* Posts by FrogsAndChips

864 publicly visible posts • joined 7 Jan 2015

Page:

These 17,000 unpatched Microsoft Exchange servers are a ticking time bomb

FrogsAndChips Silver badge

Re: Those damned reboots

And count yourself lucky if it's only 1 reboot necessary and not 2 or 3!

Row breaks out over true severity of two DNSSEC flaws

FrogsAndChips Silver badge

Re: Does anyone care?

Anyone involved in Vulnerability Management cares very much about the CVSS rating, because they use it to determine how quickly they need to patch their machines. When downtime costs you money, you don't want to be forced into a rushed patching operation because a vuln was incorrectly assigned a High or Critical rating.

Mozilla fixes $100,000 Firefox zero-days following two-day hackathon

FrogsAndChips Silver badge

That's what bothers me with these events. How many of these bounty hunters sit on critical vulns for months waiting for the right moment to disclose them and cash in the rewards? Bug hunters should have an incentive to find vulns and be rewarded for it immediately - and it's good to see many companies have such a policy in place - not just a couple days a year.

Trump 'tried to sell Truth Social to Musk' as SPAC deal stalled

FrogsAndChips Silver badge

Re: Trump isn't planning to invade Russia in winter

Only for federal crimes, however he is also charged by several states.

BOFH: I get locked out, but I get in again

FrogsAndChips Silver badge

Re: Nothing on one...

Let's try again to show this was not a fluke...

Year of Linux on the desktop creeps closer as market share rises a little

FrogsAndChips Silver badge

Juno fly-by detects lower levels of oxygen on Europa than expected

FrogsAndChips Silver badge

Do you seriously think the Jovians will let us put satellites in orbit around their moons without reacting to this invasion?

Work for you? Again? After you lied about the job and stole my stuff? No thanks

FrogsAndChips Silver badge

Sure, but on the other hand, keeping these pictures was probably a breach of his employment terms. If he had wanted to help, it would have been safer for him to "remember" all the information rather than hand over the pics.

Ukrainian police arrest father and son in suspected LockBit affiliate double act

FrogsAndChips Silver badge
Unhappy

Bounty

"The US State Department will offer $10 million to anyone who can provide it with information leading to the identification or location of LockBit's leadership team."

So when they were teasing us with a "Who is LockBitSupp?" countdown on the pwned Lockbit website 2 days ago (Pic), all they meant was they would announce the bounty offer? I was hoping for a real info there.

FrogsAndChips Silver badge

Re: Is it too harsh...

Just send them to the frontline, period.

City council megaproject mulls ditching Oracle after budget balloons to £131M

FrogsAndChips Silver badge

Re: So, continuing the follow-up of the disaster

Consulting: If you're not a part of the solution, there's good money to be made in prolonging the problem (Despair, Inc)

Japan launches satellite to eyeball derelict rocket stage

FrogsAndChips Silver badge

Rocket Lab named the mission "On Closer Inspection."

That would have been a fine name for a Culture ship!

LockBit ransomware gang disrupted by global operation

FrogsAndChips Silver badge

Well done, lads!

Now let's hope this will not stop at servers and files, but that some heads will soon fall too!

Curious tale of broken VPNs, the Year 2038, and certs that expired 100 years ago

FrogsAndChips Silver badge
Facepalm

Subtitle

I've read it as the classical "It's always DNS" and read the whole article wondering when and how the DNS issue would arise...

Deepfake CFO tricks Hong Kong biz out of $25 million

FrogsAndChips Silver badge

Re: Root cause

Not just financial institutions. I remember Virgin Media calling me a few years ago after I sent a contract termination request, and asking me to give them my password to prove who I was. Sorry, you're the one calling me, YOU should prove to ME who you are!

FrogsAndChips Silver badge

Re: Root cause

That would be the first hurdle cleared, yes. Next you'd probably have to overcome other controls like threshold validations if you start asking for payments in the millions, but again all this depends on the maturity of the organization you are targeting in terms of payment security.

FrogsAndChips Silver badge

Re: Root cause

First, it's not stated that the company itself was a financial institution, only that the victim worked in the finance department.

Second, I think you underestimate today's existing controls in the finance sector. Payments can only be made to referenced accounts, which require extensive KYC procedures and multi-level validations. If someone pretending to be a client asks you to change their payment details, you are supposed to call them back on a trusted phone number (e.g on the company's website) to validate the legitimacy of the request. I've seen multiple occurences of email or phone scam attempts being foiled by users following procedures and engaging their brains. I'm afraid non-banking institutions don't operate yet at the same level.

