* Posts by Simon Brady

29 posts • joined 27 Jul 2010

Polish plane IT attack? Apparently not, just a simple DDoS

Simon Brady

Meh, who needs hackers when a network failure can take down all your ATC radar at once:

http://www.stuff.co.nz/travel/travel-troubles/69653118/investigation-launched-after-radar-fault-grounds-flights-across-nz

0
0

Dossiers on US spies, military snatched in 'SECOND govt data leak'

Simon Brady

Form 86

The IT questions in Section 27 are interesting:

Have you illegally or without proper authorization accessed or attempted to access any information technology system?

Have you illegally or without authorization, modified, destroyed, manipulated, or denied others access to information residing on an information technology system or attempted any of the above?

Have you introduced, removed, or used hardware, software, or media in connection with any information technology system without authorization, when specifically prohibited by rules, procedures, guidelines, or regulations or attempted any of the above?

If you're applying for clearance to work at the NSA, the correct answer is presumably "yes".

17
0

Is that a graphics driver on your shop's register – or a RAM-slurping bank card thief?

Simon Brady

Life imitating art?

Meanwhile, in the background, MalumPoS uses regular expressions to sift through memory and locate fresh credit card information.

http://xkcd.com/208/

0
0

Average enterprise 'using 71 services vulnerable to LogJam'

Simon Brady

The sins of the fathers

... the LogJam flaw shows how internet regulations and architecture decisions made more than 20 years ago are continuing to throw up problems.

Headlining El Reg in 2035:

"Modern internet vulnerable thanks to mid-2010s panic over paedophiles and terrorists. Also, Paris."

1
0

Are we looking at the first domain name meme? Neigh

Simon Brady

endless.horse.source

That was worth a Ctrl-U, just to learn that the Stupid Sh*t No One Needs & Terrible Ideas Hackathon is actually a thing.

Colleen Josephson, we salute you.

3
0

OpenFlow busts out of the data centre with 15,000-route Pacific test

Simon Brady

Re: what?

[Citation needed], but I'm guessing that's a reference to section 48 of the Telecommunications (Interception Capability and Security) Act 2013:

http://www.legislation.govt.nz/act/public/2013/0091/latest/DLM5178093.html

This requires network operators to advise the GCSB when they make changes within "areas of specified security interest" as defined in section 47. That section lists things like interception capability, storage of customer or network admin credentials, and parts of the network that aggregate large volumes of customer data (in flight or at rest). I'm neither a lawyer nor a network engineer, so hopefully someone better qualified can explain what this all means in practical terms.

0
0

OMFG – Emojis are killing off traditional 'net slang

Simon Brady

Re: Emoji vs emoticon

I'd always assumed that "emoji" was a portmanteau of the "emo" in emoticon and the Japanese "ji" meaning character (as in "kanji", literally "Han [Chinese] characters"), but it's actually a Japanese word in its own right.

Kenkyusha's New Japanese-English Dictionary (5th ed.) defines it as "a pictorial symbol; picture writing; a pictograph" and gives the kanji 絵文字 (絵 "e" means picture, as in the famous ukiyo-e art style, and 文字 "moji" means written character). According to the Japanese Wikipedia article on 絵文字 the first encoded emoji was the baseball symbol in CO-59, a 1959 interchange code used by a group of large newspapers (carried into Unicode as U+26BE).

3
0

How a hack on Prince Philip's Prestel account led to UK computer law

Simon Brady

The Hacker's Handbook

The Hacker's Handbook was one of my most prized possessions as a spotty teenager. Reading the text now (http://www.textfiles.com/etext/MODERN/hhbk), I have to smile at gems like this:

"Hacking is an activity like few others: it is semi-legal, seldom encouraged, and in its full extent so vast that no individual or group, short of an organisation like GCHQ or NSA, could hope to grasp a fraction of the possibilities."

They sure got that right...

