nav search
Data Center Software Security DevOps Business Personal Tech Science Emergent Tech Bootnotes
BOFH
Lectures

* Posts by NonSSL-Login

211 posts • joined 13 Nov 2015

Page:

Bombshell discovery: When it comes to passwords, the smarter students have it figured

NonSSL-Login
Bronze badge

Hi JV, thanks for the reply.

Having read the article I appear to have missed the fact that Troy had shared a database of hash's and the comparison was done against that. Apologies. I usually blame lack of caffeine for my mistakes as otherwise I would never make any *cough* :)

There are many variables in passwords that cross the IQ barrier. Not everyone has a job related to their IQ as ambition and other factors are involved but if you generalise that a manual labourer may have a lower IQ than a director of a company you may expect the labourer to have a weaker password. A fair percentage of the time it's their favorite sports team or player with maybe a capitalised first letter and a number at the end if the signup forces those attributes. Yet a lot of CEO's will also use their sports team as a password too.

There are differences where say a fruit seller on a stall in London may have a football(soccer) related password, a CEO who went to Oxford might have a Rugby related password as social economic groups also play a part.

At the same time both groups may use a password based on a crush/partner/kids or dog or a date of birth.

Both high IQ and low IQ people know they are supposed to have good passwords. Is it down to IQ about who puts the effort in?

0
0
NonSSL-Login
Bronze badge
FAIL

The article says that 215 students hashes were in Troys database and states this was down to bad/unsafe passwords. Wrong. They are in Hunts databases because they happened to be signed up to websites that got hacked. There is no relation to IQ at all.

Maybe a correlation between how many sites someone signs up to, or quality of site, could be made relating to IQ but that is not what the article says.

1
1

Brit ISPs get their marker pens out: Speed advertising's about to change

NonSSL-Login
Bronze badge

Speed + Quality/Stability score

We still need a quality score to go with the speed with advertisements. 200mbit is no good for streaming or gaming if latency jitter is all over the place.

Something occasional browsers conned in to getting 200mbit to solve their browsing issues on the 50mbit service can ignore but gamers can use to make an informed decision.

0
0

Commodore 64 owners rejoice: The 1541 is BACK

NonSSL-Login
Bronze badge

Re: Reliability

Also started with a VIC 20 which is now emulated easily with just javascript... https://www.mdawson.net/vic20chrome/vic20.php

30+ years later I still can't purge the music from a cartridge game called Radar Rat Race out of my memory. Found a Vic 20 emulator and the game cartridge turned in to a 6k rom....everything gets emulated these days.

The Action replay cartridge for the Amiga was also emulated, so I assume they did the same for the C64.

Fun times.

4
0

Great Western Railway warns of great Western password reuse: Brits told to reset logins

NonSSL-Login
Bronze badge

Re: We need a court action

Depends on the attacker and the tools they use. Some of the programs used to try user/email combo lists against sites also allow you to specify a public proxy list which can be grabbed from many places. So you end up with hundreds of IP addresses with random User Agents with a bigger gap in time before a particular IP/proxy gets used again.

Some of the better tools allow you to specify a timeout before retrying with the same IP so you work out beforehand what triggers the captcha and adjust settings accordingly.

A captcha at every login would help but I hate with a vengeance having to fill in captures every time I want to login somewhere. Even then, it's easy to add code to a tool to cover sending the captcha's to a usually Indian based site where they charge you a fraction of a penny for each captcha solved on your behalf by an army of people employed to do so. 2captcha and anti-captcha are two such services. 50 cents for 1000 solved captchas, 2000 people online, 8 sec solve time.

0
0

Recording Industry Ass. says vinyl and CD sales beat digital downloads

NonSSL-Login
Bronze badge

Re: Just a few weeks ago they were telling otherwise...

Depends on what law change and location the media cartels are lobbying for on that particular day...

2
0

Leading by example: UK.gov's secure server setup is patchy at best

NonSSL-Login
Bronze badge

Re: To root or not to root

Probably easier and quicker for them to get the info via XKeyscore thanks to Tempora mass collection and it will be up to the second logs compared to synch + database integration once a day or week. But if you read my comment again, you will notice i'm not wearing the tin foil hat in this case anyway, so a moot point.

However, injecting payloads when the IP of Russian arms suppliers browse badly SSL'ed site....

0
0
NonSSL-Login
Bronze badge
Meh

To root or not to root

It appears the only security angle they look at with .gov sites is it secure from being rooted. Anything else doesn't seem to matter to them except for a working website. The fact that browsers have now started acting on bad SSL setups has exposed the bad config and bitten the admin on the ass.

Although in other areas I would be happy to don the tin foil hat and say the bad ciphers and config is to make it easier for GCHQ to log data, inject payloads and other shenanigans, these .gov issues are just down to bad administration.

Also, out favourite el-reg was a long holdout for SSL despite having a login form for users. Hence my username.... It was only when Google said they would list sites lower without SSL that they were forced to move their butt in to gear and add SSL that they did. The bad publicity might be enough to make the gov sites fix ssl issues but a lower search engine ranking might do the job faster.

3
0

Private Internet Access VPN opens code-y sarong, starting with Chrome extension

NonSSL-Login
Bronze badge

Re: Unrelated...

The GEOIP location data is based on what the ISP/owner of the Netblock registers the location of the IP to be at.

So while one ISP might register a block of IP's to their local office location or even a head office, some will be more accurate and give a town or village name for a set.

2
0
NonSSL-Login
Bronze badge

Re: Why not openVPN?

My VPN provider has their own client with lots of options but it acts more as a frontend to OpenVPN with extras. You can choose ports, RSA 4096, scramblesuit, tor-obfuscation etc which get passed along as parameters to openvpn. Obviously the extra code for that gets installed with the client, at least with their Linux client.

A few VPN providers probably have something similar.

0
0

NHS Digital heads accused of being 'suppliers', not 'custodians' of UK patient data

NonSSL-Login
Bronze badge
Big Brother

You mean like anti-terrorism law RIPA being used by half of councils for waste and littering offences or BBC for licence enforcement?

This is exactly what the committee is getting at and I am impressed they have stuck up for everyone with a decent argument. Yet nothing will change, making the whole thing pointless.

16
1

Sorry, I can't hear you, the line's VoLTE

NonSSL-Login
Bronze badge

Re: Correction needed

I also have a OnePlus 3T which can handle VOLTE but it won't work on Three as they refuse to add it to the Volte list. No reason for them not to add the support other than the fact they don't sell the phone themselves.

The Three in touch app is utter shite and it annoys me that I am expected to use it on a phone that supports Volte natively but is nerfed by the Three network.

From what I understand, other networks do it too. So it's not as if I can switch to another provider to get Volte working on my current phone. My mobile pet peeve beyond the obvious broken SS7 protocol.

0
0

Mueller bombshell: 13 Russian 'troll factory' staffers charged with allegedly meddling in US presidential election

NonSSL-Login
Bronze badge
Black Helicopters

Re: Icredible

That is the hypocrisy here. In many countries, including the UK and the US, teams of people are paid to try and influence the elections for the team that employed them. Sometimes under the banner PR, sometimes through leaking negative information about the other party and using friends in media to publish it.

Lots of nasty tricks that can influence elections but it's only bad if the rushkies do it.

It amazes me that the world knows that most of the world emails are intercepted and stored by the big intelligence agencies yet someone doing a secret job vs the NSA went and email'ed home to their parents confessing their crimes about covering their tracks from the FBI. Seriously?

12
0

Roses are red, Windows error screens are blue. It's 2018, and an email can still pwn you

NonSSL-Login
Bronze badge

Re: "...a total of 50 CVE-listed vulnerabilities..."

Sometimes the haystack just needs to be burnt to the ground and leave the needles in it's ashes.

12
0

Fancy Bears' who-takes-what in sports hack list ‘manipulated’ before leak

NonSSL-Login
Bronze badge
Black Helicopters

Re: Organizational Doxing and Disinformation

4. Bruce Schneier is Fancy Bear.

Mind blown.

Without knowing what information was doctored, it's difficult to guess at the motivation for the changes. I guess that info will be kept from us.

0
0

Crowdfunding refund judgment doesn't quite open the floodgates

NonSSL-Login
Bronze badge
Meh

Backed my first Indiegogo project last year and the buttons say you are claiming a perk for that amount now. So Indiegogo has already got around that issue and rubs it's hands clean of having to help it's site users again.

That might be why Indiegogo seem happy to let people use it's platform to fleece customers of their money.

After being five Months late and hardly any updates or communication, the campaign director of the project I backed has only sent a few of the backers the item, even though he now sells the same item on his website which you can buy and get straight away. Obviously he will get more selling them through his website than the original Indiegogo campaign so has decided to sell them there instead of giving them to the backers.

Try getting Indigegogo involved to get some communication or action taken and they just don't want to know. Would not touch Indiegogo with a barge pole in future.

Oh and their whole refund system, does not work. Plenty of people asking for refunds for the same project but because the project is overdue, Indiegogo say you have to get it back from the campaign manager. When the campaign manager refuses to answer any emails about anything, let alone delivery or refunds, Indiegogo do not care will not help in any way whatsoever. If you try and progress things they just don't reply either.

