to get my colleague to read out everything I was typing as I was having issues focusing. Just before I hit 'commit' I turned to my Boss (who was also p****d) and said are you sure you want to do this, it could screw a lot of things up if we get it wrong? Yep. Commit. No alerts went off, good, phone the Swiss, they are now happy because everything was working again, good.

And our Boss turned to us and just said "Thanks guys, let's get back to the party and never mention this to anyone".

How to stop a content filter becoming a career-shortening network component

This is not a drill

Not an IT issue.

"if the content scanner was turned on then the IT department would have firm evidence and have to confront him."

Why? It's not IT's role to police what people do/see, Information Security/IT's use of a content filter is to ensure that users cannot access/download any malicious or dangerous links/files, cannot leak data, or impact the performance of the internet link.

It's a purely HR issue as to what undesirable content is permitted or not, and they also have to deal with offenders.

Apple is about to start scanning iPhone users' devices for banned content, professor warns

This is not a drill

Remember PHORM

Phorm was being touted by BT, TalkTalk, etc as a way of protecting users from nasties on the Internet.

It was absolutely not about monitoring what everbody was doing so that you could sell the data and 'tailor' a users internet experience based on whoever was paying to most to push their products.

Apple won't be happy until they can control everything you can do and see on your iCrap device. I've never owned an Apple product in my life, never will, and the work iTurd I have forced on me is only used to read work emails, nothing personal.

And yes I know that Google, facebook, telco's can and do monitor everything, but at least they don't pretend that it's for your benefit.

Elon Musk hits the brakes on taking Bitcoin for Tesla purchases

This is not a drill
Mushroom

Super Villain Checklist

Legitimate Front business to cover operations - Check

Space Rockets - Check

Attempt to control world economies - Check

Sharks with lasers ......... Where's my Frickkin Sharks with Frickkin Lasers ???

Ransomware crooks who broke into Merseyrail used director's email address to brag about it – report

This is not a drill

Does this prove....

......that Darktrace is a useless piece of crap.

Describing a previous infection of one of its clients, Darktrace said: "The attack commenced when a cyber-criminal gained access to a single privileged credential – either through a brute-force attack on an externally facing device, as seen in previous LockBit ransomware attacks, or simply with a phishing email."

US Air Force boots up not one but two AMD-powered supercomputers after five years of Intel Haswell CPUs

This is not a drill

All very well, but.......

Can it handle Microsoft Flight Simulator (2020) in 4k with graphics set to their highest

Trump administration says Russia behind SolarWinds hack. Trump himself begs to differ

This is not a drill

Donald Trump = Captain Rum

Blackadder: Look, there’s no need to panic. Someone in the crew will

know how to steer this thing.

Rum: The crew, milord?

Blackadder: Yes, the crew.

Rum: What crew?

Blackadder: I was under the impression that it was common maritime practice

for a ship to have a crew.

Rum: Opinion is divided on the subject.

Blackadder: Oh, really? [starting to get the picture]

Rum: Yahs. All the other captains say it is; I say it isn’t.

Blackadder: Oh, God; Mad as a brush.

Oh, no one knows what goes on behind locked doors... so don't leave your UPS in there

This is not a drill
Thumb Up

This is when Dymo tape shows its worth..

One of the best I saw was "Do not unplug this on pain of death, yes this mean you! I don't care who you think you are. Unplug this and you're toast"

Salesforce's Dreamforce shindig hits new levels of nauseating online as... Oh god. Is that James Corden?

This is not a drill

Who do I report factual errors too?

There is a massive error in this paragraph:-

"The comedy-actor-turned-presenter seemed to forget that the song in question addresses the end of the world, when "we could all die any day": not exactly an appropriate sentiment for a world still gripped by a pandemic."

Corden is about funny as a prostate exam and has the acting ability of Scots Pine.

There are two sides to every story, two ends to every cable

This is not a drill
Angel

IT Guru

Once had to deal with a PC that wasn't powering up. Luckily the department was fairly friendly and helpful to IT, so when they said they had check plugs and stuff I believed them.

As I walked up to the desk I could see the problem that no one had spotted. The computer was plugged into the dreaded 4 way extension cable and I could see that the plug for that was not fully in the socket (Thankfully UK plugs have a safetly latching to prevent sparking/discharge). However it was Friday and being in a mischievous mood I thought I'd have some fun.

I went through the motions of trying the front power switch, checking the power cable at the back of the PC, unplugging and plugging the PC back into the 4way adapter, obviously still nothing, so scratching my head I told the user I couldn't see any obvious issue and I would have to try something unorthodox .

I sat in front of the PC grasped the case with both hands with my finger on the power button, closed my eyes, started mumbling and rocking back and forth, then surreptitious I pushed the extension cable plug back in with my foot. Miraculous the machine sprung into life, I opened my eyes, got up, gave an enigmatic smile to the user and walked away.