Ransomware payment rates drop to new low – now 'only 29% of victims' fork over cash

FrogsAndChips Silver badge

Re: Hang on...

It may come from the difference between absolute and relative figures, as some sources cite 'numbers' while others mention 'rates'. With attacks on the rise, a decrease in the rate of targets paying the ransoms may not necessarily translate in a drop of total payments.

DPD chatbot blasts courier company, swears, and dabbles in awful poetry

FrogsAndChips Silver badge

Re: Evri/Hermes

I wouldn't trust them for a home delivery (just like all the others, to be frank), but we have a collection point conveniently close and, touch wood, never had any issues with lost parcels.

University chops students' Microsoft 365 storage to 20GB

FrogsAndChips Silver badge

Re: 20GB?

We had some quotas on our Unix accounts, but that was only based on the files in your name AND in your homedir. So if a friend let you store your files in their homedir, that would impact neither's quota.

Boffins demo self-eating rocket engine in Scotland

FrogsAndChips Silver badge

That's not an explosion, that's a fart after it has finished digesting itself.

Apple sets new 16,000-foot iPhone drop test after 737 fuselage fail

FrogsAndChips Silver badge

Re: Bread and butter

The theory is that the cat will spin endlessly a few inches above the floor. This is still unconfirmed in practice as no one has ever been able to keep a cat quiet long enough to butter its back.

FrogsAndChips Silver badge

Re: Bread usually falls butter-side down because the extra mass of the butter

Nah, butter has almost nothing to do with which side the bread lands on.

It's essentially due to the height of the table and the speed at which the toast is pushed that prevent it from performing a full flip. If the table is 10-ft high the toast will be more likely to land butter-side up.

Calculating Pi in the sky: Axiom Space plans to launch 'orbital datacenter'

FrogsAndChips Silver badge

Let me introduce our hero, which we have Regomized as Dave. Dave was on a journey to Jupiter to investigate the source of a strange signal...

Google Groups ditches links to Usenet, the OG social network

FrogsAndChips Silver badge

Re: Tin foil hat .?

Children? On Usenet? Today?

England's village green hydrogen dream in tatters

FrogsAndChips Silver badge

We've had our Office Heating Wars in London too, but the fans were not for cooling, they were for deflecting the air con draught towards other coworkers.

'Wobbly spacetime' is latest stab at unifying physics

FrogsAndChips Silver badge

Re: Understanding

Only if she was born after you. And don't call me Shirley.

FrogsAndChips Silver badge

Re: String theory has taught us….

The 'standard 1kg mass' is no longer a standard, the kg was redefined a few years ago based only on fundamental constants. So now you could measure the fluctuations of its mass, provided your instruments are precise enough.

FrogsAndChips Silver badge

Re: Understanding

Your 90-year old Granny will explain it to you.

FrogsAndChips Silver badge

Wibbly wobbly

If his theory proves right, he'll deserve the title of Time Lord!

It's ba-ack... UK watchdog publishes age verification proposals

FrogsAndChips Silver badge

Re: ORLY?

"What happens when other sites (Google, FB, ChatGPT, et. al. as mentioned) offer ways around age blocks?"

I don't know, let's see:

PornTube homepage: "Hey, we need to check your age before we let you in, but you may be interested in this shiny VPN" ==> illegal

VPN provider homepage/Google ad: "Install this and say goodbye to age checks on YouSmut" ==> legal

It's a moot point anyway, porn sites won't even bother promoting bypass solutions when a simple Google search will give you all you need in a few clicks.

"Laws made to generate votes are generally a bad idea and this is no excpetion."

No sane person on this forum is doubting this.

FrogsAndChips Silver badge

Re: ORLY?

Seems fairly obvious that 'sites' in this context refers to 'adult-only sites', i.e. these sites mustn't offer advice on how to circumvent the age-check measures.

US nuke reactor lab hit by 'gay furry hackers' demanding cat-human mutants

FrogsAndChips Silver badge

Re: Too old

Colour me confused as well. I've come here to read instructive articles and enlightening comments, not some nonsense about hairy felines.

I'm cancelling my subscription with immediate effect!

Bezos might beat Musk to Mars as NASA recruits Blue Origin's New Glenn rocket

FrogsAndChips Silver badge

Re: Nothing much to be missed if lost.

