* Posts by Halfmad

881 publicly visible posts • joined 16 Jan 2013

These truly are the end times for TLS 1.0, 1.1: Firefox hopes to 'eradicate' weak HTTPS standard by blocking it

Halfmad

Re: @RM Myers - "We decided on a global fallback"

I don't think they care, browsers are increasingly aiming at home users now IMHO.

Time to patch your lightbulb? Researchers demonstrate Philips Hue exploit

Halfmad

Re: It only takes one

Get your free Smart Meter today

(paid for by you through taxation and billing.)

Researchers reckon 500k PCs infested with malware after dodgy downloads install even more nasties from Bitbucket

Halfmad

Re: Instant karma

or photoshop elements if you want something more like actual photoshop but without much of the stuff you never used anyway.

Affinity looks like it does more than elements though, good spot.

'Windows Vista' spotted doing a whoopsie over EE's signage

Halfmad

Re: Why use Windows?

That's just poor system management, there's no reason for it to do that. Assuming anyone actually has responsibility for making sure the systems are updated etc.

Yahoo! hack! payout! nearly! approved! and! the! question! is! how! to! spend! 60! cents!?

Halfmad

The irony..

of having to pony up more personal information to get compensation for a loss of it.

If only 3 in 100,000 cyber-crimes are prosecuted, why not train cops to bring these crooks to justice once and for all, suggests think-tank veep

Halfmad

The problem is these days we don't have politicians thinking long term, they can't see past the next election so long term strategy is out of the window on pretty much every area of governance.

If it's not going to be a good news story during the next campaign then they see no benefit in it.

Apple: EU can't make us use your stinking common charging standard

Halfmad

Re: Gold plated cables

iPhones are good value - if you keep them long enough and sell them before they become bricks, like every other so called smart phone.

WTF, EFS? Experts warn Windows encryption could spawn nasty new ransomware

Halfmad

Re: This fails to surprise me...

and not having domain admins browsing the internet using IE 11.

Capita Education Services accidentally spaffs email addresses in Helpdesk snafu

Halfmad

Re: Oh for fucks sake

Honestly because adults shouldn't need this sort of common sense check.

Sometimes we need staff to be clever, or work elsewhere.. like Capita.

Hospital hacker spared prison after plod find almost 9,000 cardiac images at his home

Halfmad

Re: Hacker?

hacker

/ˈhakə/

Learn to pronounce

noun

1.a person who uses computers to gain unauthorized access to data.

2.a person or thing that hacks or cuts roughly

Clue is there in number 1. Just because he wasn't wearing a hoodie doesn't mean he's not a hacker.

Unlocking news: We decrypt those cryptic headlines about Scottish cops bypassing smartphone encryption

Halfmad

Re: Just wait until after Indyref 2

Nah they'll be shut down as we won't have any money to pay for them.

Problems at Oracle's DynDNS: Domain registration customers transferred at short notice, nameserver records changed

Halfmad

Sounds to me as if they wanted all of the accounts gone before the end of the quarter, so **** customers we need a clear quarter without you lot so we can get on with the firing of staff.

Why is a 22GB database containing 56 million US folks' personal details sitting on the open internet using a Chinese IP address? Seriously, why?

Halfmad

Re: Lord Almighty.

Also the security guy could well have been pointing and shouting about this for years, from my experience..

UK data watchdog kicks £280m British Airways and Marriott GDPR fines into legal long grass

Halfmad

Re: What's the point?

Why have a regulator and properly fund it?

£2M a year is a limit they should not have..

The Six Million Dollar Scam: London cops probe Travelex cyber-ransacking amid reports of £m ransomware demand, wide-open VPN server holes

Halfmad

Linux has it's own problem, underlying issues here are a culture of not funding and/or caring about information and cyber security.

If they did at most they'd be back up and running already and saying "we lost X amount of data, sorry ICO".

Instead they are still down, still clutching at straws and in PR damage limitation mode.

Intel teases NUC-leheads with new desktop-class graphics systems and a fast i9 CPU

Halfmad

Re: Displacement??

It's a good tactic when you don't want to compare actual performance though..

Autonomy did count some hardware sales as marketing costs, ex-finance bod tells High Court

Halfmad

Costing HP a lot of money this.

Apparently at least 35ml of Magenta each day per lawyer.

This page is currency unavailable... Travelex scrubs UK homepage, kills services, knackers other sites amid 'software virus' infection

Halfmad

Almost guaranteed to have no patching, no contingencies, poor backups (or limited) and potentially outsourced chunk of IT.

The fact their external points were unpatched and poorly configured is a massive red flag, basically they don't test their own stuff, so that means realistically they now need to pay over the odds for someone to do all that for them, to tell them what they don't know - that they don't manage their systems or understand the risks they are running.

Watch as Senior Management don't get sacked or resign over this.

Halfmad

Re: Flabbergasted

It's not change management if you don't change anything, ever!

Say GDP-aaaR: UK's Information Commissioner pours £275k fine into London pharmacy's teaspoon

Halfmad

Re: exposed to rain, doesn't mean they aren't readable

On 100% of the paper?

It's something the El'Reg readers are totally inconsistent on. They may be experts on database tech, auditing etc but the basics - go right over their heads.

They didn't even list an estimate for the number of people, that means it was all binned prior to ICO investigation, or the ICO completely failed to push them on it. Either of these is bad for the data subjects.

I 100% guarantee the average punter off the street would have been able to get some identifiable information from that pile of papers, it's not as if it was submerged in a swirling swimming pool.

Halfmad

Re: RTFM

I did read it - exposed to rain, doesn't mean they aren't readable.

We've had incidents involving sewage and still managed to get information and contact those who's documents were affected.

Halfmad
Facepalm

Unknown number of people?

Nonsense, nobody, ICO included bothered to check.

Just shows how seriously they take it, if they don't know - they can't inform those involved. That's a failing both by the company and the ICO.

The time PC Tools spared an aerospace techie the blushes

Halfmad

Re: Windows 3.1

Much like our infrastructure team who used the phrase "transient network issues" for literally anything they worked on, whether it was network based or not, it was always TNI.

Heck the time they turned off the server room air con by mistake was also put down to it..

Halfmad
Facepalm

Re: To be fair ...

and in the 90s the engineering firm I was an apprentice at didn't realise the one A0 plotter we had was business critical despite everyone using it day in, day out. Until of course it packed in during a large print run.

The solution? Should at the lowly engineering apprentice who's somehow ended up doing all of the IT for the company..

Some things never change!

Hold my Bose, we can do premium: Sennheiser chucks pricey wireless cans at travellers

Halfmad

Re: oh no!

USB C isn't just more convenient it's better in almost every way tbh!

Want to live long and prosper? Avoid pirated, malware-laden Star Wars free vid streams – and pay to watch instead

Halfmad

Re: I'm safe

Lucas didn't involve his (ex?) wife with the script for these and she's the only reason the original trilogy wasn't a complete bloody mess.

Log us out: Private equity snaffles Lastpass owner LogMeIn

Halfmad

Ouch

Time to look for alternatives then.. there's an el'reg article that needs a 2020 version!

Half a billion here, half a billion there – pretty soon you're talking real money: US Congress earmarks $425m for 2020 election security

Halfmad

Re: Just use paper

That's the thing I don't get, if they just said "we're going back to paper for elections" it'd be far more secure straight away. Only issue is training staff, having premises available etc but that should be relatively easy as those machines had to be placed somewhere for the vote anyway.

US elections always seem to have issued caused by technology..

WhatsApp chaps rapped for crap app group chat zap: Infosec bods find a way to nuke messages, fix issued

Halfmad

Re: Why?

Raising Arizona

Genuinely thought he was very good in that.

Valuable personal info leaks from Facebook – not Zuck selling it, unencrypted hard drives of staff data stolen

Halfmad

Re: Serious compliance problem

If it included a single EU citizen then yes it did.

Revealed: NHS England bosses meet with tech and pharmaceutical giants to discuss price list of millions of Brits' medical data

Halfmad

Re: NHS ...... ENGLAND?????

Hasn't that deal more or less collapsed because Microtest couldn't fulfil it's contractual agreements?

Halfmad

Re: Once again. It is not *their* data to sell.

OK we need to clear this up folks.

EU directive = instructs member states to implement a law.

UK regulation (e.g. GDPR) = it is now UK law.

GDPR is a regulation, hence the name. GDPR is about UK Citizens as well as EU citizens. It applies within the UK and we have to stick with it irrespective of Brexit and until the law itself is changed.

Halfmad

Re: NHS England does not have the data of 65 million Brits

There's no fighting off required, by law NHS England and the UK nor Scottish, Welsh etc parliaments can compel NHS Scotland, NHS Wales nor NHS NI to sell it.

Oddly enough much of these protections are in place because of the UK parliament. This is another case of NHS England taking it upon themselves, nobody is forcing them to do it.

Halfmad

Re: I want access to my data

So in order for them to give you access 24/7 they'll need it hosted on cloud somewhere. So before it goes to big pharma, you want Amazon, Google or Microsoft to have access to it?

Bit of an odd request, but ok..

LightAnchors array: LEDs in routers, power strips, and more, can sneakily ship data to this smartphone app

Halfmad

Re: Why on earth

Or as it's heating up it could just make a clicking sound like my iron does when it's ready to be used..

Google Chrome will check for leaked credentials every time you sign in anywhere

Halfmad

Only a matter of time

Until Google stops you using inappropriate words and phrases because it doesn't match their whitelist which advertisers have approved.

If you want an example of how user concerns do not drive software development, check out this Google-backed API

Halfmad

Re: Why?

Sometimes I open up reddit links in browser rather than on an app, I do this on purpose (cos the app doesn't display it correctly etc) and will get a prompt about opening it in the app anyway.

Thing is it's my choice to open it in browser, all they are doing here potentially is reducing that choice and tbh, I'd be more likely to uninstall the app than stop using browser occassionally.

Tricky VPN-busting bug lurks in iOS, Android, Linux distros, macOS, FreeBSD, OpenBSD, say university eggheads

Halfmad
Trollface

Re: All hail systemd

Just move over to Windows 10. I mean the 'nix fanboys invade every Windows based article bashing it - might as well return the favour here.

Come on Billy Gates fans, get the cardigan buttoned up and get in here to bash 'nix for some bug that wil affect a tiny percentage of the user base.

Onestream slammed for 'slamming' vulnerable and elderly folk: That's £35k to Ofcom, please

Halfmad

Re: pathetic

My thoughts too essentially they have gained access to customer bank accounts by fraud, levied charges which were never agreed to by the other party and gathered information on people without consent.

In which way does this warrant a £30K fine? They should be shut down and the directors personally liable for compensation. What's the point in having a watchdog with no teeth?

Newly born Firefox 71 emerges from its den – with its own VPN and some privacy tricks

Halfmad

Re: Few legitimate uses of VPN?

That's my problem with VPNs being touted as a catch all "it's just more secure" particularly as one VPN vendor varies hugely from another and the end user has little if any visibility or understanding of it. They just read "VPN GOOD" and assume they are doing the right thing.

VPNs can be very helpful but it's entirely use case related. I can't remember the last time I used one since the web more or less moved to HTTPS tbh.

RISC-V business: Tech foundation moving to Switzerland because of geopolitical concerns

Halfmad

Re: Swiss Miss Incorporation

Corbyn wouldn't have any companies operating here worth taxing, some would be make public and the rest would leave so they didn't have to give away 1% of their shares a year for the first 10 years of a Labour government.

UK political parties (all of) are complete bonkers these days.

UK tax collectors warn contractors about being ripped-off – and not by HMRC for a change

Halfmad

Re: Lacking common sense....

Snail mail isn't secure nor is it overly reliable these days.

So yeah, same as e-mail.

Magic Leap's CFO and creative director quit, and it's not a harbinger of doom or anything

Halfmad

Re: A question:

Tech bubbles, some companies manage to operate in them, others become them. Magic Leap has been one from the start but "innovation pioneers" have thrown money at it, probably mostly other people's money and will shortly reap the pain.

Brexit bad boy Arron Banks' Twitter account hacked: Private messages put online

Halfmad

Re: "Twitter [...] have broken GDPR rules"

We haven't left and we'd still have the DPA/GDPR anyway when we do until parliament changes things.

Pack your bags, you're going to America, Lord Chief Justice tells accused Brit hacker

Halfmad

Re: Odd thought

Would our press even report on it?

Maybe I've become highly sceptical of the mainstream media of late but I doubt the BBC etc would care if a US citizen was being fired over here.

Despite Windows BlueKeep exploitation freak-out, no one stepped on the gas with patching, say experts

Halfmad

I think you've nailed it to be honest. If you have your patching organised already this alert won't really have made any real impact as those patches would have been applied or be applied short anyway. If you don't though, nothing short of a breach is likely to make you take notice at this point. We've been bombarded with "patch now!" alerts over recent years, if it's not sorted by now, it never will be.

We're almost into the third decade of the 21st century and we're still grading security bugs out of 10 like kids. Why?

Halfmad

Re: The logical next step is the two-dimensional risk rating approach

Then my management only want risks in terms of green/amber/red..

Ex-Twitter staff charged with spying for Saudi royals: Duo accused of leaking account records, including those of critics

Halfmad

Re: Four years?

This would require information security staff and we all know having those working internally, properly resourced and supported by senior management is a rarity these days.

Microsoft crams Office 365 docs into Edge-style sandboxes to thwart malware infections

Halfmad

Re: "to help admins spot and remove cloud apps installed by users"

and another is probably developing a paid for tool which will fix both scenarios by allowing them to run at the same time :)

Open wide, very wide: Xerox considers buying HP. Yes, the HP that is more than three times its market cap

Halfmad

Re: Two semi-marginal companies

Means they only pay for one coffin instead of two when the company, presumably with a new stupid name eventually dies.