* Posts by Matthew Elvey

19 publicly visible posts • joined 8 Jul 2008

Tweaked Space Shuttle Main Engine gets ready for final testing

Matthew Elvey

You're so old you forgot a digit. It's https://en.wikipedia.org/wiki/RS-232. Not 252.

Excel recruitment time bomb makes top trainee doctors 'unappointable'

Matthew Elvey

Re: Excel for dodgy databases

The security breach at TD I uncovered brought to light that they were managing per-customer information in Excel. For ~6.4 MILLION customers.

Oracle at Europe's largest council didn't foresee bankruptcy

Matthew Elvey
FAIL

GIGO (Garbage In(side)? Garbage Out.

The data used as evidence that

"women employed in certain roles being paid less than men in other roles"

came from a system that was broken.

So for all we know, it wasn't the case? Same as https://www.theregister.com/2023/10/12/excel_anesthetist_recruitment_blunder/?td=rt-4a !

Can we be confident that systems can tell men and women apart when they can't tell the highly qualified apart from the not at al qualified? I think NOT.

BlackMatter ransomware gang says it's disbanding – again – after Ukraine arrests

Matthew Elvey

Re: Due to certain unsolvable circumstances associated with pressure from the authorities

They've literally announced / leaked that a name change is in the works. I will not be complying. Unless they officially change it to crackbook.

Samsung releases pair of jeans that can't do anything except cover your legs and hold a Galaxy Z Flip 3

Matthew Elvey

Wow, surprised that such a sad product / topic has such great commentary!

("... Vape? Galaxy Note 7."

"T28" - yes I remember mine almost 'fondly'.

"Et voila! Free marketing"

UtiliKilt joke

US Dept of Commerce sanctions NSO Group, Positive Technologies, other makers of snoopware

Matthew Elvey

A feather in Amnesty International's cap (where there have been a few turds lately).

Progress report: Asahi Linux brings forth a usable basic desktop on Apple's M1

Matthew Elvey

Re: Very encouraging

Bandaged? Have you experienced the performance? It's more like a bionic upgrade than a bandage. And costs a lot less than Steve Austin's.

Matthew Elvey

Re: Looks interesting

Remember when Microsoft owned 10% of Apple? (Proof/TNW story you're skeptical)

(No longer.)

US boffins: We're close to fusion ignition in the lab – as seen in stars and thermonuclear weapons

Matthew Elvey

Quoting error

"coverts" ???

How does one manage to include such a typo in what's supposedly a direct quote - which these days is probably from written communication?

How does one manage to ALSO fail to include the closing quote in that direct quote? Ghost in the mouse?

Apple responds to critics of CSAM scan plan with FAQs, says it'd block governments subverting its system

Matthew Elvey

Re: Who creates the hash?

By the way, did anyone else notice that Google Image Search, which used to work quite well, now works extremely poorly? I typically put in small images I'm looking for a larger copy of. It used to be great at this. Usually found one if I thought it likely there was one on the inter webs. Now it's rare.

Matthew Elvey

Re: You asked for it, you got it

Ouch. Snake's comment hurt. Because it hit home. It's not like there weren't warning signs.

revilo is right.

Except that as far as I can tell, it's impossible to use just about any smart device remotely close to normally in the common sense of the word and be confident it hasn't been pwned.

Open civil disobedience is another option. "They" can't jail all of "us". WFM. No one has come for me. As long as there are more with me than with evil, I'm good. It's things designed to make us fearful - like this announcement, like 2/3 of the news, that push people into accepting/supporting evil, but at the same time, it pushes people to wake up and act for good. The I'm mad as hell and I'm not going to take it anymore crowd.

Google rushes in where Akamai fears to tread, shields Krebs after world's-worst DDoS

Matthew Elvey

NO - Re: BCP 38

No. BCP 38 is a good thing, but a BCP38 implementation won't block legit-seeming DNS queries to or from a DNS server.

Spies would need superpowers to tap undersea cables

Matthew Elvey

Article author Richard Chirgwin is either a stooge or incompetent (or this is just cljckspam). Here's why:

What Greenwald wrote is, "“Speargun” involved the covert installation of 'cable access' equipment, which appears to refer to surveillance of the country’s main undersea cable link, the Southern Cross cable."

In no way does this include Greenwald claiming that the undersea portion of the cable link was accessed. It could be done the same way splitters feed Room 641A (Google it or see video.pbs.org/video/2365249828 ...)

Not to mention that other commenters have pointed out that the US has assets (USS Jimmy Carter) designed specifically to tap undersea cables.

Moore's Law leaves mobile networks ripe for attack

Matthew Elvey
Flame

Anyone willing to help me find my stolen GSM phones then?

So given the IMEI, it's not hard to brute force ones way into a phone! It ticks me off that AT&T and T-Mobile are unwilling to help recover phones unless served with a court order.

My Android and iPhone were stolen recently. I have the IMEIs. (Well, I was pickpocketed of the former and left the latter in a restaurant, so arguably the latter isn't theft.)

I guess I could head over to the RSA conference and find Aaron Turner. I guess I could find the CCClub-published info mentioned and do it myself. I'm reachable at 7-M-Elvey in the SF area code.

Morgan Chase blames Oracle for online bank crash

Matthew Elvey
FAIL

More evidence their IT and IS are 'challenged':

Security Alert - they don't even bother to fix identified security flaws:

http://www.elvey.com/it/spr/SPR-2008-08-16.html

So I wouldn't expect their disaster recovery plans to be in tiptop shape!

Google cloud told to encrypt itself

Matthew Elvey
FAIL

FAIL!

@Darren Forster: "Then call the person and tell them the password..."

And the phone system IS secure? No... When I lived in NYC, I could have safely and easily tapped the lines of anyone in the building.

Glad to see google getting with the program. Half the cost of SSL is in the initial handshake, which Google always did to protect the login itself. I've been using SSL with my provider for years. (fastmail.fm).

New-age cyber-attack inflicts major damage with modest means

Matthew Elvey
Thumb Up

Hardened porn sites, har har...

Chris Miller: excellent post! Spot on.

Adrian wrote "Apart from the illegality of it" - at first I thought he was saying the filtering was illegal, not the address spoofing!

AC: very funny!

Hardened? Well, aside from the double entendre, sure! Porn sites make money. Lots of money. So of course they'll be hardened.

Kaminsky (finally) reveals gaping hole in internet

Matthew Elvey
Happy

Thank you, Dan Kaminski

I shoula emailed him a few days ago. I was close. I was thinking of the stunt DNS server John Levine set up at sp.am, and how it could be used to trigger lots of DNS lookups from a client...

Trojan trawls recruitment sites in ID harvesting scam

Matthew Elvey
Unhappy

Sue 'em?

I sued TD Ameritrade for violating their privacy policy, in failing to prevent their customer database from being obtained by hackers. It is a more serious case; they've already offered $1.9MM in plaintiff's attorney's fees alone to settle the case.

It's much harder for Monster to keep crooks out of its database than AMTD... How would monster do so? I.e. how would it differentiate between a faux firm set up to look like a normal company looking for staff, and a real one? Reliably? At reasonable cost?