228 posts • joined 23 Mar 2007
What about the testing ?
PayPal must have had their system independently tested.
So who were the incompetent penetration testers who missed this flaw. It's easy ... time consuming, but easy. Put strange values into every field and watch for unusual responses.
Re: Possible attack?
Re: At least 15 years ago
Well, I've just tried the demo available at www.realuser.com. I hope a real system isn't like the demo 'cos it's rubbish. I tried logging in several times and every time my browser sent the same data to the server ... the number 000600100019.
And the other bits ...
No mention has been made of other parts of the message.
Why does it include a "Time of origin 1522" yet the Originator's Date is left blank? Could they be certain the pigeon would arrive home the same day ... unlikely. Could the date be taken from other messages ... unlikely, why would those message be certain to arrive. Could the date be in the encrypted text ... possibly, but why not encrypt the time. Why was the time important, but not the date?
What does the "1525/6" mean? Is it just coincidence that 1522 (time of origin) is close to 1525. Is it a time and date ... 15:25 on the 6th. Is it a reference number of the encryption scheme ... pad number and page.
What is the bit that looks like "lile 1625"?
Why is it written with two different colours?
Why is it written by two different people? The "time of origin 1522" and "1525/6" are different from the "lile 1625".
The message is on a pre-printed form. Presumably the message follows a standard format. These other parts of the message should have a standard meaning ... what are they?
"we may be dealing with a serial killer"
Ahem. Cereal killer.
Re: this could be serious - and it's not about pr0n
Just because a communication between two people counts as "published" (for the Obscene Publications Act) it doesn't automatically mean that the material was obscene. There is existing case law where the interpretation of "obscene" has depended on the actual or intended recipient of the material. There existing cases where the recipients were deemed to be of a sufficiently robust nature that the material would not deprave or corrupt them and thus it was not obscene.
I suspect GS was given the wrong advice. He should have continued to plead not guilty and allowed a jury to decide whether the one recipient was going to be depraved or corrupted by the material. I imagine there was a preceding dialogue that would demonstrate that the recipient was a like minded individual and hence not corrupted by the material.
Of course, it's possible that the material fitted within some definition of child pr0n. But if that was the case then some other legislation should have been used rather than the Obscene Publications Act.
Re: Still not working
"The cookies I got were CFID=4947952 and CFTOKEN=84546187 so it could be that they aren't using particularly unique identifiers."
These are the values in the URL given by eL Reg in the original article.
Could have been worse ...
"Most dildos don't have sharp edges."
Wasn'tt the Rev Shayne stabbed to death with a dildo in Crimes of Passion?
Does my bum look big in this?
Does my bum look big in this?
... "this" being America.
Mine's the coat styled to cover a lardie-arse.
I think we deserve to be told the title of the film, then we can judge just how inappropriate the material was.
Or was it a home movie production?
Re: That "is" an impressive pic of her...
I thought it was very enlightened and inclusive (or do I mean weird) that a Church of England school would employ someone who wears a burka.
Re: Oh jeebers....
While it would be nice to think that the Enigma should fetch more than the Apple 1 this doesn't reflect either the significance or scarcity of the items.
There were only 200 Apple 1 machines made and I doubt if there are more than a handful still in existence. Thousands of Enigma machines were made and I expect more have survived than the Apple 1.
Both machines had a significant impact on the 20th century. The widespread use of Enigma and its flaws may have changed the outcome of WW2. While the Apple 1 may have triggered the personal computer revolution. Both items have had a profound impact and lead to the world we see today.
Re: Good One Simon
"how would you make sure the beer was cold and the Bhaiji's hot"
That's what Thermos flasks are for. They keep hot things hot and cold things cold.
At the moment I've an ice cream and two cups of coffee in mine.
How are they going to catch the eels that have invaded the building ?
If the radio series is a guide then they need to hire some elephants.
Ask LucasFilm so you must
My name also to use ask LucasFilm so you must.
Yodaphone cannot they be, so Vodafone become they must.
Re: When's the last time...
Remember, never travel with anyone called John (nickname Jack). You'll be arrested when you trry to greet them.
And never travel anywhere if you're about to marry someone called Juanna.
Beauty is truth
Remeber, truth is beauty and beauty is truth.
Real life isn't beautiful and threfore cannot be true.
So if The Netherlands winning is a more beautiful result it must be true.
Anyway, the American's aren't known for maintaining historical accuracy. C.f. the film U-571. If the American's want to believe that The Netherlands won, then it must be true. Just like Saddam and his weapons of mass destruction.
"He wanted an "entitlement card", eh?"
Now why did I read that as "Internment Card" ?
I am not a number, I am a free man.
If they give me a number I am prisoner.
That's not the ISS
I've looked at the image and I don't think it's the ISS.
I wondered if it was a black helicopter.
But, no, I've decided ... it's Santa, Rudolf et al off on their summer holiday.
Re: Due to reporting restrictions, we are unable to give any further details...
This is no different from any other case in England. The fundamental freedom is the right to a fair trial. Trials should be conducted in court and not in the presss.
While a case is before a court (sub judice) it is inappropriate to comment on the details of the case. Such comments could prejudice the case and be contempt of court
Re: A cheaper/cuter option?
"Spotted these guys at Infosec, http://tinyurl.com/28×49mj,"
I couldn't get this URL to work for me.
What's the real URL?
Re: First drive with minimal standards so far
Other hardware based encrypted drives have been around for a while.
One example is http://www.ioraid.com/
This uses a hardware token with the encryption key. If the token's not present when you power on the drive it doesn't appear on USB .... don't know about Firewire.
Again, expensive, but the drive seems fast, doesn't need any effort from the host system, and does have both USB and Firewire interfaces.
I'd like to see an El Reg review.
"a publication is obscene if its overall effect is to 'tend to deprave and corrupt persons who are likely ... to read, see or hear' it"
So that would include the rules for MP's expenses then. Many MPs have certainly been corrupted by rules for expenses. Although I'm not sure they've all become depraved.
Re: Apple should fix that
"DST is more trouble than it's worth. It should be boycotted, who's with me?"
But let's go one better and do away with all time zones. Everyone uses GMT.
Then the UK works 9am-5pm, Europe 8am-4pm, New York 2pm-10pm and so on. No more worrying about what time to ring the US office .... I want to ring the LA office and I know they work 5pm-1am. Easy.
"Lucky they have reduncancy built-in"
Of course they have redundancy .... or has BT stopped handing out P45s ?
Re: did you read the story past the headline?
"Wow are you seriously suggesting that those with access to the data should be trained to read encrypted data directly?"
Not only that, any letters will have to printed with the personal details encrypted. We all know that names and addresses should be kept away from the prying eyes of the Post Office.
Remember paper is a really dangerous and vicious weapon. Just think how many paper-cuts you can inflict with a carelessly wielded piece of paper. And we all know that paper beats stone in a contest.
The organiser of the event was interviewed on Radio 4 this morning.
Yes, the problem is with the number of people who turned up to watch creating a concern for public order and health and safety. Even that wasn't the reason to cancel this year's event.
The proposal is to make it a ticket-only event (like many other gatherings). To control the numbers of people attending the organisers need to close off the land and control access. Unfortunately, Coopers Hill is common land with public footpaths. These can't be closed (even for one day) without the necessary permissions. Closing the common land and footpaths requires permission from councils. There isn't time to get the paperwork sorted for this year's event. So, ultimately the problem is bureaucracy.
As the organiser admitted: a victim of its own success.
Re: Good point
I doubt if the CVV codes persist. Except in the email. It's probably a monolithic application that writes some details for order shipping to one database, payment details to another database, generates and confirmation email and ends.
This looks like development code that was not removed.
I'm testing my shiny new application. I want to know exactly what values are being processed. I know, I'll copy all the user's input into hidden fields in the email. Solved.
Waddyamean I should have removed the diagnostic code?
Words, words, words
Time to try a lot of other variants.
Filtering, filter, cyber filtering, Internet filtering and so on. If this cloud is automated it must be possible to get some embarrassing words into the list before they're caught.
But surely "open source" is a synonym for "not Microsoft".
So, to please the fanboyz the Minister should add Safari to the list.
"So if I publish something on my private, globally diverse server system, that nobody but me has access to, I could be held in account for that material"
Read the article again.
The penultimate paragraph says:
"the material was generally accessible to all or available to or was placed before or offered to the public "
So in what way does publishing something in private make it generally accessible?
Am I dreaming
Is there going to be a Bobby Ewing moment and this is all a dream?
Or is it shades of Reggie Perrin's friend and time to collect the compo.
In some places this might be called cable monkey, though in Barbie's case cable bunnie may be apt.
Then she'd need all the necessary protectives ....
A backless, topless boiler suit,
And high-heeled hobnail army boots.
Re: 44 year old man arrested
Time to get a picture of ASBO boy down the road. A little adjustment to make it look like a self picture before installation. Then tuck the camera into the changing room ceiling. One more troublemaker off the streets.
the new Tate Modern
Perhaps it's just a new Tracy Emin installation.
Although it does look like someone lying on their side reading a book.
Re: I Don't Believe It!
£140,000 that's just a rounding error on Fred the Shred's payoff.
A bird ?
Are you sure the baguette bomb wasn't thrown by the scaly hands of our lizard overlords?
They don’t want us to find the secrets of black holes, hyperspace, time travel and the real nature of god.
Are you sure it was only bits of baguette that were found? Could this have been a suicide baker recruited by the Taleban?
Location, locaton, location
Does Upminster count as Essex?
If you laid all the Essex girls end-to-end no one would be surprised.
a ticket for "not speaking English"
I doubt if the rookie cop speaks English either. Not for him such words as burgled, petrol, bungalow and caravan.
Nook-e meets Haynes
If it's a Nook-e reader then will technical manuals have to read like this example I found.
"As he stared at her ample bosom, he daydreamed of the dual Stromberg carburetors in his vintage Triumph Spitfire, highly functional yet pleasingly formed, perched prominently on top of the intake manifold, aching for experienced hands, the small knurled caps of the oil dampeners begging to be inspected and adjusted as described in chapter seven of the shop manual."
A few years ago I was chatting with the fire brigade liaison officer from one of the London hospitals. They were planning to remove a cobalt-60 source. The fire brigade said that if the flask was damaged they would impose a 1 mile exclusion zone.
Re: Where the hell are the IRA when you need them?
"The more I hear from Nuremberg^WBrighton, the more I'm beginning to think that assassination as a political tool might have some mileage in it yet."
Well, to put it absolutely bluntly. Confidential investigations have revealed the existence of certain documents whose providence is currently unestablished but whose effect if realised would be to precipitate a by-election.
What do you mean?
You're on a death list Minister.
[Yes, Minister - Series 2 episode 7]
Don’t you realise that SatNavs are sentient creatures. This one was obviously tired of life (it had been to London too many times). It had heard about lemmings and decided to leap off a cliff.
Mr Jones should take his SatNav for a restful holiday in Morocco where the navigating instructions are much simpler.
Waddyamean "Beancounters and bricks don't mix" ?
Yes they do. I've seen it with my own eyes when they were pouring the foundations for the motorway.
It was late at night and I was on my way home from the pub. I saw this cement mixer full of bits of brick and beancounter empty its load into the trench for the foundations. Trust me.
More of the same
A year ago we discovered that RBS had failed to keep effective and responsible control of its finances. Why should we expect any different behaviour with data?
Where's the IT angle?
Pieces of one. Pieces of one.
It's a parroty-bit.
Re: So ...
"sounds like SU is trying to spread FUD"
Maybe. But isn't it simpler to have a uniform policy to reserve the copyright etc in all documents rahter than trying to create a list of which documents do and don't require IP control. It avoids the opportunity of junior staff making the wrong decision.
In a similar way the civil service should use encrypted media for all documents rather than saying the canteen menu can be unencrypted while the tax credits database must be encrypted.
Think about the children
With an increased number of checks won't the queue get longer?
Methinks it's time to submit a CRB application on behalf of your child as soon as they are born.
- Just TWO climate committee MPs contradict IPCC: The two with SCIENCE degrees
- 14 antivirus apps found to have security problems
- Apple winks at parents: C'mon, get your kid a tweaked Macbook Pro
- Feature Scotland's BIG question: Will independence cost me my broadband?
- Driverless car SQUADRONS to hit Britain in 2015