5
0

Canadian bloke refuses to hand over phone password, gets cuffed

Simon Brady
Big Brother

Not just Canada

Here in NZ they want a blanket right to demand passwords even without reasonable cause:

http://www.stuff.co.nz/technology/digital-living/67021305/kiwis-unhappy-about-customs-computer-search-plan

But it's okay, they promise not to disclose any lawful content and we all know government agencies never abuse their powers.

9
0

Your hard drives were RIDDLED with NSA SPYWARE for YEARS

Simon Brady

Use the source, Luke

Is there really "zero chance" the malware authors could hack drive firmware without access to the source code? Sure, publicly available firmware binaries are probably obfuscated in nasty ways and would require a lot of reverse engineering even after decryption, but why should that be beyond the ability of a well-resourced organisation like the NSA? There's a long tradition of amateurs hacking DVD-ROM firmware to disable region locking, for example - if J. Random Hacker can do this in the comfort of their own basement, why can't the professionals do it on a grander scale?

16
1

Solaris fix-it firm offers free BASH patch for legacy Oracle kit

Simon Brady

I'm no lawyer, but their Support Terms of Use make it pretty clear that you can't access the site for the purpose of giving your customers something they aren't entitled to themselves:

"You agree that access to the Support Portal, including access to the service request function, will be granted only to your designated support contacts and that the Materials may be used only in support of your authorized use of the Oracle product and/or cloud services for which you have a current support contract. Except as specifically provided in your agreement with Oracle, the Materials may not be used to provide services for or to third parties and may not be shared with or accessed by third parties."

Where it gets murky is the situation you've described, where you pick up knowledge in the course of your authorised access that happens to be helpful to a third party sometime in the future. My guess would be that saying "oh hey, I have a downloaded copy of a support article that might come in handy here" is out, but saying "I've hit this problem before and I remember what the fix was" is ok - unless Oracle want to claim they own the part of your brain holding their content, of course...

It sounds like the behaviour described in the article, offering patches you've written yourself without access to licensed support material, is quite different from what they're squabbling about in the lawsuit. Whether it contravenes some other license clause is a whole separate question.

0
0

Scientists skeptical of Lockheed Martin's truck-sized FUSION reactor breakthrough boast

Simon Brady
Coat

Gentlemen, you can't fight in here! This is the War Room!

Interesting that out of all the potential applications they chose to highlight powering aircraft. With the level of scepticism they must have expected, surely the last thing they need is to remind people of the 1950s atomic-power-will-solve-everything optimism that fuelled the Aircraft Nuclear Propulsion programme. Then again, if they could demo this puppy in a B-36 I for one would buy tickets to watch.

(Mine's the one with the lead lining.)

0
0

Intel's SECRET Xeons: tell us what you think Chipzilla's hiding

Simon Brady

Re: Close with Z80 - but what about the 6502?

"Or better yet how about one which spins up half a million Z80 instances, half a million 6502, and none of those instances would talk to each other?"

Just the ticket for anyone wanting to virtualise half a million Commodore 128s (and who doesn't?).

2
0

IBM Hursley Park: Where Big Blue buries the past, polishes family jewels

Simon Brady

On the A3090

Good address for an IBM site.

5
0

As WinXP death looms, Microsoft releases its operating system SOURCE CODE for free

Simon Brady
Coat

Re: Are you insane?

"Black hats would be combing it over for vulnerabilities applicable to Vista, 7, 8, and 8.1 too."

So the same as MS-DOS 1.1 then.

24
2

HPC geeks ponder 100 petafloppers and quantum supercomputers

Simon Brady

Re: How do you rank them?

I propose a new unit of unquantifiable performance, the Wally:

http://dilbert.com/strips/comic/2012-04-17/

0
0

Thanks, NSA: Amazon sales of Orwell's 1984 rise 9,500%

Simon Brady

Re: Orwell vs Huxley

> TOTALLY! Shades of Pink Floyd's "The Wall" HA!

Or the Roger Waters solo album Amused to Death, which was inspired by Postman.

0
0

Are you in charge of a lot of biz computers? Got Java on them?

Simon Brady

Re: Upgrading from JRE 1.6

To be fair to Oracle, EBS has been certified with JRE 7 since December:

https://blogs.oracle.com/stevenChan/entry/jre_7_certified_with_oracle

The Metalink notes say they also support IE9 and Firefox ESR 17 on Win7. I have a lot of gripes about how Oracle handles certification and patching in general, but in this case the criticism isn't justified.

0
0

Maybe don't install that groovy pirated Android keyboard

Simon Brady

Re: "Should custom Android keyboards even be allowed?"

Of course not, because why would any phone user ever need an input method for a language that doesn't come pre-installed by their provider? If English was good enough for Our Lord it should be good enough for us.

0
0

6 London boroughs haul all their kit to 1 Oracle biz product

Simon Brady

What could possibly go wrong?

This worked a treat in Western Australia:

http://www.itnews.com.au/News/262924,western-australia-to-scrap-shared-it-services-office.aspx

0
0

Apple launches three-pronged education assault

Simon Brady

Somebody think of the mathematicians!

In maths TeX and its cubs are pretty much the standard for writing technical books. Surely Apple know the education sector well enough to realise this, and don't expect serious authors to use drag-and-droolware?

2
1

Now Russians can't even contact their busted Mars probe

Simon Brady

Phobos-Grunt

Am I the only one who hears the Quake 3 announcer voice when they read the probe's name?

1
0

Japanese erections named 'Bollox', 'Wonder Device'

Simon Brady

Never mind the borokkusu

To be fair to the company, I can see how they might have got the name. The katakana (Japanese syllabic text) stamped on the logo reads ボロックス "borokkusu". That's also how you'd transliterate the English word "blocks" into Japanese - the extra vowels turn up because Japanese is built around what we'd consider to be consonant-vowel syllables. Since the Bollox range seems to be owner-designed kitset-style homes, "blocks" almost makes sense.

Then again I'm nowhere near fluent in Japanese, so this could all be a load of borrokusu.

2
0

Cameron cocks up UK's defences - and betrays Afghan troops

Simon Brady

Nimrod R1 retirement

Last I heard the R1 was slated for retirement in 2011, to be replaced by Rivet Joint:

http://www.flightglobal.com/articles/2010/03/22/339763/uk-approves-rivet-joint-purchase.html

Has the defence review said anythng about this?

0
0

Malware forces Firefox to save passwords

Simon Brady

@ Chemist

> So how is nsLoginManagerPrompter.js modified under Windows - is it

> only people running as admin ? The article doesn't make it clear.

Well firefox.exe runs as the logged-in user, and by default unprivileged users only have read/exec privs on the Program Files directory tree. So short of finding some sneaky way to subvert a privileged service (Windows equivalent of daemon), it's hard to see how this could work without admin rights.

The more interesting part of question - which neither El Reg nor Webroot answer - is how FF is tricked into modifying this file even if the user does have write access to it. Presumably it's not an arbitrary file overwrite vuln or the trojan would be doing much worse mischief. I can't find any relevant mention of nsLoginManagerPrompter.js on bugzilla.mozilla.org, so I guess either the Mozilla team are quietly fixing this or the whole thing is bogus.

0
0
Simon Brady

To be fair, not just Linux

> The global .js files on Linux are protected.

So are the global .js files on Windows, unless the user runs with Admin rights. Yes, I know lots of users do, but "I'm safe because I don't run as root" is different from "I'm safe because I run <insert OS here>".

2
0

CUDA daddy muses on future GPUs

Simon Brady

Deja vu all over again

http://www.catb.org/~esr/jargon/html/W/wheel-of-reincarnation.html

But who needs history when you can have hype?

1
0

EC launches formal probes into IBM's mainframe biz

Simon Brady
WTF?

Apples and Oranges

So how is IBM tying z/OS licenses to IBM hardware any different from Apple tying MacOS licenses to Apple hardware?

And as long as the customer purchases a legit license, isn't talk of intellectual property rights irrelevant? Even if the clone-makers need to know the secret herbs and spices to support the OS, doesn't competition law allow the OS vendor to demand a "fair and non-discriminatory" license and NDA?

IANAL, obviously...

2
0

Forums