* Posts by Nick Kew

2841 publicly visible posts • joined 16 Jan 2007

Your two-minute infosec roundup: Drone arrests, Alexa bot hack, Windows zero-day, and more

Nick Kew

Re: Drone arrests

Supposedly some guy was seen over two drones on a bicycle, but this couple have vehicles.

Any more reason to credit the bike story than the arrests? I don't see how I'd transport a drone in my panniers without the high likelihood of damaging it!

This arrest requires extraordinary evidence that perhaps the police do have, but if they don't then this couple will be rich by the time they sue everyone and every publication that has smeared them.

Unlikely. You have to be seriously rich to play that game (though it can be satisfying when someone does). I'd expect to want a warchest of tens of millions to go into it with the reasonably confident expectation of reaching an outcome before going bust. When ordinary people take on the system and win, they have the backing of someone deep-pocketed.

London's Gatwick airport suspends all flights after 'multiple' reports of drones

Nick Kew
Coat

Heh. Give Granny Weatherwax a taste for flying at Gatwick and clearing the sky of crap. And full-on headology on an airline pilot could be 'interesting'.

Google settles Right To Be Forgotten case on eve of appeal hearing

Nick Kew

Re: Question

Court records are public. Newspaper stories are public. If someone wrote a book or made a film, that's public.

The point is, how does anyone find the story if they don't already know it, or at the very least know there is a story to find? If NT1 offers me a business proposition that involves investing my life savings, I will naturally want to do due diligence, which will include googling NT1's track record. NT1 would very much like me NOT to find out about his past conviction for fraud in a similar scheme where he took investors' money and they never saw it again. Whereas Google would like to help as best it can with my due diligence.

Vitamin Water gets massive publicity for new flavor: Utter BS

Nick Kew
Thumb Down

Re: Free advertising

Likewise. Saw "vitamin water" in the headline in the feed, and thought it sounded like a startup with some possibly-novel proposition, perhaps on the health bandwagon like coconut water or birch water. Except that the gimmick seemed implausible.

Do I take it "vitamin water" is something 'merkins would automatically recognise as a brand name? I guess El Reg's .uk heritage must be pretty-much dead when it assumes we'll recognise the name.

'Bomb threat' scammers linked to earlier sextortion campaign

Nick Kew
Boffin

If we all followed your advice ...

Don't pay any ransom demanded by an unsolicited email, and report all threats to an admin and/or the police. ®

If we all reported all the crap coming our way, that could DDoS the police, perhaps so effectively as to preclude any resources at all for action against these or other malefactors.

Scumbag hackers lift $1m from children's charity

Nick Kew

Re: Really.

That'll be loose change amidst the many millions worth of free fundraising they get from the BBC on a regular basis. How many other charities, even the big household-name ones, benefit from patronage at quite that level?

Time for a cracker joke: What's got one ball and buttons in the wrong place?

Nick Kew

Re: Not user error

Not really anyone's fault. And nothing bad happened - they laughed it off.

A lot of helpdesk-type issues are not really anyone's fault. It's how you tell 'em that makes for an anecdote. Best ever has got to be those Norwegian TV folks.

25% of NHS trusts have zilch, zip, zero staff who are versed in security

Nick Kew

It seems to me the question asked doesn't really tell us anything. An organisation might say "none" because it doesn't separate out a specific security role. Maybe it's outsourced, along with other IT functions? And security expertise isn't necessarily associated with box-ticking training and qualifications.

Not that I'm suggesting they're on top of it. That would indeed seem far-fetched.

College PRIMOS prankster wreaks havoc with sysadmin manuals

Nick Kew
Thumb Up

Re: A decade of poor configuration

Not just the late '80s, when xhost + was still a default. Right into the '90s you could - and inevitably sometimes did - make someone else's computer burst into song, tell a joke, admonish the user, or just fart. You could also trivially run your prank from another computer again to leave a false trail in case someone investigated: a local area version of the CIA routing an attack to come from China or Russia.

But we did it for laughs, and drew the line at actually damaging anyone's work.

Oh, and this wasn't even a university. Though it was a research institute funded by (many) governments, so not quite the corporate world.

BOFH: State of a job, eh? Roll the Endless Requests for Further Information protocol

Nick Kew
FAIL

This BOFH is a rank amateur!

Why does he let tickets in to the system in the first place?

He could take lessons from Virgin Media in preventing that. Alongside never answering the phone (just torture them with menus that go nowhere, adverts, and piped screaming) or the online 'chat' facility (a much more benign "try again later"), you just don't provide any system that could accept a ticket into it.

Nick Kew

Re: WooHoo BOFH is back

BOFH is back, Dabbs is missing. Coincidence?

Tech support discovers users who buy the 'sh*ttest PCs known to Man' struggle with basics

Nick Kew

Re: Alternatively...

Oh dear.

Dorothy Parker on horticulture springs to mind.

Wow, what a lovely early Christmas present for Australians: A crypto-busting super-snoop law passes just in time

Nick Kew

Re: Idiots

Might I point out that you don't have a plate glass exterior wall in your shower,

True. It's clear perspex.

and you do have drapes over the windows in your living room & bedroom

No I don't.

and hopefully there is a door between your toilet and the rest of your house.

There is, but it stays open. Well, OK, I shut it to keep the roomba out if the floor's wet. And occasionally for guests.

But I do have locks on both front and back doors, and indeed a burglar alarm. Nothing to hide, but just possibly something to fear?

Nick Kew

Aussies will get their backdoors to services operated by Aussie companies. What happens outside that could be popcorn-time.

In an ironic twist, it was an aussie (Eric Young) who first gave us SSLeay, the ancestor of OpenSSL, back in an era when Oz was part of the Free World and the US was almost-uniquely[1] restricted.

I wonder how you could modify OpenSSL to open a backdoor for malicious third-party-key injection? No, I'm not going to work on it.

[1] Among developed countries.

Funnily enough, China fuming, senator cheering after Huawei CFO cuffed by Canadian cops at Uncle Sam's request

Nick Kew

Sklyarov

What immediately springs to my mind is the Sklyarov case. Uncle Sam arrests a man for writing software that was perfectly legal in his own country, where he had done the work. Took them quite a long time to decide no crime had been committed.

[aside] ISTR commentards here taking a robust attitude at the time. I looked for a quote, but Reg stories from the era seem to have lost all their comments.

Why millions of Brits' mobile phones were knackered on Thursday: An expired Ericsson software certificate

Nick Kew

Re: Don't feel so bad Ericsson, you probably did us all a favour!

Damn, I must be a freak. On a long train journey, I more often than not find myself in conversation with one or more actual people, merely by virtue of occupying neighbouring seats.

p.s. my O2 4G returned sometime yesterday evening. When I put the phone on the charger around midnight, it was there.

Total Inability To Support User Phones: O2 fries, burning data for 32 million Brits

Nick Kew

Re: Not just O2

There are reports of it affecting Vodafone and EE (not so much Vodafone from what I can tell).

Datapoint. I'm using EE 4G, and it's just fine.

Unlike my phone's O2, which has no data.

Brits' DNA data sent to military base after 'foreign' hack attacks – report

Nick Kew

IP?

Is anonymity the real issue here?

Fully-anonymised data on this scale must have considerable commercial value to pharma research interested in such things as the prevalence of genetic patterns. If it's explicitly in the public domain, that's fine. If not, then industrial espionage becomes an obvious issue.

IP companies specialising in patents could be a prime suspect here.

Waymo's revolutionary driverless robo-taxi service launches in America... with drivers

Nick Kew

Re: The whole driverless car thing

"... a problem that doesn't exist."

So they're lying to us about all those deaths and injuries on the road?

And all those kids who can't go out unsupervised 'cos of the danger are no more than their parents' neurosis?

And all those cars parked willy-nilly blocking everything must be an illusion?

Nick Kew

Citation needed

'cos a reputable source backing that up (or otherwise) could be genuinely interesting.

GOPwned: Republicans fall victim to email hack

Nick Kew

Re: All we can do is wait

Surely a likely candidate is the party itself. Just like in the UK, the party whips ferret out party members' secrets to bully (even blackmail) them on important votes, so a party in the US or elsewhere will want whatever it can find to hold over its legislators when it matters.

That would imply no (or very few) actual leaks. The power is in the threat.

Yet another mega-leak: 100 million Quora accounts compromised by system invaders

Nick Kew

Re: Using facebook to log in to Quora

In what sense "worse"?

If being tracked bothers you, then yes, you're cooperating with them. But for basic security, using OpenID (which I presume underlies logging in with Facebook) beats creating Yet Another Username/Password any day. At least on a site that's less critical than the OpenID provider.

STIBP, collaborate and listen: Linus floats Linux kernel that 'fixes' Intel CPUs' Spectre slowdown

Nick Kew
Childcatcher

Re: He should hug off and mind his own business

It's a Code of Conduct, innit? At least censoring out pink marshmallows[1] isn't weaponising it to attack some poor bugger.

[1] Seen elsewhere in a site with a deliberately silly swear filter.

Customers baffled as Citrix forces password changes for document-slinging Sharefile outfit

Nick Kew
Devil

Quick, more boiling oil!

So they're 'protecting' users who do dumb things like re-use passwords ... by doing dumber things like forcing them to deal with extra complexity. Along with all those who would never dream of reusing their Correct Horse Battery Staples. This is broken, so let's double down on it.

Do they also make you identify with memorable personal data? Mother's maiden name, favourite colour, first school, sorta thing? Now that really does feature in data leaks. As if it was even secure in the first place.

Where's the Pratchett icon, for occasions like this when he helps translate AAARGH to a half-decent LART?

Sysadmin’s plan to manage system config changes backfires spectacularly

Nick Kew

Re: Other screw-ups

Safe aliases for 'rm' are a good thing to prevent this!

Aliases for standard system commands are pure evil. They bugger up expectations, both for those who know the standard commands and may react unpredictably to unexpected behaviour, and for those who come new to the aliases and are then surprised by the real thing.

If you want an "rm" you consider safe, use something else for the alias. "del", for instance.

Nick Kew

Re: Why use a revision control system?

Code used to be backed up to tape too. It was obsoleted by revision control systems.

First code I ever wrote had to be saved to tape for every increment. 'Cos we didn't have discs back then, and a simple bug would commonly require a several-minute reboot (from tape) and restore (ditto).

But revision control had already existed for some years: sccs goes right back to 1972.

The dingo... er, Google stole my patent! Biz boss tells how Choc Factory staff tried to rip off idea from interview

Nick Kew

Light bulb

Glad to see you featuring this most famous misappropriated patent at the top of the story. It was precisely the thought that came to mind when I saw the headline on your feed.

Marriott's Starwood hotels mega-hack: Half a BILLION guests' deets exposed over 4 years

Nick Kew

Re: police-requested guest registration

Most countries seem to be a bit random IME. I've had hotels in Blighty, as well as various other countries in Europe and elsewhere, ask for my passport or comparable ID. And others that take a more relaxed attitude.

They do all seem to want a creditcard on booking and checkin. And recently they don't bother with it on checkout, which implies the capability to debit it some days later than reading it. I should hope that works with a single-use token rather than storing the whole thing!

Take my advice and stop using Rubik's Cubes to prove your intelligence

Nick Kew
Headmaster

1970s?

There was no such thing as a Rubik's Cube in the 1970s.

OK, there was a magic cube that you could easily scramble but was harder to unscramble. I still have a vintage example from November 1979[1]. But it wasn't until 1980 that it hit the shops and acquired the "Rubik" name.

[1] I can place it that precisely because it was my first term at Cambridge, when I regarded it as a practical exercise in Group Theory - one of the term's main courses.

Support whizz 'fixes' screeching laptop with a single click... by closing 'malware-y' browser tab

Nick Kew

My most memorable story of fixing not-broken technology comes from when I was about thirteen-ish and had never seen a computer. My granny told me, if I could fix her old radio, I could have it for myself. I changed the batteries, and it worked!

To be fair, at the time I was pretty handy with electronics, and fixed a few less-trivial things. Come to think of it ... no, you don't want to hear that one.

Nick Kew
Facepalm

Re: Hell is other people

But could she hear you on the non-functioning headset?

Nick Kew

One busy chap?

That's good. We need more hands. A new PFY or two (Simon's one has long-since graduated to full BoFH himself). Empire-building, doncherknow?

GCHQ pushes for 'virtual crocodile clips' on chat apps – the ability to silently slip into private encrypted comms

Nick Kew

Social Engineering

Couched in a more convincing spiel, leaving the poor bugger no option ...

Hello telco, this is GCHQ (honest guv). We urgently need to listen to those terrorists: they may be about to attack imminently. Yes of course they're terrorists: the Nether Blighty Sunday Cricket League is just a front! Yes, NOW, we can't wait while you complete all the red tape: that'll be too late, and your refusal to cooperate will be responsible for many deaths!

Capita seeks new networking chief: Up for it?

Nick Kew
Angel

Re: Fewer Things Better

But they do at least one thing very well indeed.

They provide commentards and others with a general object of derision. Can be good for letting off steam.

Oz opposition caves, offers encryption backdoor compromise

Nick Kew

their best assistance in understanding the nature and the content (where we have a warrant) of that communication”,

That at least sounds more like the FBI Iphone case than a backdoor.

Perhaps the Reg could point us to the real smoking gun here?

Openreach names 81 lucky locations to be plugged into its super-zippy Gfast pipe

Nick Kew

Re: LOL - ever heard of contention?

It's only two decades since I was connecting to a 2Mb national backbone.

Something that looks a little like Moore's Law is happening to our infrastructure.

