16 posts • joined 10 May 2010
..they've put passwords on their admin accounts after all?
There hasn't been a restriction on taking bottles bought in duty free on board a plane as hand luggage. if you think about it, your bags are checked in before you go through security, so those litres of gin have to come on board with you. the restriction was on liquids you had in your posession before you went through security. the bottles of whatever you buy in duty free have already been checked. if this wasn't the case, where did all those reasonably priced bottles of Plymouth, Tanqueray No 10 and Laphroaig in my cupboard come from?
it gets worse
sites are not just catching on for the purpose of their own scripts - many sites check for the presence of things like googleanalytics before showing you any content whatsoever. It should be possible to extend noscript to effectively "mock" the presence of third party scripts. if the site's script checks for the presence of objects or functions it could work.
Cynicism is the new realism..
I wholeheartedly agree with the sentiment of your post. while I'm not sure of the tax laws involved, I do see a workaround:
1, pay your own training costs and do the training in your own time
2, make sure everyone in your organisation from cleaner to CEO knows you paid for your own training out of your own pocket, done in your own time
3, claim the costs incurred back from the IR by means of self-assessment tax return - if it's a business expense it should work.
the upshot of this is that you'll keep your job and your money whilst the economy is invigorated by having more people working at the Revenue processing tax returns.
when managers know best..
I believe the management terminology for what you have just described is "can you just up it a font?"
I got a first warning for asking my then manager what "just up it a font" actually meant, as it meant next to nothing to me. the best I could guess was that he wanted the next font in the list view of the fonts folder. I wouldn't have minded, but we were already using Vrinda - the next one is Webdings. I needed to be 100% sure.
bloody foreign spiders..
..coming over here, taking white British spiders' webs, getting Bugworld benefits as soon as they arrive, bringing dozens of their family over no doubt. what we're seeing here is the steady arachnification of Britain. in 20 years time we'll all be under spidia law
this would never have happened under the BNP. arachnimmigration. open your ocelli.
it would do..
..if we didn't insist on drinking 15 pints with every curry
Re: SSID/MAC + Lat/Lng is OK in my book
It goes a bit further than street numbers and road signs mate.
SSID+MAC+Lat/Long is equivalent to Telephone number + Lat/Long. Telephone companies offer you the possibility of opting out of a directory when you sign up, yet everyone with WiFi has been automatically opted in by google.
it would have been nice of them to ask first.
"How will google tie the private IP address of a WiFi user to the IP address which communicates with the outside world? (hint 192.168.x.x or 10.x.x.x)"
OK, when you wonnect to a wifi network, YOU get an internal IP, but from the connection it's a cinch to get the external IP of the router - Firefox has an extension that does exactly that. I can then open a command window:
arp -a <IP_ADDRESS_HERE>
to get the MAC Address that the external IP is bound to. I can also get my ISP's DNS suffix using the IP address. that means that even with a dynamic external IP, an attacker *could* scan my ISP's address range and for each address in the range run a RARP lookup using the previously captured MAC address to ascertain the new IP that's bound to my MAC address. hey presto, you've been found.
"Here is one scenario" - that's disconcertingly vague
"As to deliberately letting the code in - I guess most of you lot have never worked on a project involving more than a couple of webpages - big projects have colossal amounts of code, and lots of that is hangover code from previous projects which is there but not used"
I see certain anonymous contributors have colossal amounts of either arrogance or ignorance, I'm not quite sure.
never heard of source control or versioning?
not actually sure what's in your own software?
your code is full of redundant WTFs?
I guess you've never worked on a project involving code full stop.
sign up for an account, be a man and show yourself. I bet I can guess where you work.
re: Wow.. how paranoid..
10 seconds, once a year. it's funny, I remember times when there weren't strangers driving round in cars doing this completely without permission.
it's OK though. purely by accident, I happen to enjoy dropping grenades from my roof on to passing camera-wielding cars for 10 seconds, once a year. bring it.
By the way.. they have your public IP and ISP's DNS suffix from the instant they connect to your wifi, incidentally.
they can then arp the IP for the MAC address of the public interface.
what about dynamic IPs then?
with your geographic location and ISP's DNS suffix they can narrow you down to an IP range. then using arp once again they can eliminate IP addresses from that range by using your previously-captured MAC address. hey presto, a fully verified public IP. I've just done it myself on my own wifi router.
re: Well said sir!
that's beside the point. you choose your own ISP but you don't specifically ask for a third party you might have nothing to do with eavesdropping on your comms.
that's not the point..
..google street view sent cars round to capture views of the street, not capture private wifi data.
imagine if you could correlate MAC addresses with locations, you're then narrowing down to a smaller set of ISPs. a combination of MAC address, ISP dns suffix and the arp command sound like key components of an attack vector to me..
do google publish dates of when and where their cars will be?
I feel abusive, threatening and possibly bestial porn posters in all street-facing windows are the order of the day. or adverts for Bing.
anyone know where to get a traffic police stinger from?
the muppet show
Is this the best the US can do? The poster boy for cybercriminality worldwide is a ginger Brit with Asperger's, who by his own admission, was drunk and stoned at the time, and only got in because some genius set up admin accounts without passwords?
next thing they'll be charging the water cycle with stealing from the oceans.
Don't copy & paste straight out of the mail
this article is low. a nadir I didn't expect the Reg to reach. IT professionals are supposed to look at situations and analyse them methodically, yet all that's written here is a verbatim copy of some hormonal rant from the Daily Mail.
it's only the reactionaries who bleat on about the Lib Dems wanting to get rid of Trident altogether. what Nick Clegg actually said is that he wants a thorough review before blindly committing the UK to a £100bn bill payable over 30 years for a weapons system we *might not actually need* or *might lose precedence to something more suitable*. he never said he was going to get rid of it outright. as Trident expires in 2027, wouldn't it be a shame if we spent £100bn on new murder toys right now, for the Taliban to come out with a nuke-proof flying saucer alien death ray a month later?
again on the energy issue, you haven't listened to a word from the Lib Dems. their *priority*, instead of simply committing to build more nuclear power plants, is to ensure homes in the UK are correctly insulated. all the nuclear plants in the world won't keep us warm if all the heat we glean from them disappears through the roof and out the window. once we've done insulating, we might not have to build as many new power plants because we've cut down on waste, thus saving money too, but you'd thought of that, right?
The main problem all the seething mob have with the Lib Dems is that they appear as if they want to think before starting a course of action.
- Review Is it an iPad? Is it a MacBook Air? No, it's a Surface Pro 3
- Game Theory The agony and ecstasy of SteamOS: WHERE ARE MY GAMES?
- Hello, police, El Reg here. Are we a bunch of terrorists now?
- Microsoft and HTC are M8s again: New One mobe sports WinPhone
- Worstall on Wednesday Wall Street woes: Oh noes, tech titans aren't using bankers