* Posts by Pascal Monett

3704 posts • joined 10 Apr 2007

Protecting users against advanced threats and the human factor

Pascal Monett
Silver badge

There might be an other solution to this issue

Have an email system where sysadmins can assign user rights to clicking on links.

For Lusers, no rights. They get mail where links are stripped from the body.

Once a Luser has eventually proven a certain degree of intelligence (yeah, I know, but for the sake of argument, okay ?), his status can be upgraded to Under Suspicion. Links he receives are stripped and non-clickable, but he can copy/paste them manually into a browser.

If Luser Under Suspicion manages to not completely bollox everything for six months, he gets upgraded to Luser Under Surveillance. His mails get the links clickable. If he mucks up at any point, he his slapped back down to Luser Under Suspicion and now has to wait a year - oh, who am I kidding, he'll never get upgraded again.

Obvously, no Luser is ever above suspicion.

A possible variant of this scenario is links are clickable, but anything under Surveillance automatically gets a 404 in return. Gosh, the Internet is so unreliable these days. . .

0
0

Microsoft: Stop using Microsoft Silverlight. (Everyone else has)

Pascal Monett
Silver badge

Terrible analogy which demonstrates that you missed his point entirely.

A better one would be you don't visit any cafe that won't allow you to eat the cake you buy on your own plate that you bring.

1
0

In your face, US citizens! Govt can’t save you from corporate eyes

Pascal Monett
Silver badge

So Congress shows what stuff it is really made of - cotton fluff

But hey, as they say : the market is self-regulating, right ?

Right.

So that means that, if the industry is not willing to be regulated, the onus is on us to regulate it : by not buying their products.

I'm sure that, when (if?) a company brings out a product that is guaranteed to respect our security and privacy and the other companies see their market share melt like an ice cream cone on a New York sidewalk in July, then there will be changes.

The bottom line, people. Never forget the bottom line. It's up to us to bottom theirs.

In other words, a lost cause.

1
0

Script-blocker NoScript lets in ANYTHING from googleapis.com

Pascal Monett
Silver badge

Just confirms that security is YOUR business

I rechecked my whitelist options and no, nothing Google is in there anywhere.

Whenever I do install NoScript, by default I remove the existing whitelist. There is no such thing as security if you don't know what you're allowing.

NoScript is a tool, not a solution. Use it correctly and you're golden.

4
0

UH OH: Windows 10 will share your Wi-Fi key with your friends' friends

Pascal Monett
Silver badge
Mushroom

So let me get this straight

Microsoft has created a function where it slurps your passwords and stores them on its servers to pass them out to anyone who is listed as your friend when you designate them as such, and again to anyone they have as friends when they designate them as such.

If i remember correctly, we are all but 6 links away from anyone else in particular. Therefor that means that this new function makes your passwords available to practically everyone. Way to go, Microsoft !

Just an idea, though : maybe you could disable sharing passwords that you acquired by being shared them ? In other words, my friends get my password, but not their friends ?

Oh, and passwords stored on the Microsoft cloud. What could possible go wrong ?

4
1

Hide the HUD, say boffins, they're bad for driver safety

Pascal Monett
Silver badge

I suppose that infrared cameras are not blinded by visible light, contrary to the so-called night-vision cameras which enhance light.

2
0
Pascal Monett
Silver badge

"a pilot is also taught when it's safe to ignore the view outside"

Well that's pretty much any time he's flying above 10,000 feet. There are no trees, deer crossings or sudden turns at that altitude, so he can obviously concentrate on his radar or whatever else needs his eyeball attention. Whatever obstacle is coming his way is another plane, and his radar will "see" it before he does.

On the road, the first rule is Keep Your Eyes On The Road. The second rule is Respect The First Rule.

Jets may be a lot faster than cars, but cars have obstacles all around them at practically all times and one second of inattention can get you to meet one brutally.

Let's remember that the dashboard has two functions : to tell the driver how the car is doing and, if necessary, indicate what is wrong. The driver has enough to deal with what with paying attention to road conditions that can change suddenly without warning. Adding any other data to that information is putting the driver in danger of information overload.

That said, I dearly like the idea of night driving with IR-enhanced HUD display showing me the road as if it were broad daylight. But no arrows or tokens please, just the road as it is.

15
0

VPNs are so insecure you might as well wear a KICK ME sign

Pascal Monett
Silver badge
Trollface

So the good news is . . .

Stick with IPv4 and you're golden, right ?

7
1

Audit finds new flaw at US Office of Personnel Management

Pascal Monett
Silver badge
Coat

Of course. Haven't you noticed the awards ceremony every four years ?

6
0

Is that a FAT PIPE or are you just pleased to stream me? TERABIT fibre tested

Pascal Monett
Silver badge
Joke

Ipswitch ?

Are they sure their results didn't get some help from a tentacle ?

1
0

Smart meters set to cost Blighty as much as replacing Trident

Pascal Monett
Silver badge

the programme in danger of turning into a "costly failure"

No.

The programme in danger of turning into ANOTHER "costly failure".

FTFY

9
0

Windows 10 is due in one month: Will it be ready?

Pascal Monett
Silver badge

"With Windows 10, the experience will evolve"

We know.

At installation, it will race along and we will find it marvelous (those that have drunk the Cool-Aid, anyway). Over time, it will get slower, bloated and unstable. Patches will get bigger and bigger, and we'll need a terabyte disk just for the Windows folder.

We know Windows, Nadella. We've been using it since the 90's, and you've been polishing the same turd since.

But yeah, Win7/64 is the best version by far. And it's MINE. It does what I WANT. And YOU can't keep me from using it.

You can keep your "service". I will not be your cash cow.

8
4
Pascal Monett
Silver badge
Trollface

A 'puter mechanic is the guy who does percussive maintenance on your PC box when the Internet is down (aka I can't Google anymore).

11
0

Boffins set networking record with marathon 12,000 km fiber data run

Pascal Monett
Silver badge
Trollface

That's easy

They're missing 12,000km of fiber !

2
0

Humongous headsets and virtual insanity

Pascal Monett
Silver badge

Re: Not realistic enough for gaming?

The gaming industry has been confusing "realistic" with "immersive" for far too long. Yes, back in early 2000s games were still fugly blocky messes of pixels, but Syndicate was a great game, and I still remember my finger cramps after Quake marathons.

Today, we have "realistic" behemoths like COD or its counterpart which, as graphically enhanced as they are, are still sorely missing in the actual realism department, and even more in the fun department. Not to mention that I hate playing with random people - they're more often that not complete jerks. Minecraft, ugly as it is, is way more fun and immersive.

So let's lay off the realism and get back to having fun, shall we ? The graphical engines are now very much "good enough", so get cracking on immersive, please.

0
0

Gates: Renewable energy can't do the job. Gov should switch green subsidies into R&D

Pascal Monett
Silver badge

Why don't we change tack on this issue ?

Instead of worrying about terrorists and nukes, let's get reactors and cheap energy in place so as to improve EVERYONE's living standards so terrorists won't have so much misery to motivate them.

A well-fed man living a comfortable life makes a terrible terrorist - unless he's a psychopath, obviously.

3
1
Pascal Monett
Silver badge

Re: China and India ignore their pollution at OUR expense

Right.

Continue conveniently ignoring the pollution WE have created during the past century at EVERYONE's expense for OUR OWN benefit.

Hint : we live in INDUSTRIALIZED countries. China and India are industrialiZING. You can't seriously expect them to not want what we have, now can you ? Neither can you tell them to not do what we did.

0
1

That man told me to stuff a ROLE up my USER ENTRY!

Pascal Monett
Silver badge

Re: "a simple e-mail to the beancounters"

That idea is directly on par with having to send an email to IT support when your PC does not work.

The solution is not always email. The solution I employ, as a contractor, is to go the person responsible for hiring me and telling him that I can't work because I don't have a login. Cue embarrassment and a quick call to some IT person and the problem is generally solved in the hour. If I am told that I can't have login before tomorrow, I then state that I will be back tomorrow and leave because otherwise I have to bill them.

Up to now, I have never met a manager who does not prefer not being billed and getting started the next day. Personally, in these days of cash scarcity, I can't imagine a private company's department manager who would dream of paying me a day to do nothing, let alone a few weeks.

Governmental organizations are, admittedly, different. Wasting a whole morning before finally getting a working login is par for the course. If I don't even have a desk, there's generally some meeting to wait for anyway, so it's not like I don't know how to "look busy" in the meantime.

0
0

Get your WELLIES to MARS: Red Planet reveals its FROZEN BOTTOM

Pascal Monett
Silver badge

"the mysterious loss of its magnetosphere"

I thought that the loss of the magnetosphere was linked to the solidification of its core. Earth's core is still moving, Mars' isn't. I thought that was the reason.

Isn't it ?

7
0

FBI says in secret that secret spy Cessnas aren't secret

Pascal Monett
Silver badge
Big Brother

"This technology had only been used [...] five times since 2010"

Sure.

Once per year, all year.

So they're right !

1
1

US govt: Am I the only one around here who cares about DNS security and stability?

Pascal Monett
Silver badge

ICANN needs to be canned

All its personnel, and board, should be fired and replaced by an entirely new group of people who are actually concerned about making the Internet work correctly.

Burning the bridge is not always a solution, I know, but this is no longer an organization working for the community - it is a group of people systematically subverting everything they consider counter to their private interests, and such behavior should be labelled criminal and pursued as such.

The bare minimum is to get ICANN out of California. Ship them to New York or something, where they won't have it so easy in every way.

0
0

Graphene sheaths could boost processor signal speeds by 30 per cent

Pascal Monett
Silver badge

"needs more work before going into production"

Right, so I'll file that in the same folder as all those marvelous things batteries are supposed to become some time in some as-of-yet-undetermined future.

The future will be great - as soon as it gets here. Don't hold your breath.

2
0

LinkedIn reveals invitation-only bourgeois bug bounty

Pascal Monett
Silver badge

But people do expect and demand them - these days anyway. Such is the hoopla around this issue that any company not offering bounty is pointed at and sternly looked at until said company relents and starts a payout plan.

There have been too many examples of bug hunters ignored or taken advantage of to avoid this situation today.

I note with interest that LinkedIn seems to have found a way to retain the talent and avoid the chaff. I wonder if other companies will take note and copy the method - if they aren't already more or less doing the same thing.

1
0

A server apocalypse can come in different shapes and sizes. Be prepared

Pascal Monett
Silver badge
Trollface

Um, if you have to perform a restore, I do believe it would be a dead system at that point.

0
0
Pascal Monett
Silver badge
Trollface

Yeah, but then accounting refuses your requisition on the grounds that the service is already running, and you have a devil of a time getting your expenses paid when all the accounting is done manually.

0
0

Why are there so many Windows Server 2003 stragglers?

Pascal Monett
Silver badge

Don't worry. When do get pwned, it'll be all your fault anyway.

On the other hand, it may just provide a bit of entertainment to see the managers' headless chicken rush to CYA.

0
0

Go fac' yourselves: US privacy bods walk out of visage recog talks

Pascal Monett
Silver badge

"Facial recognition is used to"

provide the NSA with the complete list of people in a given area at a given time, to be plugged into the The Machine at a future time.

So, Person of Interest really was a documentary after all.

1
0
Pascal Monett
Silver badge

Re: Sad but working solutions...

Not really.

I think that it is illegal in most countries to hide your face in public.

That is why the bank robbers in films always put on their balaclavas right before going into the bank. If they walked all the way there in public, they'd be arrested long before they got to the bank door.

0
0

Flash is fallible. But you'd rather have an AFA than spinning rust

Pascal Monett
Silver badge

Re: giving up

Why give up one for the other ? With today's prices, I took both.

An Intel i7 quand core is currently 350€, and for that price you can get a nice Intel 300GB SSD to boot your system on.

Add a 3TB spinning rust SATA disk to store you work data and you're good to go.

0
0

Hacked US OPM boss: We'll fix our IT security – just give us $21 million

Pascal Monett
Silver badge

You contradict yourself

You say it's easy to fix, then you list a bunch of items and state that it "is doable with a competent IT team" - meaning you acknowledge that all that is decidedly not easy and requires expertise.

If it was easy to do, every company would have it included in whatever OS they use and it would happen automatically - like connecting to the network via Ethernet or WiFi.

But it is not easy at all, which is why most companies, even sizeable ones, do not have an intrusion detection system, do not run vulnerability scans (automated or not), nor do they have the luxury of restricting root access because most of them use IT as they use Word - as long as it works, forget about it. Hell, we can be happy if most of them have any kind of anti-virus installed.

Not that I approve that behavior, but that's what they do.

2
0
Pascal Monett
Silver badge

Re: " they would require a far bigger effort and systems in a really miserable state"

If I got the gist of the article correctly, the systems are in a really miserable state.

Too old to be secured ? What kind of cop-out is that ? You can always add a firewall in front of it, no ?

0
0

Auto-playing video ads? People love auto-playing video ads – Twitter

Pascal Monett
Silver badge

The molesting uncle

Twitter is starting to look like a molesting uncle, allowing 140 characters of service provided you accept videos to be automatically thrust down your bandwidth.

I wonder how long it will take for Twitter to decide that you don't get to turn off the auto-run feature because "their customers (ie advertisers) clamored for it".

In any case, I salute the start of Twitter's bold march into oblivion.

Can't wait for it to get there already.

1
0
Pascal Monett
Silver badge

Too late !

Now I see her face with the carving knife in hand . . .

0
0

How to hijack MILLIONS of Samsung mobes with man-in-the-middle diddle

Pascal Monett
Silver badge

Wait a minute

"The update process runs with system-level access. It unpacks the ZIP file without checking the paths of the files inside, and with full read-write permissions on the device's file system."

Um, is there a "malicious file" that uninstalls all the bloody crap that Samsung throws in on top of the stuff I need ?

Because if that's the case, tell me where to go and I'm there.

3
0

AdBlock aims to send filthy malverts on one-way LSD trip

Pascal Monett
Silver badge

"save bandwidth and improve security"

Not to be nasty or anything, but since when does a company care about ads from other companies ?

If an ad-blocker is deployed company-wide, the only logical setting is to block all ads all the time, with exceptions made for sites that detect that and play coy with their data until you allow ads again.

In that case, the decision should be made as to whether that site is important for the company or not. If not, block that site permanently.

6
3

Apple CORED: Boffins reveal password-killer 0-days for iOS and OS X

Pascal Monett
Silver badge

What are all these papers good for ?

Not knocking the work, and certainly not the results, but when these guys say that this research will be invaluable for future reference, is that really the case ?

We all know about buffer overflows, yet that door is still open in almost every new malware report. Sometimes they even concern products made by big companies who definitely know better.

This new report is bringing to light some new obscure chain of consequences that constitute a vulnerability. Great news, but who exactly is going to pore over this to understand what is going on and how to avoid it ? Security researchers, not application coders.

When I search for "good programming practice", what I find is stuff that generally concerns code clarity and maintainability, rarely security.

In the best case, there will be a mention of using fgets instead of gets in C, because buffer overflow. But the rest is all about indenting, variable name formatting, function wrapping and commenting. Nothing to do with security.

We need an easy-to-read overview of good security practices that does not just say "check your inputs" but details what to check and how to make sure. Is that available somewhere ?

9
0

Three exposed Brit's privates with sloppy survey code

Pascal Monett
Silver badge

I wonder how that went through in the meeting

Manager : Um, we're going to need some user data on the survey

Coder : Sure, I can return the IP address, the user name and the account ID

Manager : The name is good, but we'll be needing the account number as well, and the email address

Coder : But I can't hash that data securely on the client side

Manager : no problem, put it in the URL - nobody ever checks that, right ? I never do.

Coder : But that's not secure . .

Manager : We need it yesterday, so get cracking. We'll do security in the next version

2
0

'Lemme tell you about my trouble with girls ...' Er, please don't, bro-ffin

Pascal Monett
Silver badge

"US officials had apparently refused to cooperate with the probe"

Well ain't that a surprise !

No wonder they have no more leads - the path where all the leads point to has a great big NO ENTRY barrier across it.

0
0

Cortana threatens to blow away ESC key

Pascal Monett
Silver badge

Yeah, one or two.

Million.

Or is it billion ?

Because the ESC key is part of the Windows UI. It has a very specific function, coded into the Windows UI and should be automatically understood by every program using said UI - which is pretty much every application ever written for Windows.

We have been using the ESC key since Win 1 and now they want to replace it with a bloody fake helper designed to hoover up even more private information ?

Thanks for the warning - I'm staying on Windows 7.

2
1

True fact: Hubble telescope spots ZOMBIES in SPACE

Pascal Monett
Silver badge

I have long remarked to everyone that Wikipedia is the encyclopaedia that "everyone" edits.

However, with time I have to admit that it is getting better, and the editor snafus and diva issues have apparently come somewhat under control.

I don't know how cutthroat the wiki editing scene is now, nor do I have any idea if the internal kingdoms are still in place, but viewed from the outside, Wikipaedia is apparently actually useful now.

Of course, I have this opinion only on scientific pages. I still stay away from celebrity pages or pop references as much as I can.

0
0

It's 2015 and Microsoft has figured out anything can break Windows

Pascal Monett
Silver badge

What he means is "how long before somebody hacks this memory-scanning thing to turn it into his tool ?".

And that is a valid question.

5
1
Pascal Monett
Silver badge

And it is going to borgify all existing anti-virus applications.

Then if will "plug into" any app that starts up, "for security reasons".

Then it will "plug into" your mail, to do preemptive security.

Finally, it will "plug into" your bank account, for your security obviously, but there it can more conveniently send itself money every month. Because it would be so bad if something happened to your data, wouldn't it ?

All of that, of course, at the disposal of any US judge who thinks that the data might be relevant to the case he is presiding.

3
8

US Navy wants 0-day intelligence to develop weaponware

Pascal Monett
Silver badge

Probaby because if you try taking a picture like that today, you'll be shot down, then arrested, flown to Gitmo, and interrogated as to who you work for, why you did it, who were you going to sell the pics to, etc..

Oh, and then you'll get medical attention if you're still alive and need it.

3
0

Duqu 2.0: 'Terminator' malware that pwned Kaspersky could have come from Israel

Pascal Monett
Silver badge

"hacking into his firm's corporate network was a "silly" move "

Only if you think that demonstrating your level of insecurity to the world is silly.

Personally, I think it was brilliant. They got in, lounged around for weeks, if not months, and then finally got detected. They're probably analyzing activity logs now to find out why they ended up begin caught, so as to "survive" even longer next time.

This is pure gold for everyone. For the hackers, who have taken a magnificent opportunity to see their baby operate in what is supposed to be a very secure environment. For Kaspersky, who had the guts to go public on this and now has reams and reams of data to analyze and further lock down their processes and network. For the public, who once more has proof that nobody is "secure". What they'll do with that knowledge is another matter.

2
0

Teaching kids to code is self-defence, not a vocational skill

Pascal Monett
Silver badge

Re: "it was built and lost far more quickly than any before it"

You mean Alexander's Macedonian empire, right ? The one he carved out before his 30th birthday, conquering the entire known world of the time, right ?

Seems to me that one was the one fit for your sentence.

2
0

But... I... like... the... PAIN! Our secret addiction to 'free' APIs

Pascal Monett
Silver badge

Re: Report of Silverlight's death is an exaggeration

Actually, it's reports of its life that are an exaggeration.

Nothing I use anywhere is based on Silverlight. No web site I use makes any mention of it. I'm sure there are some out there, but they're beyond my horizon. It might as well be dead for all I see of it.

5
1

Paper driving licence death day: DVLA website is still TITSUP

Pascal Monett
Silver badge

I just love government projects

Especially UK ones.

Because however bad I mess things up, I always have this kind of thing to reassure me that I'm not that bad.

First day launch on the day that people absolutely needed it ? Very bad idea, and this is why. New launches are never cut-and-dried affairs (ask Blizzard, and they know what they're doing), but timing the launch with mandatory registration is just asking for trouble - which they got in spades.

There is just one thing I wonder about : is there anybody in there that learns anything from these snafus ? Seems to me that UK gov is staffed with a load of Charlie Browns. They never succeed at anything, and never get better even though they continually set themselves up for another go.

7
0
Pascal Monett
Silver badge

Re: "nothing to stop a family with two identical cars..."

Excuse me if I'm slightly confused, but if the same family has the two identical cars, then what's the use of going hog-wild with one of them and getting the other one indicted for it ? It's still them that ends up with the bill (or the Police at their door).

Your second example is better - except that speeding carries a lesser fine than sporting a license number you have no right to. When you get caught for that you're not getting fined, you're going to jail. Not worth it unless you're already a hardened criminal.

6
0

Les unsporting gits! French spies BUGGED Concorde passengers

Pascal Monett
Silver badge
Flame

Re: Economy of France

Here are your flames.

So, did you bring the sausages ?

I have the Roquefort and red wine, of course.

11
0

Power your temperature sensor with this BONKERS router hack

Pascal Monett
Silver badge

Brilliant idea

No, really. We're heading straight for an energy crises and they want to find a way to pump yet more energy than we already are to power - in the least possible efficient way - stuff that is patently useless and possibly privacy-invading.

I do hope these jokers are getting a good salary out of the moron paying for this "research".

1
0

Forums