* Posts by Velv

2756 publicly visible posts • joined 21 Jan 2010

Analysts apply Occam's razor to Tesco Bank breach

Velv
Boffin

Re: Can we get rid of this myth

While I agree with you at the high level concept as an end result, the reality and legality is also different.

Banks view transactions against accounts as legitimate customer activity until proven otherwise. So in this instance Tesco Bank considered the customer had withdrawn their loan and reduced the balance on the account as appropriate. The customer had effectively lost their money without the bank going broke and being able to claim from the Financial Services Compensation Scheme. The customer then potentially failed to meet other payment obligations they had. While it might all work out in the end, it certainly isn't as simple as your analogy.

Not having a go at Tesco Bank on this one, this is how all banks in the UK work.

Google and Facebook pledge to stop their ads reaching fake news websites

Velv
Flame

Why worry about Facebook and Google being used to disseminate false information as fact, religions have been doing it for over 2,000 years, (although competing factions may be more recent)

UK Home Secretary signs off on Lauri Love's extradition to US

Velv
Boffin

If a Spaniard standing on the French side of the French-Belgian border shoots dead an Italian citizen on the Belgian side, where does the trial take place?

While I love reading the opinions of the commentards here I doubt any has the legal expertise to make any legal proclamation of fact.

UK.gov has 18,000 IT contractors on its books due to dearth of skills

Velv
Black Helicopters

And slowly "The Plan" by the big consultancies pays off. Don't for one minute think they aren't in collusion, they are actively setting up a cartel.

HMRC engaged the consultancies to investigate UK income tax. "Oh look" they thought, "there's all those independent contractors taking roles our staff could be doing, lets advise the government how to put the small guy out of business (or at least off government contracts) then we'll be free to fill the gap at twice the price"

So rather than the tax payer "receiving an extra £400m a year" they'll end up spending twice the amount on every project.

Encrypted email sign-ups instantly double in wake of Trump victory

Velv

Godwin's Law

Good to see it still holds true...

What went wrong at Tesco Bank?

Velv
Coat

Re: Why isn't this bigger news?

I think something else in the news this week may have Trump'd it

A cardboard desk? I won’t stand for it (actually I will)

Velv
Coat

£129 for all that cardboard. Missed a trick there, should have just ordered something small and cheap from HP

(For those that don't remember)

US citizens crash Canadian immigration site after Trump victory

Velv
Joke

Wasn't there a pledge about building a wall on the Southern border to keep out the criminal illegals from the South?

And getting the southerners to pay for it?

Just sayin'

Add it to the tab: ICO fines another spammer as unpaid bills mount

Velv
Childcatcher

Re: Go after the lawyers as well...

That's a very dangerous precedent to be setting.

Our legal system REQUIRES lawyers to act for those alleged to have committed a crime, and while there are lawyers who are profiteering from unscrupulous activities I'd hate to see our system go back to the days where you didn't get a lawyer if you couldn't afford one.

OK, so perhaps the activities are different, but don't forget the lawyers are simply working within the law as it's written today. Perhaps it is the law that needs changed on liquidating companies rather than chasing those who execute it.

FBI's Clinton email comedown confirms it could have killed the story in a canter

Velv
Big Brother

I love how they have to get search warrants so they can make public the fact that they have the emails...

Leaks password, check. Leaks Wi-Fi password, check. Can be spoofed, check. Ding! We have an Internet of S**t winner

Velv

Re: Just a thought...

The BitDefender article linked also has the screenshot straight off iTunes in case you had trouble verifying.

Velv

Re: Why do you need a camera in your kids bedroom?

So that Moms can still go down the pub/club with their mates without the need of granny or babysitter.

(I was going to put the joke icon, but sadly this occurs more often than it should)

MacBook headphone hell

Velv
Gimp

Excuse my ignorance, but why would you go to the effort of developing a port (Lightning) along with associated devices and accessories then not deploy said port on all your devices?

Or is the Lightning port only for "mobile" devices like phones and tablets and not really appropriate for portable devices like the Macbook?