Sham of a company IMO. /Rant

3
0

Virgin Media skulks in disused public toilets

NonSSL-Login
Bronze badge
Coat

Gives a new meaning to the phrase, "i'm a bit buffered up".

1
0

Sad-sack Anon calling himself 'Mr Cunnilingus' online is busted for DDoSing ex-bosses

NonSSL-Login
Bronze badge
Meh

Logs from security guy....

Around the time this was happening, a flaw in the template used by many of the DDoS sites and re-sellers of VDoS was found. Through this the logs could be snarfed among other things.

So it appears the FBI used data hacked from the systems of the stress testing site to get the info needed to get this guy. Saying it was provided by someone else gives them the ability to do this without questions asked on any cases they want?

The guy is obviously stupid enough to get caught anyway but the method is questionable imo.

1
0

User had no webcam or mic, complained vid conference didn’t work

NonSSL-Login
Bronze badge
Facepalm

CD drawer wont open

A few years ago working for a well know insurance company a user logged a call to say the computer would not read her cd and the cd drawer would not open to get the cd back out.

Upon visiting it was clear she had no cd drive in her desktop. I asked where she put the cd and she got another cd and started to poke it in the thin gap between two blanking plates. She had just pushed the previous cd through the gap in to the frame of the pc.

19
0

Watt? You thought the wireless charging war was over? It ain't even begun

NonSSL-Login
Bronze badge

Faster Charging

Faster charging seems to be much more beneficial than wireless charging, which is slower by default.

The speed of wireless charging is the major obstacle to it becoming useful imo, no matter how much further away you can scale the actual charger.

0
0

WikiLeave? Assange tipped for Ecuadorian eviction

NonSSL-Login
Bronze badge

You missed the 9th one down the cul-de-sac at the side.

5
0
NonSSL-Login
Bronze badge

Re: "A third country might offer a new couch"

"Although the Ecuadorian embassy is now no longer under 24-hour surveillance by the police."

That's what they want you to think...

Probably a lovely antique clock on a shelf opposite the Ecuadorian door with a lovely crystal 720p lens, backup up by an in-house informer.

5
0

UK Foreign Sec Bojo to tell Kremlin: Stop your cyber shenanigans... or else!

NonSSL-Login
Bronze badge

Re: The Law of Outrage (gov.uk)

Do as we say, not as we do.

1
0

UK, US govt and pals on WannaCry culprit: It woz the Norks wot done it

NonSSL-Login
Bronze badge
Pirate

Highly likely

The article quotes him as saying 'highly likely' which is different from confirming they did it.

A bit like America's 'high confidence' of weapons of mass destruction in Iraq.

So they are not 100% sure but they are making a statement now that sounds like they are, as the political timing is right due to action they want to take towards NK.

17
1

Twitter's not dreaming of a white supremacist Xmas: Accounts nuked

NonSSL-Login
Bronze badge

Re: RE: NonSSL-Login

I side with you on the UK sovereignty issue. But you yourself were probably were labelled racist by some because of your anti-eu stance if you said so publicly.

If you had aligned with UKIP or this Britian first in an attempt to get out of the EU as they were the only group/party interested in leaving the EU, then there is a chance your social media accounts could be deleted if Twitter or whichever platform going by these recent deletions.

Like it or not, Twitter and Facebook heavily influences voters. Censoring one point of view and not others influences votes.

UKIP getting so much support frightened the conservatives in to giving the referendum so as not to lose more votes. Social media played a big part in getting the referendum to happen.

3
0
NonSSL-Login
Bronze badge

What happened in England for years was anyone who mentioned the problems uncontrolled immigration was causing was instantly shot down with the 'racist' tag, stifling debate on the matter. The end result was years of the issues getting worse until enough people voted for Brexit.

If UKIP and it's supporters were banned from Twitter back then (which I think they would be if Twitter had started banning accounts back then), the Conservatives would not have been forced to offer a referendum on the decision to stay in. Brexit probably wouldn't have happened. Whether you think that is a good thing or bad is not the point though.

So Twitter has the ability to steer countries political direction by choosing what people can and can't see, which is bad. Is it doing it's owners bidding or being an American company, Americas bidding?

Think past the bigger picture of 'Group A' I disagree with = bad, 'Group B' that I agree with = good and agreeing with bans based on that simplicity.

2
2
NonSSL-Login
Bronze badge

Newspapers employ people to write their stories. Twitter is user generated content.

