* Posts by Peter 26

140 posts • joined 10 Nov 2010

Page:

Hack the Pentagon shutters 100 bugs

Peter 26

Nice recruiting method

This was a really good plan to find US citizens with security skills to recruit. Probably a lot cheaper and more effective than the usual recruitment methods.

1
0

TeamViewer beefs up account security after rash of PC, Mac hijacks

Peter 26

Will these extras have much effect?

The criminals have gone to this much effort, I'm sure they can afford a VPN in the targets country so the locale matches. They would be doing that anyway to hide their IP, all it means is they have to pick the right VPN in their list...

Secondly the notifications that someone has logged in from a new device. Well these attacks are happening at 5am in the morning when everyone has their phone on silent...

5
0

Smartwatches: I hate to say ‘I told you so’. But I told you so.

Peter 26

Still useful, just not as much as they thought

They are aiming too high, hopefully things will calm down when the novelty wears off. We just want a simple display and buttons so we can read notifications and tell the time. Advanced features would be a gyro (for maps), touch screen (for zooming maps) and heart rate monitor.

We need a chip that does it pretty much all and let the watch manufacturers build the actual watches, maybe they can make something pretty and the price will be more reasonable.

4
0

Microsoft won't back down from Windows 10 nagware 'trick'

Peter 26

Re: My opinion on this?

Wow that sites a blast from the past.

Shield's Up!

29
0

Google to kill passwords on Android, replace 'em with 'trust scores'

Peter 26

The end of passwords?

Before you all go mad, just remember, if you're bothered I am sure there will be a way to use higher security.

I don't really see how this gets rid of passwords though? Surely it is just a better lock screen.

I think it's a good idea, currently I have my phone unlocked longer than I really should security wise. I have Google Authenticator on it and Android Pay which I really wouldn't want anyone using for nefarious reasons. So it's slightly better than no security.

6
13

Hacked in a public space? Thanks, HTTPS

Peter 26

Someone needs to create a program to tell you which certificates are normal default Windows and which ones have been added in and by who if possible.

0
0

Non-police orgs merrily accessed PNC without authority, says HMIC

Peter 26

Re: Three body problem

This is the main issue! Somebody needs to be in charge and take the blame for failures.

What will be the result of all these failures? Who will be fined? Who will be fired? Nobody...

So they might as well just carry on with the current practice...

11
0

EU vetoes O2 and Three merger: Hutchison mulls legal challenge

Peter 26

Re: Dam

Not any more they aren't, check out the latest prices they hiked in case they had to freeze them for five years...

1
0
Peter 26

If Three had tried the merger before the BT-T-Mobile merger, would they have been allowed?

I don't think either merger should have been allowed. BT is heading towards a monopoly in every area, Internet, TV and now mobile phones. They seem to be unstoppable.

5
0

Google, Honeywell put away Nest patent knives

Peter 26

Re: Allow me to point out something...

I live in a 3 bed semi with new windows, full 12" loft insulation, 100mm external insulated walls.

Your house doesn't get much more insulated than ours. I have done my calculations on real figures and the Nest paid for itself in a year.

I didn't buy it for cost savings, I just thought it looked pretty and I liked being able to control it with my phone. I very rarely use it via my phone as my house is well insulated and stays a consistent temperature. The dial only gets touched when one of us is ill and feeling the cold. But the auto-away feature is what saves the money.

You may hate Nest, but the fact is that smart thermostats work. The ability for it to automatically turn off the heating when you are not in the house and you forget to turn it off before you leave will save energy and money for nearly every household.

In general I'm pretty lazy when it comes to saving energy, but if it is more efficient and pays for itself, then it's a no brainer.

The only argument I have against them is the theoretical spying capabilities it adds to your house. But then with the amount of other internet connected devices I have at home with microphones and cameras, it is just one more addition to worry about.

0
0

Hacking Team hole still unpatched, exploit pop doc claims

Peter 26

What's the embedded device?

OK get your guesses in, what was the embedded device?

0
0

BT hauled into Old Bailey after engineer's 7-metre fall broke both his ankles

Peter 26

Re: More than reported here?

