226 posts • joined 13 Nov 2015
Probably intentional. If you can't see the date you are more likely to click it to look than if you see an old date where you can decide it's old news and ignore. Not good for the user but good for the-register who wants clicks and views for their income.
It's not even pretty though
Reddit also allowed the old design to be used too when they made major changes recently. Link was prominent at the top too so easy to access.
There is am opt-out at the bottom of the register page, It might be hidden under a floating toolbar asking you to click OK to accepting cookies though, requiring you to click that before you can reach the opt-out link.
The BBC admitted to changing their staple of lots of information down to smaller byte sized generic sentences so they could fit on mobiles too. So even the stories got shit and more tabloid looking amongst all that white space.
The register shouldn't have that issue at least as stories are still a decent length.
In the past I have used the Stylish addon to change the look of sites/pages but that addon got pulled from both browsers app stores when an update started sending data back to their servers. Don't want to create security risks just to fix horrible formatting for a site.
Too much white and too much empty space. Exactly how shit the BBC site looked when they made it to look better on mobiles. No care about those that use huge monitors due to stats saying a mobile users are a larger percent of viewers.
In this day and age it should be easy enough for technology to format on the fly better for mobile/large screens yet no one seems able to do it. Web 2 maybe not fit for purpose if it can't handle that.
My browser removes cookies that it hasn't blocked on exit, so im guessing every visit I will have to opt-out.
From using the BBC site daily I now use it once a month at best since they made the changes everyone hated. I guess im now going to have to find another way to view register content which isn't so dreadful or it will go the same way as the BBC in my viewing habits.
Or just someone on the same wifi network running wireshark or other tools. Requires catching the initial handshake but easy enough to disconnect a client and force it to reconnect to catch it.
Re: redirecting HTTP to HTTPS
Searched for the Beefeater site yesterday and google gave a http link which didn't redirect to https once on it which I thought was odd for this day and age.
To view a menu it wanted my postscode and while it's not the end of the earth for that to be sniffed, it felt too dirty to post it over http so I had to manually change it to https.
My name was a good few years of nagging at el register to https up and it took google to start giving horrible chrome messages and lower search engine ranks to http site before it was changed. Anyone company not using https now should be considered lazy and not fully competent imo.
Re: Don't assume they don't have supercomputers...
It wouldn't surprise me if they have access to be able to use every idle CPU on the Amazon cloud along with some tools that distribute the load of the job. No supercomputer needed when you can have a million computers working for 2 minutes on their section of the same job.
Re: Am I being thick ?
Apps on phones such as whatsapp run in their own memory space so it is not a simple task to add another encryption layer on top without rooting phones and such which cuts out most users. A keyboard app could potentially convert what you type ad copy to clipboard and convert replies but it would be far from pretty and straight forward which is what app users want.
The NSA/GCHQ's are being crafty now and instead of asking for backdoors in encryption, they are asking technology companies to implement sly changes which means no backdoor is needed. Skype conversations used to be peer to peer and never touched servers so one assumes they got Microsoft to buy and change the product so all conversations went through their servers for the 5+ eyes benefit.
One assumes Whatsapp went out of their way to help the government agencies by adding a chat backup option, an in your face popup to all users asking if it should be enabled and when they do, it disabled the encryption of their chats. The backup of their chats are also stored on their servers indefinitely for the 5+ eyes too.
So expect more sly changes like these as technology companies shout publicly that they are fighting for your privacy while still looking you eye add these privacy defeating changes they hope you don't notice.
Integrity is not guaranteed but could be
Hash of the page made (with a decent hashing standard to avoid collisions) as soon as it's mirrored and that hash stored in a blockchain or another tamper proof method, then it can be trusted a lot more.
All it takes is for one vulnerability or a determined hacker to phish their way in to their systems and modify some content and the trust is all gone. It's no good saying the files or disk is read only when someone can change the links and results to point to their own created content instead.
