* Posts by Kanhef

574 posts • joined 3 Nov 2007

Page:

Game of P0wns: Malvertising menace strikes Pirate Bay season six downloads

Kanhef

I suspect the ad networks' inaction is a deliberate strategy, even though poisoned ads have been a known problem for years. As long as they act as a neutral host without filtering anything, they can claim they're not liable for anything that happens. If they try to block bad ads, they could be blamed for anything that they don't catch.

Corporate lawyers can suck snozzberries.

6
3

Nest's bricking of Revolv serves as wake-up call to industry

Kanhef
Joke

Unfair comparison

A tub of hummus is quite useful – and delicious.

5
0

Confused by crypto? Here's what that password hashing stuff means in English

Kanhef

Re: Question

I think it's just a matter of efficiency: the hash is much shorter than the original message, so encrypting and decrypting the hash takes less time than double-encrypting the entire message.

0
0

Norman Conquest, King Edward, cyber pathogen and illegal gambling all emerge in Apple v FBI

Kanhef

Thirteenth Amendment

bans both slavery and involuntary servitude (except as punishment for a crime), so it's actually quite relevant here. The judge may not agree that it's a good argument, but it's not unreasonable to try to make that argument.

4
0

'Boss, I've got a bug fix: Nuke the whole thing from orbit, rewrite it all'

Kanhef

The biggest problem I see with the OpenSSL code is that it leaves you at the mercy of your compiler/optimizer. You have to trust that the optimizer will properly traverse all possible code paths and not strip out the entire if (0) block as unused/unreachable code. It may work fine for whichever compiler and optimization settings the developers used, but there's no guarantee it will work for everyone else.

0
0

Google to snatch control of Android updates from mobe makers – analyst

Kanhef

Re: And the FCC will say ... exactly what to this?

If Nokia hadn't sold out to Microsoft and killed Symbian, there might still be a viable alternative for manufacturers to switch to. Ironically, it probably would be easier for Win10 to get a foothold in the market if it was more fragmented between iOS, Android, and Symbian.

2
0

Socat slams backdoor, sparks thrilling whodunit

Kanhef

Re: Interesting point.

Definitely not obvious - at least it didn't end in a 5 - but at the same time, any decent factorizing program would have reached 271 fairly quickly, so it's clear they didn't double-check the number in the code for primeness. Since one of the factors is so small, my guess is there was a typo of some sort; if I wanted to backdoor an encryption routine, I'd use a semiprime whose only two factors are roughly equal in length (~150 digits in this case), so it would take some significant number crunching to discover that it's not prime.

3
0

Sorry slacktivists: The Man is shredding your robo responses

Kanhef

As I recall from when the FCC was soliciting comments on net neutrality, they essentially analyzed responses for uniqueness and discarded duplicates. Seems like a good way to keep form letters from dominating the responses without having to scrap the entire thing.

1
1

India just about accuses Facebook of faking Free Basics fandom

Kanhef
Mushroom

Re: Free Basics?

They were also just the right size to use as blast shields for model rockets.

2
0

Microsoft: We’ve taken down the botnets. Europol: Would Sir like a kill switch, too?

Kanhef

ISP filtering makes a lot more sense. If malicious traffic is detected coming from a particular IP address, they can sinkhole anything coming from it until the issue is fixed. Redirect any webpage requests to an information page explaining the issue and how to obtain tech support to fix it. No backdoors needed, and if they ever finish rolling out IPv6, individual devices can be blocked rather than cutting off an entire household.

0
0

Basho bashed by bolshy backer, ex-boss claims in court brouhaha

Kanhef
Paris Hilton

Business logic

"The company I started lost money, so I'm going to sue them to take even more of their money, because somehow that will fix things."

1
4

Microsoft's 200 million 'Windows 10' 'devices' include Lumias, Xboxes

Kanhef
Holmes

Maths

11 billion device-hours in December using Windows 10. 200 million monthly active Windows 10 devices. 31 days in December.

On average, each device is being used for 55 hours per month; less than two hours per day. Of course, some get used much more than that, which means many of their 'monthly active devices' are hardly being used at all. Not exactly encouraging numbers.

22
2

Riddle of cash-for-malware offer in new Raspberry Pi computers

Kanhef

Disappointed

that they redacted the email. Would be nice to expose some of the people who are behind this crapware.

