All I know is calling them IS bestows legitimacy on them and should not be used.
603 posts • joined 5 Jul 2010
Reg' worried about being sued for libel by ISIS? Twitter have made it clear this is a threat they've received.
One can be too careful.
Uber wasting a lot of money to find out an IP address that'll be a VPN or open proxy in China or one of the IS controlled parts of Iraq or something.
It's always the hipster tech companies that understand the internet the least, not sure why.
I have no issue with conditional access. I don't watch broadcast TV, and I'd be happy paying on a case-by-case for the stuff I would want to watch if it stopped sucking and started being good again like it used to be, for example Horizon.
There's a problem, they're not talking about conditional access, they're talking about billing people regardless of them watching broadcast TV; I'll happily go to jail before I pay it.
Re: No-one at all? But I thought...
That people were making gazillions of pounds posting videos of themselves playing and commenting on computer games, and posting shit videos of ugly cats and stuff???
I've seen enough filings to companies house to know people are, don't worry about that.
especially if the internal networks where they generate and manage keys are, as they state, isolated from the public internet and they can establish with reasonable certainty that they were not breached
They didn't state this - they said their network is like something to do with onions and that they got into their office network and no further, which is fairly obviously nonsense.
It's a shame so much ire is being directed at the victim of this attack and not the perpetrators.
Whether Gemalto are making themselves an easy target with clumsy PR shouldn't take away from the fact of what really happened here.
The problem is the NSA/GCHQ OP has exposed them for a sham. It's not clumsy PR it's share price first, security second. From a company that sells crypto products to the financial sector, amongst others.
Initially it's GCHQ/NSA's fault we could have been living in ignorance for decades about this; the UK government should be made to pay via a case at the ECJ for financial damage done to the state and costs to rebuild Gemalto with proper procedures in place and the recall/revoke/reissue of all the company's crypto products and keys.
That last part is where this story gets sketchy because that isn't what's going to happen, and investors have displayed fairly shocking ignorance over these events. Share price is higher today than when the revelations first aired in public, which is just frightening. They're basically claiming that they fought off arguably the two most capable offensive hacker orgs on the planet and won and nobody sensible should believe them.
Re: Who to believe?
Huge crypto vendor in total denial about the state of its own security. They clearly proven untrustworthy by word and action. This is actually worse than the DigiNotar attack and the company should be fed to the fishes the same way.
They're in denial about the SIM attack, who could trust any of their other crypto products ever again?
This is because that relegation pressure flows through into a desperate desire to pay however much that rare talent that might keep you up, or promote you, can count up to.
This is nonsense. It costs money to stay in the Premier League it costs more to take a run at the EPL from the lower leagues. For the record nobody is paying whatever a player wants under the top 3 and nobody below that is buying players at any cost. Liverpool did once with a certain player that turned out to be worthless and it wouldn't ever be allowed to happen again.
If you want to take a run at the Champion's League that's a different story because you suddenly *will* meet teams like Barca where no wage or price restraint applies and nobody can compete with them even though they are within the terms of the FFP regs.
Also not for nothing but Labour are centrist, and they took a turn to the right of centrist back there at one point.
Re: Bloody teenager
NSA and GCHQ are doing exactly what I'd expect them to do
Expect or should be doing. You're right in it's what people half expected them to do but it isn't what they should be doing. By rights Gemalto should effectively be out of business (how they're surviving I have no clue) because banks should be deleting their root trust under the assumption all the company's keys are compromised - what they should have been doing was helping Gemalto shore up their defences for the common security and "economic well-being" (see: all the relevant law on this) of the US, UK and the EU as opposed to attacking the very basics of everybody's security.
What they've done here is certainly in the UK illegal in certainly the spirit of the law; if not the letter. GCHQ are supposed to be working to secure us against outside threats not weaken us.
Re: If Apple wants to really piss off the feds
If Apple just did it in secret and dropped it on people there'd still be arguments over it (and it'd more likely get fked off by Google) - the standards process works for crypto and has done for a long time and can continue to work.
Re: If Apple wants to really piss off the feds
Later Apple, Google and Microsoft can come together on a standard to support encrypted communication between all smartphones, and the NSA can hate Snowden even more for spoiling their illegal games.
Or they could just *start* with a standards process and do it right first time. Cray idea I know.
Re: What Kamp?
"proven to be a bad way to introduce state to HTTP"
Cookies shouldn't be used to introduce state, they should be used to reference state - that's not the same thing. Because somebody uses something in a nefarious manner isn't automatic cause for ban - if it's *only* purpose was nefarious activity I'm sure you'd get agreement, but it isn't so you won't from anybody sensible. Until somebody comes up with a better idea than cookies (and they won't because the only reliable alternative is some sort of unique identifier like a cert) they're staying, the end.
"God help us if browsers are still speculatively requesting /favicon.ico"
Re: This says it all...
Cookies aren't actually the big privacy issue, if this isn't clear to people by now we have serious problems. Not for nothing but removing cookies would put us back to mud huts regardless.
Re: i can see myself
It's in the protocol more than the apps. It doesn't take long staring at the output of firebug to see the major speed issue with most sites - optimised or otherwise - is protocol related. Also not for nothing but you'll use it when your HTTPd supports it; the end, no questions. And that will be soon, very soon.
Re: but the '...w.dll'
"Wouldn't stop the NSA for long. All they need is a signing key or signing of their own bootloader"
Anybody involved in this would go out of business very quickly - all their trust keys would be revoked and they'd be *extremely* lucky to have anybody ever accept them again.
Re: Spell Checker
You're supposed to use Tips and corrections else some reg hack will come along and shout at you for mouthing off in the comments - true story ;)
I had no clue..
.. the fix for this would come from the US and the EU would remain totally silent on the issue of yankee doodle dandy thinking they can eat whatever they like. The hell is wrong with the world when the Republican Party in the US is saving us from this nonsense?
which provides for jail time if you decline to hand over when asked your encryption keys
Passwords for my crypto keys don't have "existence independent of the will of" (Saunders v UK) me, they can do what they like; I quite fancy a massive compo award via the ECJ. The can have the keys they can't have the passwords for them. For everything else there's PFS and they can bite me.
So you're bearish on the quantum computer market then.
After all the use of encryption gets your comms in the NSA's special data center indefinitely
They can have it, they're not decrypting it while I'm alive.
Re: Google should run for President
In reality, corporations are not persons of any kind, natural or unnatural. Corporations are collections of legal documents and bank accounts, and that's about it.
And yet legally they are, they have rights, they should have rights. The question is over what rights they should have and what they shouldn't.
Re: Google should run for President
Corporations are unnatural persons the world over. This is why you write laws that specify if for example the right to free speech or the right to be not murdered generally applies to which.
The US' problem is these things were not codified in early and arguably the most important law despite being well known legal issues at the time, so now somebody has to decide which apply to what.
Re: Rely On
It's fairly easy to argue that 509 is a better model for what PGP is used for in the linux environment - the only difference is the stack and an authority can revoke keys on behalf of people they certify keys for; which actually if you're say debian isn't necessarily a bad thing. If you're signing packages with a key signed signed by the debian project's trust anchor and that key goes awol and the dev themselves are awol debian can revoke the key on behalf of that developer - this isn't actually a bad thing. With PGP packages are signed by a central package key which if compromised in some way (more likely because more people have access) the key for the entire repo needs replacing on everybody's system rather than a revoke->reissue->re-sign process for the affected packages.
Also I wasn't arguing it wouldn't be a major task, I was simply stating that we could probably live without it.
I don't know that rely on is quite the right word, it's not like there aren't other options if GPG didn't exist; it'd probably help if companies that *directly* profit from selling stuff that uses chipped in a bit though..
Re: More neutral language please
Maybe it's me, but I have changed stores permanently after repeated 'not currently in stock' situations
It's not just you my local Asda spends half its time looking like they've just been robbed by an army of "they're not Russian, honest" soldiers, I don't know how they persistently have no products anybody wants, just empty shelves. A few years ago I stopped shopping at the Canary Wharf Waitrose for exactly this problem - to the point I was telling people that if they ever hear Waitrose talking about recession they're just lying; the actual issue was they plainly weren't buying enough stock.
This stuff really pisses me off. Occasionally it's fine, but when it happens every week with the same items you're doing something fundamentally wrong, why are your systems not figuring out this is happening. No Big Data™ needed to solve this one.
Re: Begun the Ad Wars have
especially for browsers with curated extension stores
Not really, Moz isn't in the business of selling Ads, and AFAIK has no plans to - any browsers that do the conflict of interest is blatant though.
Re: privoxy and friends: we're moving to a world with much crypto, if it isn't in the browser the best-case scenario is it breaks things. Not ideal. Key is using browsers not made by people who sell ads, even if that's a fork of a browser by a company that does.
Hahahaha, you think Labour would be any less authoritarian if elected?
I don't recall saying that?
So why re-introduce at report stage?
Because then whatever the Tories introduce later looks sane and measured by comparison even though it can't possibly be so.
Re: I wonder what they really want
They're scared of everybody, and the way they're going they're going to end up in a position where they should be scared of everybody.
Re: Communication equipment
we can't make a secure system which can only be snooped by the "good guys."
Of course you can. If one starts from the premise that the "good guys" really are thus: a 3 year old could write a back door (or rather a front door) that has strong auth that can do this.
It's not a question if that's secure, it's a question of if them screwing around with RNGs, crypto suites and doing the insecure back-doors is a good idea; and if anything of it is ethical and if there's any point at all when in a few years everything flowing across it is going to be encrypted strongly.
Re: Uh, yeah ....
+1 300 re-releases of Halo for the fan boys with no clue. Pretty sure writer is talking about the tech rather than the games though....
Is your claim that that's the only purpose of the business
Only purpose? No. The history of the company is sketchy enough that they easily could have been literally rather than y'know, figuratively. ITT/Wallenbergs et al.
Mostly because they and AT&T are clearly fronts for the NSA. AT&T we probably can't do anything about, but Ericsson we probably can.
it's definitely not the case at HMRC
Hence the discussion. Government are doing it wrong, hold the presses.
No kidding though why isn't a cost-overrun the supplier's problem to eat? Go to your shareholders, tell them what you burned and enjoy the replacement CEO.
Or put a better way: don't make bullshit bids for projects. I'm serious - why do governments do such a shitty job in contract negotiation? If they can't guarantee the cost then they know full well they're lying about it and they shouldn't get it anyway. If they can't produce deliverables passing acceptance tests why do they get paid a penny and why are they allowed to bid on other projects?
This is fairly basic stuff and it really pisses me off that government haven't learned stuff everybody else knew in the 1970's.
Re: Organising the Techies
TOR is overkill for the actual problem. Not only that but the network clearly doesn't have the bandwidth to cope with that even if it was the solution to the problem.
HTTP2 is a start, a big start. Getting everybody's SSL config up to scratch is good too.
Re: The Hilarity..
Commenting on my own post here.
Me or you would go to jail for this shit.
Because it looks like a prima facie case of GBH. http://en.wikipedia.org/wiki/Grievous_bodily_harm#Specific_intent - actually it sounds like religiously aggravated GBH which is up to 7 years in jail so...
.. is this junk isn't what Cameron and May are saying the security services need to "do their job" and save the children from ASBO-wielding nutjobs (yeah seriously - ASBOs) who can apparently piss off to Syria and come back when they like (so what's the point again?).
Seems to me that the security services always know full well who these people are whenever something happens but simultaneously refuse to crawl up inside every available orifice of the same people - they're far more interested in what you're doing on facebook.
the incident culminated in an attack on two members of the public who were beaten to the floor, punched, kicked and struck with wooden placards
Me or you would go to jail for this shit.
How can we have got our system so wrong? Is it just the boomers after more tory rape-the-country-finances pork that let these clowns slip in or what?
Having to pay for it is a little like a garage selling you a Ferrari, and then charging you extra to be able to drive it at more than 50 miles an hour
No it's like having a 1980's Skoda that you can't buy only lease that was paid for by the taxpayer anyway and costs them close-to-zero to maintain and they put no effort into improving the roads and them charging you an lease on the car stereo that you can't not have at 15 quid/month.
This stuff actually gets worse if you're a Hyperoptic customer or certainly what VM used to do, not sure if they still do - you have to actually pay more if you don't take a phone package. Now I love Hyperoptic but that policy is idiotic - the only way they can get away with it is because BT massively distorting the market; you're still better off and your ISP is a million times better anyway so you have to bend over and take it.
"Anyone starting up a new video service?" she asked.
No because you all go to Youtube anyways so it isn't worth our time. QQ, tough shit.
There's no alternatives when all the drivers of all the traffic cling to Google or Facebook or whatever else for dear life. Gotta dance with the one that brung you I'm afraid.
All Microsoft have to do is have the option to be able to give the thing some power while you're using it at your desk and some battery power to last all the times when you're not. If they do that (and it functions like claimed) they're gold regardless of all the other noise.
Re: Truely holographic?
It's not a hologram in that way (well it isn't at all). Arguably it's more realistic in it's attainability - but the effect from the viewer perspective should be the same (arguably better, to look like an actual thing rather than a weird-ass projection). Enough people have said it really is what they're advertising for me to believe it, if you look at the technical specs it does look sound.
Re: Obama never met a lie he didn't like.
I don't think you understand basic economics. Also protip: you're not rich on the scale of things and never will be so chill out? Obama is probably the best thing to ever happen to the US and it's been squandered by people pandering to billionaires who keep their money in the Caymans anyway.
He's a terrible political operator but he's got his head screwed on.
I know a few born/bred/current brits who don't watch TV and therefore don't have a TV license who would gladly do same for access to the content they want to watch and not paying for drivel like EastEnders and strictly. I'm one of them.
Re: @Jimmy: Would have been more impressive (and believable) @fruitoftheloon
Or where it might by comparison be silly to say anything about the NSA having compromised the DPRK's network?
I'm positive that North Korea are aware that security services from various countries are in their systems and that passing on relevant information would have made zero difference to the NSA's capabilities.
The argument is the NSA in NK's gear. Well no kidding that's what they're supposed to do. Then <conjecture> therefore it must therefore be NK. The article actually contradicts itself:
The N.S.A.’s success in getting into North Korea’s systems in recent years should have allowed the agency to see
Yeah, no shit, one would think that, wouldn't one?
Don't get me wrong I can't imagine how or why it could have been anybody but North Korea but I've still not seen any evidence it actually was.
Re: This is probably very bad..
"Crash from being harassed by opponent fighter jets?"
Goes the propaganda. If either of the claimed "it was somebody else" theories were correct we can be sure of some things:
* The Soviets would have shouted it from the rooftops
* The project wouldn't have been cancelled as infeasible
Chinese competition to the F-35? Heh. In the same way as the T-50 is supposed to be (popularly) competitive with the F-22 but patently isn't, I assume?
Some people need to find a grip. It's pencils in space and graphite in your sensitive safety-critical electronic systems all over again...
Re: This is probably very bad..
They can steal all the designs they like it doesn't give them the technical capability to actually build one or counter it.
The F35 is an inherently (designed) unstable aircraft, if they made a carbon copy it'd just do a Tu-144 at the Paris Air Show type deal.