Feeds

* Posts by Martin Milan

107 posts • joined 22 Sep 2007

Page:

Austrian Tor exit relay operator guilty of ferrying child porn

Martin Milan
WTF?

Aren't judges, tradionaly, supposed to show a little actual judgement?

I would like to know why they also didn't go after the phone company, and come to that the electricity supplier, on exactly the same grounds... They are certainly equally "complicit" - ie not at all.

It comes down to a simple question really - should we round up the gunsmiths, knife makers and inflatable banana manuafacturers (it could be done...) and charge them with all the murders involving their produce?

No?

Because if not, the guy is plainly bloody innocent.

2
2

Passwords in plaintext? NOT OK, Cupid

Martin Milan

Not again...

No, No, No No No No No!!!!

DO NOT encrypt passwords.

Hash 'n' salt, but do not encrypt!

Why would you even want to be able to get back to the original password? Why even allow the possibility (that an attacker might get your key)

2
0

THOUSANDS of Tesco.com logins and passwords leaked online

Martin Milan

Re: Even worse

I know...

I remember discussing with colleagues how come we (pokey works management system at the time) were aware of salted hashes, and the team behind a site like Tesco.com, with multi-million pounds in transactions, either were not aware, or didn't consider it important...

0
0
Martin Milan

Re: Oh dear

Here we go:

http://www.theregister.co.uk/2012/07/31/tesco_website_insecurity/

Exit stage left security team...

1
0
Martin Milan

Re: Unencrypted passwords ?

Like I said above, they were warned about this a year or two back...

0
1
Martin Milan

Oh dear

I seem to remember Tesco being covered on El Reg a year or two back. I also remember several people at the time objecting to their clearly storing passwords in clear text, as opposed to salted hash.

In short then, it's not like they were not warned...

I'm not certain about this, but I think they got shirty with the guy who originally exposed them as well.

4
0

'No, I CAN'T write code myself,' admits woman in charge of teaching our kids to code

Martin Milan

Oh really?

So then - people who don't know how to code (the "lead teachers") are going to be given a day's training, and then left to train other people who don't know how to code (the "grunt" teachers), who will in turn be training another group of people who don't know how to code, most of which don't want to code (the kids), to code.

Yeah - right. Someone ring the emergency services, coz there's one hell of a car crash just around the next bend...

3
0

IT executive at JP Morgan dies in fall from bank's London HQ

Martin Milan

Re: now that's how you 'take a fall'

Not really all that funny...

I've had a colleague who went on to kill himself - it's an awful time for all concerned.

Thoughts with families, friends and colleagues...

23
1

Elderly Bletchley Park volunteer sacked for showing Colossus exhibit to visitors

Martin Milan

Re: You're doing it wrong...

I used twitlonger...

0
0
Martin Milan
Facepalm

You're doing it wrong...

Just tweeted the below to @bparkceo...

You know what? If you find yourself running a charitable trust, one charged with preserving the memory of a remarkable group of people who secured your freedoms, and you describe yourself as the “Chief Executive Officer”, you’re doing it wrong.

If you preside over a regime where, when I call to establish the facts BEFORE complaining to the National Heritage Fund, I’m told “There is a statement on the website and that is all I can say…”, you’re doing it wrong. If you don’t recognise the irony of having this regime in a place so instrumental in preserving your own liberty to think and speak as you feel, you’re doing it wrong.

If you really do consider yourself unaccountable to the public, you’re doing it wrong.

If you think it’s acceptable to receive money from the Heritage Fund, and then even consider erecting fencing to prevent people visiting Colossus, even if it is hosted by another body, you’re doing it wrong.

If you’re prepared to squander the most precious resource you have - namely the elderly volunteers who have both a knowledge and enthusiasm for the place of which you can only dream, you’re doing it VERY wrong.

If you’re really are doing things THAT wrong, then its time to consider stepping aside in favour of someone who knows how to do it right - and I can point you toward a few elderly volunteer types who would be one hell of a first guess.

16
0

KC engineer 'exposed unencrypted spreadsheet with phone numbers, user IDs, PASSWORDS'

Martin Milan

Re: WTF?

LOL. I'm scared to think you might, just might, be from the IT industry.

12
2
Martin Milan

WTF?

... then allow me to enlighten you...