2
0

Hello Barbie controversy re-ignited with insecurity claims

Kanhef

Re: The whole problem is the cloud mentality

Another problem: I'll bet the URI the voice data is sent to is hard-coded in that firmware. Hack the home router (and frequent Reg readers will know how secure those are), set a rogue DNS, and a malicious server can intercept everything it transmits. Knowing how well IoT devices are designed, there probably isn't any attempt to verify the identity of the server it's talking to.

The manual says it will automatically download and install software updates. Hopefully that process isn't vulnerable to the same sort of MITM attack.

21
0

Don't flip your lid: The Internet of Helmets has arrived

Kanhef

Might work well in welding helmets; the autodarkening ones are already powered by photoelectric cells.

1
0

Alumina in glass could stop smartphones cracking up

Kanhef

Re: It may be stiff enough (snigger)...

The article talks about how hard and stiff this glass is, but for a screen you really want toughness and a bit of elasticity. When a phone is dropped, it should be able to flex slightly to absorb the impact without cracking.

0
0

Linus Torvalds fires off angry 'compiler-masturbation' rant

Kanhef

Re: There is code smell in here

2) The size of a struct can be determined at compile time, no need to store it in a variable. Hardcoding the value isn't a good idea, as it reduces platform independence, maintainability, and readability.

3) I'm not familiar with the code in question, but 'mtu' is probably a local variable, initially set to the MTU size and decremented as a packet is processed. You could use a 'packet_size' variable instead, but then you'd have to look up the MTU size every time you check for overflow, whereas this way you just check if 'mtu' is negative or not.

1
2

Ruin your co-developers' life with Mimic, the Unicode substitution tool

Kanhef

A variation

Write a program that makes substitutions only in variable names and classes/structs/etc. (but not standard library ones). The code will still compile and run the same, but trying to change it would be a nightmare. Might be useful if you have to let someone see your code, but don't want them to steal it.

7
0

Hats off to Nintendo’s platform supremo Super Mario Bros at 30

Kanhef

Re: There's no save in Super Mario 3

There's a save feature in the Virtual Console version on the Wii/3DS, but definitely not in the original.

0
0

Amazon to trash Flash, as browsers walk away

Kanhef

Re: Hading a good time reading El Reg

Even with that typo fixed, it still doesn't make sense gramatically: "since [they] have decided Flash into either won't play or won't play automatically". Seems like someone started writing one sentence, got distracted, and came back and finished a slightly different sentence – I've done this myself more than a few times.

Also, the badness of Flash has been discussed to death here already. Mocking typographical errors is more entertaining than reading the same comments over and over again.

6
0

Enjoy vaping while you still can, warns Public Health England

Kanhef

Re: Middle way is of course, as always, the right way.

Someone showing common sense and decency? Have an upvote!

1
0

John McAfee cuffed by Tennessee cops, faces drug-driving, gun rap

Kanhef

Isn't it past time

we stopped giving people attention for being stupid?

4
5

We tried using Windows 10 for real work and ... oh, the horror

Kanhef

'HERE' is actually the name of the map company: here.com . Still could use a link, though.

0
0

UH OH: Windows 10 will share your Wi-Fi key with your friends' friends

Kanhef

Re: A Stalker's Dream

Nice example of how this can spread access to a network without the owner's consent.

If every device used Sense, it wouldn't be as bad an idea. The network owner is the only one who enters the key, it's shared with their friends and no further, everyone's happy. (Of course, as other people have pointed out, this ignores the reality that many people have contact who are not trusted friends.)

If nothing uses Sense, it's possible for friends to pass on wifi keys, but it requires a deliberate action. John could choose to give Mary's key to Charlie, but it's not something that can happen accidentally.

The problem is when you mix key-sharing methods. Maybe Mary uses a Mac and has never heard of Sense. Maybe she uses Windows 10 and turned Sense off because she doesn't want her wifi key shared with everyone she's ever contacted, which includes Charlie. Either way, when John enters the key on his Windows phone, it assumes he owns the network and has the authority to share the key with everyone he knows. Since John isn't tech-savvy, he isn't aware of Sense and hasn't turned it off; he doesn't even know that Charlie now has Mary's key.

