How Ironic that in the UK, the government is doing its damdest to move emergency services off their own dedicated network, and on to public cellular infrastructure. Not a recipe for disaster in any way, no...
Posts by Alister
4260 publicly visible posts • joined 19 May 2010
Page:
US cops, firefighters to get new emergency wireless network – AT&T to get $6.5bn
Ford to build own data centre to store connected car data
New plastic banknote plans now upsetting environmental campaigners
Hertfordshire primary school girls prepare for World Robotics Champs
One in five mobile phones shipped abroad are phoney – report
Re: risk of lethal electrocution
In British English, electrocution is defined as injury or death caused by electric shock, so to a British English speaker, fatal electrocution or lethal electrocution is permissible.
I believe US English defines it as only death caused by electric shock - in which case your pedantry is correct.
'Trash-80' escapes the dustbin of history with new TRS-80 emulator
Nuns left in limbo after phone line transfer hell
Miss Misery on hacking Mr Robot and the Missing Sense of Fun
Why do GUIs jump around like a demented terrier while starting up? Am I on my own?
NASA to fire 1Gbps laser 'Wi-Fi' ... into spaaaaace
Coppers 'persistently' breach data protection laws with police tech
eBay dumps users into insecure authentication mechanism
This AI stuff is all talk! Bots invent their own language to natter away behind humans' backs
Microsoft cloud TITSUP: Skype, Outlook, Xbox, OneDrive, Hotmail down
Norfolk County Council sent filing cabinet filled with kids' info to a second-hand shop
US military's latest toy set: Record-breaking laser death star, er, truck
Are you undermining your web security by checking on it with the wrong tools?
Re: So, uhm...
If you (or your team) have done this, I'd be really interested to know how you manage this process etc :)
We were put in the position that the client wanted a secure environment with WAF / IPS but was too cheap to pay for it.
So we built a lash up of nginx, naxsi, and fail2ban, with munin to provide some reporting and pretty graphs, as a proxy to our apache servers. HTTPS was decrypted, read, and re-encrypted using the proper certs and ciphers.
It worked surprisingly well, although I wouldn't say it was as effective or as maintainable as a commercial appliance product would have been.
Re: So, uhm...
The main problem? Simple: you have to know what the heck you're doing. You need a basic underlying understanding of the encryption process, how to monitor network connections (I've come across too many people who had no clue how to use tcpdump or netcat for example) and interpret the results.
And that seems a bit too much for more "modern" companies, time is also money after all, so they'd rather rely on out-of-the-box ready to use gizmo's like these. Without stopping to think about possible consequences.
I think you have to bear in mind that to achieve PCI-DSS compliance, it is often much easier to use a recognised appliance rather than roll your own monitoring at the server level, most QAs I've come across like to have pretty graphs every month, rather than have to wade through log analysis reports.
I remember being met by a stunned silence when one QA asked how we had implemented IDP for HTTPS traffic, and we told him how we did it with a roll-your-own setup on an Nginx box.
Looking at some of the big names shown in the report, it really is a sorry state of affairs.
Of the 12 appliances tested, only one, from Bluecoat achieves an A rating, and the majority of the others are C or F. The Microsoft one deserves an F--- if such were possible, as it only offers SSLv2 connections, but you expect better from Barracuda, Checkpoint et al.
I shouldn't be surprised though, as we recently had to remove ECDHE ciphers from some of our servers on an e-commerce site, as the WAF didn't support them, thus weakening the whole environment's security.
BT's Openreach to hire 1,500 engineers
More Brits' IDs stolen than ever before
US regulator looks at Internet of Things regulation, looks away
Re: @ Alister
@ Codejunky,
Solving a problem when there is a problem is better than stopping progress.
There already is a problem with IoT, it just seems not to have reached the threshold where "OMG we'd better do something!", by which time it will be too late.
Trying to retroactively impose regulation when manufacturers are already doing their own thing is not going to work, the framework to regulate the industry needs to be in place early on.
The US Federal Trade Commission is holding off regulating the Internet of Things industry until there is an event which “harms consumers right now”, according to its acting head.
Because it's always better to run round like headless chickens after the event, instead of planning how to deal with it before it happens...
Brit ISP TalkTalk blocks control tool TeamViewer
The future of Not Reality is a strap-on that talks to my smarting ring
Trump, Brexit, and Cambridge Analytica – not quite the dystopia you're looking for
Iconic Land Rover Defender may make a comeback by 2019
Re: Why did people like the defender?
Well, it certainly wasn't the reliability. They break down all the time.
