* Posts by h3nb45h3r

43 publicly visible posts • joined 4 Nov 2015

Fujitsu finance chief says sorry for IT giant's role in Post Office Horizon scandal

h3nb45h3r

Re: Talk is cheap, where's the £?

I'm going to say they knew everything, if only as they were mainly (OK, wholely) responsible for it all...

A timeline:

Fujitsu bought 80% of ICL in 1990, ICL effectively became the European arm of Jujitsu at that point.

In 1996 the Horizon (or Pathways as it was known internally) contract was signed.

In 1998, Fujitsu purchased the remaining 20% of ICL

In October 1999 the first Horizon terminal was put on a Post Office Counter

In 2022, ICL was officially rebranded Fujitsu and all ICL branding dropped.

Politicos demand full list of Fujitsu's public sector contract wins in wake of Post Office scandal

h3nb45h3r

Contract award criteria

The UK Gov tried to ban Fujitsu from Gov project in the last throws of the coalition government in 2015.

However they were advised that previous performance could not be used to block a company form any future contracts.

The Post Office systems scandal demands a critical response

h3nb45h3r

Re: I've mentioned this before but bears repeating..

That's not true at all, Fujitsu bought 80% of ICL in 1990, long before the Horizon contract was signed (in 1996). At that point Fujitsu were essentially the European arm of Fujitsu.

In 1998 Fujitsu purchased the other 20%, Horizon didn't a Post Office counter until November 1999. In 2002, ICL was officially rebranded Fujitsu.

Fujitsu will not bid for UK.gov business until Post Office inquiry closes

h3nb45h3r

Food for thought

Aside it says new business (not renewal of the multitude of existing contracts), am I cynical in suggesting the really big contracts rarely get decide or awarded in a General Election year?

Why do IT projects like the UK's scandal-hit Post Office Horizon end in disaster?

h3nb45h3r

Here's that document in it's entirety https://www.postofficehorizoninquiry.org.uk/file/871/download?token=gDkssh69

h3nb45h3r

Because Fujitsu are involved?

BAE Systems handed £38m Border Force intelligence contract

h3nb45h3r
Pint

Just be grateful!

At least Fujitsu didn't win it, so this may work!

Victims of IT scandal in UK postal service will get fresh compensation

h3nb45h3r

Re: Bollocks

Rebecca Thomson was the first journalist to write about the Post Office Horizon Scandal. Nick Wallis is clearly a power house that help push it more into the public eye, but it's shocking that it's not known about more. I know lots of people who work at Fujitsu and this isn't mention in the company, some of those staff have been with Fujitsu when they were ICL (ICL was 80% owned by Fujitsu).

Nick and Rebecca have a podcast that is covering the inquiry https://www.postofficescandal.uk/podcast/

h3nb45h3r

Re: Why BEIS ?

The cost of the Post Office legal representation for the Group Litigation Order (Post Office v Bates) in 2019 was actually £117m, not £20m

Good news for UK tech contractors as govt repeals IR35 tax rules

h3nb45h3r

Yes

They announced the appeal of the client status determination in both the public and private sector.

NHS data platform procurement delayed for a second time

h3nb45h3r

I'm just thankful...

...That Fujitsu haven't been given the opportunity to bugger it up

Fujitsu: Dumping older workers will wipe out quarter of forecast profit

h3nb45h3r

No doubt some of their staff will be getting different jobs soon anyway, sowing mail bags...

UK government has 'no clear plan' for replacing ageing legacy IT estate, MPs report

h3nb45h3r

Whatever, just please...

Stop giving Fushitsu contracts...

OVH blames hour-long global outage on human error during 'routine' network reconfiguration

h3nb45h3r

Bloody intern....

Fujitsu wins £5m contract to support the UK's troubled Border Crossing system

h3nb45h3r

Re: Hopefully their last

Yeah... about that

Went to edit it and it timed out whilst I was distracted by something else, my bad, apologies to all concerned

Global Fastly outage takes down many on the wibbly web – but El Reg remains standing

h3nb45h3r

They spelt DNS wrong...

