Re: Perhaps?
@lee
Not necessarily. The passwords may have been encrypted but their private key may have also been stolen. That's one of the many reasons that you want salted hashes, not encryption for password storage
Posts by Adam 1
2545 publicly visible posts • joined 7 May 2012
Page:
98.1 million CLEARTEXT passwords pasted as Rambler.ru rumbled
Sysadmins: Poor capacity planning is not our fault
Monday 5th September 2016 22:52 GMT
Re: But....
> Oh and to Java devs everywhere, writing everything including the kitchen sink to Log4J output files in not the answer to reliable systems
Log4xyz is a good thing™. Certainly beats the hell out of something went wrong somewhere and we have no logs or some half arsed attempt to write to a text file using code lifted from stack overflow which isn't threadsafe, isn't buffered and works by loading the whole file into memory, appending a line then rewriting the file. Oh and by a file, I mean hundreds of files in various folders with no cleanup mechanism.
Other than sensible defaults, it's usually not a developer's role to configure log4xyz (internal or custom software where you have full understanding of the deployment environment may be the obvious exception). That is why you can change the verbosity of the messages in a config file. It is why you can choose your own appender. If you use a rolling file appender then you can specify things like maximum size, number of files to keep and so on. Then it is just a discussion with business about how much storage they want to pay for vs the point where files get deleted. That's their decision, not yours, not devs. Your job is to make sure you explain the consequences of whatever set of numbers get thrown at you.
The other side of the coin is ensuring that the I/O can handle the volume you throw at it. If you have your loglevel set to debug on a multi threaded stack, it may not be adequate to dump log files to some slow HDD.
Wait, you made me defend Java you sneaky bastard. Is that the new Rick roll?
Telstra wins AU$39 million for data retention costs as grants revealed
Monday 5th September 2016 11:09 GMT
makes no sense
If the government really want ISPs to do this, they should do one of two things.
1. Cover the entire cost out of general revenue; or
2. Permit ISPs to charge a specific data retention fee to their customers every month.
The *last* thing you want is for ISPs to try to monetise that datastore in some way to recover costs.
Australia's mobile black spot program was a partisan money hole
Good job, Oz feds: Conroy wants you investigated for privilege and contempt
Thursday 1st September 2016 00:37 GMT
"For most practical purposes, Parliament House is regarded as the only place of its kind and one in which the two Houses through their Presiding Officers have exclusive jurisdiction. Thus in Parliament House the police are subject to the authority of the Speaker and President and their powers are limited by the powers and privileges of the respective Houses. Such limitations are not based on any presumed sanctity attached to the building as such, but on the principle that the Parliament should be able to conduct its business without interference or pressure from any outside source"
- Advice of Attorney-General‘s Department, concerning powers of police within the precincts of Parliament House, 1967. And see Parliamentary Precincts Act 1988.
Whatever one thinks of the man with the red underpants on peoples' heads fettish, the AFP would be well advised to tread very carefully. These rules are deliberately designed to constrain the power of the police to interfere with the operation of the house.
FBI: Look out – hackers are breaking into US election board systems
Fifty bills for new Oz parliament, nothing much for tech
Chinese CA hands guy base certificates for GitHub, Florida uni
'Fake CEO' Chinese chap cuffed in $54m fraud probe
Sunday 28th August 2016 22:32 GMT
>fter someone impersonating the CEO in an email had authorized the transfer of funds. The CEO and CFO have since been fired.
So they fired the fake CEO? Or was it the fake investigation team that reported back to the fake board that caused the fake HR to sign the no doubt golden parachute cheque*? OK Neo, the blue pill....
*Just because you can't spell authorised doesn't mean I have to misspell cheque.
Tech fails miserably in Forbes' most innovative companies
MIT brainiacs triple the speed, double the range of Wi-Fi
Thursday 25th August 2016 23:24 GMT
Re: "consumers won't have to buy new hardware"
Yes. As long as you can mount your laptop on the moggie, this should work fine. Unfortunately, you still need a Roomba on which you can mount the moggie, so it is really turtles all the way down.
