45 posts • joined 26 Feb 2011
End of Intenet Security as we know it?
Wiretapping is one thing. If the NSA have unique maths or brute force supercomputer farms to achieve this, I'd be less concerned. But the idea of cheating by subverting the very algorithms, standards, softwares and hardwares we trust have placed the entire eco-system at risk. Every user and organisation across the globe is potentially compromised. Not by a wiretap per-se, but because they may be using protocols and cryptos that have been wilfully compromised.
I can only come to one real swift, simple conclusion about this. This news effectively declared the Internet to no longer be a safe place to perform secure business transactions of any kind. That’s the real message I’m picking up here. So it is my view that any bank, merchant, e-tailer or credit card service that remains online from this day forward have assumed an implicit responsibility for choosing to do so. I’d love to see the typical “we’re secure, so it must be your fault, you’ve been phished etc” defense beat down in court against this backdrop!
I must be missing something...
The whole concept sounds unnecessary and underwhelming. What problem is this trying to solve other than more cloud for cloud sake? Let's think about the kinds of info that can be present in logs; firewall activity exposing all sorts of IP, topology and traffic info, or authentication logs packed with firstname.lastname login ID's. Bundle in some activity/usage logging linkable to those ID's and these innocent logs have quickly become Personally Identifiable Information.
And just look at that sweet list of age old insecure/unencrypted logging protocols. I checked the website and there is no VPN offering or even one use of the word "security" in the product overview an FAQ. See icon.
Am I the only one thinking that it's still way too early for BYOD to start blaming that as a significant factor?
Yet another tough hand of justice dished out from the ICO to a public body and public purse.
But if a private business is involved in a data offence, they get away with blaming it on a rogue employee or third party, receive big hug from the ICO and "guidance" to ensure it doesn't happen again.
Love the above comments
... that's all. Spot on!
They overpayed, should be £0* :-)
As per "http://www.europe-v-facebook.org/" I am more interested in the alleged 16 counts of Data Protection Act violations inherent in their service framework. Or the fact that they went on public record stating that they will not honour the lawful 40 day response time for Subject Access Requests if the volume of requests is too high. I don't believe the DPA makes any provision for such excuses?
So in other words, if they cannot operate lawfully within the boundaries of UK/EU Law, they should not exist. Unfortunately we have seen the Irish Data Commissioner only issue "non binding recommendations" - nice to see the usual “one rule for big business, one rule for everyone else” principles of the regulators is alive and well.
So in terms of their accounts and tax, I offer an interpretation that they're not that dishonest after all. Because I would give their European operations a valuation of £0 because if they are non-compliant with the laws in those territories, with any justice could/should be shutdown at any time. And as for their growing user base, well I don't know a single person who doesn't have at least 1 fake FB profile. *yes this is tongue in cheek, to make the point.
Wi-Fi is flakey
I think people are failing to consider why Wi-Fi may not be supported yet.
Do we need a brief lesson in Wifi?
So the most common is 801.g 54Mb. That 54Mb isn't per connected device, it's shared across all connected devices. It's a half-duplex medium also meaning you can half that figure straight away. The highest rate any one device can achieve in the real world is around 20Mb. And that's assuming that Wifi is 100% clean and not also being shared with your Xbox, PC, Tablet, Smartphone etc for any serious use at the same time.
Now remember there are only 3 non-overlapping WiFi channels, yet in my street that are about 8 AP's in range. Every other AP on the same channel as mine eats into that shared 54mb of radio space even more. And that's without even considering high error correction overheads to co-exist in the same space as others.
Sure 20Mb is going to be fine for standard def streaming, but it's getting close for HD. WiFi is inherently an un-assured technology and subject to all kinds of operating conditions and interference.
It's well known that in the age of 40mb and 80Mb FTTC broadband, 802.1g 54Mb Wifi is now a bottleneck.
None of these issues occur on a 100Mb piece of Ethernet cable connected to a full duplex switch port.
Based on that, it occurs to me that YouView do not yet wish to risk having their brand tarnished by floods of support calls about chopping and buffering video etc because the end user has a poor WiFi setup. Even if they sent an engineer out to optimise everything, there is nothing to stop a neighbour standing up a new AP the very next day on the same channel wiping out that finely tuned setup.
As for Wireless N-150 or N-300 these are indeed a solution. Unfortunately for me I upgraded my router and several devices to Wireless N last year and for the life in me I cannot get anything to connect above 54Mb. I'm not sure if it's due to vendor mix of not quite standards compliant devices or that it's because I'm using the 2.4Ghz Wireless N so presumably there is simply not enough channel space left in there after all the other AP's in the neighbourhood have taken their slice.
Or, I as tried in vain to explain to my employer about 10 years ago when they started rolling out WiFi as some kind of utopia, you cannot guaranete thin air, and without very expensive tools you can't troubleshoot it either.
What about the Freeview interference issue?
You know, the one that has been well publicised in the past, about the 800Mhz UK 4G band being likely to interfere with digital TV reception in the neighbouring TV band below (or was it above?). IIRC it was only to be an issue certain Freeview regions that use the nearby band, and in certain households where there is a local mobile mast likely to win over the further away TV transmitter etc.