The way I understand it, this may not be the very first flight, but still a practice test, hence the high-risk qualification by NASA. There's no way the New Glenn rocket will have performed enough test flights by August to take on the ESCAPADE satellites as a full commercial payload.

Your password hygiene remains atrocious, says NordPass

FrogsAndChips Silver badge

Re: For best results, use a password generator that can give you a long, random string"

What does your 'horse' think about it?

FrogsAndChips Silver badge

Re: For best results, use a password generator that can give you a long, random string"

https://www.keepass.info

It is open-source, is not owned by a company and has been audited and recommended by several national security bodies.

It is an offline, standalone tool but offers sync features with most online storage provides (Google Drove, Dropbox, Onedrive...) if you want to use them - or not if you're paranoid.

You can protect the database with a master password, a keyfile (random file that you keep separate from your database) or Yubikey.

FrogsAndChips Silver badge

Re: For best results, use a password generator that can give you a long, random string"

Keepass keeps a history of your passwords, and its Autotype features allow you to input any number of TAB, ENTER keystrokes to navigate between the input fields, with delays to take into account paghe loading times. Of course every now and then you need to reconfigure because the provider has redesigned their login page, but I can live with that.

FrogsAndChips Silver badge

Re: For best results, use a password generator that can give you a long, random string"

The only difference is whether it takes a few seconds or a few minutes to find it

I'd like to see a source for this.

A 12-digit password combining uppercase, lowercase, digits and special chars gives you 10^22 combinations. Assuming a compute power of a trillion (10^12) combinations per second, it would take roughly 400 years to try them all, so on average you'll crack that in 200 years.

FrogsAndChips Silver badge

Re: What about sites that force you to make it easier?

NIST dropped that requirement a few years ago, and at corporate level we're starting to see implementations of new authentication methods (biometrics, PINs, HelloForBusiness) which ultimately will lead to the disappearance of the password, or at least its quarterly rotation (which generally consistis in incrementing the last character, so provides no additional security).

Why have just one firewall when you can fire all the walls?

FrogsAndChips Silver badge

Re: We've all been there.

I've met coworkers who would have been happy to stab you in the back even after you'd saved their asses.

SpaceX celebrates Starship launch as a success – even with the explosion

FrogsAndChips Silver badge

Re: I can't help but feel....

So far Starship carries no payloads, this is way too early, so there's nothing to insure.

Once SpaceX have had a few successful tests, we'll start seeing candidates happy to risk their payload for a reduced fee, though probably still uninsured. Then when the reliablity improves, commercial missions will become a reality and insurers will be happy to take on the payloads as the risk has gone down.

Airbus to test sat-stabilizing 'Detumbler' to simplify astro-garbage disposal

FrogsAndChips Silver badge

Re: I have two thoughts

That was my thought too. What was your second one?

EU lawmakers scolded for concealing identities of privacy-busting content-scanning 'experts'

FrogsAndChips Silver badge
Headmaster

Re: Stupid see, stupid do

Or a Fields medal.

FrogsAndChips Silver badge

Re: Stupid see, stupid do

"Well the laws of Australia prevail in Australia, I can assure you of that. The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia"

Malcolm Turnbull, former Australian Prime Minister.

FrogsAndChips Silver badge

Re: NGO?

IANAL, but I think 'expert' is not an official title, so anyone can call themselves an expert in any field.

It's perfectly legal for cars to harvest your texts, call logs

FrogsAndChips Silver badge
Black Helicopters

Re: I can see two cases here

>> 1) You own the car, and it retaining your information is no different than it being stored on your phone, PC, etc.

> Except the maker / dealer / service tech / government can read the messages and you didn't know

How does that differ from it being stored on your phone/PC..?

India's lunar landing made a mess on the Moon

FrogsAndChips Silver badge
Boffin

Epiregolith

How can you not love that word?

Cryptojackers steal AWS credentials from GitHub in 5 minutes

FrogsAndChips Silver badge
FAIL

Re: Least privilege

First rule of AWS IAM: delete access keys, use roles to give temporary privileges to resources. Then, if you need specific credentials, store them in ParameterStore or SecretsManager. There is absolutely no reason to store credentials in clear text in your code, especially if you make it available in GitHub.

Ask a builder to fix a server and out come the vastly inappropriate power tools

FrogsAndChips Silver badge

Re: Ouch!

That's indeed the case in French, but then they would be more likely to use the term "solder" rather than "weld" as it's similar to the French "souder".

Page: