* Posts by mark 120

54 posts • joined 19 Jun 2009

Page:

TfL to track Tube users in stations by their MAC addresses

mark 120

GDPR to the rescue

Recording the MAC address means it can be tied back to an individual, and is therefore personal data. They'll therefore need to gain consent for processing it.

6
1

US citizens crash Canadian immigration site after Trump victory

mark 120

Re: Any hope of crowd sourcing a Pence for president "solution"?

You didn't notice that the guy who shot Reagan was paroled a month or two back, then? Probably been on a CIA range ever since ...

3
0

Not call, Intel – not call: Chipzilla modems in iPhone 7s fall short

mark 120

Presumably

Apple will have specified the performance parameters when they went to the the suppliers. If they did, and the products are within those, then there's no problem. If they didn't, or they aren't, then there's a problem. I can't see Apple making such elementary mistakes, but stranger things have happened.

0
0

Vodafone rapped with RECORD £4.6m fine for failing customers

mark 120

As of two weeks ago

nothing has changed.

Failed to collect direct debit

threatened to cut off service as a result of not collecting payment

agreed not to cut off service

sent text saying service would be cut off unless payment recieved

confirmed service wouldnt be cut off

cut off service

reinstated service

sent text saying service would be cut off unless payment recieved

confirmed service wouldnt be cut off and DD was now set up correctly

2
0

Police raid India call centre, detain 500 in fraud probe

mark 120

"Good afternon, Telephone Preference Service, how can I help you?"

0
0

Should Computer Misuse Act offences committed in UK be prosecuted in UK?

mark 120

Re: Seems simple to me

Fancy it, no. Nor would I have the right to whinge about it if that's the published consequence of the activity.

5
7
mark 120

Seems simple to me

If you break into / illegally access a server or system, then you're prosecuted in the place that the server or system resides.

To put it another way, if I co-ordinated a bank robbery in another country, where would I be tried? I'm fairly sure it wouldn't usually be in Britain.

7
29

ICO boss calls for EU-style data protection rules post-Brexit

mark 120

We'll put in place exactly the same regulation, only we'll call it the 'Great British Data Protection Regulation' so the Brexit crowd think they've taken back control.

8
1

DVLA misses out on £400m in tax after scrapping paper discs

mark 120

Re: This should be one of the easiest taxes to collect ...

ANPR camera at every petrol station. No current record, no petrol (and maybe the drive-off barriers come up for good measure).

13
3

Tupperware vehemently denies any link to storage containerisation

mark 120

Real name?

Jane More O'Ferrall? More Overall? That can't be a real name, surely?

0
0

Who'll guard your personal data post-Brexit?

mark 120

Why would you want to spend the effort, time and money drafting an equivalent law? It'd be the same thing, only it 'll say 'British Data Protection Regulation' instead of "European". Same goes for every other piece of legislation we need to replace. They already exist, and assuming we want to deal with Europe in any way then we'll have to the same in all but name, allowing for fairly minor amendments acceptable to the EU.

0
0
mark 120

Slight correction

The GDPR is in effect now, but we've got until May 2018 to become compliant with it. If organisations aren't already applying or planning to apply at least some of the principles already, then they're quite likely to run out of time. Even if we vote Leave, we won't get out for at least two years so the GDPR will be being enforced before we've managed to exit the EU.

2
0

Dyfed-Powys Police fined for publicising pervs' particulars

mark 120

Re: Why don't we have a register of all criminals?

Mp's wont pass legislation for an open list they will appear on.

8
0

TalkTalk scam-scammers still scam-scamming

mark 120

It's only half a million quid right now, but the replacement for the DPA (the EU General Data Privacy Regulation) allows for 4% of global turnover or 20 million Euros, whichever is higher. It might actrually result in companies taking their data security a bit more seriously in future.

4
0

Firms that make 'questionable use' of your data will pay... with their reputations

mark 120

Isn't this already covered under the new EU General Data Privacy Regulation? That mandates a fine of up to 4% of global turnover or 20 million euros, whichever is higher, and they have specific details around only using information for the purpose for which it was collected.

2
0

ISIS operates a crypto help desk – report

mark 120

Can it be hacked?

Update the FAQs and the help database, to give useless answers?

"If you're having trouble communicating, immediately disable ToR and try again. If that fails, send an email containing your name and address to help@GCHQ.com

4
0

TalkTalk hired BAE Systems' infosec bods before THAT hack

mark 120

Re: Hmmmm

So they were responsible for securing the intranet, yes?

4
0

Drones are dropping drugs into prisons and the US govt just doesn't know what to do

mark 120

How about...

...having guards watch the yards and pick up anything that is dropped? It can't be that hard to detect a drone and send somebody over to the rough location it went to, then remove anything on the ground, can it? Far easier than a purely blocking tactic.

1
0

TalkTalk downplays extent of breach damage, gives extra details

mark 120

Evidently

If you've got an 18 digit PAN, as with some Visa issued cards, and remove the middle six, how many digits are left?

1
1
mark 120

Middle six digits removed? I hope they meant to say that only the first six and last four digits were stored, as otherwise that's a(nother) breach of PCI rules.

2
1

ICO 'making enquiries' into bizarre shopper data spill at M&S

mark 120

I've seen this before at a place I worked. Turned out the random number generator used to create the 'unique' session ID's wasn't random, and if a second user got the same ID before the caches had been cleared they could see the other persons details.

9
0

TalkTalk plays 'no legal obligation' card on encryption – fails to think of the children (read: its customers)

mark 120

Re: do payment processors have an obligation to deal with talktalk?

Sadly, they've never done it yet, because it hurts their own profits. If Target didnt get their Visa / Mastercard licence withdrawn, no-one will.

1
0

TalkTalk CEO admits security fail, says hacker emailed ransom demand

mark 120

Lol. Selling data on the dark web isn't as profitable as it used to be? That's only if you look at it on a price per unit basis, because the market is flooded with details stolen from companies like TT. Overall it's still very profitable.

Is it just me who thinks she needs a PR person telling her to shut up right now?

5
1

TalkTalk shares drop 10.7% despite research that breaches don't cause drops

mark 120

Research by the Ponemon Institute (2014 paper) says the opposite. That's the evidence opposing the HBR, and focused on UK industry too. They looked at actual breaches (and their costs) and have done for some years.

5
0
mark 120

The last lot of research I saw (Ponemon Institue) said that comms companies can expect to lose about 5% of their customers following a breach, whether they were personally affected or not. Surely that possibility frightens shareholders and makes the company worth less, at least in the short term?

2
0

Chaos at TalkTalk: Data was 'secure', not all encrypted, we took site down, were DDoSed

mark 120

Hopefully not Experian though, eh?

8
0

Caption this: WIN a 6TB Western Digital Black hard drive with El Reg

mark 120

A young Sauron was very pleased with his prototype Eye.

4
0
mark 120

Shortly afterwards, Edward put a sign on the machine reading "Caution - do not look directly into machine with remaining eye".

8
0
mark 120

Early adopters of Skype found the hardware requirements to be a bit more than they expected.

3
0

TalkTalk: Hackers may have nicked personal, banking info on 4 million Brits

mark 120

Their next annual review may well be beginning today, starting with a knock on the door from serious lookg audit types with forensic investigators in tow. If Talk Talk didn't tell their acquirer / Visa / Mastercard they'd been breached right away, then a very dim view will be taken.

5
0

El Reg celebrates Back to the Future Day

mark 120

You won't believe this dad, but Teasmaid say that in 2015 coffee will pour itself!

0
0
mark 120

Coffee in 2015

The VR goggles couldn't do anything for the taste of the coffee, but at least they made the barista look attractive .

3
0

Shuttle bus firm Terravision belatedly adopts https for credit card sales

mark 120

Excellent. You've fixed the HTTPS issue, now can you publish your PCI Attestation Of Compliance please? I'm sure you have one, being a merchant taking a large number of card transactions ...

4
0

WIN a 6TB Western Digital Black hard drive with El Reg

mark 120

As they removed the goggles and turned around, it became clear that technology really had reached the final front ear.

6
0

Shoe stores top US credit card EMV-ready leaderboard of fail

mark 120

If they'd done this years ago, we wouldn't now have the mess that is PCI-DSS. But because America can't secure its data properly, the whole world has to suffer.

1
0

WIN a 6TB Western Digital Black hard drive with El Reg

mark 120

RM -R *

There they go. I *knew* dinosaurs had been a mistake.

0
0
mark 120

Adventure Game

"You are in a featureless desert. Choose a direction N S E W"

N

"You have been captured by pagans. Press Y to try again to successfully get your 12 tribes to the Promised Land"

4
0

Morgan Stanley staffer cops guilty plea over data breach

mark 120

That's an interesting one. Why did he do that? Was it a result of work pressure and he needed to do stuff at home, was it a way of getting a customer list for a private enterprise he wanted to set up, or something else? If the former was it sanctioned by Morgan Stanley, or at least common working practice?

Motive makes a difference. He may well have taken the data with the best intent, or he may have had nefarious purposes in mind. Ulitmately though, it seems the data went public becuase his security was about the same level as Morgan Stanleys, only he's the one left holding the can when the breach occurred.

0
1

Manchester fuzz 'truly sorry' for 'accidentally' hacking phone of whistleblower cop's girlf

mark 120

As well as buttons being pressed while in the evidence bag, was it put in there switched on or not? And if it was in there switched on, how long was it there for and did it need charging before the buttons were accidentally pressed?

20
0

OH DEAR, WHSmith: Sensitive customer data spaffed to world+dog

mark 120

"It's a bug not a data breach"

Good luck getting that accepted by the ICO.

19
0

Another chance to win a 6TB Western Digital Black hard drive

mark 120

The Company hadn't read the contract properly before allowing Crapita to install the new web based system.

0
0

Huge hack attack: UK data cops to probe Carphone Warehouse breach

mark 120

What, and dent their profits?

They won't remove a retailers ability to take card payments while they can continue to make money from those payments, and while they don't stand any losses which do occur - the latter point is the whole reason for PCI, after all.

0
0
mark 120

When did they notify Visa etc / their acquirer, as required under PCI rules?

0
0

Contactless card fraud? Easy. All you need is an off-the-shelf scanner

mark 120

Re: Where are they shopping

Amazon doesnt require a CVV.

5
2

It’s 2015 and we're being told not to send credit cards as cleartext

mark 120

Re: Only 10 years to late....

PCI 1.0 came in in December 2004, and has always stated that it applies when card data is stored, processed or transmitted.

2
0

It's even GRIMMER up North after MEGA SKY BROADBAND OUTAGE

mark 120

Re: Plus net phone and broadband down here for us

It's fine just up the road in Mossley.

0
0

Plods scrap crap stealth spy blimp

mark 120
FAIL

Testing?

What berk bought this without testing it outside first?

0
0

DVLA says council snoopers are free to take the WEE

mark 120
WTF?

Horse Fouling?

What? contacting the DVLA for info regarding horse fouling? I'm not even sure what that is, but good luck tracing me through the DVLA - no horse I've owned had a number plate, although I bet the last lot had it on their 'to do' list.

6
0

US and Russia begin cyberwar limitation talks

mark 120
FAIL

Nice acronym

CyberwarLImitationTalkS

0
1

US judge rules quadriplegic can bear arms

mark 120
FAIL

Genius

Anyone else want to predict what will happen to the wheelchair, the first time a shotgun mounted on it is fired?

0
0

Page:

Forums