Posts by Robert Helpmann??

Re: That's nice.

When will people realise that electric racecars just aren't useful outside of a racetrack?

About the same time they realize that race cars in general are not useful outside a racetrack.

Re: Malware through ads...

The research pair said there was very little advertising networks could do to prevent the attacks.

My first thought when I read this was, "Why not?" It's not as though at least one app store has made a reasonable attempt at controlling their process. This shouldn't be that much different. Ads generate enough revenue to be able to support some in-house vetting. Taking control of the process rather than allowing their customers to have free rein would go a long way toward filtering out the riffraff.

Re: Modern Mores

I would expect to see an online dump if it was a hacker going for bragging rights. I would expect it to show up for sale, just as you imply, otherwise. My understanding is that most people who are capable of breaking in and grabbing up this sort of information are more likely to sell it off as they are not necessarily set up to exploit it. It's a tried and true concept: one person performs the theft and then sells the goods.

Victimized!

So they have just failed to protect some of the most sensitive data concerning their customers who pay very real money with the expectation that this company would exercise due diligence in their actions? I would appreciate a statement from the company explaining how it is the victim and not its customers. Obviously, I do not know the details in this or any of the many other similar cases, but given the well known and publicized nature of this threat, it seems reasonable that any such breach should be grounds for a third party or regulatory investigation of negligence.

Re: Robert Beyond Helpmann Jurisdiction?

"The New York Times previously reported how Monsegur worked with the FBI on cyber-attacks against governmental websites in Brazil, Iran, Iraq, Pakistan and Syria."

Do you need a map of the USA to help you work out where those cities are?

I will leave it to you to work out what is inside the US and not.

Re: Fibre to the chip

If it works like my ISP, then it's fibre to the chip, then a converter and modem hookup once it's inside.

On Being

Sometimes being small...is a good thing

I understand medical science can work miracles these days.

Re: Confused?

[T]hey sound worse criminals than the supposed russian hackers

I believe you are confusing incompetence with malicious intent.

Re: "Turns out IDS is actually useful for something".

Since it does something other than simply report, it is technically an IPS - an intrusion prevention system - though it probably would not produce as much entertainment on your side of the Atlantic and confusion on mine. Ah well, I learned something unexpected today.

Security patches ... are arguably necessary. Extending the scope of the changes to include updates to the Applications is going to produce chaos.

Not applications, the UI is where the problem is. Applications can have security issues too or have additional functionality added without causing much in the way of distress, but if the entire menu system is rearranged (e.g. drop-downs for ribbon) there might be a bit of trouble. Decouple functionality from cosmetics and things will get a lot better for all.

Re: Not much of a surprise there then

Having worked for both regular and reserves, I can say there is not much difference in the training and expectations for the troops in the different commands. The point about outside experience is more pertinent. Really though, while it has been rightly mentioned that there is a huge difference between defense and offense, what is missing from the discussion as to how the military actually functions when it comes to IT. Most of it is handled by contractors who are told what to do and how to do it by someone, often a civilian, who probably is not very technically inclined and has to trust someone else, often someone who works for a competing contracting agency, for information on which a decision can be based. Yes, it makes good headlines to hear about the AR Red Team's victory and I am sure someone got a wonderful dressing down. Will it result in meaningful change (which is really the point of these exercises)? Who knows?

Re: Hmm

You might add hooks into email and backup services. As far as firewalls are concerned, those holes for updates should be in-bound only, not that aren't ways around this to get information back out.

Re: This is news?

The Nigerian 419'ers are moving onto new ways to extract money from you

Yes, but they will continue to target the least educated and tech savvy. In fact, the way their scams work weed out anyone with a clue. That is not to say that there aren't many individuals and groups out there willing to take advantage just as you suggest, just that there are different "target audiences" for each kind of scam.

Re: Stealth Baloon

Jast saying that balloon had to cross some very paranoid airspace

Especially Canada!

Re: Unemployed and going on holiday overseas?

But, she did pay! Obviously, you missed the part where it cost her a leg. The return trip would have cost an arm.

Re: See logo

This is exactly what I, and apparently other commentards, thought of first. Hold on a moment...

Cognitive Dissonance, ENGAGE!

No, it's OK. It's all good.

Re: oh, sorry!

...immediate cessation of chocolate rations.

There's chocolate?! Why am I always the last to be told?

When in trouble or in doubt...

Network operators shouldn't shortsightedly kill something because they don't understand it - there are more sensible ways to deal with a threat than panicking and beating it to death.

Welcome to the fun, Catherine, and thanks for the research. Most of what you say makes good sense, though I have one quibble with the above statement: this is exactly how network admins should react to anything on their network they do not understand. They should make every effort to gain the knowledge to make a rational decision, but until that point, not so much. Besides the obvious concern that it, whatever it is, is not under your control, there is also the idea that if you do not understand it, you have no assurance you it is configured properly and doing what you want it too. I am not so sure about the panic portion of the equation, but I am sure someone in management can cover that.

Re: Not exactly new

A good point. So why is Russia OK with Microsoft products while China has banned at least some of them based on security concerns?

What about OKCupid?

The service is free; they were not being bilked out of money by getting something other than they put down their hard-earned for. They were merely lied to, so that's all right then.

Re: Realism

Quite possibly Belgium too for similar reasons. They're facing a split down the middle.

Belgium has always been a house divided. Then again, their government stopped working for a while and pretty much no-one cared.

Re: Point of Issue

Hmm... Next thing, you'll be burning Noah Webster in effigy.

Re: Yawn

Yes, but Chess was included in OS/2 (in contrast to Solitaire and Minesweeper being bundled with Windows), so 50% effort on both groups. For a complete win, you must show proof of an install on a machine in the wild.

Re: Another Tech That Should Die

For more entertainment, the CAPTCHA could present a series of Ishihara tests.

Re: There seems to be no penalty for running over budget

Additionally, the people writing and approving the contracts are often not those actually involved in them. When it comes to IT, this is especially telling as they are often completely unaware of what the actual requirements of a project should be and are thus unequipped to make a reasonable determination on any bids submitted.

In many cases, while the contract is supposed to be written and reviewed by a panel, they often all report to the same person which essentially grants that person all the decision-making power. The advise of the panel may be ignored or, if the manager in question is more skillful, steered to the desired outcome.

There is so much waste built into the way our government runs. It is no surprise, though, given how much money is at stake. While most rules put into place around this process were made to minimize government expenditures, money will find a way to overcome.

Re: How far?

Please define what a 'kms' is, as it does not appear to be a standard SI unit of measurement.

500 km = 3,571,428.5714285714285714285714286 lg

give or take

WD-40

The "WD" in WD-40 stands for "water displacement," so to rephrase: With duct tape* and Water Displacement 40. Using Google Translate (with apologies), it yields this:

Ductum lineam, et cum Praesentibus Aquam XL

Going back the other direction gives us this mess: Drawing the line, and with the presence of water, 40. Clearly this needs work that I'm not up for... er... for which I am not up.

* Duck Tape is a brand name.

Pump and Dump

P.S. Proof of concept: Stock market pump-and-dump spam has almost entirely stopped. The stock exchanges acted to block the profits, and the spammers gave up moved on to greener pastures.

Fixed that for you. The problem is that there are so many suckers. Still good points - Have an up-vote.

Re: Er... news?

So this is another "stuff bought second hand not wiped" news story?

Yes, in as much as there was data on it that might be valuable in and of itself (e.g. account details). However, the researcher was able to learn enough about the second hand box to be able to hack systems that are still in production, assuming they are still set up the same as the terminal he purchased. Knowing that the owner doesn't change the default password or that the password can be recovered from the discarded machine and is likely to be the same on systems still in use can be pure gold (literally). Finally, "Oh's findings suggest the retailer had a poor security policy that went beyond anything particular to the terminal he bought on eBay."

I would like to know which retailer this is so I can avoid walking through its doors.

Blade of grass on a football field

"I worry about the accuracy of their research if they think there's as many as a billion blades of grass on a football field."

Turns out this is a mathematics project/thing currently used to teach kids how to estimate. There are a number of examples posted online. This one gave the result as "about 63,350,000." A bunch of 5^th graders could have told them better.

Re: Tired admin

A sysadmin really should check that every patch works and doesn't break critical services/applications before deploying.

I could not agree more and yet the people who get pissy if the "critical services/applications" aren't working are typically the same bunch who will not fork over the cash to set up development or test environments. I have had to work in several large network environments in which we had to "test in production," which basically means that we target a subset of the overall production environment and see what happens next before proceeding with the rest.

Re: hmmm

To play Devil's Advocate a bit:

I love the way I can log on from any device and just carry on without thinking about what device I'm using...

I don't, at least in as much as it is the default and automated (passwords stored on device). I also have an issue with the fact that others on my home network share access to some data. I know Google searches performed on one device show up in the cache for others regardless of the accounts being used. I don't know what other data leaks may show up, but this should be enough to raise concerns.

...he has no issues anymore with Malware, Viruses and toolbar hijackers.

It might not have any now, but I find it hard to give credence to the claim that there will be no malware, especially given the relative small amount of time between Android gaining popularity and malware being developed for it. Chrome has relatively few users right now, so it is not a worthwhile target. This will change as soon as someone thinks a profit can be made from it, so pretty soon. This also discounts targeting by government sponsored groups.

Google do not sell your personal data, they use your data to place more appropriate adverts.

Essentially, they do not sell the data, but have set themselves up as a proxy. It's more profitable if they simply rent it. On the other hand, they gather as much data as they possibly can, making them a very tempting target for governments and black hats alike. This sort of data gathering is baked into all of their products, as far as I know.

My C720 is the best computer I've ever had. And the cheapest.

I cannot argue with your personal experience, though I would stipulate there are cheaper machines and better machines out there, though perhaps not in the same package. As far as better value for money, beware getting exactly what you pay for. Manufacturers will sell at a loss if they think they will make up the difference and then some later down the road. It is why printer ink cartridges are ridiculously expensive, for example. Google seems to have a good idea of how to make money, so I would not expect them to do otherwise with these machines. The question is more one of how they do so.

List Available

I checked Amazon's site when I got home from work on Friday. It wasn't particularly hard to find the list of books available through this service, including listings by genre.

Re: Video of device being demonstrated

It's only funny if it's not damn obvious.

Incident Resolution

"No[w] if only I could use that just once in our call logging system!"

You can, but just once (for obvious reasons).

Rubber Duckie

Rubber Duckie, you're the one \ You make flying through the vacuum of space lots of fun...

Tux, 'cause that's as close to a duck as we have ==>