Posts by Sir Runcible Spoon

@Lysenko

Do you think it would be possible to hook up multiple MS Kinect's to a monitoring system?

Programming the correct criteria would take a bit of doing obviously, but I believe the Kinect has quite a decent sensor array.

"I wonder..."

My wife has told me, categorically, that she is leaving me if (when?) I ever go bald.

The number of times that memory entered my mind whilst being asked what I wanted when sat in the chair at the hairdressers :)

Many years ago I realised that using a laptop with extra keyboar/screen/mouse was effectively a UPS for the PC in case of power failure, especially when working from home.

Saved me a lot of lost work at one point did that decision when our local substation decided to be temper-mental.

Re: And also some stuff you just can't put in an ad these days.

You probably can't kick a bear in the nuts and steal his salmon either, but I bet you could run the John West advert again :)

Re: PEBFAD...

Chair to Keyboard Interface error

@Steve

Thanks for remembering that - I thought I was going mad with all this talk of editing a binary file :)

Re: Two stories:

"I didn't mention it's only 48 volts"

DC or AC? Coz from what I understand DC shocks can a lot harder on the system and require a lot less current to kill you.

Re: 'As to how to protect yourself or your company'

I now have 5 2fa code generators about my person. It's starting to get a bit unwieldy :)

If someone were to code a crypto miner that only used max 10% cpu (or an unused core for example) do you think it would fly under the radar for longer?

Re: Back of a fag packet

I suspect the sample was based on a couple of real-world scenario's along with a wetted finger held in the air whilst sensing the prevailing direction of the wind :)

Re: Back of a fag packet

If you were to take two similar breaches, but one on a company with 50 employees and turnover of £20m - the other on a company with 5000 employees and a turnover £20bn - I'm sure you can see why it's hard to provide an average.

Re: Not even a drop-in-a-bucket

Obviously there are shades of grey, but imho I would describe a grey hat as a white-hat with black-hat skills/awareness.

YMMV

Re: Naturally...

I found a newer one..

http://researchbriefings.files.parliament.uk/documents/POST-PN-0554/POST-PN-0554.pdf

Re: Naturally...

It might be interesting to note that whilst the US power generation overseer, NERC, has many standards (and the teeth to enforce them) in the UK we have OFGEM, which does diddly squat in terms of enforcing standards for our CNI.

This is old (2011) but I doubt it's been updated..

https://www.parliament.uk/documents/post/postpn389_cyber-security-in-the-UK.pdf

"There is no overarching regulation of cyber

security in the UK, although a growing

number of organisations are complying with

voluntary standards"

I really do think it's time people were educated about the difference between *discussing* prejudice and actually *employing* prejudice.

If your actions/words do not directly involve the subjugation/humiliation/oppression/exemplification of another person or persons based on an unalterable human characteristic then it should not be considered as discrimination.

Re: It's just how you want to call it...

This is just a prime example of a massive social engineering experiment starting to come off the rails.

@DontFeedTheTrolls

But people don't just switch off bias like that, so all companies need to Police the views of everyone in the workplace.

So you're suggesting that the Google discussion forums are just a honeypot to attract the comments that will get people fired?

Let this be a lesson to all those keyboard warriors who want to shove their (political) opinions (of whatever stripe) down other peoples' throats.

Re: Does that mean...

With the 10th upvote being from someone who had no issues understanding the text or the point in question.

Re: Banking security

They keep asking me if I want to enable it, I wonder if they'll ever get tired of trying?

Oh, and when someone asks me 'why' I don't want their useless insecure twaddle and I just say 'because that is my stated preference' I wish they wouldn't get all passive-agressive/shirty and make out like I'm the one being rude! Cheeky feckers.

Re: Commenters can only think of bad uses for new tech

Pretty much anyone on El Reg who has anything to do with security is a Risk Analyser by default, if it weren't in our nature we'd be doing something else (less boring) instead :)

Re: Good luck...

There's usually a gap between emergence of new tools and the point when they get outlawed, but the result is invariably the same. Encryption without key escrow will end up getting outlawed

There is one problem with that policy, how the hell are they going to enforce it?

If the answer is 'police' then it will simply advertise their intent to instigate a police state probably sooner than the (already warm) frog is prepared to accept. Just how are they going to identify encrypted traffic that doesn't have a key stored somewhere? To be able to do that, you would have to actually attempt to decrypt *everything* so that you know what's left doesn't have a key. That will probably require a datacenter and power supply equivalent to an entire city.

I just don't see it happening in any practical sense.

Re: "What about the children"

I think you'll find it's the people wanting to ruin encryption that are claiming that particular strategic hill.

We accept that our bank details are available (upon legal request and not just for trawling) to the relevant authorities because that is how the legislation is written. We don't object because we need those banking services to deal with the rest of the world.

However, if I wanted to send saucy* pictures to my wife that is nobody else's business. Denying others access to my personal communications does not break any law, I believe I have certain rights in this area. I don't accept that anyone else has a right to see my personal communications.

Let's get a little perspective on this. The world is a turbulent place, and many people die of unnatural causes every day, many of them at the hands of our very own governments. They are not interested in breaking encryption so they can pick up the odd terrorist or kiddie fiddler, they want it so they can monitor the communications of the entire population.

There is only one reason to do that, and that is to prevent civil unrest as they claw more and more power into their grubby little hands. Make no mistake, encryption is out there and the bad guys are using it. No way you are going to stop them. 1. They won't care what the law says and 2. They probably aren't in your country anyhow so precisely how are you going to enforce any laws? More bombs?

Preventing access to encryption for the masses is simply another facet of population control by the very very rich of the very very poor.

*I like sauce on my dinner

@ bazza

I'm really struggling to see where you are going with this 'no encryption' idea.

Just because it isn't perfect, and certainly isn't always perfectly applied, that doesn't mean it's useless. If it were we wouldn't be using it.

We use it to protect ourselves as much as possible from unseen actors who wish us harm.

Much the same as me locking and bolting my door at night. It won't stop a determined gang (like the Police) but it does act as an additional obstacle to the opportunist burglar.

In your circuit switched world, where you know who owns all the endpoints - how do you know who is actually *using* that end-point and that their network hasn't been infiltrated? There are more ways to hack a network than over the wire.

As for your comments about the virtues of the POTS world, I fear you are badly misinformed as to the level of security and non-repudiation it provides. About the only thing going for it is that it's hard to scan lots of calls at once, whereas that's obviously a lot easier in the IP world.

We used to have encryption only for serious things, but when everyone started getting wind of the governments taking the piss and slurping everything without permission, then it got more attention and use.

Now that encryption has gone mainstream TPTB are moaning about it, and well they should because they bloody well created the situation. This genie is out of the bottle and there is no putting it back.

Even if you created your own network using dark fibre, the moment that data passes through any device that isn't 100% controlled by you, it's vulnerable. Mitigate that.

Re: Idiots...

From the Arstechnica link..

""This method has already successfully provided information that we're going to use in our ongoing legal battles against such criminals,""

Wow, just....wow. Admission of guilt for computer misuse?

OMG, it gets worse..

"Using this method, Kalamaras writes, the FSLabs team was able to "dump that cracker's information needed for us to gain access to those illicit websites, so we could then forward the information to proper legal authorities." What he and his team found, he writes, was "an entire web of operations" dedicated to pirating multiple flight simulators"

So they also breached other websites with this guys' stolen details? Man they are fucked.

What's Panda?

Re: Reporting Cyber Crime

I certainly hadn't heard of them, and to be honest I should have.

Having said that, most of the large corporations have their own policies to follow and I would expect those teams who handle that sort of stuff to know - but I wouldn't bet real money on it :)