Feeds

* Posts by Daniel B.

2650 posts • joined 12 Oct 2007

Spooks vs boffins: MIT bods say they've created PRISM-proof encryption

Daniel B.
Silver badge
Boffin

Um...

Seen this at least a decade earlier with Hushmail. If you use the Java-enabled version of their service, encryption takes place on the client. The private key does reside in Hushmail's servers but it isn't decrypted on-site as long as you're using the Java-enabled version of the service.

Sure, the client code is stored on the server and could be tampered (and this being the NSA, they might even have a valid cert to sign their tampered code as well) but the logic's there.

What this MIT stuff does is something I've already done at least once for secure cloud storage. Somewhere on my 'land of dead project code' I have a piece of Java code that uploads stuff to Rackspace's Cloud Files storage but encrypts it in-transit and adds the key to metadata … said key is encrypted with someone's public key. Thus the data can be only decrypted by someone who has the corresponding private key. The concept isn't groundbreaking at all and anyone who is security conscious has been doing this for years. At least one employer basically crammed sensitive data inside a TrueCrypt portable drive and uploaded that to the Cloud Storage service du jour.

0
0

Forget sledgehammers – crooks can CRACK ATMs with a TEXT

Daniel B.
Silver badge
Boffin

Windows on ATMs

Looks like using Windows for ATMs doesn't sound as bright right about now.

I have always been miffed at this, especially given that I have worked at certain banks (yes, MEXICAN banks) and most of them snub Windows for everything else. But the ATMs are on Windows, no surprise they're getting 0wn3d on the ATM side.

Oh well, beats having the whole ATM stolen, which happens every now and then.

2
0
Daniel B.
Silver badge

Re: ¿Plata o plomo?

Heh. Been a while since my country appeared on El Reg, and I'm not quite surprised it came up with an ATM slurping malware bit. But it does confirm that I was properly annoyed when I realized they had switched from OS/2 to WinXP on ATMs … and I was thinking "geeze, we shouldn't be putting that OS on ATMs!"

0
0

No Notch niche: Minecraft man in rift with Oculus after Facebook gobble

Daniel B.
Silver badge

Re: ..a multimillionaire already ..... can afford to walk away

Being neck-deep in debt does mean you can actually have negative wealth. It's a basic concept few people grasp, otherwise we wouldn't have so many people who go broke as soon as they spend more than a month without a job.

And not all people in debt are using their CCs to buy useless crap; some have to do so to survive.

1
0

White House may ditch BlackBerry, adopt LG or Samsung, ignore Apple

Daniel B.
Silver badge
Meh

Meh

So the "news" is actually hearsay. Haven't these rumors been doing the rounds for a couple of years now? And yet, Blackberry does seem to keep the edge on security, being the only ones with "Authority to Operate" by the DoD. If the White House were to switch smartphones, they should use their own NSA-approved Sectera Edge handsets, instead of going for stuff from other parts of the globe. At least most of my Blackberry handsets are made in Mexico, which at least is within the US's vicinity vs. "somewhere in China".

0
0
Daniel B.
Silver badge

Re: Right...

Dear MS shills, if you're trying to pass off as actual users, stop using the AC flag.

1
0
Daniel B.
Silver badge
Boffin

Bummer

WP8 got FIPS 140-2 certified. While it is commendable (IIRC other non-BB devices haven't got that yet), WP8 still needs the other cert, the one from DoD mentioned in the article. And well, vulns can and will be patched, while having 0 known vulns doesn't mean there aren't any.

0
0
Daniel B.
Silver badge
Boffin

Re: My own view

Except they are still relevant, and are still the only ones with "Authority to Operate" by the DoD. As long as the competition doesn't get this, BB will remain in government and military sectors. Of course, there's also the Sectera Edge, but I wonder how many people in the DoD actually have one of those...

0
0

RIP Full Disclosure: Security world reacts to key mailing list's death

Daniel B.
Silver badge

Re: USENET?

Yeah, the first thing that popped into my mind was the lame Scientology attempt to kill one of the USENET groups that was critical against them. Which of course was ignored.