Parliament demands to know the score with Fujitsu as Post Office Horizon scandal gets inquiry with legal teeth

h3nb45h3r

Re: Why?

"The expert witnesses from Fujitsu surely must have been advised by Fujitsu's legal team, and it's beyond belief that they would have advised those witnesses to commit perjury.....There's more to this than meets the eye."

You've clearly never had any dealings with Fujitsu, if their legal team is internal, providing that advice would make complete sense and would be in-keeping with how all the other Fujitsu departments conduct themselves...

h3nb45h3r
Stop

STOP. GIVING. FUJITSU. GOVERNMENT. CONTRACTS.

That is all...

39 Post Office convictions quashed after Fujitsu evidence about Horizon IT platform called into question

h3nb45h3r

Re: Perjury?

Wonder if any have ISACA or ISC2 certifications, if so they would have agreed to abide by the code of Ehtics.

Having passed the CISSP recently (please don't hate me, I have a mortgage pay for and wife and kids to support), they make a big deal of these and I'm sure and the Post Office or Fujitsu staff working on that project would have clearly breached 1,2 and 4, wonder if anyone will have their certifications removed or face over sanctions?

Code of Ethics Canons:

1. Protect society, the common good, necessary public trust and confidence, and the infrastructure.

2. Act honorably, honestly, justly, responsibly, and legally.

3. Provide diligent and competent service to principals.

4. Advance and protect the profession.

Source https://www.isc2.org/Ethics

Deloitte settled HPE's Autonomy lawsuit for $45m back in 2016 and agreed to cooperate with US DoJ

h3nb45h3r

Maybe it's possible...

...That Fujitsu were able to sell their Horizon software, fundamentally a system that was unable to add up, to Deloitte to help with the audit?

Brit cybercops issue tender to rip and replace their formerly flaw-ridden CyberAlarm tool

h3nb45h3r

Zero Trust

Not talking about the security policy this uses, by my feelings towards it.

Shan't be recommending, using or touching this thing with a barge pole, or any suitable similar replacement (barge poles are hard to get hold of these days...)

Cisco’s 'intuitive security' tool can’t handle MAC address randomization out-of-the-box

h3nb45h3r

Re: Yet another elastoplast with unexpected consequences?

The MAC address is only seen in the layer 2 broadcast domain the host connects to.

As soon as the host requests a resource that is not available on the broadcast domain it resides on it sues IP addressing, and with each hop across the various networks the traffic goes, the source and destination MAC addresses will change (to be the ingress and egress interfaces MAC addresses of that layer 2 broadcast domain).

TL:DR

Which basically means:

Unless 'the likes of Google, Amazon, Facebook, NSA etc etc' own (of have access to) the AP you are connecting to, they're unlikely to see you MAC address.

The big issue here is connecting to your office environment and the supporting of that.

If you believe that someone with the resources of 'the likes of Google, Amazon, Facebook, NSA etc etc' would be using the MAC address to track you is ludicrous, I can see the argument about companies tracking you, but for a lot of public WiFi you need to register anyway!!!

In short, from a security perspective, yes it is better then nothing, but they should have an option to be able to set a MAC address for a SSID so that when you go to your trusted networks, such as work and home or VPN, it will cause less issues (and allow of the use of Dynamic ARP Inspection and other LAN security measures) and randomly set it for any network that you select to be 'public'.

The latter where being the default maybe?

Contractors welcome Lords inquiry into IR35 before tax reforms hit private sector but fear it's 'too little, too late'

h3nb45h3r

Not if employed via an agency and the agency deem the role to be inside IR35

h3nb45h3r

Good points, badly made, now consider this...

For future roles, knowing how companies love to save money, why employ permanent staff when you can employ contractors, and not have to pay for the 25-30 they aren't actually working for you (holiday), no pension contributions, training, no paternity or maternity right but pay them more (let's go with 20%) which they'll be taxed more on.

