* Posts by Robert Helpmann??

2583 publicly visible posts • joined 31 May 2011

Bongfire of Inanity: Jakarta rozzers enforce mass chill-out

Robert Helpmann??
Holmes

Reportedly

but now, thanks to a pill-forming machine, availabe to you via your local supplier.

Nah, they added fruit and made smoothies. Seriously, what the hell did they do with it after? Dump it out back of the police station so that it could get into the local water table? Judging from the way they disposed of the pot, I would bet the locals have more to worry about than getting a headache.

Icon, because it should have been disposed of properly.

I helped Amazon.com find an XSS hole and all I got was this lousy t-shirt

Robert Helpmann??
Childcatcher

A Simple How-To

I can't help thinking Amazon has plenty of resources to find these bugs themselves if they really wanted, or even debug their code sufficiently so they're not there in the first place.

You are implying that they ought to have a team that actually tests for security holes as part of the development team. Adding security to development? What is wrong with you?! Next, you will say they ought to do user acceptance testing.

Samsung forgets fingerprints, focuses its eye on YOURS

Robert Helpmann??
Joke

Re: I see...

Oh... and you'll need to be be extra careful of your eyes.

Ah, I need to get some work done check my email while I'm at home, watching my favorite program with the family. It's a bit dark... and the system can't read my eyeball without a bit more light. No problem! It will work with the camera on the reverse using the flash. Just hold it up and... ARRGH! F***! My eye! That's too damn bright!

Just saying, because the devil is in the details. Still, it might be a fun prank app to write, though...

PATRIOT Act axed, NSA spying halted ... wake up, Neo, it's just a dream in the US House of Reps

Robert Helpmann??
Childcatcher

Fourth Amendment

...the law proposed, ...is unnecessary, as there already is a Fourth Amendment which needs no laws to defend it...

Repealing the current law gets the job done more rapidly and is a much surer way of doing so. The process involved in challenging a law's constitutionality can be much more drawn out than the legislative process and sometimes ends with bad laws being upheld because they are in fact constitutional even if they stink.

Half of Android devices open to silent hijack

Robert Helpmann??
Childcatcher

Upgrade Now!

Users should upgrade to at least Android 4.4 to avoid being exposed.

In practical terms, this translates to buy a new phone for at least most people in the US who own a vulnerable device. How cynical mobile providers are not to bother patching customer's phones! I have been wondering when there is going to be a flurry of class action suits filed to get them to send out updates on a reasonable timetable. Or just because it's the US, you know...

El Reg reforms the Quid-A-Day Nosh Posse

Robert Helpmann??
Childcatcher

Re: Day in Day Out

From the Live Below the Line web site: "Join us from 27 April - 1 May by living on £1 a day for 5 days to deepen understanding and raise vital funds for the 1.2 billion people who live below the extreme poverty line." My emphasis. The idea is to raise awareness of the issue and increase empathy for those who have no choice but to live off of such a restricted budget. Yes, there will be people who are more in it for some self-serving reason, but so what? They may accidentally do some good and they certainly are not getting in the way of the main goals of the project.

Make up your mind: Microsoft puts a bullet in Internet Explorer after all

Robert Helpmann??
Childcatcher

Re: This is a good idea

Looks to me as though MS is trying to please all of the people all of the time, which never works out in the end. Making everything backward compatible has led to more and more security flaws being introduced and never plugged. Better, at least from a security perspective, to wipe the slate clean and try to pull the developers into line rather than keeping something around that allows them to avoid overhauling their non-compliant, hole-riddled app so that it at least pays lip service to the idea that security might have some relevance to what they do.

Boffins twist light to carry 2.05 bits in one photon

Robert Helpmann??
Childcatcher

Re: Bah!

Yes, can someone tell me the point of this ... we already can get information to travel at bagigahertz down a fibre using light ... I could hide 6 bits in 60 trillion bits over fibre and you'd have a hard time finding them

There are several different aspects to this. First, being able to increase bandwidth over existing infrastructure is worth a good deal. Just because we currently have achieved "lots" does not mean that it is not desirable to achieve "lots more." Quite the contrary, in fact.

Second, you are confounding two different security measures: steganography and encryption. Yes, you can hide a needle in a haystack, but then you have to send the entire haystack along in order to move the needle. While steganography is useful, it generally should be used in conjunction with encryption and not by itself. There are plenty of mass surveillance tools in use these days that are likely to catch all the "needles" no matter how many stacks accompany them.

Finally, the way data is encoded here in part uses the polarization of photons which makes intercept detection a built in feature - desirable for obvious reasons.

There have been a number of articles concerning this here on El Reg. Here too is a primer on the subject:

http://resources.infosecinstitute.com/quantum-cryptography/

Robert Helpmann??
Childcatcher

In other words, I didn't understand any of it..but isn't that the point of anything quantum?

Techs of the future will not say, "It's technical." Instead, they will say, "It's quantum." It will still be bad if they say, "That's interesting," though.

Premera healthcare: US govt security audit gave hacked biz thumbs up

Robert Helpmann??
Childcatcher

Re: auditing == waste of time

Having been through several "audits" I can categorically state that they are a complete and total waste of time.

I think this is more a case of YMMV1. I have had both experience with fairly softball checks that don't do much to ensure network or system security as well as some where all tools were allowed including social engineering, penetration testing, and attempts to bypass physical controls. The latter wasn't pleasant to go through, but mostly because our leadership had steadfastly put convenience well ahead of best security practices. I am not really disagreeing with your final point concerning the need to put someone clueful in charge of audits, just the possibility that it happens.

1. For purposes of mileage in this analogy, you may consider OPM the auditing version of a fully loaded vintage Cadillac SUV.

Hilton member accounts info, trip dates open to plunder

Robert Helpmann??
Childcatcher

Re: Deja vu?

The original attack took place and was referenced in the article. Hilton sent out notification to their customers* that they should change their passwords. This is a kick-em-while-they're-down attack.

*Some but not all of their customers got this notification. I didn't get anything even though I have an HHonors account. Nor have they ever sent out any sort of notice to me that they had been hacked. So it seems it was only for a subset of their members, which is a telling indication of their current security practices.

IS 'hackers' urge US-based jihadis: 'Wipe yourselves out trying to kill 0.00005 of US forces'

Robert Helpmann??
Childcatcher

Just not funny any more...

... This would seem like a typical result in any future cases; hence our headline.

It ruins a joke if you have to explain it. Likewise here.

Scientists splice mammoth genes into unsuspecting elephant

Robert Helpmann??
Boffin

What will they eat in the Arctic?

That's actually been a bit of a mystery until fairly recently. The short answer is a whole bunch of stuff that doesn't grow there today. The arctic had a different balance of plants when wooly mammoths were alive. They ate mostly plants called forbs or phorbs to which things like milkweed, sunflowers, and lots of small flowering plants belong. In other environments, they and the other species of mammoth that have been dug up ate sedges and similar in much the same way modern elephants do.

To the point of combating climate change: I suppose if we rework the entire arctic to allow mammoths and other large herbivores from the Pleistocene to eat, we might also change the climate. Mammoths will certainly not do much on their own. They will be doing good to eat at all in cooler climes.

Sources:CBCNews and the San Jose Mammoth page.

Review: McAfee Endpoint Protection for SMB

Robert Helpmann??
Childcatcher

Re: Fellow commentards - help needed pls...

It's not just firewall and AV, though. There is also spyware and PUPs and other nasties to worry about, unless you are lumping everything into one category. McAfee does not and many other AV vendors don't either. This sets up a situation where customers believe they have a reasonable amount of protection but do not. I have a bigger issue with this than AV products.

McAfee has a broad range of products. They target these to different markets in different combinations. This product is not an enterprise version, but is most likely based on the same tech that their ePO suite of products supports. I am curious as to whether it would do things like prevent an admin from accessing a browser or e-mail client, and if it would prevent users from running software from the temp directory. These actions have signatures in HIPS another of McAfee's products I would bet shares some code with Endpoint Protection for SMB.

