Posts by Alan J. Wylie
645 publicly visible posts • joined 21 Aug 2009
Dell BIOS update borks PCs
Dell BIOS update may be a security fix
It is generally acknowledged that BIOS updates should only be applied to fix a known issue. In this case, however, for some Dell systems, the issue is the Intel AMT remote security vunlerability: CVE-2017-5689
This affects at least one laptop to my personal knowledge: Dell XPS 15 9560
Just 99.5 million nuisance calls... and KeurBOOM! A £400K megafine
Taiwan government to block Google's public DNS in favor of HiNet's
Lyrebird steals your voice to make you say things you didn't – and we hate this future
Re: Program for a puppet
Program for a puppet (Roland Perry)
<googles> - Ah - not the Roland Perry who worked on Amstrad computers, but an Australian author.
Jimbo announces Team Wikipedia: 'Global News Police'
Team Wikipedia: 'Global News Police'
WIll the front page look like GeoCities, but when you click through everything is the latest HTML5? And will there be diversionary gratuitous extreme obscenity?
IT error at Great Western Railway charging £10k for 63-mile journey ticket
Ex-IBMer sues Google for $10bn – after his web ad for 'divine honey cancer cure' was pulled
Blimey, did you know? It's World Backup Day. But... surely every day is world backup day?
Cheap USB flash sticks
As well as a couple of on-line backups of my data, for several years I've carried a LUKS encrypted 64GB USB flash stick around with me. New photos have caused the amount of data to grow, so I recently bought a 128GB drive. It encrypted OK, then formatted as ext4, and the rsync worked OK for a while, then it started throwing errors and became unusable.
I can only assume that recent cheap USB sticks concentrate the wear levelling of erase blocks in the areas used by the FAT, and having file metadata stored anywhere else, as any other filesystem format will do, will cause rapid damage.
A quick google later, I've just found this site: How to Damage a FLASH Storage Device which confirms my suspicions.
BDSM sex rocks Drupal world: Top dev banished for sci-fi hanky-panky
HOUSEPLANTS OF GOR
I can't hear mention of Gor without chuckling at the memory of Houseplants of Gor
Google slaps Symantec for sloppy certs, slow show of SNAFUs
A router with a fear of heights? Yup. It's a thing
Cheyenne Mountain Complex
The State Capitol building in Denver, Colorado, has mile high (5280 feet, 1609m) elevation markers on its steps. Most of the more populated areas, e.g. Boulder and Colorado Springs are at about 1600m, but the Air Forces Cheyenne Mountain Complex (NORAD, and where the Stargate is kept) is at about 7200 feet / 2200m. We don't want that bursting into flames!
Twitter app pwned by pro-Turkey hackers: Users' accounts sling 'Nazi' slurs
Microsoft: Can't wait for ARM to power MOST of our cloud data centers! Take that, Intel! Ha! Ha!
WordPress photo plugin opens 'a million sites' to SQLi database feasting
Lots more WordPress plugin vulnerabilities disclosed yesterday
At the Summer of Pwnage site: https://sumofpwn.nl/advisories.html
KCL external review blames whole IT team for mega-outage, leaves managers unshamed
Coming to the big screen: Sci-fi epic Dune – no wait, wait, wait, this one might be good
Chris Foss's artwork and a little known fact
The artwork is so obviously by Chris Foss, as any avid reader of Science Fiction in the 70's will recognise.
http://www.chrisfossart.com/ confirms it.
Little known fact: he also did the artwork for The Joy of Sex.
Google mistakes the entire NHS for massive cyber-attacking botnet
I'm deadly serious about megatunnels, vows Elon Musk
President Trump tweets from insecure Android, security boffins roll eyes
Sean Spicer too
He's White House Press Secretary, and has just tweeted "n9y25ah7". His password perhaps?
I've got a brand new combine harvester and I'll give you the API key
+1
I was going to post the same Wired link. I'd just like to make sure the words "Copyright Office" are mentioned here and note that they have pushed back to allow DMCA exemptions for automotive software.
My hole is a private thing – see for yourself
Re: Public Hole
Fill That Hole is an alternative pot-hole-filling site:
Mozillans call for new moz://a logo to actually work in browsers
ProtonMail launches Tor hidden service to dodge totalitarian censorship
Certificate Transparency Log entry
What's the biggest danger to the power grid? Hackers? Terrorists? Er, squirrels
Laser beam sky mirage cannon can spy on enemies and generate Star Trek-style shields
Stanford boffins find 'correlation between caffeine consumption and longevity'
Re: Still something missing for my lifestyle..
Does it have hot chili peppers on it?
You have the right to be informed: Write to UK.gov, save El Reg
Shiva Ayyadurai and Techdirt
https://www.techdirt.com/articles/20170111/11440836465/techdirts-first-amendment-fight-life.shtml
Shiva Ayyadurai is suing Techdirt for $15M over their comments on his claim that he invented e-mail.
GoDaddy revokes 9,000 SSL certificates wrongly validated by code bug
3... 2...1... and 123-Reg hit by DDoSers. Again
Re: I'm with 123reg
I can recommend http://www.gandi.net/
Memo to self. Must move my 123-reg domains over.
Amazon files patent for 'Death Star' flying warehouse
Bad news: Exim hole was going to be patched on Xmas Day. Good news: Keyword 'was'
Xmas day after all
http://seclists.org/oss-sec/2016/q4/744
As at least one major distro isn't ready yet, we'll keep our initial schedule and release the fixed versions on Dec, 25th, 10:00 UTC.
Major outage at broadband biz 186k
Europe to launch legal action against countries over diesel emissions cheating
Privacy is theft! Dave Eggers' big-screen takedown of Google and Facebook emerges
"enjoy the unreadable EULA as it flashes past"
By visiting the site, you do grant the Circle the right to interfere with the operation or use of your sites through any means or device including, but not limited to, spamming, hacking, uploading computer viruses or time bombs, or any other means.
In applicable states, your family members, including children three (3) years of age and older may be confiscated for failure to comply
Trust us, we're not breaking antitrust laws.
Users may also have their citizenship revoked for failure to comply with the aforementioned community guidelines. If it happens, we'll know.
And Oh, the Irony: <!-- GOOGLE ANALYTICS TAG -->
Google Conspiracy?
A Google search for "the circle" or "we are the circle" currently doesn't return http://wearethecircle.com/. There are "high quality psychic mediums" in the results, though. Bing is even worse, however - at least Google returns a couple of Wikipedia hits, so I assume the site is just too recent to have been noticed, or highly ranked.
Bletchley Park Trust vows to shore up insecure website
I've seen far worse
The "F" grade at SSLLabs is due to the same certificate being hosted on a web server elsewhere (this may be their backend server, they are behind Cloudflare) with SSLv2 and export grade (deliberately weakened) ciphers supported. The certificate has a SHA1 intermediate certificate in the chain, so they will need to update it anyway before the major browsers start giving warnings early in the new year[1]. Doing this will help to mitigate the problem, no need for an entire new web site. They should also be either getting the 2nd server turned off, if it is unused, or better secured if it is their backend server.
[1] https://community.qualys.com/message/35468-sha-1-deprecation-countdown
Three to appear in court over TalkTalk hack
PoisonTap fools your PC into thinking the whole internet lives in an rPi
Re: To lock a Linux system down
It only stops *new* modules being loaded. Load any required kernel modules (e.g. usb-storage) first , then lock down.
Perhaps not the right answer for a developer's system, but very useful for e.g. a system in a doctor's surgery, as was mentioned earlier, or a system in a PCI DSS scope.
To lock a Linux system down
Adding
echo 1 > /proc/sys/kernel/modules_disabled
to a local boot script will stop any more modules being loaded. Unless the driver for the USB is the same as one used by the system (unlikely) nothing will happen when it's plugged in.
Microsoft just got its Linux Foundation platinum card, becomes top level member
Adult FriendFinder users get their privates exposed... again – reports
Interesting passwords
From https://www.leakedsource.com/blog/friendfinder
short:
43: football
59: liverpool
long:
21 equal: youwillneverwalkalone
21 equal: ilovemanchesterunited
(and for the benefit of non-UK readers: You'll Never Walk Alone is the anthem of Liverpool Football Club)
What is it with footballers?
What should the Red Arrows' new aircraft be?
UK will retaliate against state-sponsored cyber attacks, Chancellor warns
SPF, DKIM and DMARC - better late than never
He pointed to the recent rollout of software to cut to zero an estimated 50,000 fraudulent emails a day from hackers purporting to be from HMRC offering tax refunds in order to obtain people's bank details.
This blog post from February details the government's move to SPF/DKIM/DMARC. I assume this is what the chancellor is referring to. Since SPF has been generally adopted since about 2009 and DKIM since at least 2012, what on earth have civil servants been doing all that time?
I've arrived on Mars. Argggh, my back!
'Biggest ever' Linux release
Wrong way round - it's big *because* it will be LTS
Torvalds says the release looks so substantial it's probably destined for Long Term Support status.
Greg K-H has already announced that he intends 4.9 to be the next long term stable. Linus commented on this in the 4th paragraph of his announcement linked to in the original article: people pushing to get their stuff ready