Posts by JimmyPage

+1

For the Led Zeppelin reference alone.

Now I shall read the article !

Sigh ...

And this evades the PATRIOT Act how, exactly ?

Nothing to see, move along

Before I read the article, just from the headline, I *knew* I would find a line like:

It well may be that the handset in question was crackable not because of a Blackberry flaw but an incorrect implementation of PGP itself

The best encryption technology in the universe may be compromised by lack of understanding.

I notice is was "encrypted emails" that were cracked. Bear in mind, in it's native form, an "email" will have the underlying RFC-822 layout. So if you know what that looks like, and you have 200+ of the buggers all encrypted with the same key(s) you have a head start.

We're looking in the wrong direction

These powers have fuck all to do with trying to predict and intercept *future* terrorist activity, and everything to do with accessing historical data to haver dirt on any and all who oppose the Eye of Sauron.

Of course any password manager

is just a link in a chain of security.

Not that you'd think that from some of the more hysterical tinfoil-hattery being exhibited here.

If you make the assumption that *any* form or credentials caching - regardless of implementation - is susceptible to being read by 3rd parties, you take appropriate preventive measures.

In my case, even though my card details are stored in LastPass, an attacker with full access to my vault (which would require going through a 2FA challenge, so already they'd need to crack the Google authenticator mechanism) would not be able to use them, since my bank *also* demands 2FA. And all my saved payment details require the CVV number from the card. Which is *not* stored anywhere - not even on the card (use a soldering iron, the digits are embossed).

Anyone who criticises LastPass for "not being secure enough" is clearly stupid enough to think their security needs are capable of being met by a single application. And that person is - at best - "naive", and at worst, a moron. Especially if after lambasting LastPass for "not being secure enough" it turns out they have a safe inside the locked doors of their house.

Dick Tracy ..

didn't he have a smartish (2-way radio) watch ?

Maybe the patent needs to go back further ?

“We will ensure customers do not lose out as a result of this issue.”

has this weasel statement *ever* been followed up ?

After the 2010 RBS outage I recall quite a few examples being mentioned where house sales had fallen through because funds were inaccessible (one idly wonders if conveyancing contracts now factor in "if your bank goes titsup" clauses).

So how far will this statement go ?

Is there a market for an insurance policy which will make funds available to cover a serious bank outage ?

For some reason, I thought of Blackadder ...

J: Ah, I see you've underlined a few (takes dictionary, reads): `bloomers';

`bottom'; `burp'; (turns a page) `fart'; `fiddle'; `fornicate'?

G: Well...

J: Sir! I hope you're not using the first English dictionary to look up

rude words!

E: I wouldn't be too hopeful; that's what all the other ones will be

used for.

Ah joke wallpaper ...

(old enough to remember the site www.jokewallpaper.com - aliased as www.coporateexcellence.com, in case your boss was monitoring your surfing)

Not as good as the joke BSOD screensaver I used to run ...

Surprised to read this far

and no mention of Captain Pugwash with the oft-repeated urban legend of Seaman Staines and Master Bates ?

E2A: In a typical example of Sods law someone else posted about CP whilst I was typing.

Ah, happy memories ...

back in 1981, buying David Singmasters bible to solving the cube.

And then understanding it. Aged 14. Made some extra pocket money explaining it ...

Why isn't there an RFC

for password storage and handling ?

Or, to summarise in 5 words.

If they can, they will.

Deja Vu ???

Aren't there some numpty jihadists enjoying state-sponsored B&B after deciding to cook-up their own encryption on the basis that "infidel technology" was bound to be compromised. Thus proving paranoia does erode rational thought.

Maybe the *cinemas* should pay

after all, the film having a BBFC certificate is protecting *them* from prosecution,

Greatest thing about Windows 3.11

was that you could install it, zip up C:\WINDOWS and mess around installing shit, nuke C:\WINDOWS, and replace with the zip file.

Rinse and repeat.

Made our installs rock-solid. Unlike some rival vendors, who learned the hard way ....

Can I work from home ?

No.

So they're already recruiting from a shrinking pool. Because civil service working practices trump catching terrorists.

Makes you wonder how real the "war on terror" is, doesn't it ?

This needs a high court precedent set

a data breach of this magnitude should be considered a priori evidence of the failure of the company to adhere to it's own data protection policy, and therefore a breach of contract.

Can we have a Judge Dredd icon ? (And maybe, following Private Eyes example, a "Judge Dreadful" icon for numpty judgements ?)

like @Alister

I have my doubts the people arrested so far are the actual perpetrators. In fact the more 16 year olds arrested, the less likely it is. Quite aside from Finks Fifth Law, I refuse to believe 4 16 year olds could organise their homework diaries, let alone a "sophisticated cyber attack" (c).

Given how all this has played out, it's entirely possible the entire reason for the hack was to create enough media noise such that phone and email phishing attempts briefly became easier with no actual need to use the accessed data (and thus risk capture).

When news of a "ransom" was mentioned, I turned my thoughts as to how to extract money from such a situation without ever being caught. Obviously a straight transaction of bitcoin is ultimately identifiable. However, then I wondered, what if the perpetrator legitimately accumulated a stash of bitcoins over time. Undertakes hack. Ransom demand is that the victim simply buys £1,000,000 of bitcoins. I'm not economist, but the spike in demand should heft the value of my *already bought* bitcoins enough that I make a profit. Not the £1,000,000 paid out, but a substantial amount.

What I would do (hell, it may even be happening)

Rather than (moronically) sending each other emails, I suspect terrorists, criminals (and spies) who have an aversion to being caught would simply:

1) Identify a *public* channel for communication(s). Maybe a couple of binary newsgroups

2) post in one an NZB of a media file (don't worry if it doesn't work. Thanks to the media providers dark war on copying, corrupted media files aren't significant) which while not encrypted, has your encrypted message hidden inside it.

3) The actual intended recipient of the file will not be immediately apparent

4) The recipient replies the same way. If the channel is *initially* secured, it can be used to switch newsgroups/posting handles at will.

5) Notice how nothing in the UK governments land-grab of data could (a) prevent (b) identify this.

To be honest, I wouldn't even bother encrypting the source message. There's so much shite spouted online anyway, there's no way you could determine anything in isolation.

But then if I were a "terrorist" and my aim was to kill, hurt and maim as many innocent people as possible with my own survival being unnecessary, there's plenty of things I could do RIGHT NOW that could take a dozen or so souls out without really trying. The lack of such incidents leads me to wonder quite how "threatening" the "terrorist threat" is ?

One vaguely wonders

if comets have been spraying the Earth with ozone forever ? Yet (another) example of how the universe interacts.

er ... am I right in thinking

"codelessn code" is another way of saying that instead of writing the code yourself, you direct code other people have written to do your dirty work, by crafting a config for it ?

e.g. rm *.* -rf in a script ?

News ?

Main problem round here

is no-one uses the ****ing doorbell. *If* you're lucky, you might hear the mouse fart they call a knock.

When we actually got to ask our postie why he never rang the bell he didn't say "what bell" (which would have been understandable). No, he just said "I don't know if it works or not."

He's a moron. He's part of a league of morons.

Beat me to it ..

Time for a new icon ... pot and kettle perhaps ?

The logical conclusion, (of course)

is an endpoint where all taxes are equivalent. No one loses, no one wins.

Of course, as the EU so clearly demonstrates, where there is monetary union, can political union be far behind.

Of course, if there are people who don't want this, then it needs to be considered how people *oppose* political unions ---------------->