Mythical IT Guru Level 10 achieved.

Where's the mysterious metal monolith today then? Oh look, it's atop a California mountain

This is not a drill

Destroy them!!!

They are clearly the source of Covid-19.

Manchester United email servers remain offline amid what is being called a 'ransomware' attack

This is not a drill

Firstly I would check that the following accounts were disabled:-

MourinhoJ@manutd.com

thespecialone@manutd.com

special1@manutd.com

Secondly monitor any IP traffic coming from N17 postcode area.

For every disastrous rebrand, there is an IT person trying to steer away from the precipice

This is not a drill

Lest we forget

In the UK the name of the outgoing US president is euphemism for the bodily emission of noxious gasses...I can't think of anybody so perfectly named.

Who knew that hosing a table with copious amounts of cubic metres would trip adult filters?

This is not a drill
Facepalm

Careful what you name your files

Working at a marketing company I once had a junior engineer come to me in a fluster, and asked to speak to me about a delicate matter in private.

He had been working on a directors laptop and and found hundreds of files referring to a sexual act. We had a look at the machine, I creased up. Knowing the Director quite well I gave him a call and suggested he find a new naming structure for his very harmless "analysis by sex" reports.

Ordnance Survey recruits AR developer to build 'geolocated quests' to help get Brit couch potatoes exercising outdoors

This is not a drill

Subscription £2.99 a month. Less than a coffee for the entire UK in "outdoor leisure" 1:25000 scale. Can use the maps on smartPhone and download the areas you are exploring for when you out of signal/battery saving, and you can view them in a browser on you Desktop/laptop for plotting your route in the evening.

Cisco ordered to cough up $2bn – yes, two billion dollars – plus royalties after ripping off biz's cybersecurity patents

This is not a drill
Joke

Re: Hey, take it easy, have you forgotten that

And that's where the Chinese (Huawei) copied the idea from.

Upside down, you turn me, you're giving bork instinctively: Firefox flips as a train connection is missed

This is not a drill
Big Brother

Proxy down??

Port 8080 is one of the common ports used when people set up proxies, So I'm guess either the proxy or a network connectivity issue.

Have they tried turning the Northern Trains on or off again.

Engineer admits he wiped 456 Cisco WebEx VMs from AWS after leaving the biz, derailed 16,000 Teams accounts

This is not a drill
FAIL

Re: And the point is...

The problem is that many companies don't seem to think that Joiners, Leavers, and Movers processes extend past sett a flag in the HR systems and disabling their "network" (usually AD account).

Even companies most important systems seem to get missed.

I recently did an exercise at one company, there were over 170 different applications that different people needed to be logged into, 70+ the IT department had know idea about. 90% were not part of the JML process.

With the advent of SaaS and Cloud Services it's so much easier to people in business so sign up for new services, and to the majority of people "authorisation" means getting their managers/directors sign-off.

How many people (usually the marketing department) know their companies Facebook, Instagram, Twitter account (note singular) and how many people have left since it was last changed?

Grab a towel and pour yourself a Pan Galactic Gargle Blaster because The Hitchhiker's Guide to the Galaxy is 42

This is not a drill

Re: Douglas Adams predicted the future.

Sums up every marketing department ever.

This is not a drill
Coat

Douglas Adams predicted the future.

"New guidance has been issued aimed at slowing the spread of coronavirus in Scotland's workplaces.

The latest advice from Health Protection Scotland urges routine cleaning of phones and keypads."

hxxps://www.bbc.co.uk/news/uk-scotland-51798558

See two thirds of the population could be wiped out by a virulent diesese caught from a dirty telephone.

Alleged Vault 7 leaker trial finale: Want to know the CIA's password for its top-secret hacking tools? 123ABCdef

This is not a drill
FAIL

Security Controls.

When describing how the security control's we have in place to protect the business are proportional to the nature of the business, I will often say that "we're not protecting state secrets". However it appears we have a lot more security controls in place than those who are protecting state secrets.

Have I Been S0ld? No, trusted security website HIBP off the table, will remain independent

This is not a drill

Charity?

HIBP is a great service, which many in the security domain use. I sure most people would prefer that it remain independent. Perhaps it could be set up as a charity, so it could employ other researchers, I'd donate.

Your McDonald's demo has expired. For full functionality, please purchase a licence or try another fast-food joint

This is not a drill

Re: Never ever ever ever install a demo version on a production box

A lot of software defaults to "Demo" mode until a key is installed.

Since McD's probably have hundreds of similar terminals it's probably a procedural issue rather than project. An engineer has probably flashed the box, put the standard 'gold build' image on as per instructions and then forgot to assign it a valid product key.