I'm not saying it's right, but that's the law. It's there for a reason though, to make sure that employers actually do enforce health and safety and therefore increase safety. If they do enforce it and the employee still doesn't do as told then I think BT will be in the clear.

I'd imagine the reason this case will take 3 weeks is because they will be trying to prove they were enforcing it and this was one rogue employee, whereas the employee will be trying to say that wasn't the case which will require other people giving evidence etc.

8
0
Peter 26

Re: More than reported here?

Standard Health and Safety in that situation is that you should have a Harness & Lanyard when working at height. I can't imagine a company the size of BT would have broke the law and skipped training on this. So maybe they it was common practice for engineers to skip this on roofs and BT never enforced it, therefore they would be at blame...

12
0

Windows 7's grip on the enterprise desktop is loosening

Peter 26

Does everyone need Windows at work?

We assumed that Windows would be kept for enterprise in the future, but when I look around my office, I only see about half the office that actually need real PC's. The other half simply need email, a browser, Word, Excel and PowerPoint. They could definitely go down the web OS route.

All the stupid complicated or legacy internal systems we use have been put on Citrix or RemoteApp as it is less effort for IT than trying to get them work on everyone's individual laptop.

I know of some solicitors that simple use their laptops to login to a remote desktop so that everything is kept secure in a remote location.

Maybe the future market for Windows is even smaller than we first thought.

19
0

You can't dust-proof a PC with kitchen-grade plastic food wrap

Peter 26

Positive Air Pressure

I dust proofed my tower years ago as I got annoyed with my GFX card being covered in dust and slowing down. You just need positive air pressure to stop the dust getting in through all the gaps, push more clean air into the tower than can get out easily. (Remember the breaking bad episode with the fly and Walter creates positive air pressure in the cooking room to make it into a clean room?)

The fan blowing air in should have a filter in front of it. I got mine on eBuyer I think for a couple of quid. Of course you need to clean the filter every so often, at home that's once a year, at a building site it'd probably be more frequent. A quick vacuum from the outside does the job, you could even tell the cleaner to do it, it's pretty fool proof.

10
0

Teen tricks leaky Valve into publishing hot new Steam game: Watching Paint Dry

Peter 26

Clever

I like that he linked two different areas to get the desired effect of a session id linked to a different user. He obviously had a lot of fun thinking, how far can I take this? Watching paint dry game... genius.

5
0

Review sites commit to address UK regulator's concerns

Peter 26

Re: Checkatrade

You don't pay checkatrade, the businesses advertised there do. These businesses are checkatrade's customers and they won't do anything that would stop them paying them.

Just go look at roofers, the dodgiest business there is, yet the majority on checkatrade has a 99.7% approval rating?

3
0

Crims unleashed IRS-stabbing malware in bid to rob 464,000 people

Peter 26

Similar issue with Tax Software used by Accountants

Tax software used by accountants records passwords and keys required to file a tax return on behalf of a customer. There could be thousands of people in each DB depending on the size of the accountancy business. There has been cases before where this has been pilfered. There is no way to completely protect the information even if the software encrypts it in the DB as it need to be decrypted before it can be transmitted.

A proper process needs to be in place to avoid fraud.

Letters and emails should be sent on submission of a tax return and on advice of a refund on your tax.

There should be a delay in the refund to allow any fraud to be detected.

Address changes should have a process to avoid fraud, e.g. letter to old address informing them of the change, contact us if you didn't authorise this.

Bank details for refund, any changes again need to be written in a letter and a delay added to ensure any fraud is detected by the letter.

Agent bank details changes should require extra monitoring of any changes as the repercussions are so enormous.

0
0

Scary RAM-gobbling bug in SQL Server 2014 exposed by Visual Studio online outage

Peter 26

Re: How do you mess that one up?

Yes I agree, it is definitely a warning sign. If there is no way round the SQL Code to do what you want without using TOP 1, then you need to have a look at the schema and maybe redesign.

But I guess they say write first, optimize later if needed, which is probably what happened here.

3
0

'Dodgy Type-C USB cable fried my laptop!'

Peter 26

Re: Oh, for a sensible cable...

The Amazon basics range isn't bad. The idea is to make a cheap basic product, but you know (hope) some amount of testing went on before they were allowed to give it the Amazon name.

10
1

Microsoft sinks to new depths with underwater data centre experiment

Peter 26
WTF?

Why put it all below water?

I don't understand what the benefit of putting everything below water is? Why not just have a pier (or old lighthouse) with some heat pipes going into the sea. Wouldn't it be a lot easier to maintain?

15
1

KeysForge will give you printable key blueprints using a photo of a lock

Peter 26

I'm confused

Is it just me or are you constantly referring to locks when you mean keys? I was scratching my head the whole article wondering how you could photograph the inside of a lock... Then I watch the video and they are talking about keys...

21
0

UK Home Sec stumbles while trying to justify blanket cyber-snooping

Peter 26

People aren't as smart as they like to think they are. Simple techniques would catch lots of these people. Lets face it they aren't the smartest of individuals otherwise they wouldn't have gone down this route. Usually their life is crap so they need something to devote it to.

0
0
Peter 26

Are you serious, you can't think of anything?

Someone reports a suspected terrorist, You look up there browsing history and message logs and find out yes this guy is definitely a terrorist. Pass it on to your colleagues to be investigated thoroughly. Maybe nothing is found, but that doesn't rule them out, you just pass it on saying needs more investigation, no corroborating on line information found.

It's a first line process that would save them lots of time and help ensure that a lot of people who need investigating are investigated with priority. That's just one thing, finding links with other people etc. priceless.

The question I believe is more a case of, just because we can do this, should we? I am of the opinion no we shouldn't, it is too much power to put in the hands of a few people who have shown they cannot be trusted to follow the gesture of law, happy to bend the law to the absolute maximum which is was never envisioned for. Power corrupts, it's one of the certain things in life. I'd rather we prioritised keeping the country safe from corruption than an improvement on fighting terrorists. I know a lot of people would disagree on that which I put down to fear mongering by the government, but that is the question it comes down to in my opinion.

9
0

Nest thermostat owners out in the cold after software update cockup

Peter 26
Angel

Re: I can handle this one

I know there is a lot of hate here, but the one thing I love about it is that you set what temperature you want the house to be at a certain time and it learns how long it takes your house to warm up after the heating is turned on. So if I want it hot by 7am, it will turn it on at 6:42 knowing it takes 18 minutes. (Before my solid brick house had external insulation added it came on 45 minutes beforehand! But then automatically reconfigured itself after the house insulation was added)

Also the amount of times I've gone out for the day and forgot to turn off the heating but it realises I'm not home and turns it off itself to save me heating. I'm certain the thing has paid for itself over the last year.

1
0

Amazon drafts blueprints for its own home router, IoT gateway ARM chips

Peter 26

New era for domestic routers

I've always gone out and bought the latest fastest domestic routers and installed tomato on it, but the power has always been lacking. I have considered building my own out of a PC, but object to the power usage and build cost for this just to get basic things like decent VPN speed.

I hope this is a sign of a new era of non-shitty domestic routers.

2
0

Remembering those who logged off in 2015

Peter 26

Re: Chuck Forsberg - Zmodem

I know some of the other people in this list may have greater achievements, but I will always remember switching to zmodem as the transfer protocol to speed things up. It didn't matter if it was via a home made null cable from my amiga to my 386, or for dialling up to the local BBS (or the odd international BBS - sorry dad!), you always knew that zmodem was the best choice.

12
0

New gear needed to capture net connection records, say ISPs

Peter 26
Thumb Up

Re: Isn't this just duplication of work?

Very good point! What I was thinking?

0
0
Peter 26

Isn't this just duplication of work?

We know from the Snowden leaks that GCHQ are recording this info and more, so why make the ISPs do it too? Is it simply so it can be legally accessed by the police?

6
0

Russian "Pawn Storm" expands, rains hell on NATO, air-gapped PCs

Peter 26

How do you get the data out?

Can anyone explain what these hackers are actually doing once they get in to the air gapped network?

With the network being air gapped it must be very hard to get the data out, examine the system, do anything really as you have no feedback?

I can understand attacking the air gapped nuclear centrifuges, because you don't need to get any data out...

3
0

50c buys you someone else's password for Netflix, Spotify or ...

Peter 26
Thumb Down

Not worth 50c

Do you trust the sellers to only sell an account to one person? Sell it to multiple people and then it will become like bugmenot and whack a mole to find an account that actually works from your list.

0
0

Galileo, Galileo, Galileo good two go

Peter 26

Re: I cant really understand

The chip that supports Galileo is the BCM4774. Googling it I couldn't find any phone that currently uses it. The very latest phones released this month seem to use BCM4773 which is the previous version which doesn't support Galileo.

Interestingly the BCM4773 supports the russian system GLASNOSS and the Chinese system Beidou.

So maybe give it a year?

http://gpsworld.com/all-constellation-receiver-gnss-location-hub-for-smartphones-with-galileo-support/

2
0

Outsourcer didn't press ON switch, so Reg reader flew 15 hours to do the job

Peter 26

Exactly. This is incompetence from both sides.

The people trying to login are so incompetent they can't do basic troubleshooting, so they pass it on to the techie. But unfortunately the techie although knowledgeable enough to fix the issue, is socially incompetent, so doesn't call the company to "clarify" the situation beforehand and save a trip.

15
0

Hacker predicts AMEX card numbers, bypasses chip and PIN

Peter 26

Is there anywhere in the UK that still allows just using the magnetic strip?

I thought since chip and pin came out here in the UK you could no longer swipe. I know there was a switch over period where you could do both, but are we not past that now? Are the systems backwards compatible for foreigners perhaps?

Does swipe still work anywhere in the UK?

0
0

Yesterday: Openreach boss quits. Today: BT network goes TITSUP

Peter 26

Fixed for me

It went down for me at about 9pm last night for certain routes. It started working again at about 1pm today.

The worst thing was there was no easy way to report it to BT, you can only report a BT broadband issue by going to their website and running the broadband live test, which we couldn't access!

6
0

Big Bang left us with a perfect random number generator

Peter 26

Could this be faked

After reading about the exploit of NTP Daemon, it makes me wonder if someone could broadcast something nearby to make this less random, or is this impossible due to the frequency of the radiation?

4
0

Cops gain access to phone location data

Peter 26

Re: This is a good thing for smart criminals

Don't underestimate the police. They can also check your browsing history during this time. but there won't be any... hence reason to believe you did not have your phone with you.

Also I wouldn't be surprised if your phone records when it was idle somewhere on the device if they manage to get physical access to it.

0
0

UK.gov finally promises legally binding broadband service obligation – by 2020

Peter 26

Re: Copper cruft ... we need FTTP

Once they do that, there's very little left to upgrade and no money to be made. BT would rather drag it out, bit by bit, upgrade after upgrade.

1
1

New Nexus 5X, 6P smarties: Google draws a line in the sand

Peter 26
WTF?

Google draws a line in the sand?

The title is Google draws a line in the sand, but then in the article you do not mention drawing a line in the sand anywhere. What are you referring to?

29
0

UK's Lloyds Banking Group scrambles to patch account-snooping security hole

Peter 26

Halifax has a similar bug a couple of years ago

I noticed a similar bug a couple of years with Halifax. I set up a standing order to a friend to pay them some money. I put in the sort code and account number. Once complete it showed my friends account name in my standing order list (initials and surname), yet I had never entered it. (They were also a Halifax customer). I tried one other random account number changing the last digit till I got one that worked and sure enough it showed me their name...

I wasn't really sure what I could do with this info, then a week later this "feature" had vanished.

2
0

'One Windows' crunch time: Microsoft tempts with glittery new devices

Peter 26
Windows

MS on to something with the 'One Windows' strategy?

I actually think Microsoft are on to something with the 'One Windows' strategy. But to think they can just release an OS update and suddenly have success in the mobile segment is crazy. This is going to take years to gradually increase their growth and capabilities in each segment, and its not like Apple and Google are going to sit around and do nothing in all those years.

So actually thinking that through, Microsoft probably realise if they play the long game they are screwed, most of us will have moved to a web style laptop in 10 years such as Chrome OS, leaving them just the office workers using desktop Windows. So they are frantically trying to make the long game a quick game, but I'm not sure that's possible... I guess they might as well go down fighting.

8
1

KARMA POLICE: GCHQ spooks spied on every web user ever

Peter 26

Re: Done commercially all the time...

I always find the ads out of date. I look up something, buy it from amazon, then get ads on amazon for the exact thing I just bought for the next week. No I don't need it, I just bought one from you!

8
0

Bloke clicks GitHub 'commit' button in Visual Studio, gets slapped with $6,500 AWS bill

Peter 26

Re: This is the kind of thing that keeps me up at night

Absolutely AWS is the main fault here, it is open for abuse. The worst thing is this guy phoned AWS support and told them what happened, but they still let all these services be created overnight. Surely you have a big red button that support can hit that says this account has been compromised, don't allow anything else which costs to run. But no support tell him to clean up the system himself and their "block" didn't actually work.

I'd refuse to pay Amazon saying they were negligent.

4
10

BT commences trials of copper-to-the-home G.fast broadband tech

Peter 26

Re: Here I am promised "60-70" getting 20-30...

I am 5 metres away from the cabinet. BT send the cable about 100m down the road away from my house, up the telegraph pole then back through the air to the top of my house, all the way down the house and then in at the ground level.

I've a good mind to just dig a trench myself, put the cable in and pay the next BT man that turns up to the cabinet (which seems to be every other day) £20 to wire it up in the cabinet.

1
0

That thing we do in the UK? Should be ILLEGAL in the US, moans ex-State monopoly BT

Peter 26
WTF?

SKY TV Monopoly

I find it hilarious they are accusing Sky of having a monopoly on TV when it is clear that BT is trying to become the TV monopoly. Look at the amount they paid for the football rights, now cricket, Sky has lost loads to BT, but they still complain because they want every single piece of the TV market so people have to use BT.

4
4

Safe as houses: CCTV for the masses

Peter 26

Re: Camera system, what camera system?

My plan was to hide the real CCTV system behind a fake wall in the attic made with brick slips, while leaving a fake CCTV box with CCTV written on it in big white letters next to it with some cables going into somewhere hidden and secured. It'd fool me.

4
0

Slippery Windows Updates' SOAP bubbles up SYSTEM priveleges

Peter 26

More interesting than the WSUS and ARP spoofing is the awareness of the fact you could easily make a usb device with an arduino to spoof being a certain piece of hardware. That gives you the ability to install 533 different kernel drivers from 3rd parties. There has to be an exploit in one of them. No doubt one of our government agencies will probably have such a device already.

Just one more attack hole to add to the theory that if you have physical access, it's game over.

3
0

Twitter will delete jokes after a DMCA takedown – but NOT my photos, fumes angry snapper

Peter 26

Re: repeat after me

It's not like Conan goes on Twitter himself and steals the jokes. It will be one of his writers who are paid to come up with jokes for him that stole it.

1
2

OnePlus 2: The smartie that's trying to outsmart Google's Android

Peter 26

Re: Nice

Those features are kind of gimmicky and not really essential, so I don't mind so much. Google haven't sorted out Google Pay yet, so NFC use is marginal unless you have your own tags. From my experience using my own tags, it's not worth the hassle, anything you can do with a tag you can do with tasker and a custom button.

I tried wireless for a year replacing every charger with wireless, after a year I had to admit to myself it was just a gimmick. It takes longer to charge the phone when doing it wireless, you have to get the phone aligned perfectly and it heats up (which won't be good with this snapdragon processor). Lets face it, it takes 2 seconds to plug it in for better results.

9
3

Ireland loses entire airport amid new postcode chaos

Peter 26

Welcome to 20th err 21st Century Ireland

I was tidying up our DB a couple of years ago and found some Irish addresses with no Post Code. After a bit of Googling I was shocked to find there was no post code system. I didn't actually believe it and just moved on to something else.

1
0

Page:

Forums