So it can maliciously fill disk space with multiples of MB. That's bad.
Now take it one step further - maliciously fill disk space with multiples of child porn. Suddenly such vulnerabilities take on a whole new danger level.
Posts by Velv
2756 publicly visible posts • joined 21 Jan 2010
Page:
Browser makers open local storage hole in HTML5
Texan contends iPod EXPLODED IN HER FACE
MasterCard tries to zap PayPal with own-brand mobe wallet
Thursday 28th February 2013 11:29 GMT 
Apple Store Receipt
The Apple Store system sounds fantastic.
Walk in, pick it up, scan it, generate a receipt, walk out the door and show the receipt to security - all from a jailbroken app that shows receipts on the screen.
Now I understand why Apple is keeping money in the bank - its to cover the losses just walking out the shop door.
Apple to cough up $100m after kids rinse parents' credit cards on apps
Tuesday 26th February 2013 15:03 GMT
Re: It's not like...........
Buy an Apple Gift card. And if you watch the Hot Deals/MoneySavingExpert pages you'll regularly find deals on iTunes gift cards.
Tesco did the 3x£10 pack for £25 at Christmas, and The Co-Operative Supermarket had the £15 card for £10 for a while, and Clintons Cards had a buy one get one free for a while. I don't think I've ever paid face value.
No mobile signal? Blame hippies and their eco-friendly walls
Drone quadracopters throw and catch inverted pendulum
Adobe punts fix for Reader, Acrobat holes battered by PC, Mac hackers
Perfect sex minx calculated from 'deep' probe of X-rated flicks
Clarkson: 'I WILL find and KILL the spammers who hacked me'
Baby-boulder bowling burglar breaks Boulder Apple Store's $100k glass door
Own a drone: Fine. But fly a drone with a cam: Year in the clink
Monday 18th February 2013 13:32 GMT 
I'd been looking at flying toys for a while, so when one came up in the HMV sale at half price I took the plunge.
I've never attempted being a peeping tom, but I'm guessing you need to stay pretty quiet. Quiet is N O T something that can be said for drones. Even with double glazing I suspect you'd notice the buzzing noise at the window (unless it was being masked by a buzzing noise in the room).
iOS 6.x hack allows personal data export, free calls
ICO: How 'sensitive' is personal data? Depends what it's used for...
Friday 15th February 2013 10:19 GMT
Re: Sensitive by default
@JustaJKOS "to ensure that it does not end up in the wrong hands"
Nope, you've missed the point.
Classifying "Sensitive" data is about WHO should have it and process it, not about how it is kept secure. Classifying data as Personally Identifiable Information (PII) is about HOW it should be stored. Sensitive is a subset of PII.
Name, Address, DOB and sexual orientation are items of PII data, but not all record holders need to process all those items, and each must justify WHY they need to hold it. El Reg profiles shouldn't need to have your sexual orientation, but it might be considered important on a dating website. BOTH need to ensure ALL the PII is held securely. To over simplify, the theory of "Sensitive" is that its the stuff you could be blackmailed or discriminated over ("we don't want Union Activists working here")
Totally agree with your last paragraph - too many people don't take PII seriously.
Billionaire baron Bill Gates still mourns Vista's stillborn WinFS
Wednesday 13th February 2013 10:18 GMT
If Mr Gates so misses WinFS, and if it really is that good , the simple answer is to release the specification and code as open source and let the rest of the world decide how useful it is.
There are benefits and drawbacks to all file systems, so in a philanthropic gesture MS could easily help the world be a more secure place.
Playmobil punts bank-heist set to wide-eyed kiddies
New Zealand court hands out second peppercorn downloading penalty
Monday 11th February 2013 09:42 GMT
Re: old movies and songs
@ loan - "bittorrent is often the only way to get old movies and songs that are not being published anymore (read with copyright expired)."
A very lame excuse indeed. Yes, you are technically correct. Yes, there are film aficionados who like old movies. But somehow I can't see the courts accepting it as the defence for 25,000. BitTorrent has legitimate uses that are much simpler to prove.
BYOD is a PITA: Employee devices cost firms £61 a month
Monday 11th February 2013 09:33 GMT
Re: Pay for my own device, and have them lock it down???
Fine for your device, one that you bought with your own money. I'm with you - I wouldn't connect something I'd bought to the company network (I trust my security more that the IT department).
But much of "byod" is in fact the company paying for the free choice of the staff member. Most byod schemes I've seen grant the employee a "budget" to pay for their choice of hardware. Where the company owns the asset, they should have the right to control it any way they like.
I take my personal device to work. I use my device for everything that isn't work related - like reading and commenting on El Reg. That way I can't be mis-represented as the company :)
Tennessee bloke quits job over satanic wage slip
2e2 cloud cash fiasco puts NHS IT and biz 'over a barrel'
Friday 8th February 2013 15:40 GMT
The only disgrace is those companies who don't have a Business Continuity Plan that has their data and services available from an alternate location in a reasonable time frame.
Shit happens. Plan for it. And while you can't plan for the unknown, you should have a plan for loss of a site.
To all those CIO's who put their eggs in one basket? Congratulations, your bonus this year is an omelette.
About to outsource your IT? Read this first
Adobe muzzles TWO zero-day wild things with emergency Flash patches
'Disturbed' Dell investors could tank private buyout
Friday 8th February 2013 13:17 GMT
Shares in my company are worth £1,000,000 each (or so I think). Funny, I can't seem to find anyone willing to buy any.
So they were hoping for $20 each - yeah, well, you'll get what the market is willing to pay. That is the value of each share. If Southeastern think the shares are undervalued they should be buying more, not moaning that they aren't being offered enough for what they've got..
Stricken 2e2 threatens data centres: Your money or your lights
Friday 8th February 2013 10:46 GMT 
Head >>> Bury >>> Sand
Keep beating the drum - Business Continuity Planning
It's more likely a data centre owner will go bankrupt than have a plane fall on the building, therefore the plans should already be in place (if not in motion) to get out of 2e2 (or any other data centre, building, POD, tent).
So you're sitting back smug because you don't use 2e2? Suggest you get out your BCP and your list of suppliers and you see what your contingency is if you lose any one of them.
Good news! UK IT jobs up. Bad news? They're with a bunch of bankers
Study: Gay marriage support linked to pr0n consumption
Wednesday 6th February 2013 09:42 GMT
Science v Religion
So occasionally a few trick cyclists gather some data and draw conclusions which may or may not be stretching the truth.
At least they don't claim to represent God and have every single one of their conclusions based on a wild leap of faith in something totally unprovable.
< religious down vote in 3,2,1,....>
Unlucky for you: UK crypto-duo 'crack' HTTPS in Lucky 13 attack
Tuesday 5th February 2013 10:00 GMT
>>Nothing is secure, it just has "levels of security"
>You definitely deserve an upvote for that statement alone. Most fail to understand or fully recognize this.
Further, Security must be implemented like an onion - in layers. You might be able to peel away one layer, but you hit another layer.
In fact, Security is an Ogre.
SHREK
No! Layers! Onions have layers. Ogres have layers! Onions have layers. You get it? We both have layers.
DONKEY
Oh, you both have layyerrss. Oh. You know, not everybody likes onions. Cake! Everybody loves cakes! Cakes have layers.
Remember folks - build security in layyerrss! And have some cake.
Daisy, Computacenter turn down purchase of stricken 2e2
Tuesday 5th February 2013 09:20 GMT 
If you have good 2e2 staff on site you should be looking at options to in-source them immediately. Don't go rushing off to the competition hoping the good staff will be TUPE'd into your new supplier, take the good staff on yourself.
Outsourcing is about accountancy manipulation to allocate costs. Having your own staff is about delivering good agile cost effective service to the business when it needs it.
Ofcom ploughs up UK spectrum fields, reseeds them with 4G
Monday 4th February 2013 10:35 GMT
Scottish Coverage
The coverage requirements for the UK will become so much simpler to achieve if Alex Salmond can find enough suckers to vote for his hair-brained independence scheme - one third of the area of the UK would no longer need service with the loss of less than 10% of the potential customer population.
Expect tariffs to go through the roof with fewer telcos and less profit per square mile.
We're not making this up: Apple trademarks the SHOP
Friday 1st February 2013 12:34 GMT
Shareholders should be calling for a vote of no confidence in the board of directors as the board is clearly being take for a ride by its lawyers.
"yes, Mr Boardmember, we'll charge you millions to patent it and trademark it and then charge you more to vigorously defend your rights no matter how much it costs you"
NHS IT bods 'walk out' in pay row with crashed UK tech giant 2e2
Thursday 31st January 2013 20:49 GMT
Re: All Back In
Which BACS issues were those?
It's the end of the month and millions of staffers are being paid in the UK, yet strangely only 2e2 staff had a problem! Hmmmmm, something smells suspicious, are you one of the Administrators Mr Anonymous Coward?
What perhaps happened was that some staff went back to work after salaries were paid by Faster Payments when FTI realised they were screwed if they didn't pay them. I know some 2e2 permies who have received nothing today.
Commentards Ahoy! How about a Petabyte of storage?
Thursday 31st January 2013 16:42 GMT
Re: I'm floored
Unless you've got some kinky fetish I willing to bet you don't all put on stilettos and stand in the same square metre of space.
It's not just the room taking 400Kg, its the four square centimetres under the feet. But I get your point, some people do overplay the reinforced floor thing.
Paris: because she knows stilettos! And group hugs.
Yay for iOS 6.1, grey Wi-Fi iPhone bug is fix- AWW, SNAP
Google fills in the blanks on North Korea map data
Tuesday 29th January 2013 09:22 GMT
Re: Reliable
The same way you validate any crowd sourced data - by comparing the submissions from multiple people.
While it is possible for a major conspiracy to taint the data, typically a large number of individual contributors will supply the same point data, and the law of averages allows you to work out how much you trust that data.
As for "spying duties" - Google Map Maker doesn't list this as one of its purposes, so your average user wouldn't think twice about using something that was going to help their community - and Community help is what Google is selling, isn't it? (rhetorical)
And besides, I doubt the Merkin Armed Forces are going to be using it - they have their own data sources which they choose to trust.
Twitter must unmask racist French twits or face $1,300-a-DAY fine
Friday 25th January 2013 13:21 GMT 
The Right to Free Speech
With RIGHTS comes RESPONSIBILITIES
Freedom of speech was introduced to prevent oppression - it is NOT a licence to say anything you want without consequence (despite what some people think).
Free speech allows you to defend your own position, it does not give you the right to attack and oppress others. There is a grey area between justifiable criticism and attack, which is why we have courts to weigh the arguments. A court in a respected country has issued a ruling that there is a case to answer - Twitter should release the requested details to the authorities so the alleged perpetrators can be given a fair trial.
If you believe in freedom of speech, then you should stand behind anything you say. If you need to hide, you probably shouldn't be saying it.
Panasonic: We'll save Earth by turning CO2 into booze
Friday 25th January 2013 12:03 GMT
Re: Hmm...
http://www.itm-power.com/energy-storage/
Electricity from unreliable renewables can be stored as hydrogen. There are now hydrogen filling stations in California, and vehicles available for lease. There are also hydrogen powered vehicles under test in the UK in non-road situations (again, see the website).
Conversion efficiency isn't massively important if you're harnessing a "free resource" such as wind, as long as the you're covering the cost of the infrastructure.
*(I have no connection to ITM Power)
Brit mastermind of Anonymous PayPal attack gets 18 months' porridge
Friday 25th January 2013 10:18 GMT
"Heck, if you don't like working, shouldn't you have the freedom to quit, even if the company doesn't want you to because you quitting might "interfere with its activity"?"
You're really not in the same league - most companies would be hard pushed to argue any individual was so critical to their operation that leaving would interfere with its activity, (there are a few, and you can insure against losing them), and employment rights are enshrined in law - that's why you have a notice period - to permit the company to put measures in place to replace you.
Ministry of Fun builds crack team to juice up bumpkin broadband
Tech firms face massive tax bill if Dutch vote to end loopholes
Thursday 24th January 2013 10:31 GMT
Re: an easy fix to this situation
Which is exactly what happens at present.
Profits are taxed, however if the business in a country doesn't make any profits then it won't pay any tax. Costs of sales is the problem. For example, Dell may sell a laptop in the UK for £400, but it might need to buy the laptop from Ireland for £399.99 (a grossly inflated price, but that's what it charges internally), so in the UK it only makes 1p profit.
So really there is no easy fix - multinationals will always need to sell things internally and there is nothing anyone can do to change that. (not saying its fair, just pointing out the facts)
UK 4G auction kicks off in total silence
Wednesday 23rd January 2013 14:20 GMT 
Excuse my ignorance but why not...
Nationalise all the airwaves.
Set up a "National Grid" to operate the core infrastructure
The Grid can sell wholesale chunks to Service Providers
This is the ways is once worked - you didn't have a contract with Cellnet or Vodafone, but with an SP. Perhaps you have two or three grid owners so the SPs can force competition in their market as well.
Ultimately all the SPs bidding for spectrum only puts up costs, which will be passed on to consumers, so how can that be in the best interests of the people. "But its raising £3Bn for the country" - hmm, since the public are paying it, that would be TAX then.
Belgian watchdog barks at Apple: Take care when you flog that warranty
Tuesday 15th January 2013 18:03 GMT 
So perhaps EU law needs to be enhanced such that an advert or offer of any kind of additional warranty or support includes a table of what's already included. You see plenty of these when it suits companies to promote the Pro version or similar.
I'm not really suggesting this is a good idea, but perhaps some Apple marketing bod might have lunch with an Apple legal bod and suggest they can head off these lawsuits and market enhanced support at the same time. Yeah, like that's ever going to happen at Apple. "We don't mix with the underlings"
Forget 3D: 13,000 UK homes still watch TV in black and white
Friday 11th January 2013 10:08 GMT
Stop selling different types of Licence
You have a TV. You need a licence. Full stop. You "only have a B&W TV" - tough - you're receiving the same content, so you should pay the same as everyone else. If you choose to watch in B&W that is up to you.
Back in the days when TVs were expensive, and colour doubly so, it was a valid excuse to have a B&W TV. Nowadays there is no difference - you either have a TV, or you don't. I seriously doubt many of the 13,000 remain on a B&W TV because they can't afford to replace it - I'd be fairly confident they have chosen not to replace it (or are cheating).
5,000 UK pubs get free Wi-Fi... and they're not even all in London
Thursday 10th January 2013 13:23 GMT 
Family Friendly
I've always loved the law in this country and how its applied (sarcasm).
While technically there may be under 18s in the pub, the reality is that the vast majority of patrons will be over 18, so why do they publicise it as "family friendly" (I have no problem with them filtering, just how they express it).
It's like the cigarette machines in the pubs that have signs that say "You must be over 16 to use this machine".
(rant over)
Biting the hand that feeds IT