There is a difference between censoring individuals or groups with different views to you and choosing not to write something that goes against your views in the first place.

3
3

One more credit insurer abandons Maplin Electronics

NonSSL-Login
Bronze badge

The minute you enter my local Maplins you are watched like you are a prolific shoplifter by the young staff there, who pretend to tidy up hanging things at the end of every aisle you are browsing. More unnerving than the ridiculously high prices for some things.

They may never be able to compete with online mail orders shops on price but some of the prices seem to be just fleecing customers who don't have a clue. If they had more sensible prices I would buy more there and accept the premium for having the item instantly.

7
0

'Suspicious' BGP event routed big traffic sites through Russia

NonSSL-Login
Bronze badge
Black Helicopters

Three minutes...

It would be so awesome if it comes out that a Russian spy reported that President Trump was on the way to the toilet with his phone, so Russia hijacked those routes for the next 3 minutes in the hope of catching something. Please let it be true!

2
2

NiceHash diced up by hackers, thousands of Bitcoin pilfered

NonSSL-Login
Bronze badge

Re: As per usual when something is internet facing.

To be fair I'm sure the "their own fault for badly configuring it" excuses will be along in a minute.

The updated info is that one of their employees was phished by email with malware and that was the starting point for the intrusion. No linux servers hacked or badly configured. After lateral movement through the network, the credentials needed to login and move the coins was found.

1
0
NonSSL-Login
Bronze badge

Netcraft says it runs Linux.

Probably find rather than the web server being hacked directly, workers running Windows machine were phished with nasty emails containing the malware that gave entry to their network or credentials needed to steal the BTC.

3
1

Games-mart Steam halts Bitcoin payments

NonSSL-Login
Bronze badge

The mining fee per transaction is like a credit card fee that is rising so much that only more expensive payments are worthwhile. A major downfall of BTC which is only going to get worse.

2
1

Car rental firms told: Tell your customers about in-car data slurps

NonSSL-Login
Bronze badge

Had an Enterprise hire car where a copy of what I assume was the last persons address book was stored in the car. Some cars copy the address book locally so the cars computer can do the speech recognition and dialling rather than your phone.

Obviously cars need to come with an easy reset for those parts of the system so hire companies and individuals selling their cars can wipe the data.

You could blame the person using the car before for not wiping everything but like yourself, many are not aware it is actually copying the data rather than just getting it from your phone on the fly. The car hire peeps should be doing the resetting IMO. Ask the manufacturers to keep your business in mind when designing their systems.

12
0

EE drops packets but retains UK network champ's title

NonSSL-Login
Bronze badge

Time frame and next tests

Yesterday I did a speedtest on my 3 sim (still on the unlimited one plan!) and found it was giving 106Mb/s down and 33 up http://www.speedtest.net/my-result/a/3439503471

What was the time period the tests were done over? The last few months Three have done a lot of upgrades in a load of areas, so they might fare a bit better in the next lot of tests when it comes to speed at least. Latency is still not superb although thank $diety I don't have it as bad as the results Tutela came up with.

Now we just need latency, jitter and packet loss comparisons published for fixed line home broadband connections. Yeah, i'm looking at you VM!

1
0

Google prepares 47 Android bug fixes, ten of them rated Critical

NonSSL-Login
Bronze badge
Facepalm

I wasn't comparing Android and Apple. The comparison was between buggy software that keeps giving exploits month after month.

Step off that horse carefully, it's a bit high....

1
0
NonSSL-Login
Bronze badge

Androids Media Framework and Qualcomm chipset seem to be the new Flash Player or Acrobat when it comes to exploitable vulnerabilities.

No doubt we will see more vulnerabilities in those areas on a regular basis.

4
1

High Court judge finds Morrisons supermarket liable for 2014 data leak

NonSSL-Login
Bronze badge

Re: He got 8 years....

Was thinking the same. The sentence seems overly harsh compared to other offences.

He could have stabbed the person who stabbed him and gotten off with much shorter jail time or maybe community service. That might have been more satisfying too!

2
0

Microsoft says Win 8/10's weak randomisation is 'working as intended'

NonSSL-Login
Bronze badge

Slightly to do with article but...

It's not a bug, it's a feature....

0
0

Firefox to warn users who visit p0wned sites

NonSSL-Login
Bronze badge
Alert

As long as I can disable it

I don't want to send every single website I visit to Firefox or HavIbeenPwned. For that same reason I disable similar protections on Chrome and also site prediction features.

I get that many of the population don't know or care how much data they give different companies for these kind of features to workand this may be of use to them, but let me disable it.