Consultant misreads advice, ends up on a 200km journey to the Exchange expert

Nick Kew

Re: Onomatopoeic dinner parties...

Or ring the bell and start taking a piss on the Welcome coir and when the door opens ask them "How's that for an on-a-mat-a-pee'er?"

Is that usage somewhere in ISIHAC's Uxbridge English Dictionary, or is it just my imagination?

Nick Kew

Re: click this

You need to get over it. Language evolves.

Click may have some historic association with a sound, particularly in an era when computer devices had horrible artificial "click"s that were supposedly reassuring to people making the transition from mechanical typewriters. But that's now historic, and (in a computing context) the word "click" is now an action.

Nick Kew

Re: Spoilers in Tech Docs!

A recipe I like is to write the techie explanation in the middle.

Above it, a simple note "for quick step-by-step guide, scroll down to <anchor>".

Below it, those step by step instructions. Any critical gotchas refer back to the explanation.

But then, the kind of instructions that say "click OK or cancel" don't feature in my world. I'll google when something is a bit less obvious than that.

Shocker: UK smart meter rollout is crap, late and £500m over budget

Nick Kew

Re: Before I read the article...

You give them too much credit.

Nick Kew

Re: Ca$h...

Over here there are initiatives to let people participate in installations on other people's roofs, including public buildings.

Here too. But the subsidies are far, far less. And yet we who don't have our own roof and so have to resort to investing in public facilities get pointed to and labelled "fat cat investors".

Nick Kew

Re: Smart meters do not save energy

In contrast, smart meters can disconnect individual users for short periods (load shedding)

I have an old dumb meter. I don't know how many of my neighbours have smart vs dumb meters. But we all get disconnected depressingly frequently. It's called power cuts.

A smart meter wouldn't change my usage much. But I can envisage a future world in which my dishwasher can be set to run when the supply tells it is cheapest overnight. Those who have electric cars will have a similar situation on a much bigger scale.

Nick Kew

Re: Home security problem

Do you know anyone who doesn't flush a bog within an hour of falling out of bed in the morning?

That might not register. Some people have alternative sources of water to flush the loo. In my case, when I empty the dehumidifier. Doesn't happen every day, but often enough to be at home without using that flush from time to time.

In any case, isn't the discussion based on a false premise? The OP's premise appears to be Debunked here.

Other countries seem to be spending much less and achieving much more rollout. Which suggests the problems we have arise from our system rather than anything inherent in the technology.

Mobile networks are killing Wi-Fi for speed around the world

Nick Kew

Re: Cost?

My home broadband is a 4G connection (not via the 'phone, though I have that as emergency backup since it's on a different network). Cost is rather less than fixed line phone+broadband or a virgin cable Heisenconnection.

I shall await with interest what deals appear for 5G, and whether it becomes as ubiquitous in 'puters as wifi is today.

Oh, I wish it could be Black Friday every day-aayyy, when the wallets start jingling but it's still a week till we're paiii-iid

Nick Kew
Pint

Re: Meanwhile in Welsh Wales

Nice one. Though google translate gives "mindless" for your stupid, and thinks Day should be Days.

Nick Kew

Re: Meanwhile in western France...

@FrogAndChips: That's not what I call a bargain.

Three courses and wine? Doesn't sound bad for €12.

Nick Kew

Stayed in a Hotel recently where the TV

If you can't find an off switch, there's always the power switch on the wall.

Pasta-covered cat leads to kid night operator taking apart the mainframe

Nick Kew

Re: RE: Dried Pasta & Stubborn, Unmoving Cats...

But we didn't see a cat do it.

Is your cat called Macavity?

Joe Public wants NHS to spend its cash on cancer, mental health, not digital services

Nick Kew

Re: Once again. Technology should *not* be a goal, but a tool to deliver what the people want.

@Jimmy2Cows - I guess that was directed at me?

It was a reference to the magical thinking that makes IT a "solution" to a problem. As opposed to a means to implement a solution. Brexit seems to be the leading example of that today: those calling for a technological solution seem to be missing the idea that there needs first to be a political solution to implement, and denying all efforts to reach a political solution.

Merry Christmas, you filthy directors: ICO granted powers to fine bosses for spam calls

Nick Kew

You seem to be seeing a grey area there.

I'd fix it by a per-call levy initiated by recipients of nuisance calls. Say, a button you could press that would initiated an automated penalty payment of £1 for the call, administered by the telcos. With basic safeguards against malicious or accidental activation, like a threshold number of calls before penalties start.

Proceeds to go to charity (less a small admin charge determined by ofcom), in the manner of the Lottery.