568 posts • joined 28 Jan 2016
British Airways' latest Total Inability To Support Upwardness of Planes* caused by Amadeus system outage
Its not really outsourcing between Amadeus and SABRE they cover just about the whole Airline System.
Amadeus provides search, pricing, booking, ticketing and other processing services in real-time to travel providers and travel agencies, it also offers travel companies software systems which automate processes such as reservations, inventory management and departure control.
AFAIK this could be the thin end of a wedge, its security is nigh on non-existant and any miscreant could fiddle the figures.
Load sheets are a effort to pull a rabbit out of thin air, and nothing like as acurate as they could be. it might cause some issues with privacy, but each bag is weighed to sort the bance of the cargo hold, so why isnt each passenger and their hand luggage, if these are then put into the calculation you could get a good measure of the centre of mass and the TOW of the aircraft, along with work on distributing the passengers better.
Its not so grim up here
a New UK North region may be on the cards?
We got space and comms, and cooling will generally be easier, and staff generally cheaper
Just saying ... if Capacity is an issue ...
Re: Laptop replacement
you mean like the HP Elite x3 with lapdock
Card Security Codes
I am sure that storing CVVs is banned by PCI DSS
the sooner they start cutting people off from payment networks for breaching it the better.
Cos nothing hits a business now like not being able to take money
Re: Any GDPR fine coming?
Agree, same with the OWASP top 10.
Personally I think allowing any of them is grounds for prosecution for negligence
Re: This Window Sazure sure is gonne look good in my mansion.
people dont want to ban all guns, they just subscribe to the theory - its the right to bear arms, not Artillery.
Re: I doubt there's any BV code in there
like edge was a clean sheet from IE, but all the vulnerabilities/updates are the same.
Whats next ..
Pan Atlantic Privacy Plaster?
Not Just the NHS
do you know how many fax communictaions are involved in a football transfer?
if the FIFA fax line goes down on deadline day, the deadline gets extended.
On the subject of the NHS, the system is broken, there is not enough cash in the right places and the wrong things are centralised and pushed to the edge. THere have been numerous attempts to remove the middle managment an beurocratics, but somehow regional and national and sub-national structures make there way back.
The current money wories in the NHS can be traced to the (finaly) former health secretary's Health and Social Care Act 2012, that formed the current funding system of the NHS, that sees these non-medical non-accountabale bodies known as CCGs get to choose where everyone in their area gets certain things done and by who, this frequently entails private companies who pay there less qualified staff considerably less than the NHS and get to deliver services from the NHS buildings.
Re: @ wolfetone
he's a red tory alright. first thing he did when he got in office is give himself a 50% payrise
the article was not syaing they didnt have approval, what it was saying that in order to protect the masses, the process by which they get that approval should be made public.
there is no valid national security concern why this can not be done, and it enables joe public to be aware of what is taken into account and what standard their agencies are held to
Power Grids at Risk
I got an army of Cyber Squirrels round here somewhere ...
In or out the EU is broke
Germany is the money
France and Britain were the military
Spain, italy, portugal and holland got a say
and the other 21 didnt matter
France and Germany put it together
the Germans kept space for Britain
France complained if they didnt get their way, so they frequently did.
Getting anything done in EU parliment takes a unanimous decision from all 28 countries which seldom happens
however the mutual agreements you get when your in the club make this all worth while
numberous mutual agreements
co-operation of agencies
limited border checks
visa free travel
recognition of driving licences
recognition of qualifications
cheaper landing fees.
fortuantley our higher ups ahave prevented us from getting any of these bugs by not funding the top-end equipment that has them .....
Still on dedicated phones and we booted cisco at the last refresh as we could get 10Gb backbone for less than the price of a 1Gb on cisco .....
Re: Just Awful
5,000 patents are not that many, providing they relate to the technology they actually produce/created (like these ones do)
I'd be happy to call the NFL the bad guys on this one
all is quoted from research by cyber experts in the UK.
These are based on the use of top 1000 websites from Alexa.
Use Amazon, Apple and Paypal, and you can build a valid fake card then use it any site to purchase world + Dog.
in UK post codes are a mix of letters and numbers, but ZIP codes it could check all of.
sites have different CNP requirements
Am ony requires number and expiry
Ap requires no. + exp + Cvv
PP requires no.+ exp + pcode + cvv
research was done using the sites listed above and the VISA/Mastercard networks.
quite frankly there are bigger holes inpayment processing than this and they arent even bothered fixing them.
the first four digits are set by the type of card and issuing bank, then you can start inventing data and sling it at the payment network (which has no retry limits) and brute force yourself a valid cc number, cvv expiry and digits in postcode (the only bit it ever checks,) and dont even bother with the name on card (this never get checked anyway) oh and if you fire a valid number at the system it will tell you which bits you got wrong too....
not the only toy in the shop
theres also other competing options that arent based where FISA warrants can get them
The chinese standard is family name followed by given name, but sometimes these things get fliped up, either deliberatley(to westernise) or by hacks trying to do the same.
I think the copy should read:
Xiaopeng Motors is looking to wash its hands of the matter, denying all knowledge of Xiaolang Zhang's plans
but still they would wouldnt they, I bet he was offered a bonus for every key technology he could bring with him ...
Wel maybe they didnt invent it, IBM did, but they were the first to bring it to Mainstream CPUs with the Pentium Pro
You make your bed ....
Intel invented speculative execution in their relentless drive to keep up with moores law, and caused the whole mess as others had to copy the idea to even attempt to compete with Chipzilla.
There was no thought about the security of executing code across boundaries
there was no thought of the posibility of these side channel attacks
the only thought was SPEED leads to PROFIT
what we need is to stop speculative paths when they hit a boundary, unless the process is previously authorised
Time to nationalise OverReach
The best way around the dis-insentive of the existing copper - infrastructure should be nationalised.
Ammend the housing act to require Fibre communications (or atleast the ducting for it)
and this would be sorted in no time.
Re: Rolling in cash
Neither will the NHS as according to current calculations, there is no Dividend
Come on People, if Huawei were so inclined there kit routes all the calls in BT's core network, including those in and out of a certain building in westminster beside the thames, so the Western OZ PTA is nothing to worry about
I've said it before and I'll say it again, if BT hadn't sit on there arse from the late 70s to mid 90s as they "had the best network in the world" and allowed everyone else to catch up and overtake, we might have been not to far behind singapore.
regulations should be made, all new housing must have FTTP and all new developments must include fibre ducting.
UK Average is about £0.1437/KWh + standing charge for elec
on eco7 (cheap night rate) £0.17/KWh peak and £0.08 off-peak
for Diesel £1.314/l
for Unleaded £1.282/l
so we do quite well for elec, but fuel is a rip-off
MRIs on XP are not out of support
Most medical devices and systems are running highly customised versions of Windows for embeded Systems 2009 which is not end of support until january
2009 is an uprated version of XPe with some of the vista security features ported in, because MS couldnt be bothered to componentise Vista
GDS is handcuffed by the CS, they see it as something foisted on them to make things harder.
The CS is the last UK industry that has an 80s style Management structure and a Union that has any power. The intentions of GDS were noble, but if we want change thats going to continue through more than one parliment, someone has to takle the working practices of the CS.
Chops to Gentoo
At least they came out and said "My Bad", this is how not to be an idiot next time ...
There are people who like to focus on all the ways that code can be broken, and there are other people who like to think of all the ways code can be used to implement some capability.
the trick to solve this is finding the devs prepared to do both and work out the ways that cant be broken consitantly.
Training is also key, you need programmers and not coders to devleop new systems. I e those that see the bigger picture, and can build an architecture, not those that can write a bit of code that does this.
Done right Agile/SCRUM can be secure, it just takes each devloper taking responsibility for their own code and someone taking responibility for the secure interchange between them.
Implied consent is no longer a thing.
It was under DPA1998 (95/46/EC) but under GDPR (Regulation (EU) 2016/679) which obsoletes it it is not.
Article 4(11) states “any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her”.
The right to Erasure only applies where consent is the leagl basis for processing.
In this case it could be argued that the basis is Art6.1(e) "processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract"
where the contract is between the submitter and the key server, but it does raise the issue where someone does not have the right to submit the information.
INAL and i think this needs to be settled by them, and build up some case law, anyone fancy being Max Schrems for this one?
Do the basics right and you nutralise 80% of the nasties out there.
so this puts you in a spot where people need to be targeting you specifically, so add in some better protection for the crown jewels and roberts your parent's sibling
Re: Not just national security
yeah, but these just allow you to triangulate House/office/other by taking endpoints at 1km and drawing circles to find where they intersect.
they have to ad some randomness, but even then NCC Group will probably be able to work it out from the selfies you put on insta/fb/tw/et. al
The Article 29 working party would disagree, MS Cloud has GDPR equivalence, GCloud not so much
still have my origonal Hotmail.com address, its a junk-a-poloosa, but then its been active for like 20 years, and i kinda use it as a spam filter (if orgs dont fillit with spam, they get a real address)
My favourite name origin story is the (b)accronym "Hackers often Taunt Microsoft and I Laugh!"
on outlook.com, the addresses stayed the same, but got transfered, and some upstart post-millenial probably has your @outlook.com address
Re: Do they know what an MVNO is?
Dont forget the call meta data, (time, duration, location, destination, etc)
A lot you can work out or infer with that. Anyway gov.cn can get most of the information they need by exploiting SS7 anyway
Up next: postal service charged with Hate mail
Sure, India. It's the instant messaging service's fault that people are getting lynched. its the people sending the messages.
Just as the mail service is not responsible for the content of the content of letters, How can WhatsApp be responsible for the content of messages on its network, especially when they are end-to-end encrypted.
Re: Apply: fail - But get the work anyway
MO of Crapita, Serco et al
they only sent the FoI to 147 trusts and only 80 responded, there are over 200 trusts, and ive you include CCGs which run GP services theres over 400 in england.
I'd be intrested in their smapling method, and I'd hazzard a guess one of there respondents was North Lincolnshire and Goole.
Correcting maths above, 1300hours of downtime in 80 trusts over 36 months 95% uptime (or1.5 9s)
And chances are this is the bad part of the nhs so system wide we are lookin at atleast two if not 3 9s. The problem with availablity in the NHS is resillience is sacrificed to shiny whistles and bells, as its dificult to quantify "If this component fails..."
Looks like someone doesn't know
whenIF the project will be completed.
Which admin is getting the can?
Patch Outdated Systems?
Wasnt this what started notPetya (or Talos' name Nyetia, which is better)
if you had not patched MeDoc, then you wouldnt have got Nyetia!
Security As An Afterthought
THe problem with <insert internet technology here> is the original ArpaNet was built between parties that trusted each other implicitly, so no security was required.
The problem we have now is World+Dog are on tinternet and No-one knows who to trust, and tacking on security afterwards is allways a bad idea. The alternative (rebuild the internet with security from the ground up, is not to palletable either
Re: I would imagine that Microsofts responce will be
but only on the current branch, and if you ask nicely (bank details required) current branch for business
Re: Why is this so difficult?
The Knowledge only exists now as an artificial and arbitrary entry bar to restrict the number of black cab drivers in order to drive up the price they can charge. There is literally no other reason for it to exist today.
There have been numerous independant tests, johnny with his sat nav has been beaten by black cab drivers hands down. The issue is black cabs take different routes dependant on time of day, weather conditions, etc, sat-nav sticks to one route, possibly changing if it has some traffic info, but most streets dont have the sensors.
Any way there's a big difference between PH and HC licencing and Uber just need to play by the same rules as everyone else! PHVs arent required to do the knowledge, but you do have to have a basic understanding of london geography and know how to use a map
Re: Please Donald, put an export ban on the F-35
If the POTUS wants to stop Johnny Foreigner from stealing their tech then why on earth did they put the engine maintennance plant in Turkey which is right in Putin's
backyard Back Pocket .
Erdogan is no stranger to paying both sides
Re: Can the European court go after the telecoms companies?
Technically they can't go after the telcos as they are retaining the information under a legal requirement (GDPR Art6 1C)
Its the legal requirement thats wrong
cant say who they share this with as it "risked prejudicing the prevention or detection of crime"
Sounds like law enforcement are getting it then
so basically India is saying move your ATMs from Windows Embedded 2009 (XP) before it goes EoS.
Sounds like good advice we should all be following
oh and lock them down to reduce their attack surface
yet aagin no problems here