nav search
Data Center Software Security DevOps Business Personal Tech Science Emergent Tech Bootnotes
BOFH
Lectures

* Posts by EnviableOne

568 posts • joined 28 Jan 2016

Page:

British Airways' latest Total Inability To Support Upwardness of Planes* caused by Amadeus system outage

EnviableOne
Bronze badge

Re: outsourcing

Its not really outsourcing between Amadeus and SABRE they cover just about the whole Airline System.

Amadeus provides search, pricing, booking, ticketing and other processing services in real-time to travel providers and travel agencies, it also offers travel companies software systems which automate processes such as reservations, inventory management and departure control.

1
0
EnviableOne
Bronze badge

Amadeus

AFAIK this could be the thin end of a wedge, its security is nigh on non-existant and any miscreant could fiddle the figures.

Load sheets are a effort to pull a rabbit out of thin air, and nothing like as acurate as they could be. it might cause some issues with privacy, but each bag is weighed to sort the bance of the cargo hold, so why isnt each passenger and their hand luggage, if these are then put into the calculation you could get a good measure of the centre of mass and the TOW of the aircraft, along with work on distributing the passengers better.

1
0

Azure running out of internets in UK South, starts rationing VMs

EnviableOne
Bronze badge
FAIL

Its not so grim up here

a New UK North region may be on the cards?

We got space and comms, and cooling will generally be easier, and staff generally cheaper

Just saying ... if Capacity is an issue ...

7
0

Samsung’s new phone-as-desktop is slick, fast and ready for splash-down ... somewhere

EnviableOne
Bronze badge

Re: Laptop replacement

you mean like the HP Elite x3 with lapdock

2
0

Will this biz be poutine up the cash? Hackers demand dosh to not leak stolen patient records

EnviableOne
Bronze badge

Card Security Codes

I am sure that storing CVVs is banned by PCI DSS

the sooner they start cutting people off from payment networks for breaching it the better.

Cos nothing hits a business now like not being able to take money

1
0

Call records breach let users feel like Movistars (with everyone watching who they're talking to)

EnviableOne
Bronze badge

Re: Any GDPR fine coming?

Agree, same with the OWASP top 10.

Personally I think allowing any of them is grounds for prosecution for negligence

0
0

Microsoft to pay new bounties for identity services holes

EnviableOne
Bronze badge

Re: This Window Sazure sure is gonne look good in my mansion.

people dont want to ban all guns, they just subscribe to the theory - its the right to bear arms, not Artillery.

0
0
EnviableOne
Bronze badge

Re: I doubt there's any BV code in there

like edge was a clean sheet from IE, but all the vulnerabilities/updates are the same.

0
0

Privacy Shield under pressure as lawyers back MEPs' call for suspension

EnviableOne
Bronze badge

Whats next ..

Safe Harbour

Privacy shield

Pan Atlantic Privacy Plaster?

3
0

Fix this faxing hell! NHS told to stop hanging onto archaic tech

EnviableOne
Bronze badge

Not Just the NHS

do you know how many fax communictaions are involved in a football transfer?

if the FIFA fax line goes down on deadline day, the deadline gets extended.

On the subject of the NHS, the system is broken, there is not enough cash in the right places and the wrong things are centralised and pushed to the edge. THere have been numerous attempts to remove the middle managment an beurocratics, but somehow regional and national and sub-national structures make there way back.

The current money wories in the NHS can be traced to the (finaly) former health secretary's Health and Social Care Act 2012, that formed the current funding system of the NHS, that sees these non-medical non-accountabale bodies known as CCGs get to choose where everyone in their area gets certain things done and by who, this frequently entails private companies who pay there less qualified staff considerably less than the NHS and get to deliver services from the NHS buildings.

0
0
EnviableOne
Bronze badge

Re: @ wolfetone

he's a red tory alright. first thing he did when he got in office is give himself a 50% payrise

2
0

US drug cops snared crooks with pre-cracked BlackBerry mobes – and that's just the start

EnviableOne
Bronze badge

the article was not syaing they didnt have approval, what it was saying that in order to protect the masses, the process by which they get that approval should be made public.

there is no valid national security concern why this can not be done, and it enables joe public to be aware of what is taken into account and what standard their agencies are held to

4
0

Hope for Hutchins, Navy sinks contractor, there's another Russian hacking scandal, and more

EnviableOne
Bronze badge
Coat

Power Grids at Risk

I got an army of Cyber Squirrels round here somewhere ...

2
0

UK.gov is ready to talk data safeguards with the EU – but still wants it all

EnviableOne
Bronze badge

In or out the EU is broke

Germany is the money

France and Britain were the military

Spain, italy, portugal and holland got a say

and the other 21 didnt matter

France and Germany put it together

the Germans kept space for Britain

France complained if they didnt get their way, so they frequently did.

