* Posts by bish

22 posts • joined 30 May 2009

FBI overpaid $999,900 to crack San Bernardino iPhone 5c password

bish

24hrs? Doubtful

The hacking behind building a safety net for brute forcing the encryption is very impressive, but we're still talking about brute forcing a four digit PIN where every six attempts takes (on the video) ninety-one seconds, from the previous chip powering down, unplugging it, hooking up a clone, starting the phone up (yawn) punching in your first four combos (and you'd want a tick list if you were really going all the way from 0000 to 9999 - which would slow you down a tiny bit more each time - or you'd definitely lose your mind) waiting on the fifth and sixth, (potentially cursing yourself for mistyping a number) then powering down again. By that measure, it would take more like forty-two hours - unless of course the passcode started with 1-8, which admittedly is a fair shot but not guaranteed), without any breaks - if that were my gig, and it included the four months part time (two months full time) R&D, I'd invoice for AT LEAST $1m, simply because it's the most boring task ever.

2
0

Ireland looks like it's outpacing Britain in the superfast broadband rollout stakes

bish

Re: Why FTTP?

I understand that you're being facetious, but not all rural areas are Trumpton. Oop North, I lived in an area North of Manchester, where a handful of small towns are connected by tiny clusters of houses and farms, scattered all about the hills, some (like the one I lived in) isolated by a good mile or so on all sides by dank, wet, miserable fields full of sheep. Given that BT still hasn't managed to install a landline that didn't sound like Bell himself might be on the other end (distant, crackly, muffled and with regular drop outs), one could understand their reluctance to invest any time or money in laying any cable where weather, fauna and farmers may damage it at a moment's notice.

According to a friend who's still local (I'd say 'neighbour' but they were fully two miles away) one of the nearest clusters of houses now has a FTTC cab installed, but the hopes of bouncing any kind of wireless signal UP the hills to the farms above seems unlikely, even if they had a maypole (or church spire, or any of the other accoutrements of your picturesque fantasy rural hamlet). Oh, and there's (to the beat of my knowledge - not been back in half a year) neither 4 nor 3 G mobile signals up there. Which is a shame, because it (and many, many similar premises) could easily be converted into a rather splendid office, or at least be used to work from home. I moved in the end because 'working from the coffee shop in town 5 miles away' just isn't the same. They didn't take kindly to me sitting down in my underwear.

0
0

Tech support scammers mess with hacker's mother, so he retaliated with ransomware

bish

I have one Windows machine in the house, which I take good care of, and a bunch of Macs, Linux boxes, a FreeNAS system and a couple of Hackintosh NUCs on the TVs. Last time they called me, the Windows box wasn't even switched on, and I was sat in front of the TV in the lounge. I played along, but when they asked me to press the shortcut for Run, I didn't best impersonation of a panicked non-tech person, moaning that it wasn't doing anything and they were right but maybe too late to help me. They told me to open IE, oh noes! It's not there! They asked me what keys were on the bottom left of my keyboard (to filter out Mac users - nice touch, albeit somewhat late in the script) and I told them exactly what I saw on my Logitech wireless board. Utter confusion followed - they seemed to have chanced on a PC that was so utterly borked they couldn't do anything to demonstrate how borked it really wasn't. They escalated my call to a manager, who finally asked what was at the top left of my screen ("Well, there's a little apple and...") after a long pause, the first guy came back on, said "Hello, Sir? Go to hell, sir." And he hung up.

I was left with mixed feelings - of course these guys are scammers and bottom feeders, but the anger in his voice revealed how hurt he was to have wasted his time (which is money). Yep, got my own back, and maybe made him think, but ultimately these scammers aren't doing it for giggles, they're doing it because it's a way to make money, and presumably their English isn't good enough to work in a more legitimate call centre. I can afford to mess these guys around for the better part of an hour, but if he's on performance related pay, coming up to the end of a shift and wastes his time on me when he could be wringing a couple of sales out of people like my parents, I've just cost him big. On the one hand, I'm delighted to be doing my bit to slow down the success of the scam, but on the other, I'm depressed to live in such a shitty world that an (at least) bi-lingual dude of around my age is sat in a call centre somewhere in India, extorting his way to paying the bills and putting food on the table.

I dunno what the solution is, and maybe it's ridiculously post-colonial of me to assume the guy's poorer than me. Maybe his shitty scam job earns him £50k and he drives a Merc, but ultimately I think this kind of vigilante approach solves nothing for anyone. We probably all ought to pressure people in power to do more to address the issue.

10
1
bish

Re: Bobby?

https://xkcd.com/327/

1
1

Mark Zuckerberg's Twitter and Pinterest password was 'dadada'

bish

Re: As for username and password,

Oh feck yes, this. "Security Questions" seemed utterly dumb to me back in the 90s, so I'd just mash keys for a minute and move on. Lost a few sweet usernames on decent sites when they then started requiring answers after suspicious login attempts.

0
0
bish

Re: Password strength lesson

How do salts and stored hashes protect against reused passes? I get LinkedIn's db, and find that they've only stores Zuck's hash and salt. Given he's not just any ordinary target but (a) an internationally recognisable figure with rather a lot of influence, and (b) someone who's (as of now) been known to reuse passwords, I decide he's a good target. I plug the salt into my script and bruteforce until I get a hash that matches. Huh, it's "dadada". Now I head over to a bunch of other sites and try dadada out. The salting and hashing has only protected the majority of users, because it's a PITA (and slow) to bruteforce all those salty hashes, but it hasn't actually added any (meaningful) extra protection to any individual login, and does nothing to mitigate idiot users keeping the same password for everything. Like the OP said, password reuse IS worse than weak passwords. If you find out my password for this site is 1234*, it doesn't matter too much for me since you can't use that pass to gain access to anything else of mine, and I only need to change one password to fix the breach.

NB: I accept I may be wrong or missing something here, so do let me know if that's the case. I also appreciate that I've made quite light of bruteforcing a salted hash, but a six lowercase letter password, containing only two characters, really isn't going to pose that much of a problem. My point is, if someone set out to target Zuck and the LinkedIn db had been salted and hashed, it wouldn't have made that much difference.

*[changes password]

4
0

Admin fishes dirty office chat from mistyped-email bin and then ...?

bish

No brainer

If you set yourself up as the kind of admin who redirects mail, you have to redirect it. There's nothing illegal going on, and flagging it up as a violation of company policy on computer use is obviously messy and unnecessarily complicated. The right answer is obviously to stop nannying your users and let their emails vanish into the void. Teach them how to look up email addresses and check their sent items and then just leave it the hell alone.

The implied moral quandary over being complicit in an affair between two adults is so absurdly puritanical, I can't help but wonder if the admin worked in some kind of hyper-zealous bible sales business.

1
0

Amazon WorkSpaces two years on: Are we ready for cloud-hosted Windows desktops?

bish

How much!!?

Really? Until it's (at most) half the current price, it really doesn't look like a viable product for anything other than uber-corporations with cash to burn and enormous tech teams to maintain it. The problems of managing the setup would appear to be at least as difficult as managing full fat machines, and much more complex than an in-house solution.

Just why?

1
1

Let’s re-invent small phones! Small screens! And rubber buttons!

bish

Re: Small != Small

Bravo. Better than the main article, in fact.

1
0

How exactly do you rein in a wildly powerful AI before it enslaves us all?

bish

Re: Isaac Asimov

Finally, someone mentions Asimov. Can I chuck in Banks' Minds in the Culture novels and suggest that a truly super-intelligent AI would likely be benevolent and certainly no worse a supreme overlord than our current governments? I, for one, welcome our new hive mind leaders.

1
0

Google Search head: I'm off. Yes, I told you yesterday. On Google+

bish

"our mission..and the impact it has had..cannot be overstated"

Ahem: Google's mission has cured cancer, ended world hunger, conclusively resolved all religious and nationalistic discord and finally proven that we are not alone among the stars.

As my mum always said, there's no such thing as 'cannot'.

2
0

Apple tablet will 'redefine print,' says rumor mill

bish
Stop

*snore*

"IT'S COMING AND IT'S GOING TO BE AMAZING!!!"

Except it's not coming, because it never does, and it won't be amazing, because even if it does finally appear, we'll all know everything there is to know about it LOOONG in advance and there won't be much to get excited about.

Jobs wants to make a game-changer portable computer. This has been his aim for as long as I can remember. The problem is, technology hasn't caught up to his vision, and his mortality is catching up with him. This leaves two possible outcomes:

1) This constant cycle of rumour, speculation and "this time next year" commentary will continue to add up to nothing, as Jobs keeps pulling back on going into production, because the best Apple can do still doesn't measure up to what he wants.

2) Jobs - worried he'll never see the day that cool kids with good hair iChat on their iTabs (or whatever) in Starbucks - goes ahead and launches the damn thing, but it's massively underwhelming to everyone and way too expensive, and while a few people shell out and sit in public places cooing at their overpriced gadget, most people just make do with a crappy netbook or phone, and get on with their lives.

It can't be thin enough or battery-efficient enough until someone invents fast-refresh flexible eInk, preferably with multi-touch capabilities. There have been prototypes of most of those ideas individually, but no one (that I know of) has put them all together, and certainly not affordably. It isn't likely to happen in Jobs' lifetime, and I for one wish he'd just shelve it, with detailed instructions on what he wants the Apple geeks to build when the tech is finally available. Why rush out a half-realised product? It's becoming a bit of a vanity project (like most Apple stock, I suppose).

0
0

Apple admits third of iPhone calls in New York are dropped

bish
FAIL

Hmm..

This is why, here in the UK, I've put off getting an iPhone. Sure, they're not super-magical solve-all-your-problems phones, but there's quite a few apps that would be really very useful to me, but I'm not trading that usefulness for lack of connectivity on 02 (which is rubbish in my area - a couple of friends have them and the amount of time they spend wandering round peering at their handsets, looking for a decent connection just doesn't seem worth it).

I thought about buying an iPod Touch, but that'd mean carrying around two things to break/lose/have stolen, and I've gotten used to my phone being an all-in-one. The news that the iPhone's coming to Orange is good for me, since their coverage is excellent, and my current contract runs out at the start of November.

0
0

iPhone app grabs your mobile number

bish
WTF?

Clarification?

Wait, they harvest the numbers via SMS? So are all these complaints from people who seem to have somehow forgotten sending a message to the company that makes the app? Or is the company lying? OR does the iPhone also allow apps to send SMS without the owner's approval? Because the latter would be a MUCH bigger security hole - not that the number-retrieving app isn't a big enough hole as it is... Whichever it is, I'd hope Apple addresses this soon, if they want to keep their customers.

0
0

Ageing Google supersizes its search box

bish
Thumb Down

Ugh.

Welcome to Fisher Price™'s My First Search Engine©!

It looks so retarded, I may even start using bing. Glad I wasn't the only one fiddling with zoom.

0
0

Tasered Oz man bursts into flames

bish
WTF?

@Kev K

"trust me it is a deeply unpleasant experience to me confronted by some violent, wild eyed, mouth frothing, smelly tosser high on that stuff"

Forgive me, but isn't it a police officer's JOB to confront people like that?

"being high on petrol/glue...gives the sniffer extra strength"

Patently absurd. Unbelievable silliness. Solvents may well make users FEEL stronger, but they act on the brain and certainly don't enhance muscles.

The issues here are - why did the situation so rapidly descend into one where the policemen felt they needed to break out the weaponry? Sure, he was behaving threateningly, so perhaps their actions were justified, but how they initially approached the suspect is unreported, and may have made all the difference (or not - not pointing fingers). Secondly, what reasoning led to employing a taser on a man with petrol? Did they have guns and did they consider using them? A well aimed disarming shot would've been a lot safer, since the likelihood of bullets igniting fuel is incredibly slim, despite what Hollywood and Mr O'Callaghan's suggest. And was it really out of the question to attempt to wrestle him to the ground? I'm assuming he had the petrol for sniffing, not burning himself to a crisp, so was it really reasonable to assume he'd use the lighter?

The fact that drug-crazed-crazies can be a bit intimidating is neither here nor there - if you panic as soon as someone threatens you, get a job in an office, not one of the forces.

0
0

Cyber security minister ridiculed over s'kiddie hire plan

bish
FAIL

As if further incentive were needed...

s'kiddies, and other nefarious 'cyber-criminals' (good god, when was the last time anyone outside the government used the word 'cyber' with a straight face? 96?) do their dodgy deeds for a variety of reasons - a sense of achievement, to boost their rep, and most commonly to earn a bit of dirty money.

None of those reasons is going to just go away, so why give baby geeks yet another incentive to turn to the dark side? Why not just run a recruitment ad - "Bored? Talented? Become a network bandit, get caught, and get a job working for the Ministry!" - I dare say they might get some of the less useless ones that way, too.

0
0

US city ends FaceSpaceGooHoo log-in grab

bish
Thumb Down

Madness

I've heard of checking out prospective employees on social sites, but demanding their login info when they accept a job? Hello, human rights?

Obviously local government in Bozeman just goes ahead and does stuff without actually stopping and working out whether their schemes are legal, responsible or useful.

What were they going to do with all those details (apart from probably not keep them secure)? Spam social networks with Bozeman tourism ads? Or just invade their employees privacy whenever they choose?

I hope they get a good slapping for even thinking of doing this, never mind putting it into practice. They'll probably just get nice jobs at MiniTrue.

0
0

Stilt-walking Cirque du Soleil founder turns space tourist

bish
Stop

Clear as muddy water...

"And the purpose is clear: to raise awareness on water issues to humankind on planet earth."

Which water issues do you suppose he means? As far as I'm aware, it ain't running out any time soon...

Aren't there more pressing environmental matters? And aren't they rather compounded by the frivolous burning of rocket fuel?

0
0

Apple confirms $1bn data center

bish
Thumb Down

Perdue's kidding himself...

...If he thinks a DATA CENTRE is going to create 250 jobs for locals. I thought 50 sounded a bit optimistic. And he seriously thinks Apple will employ the locals for REPAIR!???

Talk about a sucker...

0
0

Hackintosher to open US storefront

bish
Thumb Down

But...

Regarding the OS-less system + OS X disk model Allan Rutland and others have suggested - to run OS X on a Dell, or any other non-Apple computer, I thought you had to first modify the actual kernel? Unless I'm mistaken, I don't see how he could sell copies of OS X modified to run on his computers without seriously violating both the EULA and copyright law.

0
0

Microsoft breaks Windows 7 three-apps netbook handicap

bish
Linux

Wait...

...so, you pay less, and in return you get a slimmed-down version of Win7, without all the bloatware but otherwise fully functional?

Somehow, I'd expect to pay more...

0
0

Forums