* Posts by Halfmad

881 publicly visible posts • joined 16 Jan 2013

Brit Police Federation cops to ransomware attack on HQ systems

Halfmad

Re: Security and the weakest link?

Might have had backups - but were they tested? Did staff know how to restore them?

I have asked this of a supplier recently after a malware attack, I got no reply, so I escalated it to his boss. Turns out the guy "in charge of the backups" quit a couple of years ago and nobody was assigned the tasks he had, so backups had not been working for some time and nobody knew where the restore keys were kept for older backups.

Fortunately they hadn't been hit by an attack, but if I hadn't queried it, how long would have it gone on for? Yes the staff should have figured this out themselves, but we have managers.. to manage.

Halfmad

Re: Security Experts take NOTE

They have been down voted for hinting that any OS is immune to attacks.. on a security forum.

Brexit jitters fingered as UK consumer PC sales collapse

Halfmad

I said the same thing earlier on, can't believe that passed but in all honesty do you think Westminster would have refused to back it? Maybe.. but maybe not. I'm not convinced either way.

Still it's a huge mistake by the EU, pandering to lobbyists.

Spyware sneaks into 'million-ish' Asus PCs via poisoned software updates, says Kaspersky

Halfmad

They've never had any interest in support of released hardware, if it's not the current product on offer they quickly forget about it and cut it from support in later versions of software; which in hindsight may actually be a blessing..

Halfmad

If you have ever bought an ASUS motherboard you know how terrible their software is and how quickly they dump it and move on to the next model irrespective of whether the motherboard is still compatible with modern OS.

ASUS are about sell, up-sell and forget. They have no interest in supporting or securing customer hardware. It's always been this way.

Windows Defender ATP is dead. Long live Microsoft Defender ATP

Halfmad

Re: Another silly move by MS....

Nadella sees a subscription model as the way forward, that's all he's interested in.

Halfmad

Re: The real point of interest for me...

Apple and Microsoft have a better working relationship than many people realise, whilst they have fallen out at times they do collaborate now and then.

Neither seems to feel that siloing is as necessary as it once was. But I hope we never see a return of Appleworks for Windows.. Oh jeez did that give me nightmares.

Google takes a page from Microsoft of old and revives browser ballot on Android

Halfmad

Re: <marquee>IE6 for me please</marquee>

I thought those of us in healthcare were slow but IE6?! That's insane.

Just checked wikipedia.. IE6 still accounts for 0.17% of browser usage. https://en.wikipedia.org/wiki/Internet_Explorer_6

Can ye spare any 'digital change', pal? Blighty's ailing court service can't wait to hear from you

Halfmad

Easy, ask them to input their post codes. If it doesn't match the list they don't get in. /s

Welcome. You're now in a timeline in which US presidential hopeful Beto was a member of a legendary hacker crew

Halfmad

Re: Nice

but now that I'm older I realise that age == stupidity in the political world.

Perhaps in a few years you'll realise that grouping people by how long they've been on the planet makes little sense. Age doesn't = stupid, there are plenty very clever and wise older people. Just as there are plenty young and stupid people. There's little use in grouping by age when it comes to intellectual capacity and ability to look at problems from differing perspectives.

Adi Shamir visa snub: US govt slammed after the S in RSA blocked from his own RSA conf

Halfmad

Re: Politicize all teh thingz!

Depends how you look at the blackmail. Trump was elected based on assurances, he has been looking to get those funded, the Democrats were refusing to do so - I'd say they were as bad as each other.

Trump - for being unreasonable in his demands at the time.

Democrats - for consistently refusing to fund promises made during a campaign which they lost because the electorate wanted, in part Trumps plan.

It doesn't matter whether you agree with Trump, the man is a fool. But the bottom line is that a majority of US citizens who bothered to vote chose him based on, at least in part those border wall promises.

Who needs malware? IBM says most hackers just PowerShell through boxes now, leaving little in the way of footprints

Halfmad

In that case make her request it via a call logged with the service desk and allocate access via an AD OU.

