* Posts by Tom Paine

641 posts • joined 19 Aug 2008

Page:

Just give up: 123456 is still the world's most popular password

Tom Paine
Bronze badge

"Just give up"?

I work in infosec. I'm secure in the knowledge that I already gave up a long time ago.

(500 points for anyone spotting that reference)

0
0

Jeremy Hunt pockets £14m through sale of course search website

Tom Paine
Bronze badge

Re: Jeremy Richard Streynsham *unt

Puzzled. It says:

while [Virginia Bottomly, a relative] was at the British Council, Jeremy Hunt, became the monopoly supplier obtaining the catering contract for his company 'Hotcourses'.

But it's been widely -- universally, afaik - reported that HotCourses lists academic courses, degrees and what not. Nothing to do with catering. Shurely shome mishtake? Or did they ditch the original business model and pivot to doing something completely different, like all those entrypr0nners in the Valley?

2
0

RIP Eugene Cernan: Last man on the Moon dies aged 82

Tom Paine
Bronze badge

Re: Sad indeed

In the words of the man in the black mask, "Get used to disappointment." Never gonna happen, I'd put money on it (well, it'd have to be "in my lifetime" to make sense I suppose, unless I bequeathed the wager, yea, even unto the fifth generation.)

2
0

Laser beam sky mirage cannon can spy on enemies and generate Star Trek-style shields

Tom Paine
Bronze badge

Re: Sounds like bollocks to me

Could be. Or perhaps they/re hoping the Hairy Ivans[tm] will pour billions of roubles into a fruitless attempt to develop the technology.

1
0

Dodgy Dutch developer built backdoors into thousands of sites

Tom Paine
Bronze badge

That's exactly what I came here to say. Curse my metal body, I wasn't fast enough!

5
0
Tom Paine
Bronze badge

Re: Worse...

Eh? Are you suggesting the police shouldn't have contacted the victims? Or that they should have made 20,000 in-person visits?

1
0
Tom Paine
Bronze badge

Why, did no in-house IT people ever go bad? Hmmm...

http://www.theregister.co.uk/2005/10/21/phantoms_and_rogues/

2
0

French spies warn politicians of hack risk as election draws near

Tom Paine
Bronze badge

I guess you think you're joking, but that dossier makes for a fascinating read, even if you disbelieve 90% of it.

0
0
Tom Paine
Bronze badge

APT28 (AKA Fancy Bear) is suspected by other security firms to be a unit of Russian military intelligence agency, the GRU.

Not quite -- IIRC F-Secure, who were the first to write them up (as "the Dukes") tentatively suggested they're a freelance unit who do work for the Russian state but also for others.

0
0

Calls for UK.gov's tax digitisation plans to be put on the back burner

Tom Paine
Bronze badge

Yeah, after a round of redundancies at a former employer several devs jettisoned at the same time as me interviewed there and reported HMRC's dev environment was fully agile, with KANBAN boards, story cards, CI, short iterations and all the rest of it. Let's hope the products of the pairs works better than the traditional agonising crock of malevolent evil HMRC laughingly call their "processes".

1
0

Microsoft extends support for EMET security tool

Tom Paine
Bronze badge

Trump was strongly in favour of Apple unlocking that iPhone on demand from LEA, wasn't it? Given the way that several US corps have given the appearance of craven submission to fear of angry tweets knocking their stock price, I wonder if the tech industry will stick to their guns in the way they claim to have been doing for the last 5-10 years?

Time to buy the latest OpenBSD distro...

0
0

Google reveals its servers all contain custom security silicon

Tom Paine
Bronze badge

Re: A chain is only as strong

Handing over design to LEA (not the NSA - the Feds and the cops) is a by-design business process. By law, actually.

The NSA smiley face "magic happens here"* type of illegal / pseudo-legal access will be what they're trying to prevent with the bootkit / microcode signing, encryption everywhere, PFS, etc.

* (it's one of the Snowden leaked presentations)

7
1

MIT brainiacs wrangle 2D graphene into super-strong 3D art homework

Tom Paine
Bronze badge

...gyroids: a sponge-like arrangement invented in the 1970s by NASA engineer Alan Schoen [...]

Philosophical point to muse over whilst waiting for my postlunch carbs slump to pass: invented? Or discovered? I'd say the latter, but what do I know...?

2
0

Rethink on bank cybersecurity rules might only follow major bank breach, says expert

Tom Paine
Bronze badge

Re: Smile/Cooperative Bank Poor account reset Security.

Smile/Cooperative bank allows you to reset all access to bank accounts with a generic card reader, the card + pin.

Eh? I'm a Co-Op customer and I don't know any way to change your contact details (I assume that's what you mean by 'access to bank accounts') using a debit, credit or ATM card. You definitely can't do it with a "card reader" - the PDQ machines by the till in shops or at an ATM.

0
0
Tom Paine
Bronze badge

Re: Customer experience

Indeed. And I remember when you had to book international phone calls in advance, and they cost an absolute fortune. And when wrist or hand-held flatscreen TVs with videoconferencing were featured on a "World of Tomorrow" series of cards in Brooke Bond tea... Press Button B... uphill, both ways...

0
0
Tom Paine
Bronze badge

Re: Customer experience

They want just as much security as will give them plausible deniability and mean that they are not liable for any losses.

Who do you think covers losses due to customers' own poor security practices leading to their CC details or passwords being stolen? (yes yes I know crap website security is responsible for carder juice as well -- the banks are liable for those losses too in most cases.)

0
0
Tom Paine
Bronze badge

Anecdote, not data, I know, but fwiw: I have both a Barclays and a Nat West within 3 minutes' walk of my house in a small town / large village (pop <10,000) and the counter staff in the former, at least, are friendly and helpful when I've popped in to pay a few months' accumulated small change into an ISA.

0
0

You have the right to be informed: Write to UK.gov, save El Reg

Tom Paine
Bronze badge

Like any other civilised human being, I too loath and detest the sewer press -- Mail, Express, Star, Sun and Telegraph. If this nutty regulation becomes law, whilst it would mean the end of a free press in the UK for the short period of time until it's repealed because it's obviously leading to perverse outcomes, it would at least allow us to try our best to put the hatesheets out of business by bringing a series of vexatious cases. In the ideal world, it would stay on the books long enough to see those wretched liespouts permanently put out of business and everyone who ever worked for them blacklisted by the industry for the rest of their lives. THEN repeal it and replace with a sane system.

Yes, I know I'm living in cloud cuckoo land, but a man can dream, can't he?

1
0

Weather stops SpaceX from blowing up more satellites

Tom Paine
Bronze badge

May I, for one, tip my hat in acknowledgment at the piss-taking approach to SpaceX? Sadly, we may only be able to enjoy such gentle amusement for another year or two until they start flying crewed vehicles. After that, the jokes will be schoolyard only, as after Challenger and Columbia.

4
12

CES 2017 roundup: The good, the bad, and the frankly bonkers

Tom Paine
Bronze badge

Dear Reg, please could you zap down to your Picture Editor's main databank with a large axe and give him (it's obviously a him) a reprogramming he'll never forget? Zaphod and I would be very grateful.

PS Please don't be ducks, just when you've persuaded Orlowski's stop ranting on about climate change conspiracy theories?

2
2

Former car rental biz staff gave customers' details to phone pests

Tom Paine
Bronze badge

Re: I can name another company that sells customer information...

Complain to the OCO, then, that's what they're there for, and tips from the public are one of the main source of leads for this sort of thing.

0
0
Tom Paine
Bronze badge

Re: What about the ambulance chasers ?

The Directors of Enterprise RentACar did nothing wrong here. You might as well prosecute directors of a bank because someone stuck it up with a shotgun and a sticking over their head.

0
0
Tom Paine
Bronze badge

Re: WTF?

I don't know which story you're referring to there, I must have missed it, but if HMRC sold your data to someone else either you agreed to it or they're breaking the law.

0
0

Could YOU survive a zombie apocalypse? Uni eggheads say you'd last just 100 days

Tom Paine
Bronze badge

EAs I understand it, new pathogens that kill their hosts quickly, and where the population isbhughkybsuceotible, and the pathogen is easily transmitted, tend to lose their lethality over time.strains the efficiently wipe out most of the local population in one area will tend to go extinct for lack of fresh hosts, whilst strains that allow their victims to shamble around biting others in the population will flourish. (A host species like industrial age humans that is able to respond ibtelligently, eg by quarantining victims, biosecurity, isolation treatment facilities, development of vaccines and antivirals and antibiotics and whatnot changes things a bit of course; cf the recent Ebola Armageddon which sadly failed to sweep the developed world bringing the end of life as we know it.

I therefore suggest that the final equilibrium state would be a zombie virus of mild virulence and slow progression, which causes less and less dramatic and noticeable symptoms. You'd end up with a zombie infection being the sort of thing kids get immiunized against, and which get you a month off work.

1
0

D-Link sucks so much at Internet of Suckage security – US watchdog

Tom Paine
Bronze badge

Re: WTF

On that basis, no software should ever be advertised as "secure".

...

On reflection, that's a pretty good idea. "product X is less insecure than Product Y" would be permissible, but "secure-ness" is not a binary state, and is never absolute.

0
0

A year in infosec: Bears, botnets, breaches ... and elections

Tom Paine
Bronze badge

Polls have been really, really accurate indicators recently, haven't they; correctly predicting the outcome of Scot IndeyRef, the 2015 UK election, and Brexit.

Yes, yes they have, actually, contrary to popular mythology. Here's a free clue: google "margin of error" amd "statistical probability". YVW.

0
0
Tom Paine
Bronze badge

Re: Blunder ?

Rubbish. This was campaigning stuff, not government business,and as someone pointed out up-thread, it would have been illegal for her to do it on government systems. Get your head out of Breitbart.

0
0
Tom Paine
Bronze badge

Re: veti

For heaven's sake, stop mutating politician's names and parties into "witty" neologisms like "Shrillery". It's not big, it's not clever, and it's certainly not remotely funny. It just makes you sound like a ten year old. Grow up!

0
0
Tom Paine
Bronze badge

But if the newspaper had hacked the computer (1) it would obviously affect the outcome of the election, as the Russian actions did, and (2) they'd all be going to jail, quite rightly, for hacking.

0
0
Tom Paine
Bronze badge

Re: What's so wrong about a private email server?

What bollocks. Every democracy and legislature in the world enables politicians, including those in government, to have secret off-the-record communications -- as far as I know. If the US doesn't , that's just another way their democracy is fundamentally broken, as is surely obvious to anyone with an interest in the practice of day-to-day politics.

0
0
Tom Paine
Bronze badge

Re: What's so wrong about a private email server?

Perhaps you missed the part where her email server, on which she had sent classified documents, in direct violation of the law, was compromised.

No, it really wasn't. One account was compromised, presumably through phishing or a password of "Hillary 2016" or something.

That's not to say it wasn't a bloody stupid thing to do.

0
0
Tom Paine
Bronze badge

Re: What's so wrong about a private email server?

Partly security, but mostly archives and government record keeping issues - vis., the alleged 30,000 missing mails Trump kept yammering on about.

0
0
Tom Paine
Bronze badge

Re: "We have evidence..."!

Craig Murray is your evidence? That well-known expert in incident response and forensics? Really??

Do me a favour!

0
0
Tom Paine
Bronze badge

Re: "We have evidence..."!

Do I repeat myself by saying the leaks were not a hack?

Er, could you say more about that? In what way is the exfiltration and public release of confidential data a "hack" in colloquial English? What, in short, are you on about?

1
1

Busted Oracle finance cloud leaves Rutgers Uni unable to foot bills

Tom Paine
Bronze badge

Great marketing, for once

"Oracle Cloud Expense solution", you say? Yes, that brand certainly seems to capture some of the key features of Larry's offerings in some indefinable way...

3
0

Hackers could turn your smart meter into a bomb and blow your family to smithereens – new claim

Tom Paine
Bronze badge

Re: Alarmist nonsense?

How did the electricity co turn off your supply when you didn't pay your bill in the ancient times of spinning-metal-wheel meters, then? Hint: they didn't send an engineer out to your home.

1
4
Tom Paine
Bronze badge

Thanks for confirming my hunch: this story is bullshit from start to finish. Nice to see El Reg hasn't become *completely* "professionalised" yet ;)

2
4
Tom Paine
Bronze badge
Megaphone

Presumably for the same reason that key token meters exist (though I assume no-one on El Reg is poor enough to have to schlepp down to the local convenience store to stick more credit on your gas or electricity token at 9pm on a cold January night so you have hot water next morning.)

1
5
Tom Paine
Bronze badge

Re: What devices connect to 'Smart' meters?

You are under NO legal requirement to have one of these white elephants against your will.

And the electricity co is under no legal requirement to take instructions from you about what equipment to deploy or offer you options. You get what you're given.

4
1
Tom Paine
Bronze badge

Re: What devices connect to 'Smart' meters?

As I said down-thread, the smart meters being deployed in the UK don't connect to anything else except the utility co. So the whole story appears to be bullshit, unless Eon are doing it completely differently from everyone else.

4
1
Tom Paine
Bronze badge

Re: Explode is not interesting

By "grid" you mean "tiny tiny section of the grid hanging off your local pole-mounted transformer", presumably, not "the national electrical supply grid". I'm no electrical engineer but I remember reading at the time of the great NE US outage in 2004 that the UK grid (and other developed countries' grids) are segmented to prevent cascading failures knocking down large chunks of the network simultaneously.

5
0
Tom Paine
Bronze badge

Smart meters can communicate with devices inside homes, such as air conditioners, fridges, and the like.

I'm confused. I've got a smart meter; apart from a useless little touch screen gadget with no manual that's supposed to allow me to track my consumption in some unexplained manner, the only other difference is that it talks to the electrical supply co to report back meter readings. I don't have any "smart house" crap like multi-coloured lightbulbs or wifi-enabled toasters, but even if i did, the meter wouldn't talk to them (why would it??)

What am I misunderstanding here? Or is this whole story nonsense? clue welcomed...

4
0
Tom Paine
Bronze badge

Re: "Smart meters are 'dangerously insecure'"

If your electricity meter is outside your house, your electrictiy co is doing it very very wrong.

1
28

Trio charged with $4m insider trading by hacking merger lawyers

Tom Paine
Bronze badge

Re: Lawyers lose small change behind the sofa

That's not what I was taught in compliance training at a well-known US-based megabank.

0
0
Tom Paine
Bronze badge

Re: Lawyers lose small change behind the sofa

The expression you're searching for is MNPI: "material non-public information". If you work at a bank, legal firm, investment manager or whatever and have access to MNPI, you're committing an offence to trade any instruments affected by it. (IANALATINLA)

0
0
Tom Paine
Bronze badge

Re: Lawyers lose small change behind the sofa

With the M&A partners being very obvious, very high profile targets for a bit of insider trading, you might hope the law firms themselves would have at the very least a professional obligation to make sure their systems were suitably secure

You might hope, yes. If you haven't worked in the security industry. (See these white hairs? I'm 27*, you know!)

*Not really

0
0
Tom Paine
Bronze badge

Re: Rank amateurs

Point of order: $4m would be a bloody big bonus even at Goldman. Senior partners might get bonuses of that order of magnitude, and possibly a handful of star traders or desk managers, IF they had an exceptional year.

0
0

'DNC hackers' used mobile malware to track Ukrainian artillery – researchers

Tom Paine
Bronze badge

Re: Commence Arty Strike on this App Position!

(Also, didn't Russia provide good satellite imagery to eastern rebels (and probably their own long-range artillery) anyway? Why APTify the mobiles?)

If you could do it, why wouldn't you? The more independent sources of intel you have access to, the better. If the phone data confirms satellite or other recon, they can be that much more confident in the assessment that a bunch of vehicles in a field is artillery rather than civilian refugees or, say, three simple circus folk who have lost their way in the woods.

0
0

Turns out there's a market for marijuana... plants' video surveillance

Tom Paine
Bronze badge

10/10 for effort....

...but minus several million for it still being a storage story.

1
1

Stupid law of the week: South Carolina wants anti-porno chips in PCs that cost $20 to disable

Tom Paine
Bronze badge

Re: @Bucky 2 - Trump voters

I've got to say you're really reaching to imagine Trump running again in 2020. I fully expect that by this time next year one of two things will be true: 1., Trump will be gone (various scenarios); or 2. we'll all have been converted to charcoal briquettes or whiffs of nitrogen, carbon, hudrogen and a few trace elements.

I'm not even kidding. The pigeons will come home to roost very, very quickly if he acts in office as he has as a candidate and PE. Take China alone: triggering a major trade war will crash the Chinese AND American economies, and the ripples are likely to tank Europe as well,. That's a lot of people who are suddenly poorer than they used to be. That is a very good way to motivate them to express displeasure in ways and at volumes that will get through to the half-way sane Republicans in Congress. Either way, he'll be gone by Christmas 2017 -- or long before.

3
0

Page:

Forums