* Posts by Frank Bitterlich

212 posts • joined 9 Nov 2007

Page:

Facebook Messenger: All your numbers are belong to us

Frank Bitterlich
Big Brother

"We can help you interact with businesses or services..."

Thank you for that kind offer, Mr. Zuckerberg, but I'm all grown up now and have a fully functional web browser, so I don't need your "help" with that.

But I suspect that the trend of companies and organizations thinking that having a Facebook page is more important than a real website will only get worse.

When I repeatedly state that I do not and will not ever have a Facebook account, some people still look at me like some kind of idiot who lives in the past. Good luck, mankind, with that level of ignorance.

30
0

TV streaming stick brings the movies and the network backdoors

Frank Bitterlich
Facepalm

Re: Brute force ...

Do you really think that a company whose idea of security is an 8-digit numeric root password would ever implement anti-bruteforce methods?

2
0

Microsoft encrypts explanation of borked Windows 10 encryption

Frank Bitterlich

Re: Translation follows...

Sure, because as we all know, posting instructions on how to tinker with your registry so that the nagging stops into a large knowledgebase, is way better than to just add a "No, thanks, leave me alone"-Button to the nagware.

0
0

HSBC COO ‘profoundly apologises’ for online outage

Frank Bitterlich

Re: Likely causes....

Well, that list is roughly equivalent to saying "The problem must be either hardware, software, or human error." Not wrong, but useless.

5
0

City of London cops in Christmas karaoke crackdown shocker

Frank Bitterlich
Terminator

Costing money? How?

So, we're talking about tracks that are not available for purchase. Which makes me wonder how "... would still have been costing the legitimate music companies money ..." could be working. Other than general "home taping kills music" arguments.

Oh, and I call BS on the "legitimate" attribute.

19
0

WhatsApp laid bare: Info-sucking app's innards probed

Frank Bitterlich
WTF?

What's the point?

The article says:

This data included WhatsApp phone numbers, WhatsApp phone call establishment metadata and date-time stamps, as well as WhatsApp phone call duration metadata and associated date-time stamps. They also were able to acquire WhatsApp's phone call voice codec (Opus) and WhatsApp's relay server IP addresses used during the calls.

So, this "collecting" phone numbers, call duration and other stuff is clearly what WhatsApp needs to make the call.

Don't know exactly what the article is about. Somebody has looked into WhatsApp traffic and fails to find someone with their hand in the cookie jar?

24
0

You want a 6% Google Tax? Get lost, German copyright bods told

Frank Bitterlich

Re: cry me a river....

The remedy is clear: 1) do it like Spain, add extra legislation making it lillegal/impossible for publishers to opt out; and 2) make it illegal for aggregators like Google to opt out as a consequence as well.

(Optional: 3) make it illegal for the users to not read an article taxed in this way.)

After all, it's called a "tax" for a reason.

And, some simple math:

6-11 % fee x 19-21 % VAT: Nice extra money for the state. But that, of course, has nothing to do with anything.

3
1

iCloud phishing attack hooks 39 iOS apps and WeChat

Frank Bitterlich
Facepalm

I need the list of affected apps...

... just to compile a personal blacklist of app developers whose apps I'll never use or download again.

Because if their devs are so utterly clueless, their apps are dangerous even without this compromise.

@TeeZee: God help us. We really are truly f...ed. Indeed.

3
0

Class action launched against Facebook over biometric slurpage

Frank Bitterlich

This time, it's not just a matter of changing the ToS

In similar cases, Facebook et.al. usually just amend their ToS to effectively state that all your stuff belongs to them, and that by using the system, you agree to that.

But this time it's about data of other people - non-users - that they ingest and process. This means that just adding an "I agree" button will not work this time. They'll probably try to add words to the smallprint that the user (=uploader) has to obtain consent from all people in the pics, which is (a) ridiculous and (b) probably not defendable as due diligence.

This will be an interesting case...

10
0

Anonymous UK 'leader' fined for revealing ID of rape complainant

Frank Bitterlich
Headmaster

Re: Anon Leader

Wouldn't that be an oxymoron, rather than a tautology?

You know, as in "... Anonymous member Malcolm Blackman, 48, ..."

11
0

ICO probes NHS clinic's data blunder that exposed HIV+ status of 800 patients

Frank Bitterlich
FAIL

Sure, "human error"...