(and I'm not trolling, I am an iPhone and iPad user, but not "Mac", hence why I don't know)

Apple urges court to hurry up with hearing Galway data centre objection

Velv
Coat

I'm guessing they're not Fruit Bats then...

PayPal patches bone-headed two factor authentication bypass

Velv
Boffin

Re: 2fa choices

Assuming the device you're accessing the site from has a USB port Yubikey is one potential alternative. A unique physical device you have, and Yubico are part of the Universal 2FA programme, so if the industry really wants to it could make things more secure quite cheaply by supporting u2FA. They do an NFC version now too.

The key doesn't authenticate you to itself so your not protected if the device is physically stolen along with your credentials, however that's probably a tiny percentage of breaches.

HMRC IT boss quit £185k job for more cash

Velv
Terminator

I wonder if he's truly an employee of the new "employer" or if he's contracted for his consultancy services through an intermediary...

Probably the self same big name Accountancy and Consulting firms who will be the only ones left to supply contract staff once they've advised the government on wiping out the little guy through IR35.

Adobe emits emergency patch for Flash hole malware is exploiting right this minute

Velv

Why do Chrome and IE11 support it internally?

Drop it now, and anyone who wants Flash can install it for themselves. Those of us who know it's unsafe don't need to worry about it existing in the background.

Vatican and musicians at odds over appropriate use of crematorium leftovers

Velv
Joke

Stand, sing, sit, stand, sing, sit ...

Good boy, have a biscuit

Judge orders FBI to reveal whether White House launched 'Tor pedo' torpedo exploits

Velv

Re: This just got "interesting"....

"Fat finger syndrome"

So I'm pretty sure everyone has mistyped at some point in their life and landed on a site they didn't expect. But I'll bet they didn't spend the next hour surfing that site, especially if it was something potentially criminal. While this remains circumstantial evidence, it is still useful when added to an already strong case.

It's nearly 2017 and JPEGs, PDFs, font files can hijack your Apple Mac, iPhone, iPad

Velv

Cupertino is...

Not keeping up with Redmond!

My iPad Mini isn't being given a fix, and while mine is nearly three they didn't stop selling the original mini until 2015, less than 18 months ago. Not very good support!!!

Chinese electronics biz recalls webcams at heart of botnet DDoS woes

Velv
Boffin

Re: Router Rules @AC

"...fixed DHCP MAC-to-IP mappings..."

DHCP is great for managing the address space automatically, but on a private network you generally have more than enough addresses in the scope to cover every device so they never need to share. Since the DHCP protocol asks to keep the same address at 50% of the lease you don't really need to worry about reservations. It's a very small risk for devices such as cameras that are almost always on.

Asda server glitch leaves customers without online shopping

Velv
Mushroom

It's worrying when headlines are made about such inconveniences as Asda not delivering due to a glitch. Yes, it's inconvenient. Maybe you had to stay home another time, or go to another shop.

This country's going to be really fucked when something serious happens.

Today the web was broken by countless hacked devices – your 60-second summary

Velv
Terminator

"the dimwit IoT manufacturers who crank out criminally insecure hardware"

Name and shame. Until someone does it there won't be the incentive for the dimwits to fix it.

Ageing GSM crypto cracked on commodity graphics rig

Velv
Boffin

"Security experts have known the A5/1 was breakable since 2009..."

Security experts have known since way before 2009 that that all bar one encryption techniques are only computationally secure (i.e. given enough time and resources they can be broken). Moore's Law ensures that what is classed as "secure enough" today will not be secure enough in the future.

Only the Vernam cipher is known to be mathematically secure.

It's finally happened: Hackers are coming for home routers en masse

Velv

Re: Who actually owns your router?

Depends on the ISP, but as a general rule in the UK:

Cable: Virgin Media own the cable modem (which now includes the router). They fix it if it breaks and they upgrade/replace it when necessary due to network upgrades.(not aware of other domestic cable providers); Virgin has a "modem mode" which makes it the NTE if you want to use your own router and disable theirs.

ADSL: the "network termination" is the Master socket and the user owns the ADSL modem and router. Most ISPs will sell you a modem/router (or give it to you for free as part of your contract) but if it breaks it's your problem to replace it. If you use the one they send it's usually configured for the correct settings and they'll usually help configure the NTE settings of the modem part of common models, but ultimately the customer owns it.

Velv
Headmaster

"unknown and unpatched"

I'd expect hackers are looking for both avenues of attack

Microsoft tries, fails to crush 'gender bias' lawsuit brought by its own women engineers

Velv
Boffin

Re: Flawed assumptions

"A peer based system is far more likely to benefit these women because any misogynists will have their opinions balanced out by normal guys who will respect merit."

Unfortunately not. Normal guys who fully respect women will rate on ability alone, not favouring women over men, hence there would be an underlying trend favouring men. It only takes one misogynist to start skewing the figures.

Spinal Tap’s bass player sues former French sewer

Velv
Paris Hilton

You've never been around the narcissistic world of entertainment have you.

Spain's iPhone killer actually a rebranded Xiaomi – new claim

Velv
Trollface

And in other news, the Apple iPhone is an American made SmartPhone.

Perhaps they've been playing slightly lose with the term "built" in Spain, and in Apples defence they're clear it's designed in America and fabricated elsewhere, but if the Spanish outfit are modifying an existing base device to add value this is quite a common across technology.

New UK National silicone database will help avoid boobs

Velv
Paris Hilton

Can't they just put NFC chips in them so they can be scanned?

Netflix reminds password re-users to run a reset

Velv
Boffin

Yes, but since NetFlix should know their own authentication algorithms they can simply pass the provided password through their authentication process and see if it comes out as a pass or fail.

The biggest danger now for NetFlix (or any other company) is that a malicious user inside NetFlix could run a batch of passwords through the authentication process to generate a list of known good passwords and sell those. So no matter how well NetFlix is hashed and salted it can now potentially be compromised on a mass scale due the the bad practises of others.

RBS debit card payments have gone utterly TITSUP

Velv
Headmaster

Re: So what happens when...

Richard 12:

I didn't say you had to maintain more than one current account.

I didn't say you had to have more than one debit card.

I didn't say you had to have a credit card.

But you do have an obligation to pay for goods and services you receive. How you achieve that resilience is your choice but you're utterly niaive if you think you can rely entitely on one piece of technology.

(Two, from different banks)

Velv
FAIL

Re: So what happens when...

Totally right. Complete and utter fail.

I'm assuming that by reading an IT website you're interested in IT.

I'm assuming you're aware of the concepts of resilience, disaster recovery and business continuity.

So not having a second method of payment makes you the fail.

SHIT BREAKS. Prepare for it and deal with it.

If you only have one card, you should probably be taking cash out the ATM to make sure you can meet your obligation to pay.

BT will HATE us for this one weird 5G trick

Velv
Boffin

Edinburgh's been rolling out LED streetlights for nearly two years.

They're still trying to resolve problems in the different beam pattern and they had initial problems with the brightness level, but overall they appear to be good.

Velv
Facepalm

Great, you've solved the deepening problem of coverage in the already well covered city centres.

Now what about the remaining 99.9% of the country. Are you seriously suggesting the phone companies are going to replace street lights in our villages never mind cover the currently unlit roads?

No, software-as-a-service won't automatically simplify operations and cut costs

Velv
Boffin

Green Grass

The grass really IS greener on the other side.

But remember that just means it needs cut, watered, fed and generally maintained much more.

Google 'screwed over' its non-millennials – now they can all fight back

Velv
Childcatcher

Re: In californicate

Either way you're screwed

Bloke gets six years in slammer after fessing up to £4.75m tax scam

Velv
Boffin

Clue's in the name of the scam - Carousel Fraud

The same goods are sold in a circle of companies inside and outside of the EU.

A sells to B

B sells to C

C sells to A

So on paper millions of pounds can be transacted with very little actual capital.

'Too big to fail' cloud giants like AWS threaten civilization as we know it

Velv
Boffin

Business Continuity

You place sufficient service in geographically distinct data centres so you can continue business in the event of something happening that seriously effects one.

Why should clouds be any different? You use two different cloud providers to provision business continuity.

UK will build new nuclear bomb subs, says Defence Secretary

Velv

Crimea and Easter Ukraine were part of the Russian Empire (18th Century) and the current borders are the result of the break up of the Soviet Union, not the borders of Ukraine prior to the formation of the USSR, so this remains a local border dispute.

It is NOT the same "invasion" as the potential for Russia to invade the UK as a distinct entity with clear boundaries as it is an island.

Velv
Mushroom

"We cannot know what new dangers we might face in the 2030s, 2040s and 2050s so we are acting now to replace them."

While it may be true that we cannot fully foresee what dangers we will face, in the grand scheme of things it is unlikely any threat will come from a group/territory/country that one can retaliate against using wholesale nuclear destruction.

And these are strictly a weapon of retaliation, we would never launch them pre-emptively?

The need for this type of defence is diminishing, the UK no longer NEEDS it as a defence. The days of countries invading other countries is largely behind us, and we have international collaboration such as the UN and NATO to deter such acts (I agree there are pockets of backwards people's who are still a tiny risk in their region). It is a political tool, a dick swinging exercise, one that increasingly highlights the swinger as an arsehole and not someone due any respect.

Domain name resolution is a Tor attack vector, but don't worry

Velv
Big Brother

If you've had the misfortune to read Peter Wright's "Spycatcher" (don't bother, it's awful) you'll know that the Russians knew which of their embassy staff in London were being followed not because they had broken the encrypted MI5 traffic but merely because of the existinace and origination of the traffic.

Apple iMessage URLs ship OS, device, and IP data to sites, dev says

Velv
Gimp

With no way to turn it off, and previews presumably using up data, I predict a class action lawsuit -"you used up all my data allowance, I want $50billion"

Oh, and there's a security risk the real people should take note of.

Apple's Breaxit scandal: Frenchman smashes up €50,000 of iThings with his big metal balls

Velv
Boffin

Re: Dijon

Standard policy for most retail environments.

Staff are there to service the customer, not to tackle violent idiots. Phone the Police, stand back and watch, take notes, be a witness.

Goods after all are just inanimate things that can be replaced. People not so much.

Dirty diesel backups will make Hinkley Point C look like a bargain

Velv

"The UK pays more for diesel at the pump than anyone else in Europe"

Which is completely irrelevant to the story as fuels used for generation aren't bought at the pump and are subject to entirely different taxation

Portsmouth bomb about to be detonated

Velv
Alert

Re: Blowing up Portsmouth?

I hope they didn't tweet about it beforehand

The wait is over: MoD releases latest issue of Ship Paint Monthly

Velv
Pirate

Re: Dazzle paint scheme

Leith Docks, Edinburgh

Dazzle

Ordinary punters will get squat from smart meters, reckons report

Velv
Boffin

Re: Can you switcj on/off via the keypad?

I don't know the answer to your question but the cynical side of me says this would be a very bad thing to allow.

Sparky turns electricity off at meter and starts working on internal wiring

Supplier notices Smart meter is off and decides to restart it remotely

Phzzzzt BANG!

Can't beat a good old fashioned BFOMS* to isolate the circuit.

* for those not familiar with the proper terms the first word is Big and the last two are Mechanical and Switch

152k cameras in 990Gbps record-breaking dual DDoS

Velv
Boffin

Name and Shame

Is there any benefit to naming the major culprits?

Would this focus the attention on getting fixes and security implemented, or would it just help the bad guys identify more targets?

Is there already a list of bad devices or bad manufacturers, and presumably a lot of this kit is rebadged?

It's Pablo Pic-arsehole: Turner Prize wannabe hits rock bottom

Velv
Boffin

That Sinking Feeling (1979) directed by Bill Forsyth. A random pile of stainless steel sinks are bought by gallery owner Richard Demarco.

Great little film