Feeds

* Posts by Dennis

228 posts • joined 23 Mar 2007

Page:

Under the microscope: The bug that caught PayPal with its pants down

Dennis
WTF?

What about the testing ?

PayPal must have had their system independently tested.

So who were the incompetent penetration testers who missed this flaw. It's easy ... time consuming, but easy. Put strange values into every field and watch for unusual responses.

1
1

Brit firm PinPlus flogs another password 'n' PIN killer

Dennis
Stop

Re: Possible attack?

Actually, a MITM attack works first time. The stupid JavaScript doesn't send the position of the pictures selected it sends the number assigned to each picture. When I tried it at www.realuser.com my browser always sent 000600100019.

0
0
Dennis
Thumb Down

Re: At least 15 years ago

Well, I've just tried the demo available at www.realuser.com. I hope a real system isn't like the demo 'cos it's rubbish. I tried logging in several times and every time my browser sent the same data to the server ... the number 000600100019.

The JavaScript doesn't even send the position of the pictures (which will change each time). This dumb application merely replaces digits with pictures. While this may be easier to remember, it is vulnerable to a replay attack as it's the same data every time.

0
0

WWII HERO PIGEON crypto message STUMPS GCHQ boffins

Dennis
Alien

And the other bits ...

No mention has been made of other parts of the message.

Why does it include a "Time of origin 1522" yet the Originator's Date is left blank? Could they be certain the pigeon would arrive home the same day ... unlikely. Could the date be taken from other messages ... unlikely, why would those message be certain to arrive. Could the date be in the encrypted text ... possibly, but why not encrypt the time. Why was the time important, but not the date?

What does the "1525/6" mean? Is it just coincidence that 1522 (time of origin) is close to 1525. Is it a time and date ... 15:25 on the 6th. Is it a reference number of the encryption scheme ... pad number and page.

What is the bit that looks like "lile 1625"?

Why is it written with two different colours?

Why is it written by two different people? The "time of origin 1522" and "1525/6" are different from the "lile 1625".

The message is on a pre-printed form. Presumably the message follows a standard format. These other parts of the message should have a standard meaning ... what are they?

1
0
Dennis
Facepalm

serial killer

"we may be dealing with a serial killer"

Ahem. Cereal killer.

0
0

UK judges quietly declare text chat can be obscene

Dennis
Thumb Down

Re: this could be serious - and it's not about pr0n

Just because a communication between two people counts as "published" (for the Obscene Publications Act) it doesn't automatically mean that the material was obscene. There is existing case law where the interpretation of "obscene" has depended on the actual or intended recipient of the material. There existing cases where the recipients were deemed to be of a sufficiently robust nature that the material would not deprave or corrupt them and thus it was not obscene.

I suspect GS was given the wrong advice. He should have continued to plead not guilty and allowed a jury to decide whether the one recipient was going to be depraved or corrupted by the material. I imagine there was a preceding dialogue that would demonstrate that the recipient was a like minded individual and hence not corrupted by the material.

Of course, it's possible that the material fitted within some definition of child pr0n. But if that was the case then some other legislation should have been used rather than the Obscene Publications Act.

7
0

Join the gov consultation on net porn ... and have your identity revealed

Dennis
Facepalm

Re: Still not working

"The cookies I got were CFID=4947952 and CFTOKEN=84546187 so it could be that they aren't using particularly unique identifiers."

These are the values in the URL given by eL Reg in the original article.

0
0

Flying dildo downs Oz stag party bloke

Dennis
Pint

Could have been worse ...

"Most dildos don't have sharp edges."

Wasn'tt the Rev Shayne stabbed to death with a dildo in Crimes of Passion?

0
0

SWAT team besieges Illinois school in 'butt dialling' incident

Dennis
Coat

Does my bum look big in this?

Does my bum look big in this?

... "this" being America.

Mine's the coat styled to cover a lardie-arse.

0
0

Primary school miss flashes porn vid at kiddies

Dennis
Troll

Title please

I think we deserve to be told the title of the film, then we can judge just how inappropriate the material was.

Or was it a home movie production?

0
0
Dennis
Joke

Re: That "is" an impressive pic of her...

I thought it was very enlightened and inclusive (or do I mean weird) that a Church of England school would employ someone who wears a burka.

