Feeds

* Posts by david 12

580 posts • joined 6 Jul 2009

Page:

Plug and PREY: Hackers reprogram USB drives to silently infect PCs

david 12
Bronze badge

Can you still buy memory cards/USB sticks on EBAY?

1) All flash devices have firmware.

2) Reprogramming the firmware of flash devices is a standard operation, and little old ladies in the market stalls of Shenzhen will do it for you. The most basic purpose is to implement algorithms dealing with bad flash cells. For years, the most common malware purpose was to lie about the size and provenance of the flash device.

3) 10 Years ago it was common for usb devices to include keyboard emulators to install software. There were a couple of efforts directed towards standardising the process, which eventually died as the industry moved away from the idea because of security concerns

This clever demonstration links the two well known ideas: flash controller.reprogramming, and usb device malware.

4
0

Just TWO climate committee MPs contradict IPCC: The two with SCIENCE degrees

david 12
Bronze badge

Re: @dkjd Medical doctor (GP) not a scientist?

I'm sure that most PhD's aren't trained Doctors. 'Doctor' is a very old fashioned courtesy title when used to address PhDs.

0
3

Microsoft says 'weird things' can happen during Windows Server 2003 migrations

david 12
Bronze badge

>workarounds are possible

> but those outlined in the post require rather a lot of working around.

At least one of the work-arounds is trivial: disable workstation "password" resets.

And I did that anyway when I was doing server upgrades. Disabling and re-enabling is a simple policy setting.

Routine machine password reset is more a kind of enviromental sanitation setting than a present threat mitigation. The machine password is not, of course, a "password", it is totally user-invisible, disabling changes makes your network more robust, and the risk/danger is very very very low on my list of possible risks/dangers to my network.

0
0

ONE EMAIL costs mining company $300 MEEELION

david 12
Bronze badge

Re: Headline wrong?

Of course the headlines wrong. That's the whole point isn't it?

>It may have cost some others something though, as is mentioned in the story.

Or, it "may" have cost them nothing,

or they "may" have made an extra profit from the attention the stock is getting.

If the prosecution had any actual evidence, they wouldn't be resorting to weasel words like that.

1
0

Banning handheld phone use by drivers had NO effect on accident rate - study

david 12
Bronze badge

non comparable statistics

One of the studies I read 20 years ago found that mobile phone use was comparable to drunk-driving: but ignored the fact that drunk drivers are drunk for the entire journey, mobile phone users are effectively 'drunk' only while making a call.

Another study derived usage figures by observations in [a location that higher than normal mobile phone users] at a time of day that had [higher than than normal mobile phone usage].

I think that both those studies gave false figures for the total expected benefit of banning phone use while driving, But they also implied a false figure for how much pain the enforcement would cause.

If the number of accidents caused by mobile phone users is small only because sensible people don't use their phone much while driving, then this relatively harmless law is doing good while not causing much inconvenience to many people.

0
0

Voteware source code requester labelled 'vexatious'

david 12
Bronze badge

Re: "Freedom" of Information...

Freedom From Information laws.

My first contact with FFI laws was many years ago, when I was trying to sort out an error in my file with a goverment department, back in the days of physical files. It eventually emerged that the reason I got different repeat requests for information every time I went in, was that they had TWO physical files. Which would have been obvious if they had show me the information they had. But the actual statement was "We can't show you, because of the Freedom of Information laws"

0
0

Interview: Michael Cordover, voteware freedom-of-information crusader

david 12
Bronze badge

Re: Without trust ...

>Florida ... when their electronic voting machines proved

I guess you're refering to Florida, when their manual-mechanical voting machines proved to be less than fair and correct.

Or perhaps you meant to refer to some little-known electronic voting machine in Florida, and the reference to "Al Gore" just crept in there because you got your dates, politics, and technology mixed up.

0
0

Hackers steal trade secrets from major US hedge firm

david 12
Bronze badge

'secret sauce', 'trade secrets'

Not by any ordinary meaning of the terms. Not even 'secrets' by any ordinary meaning of the term: market trading is done in public, in a public market, with the public.

Writing as a person who created trade secrets, and the secret sauce, in the finance industry, I wondered if the miscreants had stolen trade secrets, or secret sauce, and if so, if they could possibly have made any money out of doing so, and if the victim could possibly have lost money from the theft.