Once again, the blame will be on the individual making the copy-and-paste mistake. Or maybe their immediate supervisor.

And nobody will ask the really important questions. Like, why the hell are they using desktop email programs send out newsletters? And why do they have no safeguards in place (like leak prevention rules on their mailserver) to prevent this? They are working in the most privacy-sensitive medicine branch, why don't they have management-level data protection people? Or if they have them, what kind of qualification do they have?

But of course it's much easier to fire some secretary for "not following the rules."

16
0

Microsoft backports data slurp to Windows 7 and 8 via patches

Frank Bitterlich
Terminator

Newspeak...

"Customer experience" => Data grabbing

consent.exe => "No need for you to consent, it's all in the EULA."

"By applying this service, you can add benefits..." => "That's benefits for us, not for you, of course."

Hardcoding the host address: "Preventing us from siphoning you usage data? Ha ha, nice try."

The MS legal department must be bored, so they're trying to pick a fight with various data protection agencies.

20
0

Ads watchdog slams Mind Candy for upselling subscriptions to kids

Frank Bitterlich
Devil

Good to read that they are considering...

... to remove the word "now" from the ads. Now the world is safe again.

4
0

Směrť Špionam! BAN Windows 10, it SPIES too much, exclaim Russians

Frank Bitterlich
Coat

In Russia, ....

In America, you download operating system.

In Russia, operating system uploads you.

(Yeeees, I know, that one was predictable.)

8
0

Linux Foundation wants open source projects to show you their steenking badges

Frank Bitterlich
Alien

GPL == security?

... criteria being considered include whether the project is under an explicit open source license ...

OK, so choosing the right license will contribute to the security of my product?

Wow, I didn't know it was that easy...

3
0

Don't fight the cistern: Voda takes the plunge with plumbers’ parking app

Frank Bitterlich
Big Brother

Combine the useful with the creepy...

... as in "Combine an app that shows free parking spaces with a gadget that sniffs around in your car's data and your driving habits." None of the users will question whey these two things need to be combined or even understand that they are constantly being monitored.

I just wonder why the OBD-II gadget doesn't feature a CCTV camera and voice recorder.

4
0

Microsoft Edge web browser: A well-presented mea culpa

Frank Bitterlich
Big Brother

Re: "It's worth turning on the (potentially) privacy-invading Cortana for that feature alone."

The most interesting part:

"AutoSearch and Search Suggestions in Internet Explorer automatically sends the information you type into the browser address bar to your default search provider [...] as you type each character. In Microsoft Edge, this feature automatically sends this information to Bing even if you have selected another default search provider."

Why?

21
0

Did speeding American manhole cover beat Sputnik into space? Top boffin speaks to El Reg

Frank Bitterlich

Re: Sounds like a job for:

... or xkcd's "What If?" blog.

9
0

GCHQ: Security software? We'll soon see about THAT

Frank Bitterlich
Big Brother

The definition of "security"

So, some security agencies are trying to disable security software in order to keep us all secure (from whatever threat of the day may be). And some of these security software companies apparently don't need to be fought/hacked/persuaded for unclear (read: obvious) reasons.

Seems to me that there are a number of different definitions of "security" out there.

"I go down to Speaker's Corner I'm thunderstruck [...] Two men say they're Jesus – one of them must be wrong..."

6
0

Obama issues HTTPS-only order to US Federal sysadmins

Frank Bitterlich

Just to clarify one thing...

Ordering all federal website to use HTTPS does _not_ mean they want to ensure the users' privacy. It just means that since they have the data anyway (they're running the servers, after all), they just want to make sure that nobody _else_ gets to listen in too.

While still a good thing for users (and encouragement for other sites to go the same way), just don't be fooled into thinking that this will make your traffic more secure against official US snooping.

I know, for most readers of this comment this is obvious - but not for the general public. The just see the shiny lock icon or green address bar and think they're "safe."

1
2

Secure web? That'll cost you, thanks to Mozilla's HTTPS plan

Frank Bitterlich
FAIL

This site is best viewed...

... with any browser other than Firefox.

Will be fun to see these statements popping up again just like in the old days.

Oh, and good luck trying to upgrade all these appliances with their built-in webservers to support HTTPS.

13
1

'Logjam' crypto bug could be how the NSA cracked VPNs

Frank Bitterlich

"Export" grade...

See... and you thought prohibiting the export of <del>working</del> strong encryption in the 1990s would never pay off...

2
0

Security bods gagged using DMCA on eve of wireless key vuln reveal

Frank Bitterlich

Re: Man up

The DMCA is a rather large piece of regulation. It contains both the takedown notice mechanism (the Online Copyright Infringement Liability Limitation Act, which I guess is what you're referring to) and the WIPO Copyright and Performances and Phonograms Treaties Implemention Act, which makes it illegal (criminal) to circumvent copy-protection measures and such. There is no "DMCA order" involved here; it's just that the attorneys are threatening that what IOActive plans to do would be a criminal act.

That's the way I understand this whole issue.

8
1

Apple Watch WRISTJOB SHORTAGE: It's down to BAD VIBES

Frank Bitterlich
WTF?

Obsolete? Upgrade?

Looks like Apple didn't send a batch of free watches to The Reg or iFixit. That would explain the weird arguments like "not offering an upgrade program". What was the last watch you bought that comes with a way to "upgrade" it? Or which smartphone, even (other than upgrading the software)?

And sure, if you can't upgrade it, it must be "obsolete" in 10 years. "Unlike most watches", of course. Who makes that stuff up? Any digital watch technology is outdated after 10 years (oh, and mechanical watch technology too, btw.) Would you call a chronograph built 20 years ago "obsolete" and toss it into the trash? Because you can't "upgrade" it? OTOH, Apple's watch is more closely related to a smartphone than to a watch, and of course you can (hardware-)upgrade smartphones. Right?

Reg, your Apple-bashing is funny up to a certain point, but at some point it's enough already.

2
15

Dell System Detect update vulnerability exposed

Frank Bitterlich
Holmes

What's wrong with that?

What's wrong with that?

What is wrong with that is that the average Dell customer won't ever visit the Dell website and run the DSD.

Do I really want patches applied to my servers without a chance to review them?

Nope, but you want at least a notification that a patch is available that fixes a quite serious vuln without having to active look for updates.

10
1

BT Home Hub SIP backdoor blunder blamed for VoIP fraud

Frank Bitterlich
FAIL

Blame Game

I wonder why so much focus is put on the part that the router was meant for home use and not SMB. Would that have made a difference if it were a home network (not a few people use Asterisk PBX at home too) ? Yes, one difference: The SIP passwords would more likely have been "123456" instead of 256 bit.

Also, there are more than enough valid reasons to use SIP on the same subnet. One of them being that you might want to use software-based SIP clients.

To me, the router is broken. A firewall is not a firewall if it doesn't obey its configuration. And enabling UPnP funtionality when UPnP is off (if it is true that the router actively searched for a SIP device, then it's probably not really UPnP, but even more troubling), in my eyes, is "broken" too.

"Sure, Sir, that belt you just bought doesn't work, but it's you own fault that you didn't wear suspenders too."

11
1

EU creative collection agencies want YouTube et al to pay their wages

Frank Bitterlich

Re: Organised crime is in the wrong business

That is exactly what the collection agencies are asking themselves these days; they slowly become aware that they are not the only way any more for an author to earn money with their works. So, in order to protect their income and power, they lobby the MEPs to create a law that effectively disowns the artists by forcing them to sell their works exclusively through them.

And it looks like they'll win; after all, they're "protecting" the artists from "exploitation". That's so somple that every MEP and even "H-Dot" will understand that.

1
0

Storm gathers around CDN Cloudflare after doxxing allegations, Pirate Bay deal

Frank Bitterlich
Terminator

I wonder...

... how compatible it is with the DMCA rules to make a complainant accept arbitrary conditions in order to "accept" a complaint.

"By submitting this complaint, you agree to your SSN and credit card details being sold on a chinese black market website. And also, we sign you up to our newsletter."

2
0

Keyless vehicle theft suspects cuffed after key Met Police, er, 'lockdown'

Frank Bitterlich
Meh

Keyless Vehicle Theft...

This story has a less technical viewpoint than expected (for me at least). "Keyless Vehicle Theft" means theft without a key (which I'd guess covers at least 95% of all car thefts). Not necessarily a keyless car. While the Met police article links to another one on the methods of stealing keyless cars, I'd guess this is the exception rather than the rule.

So, read "keyless" as "jamming a screwdriver into the ignition lock" rather than "mad scientist cracks OBD encryption key using an abacus and duct tape" in most cases.

I still wonder how complicated it really is to forge wireless keys from the available data (via OBD).

4
0

IBM drops patent bomb on Priceline.com

Frank Bitterlich
Terminator

Re: Surprising

Yep... "Success Starts Here"...

"... and if you have finally succeeded, we'd like to have the money you have earned. Thank you."

0
0

Bitcoin trade biz MyCoin goes dark, investors fear $387 MEEELLION lost

Frank Bitterlich
WTF?

Does not compute...

Can anybody enlighten me on how anybody who has been on this planet for longer than six weeks would ever invest large sums of money into a Hong Kong-based sub-company of another company that has a "sole director" (who apparently does more successful business on Virgin Islands), promises extraordinary large gains, and that requires you to bring new marks into the game (sorry, "sign up new investors") in order to get your money back?

And how these people have made a fortune (apparently) while being that stupid? I mean, come one, they cannot *all* have inherited their wealth, can they? Lottery winners, maybe?

7
0

Download alert: Nearly ALL top 100 Android, iOS paid apps hacked

Frank Bitterlich
Childcatcher

Metrics?

I suspect that what they do is to scan the black app markets for anything malicious that uses the name or look of any of the top apps, and if they find one, voilá, "WhatsApp has been HACKED!!!111!!!"

Try to offset the actual number of malicious or really "hacked" instances of downloads to the total number of (legit) downloads of those top 100 apps, and come back when you have real numbers. Thank you.

I'll take that report for what it is: advertising disguised as a "press release."

15
2

Heatmiser digital thermostat users: For pity's sake, DON'T SWITCH ON the WI-FI

Frank Bitterlich
Alert

Re: Where are the crims?

Read the article again - it reveals the WiFi credentials.

1
0

Malware gets your Android blabbering to HACKERS

Frank Bitterlich

Zero permissions?

I admit that I'm clueless when it comes to Android, but can a "zero permissions" app really initiate a phone call? If that is the case, then this Speak'n'Steal attack appears to be not the only security problem...?

2
0

Voteware source code requester labelled 'vexatious'

Frank Bitterlich

"Freedom" of Information...

... funny what a name can do. Most "FOI" laws are actually the opposite - a means to prevent disclosure of information. It gives the public bodies a "tick all that apply" list of excuses on why it won't disclose anything. I wonder what judicial oversight is on this process; a potentially wrong election result vs. "commercial sensitivity" –– guess which one wins...

"This government was brought to you by ACME Inc."...

2
0

PEAK APPLE: Mystery upstart to hurl iLord from its throne 'by 2020'

Frank Bitterlich
Facepalm

Really? Again?

That would be the Apple Death Knell™ #65, right?

"In other news, Fred Wilson announces new startup that has something to do with the cloud and does think about data."

15
0

China funds devs to write smog-clearing vidcam code

Frank Bitterlich
WTF?

Visibility - WTF?

"...that if visibility is reduced to three metres, [...] even top end cameras couldn’t see beyond 10 metres."

No, dude. If the visibility is reduced to three metres, then top-end cameras can't see beyond 3 metres. That's what "visibility" means. OTOH cameras tend to be mounted a bit higher than eye level which sometimes improves visibility in smog a tiny bit.

But to me the idea of improving visibility by software sounds a bit like "24": "Can you zoom in a bit on that pre-recorded QVGA CCTV picture?" - "Sure, here it is, I've converted it to 4k resolution for you. Would you like me to switch on 3D?"

2
1

Azerbaijani election app announced winner before polls even opened

Frank Bitterlich
Thumb Up

Works as designed

A good voting app should show the results as soon as they have been determined. If the results have been <del>fixed</del> determined that early, why not let the public know... The OECD will be impressed with this level of transparency.

2
0

Airbus imagines suitcases that find themselves

Frank Bitterlich
Terminator

So just to make sure I get it right...

... the traveller is supposed to (a) pay a premium and (b) *list* the contents of their luggage (guys, looks like you need to add a few fields to the Passenger Name Record), and as a reward the airline won't lose your luggage. Or at least, they'll notice when they do.