1
0

Hidden 'Windigo' UNIX ZOMBIES are EVERYWHERE

Daniel B.
Silver badge

Re: The devil's in the detail

"I'm plesantly surprised by the lack of gloating from Windows-only people"

You didn't stay long enough. The very first post here is an MS shill/troll, followed by a lot of replies made by ACs gloating. It does seem that most of 'em are hiding behind the AC mask though.

11
5
Daniel B.
Silver badge

Windigo?

The cannibal thingy is called 'Wendigo' IIRC.

2
1
Daniel B.
Silver badge

Re: "exploits poor configuration and security controls"

Yup. It's pretty much a given that those 0wn3d servers are the kind that someone set up and then proceeded to ignore. I still remember one site that spilled its MySQL creds, someone posted said creds in some forum and the trollosphere proceeded to DROP TABLE everything. 3 *months* after that, it was still missing its DB. There are a lot of people out there that have lax security practices and I'm guessing that is biting them back right now.

4
0

NSA's TURBINE robot can pump 'malware into MILLIONS of PCs'

Daniel B.
Silver badge
Boffin

FOXACID?

Seems to me that someone in that NSA team has been playing too much Metal Gear Solid.

0
0

UK's CASH POINTS to MISS Windows XP withdrawal date

Daniel B.
Silver badge

Re: NCR

Linux didn't exist until a decade AFTER the first release of DOS. DOS was 1981, Linux didn't exist until 1991.

So I assume you didn't read the full statement you yourself quoted:

All UNIX derivatives, including Linux, have had "remote management" capabilities for a decade before even DOS existed!

UNIX is the one that has had remote management since its inception, which dates back to 1970 (probably earlier). Linux got it since it was born due to being a UNIX derivative as well. Windows had to have the remote management stuff added later, and even then it had to be changed at least once from the proprietary thing they had on NT4 and earlier to the LDAP/Kerberos5 thingy they made in Win2000.

8
1
Daniel B.
Silver badge

Re: NCR

"The banks mainly use Windows because of the excellent remote management offered which isn't/or wasn't until recently available for Linux."

You're joking, aren't you? All UNIX derivatives, including Linux, have had "remote management" capabilities for a decade before even DOS existed! And it's also why most banks actually use AIX, Solaris, Linux in their server stacks instead of Windows. Even AD is basically a pirated implementation of LDAP and Kerberos5. And before that we had NIS and NFS. What the Windows world was barely achieving in the late 90's/early 00's was already standard in the UNIX world!

17
2
Daniel B.
Silver badge

OS/2

I'm guessing banks chose Windows because of their choice of running OS/2 on earlier ATMs. WinNT is after all a breakaway "pirated" OS/2 so it's possible that Windows would be able to run most of the OS/2 software without a problem. Also, at least until Win2000, NT had an OS/2 subsystem and that might help as well.

Me? I would've probably gone down a hardened Linux route, or simply gone down an even safer route with QNX.

4
1

CIA hacked Senate PCs to delete torture reports. And Senator Feinstein is outraged

Daniel B.
Silver badge

Heh

Though she is right. The CIA is forbidden from operating within the US. That alone makes it unlawful for them to have deleted stuff from the oversight committee.

12
0

Satisfy my scroll: El Reg gets claws on Windows 8.1 spring update

Daniel B.
Silver badge

Meh

So MS is either still going "la la la can't hear you" or they've already written Win8 as a loss and are re-coding Start Menu and "traditional" UI as something for Win9. Even the MS shills over at ZDNet are starting to say that MS screwed the pooch by now.

1
0
Daniel B.
Silver badge

Re: Rationalization over Reality

I think I know who h4rm0ny is!

I thought he was the anti-Eadon, formed after the original one was nuked. Maybe he possessed Sinofsky?

0
0
Daniel B.
Silver badge
Boffin

Re: separate UI for pc or touch?

Ah, someone that actually remembers how System 7 looked like when Windows 95 came out. Indeed, Win95 was basically "pirated System 7" and even then it wasn't even an actual OS; Win95 was DOS 7.0 with a shell extension. You still had to run WIN.COM the same as it was with Win3.1 (don't mention Win3.11, that's the ME of the 3.x days) but now WIN.COM was automatically executed after config.sys and autoexec.bat so you didn't notice this. Win95 basically copied the System 7 look & feel, dumping the horrible Program Manager interface.

