Re: So, AI is now slated to replace judges
And there was I thinking of the holographic judges from Lexx 1.1 "I worship His Shadow"
Link https://lexx.fandom.com/wiki/Cluster?file=Cluster_004.jpg
Posts by Diogenes8080
221 publicly visible posts • joined 7 Jul 2020
GPT-5 bests human judges in legal smack down
Microsoft boffins figured out how to break LLM safety guardrails with one simple prompt
BOFH: Eight pints of a lager and a management breakthrough
Birmingham City Council's Oracle ERP fiasco now £144M and still not working
Everybody is WinRAR phishing, dropping RATs as fast as lightning
Thursday 29th January 2026 08:05 GMT
Indeed. "'We forge our bodies in the fire of our will' - that's why I'm the shape I am!"
But getting back to the vuln, the key point in this story is that many folk will miss patches for third-party utilities like WinRAR, 7Zip et al. because they "just work" and don't need updates, until something like this comes along.
Even if you did patch, not many realise that these utilities also massively increase the attack surface of the desktop by adding support for a surprisingly long list of arcane formats, some of which aren't really inspected by some anti-malware systems until execution starts the shenanigans. There are black-hat groups out there exploiting that fact.
One criminal, 50 hacked organizations, and all because MFA wasn't turned on
Tuesday 6th January 2026 11:58 GMT
Re: Cookie theft is an even bigger issue...
That would be the same Microsoft who had their own internal tenancy breached last year?
MitM token thieves are ubiquitous at the moment. Conditional access rules based on first-generation MFA techniques are useless except as a remediation mechanism, and then only if you are in a position to audit your suspected breached users' factors. Phish-proof methods are really the minimum standard, and if they become commonplace then the chapeaux noir will just look for other ways in.
And good luck getting that freemail Chocolate Factory account back if an intruder manages to reset all of your "security information" before you can respond to that notice. Same goes for any other free consumer service where you are the product, not the customer.
Airbus to migrate critical apps to a sovereign Euro cloud
Friday 19th December 2025 18:53 GMT
Re: How is this a problem?
Even if the entire stack from hardware up to control software and management infrastructure is sold and given over to the customer, isn't there still a dependency on the Chocolate Factory for software updates and security notices? That's assuming the software has not been quietly backdoored.
In any case "Embargo on!" is going to leave the customer wallowing in pig excrement fairly quickly.
UK Digital Services Tax raises £800M from global tech giants
Saturday 29th November 2025 10:38 GMT
Re: 2% ?
Remember that high pay is something of a moral gradient.
At one end you have recipients who are directly responsible for very high revenues and can't be replaced.
Next you have companies competing for top talent in an (overheated?) marketplace.
Then there are chains of interlocking executive and non-executive roles, where everyone votes in favour of a friend's remuneration at the other company. At best the participating companies are buying into a clique of highly connected and influential leaders. At worst it's legal looting from a balance sheet too big and too complex to notice.
Finally there's dear old akamaduri, also practiced in western societies, where that high pay for doing very little is in fact recompense for years of "friendly treatment" when that individual worked at the relevant public regulator.
Furthermore, the ratio between top, average and median pay in an organisation is going to depend very heavily on the actual work it is doing and the skills needed for its labour pool. Comparisons can only be made between organisations in the same business, but I suspect that that would still prove your point!
Friday 28th November 2025 15:08 GMT
Re: How about 20% tax?
I hear you over revenue tax but it's the only way to stop these "disruptors" from exporting their profits through spurious offshore costs.
Example: Hollywood is more evil than Darth Vader. I think I have mentioned that the late David Prowse received nothing from the re-release of the original Star Wars trilogy [1]. His contract which covered his work in the original shooting was for a percentage of the net profits, not the gross.
1. Other stories maintain that it was the original RotJ that denied profitability, in which case Prowse took several decades to burn his Lucasfilm boats.
Mobile industry warns patchwork cyber regs are driving up costs
Thursday 27th November 2025 18:21 GMT
It's a simple cost bleat. The providers all want zero-liability cost-free ecospheres. The cost to their customers doesn't matter if all of the alternatives are as bad as each other.