It all hinges on this: Huawei goes after Samsung with its own foldable hybrid Mate X

Halfmad

Re: and here's me wondering why there are so few smaller phones..

I'm typing this on a 4" phone.. I've it for a few years and can't find anything suitable to change to when I inevitably start having problems with it.

Halfmad

and here's me wondering why there are so few smaller phones..

So few options on any mobile OS these days for phones at 4", not everyone wants or needs a brick especially one where there's moving parts on the primary surface!

Then again if they could perfect this AND bring it to a 4" sized phone that doubles out - that'd be nice.

Infosec in spaaace! NCC and Surrey Uni to pore over satellite security

Halfmad

Quite a few use RODOS apparently.

https://en.wikipedia.org/wiki/Rodos_(operating_system)

WTF PDF: If at first you don't succeed, you may be Adobe re-patching its Acrobat, Reader patches

Halfmad
Trollface

A second patch for the same vulnerability?

Sheesh! I'm starting to think that security is an afterthought for Adobe..

Troll icon for obv reasons..

No fax given: Blighty's health service bods told to ban snail mail, too

Halfmad

Re: He doesn't get it.

No idea why you are being down voted, as a patient you're allowed to give your information out to the GP like this especially if is suits you (not everyone can speak after all and call in).

e-mail is also useful but most GPs are sensitive about patients contacting them direction purely because they may be on holiday etc and miss something. GP workflow is surprisingly complicated and I'd suspect that in this instance fax is easier for them to handle than e-mail..

One click and you're out: UK makes it an offence to view terrorist propaganda even once

Halfmad

Re: Goodbye Youtube?

I also suspect what constitutes terrorist propaganda isn't set in stone and will change over time, let's hope they don't run retrospective reports then eh?

Accused hacker Lauri Love tries to retrieve Fujitsu lappie and other gear from Britain's FBI in court

Halfmad

Re: "Britain's FBI"

State laws is something that I found really odd although I guess you could say that as Scotland has it's own legal system and some of it's own laws the situation here isn't that different, just not as fractured. Then again, the distance from London to Edinburgh is far less than the drive across most states in the USA!

Oddly enough you could get caught out just crossing our invisible England/Scotland border as Scotland has extremely low drink drive limits so you're legal on one side, then bam - breaking the law once you pass that "Welcome to Scotland" sign.

Halfmad

"Britain's FBI"

If only our American visitors could understand that other countries have different law enforcement agencies..

I don't know if I was from the USA I'd be rather annoyed at the need to dumb down like this. What next El' Reg? Headlines like "Teresa May (Sort of Britain's President, but not really) met in Brussels (not the vegetable, the city) with Jean Claude Juncker (More like our Pres.. but not as gropey) to discuss stuff which doesn't relate to oil, so President Trump isn't interested."

Trakt app users' personal data exposed: We were hit by a 'PHP exploit'... back in 2014

Halfmad

Re: It only took them 4 years

But... but... yeah I've got nothing.

Only plebs use Office 2019 over Office 365, says Microsoft's weird new ad campaign

Halfmad

Re: Office 365

Office 360 is pretty good. Last week my manager was talking about how good Office 361 was but only because his director has been bragging about how reliable Office 364 was the week before.

Colour us shocked: Google in €50m GDPR fine appeal bombshell

Halfmad

Re: Can the fine be increased?

Google will never leave the EU, they make too much from it. Additionally it would leave a space for a competitor to grow in and threaten dominance globally if there was a large market they have no presence in.

Not going to happen.

NHS England's chief digital officer goes full digital, ditches health service for GP app biz

Halfmad

Surprised they aren't calling that "AI" since that's what seems to be deemed as artificial intelligence these days..

IBM insists it's not deliberately axing older staff. Internal secret docs state otherwise...

Halfmad

If women were genuinely cheaper to hire than men for the same work, most men wouldn't get a job.

There is no gender pay gap. Likewise gender base pay discrimination has been illegal since the 70s so if it happening, employers should be in court for it.

Not anon because frankly I have a backbone AC.

No plain sailing for Anon hacktivist picked up by Disney cruise ship: 10 years in the cooler for hospital DDoS caper

Halfmad

Re: What a hero

Particularly as DDOS can knock of collaborative working on care between institutions and make it harder for clinical information to be transferred from abroad.

We routinely have to send information quickly to the other side of the world as someone has been injured whilst on holiday, it absolutely would impact patient care at that end if they didn't have knowledge of prior treatment.

This is also why the NHS still has faxes, it's not popular but in many cases they are there as a business continuity backup, very much a last resort though.

You can blame laziness as much as greed for Apple's New Year shock

Halfmad

Re: Hmmmm

Headphone jack is why I haven't upgraded.I don't want to have to use adaptors and I have a set of headphones I've used for almost 20 years that I LIKE and don't see why I should ditch them as they are super comfy.

I don't really have any brand loyalty, if a product is good and I like it then I stick with it until it breaks or is obsolete - My iPhone SE is a couple of years old now but it's fine for what I need it for and I see no point in changing it, but if I did the replacement would have to have a headphone jack!

Marriott: Good news. Hackers only took 383 million booking records ... and 5.3m unencrypted passport numbers

Halfmad

Re: WTF do they do with Passport IDs?

My guess would be that it was a change to the system after it was bought in and the request didn't include encrypting it, so the developer didn't.

Struggling to see any other scenario where it wouldn't be encrypted on purpose to be honest.

My 2019 resolution? Not to buy any of THIS rubbish

Halfmad

What about banks?

Last time I went into a bank to discuss a mortgage the "mortgage advisor" - who I needed an appointment to see just loaded the same damn website and typed in exactly the same as I did.

Apparently it's all handled in mortgage call centers now, not in branch.. jesus no wonder branches are closing!

Full frontal vulnerability: Photos can still trick, unlock Android mobes via facial recognition

Halfmad

Re: Fingerprint sensors are useless

You can make it as secure by limiting attempts then wiping the device.

But would any of us trust it to be reliable enough to do that? I repeatedly have problems with fingerprint sensors on phones.

Oz opposition caves, offers encryption backdoor compromise

Halfmad

Re: That's OK then

I mean it's not like we're telling them there is a compromise eh?

Ohgoddamnit!

New era for Japan, familiar problems: Microsoft withdraws crash-tastic patches

Halfmad

Re: Abandon hope all ye who buy Microsoft

Sceptics may say this is a way to nudge people to upgrade to O365.

I say it's an improvement to security and we should laud Microsoft for taking such dramatic action!

Technical foul: Amazon suffers data snafu days before Black Friday, emails world+dog

Halfmad

Best not be too tight lipped Amazon

You only get 72 hours to contact the ICO here when you become aware of a breach.. you don't need to tell them what's happened just say "we dun goofed and will get back to you" but they will be slightly peeved if you don't get in touch for a few months as usual.

Not that they'll do anything mind.

When selling security awareness training by email, probably a good shout not to hit 'reply all'

Halfmad

Holland was clearly making a point..

and I'm glad he did as otherwise everyone else would have been itching to do it anyway. However one of the problems we have with modern e-mail clients and e-mail on the web is that BCC is increasingly hidden away to keep the interface clean, so even when staff know what it is they can't always figure out how to get access to it.

Congrats to Debbie Crosbie: New CEO at IT meltdown bank TSB has unenviable task ahead

Halfmad

Re: Have

TSB have a free pass for a while though, just blame the previous idiot in charge until the problems are past then celebrate how great the new CEO is..

Scare Force: Pakistan military hit by Operation Shaheen malware

Halfmad

Re: Outsourced...

Same staff who use to do BT Broadband support.. you know? Indian Terry.

Want to hack a hole-in-the-wall cash machine for free dosh? It's as easy as Windows XP

Halfmad

You'll need access to the hardware in order to pick up the cash anyway so you'd be nearby regardless.

"we need to be physically near" isn't really a get out when these can be placed in quiet shopping centre areas, sides of petrol stations, closed back branches etc.

Russia: We did not hack the US Democrats. But if we did, we're immune from prosecution... lmao

Halfmad

US have to accept some responsibility..

When they keep using voting machines which have been publicly denounced as vulnerable, private servers lacking in security oversight etc

You can't say you take security seriously when you make it easy for your opponents.

Scumbag who phoned in a Call of Duty 'swatting' that ended in death pleads guilty to dozens of criminal charges

Halfmad

Re: Throw the book at him

Difference with Jean Charles de Menezes is that there was genuine public outcry about it and the media reported it essentially as a public execution.

Did this swatting get similar treatment in the US or is it lost amongst the wealth of similar police killings?

Web domain owners paid EasyDNS to cloak their contact info from sight. It was blabbed via public Whois anyway

Halfmad

Re: Registered private domain owners.

GDPR only protects EU citizens and their data. Someone in the US or Canada for example has no recourse to GDPR.

Incorrect, GDPR is about the data, irrespective of who's data it is.

AMD's shares get in a plane, take off and soar to 12,000 ft – then throw open the door, and fall into the cool rushing air

Halfmad

Re: Nothing to do with AMD in particular

I think many of them bought in when TR2 came out expecting to ride the crest for a while until Q3 results.Fact is even AMD fanboys will agree the GPU side needs more work, they need to take Nvidia to task the way they've been doing with Intel recently on CPUs.

London flatmate (Julian Assange) sues landlord (government of Ecuador) in human rights spat

Halfmad

He wants his asylum to be removed, then it's another victim card for him when he goes to trial by media etc.

I hope he walks out of there and no government even bothers acknowledging it. That would be the ultimate slap in the face. Let Sweden say they'll pursue him if he ever enters their country, but beyond that.. 8 years of self imposed stupidity by an egomaniac.

300,000 BT pensioners await Court of Appeal pension scheme ruling

Halfmad

Another option to tackle the pension deficit

is for BT to pay less to shareholders and more into the scheme. Tada! problem solved.

On the third day of Windows Microsoft gave to me: A file-munching run of DELTREE

Halfmad

I always admired the royal marines, the SAS and the SBS

Now I take my hat off to the brave men and women around the world who bravely take on early adoption of Microsoft patches.

May the farce be with you.

UK ruling party's conference app editable by world+dog, blabs members' digits

Halfmad

Hate to point this out but DPA 1998 was replaced by DPA 2018 + GDPR. We still have a DPA though..

What's that smell? Oh, it's Newegg cracked open by card slurpers

Halfmad

Re: Barbarians!

Datum?

*tish*

I'll show myself out.

Judge: Georgia's e-vote machines are awful – but go ahead and use them

Halfmad

Re: Scanning?

Consider the time and cost setting these machines up then collecting them etc and needing staff on-call to fix them urgently if they break during the voting period.

Now consider just collecting sheets of paper and counting them..

This is use of tech where there is no need to use it.

Security bods: Android system broadcasts enable user tracking

Halfmad

there's no plan to fix older versions

Le sigh.

None too chuffed with your A levels? Hey, why not bludgeon the exam boards with GDPR?

Halfmad

Re: Can't believe they publicised this...

Can we charge a fee?

In most cases you cannot charge a fee to comply with a subject access request.

- I doubt asking for exam papers would be considered manifestly unfounded or excessive in nature.In fact from my own experience of dealing with the ICO over this they'd absolutely not see it as either.

It liiives! Sorta. Gentle azure glow of Windows XP clocked in Tesco's self-checkouts, no less

Halfmad

DO YOU HAVE A MORE CARD?!?!

No, now please stop shouting at me Morrisons POS.