The issue is that this engineer now has credentials for accessing thousands of customer's email accounts. If the customer has been lazy (and most will be), he probably also has access to theiR facebook / twitter accounts as well...

There is no excuse for holding passwords in clear text - even back at base - nevermind on a remote worker's laptop.

17
3

Crowdfunded audit of 'NSA-proof' encryption suite TrueCrypt is GO

Martin Milan

Not an expert on this, but it seems to me that in order to have any credibility, the identity of the auditors must be known. On the other hand, once they are identified, the NSA / other such body can get at them and threaten all types of nastiness unless they get the result they want...

Seems to me then that we should be trying to keep the auditors identity a secret until the very moment the report is published...

3
0

Assange: 'Ecuadorian embassy staff are like my family'

Martin Milan

"It’s a bit counter-productive to trap me here, because what else can I do but work?"

Erm - how about throwing it all in, and going back to Sweden to face your accusers?

If you're innocent, great - best wishes clearing your name. If you're not, face the consequences.

In either event, grow up.

(I actually think he'd be somewhat safer from extradition to the US in Sweden than he is in the UK...)

18
6

Snowden journo's partner wins partial injunction on seized data

Martin Milan
Unhappy

Re: There's more going on here...

First of all, I am not sure (someone more learned than I might like to comment) that RIPA can be invoked in an Airport Transit area. It's important to remember that he wasn't, technically, stood in the United Kingdom.

Again though, we come back the "compentence" point. If they knew what they were doing, MIranda should not have had knowledge of the decryption keys. Surely even RIPA cannot be used to punish him for failing to disclose information to which he has never had access?

Additionally were I in their shoes, I would almost certainly have used a hidden partition, with something pleasingly innocent on the exposed partitiion to keep the boys in blue happy...

I think the only thing we do know here are that there are a lot of things we don't...

0
0
Martin Milan

There's more going on here...

Am I really the only techie here who can see this?

From what we've been told, the "data" was encrypted - and given Mr. Snowden's involvement in all this, together with the fact we are dealing with a journalist who specialises in security stories, one or two questions really do demand answers...

1/ The UK Government are claiming, in court, to know the content - to have read it and understood it. It follows from this that they have the clear data. Surely we are not being led to believe they have cracked the encryption in 5 days?

2/ Miranda has apparently given passwords to the computer and to his social media accounts. From what I have read, he hasn't divulged any decryption keys.

3/ If Snowden / Greenwald know what they are doing (and we have to assume they do...), far from revealing decryption keys, Miranda shouldn't even know them. He should, for all intents and purposes, merely be moving a lump of plastic and silicone from country A to county B. There are good reasons, as I'm sure he know appreciates, for Miranda to know nothing at all about the security measures taken...

4/ *If* they don't have the data, and to be honest I rather suspect they don't, then the government are lying - to a court. Given the number of illegal acts Snowden has already exposed, it's sadly no longer difficult to imagine that our security services / government would have a problem with doing this...

Like I say - there's more going on here than meets the eye...

5
1

Bradley Manning is no more. 'Call me Chelsea,' she says

Martin Milan
Black Helicopters

Justice?

There's a Facebook post doing the rounds amongst techies in the United Kingdom that compares the sentance Chelsea has received to the far more lenient sentences that have been given out to other members of the military for the killing of non-combatants - even harvesting body parts in one case It's enough to make anyone with a brain stop and think.

As for the gender reassignment thing - I'll go with her views on how she wishes to be addressed. She acted to try to start a debate on the actions of US Forces, and that debate is needed. The US is no longer the land of the Free by any stretch of the imagination. Nor is it the bogeyma - but things have happened that need to be challenged, or at the very least considered carefully... For my money, I respect her enough for what she has done that I'll call her whatever the hell she likes.

13
3

Who's Edward Snowden? Capita bungs its email into Microsoft's cloud

This post has been deleted by a moderator

It's a fiddle! Funnyman's Irish tax flashmob floods Apple flagship store

Martin Milan
Thumb Up

Re: 'bout time

Always liked Mark Thomas - ever since the comedy product...

Met him on a few occasions, and he's a real nice guy...

Martin

8
2

Furious Stephen Fry blasts 'evil' Reg and 'TW*T' Orlowski

Martin Milan
Meh

Let's call it a draw...

Having actually met Stephen Fry (during TwitterJokeTrial) I can assure you that he's not merely a pontificating buffoon speaking as an expert on what he doesn't understand - he's also a decent chap with decent values.

OK - so he carps on about some things in IT of which he has a rudimentary understanding... That's how half of my colleagues - hell, even me from time to time - make their living.

As for the Reg being vicious - no Stephen, it normally isn't... I learn more about happenings in IT from El Reg than I do from almost any other source...

25
2

Council IT bod in the dock for flogging scrap work PC parts

Martin Milan
FAIL

Ahem!

The point you're all missing here is this:

The council was disposing of it's equipment, and failed to notice that hard drives etc were not making it as far as their approved disposal agent.

Since said agent would doubtless raise concerns if machines started turning up missing such useful components, it seems to me unlikely the agent was receiving the machines in question. This leads us to "whole machines were likely not making it to the disposal agents, and nobody noticed".

This chap might have been a well intentioned (if naive and poorly informed) chap, diligently wiping material etc before selling devices on. But what if he wasn't?

Data Protection For Dummies to the IT Dept I feel...

2
0

Do Not Call Register operator breaches Register

Martin Milan

Re: 30 Days?

I suspect the reason for this is to avoid having to implement one central webservice, which in light of the number of requests it would receive would either need to be ran on beefy iron, or would become one central point of failure.

The current approach allows the register to simply give the data to the call centre chaps every 30 days, and the call centres can then use their own systems to check it.

0
0

UK High Court split over Twitter airport bomb joke

Martin Milan

Re: In the near future

I already use one on occasion... Not here though, usually...

0
0
Martin Milan

Re: Poor guy - the bleeding edge of British Law...

They spent more than "a few minutes" doing just that.

0
0
Martin Milan

Re: Everybody sing!

lol...

I've had code reviews by a technical lead who insisted I changed all my "intcnt" and "lngcnt" variable names because I was swearing...

Hi Kelvin, if you read this!

0
0
Martin Milan

Re: Advice for his legal team

I have actually written to Ed Miliband (my MP) asking if, in light of the fact this law is so insidious that even his own "Social media Tsar" can fall afoul of it, it might be time for the opposition to actually start opposing something...

0
0
Martin Milan

Re: Seriously

Not really, since he said they had "a week and a bit" - I think an airport can be safely evacuated in eight days...

Seriously, read about the case.

0
0
Martin Milan
Thumb Down

Re: Seriously

Only he didn't shout anything in a crowded anywhere, did he? Making your point rather, well, lacking in point really.

0
0

Yahoo! fires! patent! lawsuit! at! Facebook!

Martin Milan

That's it...

I'm applying for a patent for holding little bits of paper that come out of the US Patents Office.

I'm not worried about prior art - they're too stupid to realise...

Martin.

0
0

Brit pair deported from US for 'destroy America' tweet

Martin Milan

Thoust believes correctly...

0
0

Top cops placed under Freedom of Info law

Martin Milan
FAIL

Network Rail

Another body that really should be on that list is Network Rail.

Aside from the scrutinty this would allow them to be held to in terms of complance with safety concerns etc, it could also be said that their financial management has at times been rather suspect. We are 40% less efficient than our continental cousins when it comes to rail maintenance...

FOI could be put to considerable use were it to be available as a tool with which to hold Network Rail to account - effectively a publicly funded body who should expect all the scrutiny that priviledge ought to entail...

Martin.

4
0

Prang finder site reveals accident blackspots

Martin Milan
Thumb Up

Hmm...

Well, the site seems to be down, so I can't comment from experience yet...

Still, I suspect it would prove an "enlightening" exercise were our government IT chaps and chapesses to compare and contrast both the results and the costs of both this and the crime data site.

If they look carefully there is probably a couple of lessons involving "overpaid consultants" and "letting people who know what they are doing manage the project themselves" to be had in there somewhere...

0
0

Ubisoft revisits Internet-at-all-times DRM

Martin Milan
Thumb Down

Ok Ubisoft - here's the thing...

Your online service sucks, and it sucks big. I recently bought Rainbow Six Las Vegas II, which is supposed to require me to log into a Ubisoft account if I want to play online with friends. Four of us bought the title, and all four have had various problems with your network not responding. It got to the point where we simply gave in - and when we play now we use Tungle and from the game's point of view host locally on a LAN.

Why are we having to work around your shite software though?

On the back of this experience, all four of us have sworn not to go near Ubisoft again...

0
0

Universal Music passwords exposed by Anonymous hack

Martin Milan

Oh dear...

Dear Anon,

OK - Security 101...

A hash cannot be easily converted back to a string that would generate it. You might, if you're exceptionallty lucky, get a "candidate" string, but you can't be sure it's the right one, and if you try and brute force it, you will get multiple false positives to contend with.

Now, not being able to get back to the original plain text is important, because many users have the annoying habit of re-using passwords. So, if you can get the password they used for their pop group fan site, you might just also have their Facebook, online banking, Twitter password etc... This bleed over from a compromised site is a common attack vector.

The reason I wouldn't store the password on a site I wrote, even in encrypted form, is simple - I don't need to take that risk. Using hashes will let me authenticate, but it scuppers a lot of things that might be done with my user database should some script kiddie ever get their mits on it - which they won't - but that's another story...

Salting the hash gives a huge improvement in security, because I'm no longer using a standard algorithm to go from the user's supplied password to the hashed value - which means brute forcing is out of the window, so long as you don't know my algorithm. My algorithm would also be include references to random bits of information that the user never knew was associated to their account as well - random data generated when they registered for example...

So, where are we now? If you want to get at the passwords for my users, you are going to need enormous computing resource (ok, you might be the NSA...), knowledge as to the algorithm I have used to salt my hash (ok, I might have a rogue developer turn bad or something...) and access to my Database - which is in turn protected by it's own security system.

And here's the thing - I'm NOT a web developer by trade. So if I know how to implement half decent security, how comes the fat consultants paid by the lads at Universal don't?

Ps. Of course I don't like the password stored as plain text - any numpty can see that is the case from my comment. The point is, I don't like the password stored AT ALL!

1
0
Martin Milan

Plain text? That's not the issue...

It's not the plain text aspect of storing the passwords that bothers me - that's not the real problem here. The real problem is storing the passwords AT ALL!!

C'mon guys - salted hash?

3
1

Has UK gov lost the census to Lulzsec?

Martin Milan

Erm...

You're assuming the attack came from the outside. More likely, if it has indeed happened, to be an inside job me thinks...

1
0

8m health records go walkabout

Martin Milan

Wha?

Erm, no.

Find someone with a nice embarrassing condition - now then - how many people share that postcode? Let's say 20. How many are men? Ok, let's say 8. How many are 43 years old? You do see where I'm going here, don't you?

Or maybe you'd like something a little more sinister - Pick a celeb, start with postcode etc etc. Would anyone put this past the tabloid press?

Not feeling quite so smug now, are ya?

4
0

CPS: We won't prosecute over BT/Phorm secret trials

Martin Milan
Thumb Down

Their days are numbered.

I think we need start asking some very serious questions about the very existence of the CPS.

I immediately look toward their behaviour in both the Ian Tomlinson case and the Twitter Joke Trial, and what I see is a body that has no interest in justice as I understand the term...

How the hell can they argue there has been harm from this? I now have to encrypt my internet traffic (and pay for that) because I cannot rely on either the morals of my ISP or the laws of my country to defend me from a blatant invasion of my privacy! Many others I dare say have taken similar measures.

Maybe we need some sort of Public Prosecution Agency where we actually get a jury (not the trial jury, a seperate one) to act as the final decision makers on whether or not a prosecution is in the public interest.

Doing nothing, as the CPS seem to prefer, is most definitely AGAINST the public interest.

Martin.

0
0

USB key to 4,000 vulnerable people's front doors lost

Martin Milan
WTF?

No!

... You most definitely are not meant to take it that way...

If the data as encrypted, the third party supplier would have explicitly said so. The council would be screaming it from the rooftops.

The fact that they aren't anywhere near the roof tells me that this is most likely data in an obscure format. Knowing public bodies, probably Microsoft Works.

Someone needs to give these people a kick up the arse.

1
0

Bold as brass metal thieves disrupt rail, comms, electric

Martin Milan

Sense? From ACPO???

ACPO are not my favourite organisation (hey - I like liberty...), but they're not so far off the mark with this one. I would have concerns about senior police officers having the power to directly close buisnesses, but they're on the right lines (pun intended).

What's needed really are two things.

First of all, scrap metal dealers should be licensed, and rather than doing this at a buisness level, it should be done at the individual level - much as the security industry is governed today. This prevents the buisness simply doing a pre-pack, and opening up as a new buisness, with a whole new identity, the following week.

The scrap dealers are one place to focus your efforts, because evidentially, everything eventually congregates with them. If you can prevent scrap dealers from taking the stuff, then you remove the demand.

Secondly, the Transport Police need to go on the offensive, and actually start patrolling the track. PIR detection systems around infrastructure would help, but you'd need to deal with the issue of false positives from wildlife etc.

Last week I was stopped on a platform in Doncaster by a BTP PCSO and asked if I was aware of the problem of cable theft. Erm, Hello? I'm a bloody rail user - OF COURSE I'm aware of the issue!!! They need to stop doing pointless exercises like this, and actually address the problem directly...

3
0

John Barry dies at 77

Martin Milan
Unhappy

Sad news...

I love some of his music... Dances with Wolves was brilliant, but if you really want your socks blown off, listen to the music he did for Raise The Titanic. His track "All That's Left", for me, absolutely screams Titanic...

4
0

ASSANGE ARRESTED in London - in court later today

Martin Milan
Thumb Down

WTF?

It is not for him to prove his innocence. That's not, for the moment at least, how we do things around here...

1
0

Twitter 'martyr' takes airport joke case to High Court

Martin Milan
Thumb Down

Really?

Well when I was at the Crown Court for the Appeal, I met the defence team - they seem to disagree with you.

The Queen's Bench Division handle appeals arising from Crown Court cases (criminal) based on points of law.

1
0
Martin Milan

Right then...

Well personally, I reckon everyone's got an extra Christmas present to buy this year.

Go on - buy freedom a pressie!

http://www.tumblr.com/xsqa142m2

Martin.

1
0

Blogger faces terror charges for 'naming MPs'

Martin Milan

But...

... sometimes when I've just watched the BBC News I find myself thinking I could throttle half the MPs in the House. Does that mean that the BBC would be held responsible, should opportunity ever drift my way?

0
0

Cyber cops crush plod-snapper site following Millbank riot

Martin Milan
WTF?

Yeah, but...

Fitwatch are also concerned with the fact that the police (in the form of Forward Intelligence Teams) are also compiling a massive database on the activities of PERFECTLY LAW ABIDING members of the public engaged in peaceful protest. It's not just the nutters smashing windows and throwing Fire Extingishers that the police are going after.

When you can me labelled as a "Domestic Extremist" merely for attending a church meeting, then maybe the likes of FitWatch et al have a point.

As for advising people I lie in court, I haven't personally seen that advice, but if it truly does exist then there is absolutely no excuse for it. Tell the truth in court - not only is it the moral thing to do, it's also the SMART thing to do...

12
0

Twitter joke martyr loses appeal

Martin Milan
Unhappy

No...

Really - apparently Stephen Ferguson, David Allen Green, Paul, Crazy Colours myself, and about 90% of the other people in the courtroom were wrong to think that this might, and i empathise MIGHT, be a joke. Oh no. Obvious, innit...

I'm personally convinced I have witnessed a miscarriage of justice, and it doesn't leave me with a warm fuzzy feeling...

Martin.

0
0
Martin Milan
FAIL

Not only that...

As Mr. Fergusson (defence barrister) described to her at some length, the only way she could find that Paul had such intent would be to decide that we was lying in his testimony in court today, in which he very clearly started he had no such intent.

Let that sink in for a minute... In order not to have reasonable doubt in her mind as to intent, she had to convince herself that he was lying. Now, for my money (and I was 20 feet away), he was actually very convicing in his testimony - he came across as precise what he is - someone who made a silly mistake and now regrets it.

Did the judge feel Paul was owed an explanation as to precisely how she had reached the conclusion he was laying? Nope! Not a word in justification. Not an argument, not a proposition... Not even so much as a vague hint as to where she dreamt that one up.

Martin.

5
0

DARPA, NASA team on '100-Year Starship' project

Martin Milan
Stop

Steady on...

So far I have been a keen supporter of the space program. In terms of science, medecine and engineering it has given us a lot - but this new extravagence cannot be justified in a world blighted by disease and hunger.

On giant step too far!

Martin

0
10

Twitter joke appeal adjourned

Martin Milan

bit late...

Everyone already has retweeted it...

The CPS now accept that this is not a strict liability offence...

0
0

Page: