* Posts by Chris Harden

194 posts • joined 11 May 2007

Page:

White hat pops Windows User Account Control with log viewer data

Chris Harden

Re: It's an elevation attack.

Then please don't ever get a job as a Sys Admin.

Defense in depth is key to security, UAC prevents people running bad software that compromise the machine because the easiest, simplest way to hack a computer nowadays is to get a user to run your evil code. If that user is running your evil code as an admin UAC goes a little way to protecting your machine outside of your user profile.

Easy example:

A low-level user who demands to run as a local admin (because, users) runs something, it pops their UAC and infects the machine.

User then calls front line support guy, who has networking privileges but nothing scary, he cant see anything so calls the 'big sysadmin' down to fix the problem. He logs on to the machine, you just lost your network.

0
0

Funny story, this. UK.gov's 'open banking app revolution'. Security experts not a fan of it

Chris Harden

Re: This will never happen

No, no there really isn't.

As the FCA publish everything online fancy pointing us to these rules?

But you raise a good point - with an API you can use token based authentication instead of passing online banking credentials to a third party which IS HOW EVERYONE DOES IT AT THE MOMENT.

Which is what makes this awesome.

2
0
Chris Harden

It's already happening, all the CMA are doing is making the tech more robust.

There are already companies offering this service for customers but with the transfer of online banking details and screen scraping, and while their security is top notch (we use one of them at work and their security guy is one incredible chap,) an API to access would make the whole process much more robust for us and our customers.

As a customer of a bank I could allow access to my data with granularity and tightly control who got what, I could allow my smart phone access to my balance and transaction alerts, I could allow my family access to our balance buy not our spend (got to hide the pub spend somehow!) and restrict what third parties could see and access.

That is, if people get behind this and do it well. If they don't we will end up with another MiData.

0
6
Chris Harden

Re: Mainstream

'ere you young whippersnapper - I was reading The Register when Google was the weird new search engine trying to cut into Altavista's territory.

Google should be proud El Reg was mentioned on their little page! :D

15
0
Chris Harden

Re: Missing the point

Hahahahaha, win2k3?

That's the _NEW_ PC right?

Most of the banks still run on AS400s

4
0

Cycling paramedics in epic rush to save patient who ate stale sandwich

Chris Harden

If you did a blood test and charged £1000 if you found booze you would get the same effect, but limit the splash damage.

Of course having an ID and linking the test to said ID, then charging £1000 on the SECOND time would probably generate the same income but limit the splash damage even further.

0
1
Chris Harden

Range of use

Was that sarcasm there? Don't mock the cycle paramedics - it's about range of facility.

Sending out a paramedic on a bike is a damn sight cheaper than sending a fully kitted out, expensive ambulance with full EMT crew aboard - better to send a bike to check on the guy who ate a sandwich than said ambulance.

For example, nut allergy sufferer (me) goes in to anaphylactic shock a motor bike (it was ten years ago, they didn't have the push bikes then) can speed up and apply drugs while we wait for the ambulance. mmmdrugs.

Think 1st, 2nd and 3rd line IT support - this is an IT rag right?

12
0

Brexit? Cutting the old-school ties would do more for Brit tech world

Chris Harden

That's a stupid way of looking at it, what are you going to do, load all 2 million of them in to a van and ship them back across the continent?

PS before you reply I should warn you it's a trick question.

When you start thinking of people, PEOPLE, as 'them' your doing life wrong. Europe is trying to do something good for the world, get over it.

11
1
Chris Harden

Don't forget Poland too, they are much like you.

You know, since their racist, bigoted, isolationist government got put in to power.

15
7
Chris Harden

"Something the author should consider is the fact that most British people (myself included) don't consider themselves european."

And you have some statistics on that do you? Maybe the people in your little world but for those of us who have met more than, say, ten people in our lives I would probably say most people would punch you if you tried to tell them what they are or are not.

"We don't speak a latin language."

Neither does Germany (as one example), what's your point?

"We make few rules but we stick to them, unlike continentals who make many rules and ignore the ones they don't like."

Yes, like the rules Bankers have to adhere to, or Politicians when claiming expenses. And the few rules we stick to, how many laws does this country have? When you take a black taxi do you make sure the bale of hay is in the boot of the car?

"There are more differences than similarities."

Yes, that's a good thing. Go check out evolution. The theory, not the film.

"We just happen to share a continental shelf."

We could try and cut ourselves off of that if you wanted, I'm pretty sure we have the technology?

61
3

Obama London visit prompts drone no-fly zone

Chris Harden

I'm insanely excited for his visit!

His 3 Ospreys buzzed the tower our office is in and I only had my phone to take pictures with, now we get another chance. Those things are beasts!

Oh yeah, and I guess he is kinda important too?

*nerd life*

4
0

Hybrid cloud is a neat concept – but we need to be able to move data

Chris Harden

RackSpace

It's probably worth mentioning OpenStack at this point, while AWS tends to be the go-to nowadays for cloud we have a rather neat solution with them.

We have physical database servers, connected to a disk array, with an ESX cluster hosting our site in their intensive hosting environment. We then burst a rather chunky data processing job out to the RackSpace Cloud and because it's all run in the same data center we get near LAN speeds connecting to it (plus it rather neatly cleans up any privacy issues someone could have not knowing where our data is geographically)

0
0

Yahoo! kills! more! passwords! with! push! notification! app!

Chris Harden
Paris Hilton

"King of Wadiya is requested access to YOUR APPLICATION, please CLICK HERE to allow him to transfer ONE MILLION DOLLARS in to your account"

Because getting a human to know the difference between a push from Yahoo and a push from a fraudster is a GREAT way to do authentication.

4
0

Google-backed British startup ‘stole our code’, says US marketing firm

Chris Harden

Re: "I can't see that they have got much to go on"

If you trace it back you'll probably find they both stole the code from the same SO article which is why it's so similar.

12
0

Loved one just died? Pah, that's nothing

Chris Harden

Were the videos they were watching the disarming instructions for the bomb they were attached to?

In which case, I can see their point.

9
0

PCI Council says bye-bye to big bang standards upgrades

Chris Harden

Re: Seriously

You don't, you want TLS.

And because, sniffing. I pop your DMZ and start listening to traffic on your internal networks you don't want me grabbing card numbers out of your switches you want to force me to have to dig deeper and go after your database.

1
0

Argos offers 'buy now pay in 3 months' deal

Chris Harden

Your going to really confuse the Argos SEO guys when this hits their top viewed product of the day:

http://imgur.com/OOFAfhK

1
0

Microsoft researchers smash homomorphic encryption speed barrier

Chris Harden

Re: The key is not stored

You would be surprised at the things you can do which would make it easy to break.

For example.

In your setup above you shuffle the data, OK it seems like that would make it more secure, I agree with that

However, then you encrypt and store the shuffle order. Now, that's a problem, I assume your using your data encrypting key as having more than one key to decrypt the data is a pain.

As we don't want to use security through obscurity lets assume your encryption algorithm is published and people know how it works, or at least can pull your systems apart and figure it out worst case.

So you now have a known, small and finite (there is an infinite amount of data to encrypt, but only so many shuffle patterns) amount of data which is encrypted with your data encryption key.

Which means you just gave an attacker your keys.

That's the point of encryption systems like this, for mere mortals like ourselves its usually best to trust the hardcore maths guys, because if something seems intuitive it usually means its mathematically weak.

0
0

German Chancellor fires hydrogen plasma with the push of a button

Chris Harden

Re: Bollocks

Hey, I have a couple of GPU based servers I need to power, could you send me one of your fully working free infinite power sources to power them please? Will really help with my 'leccy bill.

Much Appreciated.

10
0

Group rattles tin in bid to snatch TfL licence from Uber's paw

Chris Harden

"London's iconic black cabs could disappear from the capital's streets in a few years due to an unfair playing field created by Uber."

1) A cheaper competitor comes in to the market and kills the older, more expensive rival though consumer choice.

2) Abuse the law and regulate the competition out of the market and keep the monopoly.

Which is the unfair playing field again?

12
1

Oh, Zuck off: Facebook under attack for its attacks on net neutrality

Chris Harden

I tried searching Google for "Synchronizational Drift" - the top hit was your comment (impressed) and there are some patents for a Remote Gas Molecule Detector, which I feel is highly appropriate for the context of the term.

1
0

Half of UK financial institutions vulnerable to well-known crypto flaws

Chris Harden

Two reasons:

1) Intent

and

2) Qualifications

4
2

Missed our Christmas crackers? Top stories from the break were...

Chris Harden

Bit harsh against Steam

According to the Steam update here: http://store.steampowered.com/news/19852/ the config tweak was in response to a DOS attack against them.

I guess they should have just asked the people DOSing them to do it on a lower-risk day as config changes on Christmas day are out of schedule?

0
0

So how do Google's super-smart security folk protect their data?

Chris Harden

"If you don't want it known don't use the phone"

People forgot that somewhere.

Aside from the firefox guy, maybe he read another meaning in to it though!

0
0

Why OH WHY did Blighty privatise EVERYTHING?

Chris Harden

Re: More balance please

"The other point that needs to be made is that profit, per se, is not a reliable guide. The main objective of commerce should be to provide required goods and services and thereby make a profit. If the main objective is making a profit this leads to oversupply of unnecessary items. The fashion industry is a good example of this. Why oh why do I need a new jumper this year that is (say) blue merely because last year's is green and no longer in fashion. Madness."

Consumer demand.

(disclaimer: Doesn't mean I don't agree with you, it is madness, just not madness based with the companies)

2
0
Chris Harden

Re: The Purpose of Government.

What we have at the moment is a blend that works, on the whole privatisation is great at keeping things progressing and the government is there is ensure things get fixed where it falls apart (*cough*Banks*cough*), as people have said on this here comment thread, government is there to keep the framework of society running. Where it fails miserably is at micro-managing that framework.

To analogise with our industry, think of government as the IT manager and the private companies like the BOFH - without the IT manager the BOFH would have no one to scapegoat, without the BOFH the manager is sitting scratching his nuts trying to figure out where to stick the paper in his shredder to make it print.

Your comment is based around what goverment is 'supposed' to do yet who decides what something is supposed to do? If we stuck with that idea we would still have the monarchy in charge and that didn't work out so well, the more important question to ask is 'what works?' and so far this country is still working pretty well.

We now have an interesting development happening in the private sector in the marketing department. With review services like TrustPilot (who I will defend against the BBC here and say they are pretty good at tracking down fake reviews, not perfect but they are pretty good), companies can no longer shape their own brand, the consumers shape the brand with actual output from the company putting much more pressure on a private company to perform and keep their customers happy. This accountability is bringing much more exposure to the market and something we could not have with a monopoly.

2
2

PHOTON SPACE SAIL successfully Kickstarted into orbit

Chris Harden

Re: How thick is an average trash bag?

Sounds like this is a job for the Vulture Central Weights and Measures department.

4
0

RAF radar station crew begs public for cash to buy gaming LAN kit

Chris Harden

Re: *ULTRA* reliable!

It's the same brush, I've replaced the head and the handle at various time, but the same brush I've been using.

6
0

Improbable: YOU gave model Lily Cole £200k for her Impossible.com whimsy-site

Chris Harden

Re: I wish...

http://www.facebook.com

http://instagram.com

http://www.twitter.com

http://www.dailymail.co.uk (But I think you have to pass some kind of test called a 'Job Interview' before you get to post on this one properly)

0
0

Finance bods probe RBS over bank-crippling IT cock-up

Chris Harden
Angel

Re: Not outsourced

"I'd bet heavy money that the hosting is done by Rackspace"

EIther that or they plastered El Reg with RackSpace adverts because they thought they looked pretty - not sure that's a good bet to take.

1
0

Dotcom's Mega smacks back: Our crypto's not crap

Chris Harden

Re: They won't de-dupe the whole file

Assuming they actually de-dupe the data right now of course, it might just be in there to give them the oppotunity to dedupe in the future (however they decided to do it) without getting everyone to re-agree to the T&Cs.

If I were going to be doing a file hosting service of that size, I'd certainly want the oppotunity to save space at some point in the future.

1
0
Chris Harden

Yes.

1
0

US sides with UK, walks away from sticky WCIT treaty

Chris Harden
Black Helicopters

Re: The company you keep

I agree with your post - but I downvoted it because I've always wanted to see a Black Helicopter (especially now they are robotic!) and being accused of being a fascist pedoterrorist seems like the quickest way to see one in Britain.

1
0

BOFH: Tenacious B and the Printer of Destiny

Chris Harden

yeeeeeeaaaaaah

1
0

HSBC websites fell in DDoS attack last night, bank admits

Chris Harden

"Thus the chain of cyber attacks on U.S. banks will continue this week."

You would have thought that the NAME of the bank would have given away their mis-assumption.

0
0

Assange's fate to be revealed at high noon

Chris Harden

Re: Legal basis?

I imagine, considering the amount of police surrounding the building, he gets arrested.

2
0

Valve: Games run FASTER on Linux than Windows

Chris Harden
Mushroom

Re: Gabe!

Took me days to figure out why Bullet Storm kept crashing out on my PC without an error message - till I turned my xbox off and my live account was no longer logged in from two places!

GFWL was a really half assed job of ripping off steam.

14
0

Sheer weight of Brits' interest knackers new tax tool

Chris Harden
Mushroom

It's funny because

Your link had session data attached which bombs when anyone else tries to look at the link (IE try it on a computer other than the authors.)

It's funnier because HMRC can't build website for sheeeeeet.

Actual Link: https://esi2calculator.hmrc.gov.uk/hmrctaxcalculator/

3
0

Pirated software hard drive on display as art

Chris Harden

Considering how long my two WD external disks have lasted I would say it's somewhat appropriate

0
0

Mobile operators warned on 'unlimited' data gouging

Chris Harden
Gimp

3

In 3's defence - on the topic of subsidising the few - I just called them up to 'upgrade' my blackberry plan (1000 free minutes, 800ish free txts and a few gig of data (AUP style)) which clocked in at £40 a month and got a shiny new Samsung Galaxy s2 with twice as many free minutes and txts, and the true unlimited data plan for £10 less than I was paying before.

I'm sure people are going to rat all over my monthly bill, but I was under the impresion £30 a month isn't that bad a deal - especially as I now don't need an internet connection at home (I'm in the docklands - 3g is faster than anything BT can deliver across copper and Virgin don't come to my home)

2
0

Neutrinos still FASTER THAN LIGHT in second test

Chris Harden
Thumb Up

In the office

I laughed out loud.

0
0

5 SECONDS to bypass an iPad 2 password

Chris Harden
FAIL

It's not the issue itself....it's the mindset

My issue with this, isn't in the bug itself, but how Apple missed it - Windows was inherently insecure because of the 'it's single user so lets just patch security over the top' model they used to use. If Apple are thinking the same way with this then what ELSE is inside the thousands of lines of code in there?

0
0

Father-of-three attacked teen after Call of Duty jibes

Chris Harden
Trollface

Dear El Troll

http://www.youtube.com/watch?v=VJACFMc-Rb4

1
0

Skype lets hackers track your BitTorrent downloads

Chris Harden
Trollface

IP?

I guess the real 'problem' here then, is that Skype tries to use direct connection for its communicatoin instead of routing all calls through a CDN (and that would have to be one hell of a CDN to handle that data.)

So the attack goes:

Attacker: "Skype server, where can I contact x for a call?"

Server: "Here: IP"

Attacker: "HAHAHAHAHA I PWNED YOU WITH TCP/IP!"

The whole point of an IP address is that people know what it is, it would kinda break the Internet Tubes if no one knew each others IP.

PS Dear El Reg, I know you track the IP of my comments - can you please stop invading my personal spaces with your Interweb Servers. Kthxbai.

PPS: Actual 'attack' I've used once.

Someone is pingflooding me through MSN (it was a while ago).

One blank, large, jpeg named 'britneyspears.jpg' was created and sent to them.

Stupid kid accepted the file.

One quick netstat later to find his host name (which was someone's name at AOL) and a message "If I call this lady here: [Name] and tell her what you are doing with her internet connection.....what will she say?" and stupid kid vanishes into the air, assumedly to cry.

This is not new news.

1
0

OpenSUSE 12.1 delivers Fedora punch with GNOME 3

Chris Harden
FAIL

Oh man

You have no idea how stupid you just made yourself look.

"OpenSUSE does include the gnome-tweak-tool, which can help change some of the GNOME Shell settings"

1
0

Biker gang plunders Covent Garden Apple Store

Chris Harden
Holmes

Coffee Moment

EC1? That's the city....

So what your saying, is that this bike gang is a bunch of banker toffs on mopeds nicking iPads? hehehehe, good times :D

0
0

Stars say relativity still works

Chris Harden

Brown Dwarf = 1 Kutcher

Really bright, hot star (guess my knowlage is invert of yours - fail for me) = 1 Vorderman?

0
0
Chris Harden

hmm

Depends on if they were giving or taking :)

1
0

Parliament has no time for 100,000+ signature e-petitions

Chris Harden
FAIL

Looks like they really don't care about us

They don't have time to debate debating either :(

http://epetitions.direct.gov.uk/petitions/16628

I'm quite upset.

0
0

Unisys gets 'stealthy' with secure virtual terminal

Chris Harden
Gimp

Tepest

They are probably referring to the technology that is used to reduce the effectiveness of the tempest attack - it's really advanced, I think it's called 'low contrst colors' or something like that.

They might also be referring to something along the lines of obscuring window figerprints to stop screen scrapers detecting when a 'secure' window is open (IE I have an application that looks for the spotify window to send it a message to play/pause when I hit the blue thinkpad button on my laptop) and capturing its contents.

0
0

Page:

Forums