Getting anything done in EU parliment takes a unanimous decision from all 28 countries which seldom happens

however the mutual agreements you get when your in the club make this all worth while

Tariff-free trade

numberous mutual agreements

Open-Skies

co-operation of agencies

joint purchasing

limited border checks

visa free travel

recognition of driving licences

recognition of qualifications

harmonised standards

cheaper landing fees.

3
1

Party like it's 1999: Packets of death, code exec menace Cisco gear

EnviableOne
Bronze badge

fortuantley our higher ups ahave prevented us from getting any of these bugs by not funding the top-end equipment that has them .....

Still on dedicated phones and we booted cisco at the last refresh as we could get 10Gb backbone for less than the price of a 1Gb on cisco .....

0
0

Are you ready for some sueball?! NFL opens wallet, makes vid stream patent spat go away

EnviableOne
Bronze badge

Re: Just Awful

5,000 patents are not that many, providing they relate to the technology they actually produce/created (like these ones do)

I'd be happy to call the NFL the bad guys on this one

3
2

Ticketmaster breach 'part of massive bank card slurping campaign'

EnviableOne
Bronze badge

Re: WHY...

all is quoted from research by cyber experts in the UK.

These are based on the use of top 1000 websites from Alexa.

Use Amazon, Apple and Paypal, and you can build a valid fake card then use it any site to purchase world + Dog.

in UK post codes are a mix of letters and numbers, but ZIP codes it could check all of.

sites have different CNP requirements

Am ony requires number and expiry

Ap requires no. + exp + Cvv

PP requires no.+ exp + pcode + cvv

research was done using the sites listed above and the VISA/Mastercard networks.

3
1
EnviableOne
Bronze badge

Re: WHY...

quite frankly there are bigger holes inpayment processing than this and they arent even bothered fixing them.

the first four digits are set by the type of card and issuing bank, then you can start inventing data and sling it at the payment network (which has no retry limits) and brute force yourself a valid cc number, cvv expiry and digits in postcode (the only bit it ever checks,) and dont even bother with the name on card (this never get checked anyway) oh and if you fire a valid number at the system it will tell you which bits you got wrong too....

8
1

Put WhatsApp, Slack, admin privileges in a blender and what do you get? Wickr

EnviableOne
Bronze badge

not the only toy in the shop

theres also other competing options that arent based where FISA warrants can get them

e.g. Hospify

2
0

FBI for the Apple guy: Bloke accused of stealing robo-car tech

EnviableOne
Bronze badge

The chinese standard is family name followed by given name, but sometimes these things get fliped up, either deliberatley(to westernise) or by hacks trying to do the same.

I think the copy should read:

Xiaopeng Motors is looking to wash its hands of the matter, denying all knowledge of Xiaolang Zhang's plans

but still they would wouldnt they, I bet he was offered a bonus for every key technology he could bring with him ...

4
0

Another data-leaking Spectre CPU flaw among Intel's dirty dozen of security bug alerts today

EnviableOne
Bronze badge
Pint

Wel maybe they didnt invent it, IBM did, but they were the first to bring it to Mainstream CPUs with the Pentium Pro

1
3
EnviableOne
Bronze badge
Stop

You make your bed ....

Intel invented speculative execution in their relentless drive to keep up with moores law, and caused the whole mess as others had to copy the idea to even attempt to compete with Chipzilla.

There was no thought about the security of executing code across boundaries

there was no thought of the posibility of these side channel attacks

the only thought was SPEED leads to PROFIT

what we need is to stop speculative paths when they hit a boundary, unless the process is previously authorised

2
3

Infrastructure wonks: Tear up Britain's copper phone networks by 2025

EnviableOne
Bronze badge

Time to nationalise OverReach

The best way around the dis-insentive of the existing copper - infrastructure should be nationalised.

Ammend the housing act to require Fibre communications (or atleast the ducting for it)

and this would be sorted in no time.

5
0
EnviableOne
Bronze badge

Re: Rolling in cash

Neither will the NHS as according to current calculations, there is no Dividend

3
0

Huawei won a contract in Oz. Of course there's a whispering campaign

EnviableOne
Bronze badge

Come on People, if Huawei were so inclined there kit routes all the calls in BT's core network, including those in and out of a certain building in westminster beside the thames, so the Western OZ PTA is nothing to worry about

1
0

Big contenders in the broadband chart this week, but who will be #1? Well, not Britain

EnviableOne
Bronze badge

I've said it before and I'll say it again, if BT hadn't sit on there arse from the late 70s to mid 90s as they "had the best network in the world" and allowed everyone else to catch up and overtake, we might have been not to far behind singapore.

regulations should be made, all new housing must have FTTP and all new developments must include fibre ducting.

5
0

Cops suspect Detroit fuel station was hacked before 10 drivers made off with 2.3k 'free' litres

EnviableOne
Bronze badge

UK Average is about £0.1437/KWh + standing charge for elec

on eco7 (cheap night rate) £0.17/KWh peak and £0.08 off-peak

for Diesel £1.314/l

for Unleaded £1.282/l

so we do quite well for elec, but fuel is a rip-off

1
0

Microsoft might not support Windows XP any more, but GandCrab v4.1 ransomware does

EnviableOne
Bronze badge
Stop

MRIs on XP are not out of support

Most medical devices and systems are running highly customised versions of Windows for embeded Systems 2009 which is not end of support until january

https://support.microsoft.com/en-gb/lifecycle/search?alpha=Windows%20Embedded%20Standard%202009

2009 is an uprated version of XPe with some of the vista security features ported in, because MS couldnt be bothered to componentise Vista

2
0

'Toxic' Whitehall power culture fingered for GDS's fall from grace

EnviableOne
Bronze badge

GDS is handcuffed by the CS, they see it as something foisted on them to make things harder.

The CS is the last UK industry that has an 80s style Management structure and a Union that has any power. The intentions of GDS were noble, but if we want change thats going to continue through more than one parliment, someone has to takle the working practices of the CS.

1
0

Gentoo GitHub repo hack made possible by these 3 rookie mistakes

EnviableOne
Bronze badge
Pint

Chops to Gentoo

At least they came out and said "My Bad", this is how not to be an idiot next time ...

1
0

OK, so they sometimes push out insecure stuff, but software devs need our love and respect

EnviableOne
Bronze badge

There are people who like to focus on all the ways that code can be broken, and there are other people who like to think of all the ways code can be used to implement some capability.

the trick to solve this is finding the devs prepared to do both and work out the ways that cant be broken consitantly.

Training is also key, you need programmers and not coders to devleop new systems. I e those that see the bigger picture, and can build an architecture, not those that can write a bit of code that does this.

Done right Agile/SCRUM can be secure, it just takes each devloper taking responsibility for their own code and someone taking responibility for the secure interchange between them.

0
1

Things that make you go hmmm: Do crypto key servers violate GDPR?

EnviableOne
Bronze badge

implied consent

Implied consent is no longer a thing.

It was under DPA1998 (95/46/EC) but under GDPR (Regulation (EU) 2016/679) which obsoletes it it is not.

Article 4(11) states “any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her”.

The right to Erasure only applies where consent is the leagl basis for processing.

In this case it could be argued that the basis is Art6.1(e) "processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract"

where the contract is between the submitter and the key server, but it does raise the issue where someone does not have the right to submit the information.

INAL and i think this needs to be settled by them, and build up some case law, anyone fancy being Max Schrems for this one?

0
0

Don't fear 1337 exploits. Sloppy mobile, phishing defenses a much bigger corp IT security threat

EnviableOne
Bronze badge
Holmes

Cyber Essentials

Do the basics right and you nutralise 80% of the nasties out there.

so this puts you in a spot where people need to be targeting you specifically, so add in some better protection for the crown jewels and roberts your parent's sibling

0
0

Fitness app Polar even better at revealing secrets than Strava

EnviableOne
Bronze badge

Re: Not just national security

yeah, but these just allow you to triangulate House/office/other by taking endpoints at 1km and drawing circles to find where they intersect.

they have to ad some randomness, but even then NCC Group will probably be able to work it out from the selfies you put on insta/fb/tw/et. al

2
0

Google releases lite PC-snooper, 'cos full mobile management is hard

EnviableOne
Bronze badge

The Article 29 working party would disagree, MS Cloud has GDPR equivalence, GCloud not so much

0
0

They grow up so fast: Spam magnet Hotmail turned 22 today

EnviableOne
Bronze badge

still have my origonal Hotmail.com address, its a junk-a-poloosa, but then its been active for like 20 years, and i kinda use it as a spam filter (if orgs dont fillit with spam, they get a real address)

My favourite name origin story is the (b)accronym "Hackers often Taunt Microsoft and I Laugh!"

on outlook.com, the addresses stayed the same, but got transfered, and some upstart post-millenial probably has your @outlook.com address

1
2

China wins one, loses one in US trade spats

EnviableOne
Bronze badge

Re: Do they know what an MVNO is?

Dont forget the call meta data, (time, duration, location, destination, etc)

A lot you can work out or infer with that. Anyway gov.cn can get most of the information they need by exploiting SS7 anyway

0
0

India tells WhatsApp to add filters, ASAP

EnviableOne
Bronze badge
FAIL

Up next: postal service charged with Hate mail

Sure, India. It's the instant messaging service's fault that people are getting lynched. its the people sending the messages.

Just as the mail service is not responsible for the content of the content of letters, How can WhatsApp be responsible for the content of messages on its network, especially when they are end-to-end encrypted.

1
2

We just love small firms, screams UK.gov after palming AWS UK £4.1m

EnviableOne
Bronze badge

Re: Apply: fail - But get the work anyway

MO of Crapita, Serco et al

1
0

NHS systems fell offline for 1,300+ hours over 36 months, cyber-nasties fingered – FoI study

EnviableOne
Bronze badge

they only sent the FoI to 147 trusts and only 80 responded, there are over 200 trusts, and ive you include CCGs which run GP services theres over 400 in england.

I'd be intrested in their smapling method, and I'd hazzard a guess one of there respondents was North Lincolnshire and Goole.

Correcting maths above, 1300hours of downtime in 80 trusts over 36 months 95% uptime (or1.5 9s)

And chances are this is the bad part of the nhs so system wide we are lookin at atleast two if not 3 9s. The problem with availablity in the NHS is resillience is sacrificed to shiny whistles and bells, as its dificult to quantify "If this component fails..."

0
0

UK Home Office sheds 70 staff on delayed 4G upgrade to Emergency Services Network

EnviableOne
Bronze badge

Looks like someone doesn't know whenIF the project will be completed.

FTFY

1
0

Why, hello Rubrik's Trello: Data protection biz leaves productivity tool open to world+dog

EnviableOne
Bronze badge

Settings Issue

Which admin is getting the can?

0
0

A year after devastating NotPetya outbreak, what have we learnt? Er, not a lot, says BlackBerry bod

EnviableOne
Bronze badge
Mushroom

Patch Outdated Systems?

Wasnt this what started notPetya (or Talos' name Nyetia, which is better)

if you had not patched MeDoc, then you wouldnt have got Nyetia!

0
0

In non-startling news, EFF says STARTTLS email crypto is mostly done wrong

EnviableOne
Bronze badge

Security As An Afterthought

THe problem with <insert internet technology here> is the original ArpaNet was built between parties that trusted each other implicitly, so no security was required.

The problem we have now is World+Dog are on tinternet and No-one knows who to trust, and tacking on security afterwards is allways a bad idea. The alternative (rebuild the internet with security from the ground up, is not to palletable either

0
0

'No questions asked' Windows code cert slingers 'fuel trade' in digitally signed malware

EnviableOne
Bronze badge

Re: I would imagine that Microsofts responce will be

but only on the current branch, and if you ask nicely (bank details required) current branch for business

0
0

Uber's London licence appeal off to flying start: No, you cannot do driver eye tests via video link

EnviableOne
Bronze badge

Re: Why is this so difficult?

The Knowledge only exists now as an artificial and arbitrary entry bar to restrict the number of black cab drivers in order to drive up the price they can charge. There is literally no other reason for it to exist today.

There have been numerous independant tests, johnny with his sat nav has been beaten by black cab drivers hands down. The issue is black cabs take different routes dependant on time of day, weather conditions, etc, sat-nav sticks to one route, possibly changing if it has some traffic info, but most streets dont have the sensors.

Any way there's a big difference between PH and HC licencing and Uber just need to play by the same rules as everyone else! PHVs arent required to do the knowledge, but you do have to have a basic understanding of london geography and know how to use a map

4
1

White House calls its own China tech cash-inject ban 'fake news'

EnviableOne
Bronze badge

Re: Please Donald, put an export ban on the F-35

If the POTUS wants to stop Johnny Foreigner from stealing their tech then why on earth did they put the engine maintennance plant in Turkey which is right in Putin's backyard Back Pocket .

FTFY

Erdogan is no stranger to paying both sides

2
0

Dob in naughty data slurps to top EU court, privacy groups urge

EnviableOne
Bronze badge

Re: Can the European court go after the telecoms companies?

Technically they can't go after the telcos as they are retaining the information under a legal requirement (GDPR Art6 1C)

Its the legal requirement thats wrong

3
0

UK taxman has amassed voice profiles of 5.1 million taxpayers

EnviableOne
Bronze badge

cant say who they share this with as it "risked prejudicing the prevention or detection of crime"

Sounds like law enforcement are getting it then

28
0

India tells its banks to get Windows XP off ATMs – in 2019!

EnviableOne
Bronze badge
Holmes

What News?

so basically India is saying move your ATMs from Windows Embedded 2009 (XP) before it goes EoS.

Sounds like good advice we should all be following

oh and lock them down to reduce their attack surface

yet aagin no problems here

2
0

Page:

The Register - Independent news and views for the tech community. Part of Situation Publishing