* Posts by Alister

4259 publicly visible posts • joined 19 May 2010

Not very Suprema: Biometric access biz bares 27 million records and plaintext admin creds

Alister

Re: Storing fingerprints in clear-text?

they can murder someone and leave fingerprints that look like yours

That is most unlikely. What is stored is a data representation of a fingerprint obtained from a biometric scanner. It is not reproducible as an actual fingerprint, as far as I know.

However, that said, if stored without encryption, it means that the data, if stolen, can be used to fool a biometric security system by simply bypassing the scanner and sending the data to the computer doing the comparison with the dataset.

Alister

Those customers affected...

...are advised to change their fingerprints immediately

Pentagon says ethics complaint against JEDI mega-cloud is a non-issue. Its Time Lords say: That is not logical

Alister

I suggest you go back and look at previous coverage of this story from El Reg, It's a deliberate ploy to catch the obsessive...

Microsoft's Cortana booted off yet another service while Google and AWS get a bit catty over licensing shakeup

Alister

Re: Johnson Control

Yes, when you think about it, both of our revered leaders now have surnames which can provoke ridicule across the Atlantic: in the UK a Trump is a forceful release of gas from the nether regions, whilst in the USA a Johnson is a complete prick.

Ah, what a time to be alive...

All roads in US cable biz GTT's Brit network seem to lead to Menwith Hill

Alister

Re: "Virgin Media has taken to skulking in public toilets as part of its effort to push fibre"

I remember back in the early eighties working for the GPO telephones (just before it became British Telecom) in the long since demolished Art-Deco Derby bus station.

One of the main distribution boxes for all the telephone cabling was strategically located on the inside back wall of the Ladies toilets, near the ceiling, which required step-ladder access to reach it.

I was tasked to terminate a new 20-pair cable into it - which was obviously not a five-minute job! - but they chose not to close the ladies loos, so instead there was a female member of staff playing chaperone, and every time someone wanted to use the toilet, I had to climb off the step ladder and wait outside...

Took me bloody days...

Web body mulls halving HTTPS cert lifetimes. That screaming in the distance is HTTPS cert sellers fearing orgs will bail for Let's Encrypt

Alister

Wherever we can, yes, obviously, but as mentioned above, for EV certs and some other types it's still a manual (and long drawn out) process.

Alister

Re: False sense of security

I'm only vulnerable to criminals with falconry skills,

and also cats... That's not criminals with cats, you understand, just cats...

Alister

perceived benefits of shorter certificate lifetimes will be offset by the added costs and headaches companies would encounter by having to renew their paid-for certificates roughly once a year

We only ever buy certificates for 1 year anyway, so it's not going to make any impact for us. We currently have 328 domains with certificates on them, with their expiry dates spread throughout the year, so slightly less than one a day has to be renewed - although they are clumped more than that.

Mysterious 'glitch' in neutron stars may be down to an itch under the body's surface

Alister

With such short arms, how did they scratch their nose?

Printer pwnage, phone poppage, and apparently US Homeland Security needs security help

Alister

Re: "make sure public access is severely restricted"

It's worse than that though: By default, AWS E3 and so on ARE locked down and don't allow public access, so any that are open to the internet have been deliberately made that way by clueless users.

Oh chute. Doubts cast on ExoMars lander's 2020 red planet jaunt after another failed test

Alister
Boffin

The excessive rotation saturated sensors, leading to premature parachute ejection and, er, splat.

Thanks for the highly detailed scientific analysis and descriptive summary... :)

Here's to beer, without which we'd never have the audacity to Google an error message at 3am

Alister
Thumb Up

Re: Milton Keynes nightlife

Damn, you beat me to it.

Rocket Lab CEO tucks into hat as company shares plans to reuse Electron first stage

Alister
Pint

The Blackbox Recorder and Useful Telemetry Upload System (BRUTUS)

I like. :)

Thunderbolts and lightning very, very frightening as loo shatters, embedding porcelain shards in wall

Alister
Thumb Up

Thumbs up for >foom< and "unplanned porcelain penetration event"

Y2K, Windows NT4 Server and Notes. It's a 1990s Who, Me? special

Alister

Re: Even to this day...

Presumably meaning the one in Nova Scotia.

or West Yorkshire?

Alister

Re: Even to this day...

Yep, I've suffered from the same ghost machine problems, only not with a VM, we had a monitoring server which was retired in favour of a newer model with upgraded software, but was just turned off and left in the rack.

We suffered a power glitch on the rack which caused the server to restart, although we didn't know it at the time, and we were getting false alert emails from we didn't know where, until we figured it out.

Alister

Re: Even to this day...

My recollection is that server hardware hadn't quite caught up with desktop hardware when it came to APM, and I remember having to manually turn off both Windows 2000 boxes and RedHat boxes after issuing the shutdown command, on various flavours of HP and Dell servers.

Alister

Re: Shutting down the wrong server

For all of our Power-Edges, we put a sticker on the front of the chassis, AND a sticker on the bezel, after having the very problem mentioned, where the bezels of two machines got swapped by accident.

LAPD loses job applicant details, Project Zero pokes holes in iOS, AWS S3 whack-a-mole continues, and more

Alister

Amazon S3

To use the phrase "left open" in regard to the Amazon S3 buckets gives the impression that by default these are insecure, and users have to do something to make them secure.

This is absolutely NOT the case, Users have to actively disable the default security to make them public. They are not "left open", they are "made open".

Another rewrite for 737 Max software as cosmic bit-flipping tests glitch out systems – report

Alister

The answer is that the other regulatory authorities thought the FAA were doing their job properly, and therefore accepted the clearance, rather than retest the aircraft themselves This will probably not be the case in the future.

Org's network connect to GitHub and Pastebin much? It's a Rocke road to cryptojacking country

Alister
Joke

Did you know that the netblock 104.238.148.0/22 which contains the IP address 104.238.151.101 mentioned, belongs to Vultr Holdings, LLC

Coincidence? I DON'T THINK SO!

:)

It's Friday lunchtime on International Beer Day. Bitter hop to it, boss'll be none the weiser

Alister

Re: Pedigree <-> Beer?

The confusion is understandable, there's probably about equal gravy content in a pint of Marston's Pedigree, and a bowl of Pedigree Chum...

Fed-up graphic design outfit dangles cash to anyone who can free infosec of hoodie pics

Alister

And not one of them is wearing the real thing:

a Hacking Jacket

Alister

Re: Funny thing

seriously... Do sticks of ram breed if you leave them in forgotten corners?

Well of course - but it's always the 64MB PC100 that breeds, never anything useful like 8GB DDR4 :)

Alister

Re: TITSUP

What are ewe on about?

Alister

Some research is indicated

An anonymous poll of all hackers to discover how many of them actually own and regularly wear a hoodie.

Omni(box)shambles? Google takes aim at worldwide web yet again

Alister

Re: www?

There's no need for a special domain because there's already a special port.

I'm sorry John but that's rubbish, it would only apply if you had a single IP address with everything serving from a single host, but even back in the day that was considered unwise.

For DNS, you can't direct to a specific IP address using just the port.

At a minimum, a domain is going to have at least two Nameserver records: so ns0.domain.com and ns1.domain.com, which should be on separate IPs, and ideally separate subnets, then probably a mail server, e.g. mail.domain.com. Back in the day you would also often have an FTP server, ftp.domain.com and then a web server www.domain.com.

It is then very clear that if you want to talk to the mail server, you connect to mail.domain.com, if you want the ftp server you connect to ftp.domain.com, and if you want the website, you connect to www.domain.com, and the root nameservers know to connect to ns0 or ns1.domain.com.

That's why the convention was adopted, and the reasons for it haven't changed, in fact they are more relevant today than ever.

As mentioned below, if you want to use a CDN or DDOS protection or a loadbalancer or any other enhancement by use of CNAME records, you need to be able to distinguish the web host from the base domain and all the other sub-domains.

Alister

Re: www?

It does amaze me how many companies (local govt was fond of this) use www.bbc.co.uk but have no IP mapped to bbc.co.uk. So you have to include the www prefix. That's just ignorant.

No. it's not ignorant, it's just following established practice.

By convention, www has always pointed to the host that serves the main website for a domain. The base domain may have any number of other subdomains which are not the main website - or maybe not even be a website at all. As a convenience, some companies may also point the base domain at the website host, but that's not really how it was meant to be set up.

The more Google and others try to obfuscate the full URL, the less people like you are able to understand how the world-wide web was planned to work.

Pi in the sky as ESA starts testing encrypted comms on International Space Station

Alister
Holmes

Re: Isn't that a bit drastic?

It is more likely to be an older version of Pi

See Icon.

Also, WHOOOOOOSH!

Hull be damned: KCOM shuts shop as UK High Court waves through £627m Macquarie deal

Alister

Is this the end of cream coloured phone boxes?

And will they move their company headquarters elsewhere?

Lancaster Uni cordons off breached systems a week after thousands of folks' data pinched

Alister

Re: And every other Uni said...

Oops...

Get ready for a literal waiting list for European IPv4 addresses. And no jumping the line

Alister

Re: Meanwhile...

Maybe their only available internet providers don't support it?

Hack a small airplane? Yes, we CAN (bus) – once we physically break into one, get at its wiring, plug in evil kit...

Alister

Unlike cars, however, Kiley says there is little in the way of protection from malicious or unauthorized activity on the CAN system for aircraft.

My understanding is that it's exactly like cars, they don't normally have any security or encryption on the CAN bus.

He's coming for your floppy: Linus Torvalds is killing off support for legacy disk drive tech

Alister

Re: There's always..

Rick-roll lol... :)

Alister

Ah, the once ubiquitous 3 1/2 floppy drive, now reduced to being used as a musical instrument...

https://www.youtube.com/watch?v=Xk_XaJ7gE4Q

NASA trumpets Orion completion as India heads to the Moon

Alister

Re: India is going to the moon with my tax.

the millennials having to pay for the baby boomers pensions

Yeah, 'cos the fucking OLD people never paid a penny towards their own pensions, bastards.

Alister

The European Space Agency contribution arrived last year, and engineers are still working to connect the two modules together.

All those damn USB plugs with tri-state orientation...

City-obliterating asteroid screamed past Earth the other night – and boffins only clocked it just 26 hours beforehand

Alister

Maybe they come in threes?

Plusnet holds off spirited charge from Vodafone in broadband complaint charts

Alister

Last year, I moved from BT Business broadband to Plusnet business FTTC. I now get double the line-speed (real world) and pay a third of the price, so for me PlusNet has been a win. I must have been lucky so far, as I have had no billing issues.

With more hints dropped online on how to exploit BlueKeep, you've patched that Windows RDP flaw, right?

Alister

Your biggest issue is allowing public access to RDP through your firewall. If you are stupid enough to do that, then patching or upgrading is probably beyond you.

Houston, we've had a legend: Boffin behind NASA Mission Control signs off for final time

Alister

Sad to hear of his death, but heartened that he made it to see the 50th anniversary of Apollo 11 - although I'm sure he would have hoped that we had managed to do so much more by now.

Equifax to world+dog: If we give you this $700m, can you pleeeeease stop suing us about that mega-hack thing?

Alister

Sadly Lee, under the GDPR they have a right to collect data for the purposes of conducting their business. We may not like it, but credit reference agencies are a necessary evil.

However Equifax should be sanctioned for failing to properly protect that data, and that was and is possible under previous data protection laws as well as GDPR.

King's College London breached GDPR by sharing list of activist students with cops

Alister

Re: ICO To the Rescue...not.

That's because they haven't taken any action yet, it's only just been reported to them.

BOFH: On a sunny day like this one, the concrete dries so much more quickly

Alister

Re: Informal poll on whether you've ever had to do something like this

A few years ago, we were asked to import some data into our current MS SQL system by a client.

No problem, we thought.

The data was sent to us on a caddy-encased CD ROM, and, it turns out, was an IBM DB2 database from the late nineties.

So we had to find and buy a caddy type CD-ROM drive. The only one we could find was SCSI connected, which needed a full-sized ATA card interface, so we had to find a workstation which would support that.

Then we had to install Windows NT4 to be able to run the version of DB2 that was needed.

The only way we could get the data off the machine was over the network, so we had to dig out an old 3COM network card which NT4 would actually recognise and talk to, and set that up. All the fun of setting IRQs and so on to get it to work.

We must have spent a good couple of weeks getting it to the point where we could actually use the data...

Let's talk about April Fools' Day jokes. Are they ever really harmless?

Alister

Re: Message Boxes

Possibly the downvotes were for restating the bleeding obvious?

Facebook outage a peep at platform's ML tagging conventions, Baidu links up with Intel and Huawei on AI chips, and more

Alister

Yes, but the outage made it visible, that's the point.

Oz watchdog claims Samsung's leak-proof phones ad campaign doesn't hold water

Alister

Maybe in Wales... Not so much the sun, sea and surf, just the unrelenting downpour...

Finally in the UK: Apollo 11 lands... in a cinema near you

Alister
Thumb Up

Re: History lessons

I can't help but think that history teaching would have been better done like physics: simple (but misleading) explanations/equations, which get superseded by more accuracy as you get deeper. A whistle-stop tour of all of history until the present day for starters would give you better background knowledge and a better feeling as to whether you might want to study it in more depth.

This, a thousand times.

Alister

Re: despite every audience member knowing how things will play out,

It's a great shame that most kids nowadays have no idea who Nigel Molesworth was, as I'm pretty sure I learnt about quite a bit of history from him... ;)

Alister

Re: despite every audience member knowing how things will play out,

To veer wildly off-topic, but kids these daystm just don't get the broad historical overview that we used to get, and are only taught very narrowly focused bits of history. My daughter's A level history curriculum was all about the French Revolution, and strangely the American Wild West.

Thus, they may not know about Pompeii, Julius Caesar, Boadicea or indeed much of any of what we would consider "everybody knows" history.