Incidentally, Windows 8's Start Screen is the Program Manager revival...

3
1
Daniel B.
Silver badge
Facepalm

But...

It won't. They did put something touchy-friendly, Launchpad, and it proceeded to be the least used app on OSX. They did notice this and thus no forced touchy interface for OSX. Compare to Microsoft.

9
0

Sony US PlayStation supremo Jack Tretton ejects after 19 years

Daniel B.
Silver badge
Happy

Nice!

Looks like he leaves at a moment where the SCEA division is going strong.

0
0

Brit Bitcoin dev: I lost 'over £200k' when MtGox popped its socks

Daniel B.
Silver badge
Boffin

Problem with this guy

Keeping the BTCs on Mt. Gox. Sure, many people were speculating and thus going to and fro between BTC, USD, EUR and such. The thing is, if you really care about the amounts, you really really shouldn't leave a large balance on the exchanges. I learned that the hard way during the Second Life bank collapse of 2007. Though the worst money loss wasn't the broken banks … it was the World Stock Exchange which basically made off with a lot of money. Hell, the story even was similar to Mt. Gox sans the legal action.

1
0

Steve Ballmer: Thanks to me, Microsoft screwed up a decade in phones

Daniel B.
Silver badge
Boffin

PDA Space

The PDA market was mostly created by the Newton in the early 90's. It had even built up a thriving ecosystem up until Saint Jobs second coming got it killed overnight (his revenge against Sculley). But even by then, Palm had already entered the market and for years they were the leaders on the PDA business. MS was the ugly duckling there, mostly starting with their Handheld PCs (remember those?) then switched to the PocketPC format to compete with Palm. They had limited success with those, but the main problem was that MS just stuck the "Windows Experience" upon a PDA instead of doing something different. Hell, even Symbian was king during the early smartphone years, and that one's basically rebadged EPOC (we miss you Psion!).

Then there's the thing that MS loves to deprecate their stuff. Look, we have Windows CE! Oh no, now it's Windows Mobile! Oh no, scratch that, Windows Phone 7 is totally new and anything from WinMo won't work here! Eventually the developer base evaporated and went to platforms that didn't do the deprecation dance every 2 years. Oh yes… and MS is responsible for the death of the one platform that did survive the PDA to Smartphone transition: Symbian. :(

2
0

Windows XP market share GROWS AGAIN, outstrips Win 8.1 surge

Daniel B.
Silver badge

Easy fix MS

Kill TIFKAM. You'll get a lot of XP holdouts to jump. As it is, they're going to 7 if they can, staying on XP if they can't.

Windows 8.x is a disaster. Kill it.

3
0

Dashboard Siri! Take me to the airport! NO, NOT the RUNWAY! Argh!

Daniel B.
Silver badge
WTF?

Wot?

Didn't I read that Ford was choosing QNX/Blackberry for their cars? Wots this?

0
0

MtGox: Yup, we're pretty sure your Bitcoin were stolen. Sorry about that.

Daniel B.
Silver badge
WTF?

Weird dates?

I casually noted that the Japanese stuff seems to use a different year system for some reason?

26-2-28 instead of 2014-2-28? Is Japan using another year as their "year zero"?

0
0

Inquietante testimonio gráfico: Electrosonda orgásmica anal aplicada… ¡a un TORO!

Daniel B.
Silver badge

jajaja

¡Ahora puedo postear en mi idioma natal! jajajaja ¿Qué pasó El Reg? ¿Aprovechando el manejo de la lengua española después de haber pasado meses en España por el proyecto PARIS? ¡Saludos desde México!

1
0

Fed chairwoman casts doubt on Bitcoin regulation in the US

Daniel B.
Silver badge

Re: wait...

The pro-censorship dudes behind SOPA also used China as a shining example when they were pushing their draconian bill as well. It's a disturbing trend all right, but it's there.

0
0

RSA booked TV's Stephen Colbert to give the final speech. This is what happened next

Daniel B.
Silver badge
Facepalm

Re: Ah yes, Colbert. Another unfunny guy.

The humor seems to be lost on people that don't know (or refuse to believe) Kissinger was a war criminal. He's got a lot of blood on his hands.