Microsoft's HoloLens secret sauce: A 28nm customized 24-core DSP engine built by TSMC
Honor 8: Huawei targets millennials with high-spec cheapie. 3 words – Food pic mode
Chocolate Factory exudes Nougat as Android 7 begins rollout
Australia Post says use blockchain for voting. Expert: you're kidding
Tuesday 23rd August 2016 06:13 GMT
Re: Australia Post's search for relevance ...
> (and what's wrong with the SMTP/POP/IMAP Internet mail service, I'd like to know)
Plenty, but nothing that I believe auspost has the answers to.
On a side note, lots of e-commerce relies on physical package handling to some degree. Why they can't leverage their natural monopoly to turn a pretty penny there shows a real lack of imagination.
Google killing app format used only by The 1%
Microsoft can't tell North from South on Bing Maps
Password strength meters promote piss-poor paswords
Scared of mobile banking
Baltimore cops accused of violating FCC rules with Stingrays
VeraCrypt security audit: Four PGP-encoded emails VANISH
Farewell Patch Tuesday fragmentation: from October, MS will roll just one monthly patch
Bees bring down US stealth fighter
US extradition of Silk Road suspect OK'd by Irish judge
Meet DDoSCoin, the cryptocurrency that pays when you p0wn
IBM makes meek apology for Oz #CensusFail, offers no fail detail
Friday 12th August 2016 03:35 GMT
Re: Warning: Aussie census goon squad coming soon!
"International visitors
If you are visiting Australia on Census night, you are required to participate. Your accommodation provider will give you a form or details of how to complete the Census online."
- http://www.abs.gov.au/websitedbs/censushome.nsf/home/getonlinefaqcensus?opendocument&navpos=110
#Censusfail Australia: Not an attack, data safe, no heads to roll
Australia's online Census collapses, international hackers blamed
Wednesday 10th August 2016 03:42 GMT
Re: Geoblock non aussie IP addresses?
They did. No doubt a good first step but it isn't that hard to circumvent. You're really just playing whack a mole.
"Earlier attempts to frustrate the website led the ABS to block all international traffic at about midday on Tuesday until midnight. But that geo-blocking mechanism ultimately failed, government cyber security adviser Alastair MacGibbon said."
http://www.smh.com.au/federal-politics/political-news/malcolm-turnbull-defends-handling-of-census-as-privacy-commissioner-investigates-20160810-gqp45u.html
Tuesday 9th August 2016 22:45 GMT
the other one plays jungle bells ...
I have not seen any independent evidence that they were ddos'd. By now I would have expected anonymous to come out chanting something something legion something or other. All the media reports that I have seen this morning are sourced from abs alone who after a trail of fail have a lot of self interest to hide. Keep drilling. We haven't heard the last on this.
Scale is hard; really hard. A few small assumption errors can give order of magnitude load increase. A small config file error can cause load balancers to do the wrong thing even if you have provisioned the hardware on standby (just ask aws). A small query plan error can cause additional terabytes of ram to be allocated during sign in (just ask Microsoft).
Oh, and given IBM's track record in handling government IT services, it's not that you wouldn't trust them to organise the proverbial in a brewery, you wouldn't even trust them with the RSVPs to the said event.
Australian national census fails in the IBM cloud
Tuesday 9th August 2016 13:40 GMT
Re: IBM, i shoulda known.
If El Reg couldn't see this coming then I would be changing news outlets. Blind Freddy could see that provisioning for a million people per hour isn't enough when most families will get home from work, eat dinner, kids in bed then log in. The saddest part is that because they make names compulsory, the results will be less than honest, negatively impacting public policy decisions for the next 5 years.
Classic Shell hackers: We infected FossHub so ransomware couldn't (and yeah, also for fun)
Render crashing PCs back to their component silicon: They deserve it
The developer died 14 years ago, here's a print out of his source code
Sunday 7th August 2016 22:45 GMT
Re: Portrayal of computer tech guys in films/tv.
> Have you tried turning it off and on again
Possibly the best researched piece of tech portrail we have seen in years. Pretty much every techo has at some point heard that line from a telephone *ahem* support attendant only moments after telling them how you have just reimaged the drive.
Biting the hand that feeds IT
