Posts by Diogenes8080

RTFA

Some commentators appear to have missed one of the points - the Singaporean paper is saying that the banks do not pick up liability if they have not practiced fsckwittery.

That rather limits their scope for communication, since many of the available media are inherently fsckwitted for financial communication. A PSTN that is open to spoofing? SIMs that can be 'jacked by spinning a tale at the local carrier retail outlet? Active collusion by corrupt staff at any point in the over-extended outsourcing chain? Secret Q&A in an era of criminal e-pending? FFS, that's worse that a moderately weak password.

There are secure means of consumer communication. The banks know them and many of us know them. We simply need an ombudsman that knows them, but that might be too big an ask.

Re: Outsourcing

Well, it's a supply chain attack. You can't expect the police (even if they were organised nationally rather than by constabulary) to insource everything.

Whether your supplier is properly equipped to handle your highly critical data, and whether you have the mechanisms and contractual clauses to enforce that handling... that's a much more interesting question. And you want to outsource to a foreign jurisdiction with a notoriously inefficient or partisan judiciary? I can't see how that could possibly go wrong!

Also, both in this breach and several others, we are not being told the name of the breached supplier. Was it the same as in the case of the Met breach?

https://www.theregister.com/2023/08/29/met_police_data_breach/

Concealed weaponry

But if you pull the handles the right way, a fixed-mount Seburo C27-A folds out. Ideal for rush hour.

Re: CAN-SPAM Act?? hahahahahahaha what a JOKE !

I had the same low opinion of CAN-SPAM (and for the most part still do) but I did note that many of the larger grey mailers do feel obliged to include certain information in their headers. It's just a fig leaf in an intentionally obscure location; the last thing they want are actual delist requests for which they will be fined if they ignore or "forget" the feedback. However, if you are inspecting headers then you can look for those patterns and conditionally deliver their spam. It's a useful technique for senders whose ranges are too big, too dynamic or whose aggregate output is too mixed to block.

I say "conditionally deliver" because by its nature you won't get a consistent view from your recipients. In some cases they actually want some of the spam, but more commonly you will find the grey mailer's own customers mixing transactional and bulk in the same workload. Any internal mass mailing your own organisation commissions from the mailer (without telling you, naturally) is also going to get the same verdict.

Possibly captchas make mules uneconomic and block the vast majority of spiders that aren't equipped to deal with them?

Just because it's possible for a bot to defeat a captcha does not mean that every ripper and leach comes equipped with the code to do so.

Re: Norfolk and Suffolk police: Victims and witnesses hit by data breach

Just saw that one surfacing and came over to read the Reg comment.

For all 3, surely creating a fictitious Constable Honeypot and slamming the brakes on any outbound mail or upload that mentions him would not be too difficult?

Re: Genuine Question re proxy / web filtering

Although strictly speaking it should not make a difference, I suspect that any practical [1] distinction will fall on the motive for monitoring.

If you only establish user identity after you know that a malicious link has been clicked and that you may need to remediate then that is one thing.

If on the other hand you are deluged with line management requests to establish how much time employee X is home shopping, that is another thing. A specific inquiry comes close to fishing.

1. practical distinction - never mind what this OII says; show me judgements and actual fines

2. some proxies don't track user identity - they simply allow or block depending on the destination category

Re: Nobody is legally responsible, oops

Lots of both, sadly.

On the strategy and design side, excessive focus on constructing line of battle versus scouting elements, inadequate flash testing, neglect of emerging aviation, disgracefully poor shell testing and a battle plan that expected the enemy to stand and fight at a numerical disadvantage.

On the operational side, a lack of practice by the battlecruiser squadron, failure to learn from earlier engagements, failure to fully utilise Room 40 and an emphasis on Grand Fleet Orders over a more practical doctrine that would have improved Beatty's reports and allowed Jellico to give simple immediate instructions to his subordinates. Well, the GFO were his but he was starting with some very poor material.

Naturally, both Jellico and Beatty were promoted.

Re: Second email account

You missed out the bit where the IP is dynamically allocated, the DNS is dynamic and the ISP themselves have listed the whole pool in the Spamhaus PBL.

Not that I know the sender, I'm just speculating...

Re: A fitting epitaph

I feel a need to misquote Dickson: "Disturb rather the tiger in his lair than the PA at her workstation, for to you orders and expense claims are things mighty and enduring, but to her..."

I was assuming that contrary to what Simon told the boss, animals go in the front of the factory and sausages come out the back.

Re: Weather?

Hot sun is a problem if you need to put a laser link on a steel-frame building. The steel expands as it warms up, which can gently twist the the laser off target. Some sensors don't even work if they are facing a low sun, so the problem only occurs in the early morning or late evening.

Another reason can be if the original compression used a cypher incompatible with native Windows ZIP. Again, a quick check with 7-Zip shows "oooh, it's written using {squiggle} instead..."

Schism - yes, but I thought it applied to hard-line Stalinists in the West who would deny any flaw in Soviet methods or policy, even after Ukrainian famine, Ribbentrop-Molotov pact, Hungary, Czechoslovakia, etc...

Re: In tangentially related news...

They don't actually want their pot o' gold?

And if the judgement is for all FB European activity, shouldn't the spoils be shared out pro rata the EU member populations?

Re: Capita has taken extensive steps to recover ... the data

If the statement refers to the original response then it could mean "we couldn't trust the data so we had to delete and restore it". Even if the CNC part of the breach only refers to an outsourced cleaning contract, you don't want someone wandering around HQ with a bogus cleaner's lanyard.

But yes, erased information can be restored and compromised information remains irrevocably compromised.

There is certainly a massive lack of transparency as to what went wrong. Personally my bet would be on a subcontractor brought in to administer systems on the cheap, a la Lapsus v Okta.

Re: And "most" means?

Try the board game of the same name from Czech Games Edition - it's the only game I know of with working cogs.

https://boardgamegeek.com/boardgame/126163/tzolk-mayan-calendar

Beware - the head priest is allowed to fiddle the calendar!

Cracked dilithium

Eject the warp core!

Re: Why would he have access to any of that stuff?

I just don't believe the sheer stupidity, not just of the leaker but of the idiots who put that security framework together.

It's the sheer scope of the leaks that is mind-boggling. 13 years after the Manning incident we have a junior airman, this time not even an NCO, with access to many, many different areas of intelligence. It looks as if the military are depending on a simple stratified access model written circa 1940. Can't they do attribute-based access control?

Yes, a very senior analyst might need to pull apparently unrelated information from different theatres. For anyone else, even relatively senior officers, the fact that they are requesting top secret data from topics A, B, F, J, N, T, R and Z should start an alarm ringing.

Lawyers - Dick, H iv P2 act 4 sc 2

A more serious application of US RICO might ask when seizing a domain why the owner of the infringing domain can never be traced.

Re: One positive outcome from their war with Russia

Would not describe those parts of the Kherson and Zaporizhzhia oblasts still occupied as "little". That's the whole of the northern shore of the Sea of Azov.

Odessa was only under threat of occupation in the early days when Mykolaiv looked shaky.

Re: Zero-Trust model?

Exactly. Anyone who has been obliged for commercial reasons to accept traffic from a legacy relay knows how miserable that is. The EXO team are merely getting peevish at the amount of tat relayed in from weak customers. The fact that the EXH server software has bugs to exploit is another question.

For those looking for the EXO blog on throttling stale Exchange, it's here:

https://techcommunity.microsoft.com/t5/exchange-team-blog/throttling-and-blocking-email-from-persistently-vulnerable/ba-p/3762078

Because DZ534539 has already been moved over to the Issue History tab.

That's just low. Especially when the problem isn't fixed because links dating from the incident live period still aren't opening.

It looks as if DZ534548 is solely there to justify moving DZ534539 off of the Active tab.

Re: Oh look, someting in Africa is being mismanaged.

Well, the Wikipedia page is a hoot: https://en.wikipedia.org/wiki/AFRINIC

An interesting question: if the Mauritian courts are vulnerable to vexatious litigation, what nation should AFRNIC be based in? A number of national African registries seem to favour the Netherlands...

I'll just get my pith helmet with the ostrich feathers, shall I?

And who will move those workloads?

By the time the less agile organisations want to move, there won't be the up-to-date skills available to do the job. There will be a whole new generation of infra managers who have never managed on-prem and won't know the pitfalls. In theory everyone piles back into training, but were do the good instructors with the practical experience come from? Vendor book knowledge isn't the half of it.

And the really lumbering giants won't even know their own workloads in any practical terms. They'll pay exorbitantly to relearn the same old lessons the hard way. These are the sorts of organisations whose costs ultimately get paid for by everyone.

Re: So truthfully now ...

In truth, I don't think breaching Microsoft's latest assurance scheme * is that big a deal. Any organisation with an open policy (which I believe is still the default even though Microsoft themselves recommend otherwise) is going to see lots of quite well-known, respectable apps washing up on that ole' Enterprise Apps blade with minimal details. The list rapidly becomes a sty in which malevolent actors can hide amongst the clutter.

* Still grateful to El Reg for highlighting this old one from 2019:

https://www.theregister.com/2019/01/23/office_365_network_hole/

Re: Some folks just ask for problems.

Truth, but there are many ways to trick a user. A wiser council might be "should this recipient ever need to receive an ISO attachment?" Exempt your techs and block for everyone else, at least from external sources.

Re: IT much?

Assuming the problem isn't a difference of opinion over what constitutes spam (and that definition is a spectrum running from valid _recent_ prior relationships through many shades to the clearly criminal) then the reasons a sender can end up on an IP blocklist like Spamhaus are:

- the sender's monitor isn't effective and at some point someone /is/ sending spam via the IP

- the sender's system can be abused to bounce spam back to a spoofed third party

- the IP is shared

- the service provider does harbour and rotate questionable senders, and a block has been escalated

Remember that if Spamhaus or any other major bureau is listing your IP, other system administrators are looking and taking action. I'll happily drop a /16 and accept some collateral damage if it's in the best interest of my recipients.

Re: Hmmm

And Brian Krebs put the boot in Twilio for lack of MFA nearly 2 years ago to the day:

https://krebsonsecurity.com/2020/08/sendgrid-under-siege-from-hacked-accounts/

Re: Concurrent CP/M and ICL 80286 hardware

MicroLAN. The hardware was full 10-base2 so in theory 10Mbit. I don't know if the cards were up for that, and with the DRS range it wasn't ever a question because the apps and consequent traffic were tiny.

Re: The Weakest Link

The survey omits two favourites, "we've just bought them so go support their tech" (I wonder why the business was for sale in the first place?) and the truly worrying "we've just bought them for their tech". And that is without going through the "two CIOs enter, one CIO leaves" which normally accompanies mergers and, I hear, can be quite traumatic.

Re: Car bomb?

It isn't a proper continuity site unless it can withstand a near miss from a 1MT warhead.

Re: Bus drivers...

I have it on good authority that the traditional solution is to keep a rabbit and a revolver in the glove box and to scream at the children as soon as they do anything out of line. Untidy hair completes the intimidating image.

Re: "the Afghan Relocation and Assistance Policy (Arap) team"

Joking aside, that comment might frame the problem with the West's policy in Afghanistan over the last 15 years rather well.

Pennywise and pound-simple

Makes you wonder if the "small group of specialists" was being progressively diverted to tackle a rising number of fraud cases, leading to a backlog of queries. They couldn't recruit more? Now the department owes GBP 1B, with an additional 15k cases reckoned untraceable and data on the deceased deleted after 4 years due to convenient data protection.

The oldest cases go back to 1985, so it sounds as if the problem really is procedural rather than due to a coding error. I suppose there is some excellent reason why on retirement the NICS record of a taxpayer could not just be copied over to the DWP in a "thats-all-folks" file. Give it the data and a VME box will happily chomp through a lot of complex rules, batch or interactive.

Re: Yes, that's exactly what I need

Then drop the ranges indicated by https://mxtoolbox.com/SuperTool.aspx?action=mx%3amcsv.net&run=toolpage and remember that they will include all of the Mandrill space which is notionally transactional. In practice RSG's toleration for bulk from those blocks has varied over the years. Any commentards managing mailservers for others would be better advised to conditionally deliver (i.e. place in junk) with a prior policy announcement to recipients.

For those suggesting / requesting free services, my experience is that any sort of entry level / taster service will be abused.

In other news, Scurvy Monkey are renaming themselves. The damage to simian-themed poo-slinging brands appears to be irreparable. Did I just muddle that last sentence?

Re: this process could cost the council £8,000 in taxpayer funds.

So the council received legal advice that a legal advisor would need to charge £8k of legal fees to reverse the inadvertent publication of test data. Unless the maligned system automatically poked records into other systems, I suspect that the council received advice from a local outside body.