Now move forward a little time, why have permanent staff at all? I can employ people, lower the rates down gradually (do you want the job or not?) so eventually it's parity with the market rate for a full time employee, but I get 25-30 days more productivity out of the for the same cost, I don't have to pay pension contributions, training time off for illness and other things and I can get rid of you without a tribunal (you're not an employee), that what this does.

Luckily companies aren't unscrupulous I suppose, otherwise that would be a real concern...

Class-action lawsuit claims DXC 'selectively timed' job cuts to inflate short-term profit target

h3nb45h3r

Confused?

I wonder if you did a search on El Reg stories with the keyword 'DXC', what percentage would be stories about redundancies?

If Shadow Home Sec Diane Abbott can be reeled in by phishers, truly no one is safe

h3nb45h3r
Pint

Re: I doubt she'll ever be Home Secretary, but...

I'd be more concerned about any of the files that the attacker may have got control off and if they get released to the public.

I'm not too concerned about anything to do with National Security being released, it's the prospect of pictures of her and/or Jeremy Corbyn in various states of undress from when they were knocking boots..... 'Shudders'

Insects with farts that smell like coriander assist in covering up Paris's aroma d'urine

h3nb45h3r

Re: Coriander?!!

I know they're French, but even I feel that's a little harsh....

It also doesn't solve the issue with the insects.

FYI: There's a cop tool called GrayKey that force unlocks iPhones. Let's hope it doesn't fall into the wrong hands!

h3nb45h3r

Woah! Some much tin foil, so many hats.....

Whilst I appreciate privacy is important, security is also, and if this can help stop bad things happening, great.

And if they get my phone and discover the only dubious thing I do is read El Reg and they obtain all the pictures of my cat I've taken, I wouldn't consider that a bad thing, my cat looks awesome....

Trump's tax reforms lift DXC's profit

h3nb45h3r

Boardroom bingo....

House!

Wait! Before you fire up that HP lappy, check the battery

h3nb45h3r

One piece of good news though...

At least if the battery catches fire and takes out the laptop, it will deal with the numerous key loggers that HP laptops appear to have on them......

First Allied submarine lost in World War One, found near New Guinea

h3nb45h3r

Lest we forget.

Hopefully people will respect this war grave and preserve the dignity of those who perished.

Seek 'passion' and tech skills will follow, say recruiting security chiefs

h3nb45h3r

Slightly off topic but...

I caught Chris Boyd's talk at Steelcon 2017 entitled 'Mahkra ni Orroz'.

Well worth a watch, here's the link https://blog.malwarebytes.com/security-world/2017/07/steelcon-mahkra-ni-orroz/

Hackers nip into celeb plastic surgery clinic, tuck away 'terabytes'

h3nb45h3r

Re: Sick

Who said they were lady-bits?

Security pros' advice to consumers: 'We dunno, try 152 things'

h3nb45h3r
Facepalm

WTF, security isn't a users responsibility....

Security is everyone's responsibility, clearly for some it's to a greater extent, like if you job is an admin.

But if you let you user onto any production (or any business paid for network including a dedicated BYOD internet connection) and you don't provide them training (or guidelines at the very least) on how it works and a system operation agreement for them to sign outlining what is expected of them and what they shouldn't do, then you're in trouble to start with.

Yep, signing a piece of paper they won't read won't stop them doing stupid stuff, but at least you have cover, and you should be locking down the system to prevent the obvious, and providing regular (but not spamming) tips and advice, more importantly, you need HR on board, I'm yet to meet an organisation even with a fully manned SOC monitoring every log known to man, and a fully supported NOC and a room full of admins to ensure the environment is fed and watered, that can block stupid.

Saying you don't expect users to participate in security is a defeatist attitude given the current threats such as phishing and I believe that mindset is setting oneself up for trouble.

What's HPE Next? Now it's unemployment for 'thousands' of staff

h3nb45h3r
Mushroom

I have a theory as to why HPE like getting rid of people...

Do you think Meg was bullied as a kid?

Fresh strike action ballot planned at Fujitsu over pay, pensions, job cuts

h3nb45h3r

Let's be fair, if the majority of FJ staff I know were to go on strike, productivity will not go down.

They have some great engineers working for them, however they have a larger number of people who are in positions because they have a pulse and are willing to turn up and accept not much money for the job they are doing.

This then compounds the problem, low paid and untrained or inexperienced staff cannot provide the service their customer deserves, but then again, FJ have just been massively under cutting the likes of Crapita, DXC etc. to win contracts, hence the lack of staff, and more importantly, the lack of staff competent in the disciplines they find themselves in.

As for contractors, they have employed (due to a lack of permie staff) a lot of contractors who have never touched the technologies they are supposed to be looking after, and in the field I work in (and have to deal with them) it's embarrassing when you ask a simple question and they don't understand basic and simple terminology

As an example, I working networking and several of their contracted 'network engineers' didn't know what a subnet was., and to compound the issue, they are being paid about half of what I would consider the going day rate. This gives genuine, skilled and talented contractors a very bad reputation.

Networking vendors are good for free lunches, hopeless for networks

h3nb45h3r
WTF?

'users buy into a vendor's approach to running networks'

Surely IEEE standards and standards of that ilk are created to prevent propriety network solutions.

I appreciate people will still use vendor driven solutions if they don't have their own network team and outsource to vendors professional services, but every project I've worked on stipulated COTS products and non propriety network configurations (so no EiGRP, despite no longer propriety etc.).

What about basic things such as network segmentation? InterVLAN policing of traffic? 802.11 wireless standards? 802.1x and 802.1ae protections?

Spies do spying, part 97: The CIA has a tool to track targets via Wi-Fi

h3nb45h3r

This is an old technique....

Honey Badger does this https://bitbucket.org/LaNMaSteR53/honeybadger/

Is this a solution to Trump signing away your digital privacy? We give Invizbox Go a go

h3nb45h3r

I bought one ages ago.

I bought one when it was on Indiegogo, it great because now I have an easy method to pop out in Los Angeles and listen to KROQ, who geo-block web listeners. It's also very convenient for providing some form of protection when using public Wi-Fi networks in hotels etc.

If you fell the alphabet agencies are after you, to be honest, they'll go after you laptop or phone. I'm all for personal internet security, but let's bring this into perspective, this device is merely aimed at being part of your security, if you want one device that removes any risk for you data and internet usage, go and invent it, one simply doesn't exist. If you don't trust it, don't buy one. This product, for me, is about aiding in protecting me in public locations where I use public Wi-Fi hotspots, and as the reveiw said, it's very easy to use. The other alternative is to use my 4G allowance, that is no way a safer alternative.

HMRC emits IR35 tax calculator onto the web for UK contractors

h3nb45h3r
Facepalm

hmmm......

Just did a search for the test and found this from HMRC's website from 2015, it appears to be the same thing, I do hope they're not paying an external contractor to produce the test....

http://tools.hmrc.gov.uk/esi/screen/ESI/en-GB/summary?user=guest

h3nb45h3r

A false sense of security

Clearly they're just calming fears prior to launching the actual test and catching everyone and back dating the tax.

Daft Punk: Snowden goes electronica

h3nb45h3r

Snowden is not a hero..

I just don't get it, I suppose for the same reason I don't understand people actively following the lives of people like Paris Hilton, Bruce "or whatever her name is now" Jenner and the Kardashians.

The followers of just those people should provide ample evidence that the public cannot be trusted with information unless it is OK magazine.

The world is not a safer place thanks to this speccy twat, all the extremists, paedo's and other groups of people with fundamental character flaws has just changed their methods of communication making the world less safe.

Meanwhile in OK magazine, Paris Hilton shows some thigh.. (And she look like a grasshopper).

Met makes fourth TalkTalk arrest, this time a London teen

h3nb45h3r
Trollface

Only if you're American

The yoof form London arrested at his house in Norwich.

The funny thing with people is they mostly have legs which affords them the ability to read....

The other funny thing is with people is they mostly have eyes and a brain, but this doesn't always afford them the gift of using them in conjunction with each other.....