Posts by Christoph

"for the next several weeks as it restores all of the damaged systems"

Aren't they lucky they're not in Puerto Rico.

Of course there's hidden spyware in electronics

It's well known that some electronic kit has hidden spyware included. As Snowden revealed, it is put there by the NSA.

You only need a single hole in security to lose

Search all the baggage and the passengers. Armed police everywhere. Strict controls on who can enter certain areas. Highly visible security everywhere you look. And then leave the security specs lying around on a USB stick.

Someone is more into security theatre than actual risk analysis by real experts.

Don't worry, they'll sort it out

Once the banks succeed in completely abolishing cash, you'll no longer be in deep trouble when the banking systems fail.

You'll be utterly buggered.

Aren't those Russians terrible, developing software to hack into computers for their nefarious ends.

So different from our wonderful people in NSA and Cheltenham, who are developing software to hack into computers for their noble ends.

"This may seem like a quaint concern when looking into whether one's email address and password have already been exposed online. But it may matter to some."

Surely the idea is to avoid exposing your email address if it hasn't already been exposed?

The HIBP site is presumably OK since so many people will have checked it, but the extra security doesn't hurt and just may avoid letting a previously clean address out into the wild.

As a for instance, I use different emails for each company I buy from, so if it escapes I can be sure it's that company as nobody else knows it - but can I still be sure if I've also sent it to other sites? And I certainly don't want to expose the very complex address I use for banking, which any phisher would first have to guess.

Consumer banking keeps going down. I wonder what would happen if the financial trading systems which move money by the billions and rely on microsecond timing were to fail for a similar amount of time?

Or could it possibly be that they can't be bothered to put the same resources into systems for mere consumers?

Serious scientific experiment

So what happens if you give LSD to octopuses, who can camouflage themselves by changing skin colour and pattern to match what they see as the surroundings?

Wow the colours, man!

All your computers are belong to us

Microsoft will be able to invisibly siphon off whatever data they have decided they need/want. Can you trust that every Microsoft employee who ever has access to this can be relied on not to misuse it? Especially if you have compliance requirements to keep data secure.

Can you trust that the US government will never lean on Microsoft to grab and hand over data?

Can you trust that Microsoft will never leave a security hole by which attackers can have total access to every computer subscribed to this system?

"In short, civil servants have decided to insert themselves into a dynamic market based on an ideological concept of how the internet works by adding unnecessary new rules over the objections of people actually working in that market.

It's exactly this sort of nonsense that drove many in the UK to vote for Brexit in the first place."

Nothing to do with the EU at all. Any petty bureaucrat with a tiny bit of power will want to wield it, and is very likely to decide that he/she obviously knows far more about some field than the people actually working in it despite having no experience of it whatever.

They will impose, or try to, a set of rules that seem obvious to them. Yet assume that these so obvious rules were never noticed by any of the people who have spent their careers in the field, and that any objections from those people are clearly wrong and should be overridden.

(And yes, I do have direct experience of this. 'Safety' rules that would have made an activity very much more dangerous.)

Do Not hide the URL

Years back Microsoft decided it was a really neat idea to hide the file type extension on files. One of the first things I do on a new machine is switch extensions back on. I want to know what a file really is, not what the icon is claiming!

If I'm looking at a web page I want to know what the address is, not what someone else has decided I need to be told about.

Did that rule block anyone wanting to register scunthorpe.us?

Hi, keen young techie. How would you like to spend a few months being yelled at by sergeants while square bashing, then get sent off to the far side of the world to help fire high tech weaponry at the local peasants who have no idea why you have invaded and occupied their country?

I see you're all nervous and twitching from your attempts to cut down on your caffeine addiction which is causing you serious health problems. Here, have a cup of coffee to calm you down.

" the powers would only be invoked for “serious crimes” involving sentences of three years or greater."

And we know that they will stick to those limitations, because?

If nobody is allowed to know what they are doing because any whistle-blower gets a 5 year sentence, then they will misuse it. Any time some group gets completely unsupervised power, it gets misused.

This is well known - the Snowden revelations showed that security agencies go way past what they are theoretically allowed to do as a matter of routine every day operation.

So will they have no objection if I run a full penetration test suite on their site to make sure they are secure enough for me to consider becoming a customer?

Oh, and I'd like to check that they can cope with a DDOS attack so I don't lose access if someone attacks them.

For Security, you know.

Has El Reg been hacked?

I've just had a spam to the email address I used to sign up to The Register - an address which I created for just that purpose and have not used anywhere else.

(And no, while it's not massively complex like the one I use for my bank, it's not one that could be found by chance).

Sometimes it's the user

Physicist Wolfgang Pauli could break equipment simply by being in the same room. Or even by happening to be changing trains at the local railway station. See 'Pauli effect'.

"making AI algorithms subject to verification and transparency;"

That will ban very large numbers of algorithms which simply cannot be verified - they've been generated by evolving, on an enormous data set.

You might be able to test them for built in bias (though you have to suspect it before you can test for it) but you can't verify them or explain how they work.

Whether banning such algorithms is a good thing is a different question.

"be confident that not only will the decryption tool appear"

Unless you get one of the really nasty ones which generate a new key for each victim and discard that key after a certain time.

"those people quickly tire of dealing with grumpy customers and leave in droves."

Possibly they also tire of lousy working conditions. Of having to exactly follow a script no matter how obviously inappropriate it is. Of not being allowed to put the phone down on an abusive customer. Of having all their calls monitored and being bollocked for any trace of human reaction rather than robotic rules following.