Archive.org is far from perfect as evidence as it stands imo. It could be made better for evidence integrity but as long as they continue to do the great job they started out to do, that should be their main focus.
Is the data not ours? Do NI payments mean we paid for the care and have data protection?
Why must my data be given away in the first place?
At no point while being treated by the NHS was I told that my data would be shared or sold with anyone. I have never given permission for my data to be sold or shared nor have I ever signed any paperwork that said that my data will be shared outside the NHS if I accept treatment.
If they start asking patients to sign away their rights, they may stop using the NHS to avoid their data being shared. This could lead to instances where for example someone who suspects they have contracted HIV may choose to not get checked/treated and go on to infect others rather than risk company x,y,z getting hold of that pseudo-anonymized (not anonymous at all) data.
Sharing NHS data in 99.9% of cases will not benefit NHS patients.
They got used to having access to more of our communications than what they were entitled too and now want to push so that it continue. They should just be glad they had it while they did.
Re: So they fixed it...
Companies list what products they pay a bounty out under on Hackerone and the VPN product was not on the list. It is that simple.
There is nothing to sell black hats in this case as there is no exploit for a vulnerability. It's a data leak problem.
Kaspersky should however be ashamed of itself for supplying VPN software with DNS leak problems. They could potentially argue that the VPN is to stop encrypt your traffic to avoid it being read or modified (MITM'ed) while on public networks rather than for anonymity although I have not seen how they market the product. In this day and age though one would expect DNS traffic to be VPN'ed along with the traffic as standard for such a product.
Re: "Wrong" email addresses
I know someone with an apostrophe in their email address, due to their irish O'whatever name. Despite the fact it's 50/50 whether the receiving email server will accept it or not, the admin has never enforced a policy that removes it when creating accounts.
What annoys me is when you have to login somewhere else and it's not obvious they have a different country keyboard layout. Those special characters are not where they are supposed to be. So do I devise new passwords which only uses the characters that don't move say between US and UK layouts, thus weakening the password due to less entropy, or use them and struggle to login some places?
Stating the opposite of the bloody obvious
You do not have to be a security genius or have a degree in politics to know the whole US attack on Kaspersky is political butt hurt revenge.
They are having to do the transparency tour to repair their business after US gov pressure against them. The CIA has previously tried to leave kaspersky fingerprints on their bad deeds. Its open day on the company that found and reported some of the NSA malware.
Journalists asking Kaspersky ridiculous useless questions instead of asking governments and politicians to backup their statements, is half the problem. They are not real journalists. They just parrot scripted lines told to them to publish with no actual journalism done.
The comments here show that the majority of IT people think the article talks a load of bollocks and there is indeed a vendetta against Kaspersky. Nothing has changed since the banning of their product. Move alone, nothing to see here. No story yet, until the actual transparency tour and even then, going by this article, we will get another crap axe job article. It's a good job el'reg has a lot of good articles to read between the crap like this one.
Hi JV, thanks for the reply.
Having read the article I appear to have missed the fact that Troy had shared a database of hash's and the comparison was done against that. Apologies. I usually blame lack of caffeine for my mistakes as otherwise I would never make any *cough* :)
There are many variables in passwords that cross the IQ barrier. Not everyone has a job related to their IQ as ambition and other factors are involved but if you generalise that a manual labourer may have a lower IQ than a director of a company you may expect the labourer to have a weaker password. A fair percentage of the time it's their favorite sports team or player with maybe a capitalised first letter and a number at the end if the signup forces those attributes. Yet a lot of CEO's will also use their sports team as a password too.
There are differences where say a fruit seller on a stall in London may have a football(soccer) related password, a CEO who went to Oxford might have a Rugby related password as social economic groups also play a part.
At the same time both groups may use a password based on a crush/partner/kids or dog or a date of birth.
Both high IQ and low IQ people know they are supposed to have good passwords. Is it down to IQ about who puts the effort in?
The article says that 215 students hashes were in Troys database and states this was down to bad/unsafe passwords. Wrong. They are in Hunts databases because they happened to be signed up to websites that got hacked. There is no relation to IQ at all.
Maybe a correlation between how many sites someone signs up to, or quality of site, could be made relating to IQ but that is not what the article says.
Speed + Quality/Stability score
We still need a quality score to go with the speed with advertisements. 200mbit is no good for streaming or gaming if latency jitter is all over the place.
Something occasional browsers conned in to getting 200mbit to solve their browsing issues on the 50mbit service can ignore but gamers can use to make an informed decision.
30+ years later I still can't purge the music from a cartridge game called Radar Rat Race out of my memory. Found a Vic 20 emulator and the game cartridge turned in to a 6k rom....everything gets emulated these days.
The Action replay cartridge for the Amiga was also emulated, so I assume they did the same for the C64.
Re: We need a court action
Depends on the attacker and the tools they use. Some of the programs used to try user/email combo lists against sites also allow you to specify a public proxy list which can be grabbed from many places. So you end up with hundreds of IP addresses with random User Agents with a bigger gap in time before a particular IP/proxy gets used again.
Some of the better tools allow you to specify a timeout before retrying with the same IP so you work out beforehand what triggers the captcha and adjust settings accordingly.
A captcha at every login would help but I hate with a vengeance having to fill in captures every time I want to login somewhere. Even then, it's easy to add code to a tool to cover sending the captcha's to a usually Indian based site where they charge you a fraction of a penny for each captcha solved on your behalf by an army of people employed to do so. 2captcha and anti-captcha are two such services. 50 cents for 1000 solved captchas, 2000 people online, 8 sec solve time.
Re: Just a few weeks ago they were telling otherwise...
Depends on what law change and location the media cartels are lobbying for on that particular day...
Re: To root or not to root
Probably easier and quicker for them to get the info via XKeyscore thanks to Tempora mass collection and it will be up to the second logs compared to synch + database integration once a day or week. But if you read my comment again, you will notice i'm not wearing the tin foil hat in this case anyway, so a moot point.
However, injecting payloads when the IP of Russian arms suppliers browse badly SSL'ed site....
To root or not to root
It appears the only security angle they look at with .gov sites is it secure from being rooted. Anything else doesn't seem to matter to them except for a working website. The fact that browsers have now started acting on bad SSL setups has exposed the bad config and bitten the admin on the ass.
Although in other areas I would be happy to don the tin foil hat and say the bad ciphers and config is to make it easier for GCHQ to log data, inject payloads and other shenanigans, these .gov issues are just down to bad administration.
Also, out favourite el-reg was a long holdout for SSL despite having a login form for users. Hence my username.... It was only when Google said they would list sites lower without SSL that they were forced to move their butt in to gear and add SSL that they did. The bad publicity might be enough to make the gov sites fix ssl issues but a lower search engine ranking might do the job faster.
The GEOIP location data is based on what the ISP/owner of the Netblock registers the location of the IP to be at.
So while one ISP might register a block of IP's to their local office location or even a head office, some will be more accurate and give a town or village name for a set.
Re: Why not openVPN?
My VPN provider has their own client with lots of options but it acts more as a frontend to OpenVPN with extras. You can choose ports, RSA 4096, scramblesuit, tor-obfuscation etc which get passed along as parameters to openvpn. Obviously the extra code for that gets installed with the client, at least with their Linux client.
A few VPN providers probably have something similar.
You mean like anti-terrorism law RIPA being used by half of councils for waste and littering offences or BBC for licence enforcement?
This is exactly what the committee is getting at and I am impressed they have stuck up for everyone with a decent argument. Yet nothing will change, making the whole thing pointless.
Re: Correction needed
I also have a OnePlus 3T which can handle VOLTE but it won't work on Three as they refuse to add it to the Volte list. No reason for them not to add the support other than the fact they don't sell the phone themselves.
The Three in touch app is utter shite and it annoys me that I am expected to use it on a phone that supports Volte natively but is nerfed by the Three network.
From what I understand, other networks do it too. So it's not as if I can switch to another provider to get Volte working on my current phone. My mobile pet peeve beyond the obvious broken SS7 protocol.
Mueller bombshell: 13 Russian 'troll factory' staffers charged with allegedly meddling in US presidential election
That is the hypocrisy here. In many countries, including the UK and the US, teams of people are paid to try and influence the elections for the team that employed them. Sometimes under the banner PR, sometimes through leaking negative information about the other party and using friends in media to publish it.
Lots of nasty tricks that can influence elections but it's only bad if the rushkies do it.
It amazes me that the world knows that most of the world emails are intercepted and stored by the big intelligence agencies yet someone doing a secret job vs the NSA went and email'ed home to their parents confessing their crimes about covering their tracks from the FBI. Seriously?
Re: "...a total of 50 CVE-listed vulnerabilities..."
Sometimes the haystack just needs to be burnt to the ground and leave the needles in it's ashes.
Re: Organizational Doxing and Disinformation
4. Bruce Schneier is Fancy Bear.
Without knowing what information was doctored, it's difficult to guess at the motivation for the changes. I guess that info will be kept from us.
Backed my first Indiegogo project last year and the buttons say you are claiming a perk for that amount now. So Indiegogo has already got around that issue and rubs it's hands clean of having to help it's site users again.
That might be why Indiegogo seem happy to let people use it's platform to fleece customers of their money.
After being five Months late and hardly any updates or communication, the campaign director of the project I backed has only sent a few of the backers the item, even though he now sells the same item on his website which you can buy and get straight away. Obviously he will get more selling them through his website than the original Indiegogo campaign so has decided to sell them there instead of giving them to the backers.
Try getting Indigegogo involved to get some communication or action taken and they just don't want to know. Would not touch Indiegogo with a barge pole in future.
Oh and their whole refund system, does not work. Plenty of people asking for refunds for the same project but because the project is overdue, Indiegogo say you have to get it back from the campaign manager. When the campaign manager refuses to answer any emails about anything, let alone delivery or refunds, Indiegogo do not care will not help in any way whatsoever. If you try and progress things they just don't reply either.
Sham of a company IMO. /Rant
Gives a new meaning to the phrase, "i'm a bit buffered up".
Logs from security guy....
Around the time this was happening, a flaw in the template used by many of the DDoS sites and re-sellers of VDoS was found. Through this the logs could be snarfed among other things.
So it appears the FBI used data hacked from the systems of the stress testing site to get the info needed to get this guy. Saying it was provided by someone else gives them the ability to do this without questions asked on any cases they want?
The guy is obviously stupid enough to get caught anyway but the method is questionable imo.
CD drawer wont open
A few years ago working for a well know insurance company a user logged a call to say the computer would not read her cd and the cd drawer would not open to get the cd back out.
Upon visiting it was clear she had no cd drive in her desktop. I asked where she put the cd and she got another cd and started to poke it in the thin gap between two blanking plates. She had just pushed the previous cd through the gap in to the frame of the pc.
Faster charging seems to be much more beneficial than wireless charging, which is slower by default.
The speed of wireless charging is the major obstacle to it becoming useful imo, no matter how much further away you can scale the actual charger.
You missed the 9th one down the cul-de-sac at the side.
Re: "A third country might offer a new couch"
"Although the Ecuadorian embassy is now no longer under 24-hour surveillance by the police."
That's what they want you to think...
Probably a lovely antique clock on a shelf opposite the Ecuadorian door with a lovely crystal 720p lens, backup up by an in-house informer.
Re: The Law of Outrage (gov.uk)
Do as we say, not as we do.
The article quotes him as saying 'highly likely' which is different from confirming they did it.
A bit like America's 'high confidence' of weapons of mass destruction in Iraq.
So they are not 100% sure but they are making a statement now that sounds like they are, as the political timing is right due to action they want to take towards NK.
