653 posts • joined 28 Jan 2016
Hmm AT&T first in the world?
Ooredoo, a large mobile network operator in Qatar, launched the first commercial 5G network in the world as of May 2018 in 3.5 GHz band
Content Security Policy
Sureley a CSP would stop this code sliding into their websites?
HTTPS is just not enough
Scott Helme give great advice on this, and even set-up securityheaders.com to check it (along withother websec) and run a service to handle your CSP reports (report-uri.com) (assisted by Troy Hunt)
Quite fankly if your running any sort of secure site and it doesnt Get an A on SSLLabs and an A on Security Headers, your not doing it right
Obv a crab
In the RAF they say a landings ok, if the pilot can get up and walk away,
but in the Fleet Air Arm the chances are grim if the landings piss poor and the pilot cant swim
Re: "I thought the 777 was ETOPS 180?"
A321neo is more economical per seat mile and doesnt need the extra tanks on the westbound now.
i'm prety sure the 320neo could make the trip and is a lot more economical than the 737-9ER
the MAx9 doesnt have the range and the MAX 10 isnt fast enough.
I am fully aware of risk based security, but if as you said this was seen as so small a risk it could be accepted, then their risk manager needs shot as well, cos they let this happen.
As others have said if its core to your system, it should be maintained, and from the details comming out, Equifax was a hive of poor oversight, poor practice and poor security, if this system is core to their monitoring, it should have been reporting on expiring certificates, and someone should have had the job of making sure something was done about it.
I am not saying I'm perfect, but i am pretty sure i know where the holes are and have multiple layers on the important stuff.
I'd like to know
How does a cerificate being expired prevent a security tool from working,
and if this is the case, why wasn't it picked up?
or do their IT team have Alert Fatigue? seeing as all these unpatched uncertificated services will be flinging alerts at them
Re: The Cloud...
Nah I have my own accronym
OPT - Other people's Tin
Linux kernel's Torvalds: 'I am truly sorry' for my 'unprofessional' rants, I need a break to get help
I think you'll find they added some letters
would be the current vernacular, providing they haven't added alphabet since, personally I thought the + was a greedy catch all, but someone wanted the I and A too
Linus has always rulled with an iron fist and to be fair, the critisism is usually waranted, and some on the reciving end have even admitted, bit harsh, but i deserved it.
Oh and since when has linus been bothered with security? He has reserved special places in hell for it on several ocasions.
His two priorities are clean code, that runs, no BS, no fluf.
you think finance IT is under funded, come work in healthcare
we got 1/10th the staff and 1/100th the budget
RE: @cronus Spooknotes speak volumes
As for the Spectre and Meltdown CPU vulnerabilities – which affects a range of CPU architectures, from Intel'x x64 to Arm's Cortex-A families – Ampere's Taylor told us this:
Patches have been installed. As with other Arm-based processors, there are vulnerabilities. For eMAG and all future generations, architectural changes were made and will be made now to address the Arm fix for Spectre and Meltdown.
Wait for deal to be announced
hold referendum with three options:
1.Take deal and GO!
2.Stuff deal and stay!
3.Stuff deal and GO!
the current deal we have with the EU is the best anyone has, if we leave we will have to follow the whole process to come back.
No Disputes with members - That means Gibralter with spain and the Irleland problem need to be sorted before we get back in
Must Join the Euro - try getting that one passed
No Rebate - saves us a good chunk of what we put in
Fix the Surveilence regieme - They hate the 5 EYES and have some other issues too
the problem with comparing US to EU
most EU nations had a former publicy owned telephone company that ran cables to everywhere and has at least one with a Global service obligation. Unfortunatley for them tother side of the pond, this is not the case, and it all comes down to economics, and based on most models, 80% coverage of the US is about economical, the other 20% is going to be costly.
in the Uk this comes down to 95% (due to the size and landsacpe) so the government are (barley) funding the last 5% along with co-ops and collectives, who are paying the national networks for connectivity on a group rate.
Re: a single "well qualified" in IT person that participates
alpha code please, the final product that makes it to the peons is still beta code (in any organisation that isnt run by SatNad)
Re: Loose change to pay the beer bill...??
or the cost of a three bedroom house in newcastle
Re: "America's" peculiar institution? LMFAO
technically owning another person was leagal in the UK untill the human rights act came in in 1998, but the slave trade was killed by making it not profitable and the ships that powered it were british registered.
the 1807 act created fines for captains who continued with the trade. These fines could be up to £100 per enslaved person found on a ship, which in the times was significant.
All subsequent acts banned the trade in slaves, not the owning of them
High horses all round
Big fan of KISS
the one controls the other the other must do work but does not get paid - Master / Slave
It is a board, it is Black - it is a Black Board
there seems to be little problem with a board that is white being called a white board
people are not (normally) masters or slaves (anymore) and not black or white
people are just bluish-white + brown in varying quantities
Re: Ah, Gartner
sounds like government departments then, so they know what they are talking about
Its says that "[the company] shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify [...] the supervisory authority [...] unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where the notification [...] is not made within 72 hours, it shall be accompanied by reasons for the delay."
so it doesnt have to be within 72 hrs, but if its not, you have to justify it.
and the fine is based on the Global group turnover, not the business unit, so if there were to be a fine, it would be based on IAG's turnover not BA's
I'm off to clone the keys of anyone with a Tesla, McLaren, Triumph or Karma round here ...
oh i forgot, Im in NE England there arent any...
Re: Green Locked Padlock icon
dont forget Securityheaders and Report-URI
Scott's done a lot of work on this, and Troy Hunt is joining forces too.
is it just me
Or are RiskIQ just seeing Magecart everywhere?
this could quite reasonably be someone who has an Issue with BA that got hold of the code for the Ticketmaster thing
Just realised i can play with the CAPITA Name some more
CAPITA-> CRAPITA-> CR*P PIT A-> Toilet A -> WCA
why they are still on the HMG approved suppliers list, i will never know.
Re: Safari's broken affairs...
ahh come on, if intell hadnt spectre'd up their speculative execution, FF Quantum was a shot in the arm and a lot quicker at loading
and to be fair, ESR 60.2 isnt half bad and leaps and bounds ahead of 60, i've nearly got it back to what it was on 52.8
NPAPI needed to go the journey
Ok so the great Tim et. al defined the uri and included this:
Uniformity provides several benefits. It allows different types of resource identifiers to be used in the same context, even when the mechanisms used to access those resources may differ. It allows uniform semantic interpretation of common syntactic conventions across different types of resource identifiers. It allows introduction of new types of resource identifiers without interfering with the way that existing identifiers are used. It allows the identifiers to be reused in many different contexts, thus permitting new applications or protocols to leverage a pre-existing, large, and widely used set of resource identifiers.
So how can this one use case justify changing what are UNI-FORM across all other implementations, just to justify their drive to render 2/5 less charcters?
oh and what happens if something different is posted at abc.com and www.abc.com? is on my domain
sounds Like Millenium Year Application Software Suite all over again
i thought mergers were suposed to save money
Whole load of people Putting things into and out off MYASS
Re: In short, the British system
this is the rub, if Merica got off its newer is better high hourse and used the same system that has worked properly for the last 100+ years and not so well for the couple of hundred before that (rotten boroughs etc)
then one man one form one mark in one box
take all the forms, count the marks and roberts your fathers brother
We have 2 parties, as do all FPTP voting systems, its just the Liberals havent died off completley yet since Labour took over as the second party in the 30s-40s
in Scotland its SNP and Labour, in NI its DUP and SF
wales have a hybrid system so Plaid Cymru Labour and Conservitives are all represented.
The problem in the US is the Electoral College System, in which you can win without the popular vote, as states give all their electors to the winner. This means that by tampering with three or four counties, you can tip the three or four swing states and end up winning the election.
if states applied PR to their electors, the results would more closly mirror the popular vote.
"fewer things better"
if they did one thing well i'd be supprised...
Someone playing around on shodan finds x number of devices with a certain port available, connects to one such device, manages to open an remote console and discovers they now have root access to x Tesla vehicles. This is a rather important flaw, now they have not registered with Tesla, and neither are the vehicles they have access to, are they going to get hit by US legal intervention, are the users going to get issues having their car flashed if said researcher made cosmetic changes as PoW?
Whatsapp and Telegram
Signal Please ...
FB Whatsslurp and FSBegram are so passe
Re: COPPA load of this
well wont someone think of the adults for a change?
If we explain to MPs that their pr0n habits will be leaked in either an Ashley Madison or Cambridge analytica style breach, and world +dog will know that they have a penchant for nazi bondage, forcing them to hang head in shame and never be re-elected, perhaps they may think about this again....
COPPA load of this
The US Childrens Online Privacy Protection Act Came into force in 1998 and attempted to limit the collection and use of under 13s data by online sites.
This is why there is a minimum age on facebook accounts. but walk into any school on either side of the pond and ask any 8 yr old how many friends they have on facebook ....
Now if they can't get this right and they've had 20 years, how exactly does HMG expect this to work...
Re: Password reset emails
Ahh but as far as the unwashed masses are concerned, it is the appearance of security, which gives them confidence to use the interwebs.
if all were so enlitened, the first $1trillion dollar company would be GE in like 20 years, as everyone would have left the security free cesspool that is the internet alone.
NASA 'sextortionist' allegedly tricked women into revealing their password reset answers, stole their nude selfies
Re: It's not rocket science
who blatently gave a way the keys to their virtual kingdom, just cos someone said it was for a school project.
Three simple questions to ask yourself about anyone wanting info from you:
Are they who they say they are?