23
1

Apple's Windows XP moment: OS X Snow Leopard left to DIE

Daniel B.
Silver badge
Boffin

Re: 2007 hardware obsolete?

2007? a 7 year old machine? So you'd expect a machine bought in 2000 to run the Vista in 2007 or a machine bought in 1993 to run Windows 2000 in 2000 or a machine bought in 1986 to run Windows 3.11 in 1993 or a…

Or a 1986 Mac Plus to run System 7.5.5 (released in September 1996). And that's even after Apple had transitioned the Macintosh platform from Motorola's 680x0 to PowerPC. Sorry, but Apple (used to) have a pretty good record supporting older hardware.

The point's moot on 2007 hardware anyway. The real reason for those Macs being unable to run ML and Mavericks is that 10.8 and newer are now 64-bit only. Apple jumped ship to Intel too early, they should've probably waited 'till the 64-bit processors came out. PPC was 64-bit already after all. They'd probably have all users on Mountain Lion as a minimum if they hadn't killed Rosetta on Lion and newer.

4
1

Update your Mac NOW: Apple fixes OS X 'goto fail' SSL spying vuln

Daniel B.
Silver badge
Boffin

Re: This is funny

I have been using a Mac since the 1980's and have never had a virus, been hacked or lost data and I have never spent a single cent on anti-virus software.

Had you said "early 2000's" it would have been believable. I was a Mac user during the early Mac+ days, up until sometime around 1998. I came back to Mac sometime around 2012 as most of my work is now based on UNIX and Linux, thus no real need for Windows (and gah! Win8! yuk!). But there's no way you're going to hear me say Mac has never had a virus. Frickin' Symantec Antivirus was born on the Macintosh ecosystem. And yes, we did get hit by a couple of virii, in fact we got to lose a couple of HDDs thanks to them. MacOS Classic had quite a bunch of virii roaming about, it was OSX that started the virus-free claim.

I will agree that it is at least more secure than Windows, but most UNIX/POSIX based OS can claim that feat.

1
0
Daniel B.
Silver badge

Re: Piss poor reporting

3. It was only just reported Friday and was fixed Tuesday - not sure how that is such a long time.

They fixed it on Friday for iOS, but didn't roll out the OSX fix 'till Tuesday. That's really long given that the fix is in a library, you should be able to simply recompile the affected apps with the new library and release that. Good thing I still am on Mountain Lion...

2
0
Daniel B.
Silver badge

Good

Wonder why it took so long to put up this fix. I'd just recompile the afflicted apps and upload that as the fix, instead of waiting to add some other fix to the release batch. Especially when SSL is the thing broken.

0
1

Fukushima radioactivity a complete non-issue on West Coast: Also for Fukushima locals, in fact

Daniel B.
Silver badge
Boffin

I blame quack science

Mostly the reason for many people believing that Fukushima is a grave Chernobyl-style eternal danger and government coverups may be because many of them are now gullible in believing the zillion urban legends out there. I've been finding out that more and more people KNOW that margarine is plastic and was conceived as a turkey fattening paste (it's not), they KNOW that McDonald's has mutant cows for beef, they KNOW that Velociraptors went into space and are spying on us from deep space… the list goes on and on. When the word "nuclear" is mentioned, everyone thinks green glowing stuff, Chernobyl and atomic bombs. Greenpeace even goes "full retard" with this ignorance and has been trying to stop ITER … which is a fusion reactor, not fission and thus impervious to fission reactor woes. Yet they treat them the same as fission and atomic bombs. Most people THINK they know how "nuclear" works, but most don't. And instead of hearing actual scientists, they listen to any quack who says stuff that sounds good, or doom-mongering. Maybe that's why miracle quack products still sell? People just believe anything shoved into their faces?

12
0

MtGox boss vows to keep going despite $429 MILLION Bitcoin 'theft'

Daniel B.
Silver badge

they all seem to have KKs registered with inspired company titles like the Japanese for cat

hm… NekoCorp does sound like the kind of company name a Bond villain would have. Why haven't I thought about this earlier?

0
0
Daniel B.
Silver badge
Alert

Indeed!

Mt. Gox was mostly a BTC payment processor and exchange between BTC and "fiat" currency (I put "fiat" because BTC itself is fiat as well). While you could leave money there (both BTC and USD) it was mostly to buy/sell BTCs and not to keep a balance like you do in a bank.

People who put their actual savings in BTC should do so in a wallet, which at least you do have and keep yourself in your PC. (Hopefully you back it up every time you do a transaction!)

Hell, I learned the lesson on not keeping money on intermediate entities years ago, during the Second Life Banking Crash of 2007 and its fallout. Used to have my Linden Dollars deposited at Ginko Financial … until that blew up. We were offered a 1:1 swap into stock for Ginko (Something) Bonds at a then very known stock exchange called World Stock Exchange. Thanks to that, I was able to recover about 33% of the original balance I lost. I said, well, I'll invest by buying stock on the companies listed here.

Then the stock exchange suddenly halted, all withdrawals were "temporarily" suspended. While trading reopened for some months after a 9-month hiatus, withdrawals never were re-enabled… and the whole thing just disappeared sometime around 2009. In fact, the temporary halt page is still there, and it looks a lot like Mt. Gox's announcement, doesn't it? So while I did use Mt. Gox, and I did have a meager balance there (something like 0.000007 BTC and 0.0007 USD) I never kept large amounts of money there for more time than necessary. And it seems I was right!

3
0

Schneier: NSA snooping tactics will be copied by criminals in 3 to 5 years

Daniel B.
Silver badge
Boffin

Re: Strong crypto is not a magic bullet

It usually depends on how secure do you want your stuff. People or organizations that are really, really security-oriented or need to have something hard to break should get an HSM (Hardware Security Module) and use that to encrypt everything. Why? Because an HSM is FIPS 140-2 certified, tamperproof, and will keep the crypto keys in such a way they can't be extracted out of said HSM.

Of course, even then if security isn't hardened around the servers that have direct HSM access you can still end up getting everything compromised (mostly if you don't enforce Level 3 compliance, anyone can use said HSM and thus decrypt stuff without getting asked for password/token validation). But well, it can be done.

0
0

Nokia to Devs: PLEASE DON'T make Nokiadroid apps look like WinPho

Daniel B.
Silver badge

Did I miss something?

Nokia is being borged by MS, at least the smartphone part. Where is this Nokia X coming from? The part of Nokia that isn't getting borged?

2
0

Microsoft shunts top exec Julie Larson-Green sideways to make way for Stephen Elop

Daniel B.
Silver badge

Re: lol

Nice. Putting Elop the Nokia Butcher on the Xbox division? That's got to be real good! Especially as he wanted that division dead. Go Elop, kill it!

0
0

MtGox has VANISHED. So where have all the Bitcoins gone?

Daniel B.
Silver badge

Heh.

Except that they don't realise that real currency systems and banks are generally secure and safe.

Banks are safe, indeed. As long as they don't do stupid things like sub-prime loans or any kind of high-risk loan with most of their money, they'll remain safe. I should know as my line of work has mostly been in the financial sector, including banks.

Any currency system, however, is as stable as its backer. My country's currency (MXN) has ups and downs, so most people would rather have their life savings in something that doesn't have sudden drops every now and then. Bitcoin itself has been very volatile and as such is also not the currency I'd use for my life savings … though I do wish I had kept my 0.96 BTC I had last year (of course, NOT in Mt. Gox).

Interestingly, Mt. Gox ceased to be relevant to me when they were cut off by OKPAY. That was my only easy route in and out of that. Maybe it was the universe warning me to get out of there?

0
0

Apple, Symantec, other tech heavies challenge anti-gay legislation

Daniel B.
Silver badge
Mushroom

Easy

Apple should simply say "this law passes, I'm shutting down that glass factory". Kick 'em in the nuts to get stupid laws turned down.

3
1

Ford to dump Microsoft's 'aggravating' in-car tech for ... BlackBerry?

Daniel B.
Silver badge
Holmes

Please!

It should be pretty much obvious NOT to use MS-anything in stuff that requires an actual RTOS. QNX has been the standard in that area, long before Blackberry bought them up. Serves Ford right for using the wrong tech, at least they're fixing their mistake.

5
0

Prez Obama cyber-guru: Think your data is safe in an EU cloud? The NSA will raid your servers

Daniel B.
Silver badge
Black Helicopters

Re: the old our nukes are bigger than your nukes argument

To be honest, the US already had accumulated a lot of bitterness during the Cold War, so much that a good chunk of their current problems are caused by their past evils.

- Iran? They CAUSED it, along with the UK, with Operation AJAX. So much that said operation is no longer considered a good thing as it basically triggered a series of events that caused the Islamic Revolution and turned Iran into the US-hating, religious-zealot-run country it is today.

- Most of Latin America suffered bloody tyrants and South America in particular had at one time a CIA backed dictatorship in most of its countries. Ever wonder how Chavez got to be President in Venezuela? That's why. Having a US hating prez is the new cool in most of South America.

- The Iraq WMD lie basically killed whatever goodwill was left in the remaining part of the world that didn't have a grudge against the US. Dubya's Administration foreign policy brought hatred to the US and the whole NSA/PRISM thing was just the finishing touch to all that.

It is indeed sad to see this happen, given that the US at one point was the shining beacon of freedom during the 19th Century. Today? Not so much.

5
0
Daniel B.
Silver badge
Boffin

Re: Your data

The point is that NSA (and pretty much any other agency) can simply send a secret FISA warrant and seize all the data by themselves. They don't need to hack stuff within their borders, they already have the omnipresent power there. That's why lavabit shut down.

Same thing applies to CBP, they can simply dump all your HDD's contents for later "research" if they want to at customs. This is why I had to delete sensitive client data before traveling to the US; I'd be involuntarily breaking NDAs just by entering the US. Extra points as the CBP power was given by a judge during a pedophile case, so it gets the added "for the children" mantra used instead of going after "terrists".

2
0

Harvard student thrown off 14,000-core super ... for mining Dogecoin

Daniel B.
Silver badge

Re: Some things never change

hehehe. My High School was the HS for a college here, which is pretty common over here (most High Schools are either linked to a university's "system" or are wholly part/owned by one) but in my HS case, we actually were in the university campus… so we shared everything with the actual college dudes. So one of the students had done some work for some company which had a Red Hat Linux 5 server somewhere. Naturally, he compiled a CircleMUD variant and put it up for everyone to use. So we used the university workstations to play on a MUD secretly running at a server. hehe. The computer lab admin for the lab where all the RS/6000s were (the ones we used for MUDding) actually allowed us to do this as long as we didn't do it when real work was needed to be done.

After a year and a half of this, someone got wise on the company and killed the MUD. A sad day that was...

0
0

Saving private spying: IETF Draft reveals crypto-busting proxy proposal

Daniel B.
Silver badge
Boffin

ISP and Proxy

ISP's shouldn't use proxies for their service. Not. At. All. It just serves for them to engage in shady content favoritism practices or snooping. It's one of the things that ISPs should never do unless they have a really good reason to do so (say, being a satellite ISP and even then, the proxy would live within your premises.) The other horrible thing they shouldn't do is CGNAT.

Both practices, however, are done by the Cable ISPs here in Mexico, the main reason why I don't ever use them.

1
0
Daniel B.
Silver badge
Boffin

Re: It's already happening you just don't know it.

You're assuming that the backend connection for the reverse proxy isn't SSL. While I'll admit that the places with reverse proxies I've worked at have both the reverse proxy and the backend in the same site, I do know that everything is covered by SSL. Hell, a certain bank that shall not be named has SSL from Internet to Reverse Proxy, RP to yet-another-RP, to Application Server, to MQ, to Mainframe.

Usage of reverse proxies doesn't automatically mean "cleartext on the backend".

0
0

MtGox MELTDOWN: Quits Bitcoin Foundation board, deletes Twitter

Daniel B.
Silver badge

Oops

Looks like MtGox is starting to sink. Truly sink.

Fortunately there are still other exchanges, but what the hell?

1
0

Muslim clerics issue fatwa banning the devout from Mars One 'suicide' mission

Daniel B.
Silver badge
Joke

Conspiracy theory alert!

Khazar!

Those are found in the same place where the Reptilian Thetans have their Space Hitler base, launched by the Iluminati and Raptor Jesus during the establishment of the New World Order. The Khazar are really inhabitants from Nibiru and are just waiting the deep space signal from Mothra to destroy OUR WORLD!!!! OMGWTFBBQ!!!

0
0