Re: RE: NonSSL-Login
I side with you on the UK sovereignty issue. But you yourself were probably were labelled racist by some because of your anti-eu stance if you said so publicly.
If you had aligned with UKIP or this Britian first in an attempt to get out of the EU as they were the only group/party interested in leaving the EU, then there is a chance your social media accounts could be deleted if Twitter or whichever platform going by these recent deletions.
Like it or not, Twitter and Facebook heavily influences voters. Censoring one point of view and not others influences votes.
UKIP getting so much support frightened the conservatives in to giving the referendum so as not to lose more votes. Social media played a big part in getting the referendum to happen.
What happened in England for years was anyone who mentioned the problems uncontrolled immigration was causing was instantly shot down with the 'racist' tag, stifling debate on the matter. The end result was years of the issues getting worse until enough people voted for Brexit.
If UKIP and it's supporters were banned from Twitter back then (which I think they would be if Twitter had started banning accounts back then), the Conservatives would not have been forced to offer a referendum on the decision to stay in. Brexit probably wouldn't have happened. Whether you think that is a good thing or bad is not the point though.
So Twitter has the ability to steer countries political direction by choosing what people can and can't see, which is bad. Is it doing it's owners bidding or being an American company, Americas bidding?
Think past the bigger picture of 'Group A' I disagree with = bad, 'Group B' that I agree with = good and agreeing with bans based on that simplicity.
Newspapers employ people to write their stories. Twitter is user generated content.
There is a difference between censoring individuals or groups with different views to you and choosing not to write something that goes against your views in the first place.
The minute you enter my local Maplins you are watched like you are a prolific shoplifter by the young staff there, who pretend to tidy up hanging things at the end of every aisle you are browsing. More unnerving than the ridiculously high prices for some things.
They may never be able to compete with online mail orders shops on price but some of the prices seem to be just fleecing customers who don't have a clue. If they had more sensible prices I would buy more there and accept the premium for having the item instantly.
It would be so awesome if it comes out that a Russian spy reported that President Trump was on the way to the toilet with his phone, so Russia hijacked those routes for the next 3 minutes in the hope of catching something. Please let it be true!
Re: As per usual when something is internet facing.
To be fair I'm sure the "their own fault for badly configuring it" excuses will be along in a minute.
The updated info is that one of their employees was phished by email with malware and that was the starting point for the intrusion. No linux servers hacked or badly configured. After lateral movement through the network, the credentials needed to login and move the coins was found.
Netcraft says it runs Linux.
Probably find rather than the web server being hacked directly, workers running Windows machine were phished with nasty emails containing the malware that gave entry to their network or credentials needed to steal the BTC.
The mining fee per transaction is like a credit card fee that is rising so much that only more expensive payments are worthwhile. A major downfall of BTC which is only going to get worse.
Had an Enterprise hire car where a copy of what I assume was the last persons address book was stored in the car. Some cars copy the address book locally so the cars computer can do the speech recognition and dialling rather than your phone.
Obviously cars need to come with an easy reset for those parts of the system so hire companies and individuals selling their cars can wipe the data.
You could blame the person using the car before for not wiping everything but like yourself, many are not aware it is actually copying the data rather than just getting it from your phone on the fly. The car hire peeps should be doing the resetting IMO. Ask the manufacturers to keep your business in mind when designing their systems.
Time frame and next tests
Yesterday I did a speedtest on my 3 sim (still on the unlimited one plan!) and found it was giving 106Mb/s down and 33 up http://www.speedtest.net/my-result/a/3439503471
What was the time period the tests were done over? The last few months Three have done a lot of upgrades in a load of areas, so they might fare a bit better in the next lot of tests when it comes to speed at least. Latency is still not superb although thank $diety I don't have it as bad as the results Tutela came up with.
Now we just need latency, jitter and packet loss comparisons published for fixed line home broadband connections. Yeah, i'm looking at you VM!
I wasn't comparing Android and Apple. The comparison was between buggy software that keeps giving exploits month after month.
Step off that horse carefully, it's a bit high....