Do they need to know this information to do what I asked them to?
Do they need to ask me for it?
not rocket surgery or even brain science.
wake up sheeple
Five Eyes Only
Yeah just the 5 bigest nations divided by the common language of english, that are already spying on each other's citizens for each other.
RIPA in the UK
FISA in the US (section 702 anyone)
AUS are on the way
looks like CAN and NZ are playing catchup
hmm perhaps i should brush up on my forgien language skills or build me a SEALAND
Have you not heard of the national data opt-out, another one of those government run botched IT projects. You get the right to opt out of your data being used for anything not directly related to making you well.
Anyway the point is, Information is valuable, and even completley annonomised data sets are valuable. And currently private firms have access to this data for peanuts and make millions, so to find the shortfall the NHS needs but the Gov dont have, surley they should pay fair price for it.
But the NHS is broken, and throwing money at it wont make it better. It needs to be re-formed, ie get rid of all these "trusts" and go back to one national organistaion that makes everyone better. Remove the postcode lottery, the stupid contracts where you have to get 3 busses for an MRI cos the CCG saves £10 per patient, where the areas that are more efficient pass those savings not to private companies as profits, but to those areas that still need a service, but it costs more to do.
Centralise procurement and de-centralise care, improve patient choice and remove the fat cat Trust Boards, CCGs and Commisioning units, that sap all the sense and care out of the system.
Re: Special deals.
Ahh but as with the likes of maplin, if you dont have the luxury of Prime NOW! and postivily absoloutly have to have it in the next hour, (Currys) PC World is there for you.
Re: So classic way to find an exploit.
like "I don't want to do extra work to check for this" by some lazy overpaid millenial "child" since (it appears that) nearly all senior devs and QA people have left Micro-shaft over the last decade or so...
More like they never even thought they had to, just coppied some other code that did what they wanted, and as it was an example, didnt have the checking in.
Cos Coders arent Programmers
Re: "China-style AI-powered CCTV cameras"
pwned by Mirai et al. the momment they go online then
For those who really want a Surface on Credit
I belive a certain payments site is offering a similar service now, with intrest free options too
Re: Is TSB a canary
It appears everyone has forgotten the numerous issues at RBS (NatWest) who it seems TSB have mistakenly coppied their systems from.
most Building societies have there backend run from one of them based in the North East
Llloyds systems are far more stable, HSBC's tend to be pretty good, and I dont recall anything major around Barclays or HBOS
Re: Face!!! Palm!!
Apparently, replacing a single source supplier connection agreement, with multiple smaller agreements (most of which will be with said single source supplier) will save the NHS money.
This despite the fact that HSCN is internet facing, and N3 was a private network with Internet gateways.
Re: Due Dilligence
if your doing due dilligence, google is the last place to look. have you not seen the discalimer at the bottom of seaches: Some results may have been removed under data protection law in Europe.
Dun and Bradstreet, Companies house, FCA, Prudential Regulation authority, etc. would be my calls for Dilligence.
INAL but :
Under GDPR Article 10 and the ROA the spent conviction is no longer relevant information.
Under the EUCJ rulling (AEPD vs Google Sp.) Google/Alphabet are a data controller and subject to Local Data protection law and Google UK Ltd. and Google LLC/ Alphabet Inc. are intrinsically linked entities. So the ruling states a test of need to know vs privacy must apply.
However this is also complicated by the fact that Google LLC own the site in question and can therefore be classed as a publisher
this is further con
Re: Pat Butcher?
Not the only one to see the Walford link then .....
all the NCR tills in my area appear to have just had a GUI update, but i doubt the OS has changed.
they now look all wordpress site like
NOt so, i believ the driving factor for disclosure scotland use is as with most things Serco et. al are involved with is COST
Disclosure Scotland is cheaper than DBS
Re: Lucky 13 is an *INSIDER* attack, not an attack against true properties of TLS
The issue isnt the algorithm or more accuratley the protocol (as KRACK is to WPA2), its the implementation of the protocol(TLS). OpenSSL, boringSSL and LibreSSL fixed it properly, WolfSSL, amazon and all the others mentioned didnt.
if you are creating a patch for a problem, check to see its fixed not just the specific one, but the class of problem.
Back to the Point
Basically the idea is to get Apple to use the same spec as everyone else (USB-C) but this will never happen as they are making too much money licencing others to make lightning connectors or flogging their own at £35 a pop.
it would make everything better if all chargers worked on all devices, but the range of voltages and currents on plugs and cables makes it a nightmare.
most of them are 5v then the ampage changes - 1.0A-4.6A
when you get to QC your looking at up to 20v
Re: £750m for the NHS per week
I believe the current figure for the brexit "dividend" is some where in the region of 20-40m a week
taking into account the rebate(loss) and currently commited payments, and agencies we want to pay to play in .....