This is just not true, earlier Defenders (and Series Land Rovers ) will go for years without breaking down. The problem is with the more recent electronic bits, but the general mechanicals will go for ever with a bit of maintenance occasionally.
Mars orbiter FLOORS IT to avoid hitting MOON
Re: strictly speaking
Hmmm, maybe eccentric is the wrong word, if you take it to mean how circular it is.
My understanding however, is that however circular their orbit, the moons' track across the planet (is it called the orbit footprint) can change in quite a random fashion, dependant on their interaction with each other?
Re: strictly speaking
Perhaps time to do some mapping of Mars' moons to refine the models a bit more?
If I remember correctly, the orbits of Phobos and Deimos are quite eccentric, and the tidal forces between the two moons and Mars mean that predicting the exact orbital path for the moons over time is non-trivial.
Watt the f... Dim smart meters caught simply making up readings
Not just in the US
Smart meter billing problems have also been documented in the US.
And in the UK:
http://www.bbc.co.uk/news/uk-39169313
From the BBC story...
A spokesperson for the department for business, energy and industrial strategy, said: "Smart meters are a vital upgrade to Britain's energy system."
"The technology will bring an end to estimated billing, and give consumers real-time information about their energy use to enable them to make more efficient energy choices."
Hahahahahahahahahahahahaha!
RAF pilot awaits sentence for digicam-induced airliner dive
Voyager ZZ333 was returned to RAF service after exhaustive tests, including X-rays of the captain’s stick assembly and assessments of cosmic radiation measurements
With apologies to PTerry, but I saw that and thought of:
"Special offer this aeon is various measurements of paracosmic significance built into the very fabric at no extra cost"
If we must have an IoT bog roll holder, can we at least make it secure?
US military drone goes AWOL, ends up crashing into tree 623 miles away
Palmtop nostalgia is tinny music to my elephantine ears
BONG! Lasers crack Big Ben frequency riddle BONG! No idea what to do with this info BONG!
Blighty floods with techies' tears as Capita boss Parker quits
We found a hidden backdoor in Chinese Internet of Things devices – researchers
Dark net webmail provider Sigaint still in the, er, dark
Amazon's AWS S3 cloud storage evaporates: Top websites, Docker stung
Re: @Lusty
@Lusty,
You put:
The lack of any legitimate data would flag it up as a security risk. Using Telnet without encryption to connect to a TLS service is a dead givaway that it's not legit since Telnet doesn't set up the TLS before the connection.
And just how do you imagine a TLS session starts? If you are using telnet to prove or disprove connectivity exists to a host, then the initial connection attempt is all you need, and that is the same for any tcp connection, whether it be a TLS negotiation or any other protocol.
I agree with you about ping, most secured environments block ICMP traffic nowadays, however, it and traceroute are still useful for investigating latency and routing so long as you temporarily enable it on the endpoint.
Two million recordings of families imperiled by cloud-connected toys' crappy MongoDB
People learn far more from their mistakes than successes. Sure fire the IT dept, but can bet your boots those guys/girls won't make the same mistake twice.
Except in this case, they obviously have, not once, but multiple times. Their databases have been deleted on several occasions, and replaced with warning messages, and they have had to restore the databases each time, and yet apparently, at no stage did they wonder why this was happening, or investigate ways to stop it.
NSA snoops told: Get your checkbooks and pens ready for a cyber-weapon shopping spree
Too Late?
Part of that is, no doubt, down to increased levels of security vetting involved. After all, they don't want another Snowden in the ranks.
Much too late:
https://www.theregister.co.uk/2017/02/08/us_grand_jury_indicts_harold_martin_nsa/
"Zachary Myers, an assistant US attorney with the District of Maryland, told a court last year Martin had 50TB of potentially secret and top-secret data at his home."
Also a Booz Allen Hamilton contractor, strangely...
BOFH: Elf of Safety? Orc of Admin. Pleased to meet you
I was authorized to trash my employer's network, sysadmin tells court
Missing the point
An awful lot of commentards seem to be missing the point of this story.
Thomas has never disputed that what he did was wrong, and would be grounds for a civil lawsuit from his ex employer, however, he was very specifically charged with a criminal act under the following:
"intentionally causing damage without authorization , to a protected computer."
His argument is that he should not have been charged under that statute, as he was authorised to access the computer(s) in question.
As a shaky analogy, If I cause a road accident by throwing a concrete block off a bridge, and then got charged for "driving without due care and attention" I would be within my rights to appeal, as I wasn't driving at the time.