As for storing info, some of the previous database searching sites similar to HaveIbeenPwned, have been pwned and had all the database stolen. Ie, the big exploit.in mentioned on Troys site. So having all the info in one place...it's going to hacked eventually.

3
0

Loake Shoes admits: We've fallen victim to cybercrims

NonSSL-Login
Bronze badge
Coat

One step forward...

One has to hate the soulless PR statements that try and deflect blame by comparing the incident to another well known event.

4
0

DNS resolver 9.9.9.9 will check requests against IBM threat database

NonSSL-Login
Bronze badge

City of London Police and Piracy

The City of London police are well known as being corporate police for the media cartels. I'm assuming piracy sites and any site that upsets Hollywood will be blocked by this service at some point. In fact it wouldn't surprise me if this was one of the main reasons for it but the cyber crime and nasties angle tacked on to sell the service and get it used.

2
0

Twitter's blue tick rule changes may lower the sueball barrier

NonSSL-Login
Bronze badge

Carrot and the blue stick

Pretty sure if you hovered over the tick or somewhere near the tick it clearly said "verified account" which to anyone with a brain cell indicated they have verified the person is who they say they are.

Effectively they have changed what the blue ticks are for, all for no good reason.

Had an inkling in the past when they refused to give certain people a blue tick that it was because they wanted to punish them for their political views or similar. Twitter have always seen the tick as giving someone more legitimacy and maybe more followers and traffic as a result so have used it as a carrot and a stick. Maybe this change is not so much of a surprise considering.

Twitter is definitely not a tool of free speech.

17
0

Pawnbroker pwnd: Cash Converters says hacker slurped customer data

NonSSL-Login
Bronze badge

Re: Stating the obvious

Those paragraphs has since been removed in case anyone wonders what we were gibbering about.

0
0
NonSSL-Login
Bronze badge
Facepalm

Stating the obvious

Cash converters say they have had a data breach and the comment from Troy is that is bears the hallmarks of a data breach at Cash converters?

Either that is the worst case of stating the obvious or the article has been worded badly :P

3
0

WikiLeaks drama alert: CIA forged digital certs imitating Kaspersky Lab

NonSSL-Login
Bronze badge

This release will not lead to another Wannacry like the professor is babbling about as the release is only code for the control centre part of the malware. No exploits, just the front end and communication stuff.

The media and 'experts' love to make it out to be worse than it is.

13
0

Don't worry about those 40 Linux USB security holes. That's not a typo

NonSSL-Login
Bronze badge
Thumb Up

Wubbery but

I will stick with the Rubber Ducky.

1
0

Logitech: We're gonna brick your Harmony Link gizmos next year

NonSSL-Login
Bronze badge

Re: Gerald Ratner moment?

They could pull the Harmony web server configuration tool offline (not that it works if you use Linux) or stop the app connecting to a database for remote configs at any time. All it takes is a meeting where they decide to get out the remote business.

The problem is who else makes a customisable remote at a decent price and doesn't need remote servers of some kind for configuration or is planning future cloud integration for PR and advertising reasons.

Truly stuck what to do when my Harmony finally bites the dust.

0
0

Commuters' phone data could be tracked to save megabucks on census

NonSSL-Login
Bronze badge

Re: Undocumented illegals

Aways some social libtard social justice warrior who jumps to the wrong conclusion.

Mixed race family here with some of my family being immigrants myself. You are barking up the wrong tree.

Unless you have lived in the area and see things with your own eyes, you just wouldn't understand. But yeah, anyone who mentions illegal immigrants is a bigoted dailymail reader to some people. /ShakeHead

5
7
NonSSL-Login
Bronze badge
Devil

Undocumented illegals

Those inflated numbers from the mobile data vs the consensus could be in part from the amount of illegal immigrants in those areas. They have mobile phones but are not on any register.

Often saw multiple gang masters picking up obvious groups of illegals in beat up vans to take them to work and back again from where I was located in the Croydon Home office area for a while. Maybe mobile phone data will finally show how bad that problem is.

8
11

Londoners: Ready to swap your GP for an NHS vid doc app?

NonSSL-Login
Bronze badge

Re: Can't come soon enough

Incidentally, a triage nurse at A&E in the early hours used her mobile phone camera LED as a torch to look for whatever was stuck behind my eye irritating it.

All I could think of was how battered and dirty the leather folding case on her phone looked as it swayed about while she blinded me with the LED.

Based on that clearly anecdotal argument, im against phones in the medical profession unless there is a clear benefit.

But sod giving all my personal medical data over to any company, let alone one with the slightest of connections to Google.

5
1

Page:

The Register - Independent news and views for the tech community. Part of Situation Publishing