"What a nice suitcase you have... would be a shame if anything happened to it, no? How about joining our new RFID-tagging program for a small fee, and we'll make sure nothing... "bad"... happens to your luggage...?"

0
0

Higgs data shows alternate reality will SWALLOW UNIVERSE

Frank Bitterlich
Alien

Some people think it has happened already...

... or are there other explanations for the fact that I actually had to browse to the _second_ page of comments to find the first Hitchhiker reference?

0
0

Tennessee bloke quits job over satanic wage slip

Frank Bitterlich
Trollface

Want to make this guy go mad?

Anybody want to mail him this URL?

http://www.google.com/search?q=Slonopas+666

He'll probably sue Google afterwards.

0
0

Data cop slap for Brit text pests

Frank Bitterlich
Facepalm

Some Math...

OK, if they really sent out up to 840k messages per day (which seems a bit high to me), let's assume they did on average 100k messages per day and operated this for, say, one year, roughly 200 days (without the weekends and such). That makes some 20 million illegal text messages. A fine of 440k makes the steep price of £0,000022 per message. This is probably less than 1% of what they paid their operator.

So that's what "new powers to levy heavy fines" means. That will teach them. They will probably never do this again.

0
0

Conmen swipe 100,000 Brits' sensitive info in UK.gov fraud bid

Frank Bitterlich
WTF?

No purpose?

So, "relevant authorities" said that "no purpose was served by notifying members". Oh, OK then. After all, they are authorities, and relevant. So they must know best. After all, who wants to know that crooks have lifted your debit card details and all kinds of personal info...

Unbelievable.

0
0

Windows Phone 8 has a secret feature which may activate at any time

Frank Bitterlich
Thumb Up

Great idea...

"... or record how someone connects manually for the benefit of other users."

I don't see what could go wrong with that technique... until one day a not-so-public, not-so-free Wifi AP somehowm manages to get onto their list of "Wifi Hotspots" and <del>snitches</del> records the login of some poor soul.

0
0

Iran X.25 terrorists actually BANKERS

Frank Bitterlich
Facepalm

Not the best "naming convention"?

Well, duh, it's called a "language", not "naming convention." Get yourself a Farsi dictionary, Mr. Kemp.

6
0

Feds charge US firm with smuggling illegal military tech to Russia

Frank Bitterlich
Big Brother

So, they were "stealing"...

.. the kit, not buying it, for export?

"The defendants tried to take advantage of America’s free markets to steal American technologies for the Russian government."

Well, the music industry has already tought us that "stealing" does not mean "take something away from someony without paying", but rather "buy something, pay for it, and then do something with it that the seller [or a third party] doesn't like." Looks like the DoJ likes this particular piece of newspeak.

Next up: Classify the purchase and smoking of Cuban cigars as "arson". Or, better yet, as "terrorism".

0
0

Defective PCB cleaner cans could inflict eye injury

Frank Bitterlich
Boffin

Messy affair

I once had a can (same stuff of a different brand) exploding due to corrosion on the bottom edge of the can (apparently caused by the leaked stuff slowly eating away on the can's paint.) Anyway, the artful pattern on the wallpaper in my living room was a thing to behold.

It happened at night, though, so my eyes are still fine. Anyway, since then I keep that can in a plastc bage when not in use, just to be sure.

0
0

Dropbox blames staffer's password reuse for spam flood breach

Frank Bitterlich
Thumb Up

Re: How about this for an idea

Sounds like a good idea. Make sure you tell the folks over at Dropbox...

1
0

Advertisers slam Microsoft over 'Do not track' decision

Frank Bitterlich
Big Brother

Wait a minute...

... did I read that right? "the advertising world would regulate itself and honor "Do not track", so long as browser manufacturers didn't make it a default setting"...?

In other words, when browser makers are starting to enable privacy by default, the ad industry sees that as a license to ignore user privacy preferences completely?

If you need any more reasons than that to enable DnT and privacy modes globally, you must be working at the Facebook HQ.

1
0

SETI experiment succeeds: fails to find aliens

Frank Bitterlich
Coat

Poor choice...

... to include the Parkes radiotelescope in that system. It's known to pick up terrestrial, umm, "interference"... for example, from handheld radios - as shown in the movie "The Dish".

0
0

Page:

Forums