Well, it's the same barrier for everyone delivering a service to any given jurisdiction, so the only real problem to watch out for is if a near monopoly has proportionally lower costs than a new entrant.
Zendesk users targeted as Scattered Lapsus$ Hunters spin up fake support sites
Thursday 27th November 2025 18:14 GMT
Typosquats are a trivial problem unless warmed up. A much bigger problem would be spurious trial tenancies or breached ones belonging to established Zendesk customers. A lot of the "free trial" hosts don't want to admit that throttling does not stand up to automated exploitation where an adversary can snowshoe over many spurious tenancies.
Cloudflare coughs, half the internet catches a cold
EU's reforms of GDPR, AI slated by privacy activists for 'playing into Big Tech’s hands'
Wednesday 12th November 2025 16:01 GMT
Re: Wrong priorities of GDPR
BA pleaded pandemic parsimony and saw their Magecart fine reduced from GBP183m to 20m:
https://www.theregister.com/2020/10/16/british_airways_ico_fine_20m
Quite what happened to all of the idiots responsible for Magecart getting in to begin with the stories do not tell. We can hope they all died of the plague, but I suspect not. From memory there were about six levels of mismanagement from the board decision to outsource down to the dodgy devs that let the criminals in. Again the tales do not tell if that was by intent or inept copy-and-paste.
Microsoft's data sovereignty: Now with extra sovereignty!
Friday 7th November 2025 13:17 GMT
In the spirit of St William of Vancouver
Does Microsoft have to remain an American company? A quick check suggests $39b US vs $37b non-US quarterly revenue.
Departure would certainly be viewed dimly in some quarters, but those customers would face the same problem Europeans do in finding a credible alternative to the desktop application monopoly.
They would also have the same assurance that their data would remain hosted in their case within the continental US. All MS need is a legal home that does not assert the sovereign right to issue a writ for any data it pleases. Candidates?
And of course any of the tech giants might do this, especially if they "fall out of favour" with any given US administration.
I think we'll save full extraterritoriality and private armies for the next decade.
UK tax collector falls short on digital efficiency, watchdog says
Friday 7th November 2025 13:00 GMT
OMG SAP
I hate to think how great a disaster that is going to be, even if the signatories on both sides are required to pledge their firstborn's souls never to change the specifications or deliverables.
But think of this: one legacy the HMRC is struggling to replace is a colossal pile of COBOLlers from the previous century. It's mentioned on The Reg somewhere. Yes, I am sure the maintenance cost has been significant but how much value has the HMRC obtained from that code? (Less the odd fiscal catastrophe caused by changes that system could not accommodate.)
How long will that SAP solution last before it requires rewriting? Will the HMRC do a DEFRA and eventually implement an ERP system running in an environment that is already deprecated?
UK agri dept spent hundreds of millions upgrading to Windows 10 – just in time for end of support
Network operator ponders building a new submarine cable – on land
Azure's bad night fuels fresh calls for cloud diversification in Europe
Thursday 30th October 2025 18:35 GMT
Re: "Successive outages on this scale show" . .
Sad but not unmerited. JD may have been one of the first, but there are many other webcomic authors from that era still going strong.
Of course the politicians responsible for this mess could not find their own loopback addresses with both hands, as Miranda could assure them.
Marks & Spencer swaps out TCS for fresh helpdesk deal
Tuesday 28th October 2025 14:56 GMT
Slipped schedule
This still begs a few questions.
So M&S move to TCS in 2018, evidently on the basis of a 5-year plan giving savings yada.
But in January 2025 at least a year after that plan completed, they started re-tendering for reasons not mentioned? If this was part of the normal procurement process, should it not have started at some time in 2023? During the first few days of the disastrous April 2025 incident, it seems that no-one could be reached. Was someone's back-to-the-office plan underdelivering? Had it fallen on the same altar as measuring remote productivity?
Of course, the really interesting question from this latest story is whether the decision to leave TCS was taken before or after Easter 2025. It would not have helped morale at TCS if they knew they were on the way out. Perhaps all of the first rate staff were transferred to the JLR account?
Everything you know about last week's AWS outage is wrong
BOFH: Saving the planet, one falsified metric at a time
Major AWS outage across US-East region breaks half the internet
Monday 20th October 2025 10:47 GMT
The Downfall?
Anyone have a link to the Downfall parody Hitler rant created for a major Amazon outage maybe 12 to 15 years ago? Those parodies are still as thick as fleas on Youtube and I find three more recent ones specifically for Amazon but not the original I'm thinking of. It would be a highly apt time to bump it back up the ratings.
"Anyone who works for Cisco, HP or Veeam leave the room!" (it's that old)
Vulnerability scores, huh, what are they good for? Almost nothing
Friday 17th October 2025 14:45 GMT
The function of a high CVSS score is simply to frighten management into taking action.
For the rest of us, the questions of actual exposure and mitigations are equally important.
More worrying is the possibility that an open source vulnerability will be copied and pasted into a new development where it will not be found by vulnerability or patch managers until the new flaw is discovered (and hopefully not exploited).
Criminals take Renault UK customer data for a joyride
Friday 3rd October 2025 11:26 GMT
A quick search suggests the global Renault IT suppliers are Atos, Cap Gemini, Dassault, Google Cloud, Salesforce and possibly a dash of Azure.
If a Renault UK user was compromised, the data subsequently stolen might well be limited in scope to the UK. I wonder which supplier that points to, if the unnamed guilty party is in the above list ?
And thinking of how these franchises are structured, exactly who is responsible in the above scenario? Renault, certainly, but the global group or the UK franchise ? That could make a difference to getting an adequate response (ha!) if your data is in the pot.
New Zealand’s Institute of IT Professionals collapses
Schools are swotting up on security yet still flunk recovery when cyberattacks strike
Politicos: 'There is a good strong case for government intervention' on JLR cyberattack
Thursday 25th September 2025 17:10 GMT
Re: It gets worse.
The latest BBC update here https://www.bbc.co.uk/news/articles/c62nv0xx32go links to a story claiming that JLR failed to finalise cyber-insurance brokered [at their request?]. Whether they were simply still quibbling when the incident occurred, whether this was just with one syndicate or if no-one would touch them at all is not clear.
https://www.theinsurer.com/cyber-risk/news/exclusive-jaguar-land-rover-failed-to-secure-cyber-insurance-deal-ahead-of-2025-09-23/
Anyone able to read the full article?
Wednesday 24th September 2025 14:26 GMT
Re: Well well well
A quick search suggests the annual turnover of JLR was GBP 29b. 2% of 29b is 580m. Funding intervention from a GDPR fine (I understand that there is already proof of personal data leakage) would only work if the JLR supply chain did not include overseas suppliers under the control or influence of Tata.
Europe's largest city council delays fix to disastrous Oracle system once more
Tesla Model Ys recalled Down Under for overly enthusiastic electric windows
Microsoft puts the squeeze on onmicrosoft.com freeloaders
Friday 22nd August 2025 18:08 GMT
Re: 7 days refund
Amen, see that time and time again with many start-ups and those who should know better but don't care a flying doughnut because of their corpus of paying customers.
Offering a free trial of your production domain or infrastructure should be a guaranteed ticket to 127.0.0.1 from any curated DNS resolver.
Friday 22nd August 2025 18:00 GMT
Re: spam coming from inside
If any account in your tenancy is breached and you have not enabled admin consent workflow or any of the equivalent measures, the criminal can subscribe your compromised user to an app that will allow them to copy your GAL programmatically. That means that even unused mail addresses become targets for spam and much worse.The usual goal will be to compromise other tenancies, typically the organisations you do business with who trust your domain. Secondary targets are any information in the compromised account useful for BEC fraud, the right to spin up Azure VMs in your compromised user's name for criminal support and the opportunity to phish VIPs in your organisation from their own domain.
https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/configure-admin-consent-workflow
It's 2025 and phishpoint is still very, very real.
AWS CEO says using AI to replace junior staff is 'Dumbest thing I've ever heard'
Browser wars are back, predicts Palo Alto, thanks to AI
Tuesday 19th August 2025 10:48 GMT
Wars have winners
Noble sentiments expressed so far, but they overlook the way the browser wars were fought. A minority browser isn't going to win vs a consumer model that innovates to sabotage and degrade rivals. Palo Alto appears to be betting on corporate users who want to combine the secure browser concept with one that's principled enough not to spy on their business 24/7, and I'm not sure there is enough appetite to make that viable. Of course, if you already have a secure browser and just want to raise your market share...
In Otter news, transcription app accused of illegally recording users’ voices
Tuesday 19th August 2025 10:40 GMT
Blocked
Crossed my desk at the beginning of the year "unnamed AI providers in privacy policy - block".
I've since seen the same weasel terms [no pun intended] cropping up in similar policies - words to the effect that the publisher expects you the customer to gain permission from all participants, and it's your liability if you do not.
Why the UK public sector still creaks along on COBOL
Workday warns of CRM breach after social engineers make off with business contact details
Ransomware crews don't care about your endpoint security – they've already killed it
Friday 15th August 2025 12:12 GMT
Re: An uphill struggle
Only if you are dealing with a very small organisation with very few endpoints. Otherwise, doing a 100% deployment straight out of the gate may give you a very short contract and some very bad publicity.
A response to a major incident in progress is a bit different. A 100% deployment without some tests is still an act of desperation, but if you disaccomodate the doggie you can blame the malware!
Mexit, not Brexit, is the new priority for the UK
Birmingham City Council's £131M Oracle rebuild in danger as go-live nears
Thursday 7th August 2025 09:04 GMT
Re: F.A.O Lindsay Clark
My first reading of the story was that BCC went broke in part because the new Oracle system was posting errors in cash transactions. As far as I am aware, these did not cause any significant loss for the council relative to the overall shit-show of their accounts. What the errors did do was expose the lack of auditing and general confidence in the new system, causing yet another postponement and additional costs (a) fixing the latest problems and (b) keeping the raft of temporary solutions alive. Given the history of this farce, I would certainly agree that the project risk is badly underrated.
The true cause of BCC bankruptcy was originally reported as 90% a long running and ultimately unsuccessful equal pay dispute (from the council's view), and 10% massive cost overruns on the Oracle project before the above debacle. I believe there was subsequent comment that the equal pay costs would be lower than expected, giving the failing Oracle project a greater proportional blame in the financial fall of Birmingham.
There. Do you think I said Oracle failure enough times to get the search bot's attention?
UK's Ministry of Defence pins hopes on AI to stop the next massive email blunder
PUTTY.ORG nothing to do with PuTTY – and now it's spouting pandemic piffle
Massive browser hijacking campaign infects 2.3M Chrome, Edge users
Wednesday 9th July 2025 11:37 GMT
Re: They started clean
Looking at that list of extensions, I would hardly call them "trusted". Half seem to be for restriction evasion and at least one of the others is clearly fraudulent.
This isn't new. Who else remembers Sourceforge turning from a valuable resource into a lake of trojan adware?
But yeah, call it open-source malware, project takeover or simple schmuckery in the stores, very little of what's out there is reliable.
US imposes sanctions on second Russian bulletproof hosting vehicle this year
Thursday 3rd July 2025 11:50 GMT
AS210.. what?
Ah yes. Aeza. I looked over their network at some point in 2024 when I had a moment spare. Even their BGP was a twisted tangle. It made obfuscators like M247 look simple by comparison. In the end I gave up (which was of course their intention). It was really an arbitrary question of where you wanted to draw the line at where their organisation really stopped.
I can't even find my notes now, but from what I recollect any collateral damage will be a net gain to the planet.
Now if only the powers-that-be could do the same for Tony Stark's crew!
Biting the hand that feeds IT