The only way I can see this being workable is if it's fully opt-in: choose to share a key, and choose who to share it with, rather than sending it to all of your contacts.

1
0
Kanhef
FAIL

RTFA: "Microsoft enables Windows 10's Wi-Fi Sense by default, and access to password-protected networks are shared with contacts unless the user remembers to uncheck a box when they first connect."

2
1
Kanhef

When your friends connect, do they share the key with all of their contacts? No matter how secure the keys are as they pass through Microsoft's servers, the plaintext has to be recoverable for their devices to make use of it, so is there any way to prevent it from being spread ad infinitum?

3
0

Microsoft rushes out latest Windows 10 build. 300 fixes? Pff, whatever

Kanhef

So, they release build 10158 saying it has "no significant known issues". A day later, they release build 10159 with 300 fixes. They must have known about these issues in order to fix them so quickly, and at least some of them must have been significant enough to justify releasing another build so soon.

This sort of disingenuity is why a lot of us don't trust Microsoft.

42
16

Sprint: Our 'unlimited' mobe plan has one tiny limit: High-quality video

Kanhef

Why

Because video is easily the largest use of data. If all of Sprint's customers were watching Netflix at the same time, they'd be pulling 80 terabits per second across the network - some 200 times as much as the largest DDOS attacks ever recorded.

1
0

Microsoft says Oculus Rift distorts world, grinds corrective lenses

Kanhef

Re: Comparison

Really depends on the display resolution. If you can see the pixels, it will detract from the overall experience. A slight defocusing could help blend the pixels together without causing distortion.

The Oculus part looks disappointingly cheap. Single lens, rather than compound (which is probably why it has that chromatic aberration). The support ribs on the bayonet flanges suggest it's made of thin plastic, probably flexes if you squeeze the sides of it. Hard to tell what's holding the lens in place, looks like it could pop out fairly easily if you tried. In comparison, the Microsoft part looks more like my vintage telescope eyepieces.

0
0

Hey, Sand Hill Exchange. Shouting 'blockchain!' won't stop the Feds

Kanhef

Re: Regulations. . .

I think Sand Hill's approach was much like Uber et al.: try something new, ignore relevant regulations by claiming they don’t apply to what you're doing, and hope that by the time people decide the regulations do, in fact, apply, you're too successful to be shut down easily. A more cautious approach would have been to start by going to the regulators and trying to get a change in rules, or an exemption for what you want to do. Having Nobel-prize-winning economists saying it would help stabilize markets and prevent bubbles would certainly help with that.

3
0

Redmond: IE Win 8.1 defence destroying hack ain't worth patch, natch

Kanhef

Re: No conditions on the bounty payment?

According to HP, they reported it to Microsoft some eight months ago; their initial report in February said they’d already given Microsoft 120 days to respond. When they sit on a vulnerability in the latest version of one of their flagship products for that long, then decide they don’t want to fix it, they don’t have any right to tell people to not talk about it.

5
0

Wikipedia to go all HTTPS, all the time

Kanhef

Re: Playing to the gallery

MediaWiki renders each article - including templates used - into a single HTML page, so complex articles won’t be any slower to load than simple ones. Articles with a large number of images may require more connections, but that’s true of any site.

I agree that most articles aren’t sensitive, but how do you determine which ones are? If someone is at a sensitive page sent through HTTPS and browses to a non-sensitive page sent through HTTP, their history will be revealed through the Referer: header. If the server has any way to say "you’re not looking at a sensitive page, I’m switching back to HTTP", there’s a MITM encryption-downgrade attack waiting to be found. It’s much simpler to just encrypt everything and not worry about the details.

19
2

Apple to tailor Swift into fully open-source language – for Linux, too

Kanhef

The .NET CLR is a virtual machine.

4
3

Malfunctioning Russian supply podule EXPLODES above Pacific

Kanhef

At least it wasn't the one with the fancy espresso machine in it.

2
0

iPhone case uses phone's OWN SIGNAL to charge it (forever, presumably)

Kanhef

Re: Actually I think it might work ... sort of

If you had a material that could be controllably transparent to radio frequencies (similar to a liquid crystal watch display) and a way to determine the direction of the mast in use, this might actually work. Make the part of the case in the direction of the mast radio transparent, changing as the user moves. The blocked signal could be absorbed to reclaim some energy, or reflected to boost signal strength.

0
1

Boeing 787 software bug can shut down planes' generators IN FLIGHT

Kanhef

So...

How often do planes operate, without shutting down, for more than eight months at a time?

31
0

'Use 1 capital' password prompts make them too predictable – study

Kanhef

Re: Long passwords

I encountered one site with a similar issue. On the account creation page, the password field had a length of 20 characters, but the login page only allowed 10. Somewhat concerning that no one at the company who developed, tested, or used the site had a password longer than 10 characters.

2
0

Mt Gox LEAKED Bitcoin for years before heist, says WizSec

Kanhef

hmm

The discrepancy starts showing up around August 2011. Mt Gox was hacked in June 2011. They rolled back transactions after the hack, but I don't see much talk about strengthening security; my guess is that the hacker still had or quickly regained access, and decided to loot the place more slowly, avoiding the big selloffs that attracted attention the first time.

0
0

Microsoft cramming free stuff into Galaxy S6es? Not so fast – US telcos

Kanhef

All the preloaded apps on Android devices are typically installed as system apps, so they can't be removed without root access.

11
0

Netflix teams with AWS to launch VHS-as-a-service

Kanhef

Digitizing and streaming content that had only been released on tape actually sounds like a decent idea; there's good money in the nostalgia business. If they didn't have the bollocks about degrading the quality, it would be very hard to tell if this is real or not.

0
0

The internet IS a series of tubes. Kinda: A Reg 101 guide to cabling

Kanhef

Airflow

On copper cables? Anyone care to explain what that means?

3
0

Microsoft's Project Spartan browser is HERE (unless you build apps or run VMs, that is)

Kanhef

Disappointing

They know they broke VS and Hyper-V, but were willing to distribute it anyway. This does not inspire confidence in the quality or stability of the final product.

4
19

Flak for Slack chaps in yak app hack flap: User database whacked

Kanhef

Re: Slack app? Never heard of it!

Relevant: http://www.xkcd.com/1497/

3
0

Microsoft enlists web security pariah Adobe to help build Internet Explorer-killer Spartan

Kanhef
Alert

Very much panicking here

Any code that handles web pages (i.e., untrusted data) can and will be used as an attack target. I recall a Firefox exploit where image buffers were allocated but not initialized; attackers could use it to read the contents of the screen. If vulnerabilities exist, they will be exploited; if it's written by Adobe, there will be vulnerabilities.

12
1

Big Data shocker: Over 6 million Americans have reached the age of 112

Kanhef

A bit late to the party

Other news outlets were reporting on this back on March 10.

2
5

Leaked Windows 10 build hints at peer-to-peer patching

Kanhef

Re: Could be useful... if under control

Even better for enterprises with dozens or hundreds of computers all trying to update at the same time every Patch Tuesday. The LAN-only option makes me a lot more comfortable with this idea, since it's a lot harder to compromise than if it's willing to download from anywhere on the internet.

3
1

FCC says cities should be free to run decent ISPs. And Republicans can't stand it

Kanhef

Irony

Republicans love to champion states' rights vs. the federal government, but then get all upset when you apply their same reasoning to cities' rights vs. states.

19
0

FCC Republicans slam brakes on net neutrality, but this wagon ain't slowing

Kanhef

Re: When will they understand...

You're forgetting that for a large percentage of the US, "another vendor" doesn't exist. I've lived in places where Comcast was the ISP; there was no choice. If ISPs decided to be evil, most people would put up with it, not because they want to, but because the only alternative is to give up internet access entirely.

Also, the notion that 'if one company is bad, they'll be forced to back down when all their customers leave for competitors' doesn't really hold up when you look at historical precedents. For example, commercial airlines started cutting services and adding fees for everything in the late '90s. None of them went bankrupt or had to reverse course over it, because in short order all of the airlines were doing the same thing.

6
1

Got $600 for every Win Server 2003 box you're running? Uh-oh

Kanhef

"standard application abstraction layer that is OS independent"

You mean something like the Single Unix Specification/POSIX?

2
1
Kanhef

A bit confused here

If extended support is ending and there won't be any security patches, what exactly are people supposed to be paying for?

0
1

Page:

Forums