Reading the article, I see that the answers are No, and No: if any trade secrets were stolen, it didn't cost the firm anything, and didn't gain the thieves anything.

The theft, the loss, the gain, came from front-running and the artificial delays. So a descriptive headline would have been something like:

Hackers steal millions from major us hedge firm

Hackers intercept trades from ..

Hackers delay trades from ...

Hackers re-route trades from ...

Hackers inside-trade inside ...

1
0

'Hashtag' added to the OED – but # isn't a hash, pound, nor number sign

david 12
Bronze badge

Re: Pound sign

Also called the Number Sign in ASCII, where it was put by the Americans, which is part of the reason why it is the alternate value for the English Pound position.

"‘‘The symbol # means the same as No., and it can be very useful"

("The I.S.O. character code,’’ The Computer Journal, vol. 7, no. 3, October, 1964)

In AUS, the subtitles on my TV show # (number) or £ (pound) to indicate music, depending on where the program was subtitled, indicating an odd translation difficulty somewhere.

0
0
david 12
Bronze badge

@ sign

@ symbol was used for pricing. As: 5 apples @ 5p

The typewriter, of course, was widely used for commercial correspondence, and, before the photocopier, even for copying out price sheets.

0
1

Today's get-rich-quick scheme: Build your own bank

david 12
Bronze badge

I've done this

-- for a couple of clients, who ran investment banks for their dealer network.

Operationally, not very difficult. My clients did not require banking licences or building society licence or anything: whatever the requirement is for a banking licence, they were able to do this without it. Perhaps banking licences are tied to lending money? Or accepting money from the public? Or depositing with the Reserve Bank?

My clients were just borrowing money from their dealer network, as a service to the dealers, as a kind of loyalty scheme. The money was just invested in the parent company.

The reporting requirements were not very rigorous, for a few hundred clients and a few million dollars.

Within the reach of a small coding team for those numbers, but the product I had would have scaled badly.

0
0

Sneak peek: Microsoft's next browser (thanks, IE Developer Channel)

david 12
Bronze badge

Extended Support Release

Now that they are copying the rapid version number increment, the other thing they should copy back from FF is the Extended Support Release -- so that I don't get stuck on websites that require this months version.

0
0

NSW budget calls for lower GST threshold on imports

david 12
Bronze badge

Re: NSW budget calls for lower GST threshold on imports

I've seen $700 estimate for the all-up cost of collection on $500 (assuming the threshold was lowered to $500). Very little of this is the "cost to the customs department" -- but it's the cost you would expect to pay.

Nobody is suggesting this as a tax-raising measure. The whole point is to make importation unattractive.

They calculated in y2K that from a tax view, $1000 was the sweet spot, and it's only moved up since then.

1
0

Hacker claims PayPal loophole generates FREE MONEY

david 12
Bronze badge

Virtual credit cards

>Virtual credit cards were payment systems designed to combat online fraud by utilising temporary card numbers.

1) Do virtual credit cards still exist? If not, how old is this article?

2) If virtual credit cards do exist, who offers the service?

0
0

Urine a goldmine for fuel-cell materials: boffins

david 12
Bronze badge

In the old system, tanners and dry-cleaners collected from the public toilets and pissours. I can't see that working in the modern system, where it's first mixed with shit.

1
0

Google calls on carriers to craft IoT plans

david 12
Bronze badge

Even the least obvious markets are sometimes using mobile phone technology. According to this article: http://www.theregister.co.uk/2013/05/13/smart_meters/

"Existing smart meters are using the cellular networks, generally 2G"

Positions out in the middle of a field are even more likely to use mobile phone technology, since other technologies require more power and/or less security and/or a local network to connect to.

0
0

Kiwis get cracking with gigabit residential broadband

david 12
Bronze badge

>households running multiple video streams at once

Two months ago I got 1 upvote and 5 downvotes for saying "It was always going to be the replacement for FTA analog TV.". 2 years ago I got censored from the Whirlpool forums for saying something similar.

Is it still unsafe to say that the NBN was the "circuses" part of "bread and circuses", or will the classical allusion be lost on ALP voters?

1
0

Redmond is patching Windows 8 but NOT Windows 7, say security bods

david 12
Bronze badge

>Personally I prefer a reasonably honest approach,

So I take it that you will be boycotting Diffray and The Register for misleading you into thinking that MS was not patching security flaws on Win 7?

I really dispair sometimes: By your own admission, you are a Unix/Linux user. Clearly you don't understand the MS eco-system, and care less. You haven't bothered to read the comments correcting the misinterpretation you have adopted. But you feel qualified to comment about "M$" anyway...

1
1
david 12
Bronze badge

Re: This article makes no sense

.>So wait, now there are some extra functions you can call in Win8 and not Win7?

No.

It's more subtle than that. You can call these functions on Win8 or Win7 when the next MS C upgrade appears. Or you can write your own version and call it on Linux or OsX. The report is that software using these functions has already appeared on Win8, but not yet on Win7. Standard MS procedure will be that these versions of these functions will appear on supported platforms when software that uses them is re-written. If the purpose of rewritting the software is for a security patch, we expect to see these library functions appear in the Win7 library, as part of a security patch. If the purpose of re-writting the software is a Win8 bug fix or feature upgrade, we don't expect to see that on Win7.

1
1
david 12
Bronze badge

ummm. But this has nothing to do with security patches. Or patches.

And the word "Safe" is used only as a convention for this class of C library functions: it's a bit of a misnomer really: unlike other languages, the "safety" still depends on.programmer programming checks on the length of strings, it just provides a structured way of doing so.

2
2

Protecting code's secrets wins ACM prize

david 12
Bronze badge

DRM

The main point is addressed in other posts, but just note that the objections are also arguably invalid. There already exist hardware devices for taking an excrypted stream, and decrypting only the output. The equivilant is obvious: an encrypted program that can be dissassembled only on decrypting hardware.

DRM hardware is only protected by legislation, but that's still good enough for one large industry.

0
1

Telstra 'issue' hid ADSL availability from rival carriers

david 12
Bronze badge

>Far-fetched

>far-fetched that fixing this "mistake" will somehow take another six months, too -

Classic mistake, all too common by management.

Software is not the 'easy part' of a large company.

As demonstrated by the telephone companies that have gone bust because of problems with billing, and the turnpikes that have taken massive stock market write-downs because of problems with billing, and the general business companies that have changed management because of failed BI implementations.

It is easy to underestimate how complicated a simple software change is. It is never as simple as it appears.

0
0

The hoarder's dilemma: 'Why can't I throw anything away?'

david 12
Bronze badge

Give yourself permission to throw things away

"Kind and resourceful people see potential value in every cracked and crazy thing. Throwing it out may be a waste, but if you can't find and use things in the mess, they are already lost to you. On top of that is buildings and space you cannot use, clarity and beauty lost, wasted.

Its already wasted. You are only gaining by letting it go.

[Cecilia Macaulay, "Lessons from a Japanese Farmhouse makeover"]

1
0

TrueCrypt turmoil latest: Bruce Schneier reveals what he'll use instead

david 12
Bronze badge

Re: Whoa there

>operating systems that do not have built-in support ... WinXP

WinXP has EFS, the Encrypting File System, except in the Home version.

Furthermore, Bitlocker requires TPM hardware, so even if you have the Enterprise Win7, you probably won't have Bitlocker on your home machine.

In terms of functionality, TrueCrypt fell somewhere between EFS and Bitlocker. It allowed you to have a single BLOB containing many things, but that BLOB could not contain your host operating system.

Philosophically, the argument for TrueCrypt was that, as a single blob, it concealed the existance of objects as well as encrypting them.

People who want to conceal their activities may want to look for a new method. People who just want to encrypt may continue to use the native features of WinXP.

1
3

Jade Rabbit nearly out of hop

david 12
Bronze badge

Insolation

insOlation is spelled with an O, as in sOlar.

I wondered what kind of insulation failure they might have had. Thermal insulation? Electrical Insulation? But on reading the article I see that the kind of problem they had was with Spelling Insolation.

0
12

eBay faces MULTIPLE PROBES into mega-breach

david 12
Bronze badge

Got my email notification today, May 27, which makes it 4 days after this article, 7 days after the announcement.

The email notification was cleverly written in idiomatic marketing speak, to make it look like it came from a third-world scammer.

0
0

You, YES YOU, could be Australia's very own Edward Snowden

david 12
Bronze badge

soliciting

In breaking news, the vulture gets done for soliciting and aiding a criminal offense...

2
0

Oracle vs Google redux: Appeals court says APIs CAN TOO be copyrighted

david 12
Bronze badge

Re: Copyrights protection for real code vs patents of trivial ideas - what is more evil?

>If that had been mentioned at the time do you think we would have learned Java?

Where were you? MS pulled versions of Win2K -- an operating system just like Android is -- and MS Office, because they had written their own varient implementation of Java -- just like Google has --, and Sun cracked the mads at them.

0
1
david 12
Bronze badge

Re: W. T. F.

Copyright and Patents are BOTH the wrong standards for code. The only reason that code has been shoe-horned into patents or copyright is that both are covered by international treaties.

If people had set out from the start to create a sensible set of logical and consistant laws for code IP protection, they would also have had to set out on a process that took more than a century the first time around: creation of an international IP regime like copyright or patents.

0
0

Copyright minister: Those missing TWO copyright exceptions? We're still on track

david 12
Bronze badge

Re: So who gets the money?

>House of Lords used to be full of unelected fuddy duddies that (with a few exceptions) didn't do much

Was full of a bunch of unelected fuddy duddies that, by the miracle of social mobility, was gradually coming to represent average typical people.

Blairs triumph was to replace them with political appointees.

3
0

‘Scapegoated’ BBC tech boss calls foul, kicks off unfair sacking tribunal

david 12
Bronze badge

Scott Adams on ISDN

Technically it was a good idea....

"I studied the market for ISDN and calculated all it's costs. I found that it was a great technology with no immediate competition and it probably had a large market potential. The only thing that could limit it's sucess was complete incometence on the part of all phone companies, colossal stupidity by every ISDN hardware vendor, and complete idiocy on the part of the regulatory oversight commities.

It was obvious ISDN was doomed."

From when he was an PacBell ISDN employee.

1
0

You'll hate Google's experimental Chrome UI, but so will phishers

david 12
Bronze badge

Only URLs I have problems with are those monsters generated by google when you click on a link.

And then when your google connection drops out, you have to delete a mountain of gibberish to find the URL it is supposed to be indirectly pointing to, to find where you actually want to go.

2
0

Teen jailed for ARMED ROBBERY says he and pals had been inspired by Grand Theft Auto

david 12
Bronze badge

'and cigarettes'

--should be recorded as a drug-related crime. Odd that the article mentions he was drunk and dope-affected, but you're just left to infer that he was in nicotine withdrawal.

Absolutely typical crime though. Knocks over a servo for whatever change is in the drawer AND CIGARETTES. In fact, how often do you hear of an attempted armed robbery on a service station where they did NOT also steal cigarettes? Not enough money to buy the cigarettes.

It used to be a war-crime to torture POW's by withdrawing cigarettes. Heard a guy bragging about having that removed from the war-crime list: I got the impression he thought it was ok to torture smokers by removing cigarettes.

0
0

Microsoft: You know we said NO MORE XP PATCHES? Well ...

david 12
Bronze badge

Win2K

When I installed Office on Win2K I gut current updates for Office, despite the fact the Win2K wasn't just un-supported -- it was kinda "withdrawn" because of the Java settlement.

0
0

Sony nanotechnicians invent magnetic tape that stores 148 Gb per square inch

david 12
Bronze badge

Re: Keep your "taters" to yourself!

When at University, I always used to help out at the start of each new year, showing the freshmen which way was East. I think it helped.

0
1

Go ahead and un-install .Net, but you'll CRIPPLE Windows Server 2012

david 12
Bronze badge

Re: Yeah no kidding...

>Microsoft does say that there may be situations where .NET must be removed

No, that was a stupid mistake by the journalist. Read the text: MS does say that there may be situations where .NET must be reinstalled from a cleaned base.

2
0

Joe Hockey caught in his own .Net with Centrelink IT criticism

david 12
Bronze badge

Sloppy Shorten makes it up as he goes

Rule 1: Blame Liberals

Rule 2: Make up shit

Rule 3: See rule 1

1
1

Next Windows obsolescence panic is 450 days from … NOW!

david 12
Bronze badge

Re: What story?

>As I recall it, that story was about a DEC VAX/VMS machine. Unlike modern stuff, they did not need patching every week.

""Oh, sure, they're sending out patches. But they're being real quiet about it. They don't want their customers to panic.""

<THE CUCKOO'S EGG

by

Cliff Stoll>

0
0

Inside the Hekaton: SQL Server 2014's database engine deconstructed

david 12
Bronze badge

The migration wizard ... will no doubt improve in time

This surprised me. What is the justification for believing that the migration wizard will be improved?

PS: I won't say that no-one had ever heard of Sybase before MS bought the product. Just that it was a minority.

0
0

Commonwealth Bank in comedy Heartbleed blog FAIL

david 12
Bronze badge

>NetBank does not (and did not) use OpenSS

But I think that CommBiz (which is different to Netbank) goes to https://www.my.commbiz.commbank.com.au/.

And Qualys was reporting that the Commonwealth bank had a susceptibility -- now fixed.

0
0
david 12
Bronze badge

Re: Commonwealth bank down today!

Still stonewalling on what the problem was. Which makes it likely that whatever it was, it was an act of stupidity that caused the outage.

0
0
david 12
Bronze badge

Commonwealth bank down today!

Massive failure of their EFTPOS system today. Maybe unrelated. An outside chance that they stuffed up changing their key certificates (as some other people have already stuffed up)-- I'm watching with interest.

0
0
david 12
Bronze badge

Assuming you believe him

>NetBank does not (and did not) use OpenSSL

No indication that he has anything more than a vague idea what is going on, as indicated by his repeated use of the word 'patched', in conjunction with his claim 'never used'.

Since he doesn't seem to know what he is talking about, that could possibly include "we never used the vulnerable versions of OpenSSL"

I'm not a member of LinkedIn. Does it show what his first degree was?

0
0

OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts

david 12
Bronze badge

Re: The problem is testing, not coding

>Commercial vendors can afford high quality software testing tools. Open source developers usually don't have these resources,

Coverity "testing solutions are built on award-winning static analysis technology" was doing free testing for security-related O/S projects. I would have thought OpenSSL qualifies.

0
0
david 12
Bronze badge

Re: WTF generic security software FAIL

C' mmon Vic...

I asked a question. I got a reply "Windows security is better". You replied to the reply with: "Same to you, with knobs on it"

So, I've followed the thread down, do you have anything to contribute?

1
0
david 12
Bronze badge

Re: WTF generic security software FAIL

Downvote, because you made that assertion without even attempting to demonstrate that you had any kind of knowledge about the question I asked. I don't like to downvote you, but I'd like to encourage you to do better. If you know anything about Linux security, what can you tell us?

1
1
david 12
Bronze badge

WTF generic security software FAIL

>silently siphon passwords, crypto-keys, and other sensitive information from vulnerable systems.

>We rebooted the server at 3:08PST, which may have contributed to the key being available in memory, but we can’t be certain."

I'm not familiar with the OS or the applications, but isn't there a secure memory API like (on the Windows side) "SecureString" or "SecurePassword", "CryptProtectMemory", or "SecureZeroMemory"?

So that you don't leave passwords, crypto-keys and other sensitive information in memory for generic memory-recovery attacks to harvest?

3
0

VMware 5.5: Plenty that's new and exciting... but what about the obvious stuff?

david 12
Bronze badge

A single ESXi host is really only any good...you need vCenter

I agree. But I seem to be surrounded by people that think having a free VMware hypervisor, or two free VMware hypervisors, is somehow a good thing.

Are we missing something?

0
0

Turnbull gave NBN Co NO RULES to plan blackspot upgrades

david 12
Bronze badge

Everyone knows...

>Everyone with even an ounce of technical knowledge or telco/ISP experience knows that full fibre replacement was the only way to build a network for the next 50 years

I have both, and I know that FTTN was sold to the Aus electorate as Business, Health, and Education. Which was BS from the very start. It was always going to be the replacement for FTA analog TV. And the pricing was BS as well.

A system that couldn't honestly be justified on Price or Content, and you're angry, dammed angry? You should be angry about being made a fool of in the first place.

1
5

Heartbleed exploit, inoculation, both released

david 12
Bronze badge

Heartblead exposes a generic problem

Recovery of data from memory has been demonstrated many times by increasingly sophisticated malware. So the real question isn't "why wasn't this exploit detected by static analysis from Coverity?", but why on earth is Open Source/Linux/BSD software leaving vulnerable information in memory in the first place?

0
9

Page: