435 posts • joined 3 Apr 2008
German tank problem
Did they use the German tank problem approach for the serial numbers?
Better stock up on supplies then
Well, that brings the time you need to have stocked up on essential supplies forward from March 2019 to the end of the year then. You know, food, medicine, fuel maybe.
It doesn't actually matter if HMRC pull the rabbit out of the hat and make it work on time, we still haven't even started on the rest of the infrastructure needed for the new customs environment.
It didn't matter if your systems were up-to-date with NotPetya or not. It harvested administrator and local administrator credentials via a custom version of Mimikatz and used those, in *addition* to spreading through ETERNALBLUE / DOUBLEPULSAR etc.
I suspect that many of the organisations so badly hit had decent patch management regimes, but were weaker on passwords. It was not the same as WannaCry. No, not at all.
Re: It'll be worth it
And we'll be getting our Prawn Cocktail crisps back.
In the old days..
In the old days they would have been even more screwed. When domains expired they used to drop straight away and could be reregistered almost instantly. That changed a bit more than a decade ago. If you think that getting your domain out of REDEMPTIONPERIOD is a pain, trying to get it back from some anonymous domainer who wants a fortune for it is even harder..
I found an example yesterday, you can see how it works in this URLquery report:
Blocking coinhive.com and coin-hive.com and the associated IPs should mitigate it IMO.
Re: Science Fiction saves the world!
Footfall is probably one of the best and most plausible alien invasion novels, Mote is the best first contact novel I've read. I wasn't so keen on Pournelle's solo works, but when working with Larry Niven there was a good combination of ideas - I guess Niven had the big ideas, Pournelle then made them credible.
And Chaos Manor was always a must-read in Byte. Sure, it was just some guy fiddling around with computers but you'd often learn something. And Pournelle was right about keyboards..
That damned sinkhole server
I seem to remember him Tweeting that various law enforcement agencies kept trying to shut down or seize the sinkhole server. It seems that a lot of agencies just didn't understand what was going on and were in their own little bubble.
Funnily enough, one of my bosses offered me a trip to Black Hat / Defcon. Didn't fancy the idea much then. Fancy it less now.
There were five in the UK..
There were five Multics systems in UK Universities as I recall, Birmingham, Bath/Bristol (AUCC), Brunel, Cardiff and Loughborough. Typically these were hooked up to Lear-Siegler ADM3a or similar terminals, ours used British-built Insight VDT-1s (who were eventually bought our by Sanderson Electronics).
Of course, as with probably most 1980s computing students we tried to hack it, but unlike other boxes the security was very solid. Social engineering attacks worked the best. Yes, I got into a lot of trouble in those days..
As an aside, Paul Smee was one of the leading Multicians of the time IMO. Sadly he passed away back in 2006 - http://www.bristol.ac.uk/news/2006/5138.html
Why not go further?
Why not go further? I understand the C64 has already had this treatment. What about the BBC Micro? Dragon 32? Oh.. yes, maybe that it going a bit too far.
Good riddance, but..
I always hated Unity, but then I don't use Ubutnu on a daily basis and never "got it" I suppose. GNOME of course was always very simple and easy to get to grips with. And then GNOME 3 came along and it was right back to WTF? again..
If you want to start an argument..
If you want to start an argument in IT, propose a new machine naming convention.
If only the EU would offer passports to citizens wanting to get out of this f--king failure of a country..
Just bought myself a Z88 on eBay. Lovely big keyboard, it really could do with a bigger screen, Flash storage and USB though.. but not bad for 30 year old tech.
Still have my "Multics Commands and Active Functions" manual somewhere..
What's the penalty for sharing your ID?
What's the penalty for sharing your porn.gov.uk ID? You could really undermine the system if everyone used the same ones :)
I'm always a bit surprised when I find that Viglen is still in business too. And that Tom Lehrer isn't dead.
Politicians' browser history
Those proposing this law should take their laptops in for independent forensic analysis so that we can see that sort of sites they they like to visit for "research purpose".
The mouse that never worked in the afternoon..
One day (in the early 1990s) I was called out to install something-or-other in an academic department of the college I worked in that I hadn't previously been aware of.
Having set whatever it was up, the users casually mentioned that another one of their computers didn't work in the afternoon.. well, *most* afternoons. It was OK in the morning, but after lunch it apparently stopped and the person using it couldn't do any more work. This had been going on for months. It didn't seem to particularly bother them that they spent their afternoons sitting around doing nothing.
It transpired that the problem was that the mouse stopped working, and with no mouse they couldn't possibly interact with the state-of-the-art Windows 3.1 PC. They just accepted that it didn't work in the afternoon.
The problem was a daft one.. the early optomechnical mouse had optical sensors internally which were being flooded out by the sunlight shining on the plastic. Putting in a better mouse fixed the problem. But what got me was the laid-back attitude to not doing any work. Maybe not surprising in that environment.
(The same department also had a then-massive 21" CRT monitor on another system that they insisted on running in VGA resolution despite there being no reason to do so. They went ballistic when I tweaked it to 800x600 pixels).