0
0

Apple I goes for twice the price of an Enigma

Dennis
Welcome

Re: Oh jeebers....

While it would be nice to think that the Enigma should fetch more than the Apple 1 this doesn't reflect either the significance or scarcity of the items.

There were only 200 Apple 1 machines made and I doubt if there are more than a handful still in existence. Thousands of Enigma machines were made and I expect more have survived than the Apple 1.

Both machines had a significant impact on the 20th century. The widespread use of Enigma and its flaws may have changed the outcome of WW2. While the Apple 1 may have triggered the personal computer revolution. Both items have had a profound impact and lead to the world we see today.

3
1

BOFH: Look out!

Dennis
Coat

Re: Good One Simon

"how would you make sure the beer was cold and the Bhaiji's hot"

That's what Thermos flasks are for. They keep hot things hot and cold things cold.

At the moment I've an ice cream and two cups of coffee in mine.

3
0

Shell's London office UNDER WATER and besieged by GIANT EELS

Dennis
Joke

Catching eels

How are they going to catch the eels that have invaded the building ?

If the radio series is a guide then they need to hire some elephants.

http://www.bbc.co.uk/programmes/b00fkh25

0
0

LucasFilm sets lawyers on Jedi nameswipers

Dennis
Alien

Ask LucasFilm so you must

My name also to use ask LucasFilm so you must.

Yodaphone cannot they be, so Vodafone become they must.

0
0

Airline ejects passenger for being hungry

Dennis
Coat

Re: When's the last time...

Remember, never travel with anyone called John (nickname Jack). You'll be arrested when you trry to greet them.

And never travel anywhere if you're about to marry someone called Juanna.

1
0

'Holland wins World Cup' declares CBSNews

Dennis
Black Helicopters

Beauty is truth

Remeber, truth is beauty and beauty is truth.

Real life isn't beautiful and threfore cannot be true.

So if The Netherlands winning is a more beautiful result it must be true.

Anyway, the American's aren't known for maintaining historical accuracy. C.f. the film U-571. If the American's want to believe that The Netherlands won, then it must be true. Just like Saddam and his weapons of mass destruction.

2
0

Blunkett threatens to sue for £30 ID card refund

Dennis
Big Brother

Re: Entitlement?

"He wanted an "entitlement card", eh?"

Now why did I read that as "Internment Card" ?

I am not a number, I am a free man.

If they give me a number I am prisoner.

1
2

ISS snapped transiting Sun

Dennis
Black Helicopters

That's not the ISS

I've looked at the image and I don't think it's the ISS.

I wondered if it was a black helicopter.

But, no, I've decided ... it's Santa, Rudolf et al off on their summer holiday.

1
0

Mucky private chat could be illegal soon

Dennis
FAIL

Re: Due to reporting restrictions, we are unable to give any further details...

This is no different from any other case in England. The fundamental freedom is the right to a fair trial. Trials should be conducted in court and not in the presss.

While a case is before a court (sub judice) it is inappropriate to comment on the details of the case. Such comments could prejudice the case and be contempt of court

7
2

Data Locker 1TB AES-encrypted external hard drive

Dennis
FAIL

Re: A cheaper/cuter option?

"Spotted these guys at Infosec, http://tinyurl.com/28×49mj,"

I couldn't get this URL to work for me.

What's the real URL?

0
0
Dennis
Pirate

Re: First drive with minimal standards so far

Other hardware based encrypted drives have been around for a while.

One example is http://www.ioraid.com/

This uses a hardware token with the encryption key. If the token's not present when you power on the drive it doesn't appear on USB .... don't know about Firewire.

Again, expensive, but the drive seems fast, doesn't need any effort from the host system, and does have both USB and Firewire interfaces.

I'd like to see an El Reg review.

0
0

Kent police bring obscenity charge over online chat

Dennis
Flame

corrupt

"a publication is obscene if its overall effect is to 'tend to deprave and corrupt persons who are likely ... to read, see or hear' it"

So that would include the rules for MP's expenses then. Many MPs have certainly been corrupted by rules for expenses. Although I'm not sure they've all become depraved.

2
0

iPhone users suffer summer appointment chaos

Dennis
Boffin

Re: Apple should fix that

"DST is more trouble than it's worth. It should be boycotted, who's with me?"

Excellent idea.

But let's go one better and do away with all time zones. Everyone uses GMT.

Then the UK works 9am-5pm, Europe 8am-4pm, New York 2pm-10pm and so on. No more worrying about what time to ring the US office .... I want to ring the LA office and I know they work 5pm-1am. Easy.

6
0

Flood, fire at BT Paddington node causes widespread problems

Dennis
Joke

Re: Redundancy

"Lucky they have reduncancy built-in"

Of course they have redundancy .... or has BT stopped handing out P45s ?

3
0

London council loses thousands of kids' details

Dennis
WTF?

Re: did you read the story past the headline?

"Wow are you seriously suggesting that those with access to the data should be trained to read encrypted data directly?"

Not only that, any letters will have to printed with the personal details encrypted. We all know that names and addresses should be kept away from the prying eyes of the Post Office.

0
0

Muso turfed off train for 'suspicious' set list

Dennis
Headmaster

Paper !

Remember paper is a really dangerous and vicious weapon. Just think how many paper-cuts you can inflict with a carelessly wielded piece of paper. And we all know that paper beats stone in a contest.

0
0

'Health and safety killjoys' kill cheese-rolling race

Dennis
Alien

Radio 4

The organiser of the event was interviewed on Radio 4 this morning.

Yes, the problem is with the number of people who turned up to watch creating a concern for public order and health and safety. Even that wasn't the reason to cancel this year's event.

The proposal is to make it a ticket-only event (like many other gatherings). To control the numbers of people attending the organisers need to close off the land and control access. Unfortunately, Coopers Hill is common land with public footpaths. These can't be closed (even for one day) without the necessary permissions. Closing the common land and footpaths requires permission from councils. There isn't time to get the paperwork sorted for this year's event. So, ultimately the problem is bureaucracy.

As the organiser admitted: a victim of its own success.

0
0

Argos buries unencrypted credit card data in email receipts

Dennis
Gates Horns

Re: Good point

I doubt if the CVV codes persist. Except in the email. It's probably a monolithic application that writes some details for order shipping to one database, payment details to another database, generates and confirmation email and ends.

This looks like development code that was not removed.

I'm testing my shiny new application. I want to know exactly what values are being processed. I know, I'll copy all the user's input into hidden fields in the email. Solved.

Waddyamean I should have removed the diagnostic code?

0
0

Oz censorship debate censored on Comms minister's website

Dennis

Words, words, words

Time to try a lot of other variants.

Filtering, filter, cyber filtering, Internet filtering and so on. If this cloud is automated it must be possible to get some embarrassing words into the list before they're caught.

0
0

UK.gov IT minister makes open source gaffe over browsers

Dennis
Pint

not Microsoft

But surely "open source" is a synonym for "not Microsoft".

So, to please the fanboyz the Minister should add Safari to the list.

1
0

Racist content on US server 'within UK jurisdiction'

Dennis
FAIL

Re: Ugh.

"So if I publish something on my private, globally diverse server system, that nobody but me has access to, I could be held in account for that material"

Read the article again.

The penultimate paragraph says:

"the material was generally accessible to all or available to or was placed before or offered to the public "

So in what way does publishing something in private make it generally accessible?

0
0

BOFH: The PFY Chronicles

Dennis
Alien

Am I dreaming

Is there going to be a Bobby Ewing moment and this is all a dream?

Or is it shades of Reggie Perrin's friend and time to collect the compo.

0
0

Vote, vote, vote for Barbie the computer engineer

Dennis
Big Brother

Cabling Engineer

In some places this might be called cable monkey, though in Barbie's case cable bunnie may be apt.

Then she'd need all the necessary protectives ....

A backless, topless boiler suit,

And high-heeled hobnail army boots.

1
0

'Peeping Tom' caught on own camera

Dennis
Pirate

Re: 44 year old man arrested

Time to get a picture of ASBO boy down the road. A little adjustment to make it look like a self picture before installation. Then tuck the camera into the changing room ceiling. One more troublemaker off the streets.

0
0

TfL deploys privacy-busting voyeurcam

Dennis
Paris Hilton

the new Tate Modern

Perhaps it's just a new Tracy Emin installation.

Although it does look like someone lying on their side reading a book.

0
0

Gang sentenced for UK bank trojan

Dennis
Joke

Re: I Don't Believe It!

£140,000 that's just a rounding error on Fred the Shred's payoff.

0
0

Large Hadron Collider scuttled by birdy baguette-bomber

Dennis
Alien

A bird ?

Are you sure the baguette bomb wasn't thrown by the scaly hands of our lizard overlords?

They don’t want us to find the secrets of black holes, hyperspace, time travel and the real nature of god.

0
0
Dennis
Black Helicopters

Baguette bomb

Are you sure it was only bits of baguette that were found? Could this have been a suicide baker recruited by the Taleban?

0
0

Upminster top for tupping on UK bonkmap

Dennis
Joke

Location, locaton, location

Does Upminster count as Essex?

If you laid all the Essex girls end-to-end no one would be surprised.

0
0

Dallas cops fine drivers for 'not speaking English'

Dennis
Joke

Merkins

a ticket for "not speaking English"

Ha,ha,ha,ha,ha. ROTFL.

I doubt if the rookie cop speaks English either. Not for him such words as burgled, petrol, bungalow and caravan.

0
0

Barnes & Noble whips out Nook e-reader

Dennis
Paris Hilton

Nook-e meets Haynes

If it's a Nook-e reader then will technical manuals have to read like this example I found.

"As he stared at her ample bosom, he daydreamed of the dual Stromberg carburetors in his vintage Triumph Spitfire, highly functional yet pleasingly formed, perched prominently on top of the intake manifold, aching for experienced hands, the small knurled caps of the oil dampeners begging to be inspected and adjusted as described in chapter seven of the shop manual."

0
0

Large Hadron boffin hit with terrorism charges

Dennis
Pirate

Re: Oops.

I agree.

A few years ago I was chatting with the fire brigade liaison officer from one of the London hospitals. They were planning to remove a cobalt-60 source. The fire brigade said that if the flask was damaged they would impose a 1 mile exclusion zone.

0
0

Gov demand for Governator to terminate PunterNet

Dennis
Joke

Re: Where the hell are the IRA when you need them?

"The more I hear from Nuremberg^WBrighton, the more I'm beginning to think that assassination as a political tool might have some mileage in it yet."

Well, to put it absolutely bluntly. Confidential investigations have revealed the existence of certain documents whose providence is currently unestablished but whose effect if realised would be to precipitate a by-election.

What do you mean?

You're on a death list Minister.

[Yes, Minister - Series 2 episode 7]

0
0

Italian Job sat nav driver cops £900 fine

Dennis
Alien

Lemmings

Don’t you realise that SatNavs are sentient creatures. This one was obviously tired of life (it had been to London too many times). It had heard about lemmings and decided to leap off a cliff.

Mr Jones should take his SatNav for a restful holiday in Morocco where the navigating instructions are much simpler.

http://www.telegraph.co.uk/comment/letters/3605343/Taken-for-a-ride.html

0
0

BOFH: Trussssst in me

Dennis
Dead Vulture

Waddyamean ?

Waddyamean "Beancounters and bricks don't mix" ?

Yes they do. I've seen it with my own eyes when they were pouring the foundations for the motorway.

It was late at night and I was on my way home from the pub. I saw this cement mixer full of bits of brick and beancounter empty its load into the trench for the foundations. Trust me.

0
0

RBS WorldPay downplays database hack reports

Dennis
FAIL

More of the same

A year ago we discovered that RBS had failed to keep effective and responsible control of its finances. Why should we expect any different behaviour with data?

0
0

Disgruntled parrot lays into copper

Dennis
Coat

Where's the IT angle?

Pieces of one. Pieces of one.

What's that?

It's a parroty-bit.

0
0

Southampton Uni slaps IP notice on FOI requests

Dennis
Happy

Re: So ...

"sounds like SU is trying to spread FUD"

Maybe. But isn't it simpler to have a uniform policy to reserve the copyright etc in all documents rahter than trying to create a list of which documents do and don't require IP control. It avoids the opportunity of junior staff making the wrong decision.

In a similar way the civil service should use encrypted media for all documents rather than saying the canteen menu can be unencrypted while the tax credits database must be encrypted.

0
0

CRB checks can take years to complete

Dennis
Terminator

Think about the children

With an increased number of checks won't the queue get longer?

Methinks it's time to submit a CRB application on behalf of your child as soon as they are born.

0
0

Page: