* Posts by SsiethAnabuki

17 publicly visible posts • joined 15 Oct 2020

Europol says mobile roaming tech is making its job too hard


Re: Breaking the law for convenience is never a good idea

I think that "literally just to give the user in their country the same level of encryption and protection they'd get if they were in their own country" isn't quite correct, at least in a practical sense. Let me explain by example.

I am a citizen of country A. Let's say that default encryption in country A is OK. As I go about my business in my own country I do not fear that country B has any access to my information. This is good because I know that country B is an authoritarian state that really hates some attribute of who I am. All well and good.

Now - I have to got to country B on business. Not good but I know that I can keep that attribute that they hate under my hat and not be bothered. I can communicate freely using my phone because it has PET and that is keeping me safe from day-to-day snooping because it's encryption is OK and local, authoritarian snoops in country B have no access to those comms.

Strip away PET and in country B I suddenly lose that protection. I am not afforded the same level of protection as I was previously.

Uncle Sam greenlights first commercial nuclear small modular reactor design


Re: Hope

>There is some evidence that the green movement has been and is still being backed by dark money coming from those with interests in gas.

Is there? I've not seen any or any credible reference to any. If you have some, feel free to reference it rather than make vague assertions.

>Also very telling how when pressed on the matter an awful lot of the very vocal greens admit that they have no solutions and are just demanding that 'something be done'.

Indicating that there is a problem that needs solving doesn't obligate you to be the one to provide a solution. Let's try a simple analogy: If someone has a dog that regularly gets loose from their land and attacks local kids, it's not the job of the local kids to work out what the solution to keeping it locked up safely.

>I should have saved the pic from twitter as it showed a German green protest that had flags for no wind turbines, no nuclear and no fossil fuels. Hard to do anything when they oppose pretty much EVERYTHING!!!

Again - a link to the evidence you're citing would give it more credibility. But let us presume that one person at one march did hold a sign objecting to one form of renewable energy. That doesn't a) suggest that green campaigners generally oppose that form of renewable energy or that b) that campaigner objects to other forms of renewable energy. That's a powerful reach to set up the straw man of green campaigners being opposed to everything.

Guess the most common password. Hint: We just told you


Re: Need Javascrip to view the list ...

Also worth noting that you can post a list without HTML, using plaintext.

Frankly, at this point, JavaScript is baked in pretty much as soundly as HTML is.

What's Microsoft been up to? A quick tour of Windows 11 22H2's security features


Re: this is true

That you choose to make great efforts to bypass the security options that are available to you, doesn't make them inherently bad. Two factor authentication is pretty much always collapsable to a single factor if the user is enough of an informed idiot to do so.

Making security measures idiot-proof is really a lost cause. You can make it such that the user in question has to go to greater lengths to circumvent their own protection (or that of their employer) but, in the end, there will pretty much always be a way to make your own systems less secure if you choose to,

Businesses confess: We pass cyberattack costs onto customers


Where else would the money come from?

Not sure what anyone was expecting regarding who footed the bill for this. Was there a notion that someone would pass a bucket round at the shareholder meetings?

This Windows malware uses PowerShell to inject malicious extension into Chrome


Re: Weird first sentence?

"strain of windows" sounds about right, to me ;p

Reg reader rages over Virgin Media's email password policy


Virgin, bringing you the barely-adequate security from 2002

It really is laughable that they consider this to be sufficient to secure _any_ system available online, let alone customer email accounts. I dread to think what infrastructure they have behind this that requires it be alphanumeric and can't have the field resized beyond 10 characters....

UK watchdog's punishment for Blackbaud, Easyjet, other big privacy lawbreakers was slap on the wrist in private


Re: an implausible £18bn in damages

Yes - this was very much the reason behind linking maximum fines to company turnover, so that they culd be effectively punitive.

Microsoft wonders if disabling just-in-time compilation of JavaScript improves browser security


Many missing the point

I came here expecting the usual "NoScript/I disabled javascript" posts and was not disappointed. Along, of course, with the "If yoiu disable JavaScript the whole internet will break" (again, not disappointed)

And, of course, they're missing the point. Microsoft isn't attempting to mitigate every flaw in JavaScript. They, along with the majority of the world, have accepted that considerably more than 99% of users aren't going to do that because they want to use the full functionality of the web or are completely unaware/unbothered by the additional security risk of JavaScript.

