Re: Idiots
A boris?
Posts by Captain Badmouth
624 publicly visible posts • joined 1 Aug 2015
NFTs not annoying enough? Now they come with wallet-emptying malware
Brewdog might make an OK pint but its security sucks: Flaw opened door to free beers for anyone
US House Rep on cyber committees tweets Gmail password, PIN in Capitol riot lawsuit outrage
US declares emergency after ransomware shuts oil pipeline that pumps 100 million gallons a day
Tuesday 11th May 2021 16:12 GMT 
Been there, done that...
Meanwhile, the Russian/ Chinese/ Iranian/ N Korean (delete as/if necessary) state-employed Black Hats are spitting blood waiting to see if their little compromise software, sitting quietly in a dark corner of a server somewhere, will be uncovered by the security measures introduced following this mal(ware)arkey.
Voyager 2 receives and executes first command in 11 months as sole antenna that reaches it returns to work
The curse of knowing a bit about IT: 'Could you just...?' and 'No I haven't changed anything'
Trump fires cybersecurity boss Chris Krebs for doing his job: Securing the election and telling the truth about it
What a Hancock-up: Excel spreadsheet blunder blamed after England under-reports 16,000 COVID-19 cases
Proposed US fix for Boeing 737 Max software woes does not address Ethiopian crash scenario, UK pilot union warns
Microsoft leaks 6.5TB in Bing search data via unsecured Elastic server. *Insert 'Wow... that much?' joke here*
It has been 15 years, and we're still reporting homograph attacks – web domains that stealthily use non-Latin characters to appear legit
Cyber-security super-brain Rudy Giuliani forgets password, bricks iPhone, begs Apple Store staff for help
Wednesday 6th November 2019 14:45 GMT 
Website scores
I see his website scores a "T" due to certificate mismatch here:
https://www.ssllabs.com/ssltest/analyze.html?d=www.giulianisecurity.com
and, as you may have guessed, an "F" here:
https://securityheaders.com/?q=www.giulianisecurity.com&followRedirects=on
Laughed? I almost opened that attachment...
Dixons hits back at McAfee's £30m antivirus sueball: Your AV didn't work on Windows 10S
Here's to you: UK.gov praises Reg-reading techies for keeping on top of cybersecurity
Thursday 4th April 2019 20:34 GMT
Re: Let's ponder on Long AI Marches
"Have you found them to be refreshingly proactive, Olaf, and could this relatively anonymous communication channel be one of their creation and iteration?
You know, NCSC doing some Deep and Dark See Phishing for Blighty in the Almighty Strange Waters of a Cutting Edge Publication Hosting here. ..... for those more than just interested in taking and making a Walk on the Wild Side?"
Don't go solving the crypto-puzzle or, if you do, don't go phoning the no. given for the prize of 2 yrs. subscription to the magazine of your choice...
Mystery of the Chinese woman who allegedly tried to sneak into Trump's Mar-a-Lago with a USB stick of malware
TP-Link 'smart' router proves to be anything but smart – just like its maker: Zero-day vuln dropped after silence
Saturday 30th March 2019 14:41 GMT
Re: Nearshore?
Quite, although TP-Link seem to recommend DD-WRT.
But, no warranty!
"To Use Third Party Firmware In TP-Link Products
Some official firmware of TP-Link products can be replaced by the third party firmware such as DD-WRT. TP-Link is not obligated to provide any maintenance or support for it, and does not guarantee the performance and stability of third party firmware. Damage to the product as a result of using third party firmware will void the product's warranty."
Huawei savaged by Brit code review board over pisspoor dev practices
Data breach rumours abound as UK Labour Party locks down access to member databases
Use an 8-char Windows NTLM password? Don't. Every single one can be cracked in under 2.5hrs
Ticketmaster tells customer it's not at fault for site's Magecart malware pwnage
Worrying Windows 10 wrecking-ball weapon weirdly wanders wildly on worldwide web
Sealed with an XSS: IT pros urge Lloyds Group to avoid web cross talk
Friday 21st September 2018 13:02 GMT
Re: Multi-layered security controls across our systems
"I got a similar answer from EDF when I asked them why I needed to disable 'Auto remove overlays', 'uBlock Origin' and Safescript in order to access the site."
With noscript you have to enable google.com and gstatic.com and sometimes an amazonaws script in addition to the edf script in order to log in. The google and gstatic scripts seem to be there for supplying the captctha. The amazonaws is not always present but if it is you have to enable it. I've complained about this excessive use of 3rd party stuff but they seem not to understand, their ssl labs rating was a B until I told them about it, they've since improved it.
The Reg takes the US government's insider threat training course
When is a patch not a patch? When it's for this McAfee password bug
Revealed: British Airways was in talks with IBM on outsourcing security just before hack
C'mon, if you say your device is 'unhackable', you're just asking for it: Bitfi retracts edgy claim
Bank on it: It's either legal to port-scan someone without consent or it's not, fumes researcher
'Fibre broadband' should mean glass wires poking into your router, reckons Brit survey
Tuesday 17th July 2018 15:41 GMT
Re: Surfboard modems
"The first cable modems they supplied were Surfboard modmes. They used a soft config file sucked off the server and stiored in EPROM. The config file set you up/down speed, otherwise all you had was 64k to the server and no other connectuion. It turned out to vbe suprisingly easy to sniff config files as they zoomed past, save them, read them, reset the mac address of the modem, then copy up the config file. You paid for 128k but got 10Mb"
You sure they weren't Surfboard mod-me's?
Tuesday 17th July 2018 15:29 GMT
Re: It was always fibre though, right?
Collecting code books from adjoining areas so you could dial various exchanges to check for faulty ones ( dial remote exchange from local exchange then code for local exchange from remote location) to see if paybox gets bypassed. Rinse and repeat. Result : faulty exchange bypasses paybox- free phone calls.
Otherwise dial exchanges in a string to avoid long distance charges- gets noisier with more hops.
I've said too much...
Mines the one with all the little red books in it. ( No, not those little red books...)
US military manuals hawked on dark web after files left rattling in insecure FTP server
Dr Symantec offers quick and painless checkup for VPNFilter menace on routers
Monday 2nd July 2018 18:59 GMT
That's the problem gents, by the time you've enabled (one at a time) the first few scripts, you find the check doesn't work. Of course you look again to see a whole new shitload of other scripts waiting for your permission. I'd be more trusting if I hadn't remembered that Todd Davis (Symantec co-founder) had his identity stolen 13 times!
Would you want to steal his identity?
Biting the hand that feeds IT