In one lab installation we put a box file under the monitor to raise it up a bit, because the PC was a tower system under the desk. For a laugh, I printed out an icon of a floppy disk drive and glued it onto the box file. On more that one occasion we had baffled users who didn't understand why the disk didn't go in. Hmm.
I think CFCM is going to be one of the government-approved types of pornography going forwards.
Textron AirLand Scorpion
Projected to cost less than $20m..
It seems that there has been some real interest from countries looking for inexpensive fighter aircraft. You can buy about five of them for the same price as an F-35.
Oddly, I can't find the DMCA complaint in the Lumen Database (lumendatabase.org) which has plenty of other recent DMCA complaints submitted to Google and YouTube..
I had one of those too. But it wasn't really a German car (despite the Daimler ownership), it was a French car with all the fun and unreliability that goes with it. Electrical gremlins, leaks, ECU failures, steering rack faults, fractured aircon pipes. Not really reliable. But fun to drive when it wasn't being fixed.
That's a pretty impressive portfolio of designs - https://en.wikipedia.org/wiki/Frank_Stephenson
On the Mini.. well, it a contentious one amongst car fans. Issigonis was trying to design something cheap, small on the outside and big on the inside all while using as much from the BMC parts pin as possible. The fact that it was cute to look at and fun to drive were rather pleasing secondary factors.
When *Rover* tried to redesign the Mini in the late 1990s, they came up with a number of things which were closer to the Issigonis idea of efficient packaging (some looked like the Daewoo Matiz), where BMW was more interested in the cuteness factor. In the end, BMW won and the Mini was a huge success.
There's an interesting and more detailed story about the development of the Mini and the prototypes that never made it here: http://www.aronline.co.uk/blogs/cars/mini-bmw/mini-2/the-cars-mini-development-history/
Remember the iPhone 4. Or maybe the Ford Pinto.
Remember the iPhone 4 and antennagate? People wondered how Apple could regain the trust of customers after messing that up, and yet they fixed the problem and moved on. There's no real reason why this should turn into significant long-term damage for Samsung
If no other models start to blow up. If their PR machine gets back on track. And their competitors don't capitalise on the problem.
People still buy cars from Ford too, despite the beancounters deciding that it was cheaper to let people die in the deathtrap they called the Ford Pinto rather than fix the underlying problems. Consumers can be surprisingly forgiving with companies that they trust.
The dead hand of CA
CA buys good products and then ignores their development while creaming off the profits. Eventually the product dies, then they just buy something else.
What Oracle is going to announce today..?
Something I do not give the tiniest shit about. Oracle is a great lumbering mess that only still has customers because it is too difficult for those customers to extricate themselves from their engagements.. and what choice is there? SAP? Just as bad.
Next on the list..
They already had a go at No Man's Sky..
Passport, driving licence validity
Where your driving licence will be valid in the UK, there's a possibility that it will not be valid in Europe. Even more likely, the EU-style passport may not be valid for travel to EU countries at least, because travellers will no longer have the rights and privileges of being an EU citizen.. that will be something the EU will have to decide.
Please don't confuse the BREXIT debate by bringing facts and logic into it.
I has a sad
Thank you Lester for making the world a funnier and more interesting place. You will be missed.
Gragh, students and their sodding games
I worked with students for quite a long time. One irritation was that they would insist on playing games on the lab computers which were meant for.. well, work. Back in those days all the games were DOS games, and they almost all used Mode 13h for graphics (320 x 200 pixels x 256 colours).
I knocked together a simple TSR that intercepted the interrupt that changed the display mode.. every time you tried to change to 13h it would display an error and reboot. The TSR was pretty well hidden, I don' t think any of the users ever figured it out.
The other essential DOS tool was an application that replaced the FORMAT command with one that checked to see if the user was trying to format C: (because yes, you could actually do that). If they were it would let off an alarm, which would tend to attract attention. Yes, students actually did this either maliciously or stupidly. If they were just trying to format a floppy disk, it would pass it on to the REAL format command which had simply been renamed.
What always flabbergasted me was when students were working on their dissertations, they wouldn't ever bother to have a backup copy of the floppy disk they had to store it on. Norton Utilities certainly rescued quite a few academic careers.
When we upgraded to a Novell network the problem was that the students would never log out, and students would end up with each others dissertations. Eventually, we wrote a screensaver in VB which would log them out automatically. Unfortunately, it would tend to do it while the students were looking up references in their books and it would shut down.. being not very observant, they didn't notice the GREAT BIG RED timer which gave them five minutes grace.
Exactly. The internet is dangerous. Best to block it and get the stuff you need off those 3.5" cover disks on the front of magazines.
We recently powered off an AT&T PABX that had been in service since about 1994. OK, it had been switched off and on a few times because occasionally you DO have to power down the server room. I betcha there are some ancient PABXes out there..
Re: Nothing wrong with insecure passwords
Password re-use is the problem. Using throwaway passwords for trivial accounts is one way to prevent it. After all, there's no point using a password like ",=8r2/ax}DS-G2N&" if you use it everywhere, including easily hackable sites.
"Rola" is apparently Portuguese for "penis". Perhaps not such a good name.
And this is why..
I recently looked at an issue involving fake LinkedIn profiles. I was getting nowhere with a reverse image search of the profile images with the usual technologies until somebody suggested flipping the image.. and all of a sudden the reverse image search started working.
That was a relatively simple circumvention technique. I'm sure there are plenty of reversible techniques to apply to a picture that would screen it from this sort of detection. But it would probably catch quite a lot of this material from being circulated.
Because folding one OS into another always works so well, for example MeeGo. Tizen. Etc.
If they've taken it down..
If they've taken it down.. then how come the Dridex spam is still running? Just got another malicious Dridex DOC this morning - http://blog.dynamoo.com/2015/10/malware-spam-scan-2015-10-14-52954-pm.html
Re: Don't rely on this so called "report"
Don't a Google search for "site:.science" shows a LOT of sites, and you can tell straight away that a large quantity of them are complete crap.
There is of course a caveat with just counting the number of bad domains.. if you take a worthy domains such as theregister.science then it counts as just one good domain, but obviously the value of that domain is much greater. Thus you can have 99% crap and 1% of actual value. Yes, I'm still minded to block some of these.. but you need to be aware of collateral damage.
Just finished reading the new Maddi Davidson murder mystery..
It turns out that the customer did it.
How to detect and stop it..
All our corporate computers are joined to a domain and are managed by WSUS. However, a small number of laptops (about 0.5%) managed to initiate the download despite having policies to block running the GWX component in place. It looks like the process might have triggered when the laptops were outside of our corporate environment. We spotted the unusual traffic before it became a problem.
If you log your internet traffic, then searching for "10240.16384.150709-1700" is useful to reveal who is downloading Windows 10 components on your network.
Microsoft have some new guidance on how you can block the OS upgrade here:
If you run the DOC (or DOCM or whatever) through olevba.py (http://www.decalage.info/fr/python/olevba) then it will extract the underlying macro. It will be heavily obfuscated, but the obfuscation itself is a clue that it is bad.
Alternatively, Payload Security's Hybrid Analysis (hybrid-analysis.com) does a very good job with these malicious documents, and will show what network traffic is going on.
Passwords in plaintext
The pre-Google version was so bad that you could find the email password stored in plaintext in the browser cache, so if anyone had access to the files on your computer then they could easily determine the webmail password with no additional tools needed. Classy.
Re: End of an era
Like Windows NT 4.0? Actually, that did a pretty good job at it..
OMG.. Hooli XYZ
The mistake was.. Symbian
I pretty much agree with the article 100% - Elop found Nokia in an impossible situation that was not of his making. He tried a high-risk high-reward strategy with Windows which didn't really work out. Android would have been a low-risk but low-reward approach, as the article says.. Android manufacturers are hardly raking in the cash. Sticking with MeeGo looked very much like a high-risk low-reward approach, so dumping it was probably the best decision. So the choice was really between Android and Windows. Choose one.
I think the crucial mistake was how Elop dealt with Symbian. When he become CEO, I believe that Symbian was still the best-selling smartphone platform in the work. While it lacked the capabilities of main rivals iOS and Android, it was still a very capable and lightweight OS with a ton of applications available for it.
Prior to Elop, the idea was that Symbian would move downmarket into Series 40 territory with Maemo/MeeGo taking the high end. Insteal, Elop announced that Symbian would be phased out which had the Osborne Effect on Symbian sales which collapsed, leaving a huge hole in Nokia's sales book. Then, crazily, they tried to add more features into Series 40 to make it more Symbian-like.. for example the Asha series of devices. That was a lot of effort to re-create something they already had.
Symbian certainly has its detractors, but the final Nokia Belle handsets were really rather good.
Nokia were already screwed..
Nokia were already screwed when Elop joined. Symbian couldn't compete with modern OSes such as Android and iOS, Nokia's escape strategy of moving to Maemo on high-end devices had fatally stalled with the ill-advised merger with Moblin to create Maemo. You can blame Olli-Pekka Kallasvuo for the mess that Nokia found itself in, not Elop.
Elop found himself at the head of a company with no roadmap, but still quite a lot of sales. His infamous "burning platform" memo was pretty accurate, but he was fatally undermined as CEO by whoever leaked that communication.
Getting out of the mess was always going to involve some risk. In the end he took a high-risk approach of dumping everything and going for Windows, hoping that Nokia would avoid becoming a "me too" Android player. In the end, that strategy did not work.
It was always a high-risk, high-reward strategy to tie Nokia up with Microsoft. If they'd have gone down the Android path, I am sure that Nokia would still be an independent manufacturer today.. but not a very profitable one. The low-risk, low-reward strategy.
Of course, since Nokia became Microsoft, more mistakes have been made. The last high-end device launch was over a year ago and the current product range is moribund. It's a shame because Windows is rather good, and Cortana is easily better than Google's offering.