* Posts by Smooth Newt

172 posts • joined 6 Jul 2009

Page:

HMRC breaches job applicants' privacy in mass email spaff

Smooth Newt
Bronze badge

Unfortunately, there was a technical glitch resulting in a confusing email.

I'm confused about why the email was "confusing".

0
0

At LAST: RC4 gets the stake through the heart

Smooth Newt
Bronze badge

Re: Laggards

The backwards compatibility of being able to use WEP comes at a cost, which is that insecure WEP networks continue to exist.

WEP is maybe a special case, because what people do in the privacy of their own networks is their business. But what I really object to is having to use poor protocols and being made vulnerable to downgrade attacks because the server operator doesn't believe that data protection is a priority.

0
1
Smooth Newt
Bronze badge

Re: Laggards

Lots of people see support for poor network protocols in widely used software as harmless, particularly when someone else might suffer more serious consequences than themselves. We'd still all be running DES and WEP if we had to wait for everyone to choose a good time.

1
0

Prepare to be Thunderstruck: What if 'deuszu' ISN'T the Ashley Madison hacker?

Smooth Newt
Bronze badge

Uh?

Trial by journalism is a rotten way of doing business. But I am confused about a factual statement in the article.

It says "The image below was grabbed on 4 August 2012". It is of a web browser showing a "replication server" page and with several other tabs. But if I follow the link to it on Krebs's site then I see a Twitter-generated page with "6:40 a.m. - 19 Jul 2015" written on it. The link on Krebs's page is https://twitter.com/deuszu/status/622763065746915329

I am obviously even more dim witted than normal, so can someone sit me down and gently explain the 4 August 2012 thing.

2
0

US to stage F-35-versus-Warthog bake-off in 2018

Smooth Newt
Bronze badge
Joke

Re: versus?

Let's hope they remember to order the pilot of the A-10 to lose this time.

Having the F-35 beaten by one vintage plane is bad enough but two would look like carelessness.

26
0

Microsoft issues first SharePoint 2016 preview

Smooth Newt
Bronze badge
Meh

Giving you “capabilities that enable device-specific targeting of content."

That sounds like a long term maintenance nightmare for anyone foolish enough to use it.

0
0

Activist pens pirate's map to 'liberating' academic journals

Smooth Newt
Bronze badge

Re: Time for universities to say enough is enough

Isn’t the actual printing of journals a relatively cheap thing to do nowadays?

Most people access journals electronically, and many of them are only available in electronic form. Where there are physical print runs it is often just for tax reasons - in the UK for instance VAT is not charged on printed material but is on material delivered via the web.

So in the UK it is often cheaper for a library to subscribe to a print version which happens to come with "free" web access included, than just the web access version. They usually just bin the print copies.

0
0

And it begins: Ashley Madison bonk-seekers urged to lawyer up

Smooth Newt
Bronze badge

Re: With my lawyers hat on...

Yes - for a ball park figure, if their assets are about the same as last year's $55 million earnings then, with 38 million claimants, that's US$1.44, or 92p, each.

1
0

Yet another Android app security bug: This time 'everything is affected'

Smooth Newt
Bronze badge

>If this was a Microsoft story you would all be tearing them apart.

I hope we are ripping Android to shreds. We get fixes for Microsoft products for at least several years. I might as well chuck my practically new Samsung phone in the bin.

And I don't believe the blame should just attach to the tardy phone manufacturers and operators - this is as much a consequence of the design of the Android ecosystem.

22
1

Ashley Madison keeps calm, carries on after hackers expose lives of millions of its users

Smooth Newt
Bronze badge
Holmes

Blog

The blog link on their home page seems to be broken, but still appears in Google's cache. I wonder if their blogging software was the route taken by the hackers into the site. https://ashleymadison.com/blog/

0
0

Another root hole in OS X. We know it, you know it, the bad people know it – and no patch exists

Smooth Newt
Bronze badge

uploading the exploit code to GitHub because he felt he "had to."

"Apple may not have noticed the post" is a poor excuse. He should have given Apple a sensible amount of time to fix it.

The number of people who will know to install SUIDGuard or whatever will be miniscule compared to the number now at risk from this public flaw. i.e. 100% of black hats now know about the flaw, 0.00001% of potential victims. Still we should be genuinely grateful he didn't sell it to Hacking Team.

5
2

China laments 'wild guesses and malicious slurs' on state hacking

Smooth Newt
Bronze badge

Re: haha

>Everyone spies on everyone.

Many people suppose this, but I doubt it is true, particularly where the consequences could completely eclipse any possible benefits.

For example Israel would be very stupid indeed to spy on the US given the fallout from Jonathan Pollard, the devastating consequences of American military assistance being curtailed probably means that no minister would risk it; and whilst the US probably spies on the UK, the UK would not do anything to jeopardize their Trident missile rental agreement.

0
1

It's not just antivirus downloads that have export control screening

Smooth Newt
Bronze badge

Re: Idiots

Since it covers far more than anti-virus software I wonder how much in total it costs the economies of Europe and US for companies to comply with this pointless nonsense.

5
0

Dropbox adds USB two factor authentication for paranoid Chrome users

Smooth Newt
Bronze badge

Re: If you are carrying an USB key for authentication.

It's like equipping a horse with a spare wheel. If you are genuinely concerned about security then you probably shouldn't be using Dropbox in the first place.

1
0

Intel left a fascinating security flaw in its chips for 16 years – here's how to exploit it

Smooth Newt
Bronze badge

Re: Is this a unique or surprising issue?

Digital Equipment Corp made the first page of virtual memory no access in VAX/VMS, because 0 is such a special number for pointers, unused values etc. The resulting exceptions identified pointers set to null etc. Maybe hardware designers should make physical address 0 no access for similar reasons.

14
0

Borg blacklist assimilates Cryptolocker domain name generators

Smooth Newt
Bronze badge

Re: Something stinks here...

Or maybe shift some liability onto the domain name registrars. That would incentivize them in the right direction.

0
0

Hacker-friendly Chrysler hauled into court for class-action showdown

Smooth Newt
Bronze badge

Re: "Chrysler could have solved all its problems if it had only used a basic"...

It's hard to air gap it.

If the entertainment system and the displays have access to the Internet, and also need to know information about the electronic management systems even just for warning messages like "the handbrake is on" when you are moving, then there can't be an air gap.

Some sort of regular unidirectional broadcast by the electronic management systems, without any signals electrically possible in the opposite direction is the best you can hope for if you want to prevent the possibility of control in the other direction.

0
0
Smooth Newt
Bronze badge

Re: Time for a major rethink

"most IT staff I have worked with are more than happy to do work in their own time, especially if it's really needed"

Why should IT staff and developers be expected to work for nothing. If the company really needs it, then the company should pay for it and not expect their employees to subsidize them.

5
0

Vodafone adopts hydrogen fuel cells to dodge African outages

Smooth Newt
Bronze badge
Meh

but with an eye to CO2 emissions Vodafone is keen to reduce the use of diesel.

This part sounds like geenwash bollocks. Fossil fuels are the dominant source of industrial hydrogen.

7
2

Unlock and start General Motors cars with a $100 box of tricks – hacker

Smooth Newt
Bronze badge

Re: "GM takes matters that affect our customers' safety and security very seriously."

>How?

It would be best not have have a body part near a suddenly moving, hot or electrified component when the car unexpectedly starts. It would also bad to have the car run its engine inside an unventilated space or where the fumes can leak into residential space.

3
0
Smooth Newt
Bronze badge

Re: "GM takes matters that affect our customers' safety and security very seriously."

Being able to hack remotely starting the engine seems like a serious problem. There are circumstances when starting a car engine without warning could maim or kill people.

4
0

US spied on Japanese PM Abe, Mitsubishi, and so much more

Smooth Newt
Bronze badge

Encryption and IT security

It beggars belief that David Cameron wants to weaken encryption in the UK. Whilst the NSA might not be targetting UK economic interests in the same way as they are here (at least that's what they probably tell the British), they are not the only state actor which engages in this sort of well resourced industrial and economic espionage.

7
0

World's worst exploit kit now targeting point-of-sale systems

Smooth Newt
Bronze badge

World's worst exploit kit

You mean the World's best exploit kit? Worst = Most inferior. The World's worst exploit kit would be really crap at exploits.

0
0

Flash deserves to live, says Cisco security man

Smooth Newt
Bronze badge

Flash deserves to die

Whatever the vulnerabilities in it, it deserves to die because it is not an open standard. It is controlled by a single company. Open standards promote competition and compatibility, closed standards allow a single vendor to screw everyone. It's like having exactly one browser implementation controlled by one company.

8
2

W3C's failed Do Not Track crusade tumbles to ad-blockers' Vietnam

Smooth Newt
Bronze badge

Re: Do not eat

>Did you read the article? The benefit to advertisers is that users won't disappear behind their own privacy tools.

I read it. If websites obey the DNT then the effect for advertisers is identical to the user deploying privacy tools. If a tracking company obeys it then all their tracking data disappears, followed shortly afterwards by their business. If they don't obey DNT then their tracking business stays alive for several more years, and maybe forever.

The discussion about ad blockers seems a bit irrelevant because DNT wouldn't turn off adverts.

0
2
Smooth Newt
Bronze badge

Do not eat

I always thought DNT was a waste of time. There is no benefit whatsoever to websites to pay attention to it. It's like putting a "do not eat" sign on your hen house to discourage foxes. Even if they could read, why should they?

Who says people aren't prepared pay for content anyway, it's just that there's no need if the competitor is free. When its not, or the competition is rubbish by comparison, then lots of people do pay. A good chunk of the online population have Netflix etc subscriptions.

1
0

Microsoft admits critical .NET Framework 4.6 bug, issues workaround

Smooth Newt
Bronze badge
Joke

Re: Nothing to worry about, move along

>Take any medium size (or larger) application written in C/C++ and compile it with gcc -o3. Result: Broken application.

I've just tried it. The program worked fine. The only odd thing was the output file from gcc was called 3.

14
0

Biometric behavioural profiling: Fighting that password you simply can't change

Smooth Newt
Bronze badge

Re: Sounds too hit and miss.

My "usual keyboard technique and speed" might also be dependent upon which keyboard I am using too.

2
0

Three Estonians jailed for malware spree that infected 4 MILLION computers

Smooth Newt
Bronze badge

Pah

Three or four years in prison and getting to keep $10 million of the money they stole? Sounds like $1 million a year and better working conditions that most fast food outlets. Where do I apply?

2
0

Pwned Hacking Team tells cops, govts to shut down software

Smooth Newt
Bronze badge
Happy

"We would expect this to be a relatively short suspension of service"

Just what sort of interval is a "relatively short" one. A week, a year, a century? Forever hopefully.

6
0

Mastercard facial recog-ware will unlock your money using SELFIES

Smooth Newt
Bronze badge
Unhappy

Re: Yet another clueless "security" spokes-head.

>Therefore I would say it could currently "thwart obvious attacks" but is not fully secure. But then again what is?

Thwarting obvious attacks is not enough. It needs to thwart attacks by people whose job is credit card fraud.

9
0

Amazon just wrote a TLS crypto library in only 6,000 lines of C code

Smooth Newt
Bronze badge
Happy

At 1/10 the size of OpenSSL, it should be easier to spot bugs

Equally importantly there should be far fewer bugs in the first place. Industry average is about 15-50 errors per 1000 lines of delivered code.

1
0

Smart meters set to cost Blighty as much as replacing Trident

Smooth Newt
Bronze badge
Happy

Re: PLease write to your MP's asp on this

Dunno. There isn't going to be another election for five years, so I guess their constituents can mostly just piss off for the next four.

3
0

That shot you heard? SSLv3 is now DEAD

Smooth Newt
Bronze badge
Thumb Down

Re: Shame on the IETF for publishing such FUD.

>The real problem with SSLv3 is, that what Web Browsers (and so called SSL VPNs) are doing goes beyond the design limits of SSLv3

Cryptographic protocols can't be considered in isolation. They exist for the applications which use them.

To say that SSLv3 is secure and it's the web browsers which are broken because they allow client side scripting is a bit like saying that your feet are the wrong size for your shoes.

2
1
Smooth Newt
Bronze badge
Meh

the source of problems like BEAST and POODLE

They should do the same with TLS 1.0.

It is just as vulnerable to BEAST as SSL 3 is.

2
1

Hated Care.data scheme now 'unachievable', howls UK.gov watchdog

Smooth Newt
Bronze badge
Unhappy

Care.data is dead. Long live Data.care

They will probably just rename it and start again.

6
0

BT: Let us scrap ordinary phone lines. You've all got great internet, right?

Smooth Newt
Bronze badge
Meh

>If BT/Openreach can remove the need for twice the amount of equipment as is really necessary, surely that would make maintaining the network easier to and therefore more reliable?

It depends on which parts of the system are the most unreliable. It isn't usually the electronics that cause the trouble, it's the JCB through the fibre optic cable.

9
0

GCHQ: Security software? We'll soon see about THAT

Smooth Newt
Bronze badge
Pint

GCHQ ... described Kaspersky software as an obstruction to its hacking operations

The best marketing that money can't buy.

5
0

Oi, UK.gov, your Verify system looks like a MASS SPY NETWORK

Smooth Newt
Bronze badge
Happy

Re: Never attribute to malice what can be explained by incompetence.

I would add a codicil, "except where the mistake grossly benefits the people who made it."

Privacy is like democracy - Governments like to pretend they want us to have it but the opposite is true.

11
0

Facebook SSD failure study pinpoints mid-life burnout rate trough

Smooth Newt
Bronze badge
Happy

>Just about every manufactured item exhibits that pattern of failure.

Bathtubs have a "bathtub curve" failure pattern too. Problems with poor installation, shipping or manufacturing at the start; hard water and fatigue related cracking taking their their toll after a few years.

1
0

Stealing secret crypto-keys from PCs using leaked radio emissions

Smooth Newt
Bronze badge
Happy

Re: Thus spoketh the bearded man

>Cool. Could you please post a link (or library reference) to the working exploits you have actually produced during all these years? Thanks in advance.

Wim van Eck's 30 year old paper "Electromagnetic Radiation from Video Display Units: An Eavesdropping Risk?" http://cryptome.org/emr.pdf

3
0

JavaScript creator Eich's latest project: KILL JAVASCRIPT

Smooth Newt
Bronze badge
Holmes

Re: And so the wheel turns

The wheel is not so much turning as being re-invented.

1
0

FBI says in secret that secret spy Cessnas aren't secret

Smooth Newt
Bronze badge
Pint

Re: Works 4 me

Yes, why is it that so many of the people here who claim they have nothing to hide find it necessary to do so anonymously. Maybe they just don't understand irony.

14
1

Wikipedia to go all HTTPS, all the time

Smooth Newt
Bronze badge

Re: Playing to the gallery

>The next consideration is what proportion of activity is actually sensitive.

If you only encrypt sensitive activities then that highlights them with a big sign reading "THIS PERSON IS CARRYING OUT A SENSITIVE ACTIVITY HERE". You need to encrypt everything, all the time.

11
1

Brit plods' post-TETRA radio omnishambles comes home to roost

Smooth Newt
Bronze badge
Thumb Up

Re: Semaphor Stations or Hill Top Beacons?

As a Doctor Who fan I am looking forward to the return of blue police telephone boxes on street corners.

6
0

Page:

Forums