Nice recruiting method
This was a really good plan to find US citizens with security skills to recruit. Probably a lot cheaper and more effective than the usual recruitment methods.
140 posts • joined 10 Nov 2010
This was a really good plan to find US citizens with security skills to recruit. Probably a lot cheaper and more effective than the usual recruitment methods.
The criminals have gone to this much effort, I'm sure they can afford a VPN in the targets country so the locale matches. They would be doing that anyway to hide their IP, all it means is they have to pick the right VPN in their list...
Secondly the notifications that someone has logged in from a new device. Well these attacks are happening at 5am in the morning when everyone has their phone on silent...
They are aiming too high, hopefully things will calm down when the novelty wears off. We just want a simple display and buttons so we can read notifications and tell the time. Advanced features would be a gyro (for maps), touch screen (for zooming maps) and heart rate monitor.
We need a chip that does it pretty much all and let the watch manufacturers build the actual watches, maybe they can make something pretty and the price will be more reasonable.
Wow that sites a blast from the past.
Before you all go mad, just remember, if you're bothered I am sure there will be a way to use higher security.
I don't really see how this gets rid of passwords though? Surely it is just a better lock screen.
I think it's a good idea, currently I have my phone unlocked longer than I really should security wise. I have Google Authenticator on it and Android Pay which I really wouldn't want anyone using for nefarious reasons. So it's slightly better than no security.
Someone needs to create a program to tell you which certificates are normal default Windows and which ones have been added in and by who if possible.
This is the main issue! Somebody needs to be in charge and take the blame for failures.
What will be the result of all these failures? Who will be fined? Who will be fired? Nobody...
So they might as well just carry on with the current practice...
Not any more they aren't, check out the latest prices they hiked in case they had to freeze them for five years...
If Three had tried the merger before the BT-T-Mobile merger, would they have been allowed?
I don't think either merger should have been allowed. BT is heading towards a monopoly in every area, Internet, TV and now mobile phones. They seem to be unstoppable.
I live in a 3 bed semi with new windows, full 12" loft insulation, 100mm external insulated walls.
Your house doesn't get much more insulated than ours. I have done my calculations on real figures and the Nest paid for itself in a year.
I didn't buy it for cost savings, I just thought it looked pretty and I liked being able to control it with my phone. I very rarely use it via my phone as my house is well insulated and stays a consistent temperature. The dial only gets touched when one of us is ill and feeling the cold. But the auto-away feature is what saves the money.
You may hate Nest, but the fact is that smart thermostats work. The ability for it to automatically turn off the heating when you are not in the house and you forget to turn it off before you leave will save energy and money for nearly every household.
In general I'm pretty lazy when it comes to saving energy, but if it is more efficient and pays for itself, then it's a no brainer.
The only argument I have against them is the theoretical spying capabilities it adds to your house. But then with the amount of other internet connected devices I have at home with microphones and cameras, it is just one more addition to worry about.
OK get your guesses in, what was the embedded device?
I'm not saying it's right, but that's the law. It's there for a reason though, to make sure that employers actually do enforce health and safety and therefore increase safety. If they do enforce it and the employee still doesn't do as told then I think BT will be in the clear.
I'd imagine the reason this case will take 3 weeks is because they will be trying to prove they were enforcing it and this was one rogue employee, whereas the employee will be trying to say that wasn't the case which will require other people giving evidence etc.
Standard Health and Safety in that situation is that you should have a Harness & Lanyard when working at height. I can't imagine a company the size of BT would have broke the law and skipped training on this. So maybe they it was common practice for engineers to skip this on roofs and BT never enforced it, therefore they would be at blame...
We assumed that Windows would be kept for enterprise in the future, but when I look around my office, I only see about half the office that actually need real PC's. The other half simply need email, a browser, Word, Excel and PowerPoint. They could definitely go down the web OS route.
All the stupid complicated or legacy internal systems we use have been put on Citrix or RemoteApp as it is less effort for IT than trying to get them work on everyone's individual laptop.
I know of some solicitors that simple use their laptops to login to a remote desktop so that everything is kept secure in a remote location.
Maybe the future market for Windows is even smaller than we first thought.
I dust proofed my tower years ago as I got annoyed with my GFX card being covered in dust and slowing down. You just need positive air pressure to stop the dust getting in through all the gaps, push more clean air into the tower than can get out easily. (Remember the breaking bad episode with the fly and Walter creates positive air pressure in the cooking room to make it into a clean room?)
The fan blowing air in should have a filter in front of it. I got mine on eBuyer I think for a couple of quid. Of course you need to clean the filter every so often, at home that's once a year, at a building site it'd probably be more frequent. A quick vacuum from the outside does the job, you could even tell the cleaner to do it, it's pretty fool proof.
I like that he linked two different areas to get the desired effect of a session id linked to a different user. He obviously had a lot of fun thinking, how far can I take this? Watching paint dry game... genius.
You don't pay checkatrade, the businesses advertised there do. These businesses are checkatrade's customers and they won't do anything that would stop them paying them.
Just go look at roofers, the dodgiest business there is, yet the majority on checkatrade has a 99.7% approval rating?
Tax software used by accountants records passwords and keys required to file a tax return on behalf of a customer. There could be thousands of people in each DB depending on the size of the accountancy business. There has been cases before where this has been pilfered. There is no way to completely protect the information even if the software encrypts it in the DB as it need to be decrypted before it can be transmitted.
A proper process needs to be in place to avoid fraud.
Letters and emails should be sent on submission of a tax return and on advice of a refund on your tax.
There should be a delay in the refund to allow any fraud to be detected.
Address changes should have a process to avoid fraud, e.g. letter to old address informing them of the change, contact us if you didn't authorise this.
Bank details for refund, any changes again need to be written in a letter and a delay added to ensure any fraud is detected by the letter.
Agent bank details changes should require extra monitoring of any changes as the repercussions are so enormous.
Yes I agree, it is definitely a warning sign. If there is no way round the SQL Code to do what you want without using TOP 1, then you need to have a look at the schema and maybe redesign.
But I guess they say write first, optimize later if needed, which is probably what happened here.
The Amazon basics range isn't bad. The idea is to make a cheap basic product, but you know (hope) some amount of testing went on before they were allowed to give it the Amazon name.
I don't understand what the benefit of putting everything below water is? Why not just have a pier (or old lighthouse) with some heat pipes going into the sea. Wouldn't it be a lot easier to maintain?
Is it just me or are you constantly referring to locks when you mean keys? I was scratching my head the whole article wondering how you could photograph the inside of a lock... Then I watch the video and they are talking about keys...
People aren't as smart as they like to think they are. Simple techniques would catch lots of these people. Lets face it they aren't the smartest of individuals otherwise they wouldn't have gone down this route. Usually their life is crap so they need something to devote it to.
Are you serious, you can't think of anything?
Someone reports a suspected terrorist, You look up there browsing history and message logs and find out yes this guy is definitely a terrorist. Pass it on to your colleagues to be investigated thoroughly. Maybe nothing is found, but that doesn't rule them out, you just pass it on saying needs more investigation, no corroborating on line information found.
It's a first line process that would save them lots of time and help ensure that a lot of people who need investigating are investigated with priority. That's just one thing, finding links with other people etc. priceless.
The question I believe is more a case of, just because we can do this, should we? I am of the opinion no we shouldn't, it is too much power to put in the hands of a few people who have shown they cannot be trusted to follow the gesture of law, happy to bend the law to the absolute maximum which is was never envisioned for. Power corrupts, it's one of the certain things in life. I'd rather we prioritised keeping the country safe from corruption than an improvement on fighting terrorists. I know a lot of people would disagree on that which I put down to fear mongering by the government, but that is the question it comes down to in my opinion.
I know there is a lot of hate here, but the one thing I love about it is that you set what temperature you want the house to be at a certain time and it learns how long it takes your house to warm up after the heating is turned on. So if I want it hot by 7am, it will turn it on at 6:42 knowing it takes 18 minutes. (Before my solid brick house had external insulation added it came on 45 minutes beforehand! But then automatically reconfigured itself after the house insulation was added)
Also the amount of times I've gone out for the day and forgot to turn off the heating but it realises I'm not home and turns it off itself to save me heating. I'm certain the thing has paid for itself over the last year.
I've always gone out and bought the latest fastest domestic routers and installed tomato on it, but the power has always been lacking. I have considered building my own out of a PC, but object to the power usage and build cost for this just to get basic things like decent VPN speed.
I hope this is a sign of a new era of non-shitty domestic routers.
I know some of the other people in this list may have greater achievements, but I will always remember switching to zmodem as the transfer protocol to speed things up. It didn't matter if it was via a home made null cable from my amiga to my 386, or for dialling up to the local BBS (or the odd international BBS - sorry dad!), you always knew that zmodem was the best choice.
Very good point! What I was thinking?
We know from the Snowden leaks that GCHQ are recording this info and more, so why make the ISPs do it too? Is it simply so it can be legally accessed by the police?
Can anyone explain what these hackers are actually doing once they get in to the air gapped network?
With the network being air gapped it must be very hard to get the data out, examine the system, do anything really as you have no feedback?
I can understand attacking the air gapped nuclear centrifuges, because you don't need to get any data out...
Do you trust the sellers to only sell an account to one person? Sell it to multiple people and then it will become like bugmenot and whack a mole to find an account that actually works from your list.
The chip that supports Galileo is the BCM4774. Googling it I couldn't find any phone that currently uses it. The very latest phones released this month seem to use BCM4773 which is the previous version which doesn't support Galileo.
Interestingly the BCM4773 supports the russian system GLASNOSS and the Chinese system Beidou.
So maybe give it a year?
Exactly. This is incompetence from both sides.
The people trying to login are so incompetent they can't do basic troubleshooting, so they pass it on to the techie. But unfortunately the techie although knowledgeable enough to fix the issue, is socially incompetent, so doesn't call the company to "clarify" the situation beforehand and save a trip.
I thought since chip and pin came out here in the UK you could no longer swipe. I know there was a switch over period where you could do both, but are we not past that now? Are the systems backwards compatible for foreigners perhaps?
Does swipe still work anywhere in the UK?
It went down for me at about 9pm last night for certain routes. It started working again at about 1pm today.
The worst thing was there was no easy way to report it to BT, you can only report a BT broadband issue by going to their website and running the broadband live test, which we couldn't access!
After reading about the exploit of NTP Daemon, it makes me wonder if someone could broadcast something nearby to make this less random, or is this impossible due to the frequency of the radiation?
Don't underestimate the police. They can also check your browsing history during this time. but there won't be any... hence reason to believe you did not have your phone with you.
Also I wouldn't be surprised if your phone records when it was idle somewhere on the device if they manage to get physical access to it.
Once they do that, there's very little left to upgrade and no money to be made. BT would rather drag it out, bit by bit, upgrade after upgrade.
The title is Google draws a line in the sand, but then in the article you do not mention drawing a line in the sand anywhere. What are you referring to?
I noticed a similar bug a couple of years with Halifax. I set up a standing order to a friend to pay them some money. I put in the sort code and account number. Once complete it showed my friends account name in my standing order list (initials and surname), yet I had never entered it. (They were also a Halifax customer). I tried one other random account number changing the last digit till I got one that worked and sure enough it showed me their name...
I wasn't really sure what I could do with this info, then a week later this "feature" had vanished.
I actually think Microsoft are on to something with the 'One Windows' strategy. But to think they can just release an OS update and suddenly have success in the mobile segment is crazy. This is going to take years to gradually increase their growth and capabilities in each segment, and its not like Apple and Google are going to sit around and do nothing in all those years.
So actually thinking that through, Microsoft probably realise if they play the long game they are screwed, most of us will have moved to a web style laptop in 10 years such as Chrome OS, leaving them just the office workers using desktop Windows. So they are frantically trying to make the long game a quick game, but I'm not sure that's possible... I guess they might as well go down fighting.
I always find the ads out of date. I look up something, buy it from amazon, then get ads on amazon for the exact thing I just bought for the next week. No I don't need it, I just bought one from you!
Absolutely AWS is the main fault here, it is open for abuse. The worst thing is this guy phoned AWS support and told them what happened, but they still let all these services be created overnight. Surely you have a big red button that support can hit that says this account has been compromised, don't allow anything else which costs to run. But no support tell him to clean up the system himself and their "block" didn't actually work.
I'd refuse to pay Amazon saying they were negligent.
I am 5 metres away from the cabinet. BT send the cable about 100m down the road away from my house, up the telegraph pole then back through the air to the top of my house, all the way down the house and then in at the ground level.
I've a good mind to just dig a trench myself, put the cable in and pay the next BT man that turns up to the cabinet (which seems to be every other day) £20 to wire it up in the cabinet.
I find it hilarious they are accusing Sky of having a monopoly on TV when it is clear that BT is trying to become the TV monopoly. Look at the amount they paid for the football rights, now cricket, Sky has lost loads to BT, but they still complain because they want every single piece of the TV market so people have to use BT.
My plan was to hide the real CCTV system behind a fake wall in the attic made with brick slips, while leaving a fake CCTV box with CCTV written on it in big white letters next to it with some cables going into somewhere hidden and secured. It'd fool me.
More interesting than the WSUS and ARP spoofing is the awareness of the fact you could easily make a usb device with an arduino to spoof being a certain piece of hardware. That gives you the ability to install 533 different kernel drivers from 3rd parties. There has to be an exploit in one of them. No doubt one of our government agencies will probably have such a device already.
Just one more attack hole to add to the theory that if you have physical access, it's game over.
It's not like Conan goes on Twitter himself and steals the jokes. It will be one of his writers who are paid to come up with jokes for him that stole it.
Those features are kind of gimmicky and not really essential, so I don't mind so much. Google haven't sorted out Google Pay yet, so NFC use is marginal unless you have your own tags. From my experience using my own tags, it's not worth the hassle, anything you can do with a tag you can do with tasker and a custom button.
I tried wireless for a year replacing every charger with wireless, after a year I had to admit to myself it was just a gimmick. It takes longer to charge the phone when doing it wireless, you have to get the phone aligned perfectly and it heats up (which won't be good with this snapdragon processor). Lets face it, it takes 2 seconds to plug it in for better results.
I was tidying up our DB a couple of years ago and found some Irish addresses with no Post Code. After a bit of Googling I was shocked to find there was no post code system. I didn't actually believe it and just moved on to something else.