* Posts by mark 120

45 posts • joined 19 Jun 2009

Tupperware vehemently denies any link to storage containerisation

mark 120

Real name?

Jane More O'Ferrall? More Overall? That can't be a real name, surely?

0
0

Who'll guard your personal data post-Brexit?

mark 120

Why would you want to spend the effort, time and money drafting an equivalent law? It'd be the same thing, only it 'll say 'British Data Protection Regulation' instead of "European". Same goes for every other piece of legislation we need to replace. They already exist, and assuming we want to deal with Europe in any way then we'll have to the same in all but name, allowing for fairly minor amendments acceptable to the EU.

0
0
mark 120

Slight correction

The GDPR is in effect now, but we've got until May 2018 to become compliant with it. If organisations aren't already applying or planning to apply at least some of the principles already, then they're quite likely to run out of time. Even if we vote Leave, we won't get out for at least two years so the GDPR will be being enforced before we've managed to exit the EU.

2
0

Dyfed-Powys Police fined for publicising pervs' particulars

mark 120

Re: Why don't we have a register of all criminals?

Mp's wont pass legislation for an open list they will appear on.

8
0

TalkTalk scam-scammers still scam-scamming

mark 120

It's only half a million quid right now, but the replacement for the DPA (the EU General Data Privacy Regulation) allows for 4% of global turnover or 20 million Euros, whichever is higher. It might actrually result in companies taking their data security a bit more seriously in future.

4
0

Firms that make 'questionable use' of your data will pay... with their reputations

mark 120

Isn't this already covered under the new EU General Data Privacy Regulation? That mandates a fine of up to 4% of global turnover or 20 million euros, whichever is higher, and they have specific details around only using information for the purpose for which it was collected.

2
0

ISIS operates a crypto help desk – report

mark 120

Can it be hacked?

Update the FAQs and the help database, to give useless answers?

"If you're having trouble communicating, immediately disable ToR and try again. If that fails, send an email containing your name and address to help@GCHQ.com

4
0

TalkTalk hired BAE Systems' infosec bods before THAT hack

mark 120

Re: Hmmmm

So they were responsible for securing the intranet, yes?

4
0

Drones are dropping drugs into prisons and the US govt just doesn't know what to do

mark 120

How about...

...having guards watch the yards and pick up anything that is dropped? It can't be that hard to detect a drone and send somebody over to the rough location it went to, then remove anything on the ground, can it? Far easier than a purely blocking tactic.

1
0

TalkTalk downplays extent of breach damage, gives extra details

mark 120

Evidently

If you've got an 18 digit PAN, as with some Visa issued cards, and remove the middle six, how many digits are left?

1
1
mark 120

Middle six digits removed? I hope they meant to say that only the first six and last four digits were stored, as otherwise that's a(nother) breach of PCI rules.

2
1

ICO 'making enquiries' into bizarre shopper data spill at M&S

mark 120

I've seen this before at a place I worked. Turned out the random number generator used to create the 'unique' session ID's wasn't random, and if a second user got the same ID before the caches had been cleared they could see the other persons details.

9
0

TalkTalk plays 'no legal obligation' card on encryption – fails to think of the children (read: its customers)

mark 120

Re: do payment processors have an obligation to deal with talktalk?

Sadly, they've never done it yet, because it hurts their own profits. If Target didnt get their Visa / Mastercard licence withdrawn, no-one will.

1
0

TalkTalk CEO admits security fail, says hacker emailed ransom demand

mark 120

Lol. Selling data on the dark web isn't as profitable as it used to be? That's only if you look at it on a price per unit basis, because the market is flooded with details stolen from companies like TT. Overall it's still very profitable.

Is it just me who thinks she needs a PR person telling her to shut up right now?

5
1

TalkTalk shares drop 10.7% despite research that breaches don't cause drops

mark 120

Research by the Ponemon Institute (2014 paper) says the opposite. That's the evidence opposing the HBR, and focused on UK industry too. They looked at actual breaches (and their costs) and have done for some years.

5
0
mark 120

The last lot of research I saw (Ponemon Institue) said that comms companies can expect to lose about 5% of their customers following a breach, whether they were personally affected or not. Surely that possibility frightens shareholders and makes the company worth less, at least in the short term?

2
0

Chaos at TalkTalk: Data was 'secure', not all encrypted, we took site down, were DDoSed

mark 120

Hopefully not Experian though, eh?

8
0

Caption this: WIN a 6TB Western Digital Black hard drive with El Reg

mark 120

A young Sauron was very pleased with his prototype Eye.

4
0
mark 120

Shortly afterwards, Edward put a sign on the machine reading "Caution - do not look directly into machine with remaining eye".

8
0
mark 120

Early adopters of Skype found the hardware requirements to be a bit more than they expected.

3
0

TalkTalk: Hackers may have nicked personal, banking info on 4 million Brits

mark 120

Their next annual review may well be beginning today, starting with a knock on the door from serious lookg audit types with forensic investigators in tow. If Talk Talk didn't tell their acquirer / Visa / Mastercard they'd been breached right away, then a very dim view will be taken.

5
0

El Reg celebrates Back to the Future Day

mark 120

You won't believe this dad, but Teasmaid say that in 2015 coffee will pour itself!

0
0
mark 120

Coffee in 2015

The VR goggles couldn't do anything for the taste of the coffee, but at least they made the barista look attractive .

3
0

Shuttle bus firm Terravision belatedly adopts https for credit card sales

mark 120

Excellent. You've fixed the HTTPS issue, now can you publish your PCI Attestation Of Compliance please? I'm sure you have one, being a merchant taking a large number of card transactions ...

4
0

WIN a 6TB Western Digital Black hard drive with El Reg

mark 120

As they removed the goggles and turned around, it became clear that technology really had reached the final front ear.

6
0

Shoe stores top US credit card EMV-ready leaderboard of fail

mark 120

If they'd done this years ago, we wouldn't now have the mess that is PCI-DSS. But because America can't secure its data properly, the whole world has to suffer.

1
0

WIN a 6TB Western Digital Black hard drive with El Reg

mark 120

RM -R *

There they go. I *knew* dinosaurs had been a mistake.

0
0
mark 120

Adventure Game

"You are in a featureless desert. Choose a direction N S E W"

N

"You have been captured by pagans. Press Y to try again to successfully get your 12 tribes to the Promised Land"

4
0

Morgan Stanley staffer cops guilty plea over data breach

mark 120

That's an interesting one. Why did he do that? Was it a result of work pressure and he needed to do stuff at home, was it a way of getting a customer list for a private enterprise he wanted to set up, or something else? If the former was it sanctioned by Morgan Stanley, or at least common working practice?

Motive makes a difference. He may well have taken the data with the best intent, or he may have had nefarious purposes in mind. Ulitmately though, it seems the data went public becuase his security was about the same level as Morgan Stanleys, only he's the one left holding the can when the breach occurred.

0
1

Manchester fuzz 'truly sorry' for 'accidentally' hacking phone of whistleblower cop's girlf

mark 120

As well as buttons being pressed while in the evidence bag, was it put in there switched on or not? And if it was in there switched on, how long was it there for and did it need charging before the buttons were accidentally pressed?

20
0

OH DEAR, WHSmith: Sensitive customer data spaffed to world+dog

mark 120

"It's a bug not a data breach"

Good luck getting that accepted by the ICO.

19
0

Another chance to win a 6TB Western Digital Black hard drive

mark 120

The Company hadn't read the contract properly before allowing Crapita to install the new web based system.

0
0

Huge hack attack: UK data cops to probe Carphone Warehouse breach

mark 120

What, and dent their profits?

They won't remove a retailers ability to take card payments while they can continue to make money from those payments, and while they don't stand any losses which do occur - the latter point is the whole reason for PCI, after all.

0
0
mark 120

When did they notify Visa etc / their acquirer, as required under PCI rules?

0
0

Contactless card fraud? Easy. All you need is an off-the-shelf scanner

mark 120

Re: Where are they shopping

Amazon doesnt require a CVV.

5
2

It’s 2015 and we're being told not to send credit cards as cleartext

mark 120

Re: Only 10 years to late....

PCI 1.0 came in in December 2004, and has always stated that it applies when card data is stored, processed or transmitted.

2
0

It's even GRIMMER up North after MEGA SKY BROADBAND OUTAGE

mark 120

Re: Plus net phone and broadband down here for us

It's fine just up the road in Mossley.

0
0

Plods scrap crap stealth spy blimp

mark 120
FAIL

Testing?

What berk bought this without testing it outside first?

0
0

DVLA says council snoopers are free to take the WEE

mark 120
WTF?

Horse Fouling?

What? contacting the DVLA for info regarding horse fouling? I'm not even sure what that is, but good luck tracing me through the DVLA - no horse I've owned had a number plate, although I bet the last lot had it on their 'to do' list.

6
0

US and Russia begin cyberwar limitation talks

mark 120
FAIL

Nice acronym

CyberwarLImitationTalkS

0
1

US judge rules quadriplegic can bear arms

mark 120
FAIL

Genius

Anyone else want to predict what will happen to the wheelchair, the first time a shotgun mounted on it is fired?

0
0

Lloyds TSB's online banking system shows no love for Firefox

mark 120
Thumb Down

RE:

Re : David Barrett

"There are a few people above commenting that ...the Decent HBOS systems are being dumped in favour of the ancient LTSB ones... I dont think (from looking at the site) that this is correct."

The few remaining people working in Halifax would tell you otherwise - HBOS kit is being dumped in favour of replacment by Lloyds. Timescale is also ridiculously short (about 2 years, last I heard)

0
0
mark 120
FAIL

you could see it coming

LLoyds are trying to integrate all the HBOS systems at the moment. They've taken the decision to more or less ditch the more modern HBOS systems and integrate all their functions into the ancient Lloyds systems, with inevitable comedy results.

0
0

New antimatter atomsmashers 'may destroy themselves'

mark 120
Alert

Next version of the LHC?

LHC9000, Doom fans?

0
0

iPod saves lightning-strike teen

mark 120
Thumb Up

Is it just me

Who is sat here giggling at the mental image of '... the earphones transmitted the electrical current into his head."?

0
0

Forums