* Posts by Charlie 3

13 publicly visible posts • joined 24 Sep 2010

Hey! My friend is sending spam

Charlie 3
Thumb Up

Re: How do you warn them?

I assume the answer is that you don't email them, since their email account is locked out. I imagine it's just part of the login process, basically a forced password recovery.

Feds break up Chinese-US counterfeit Cisco ring

Charlie 3
IT Angle

Confused

It would be nice if this article actually explained what they were selling and how. Is this Cisco hardware or not?

"JDC Networking Inc altered Cisco products by using pirated software, and created labels and packaging in order to mislead consumers into believing the products it sold were genuine Cisco products"

What kind of product uses Cisco hardware running Cisco software but is somehow fraudulent? Were they simply adding cheap add-on PCBs to a real chassis?

You seem to have taken a technical story and removed all the technical from it :(

BT cheerfully admits snooping on customer LANs

Charlie 3
Alert

I disagree with almost everyone!

BT home broadband is a fully managed service. This means that I thoroughly expect them to detect and patch vulnerabilities in my BT supplied hardware. It is very clear that they have remote management capabilities to patch the firmware, so why are we attacking them for warning customers who are using dangerous BT supplied hardware using what is almost certainly a passive scan (the managed home hub is a DHCP server and a switch so it knows what's connected without any additional snooping).

What will we do with 600MHz?

Charlie 3

Rural broadband

+1 for rural broadband.

Ofcom love to complain about the quality of rural DSL. Here they have an opportunity to help.

Sega Mega Drive gets micro makeover

Charlie 3
Thumb Down

old

AtGames have been selling these for months (years?). I've seen some very poor reviews with video of slow running games and jittery audio to back them up.

Microsoft sends IE9 'do-not-track' tech to W3C

Charlie 3
Grenade

Let me be the first

I am going to stick my neck out and say that this is pointless. Personally I don't care if corporations want to build up data about browsing behaviour. I'd certainly 100% rather get served ads that actually interest me!

Wanting to prevent companies (whose products you are getting for free in most cases) from analysing your behaviour to make some money seems childish and counter-productive.

Can anyone explain *why* people object to this tracking? It's not as if the advertising networks are going to identify you personally then laugh at your browsing habits for their own amusement.

ps. I have no commercial interest here, I just want to see the web remain a success.

Linux vulnerable to Windows-style autorun exploits

Charlie 3
Linux

Not as irrelevant as it might appear

While it is very easy to dismiss this as impractical, I would disagree that it is not a serious issue to be considering. This specific exploit is obviously not at all practical in the real world, but it does raise an interesting point.

Huge numbers of exploits have been found in web browsers, allowing code to be executed when parsing a web page. Therefore it doesn't seem unlikely that vulnerabilities could be found in the various pieces of code that would be executed when a USB device is inserted.

This covers several several things, largely (but not only) on a desktop system. I don't claim to be an expert on this process, but I assume this would typically include: the USB enumeration code (think PS3 exploit), the mass storage device driver (disk size, device name, etc), partition table scanners (MBR, GPT).

Aftter this, on a desktop system, the system would also scan for known filesystems, read their labels, mount them, and scan for known types of content. Some systems may have also been accidentally or deliberately configured to open a file browser, which would include various file preview (thumbnail generation) tools.

What I am getting at is that it is not unlikely that vulnerabilities exist in one or more of these drivers and processes. Bearing in mind how many times browsers have been exploited, we shouldn't be complacent about other parts of the operating system.

Of course, I am not just talking about Linux. These things could be equally exploited in Windows, OSX.

UK.gov braces for Anonymous hacklash

Charlie 3
Stop

Policework!

"Once again, the spurious connection between an IP address and an individual.

An IP does NOT indicate a single person, nor necessarily even a single computer. Without the MAC address and a witness to tie an individual to the computer with the NIC that uses the MAC address there is no proof."

As has been pointed out before, this is not a civil case, it is a criminal investigation. The police will more than likely seize hardware to gather evidence of DoS attack tools. They also have good old fashioned policework. Seems pretty likely that a teenager caught with LOIC on the PC in their room and IP address logged is going to confess under interrogation.

These criminal cases cannot be proven based on IP addresses in logs, and I'm sure the police know that. However, I don't suppose they'll have any trouble gathering additional evidence.

Ofcom proposes UK phone numbers prefix re-org

Charlie 3

I don't see the benefit

After reading this I really don't understand what is changing, apart from making 0800 free from mobiles, and randomly renaming everything. Personally I think they should be putting more into abolishing 0845 numbers and moving people to 03xx numbers.

Call of Duty DDoS attack police arrest teen

Charlie 3
Stop

Poor information :(

I appologise for whining, but technical details seem to be very thin on the ground here, and I'm rather confused about a few points...

"Distributed denial of service attacks are currently being used against the websites of Sarah Palin, Mastercard and other perceived enemies of Wikileaks and Julian Assange"

Is this at all relevant?

The investigation by PCeU found the DDoS attack was made using a malicious program called "Phenom Booter".

If it was launched using off-the-shelf software, surely this make it a single-homed DoS attack, not a DDoS?

"Police found the malware being offered for sale on a web forum for Call of Duty players to allow them to attack other players of the game and thereby improve their own scores."

Is this illegal?

Police tracked the server to the UK and finally via its IP number to Greater Manchester.

What server?!

Government will shred ID card data

Charlie 3

Recovering deleted data

"I once saw an demonstration where data was recovered from a disk that had been wiped multiple times (re-written, wiped, re-written, etc). Fascinating stuff."

Do you have a source for this? I was under the impression that recovering usable data from a zero-written hard disk was an urban myth, and that even with the best equipment, there was only a 50% bit recovery rate (which would be useless). I'd be very interested to see evidence to the contrary though!

Microsoft steers OEMs away from putting Phone 7 on Tablets

Charlie 3
Happy

Tablets running unix will be all the rage very soon.

"Tablets running unix will be all the rage very soon. Most of them will be running unix."

I would go so far as to say that is already the case...

CIA used 'illegal, inaccurate code to target kill drones'

Charlie 3
Stop

Old story

This story is probably familiar to every small development firm in the world. A medium size company licences your product, then sells it to a bigger company, promising shiny new features at an impossible price and expects it to work. You are expected to make it work on an impossible deadline.

Lives are rarely at risk. Rarely.