Instead Microsoft are basically targetting the folks who might hit the "secure" button if one is provided and seems to provide an acceptable level of functionality to them. I don't doubt that their marketing people are also getting all sweaty-handed about the notion of using the slogan "The most secure browsing experience" if they have the slightest excuse to use it.

UK data watchdog sees its approach to government health tech during COVID-19 outbreak as 'pragmatic'


We're not doing our job because...

It kind of feels like they left the ellipsis in the report. Or maybe it was just a hand-wavy "because pandemic".

The problem with a 'pragmatic' approach is that the ICO is set up to be adversarial and not 'pragmatic'. The regulations that it is there to enforce are ones that are deeply inconvenient to the bodies that are bound by them and consequently are often ignored, bypassed, hand-waved or otherwise disregarded. The notion of the ICO is a body that pushes back hard enough that it's really not worth the gamble.

It's totally worth the gamble.

The PrintNightmare continues: Microsoft confirms presence of vulnerable code in all versions of Windows


As much as I like to dump on microsoft a pile...

.. and this bug is a nasty one if you've got a very specific setup... I can't imagine that many people have taken the decision to a) hang a load of peripherals off their domain controller and b) be large enough that they are panicking about internal users exploiting the vulnerability.

Surely anyone of any size is using a print server rather than dumping that load on the domain controller?

Ex-Brave staffer launches GDPR sueball in Germany over tech giants' real-time bidding for ad inventory


Re: Previous approach

There's been (as you can probably imagine) a fair amount of academic interest in whether contextual or behavioural (personalised) advertising with quite a few studies into the effectiveness of each. In controlled environments, contextual advertising consistently outperforms behavioural (just do a quick search on papers and the trend is pretty obvious).

The problem, probably, is that behavioural advertising is something that a lot of 'industry experts' make a lot of money out of. The systems are already in place to support it and it's an industry that is pretty easy to keep new folks out of. As a result it's pretty robust to industry disruption and a fair bet for making lots money.

Contextual advertising is a simpler affair, requiring a lot less data aggregation and so easier to break into. I can see why existing folks in the behavioural market don't want to see a shift. It opens them up to greater risk of competition. And so it's in their best interest to keep shilling behavioural over contextural.

NHS-backed org reacted to GitHub leak disclosure with legal threats and police call, complains IT pro


Not a good look

As much as there were things done wrong by both parties here, I can't help but feel that the real take-home here is that you are far safer just anonymously dumping vulnerability data into public spaces and forcing the hand of corporate entities than you are actually acting responsibly.

Responsible disclosure so often results in a hostile response or complete indifference to the vulnerability disclosed

(and for the lawyers reading this - I'm not advocating anything, just pointing out some inferences that can be made from the behaviour in this case and many others)

Average convicted British computer criminal is young, male, not highly skilled, researcher finds


Re: Equal Opportunities?

It could, of course, be that the demographics of "computer criminals" do not mirror the demographics of those caught and prosecuted.

Hacking is not a crime – and the media should stop using 'hacker' as a pejorative


Linguistic drift

I guess echoing what a lot of folks here have already said. Language is gonna language and fighting it is as productive as standing on the beach and shouting at the tide....

Except... I've personally observed something of a drift towards "cybercriminal" as a term rather than "hacker", at least in broadsheets and their online equivalents so maybe the use of "hacker" is now relegated to the red-tops?

On the flip side, there's also been something of a move away from referring to hardware hackers for folks who mess with stuff physically, using terms like "maker" so maybe the term "hacker" is being abandoned by the educated mainstream for both it's orginal and cybercriminal meanings?

Experian vows to drag UK's Information Commissioner's Office to court after being told off for data-slurping practices


Re: They already hold far too much information on us....

Yes - I recently traced back some inaccurate information held on me to Experian and did a full subject access request. The accuracy of their data on me was laughably bad. They even failed in areas that should be automatic wins for them, stuff from the census like how many kids I have.

I did a rough totting up of the info they will have harvested from sources that should be correct and it was about 40% accurate. For the data that their 'sophisticated' algorithms extrapolated about me? At best 10% accurate.

Frankly, they're snake-oil salesman promising things they can't possibly deliver.

Elizabeth Holmes' plan to avoid her Theranos fraud trial worked out about as well as her useless blood-testing machines


Re: Hold on lads!

I disagree.

If experts in a field say that something is impossible then I think it is entirely reasonable to assume that something shady is going on. To believe that all the experts are wrong and that the person asking for your money is right suggests a rather obvious level of gulibility.