PoSeidon, brother of Zeus, forks up point of sale terminals

Robert Helpmann??
Childcatcher

Re: Time to go back to cash

You can't hack cash.

Yeah, because when there is a special word for something (counterfeiting), that means it never happens. Better let Victor Lustig, et al, know, too.

Everything is insecure and will be forever says Cisco CTO

Robert Helpmann??
Childcatcher

Re: So....

All enterprise are eagerly looking for ways to outsource security, look for ways to manage security on their behalf.

The sales force is strong in this one! While I agree with some of his points, this one is way off. Yes, there are probably some companies out there trying to cut costs in this manner. They are run by the same guys that will bail with a hefty bonus when this particular bird comes home to roost. My counter-suggestion is to outsource management first.

Australian online voting system may have FREAK bug

Robert Helpmann??
Childcatcher

Re: Corporate firewalls?

...many corporate networks have firewalls which perform man in the middle "attacks"...

I would think this is also true of government networks, in general. Same opportunity for abuse with added incentive.

Firefox, Chrome, IE, Safari EXPLOITED to OWN Mac, PCs at Pwn2Own 2015

Robert Helpmann??
Childcatcher

Re: Dare I say it...

That and the fact Apple stopped putting out Safari for Windows some time ago. I don't get the bit about browser manufacturers and customers being less pleased. As a user, I am pleased that browsers are being evaluated and improved rather than the obvious alternatives. I can't speak for the folks who write the browsers, but I would hope they manage to bounce back from the trauma. I can't imagine anyone thought the browsers were bulletproof.

3,500 servers go down – so my FIRST AID training kicks in

Robert Helpmann??
Childcatcher

Re: Crisis? What crisis?

Of course, the first few calls are to wake management up...

Yeah, I noticed that was left out, too. Along with the bit of the previous shift manager saying jack before heading for the hills, that got my attention. If a 24/7 shop is going to function reasonably well, there needs to be open lines of communication between shifts. In places I have worked where that was not the case, we functioned poorly as a whole. In places where we had good turnover procedures, things have run much more smoothly.

Also, management should, whenever possible, work the same hours as the rest of staff. It is very hard to know what is going on with your staff in many cases if you aren't there with them at least some of the time. Doing this also helps to prevent them from being relegated to the status of second or third class employee.

NYPD cop in court for allegedly hacking into the FBI

Robert Helpmann??
Trollface

Re: My, my ...

Perhaps something like, "Hang 'em first, try 'em later," (Judge Roy Bean). but that's so 19th century.

BOFH: Mmm, gotta love me some fresh BYOD dog roll

Robert Helpmann??
Childcatcher

Re: Dog Roll

...there is no difference to the contents.

Sometimes you have to eat your own dog food pâté.

LOHAN chap serves up 'tenner a week' e-cookbook

Robert Helpmann??
Childcatcher

Sloppy Cooking

I am getting the cheapest e-book reader I can find that has buttons rather than a touch screen and a mount to hold it to a counter. One bit of plastic wrap for protection and I'm done. I started buying most of my cookbooks as e-books a while back and printing what I needed to, but I think this will work better in the long run.

PIRATES and THIEVES to get Windows 10 as BOOTY

Robert Helpmann??
Childcatcher

Re: Windows for free?

I'd like to know if I will be able to get a copy of Win10 to run as a VM. It would probably be worth pirating an earlier version to get it then. It's always good to keep one's options open (or at least properly licensed).

Windows 10 will finally drop in 'summer' says Microsoft

Robert Helpmann??
Flame

Hello? Who are you?

From the linked MS twaddle: I’d like to introduce you to Windows Hello – biometric authentication which can provide instant access to your Windows 10 devices. With Windows Hello, you’ll be able to just show your face, or touch your finger, to new devices running Windows 10 and be immediately recognized. And not only is Windows Hello more convenient than typing a password—it’s more secure!

Your face and other biometric measurements should replace your UID, not your password. Your face should intuitively be recognized as a representation of who you are, which should not be enough to gain access to any system. It is not more secure than a password, but it is tons more convenient... right up until that time you get punched in the face and have your fingers stomped on for putting out such a load of BS. I didn't see anywhere that there was a backup method for authentication. It looks as though once you are out, you are out, at least until you can regrow the missing parts just like the originals.

Google adds evil-code scanning to Play Store

Robert Helpmann??
Joke

Re: Huh?

...installing from cheap or Free Chinese app stores... can be risky...

Yeah, but how else can you get the Chinese version of Plants vs Zombies?

Microsoft shows off South Korean PC-on-a-stick

Robert Helpmann??
Childcatcher

Re: lucomsamerica.com

I ask myself why the heck they don't get a native speaker to rewrite at least their headline paragraphs.

Just pretend as though you in another country from which you are separated by a common language and you should be fine... It really is worse than that, though.

Are you clever enough, and brave enough, to give a Register lecture

Robert Helpmann??
Childcatcher

Re: I was with you until..

"Fascinating"? "Good at Story Telling"? "Brave"? "Something Important to Say"?

Yeah, I don't think I would be up for that. I am pretty sure I fall short on at least *most* of those. Thanks for asking, though.

Battle for control of Earth's unconnected souls moves to SPAAAACE

Robert Helpmann??
Childcatcher

Re: Did I miss....

Mobile internet access would also open up opportunities for remote medical services which could make a very direct impact on the physical lives of the people receiving care. After health and hunger issues are addressed, they can switch from being people to being products, so win-win, right?

Pub O'clock probe finds thousands of repeated 512-bit RSA keys

Robert Helpmann??
Childcatcher

Re: time for software liabilty...

Unfortunately only 0.01% of FOSS people seem to give a damn about improving that end of things.

That's a bit like solving world hunger and then telling no-one. A shame, really.

LOHAN unleashes 'waiting for the FAA' collector mug

Robert Helpmann??
Childcatcher

Re: Just launch it

Get it reclassified as a gun and have someone local pull the trigger. That ought to work. Good luck!

Telly chef Jamie Oliver in embarrassing infection double shocker

Robert Helpmann??
Unhappy

Cockles in Vinegar

I'd rather have the day-old sushi. At least with that, I can pick it apart and just eat the rice (which is what sushi actually is).

Browsing on my home machine is done with a disposable VM. We are going that way at work. I don't use my phone's browser if I can at all help it, for obvious reasons, but it would be nice if there were similar options for mobile.

This ISN'T Net Neutrality. This is Net Google. This is Net Netflix – the FCC's new masters

Robert Helpmann??
Childcatcher

Re: First part was better.

Anyways, assuming Google, Netflix, etc. are the new masters, who are the new slaves?

Now, now, you know slavery isn't allowed. Consumers are not slaves, they are products! .. oh, wait... Meet the new slaves: same as the old. Semper idem.

Forget viruses: Evil USB drive 'fries laptops with a power surge'

Robert Helpmann??
Childcatcher

Like Unicorns and Fairies

I have heard over and over not to put untrusted USB drives in my computer and have heard all sorts of anecdotal examples of "this guy did it and it led to ruination and woe." I have yet to come across a USB stick left next to my car in the parking lot or been given one at a trade show. Stuxnet aside, does this ever actually happen? I deal with malware and a variety of attacks often enough, but never this sort of thing. Are such attacks more prevalent elsewhere or is this simply a threat that gets more attention because it sounds cool to do?

US bares its net neutrality enforcement regime to world+dog

Robert Helpmann??
Childcatcher

LCD* Screening

I previously said that no matter who won this battle, the side that did would do their best to FUBAR the situation; it is just a matter of how not if. Now I just have to get my popcorn and watch Netflix. If it starts buffering, I will know things have gone as I predicted. If not, well, I will be watching Netflix.

* Lowest Common Denominator

Clinton defence of personal email server fails to placate critics

Robert Helpmann??
Childcatcher

Re: I did not have server relationships with that webmail

Hillary Clinton's admission ...has failed to placate critics, some of whom are trying to use the affair to derail her expected challenge for the White House next year.

I see what you did there. She has actually stayed within the letter of the law on this and has admitted that even if it was legal, it was not a well-thought out plan. Not good, but better then most pols. The biggest legal issue in this is the preservation of the official record, so she is stuck in trying to prove a negative. This will probably not go away until after the next election cycle or if it comes out that most of her opponents have seriously misused e-mail as well.

Cyber-whizs partake in mass eye-roll event over latest leaks: CIA spies 'spying on iPhones'

Robert Helpmann??
Childcatcher

Re: LAN parr-tayyyy!

The pic was taken, if I recall correctly, at an exercise meant to work on how to implement and defend against a cyber attack. I think it was for one of the annual Cyber Defense Exercises which is hosted by the NSA. Why use a picture of an Army group at an NSA exercise in an article about the CIA's work?

Stuxnet Redux: Microsoft patches Windows vuln left open for FIVE YEARS

Robert Helpmann??
Childcatcher

The Gorilla in the Room

The bugs are present in every version of Windows from Vista and Windows Server 2003 all the way up to the latest Windows 8.1 and Windows Server 2012 R2.

That's every supported version of Windows. If it affects Server 2003 it affects Windows XP, which is omitted despite being installed and online more than any other desktop OS except Windows 7. No, no problem there. I understand that MS dropped support, but all these lingering XP boxes are gold for bot net operators.

Source: NetMarketShare

Apple slips out security patches while world goes gaga over watches

Robert Helpmann??
Joke

Re: Favorite Apple bug

Technically a larval insect and not a bug...

Which just goes to show that Apple produces an immature platform whereas others can support full grown moths.

Web protection: A flu mask for the internet

Robert Helpmann??
Childcatcher

Re: Dummed down readership?

I'm guessing they were just some leftover notes...

You mean from the author's previous article? Yeah, pretty much.

CIA re-orgs to build cyber-snooping into all investigations

Robert Helpmann??
Childcatcher

Only Two?

If the CIA succeeds in establishing its new digitally-skilled teams, the USA will have two agencies one more agency conducting extensive cyber-ops.

FTFY.

Elon Musk insists Gigafactory's ALL GO as China charging fears hit Tesla shares

Robert Helpmann??
Childcatcher

Model X

Model X delays are not going to help Tesla in the long run. They had a spat of goodwill running with them once the model S turned out to be a decent car...

Yeah, plus I really, really want one... and will probably continue to want after they are available given the expected price. If they can get this one out the door, though, they will almost certainly have good sales given America's love of bigger vehicles.

US air traffic control 'vulnerable to hackers' says watchdog

Robert Helpmann??
Childcatcher

Open Up and Say Argh!

These include weaknesses in controls intended to prevent, limit, and detect unauthorised access to computer resources, such as controls for protecting system boundaries...

So the firewall is up and running, but is set to allow any-any? As, uh, surprising as it might be, some agencies are stuck on following the letter of the law while completely missing the intent. It doesn't help when the people writing the rules couldn't find a clue with a map. It would not surprise me to find a bit of both going on in this case.

We have no self-control: America's most powerful men explain why they're scared of email

Robert Helpmann??
Childcatcher

Re: Luddites?

If email does not help a person do what they want to do, don't do it.

More than missing the point given that what they do involves being accountable to their constituents which in turn means they have to use a variety means to keep them informed. I suspect that this is more a case of them not personally handling it, but instead having staff handle their official correspondence for them. If I wanted to be cynical, I would say their non-use of e-mail is a simple effort to avoid going on record without intending to. OK, I get being busy enough that they feel they don't have the time to learn all the ins and outs of (for them) new tech, especially as they almost certainly have heard stories of the e-mail that sunk someone's career, but it bothers me very much that people who have so much power are so out of touch with the day-to-day realities of the people they represent.

Microsoft: You'll get the next Windows 10 build when we're GOOD AND READY

Robert Helpmann??
Childcatcher

A Little Bird Told Me

I was interested to see how the other guys did it as I used to be involved in software development and deployment, though entirely in-house stuff. Still, it took some time to get past the name of the group that handles daily builds. I had an image I just could not shake of a bunch of coal-blackened miners huddled around a dead bird.

White-listed phish slip through Google Apps

Robert Helpmann??
Childcatcher

Re: "...and handed the duo US$500 by way of thanks."

Mephisto, you raise a very good point: How much is a security flaw worth? Should the award be based on the severity of the flaw, how much it would be worth on the black market, the amount of time that went into discovering and documenting it, what the company can afford to pay, or something else? Too, Google's behavior raises more general questions such as to how long to wait before disclosing flaws to the public is acceptable.

Perhaps someone ought to set up an organization to independently rate and track security vulnerabilities. What could make it better? Perhaps, if MITRE were funded by industry rather than government, paid for the discovery of flaws for all members, and had consistent standards for payment, reporting, et cetera... Nah, that would be too much like right.

Boffins probe mystery of ANTARCTIC BLOOD GLACIER

Robert Helpmann??
Childcatcher

Re: Boffins

Nothing but the finest boffins...

What, nothing? We should be allowed an occasional trick cyclist to liven things up a bit!

UK Supreme Court waves through indiscriminate police surveillance

Robert Helpmann??
Childcatcher

On behalf of the victim

When you've got an ongoing issue between two parties, the police will issue a letter on behalf of the victim that basically says that any further contact is unwanted, and removing any doubt on that matter.

Yeah, we call that a restraining order here and it is issued by a judge. First, I should mention that I am not familiar with the details of the law on that side of the world, but I have some questions concerning this. If the police are making statements on behalf of someone, does the person making the accusation have to sign off on it or can the police simply intervene without anything more than an undocumented statement? Second, saying the police are doing something on behalf of the victim implies there is a crime. That does not sound quite right as there has been no trial. Yes, you can have an accusation, but that means you have an accuser at that point which is not equivalent to victim. How is this actually dealt with? Finally, at what point does the other side get to issue a statement? In most disputes, both sides have a chance to make a statement which goes into the record. Is that not the case here? Do I understand correctly that in at least some cases what is being done is that the police are issuing the letters without the consent of the people they are ostensibly meant to protect in order to plant evidence that can be used against their targets during any suit filed against them at any time? Nice.

Grab your pitchforks: Ubuntu to switch to systemd on Monday

Robert Helpmann??
Childcatcher

Re: oh well

It seems to be getting its tentacles into everything.

So this is essentially the Windows registry debacle all over again? Plus ça change...

NASA: Curiosity rover's BROKEN ARM doesn't SPELL DOOM for Mars mission

Robert Helpmann??
Childcatcher

Re: Stay at home siblings

Yes, they even have an app for that.

Bank of America wants to shove its IT into an OpenCompute cloud. What could go wrong?

Robert Helpmann??
Childcatcher

Hit the nail right on the head

The "off premises" bit seems to be referring to consolidating the data centres in fewer locations which are not co-located with the business units using them.

"Consolidating," maybe. Not co-located? "Not co-located with the business units using them," has always been the case. Banking data centers are typically housed in their own facilities, so this is nothing new, although local banking and back office centers often have their own mid-tier servers. They have some serious requirements to deal with being able keep operations up when they are unable to phone home.

The real news in the current story seems to be that they've decided on OpenCompute kit as their standard hardware platform.

For you, perhaps. For me the real story is that they consider the tech involved to be mature enough to use in their production environment. Banks are extremely risk-averse when it comes to tech. Bank of America (or at least its legacy NationsBank bits) for example kept OS/2 on life support far past the time it died a natural death elsewhere.