The one that they said the auction winners would have to pay into a fund to help manage the issues for and provider free aerial filters (that will apparently not work on multi-room aerial runs with loft amps?). The one where they think offering the discerning license fee payer a free Freesat install is somehow supposed to make everything fair, even for households that may have spent hundreds of pounds getting Freeview around the house with multiple HD PVR's.
I’m posting here to ask because I really don’t know what this news means. Because not a single media piece on this in the last 48 hours has mentioned this issue. Have I got my bands and frequencies mixed up? Has the issue gone away? Or have Ofcom just halved the time available to setup and roll out a mitigation programme?
To be fair...
I've seen at least two iPhone's where it's actually the glass like rear cover that has shattered like glass, not the screen itself. Which has yelled out to me "bad design", because that decision has increased the probability of leaving the consumer with a smashed phone by 100%.
Of course I'm not saying that's sufficient to make a court case from. Ultimately the judge is right. If you drop fragile things, they break, durrrrrrrh. But it does beg the questions -
Why intentonally make a product which is twice as likely to "smash" on an impact
Why buy something so expensive that is easier to damage than alternatives that have rubberised backs or easily replaceable rear battery covers. Though I guess if you haven't it with your own eyes, you're unlikely to know.
Hang on a minute...
"Games Tax Relief (GTR) should be available to firms that incur costs working on updates or in fixing problems with games that have already been released in addition to developing the games in the first instance."
So let me get this straight. They think it's OK to release buggy poor quality games software, and they want tax relief on their efforts to fix up and patch broken products that were released with sub-standard quality assurance and testing?! I seriously can't believe the sheer cheek in what I'm reading there!
Re: Cue Dame Stella Rimington
"“If it is all such sensitive stuff why was it available to a young police officer?""
It was pretty clear to me she was referring indirectly to Bradley Manning and questioning why it was so easy for a young US army officer to burn a CDROM from a diplomatic cable database in the first place. Nothing to do with the UK copper's clipboard? Where did that quote come from?
And with a bit of luck....
They may even go bankrupt, taking their service and all their customer's data with them.
Whilst I take no pleasure in wishing that on their loyal employees, a long, hard lesson about the rank stupidy of cloud services needs to be learned.
I wish I could be bothered....
But I'm not. Await feedback. Await SP1. Deploy.
It ain't all joy in the Apple dept. you know...
Speaking as the once-proud owner of an iPad1, which only recently turned 2 years old having bought one 2-3 months after the UK release in 2010.
How's my Apple OS support experience been?
First, I make the mistake of installing IOS 5.0 and then 5.1. Each suffer memory exhaustion issues on iPad1 and a machine that behaved just perfect on 4.whatever is now glitching with random app quits back to desktop on a daily basis, particularly Safari and the App Store. I'd avoid using Safari and go back to my favourite Atomic Web Browser app but since IOS 5 that now scrolls and loads pages like it's got athritis.
Perhaps I should just downgrade? Isn't that what any normal person would do? Oh but no, Apple don't let you do they, because they know best and their products "just work".
Second, I see there will be no IOS 6 release for iPad1. So what was an expensive luxury purchase is now end of support in 2 years and I'm unlikely to make the same mistake again. So there we have it folks. I'm just reaping the freakin' benefits of a golden apple-locked spec walled-garden device for OS updates.
My first major update made the device worse, and the second won't be offered at all. Thanks for nothing.
... Dell employees are just practising the negative and unconstructive behaviours that Dominic's reg articles constantly promote. You know, like wilfully working against their employer and their customers to further their own careers without any form of morale standard. Obviously no-one is interested in your case because they are applying CVP 2.0. Enjoy the Karma payback Dominic.
Re: Only users have enabled syncing from Facebook are affected
Useful information, thank you!
Until of course FB choose to forcefully enable contact syncing, given the amount of history they have in making arbitary setting changes on an opt-out after it's happened basis without any prior consent.
Hmmm, so legally, I suppose FB could argue that a user willfullly enabling contact syncing gives them user consent to to process a mobile phonebook - but I wonder if that consent could be deemed to include including modifying the phonebook contents...
Wow. Their deception and contempt for their users really has no bounds does it?
I also had a carrier locked install of Facebook on my mobile. This was the sole reason that drove me to root my handset and destroy this work of evil. And my phone is running twice as good on a Custom ROM :-)
I wonder what line in their T&C's permit them to make changes to personal data on a personal mobile device that is completely unrelated to the FB App or FB service? Sounds like an offence under the Computer Misuse Act (or the US version) - unauthorised access to and modification of data. Even if this is allowed through their T&C's my next thought would be - unfair contract terms. What about damages for loss of this data, and who's going to re-populate the original email addresses?
OK we're not exactly short on examples, but yet again FB prove they treat their users with utter contempt. I'll give it a couple of weeks until FB say sorry, didn't mean to, and won’t happen again. Only so they can do something equally insidious 3 months later. And so the cycle repeats, as we have seen time and time again. It's time for FB to die. But even if millions of their users close their accounts to protest, welcome to problem number two. That deactivating an FB account doesn't delete any the data they have on you, so they can still carrry on profiting from selling your data (albeit perhaps anonymised).
FB is nothing but one of the biggest data scams in modern history. The thought process must have gone like this... "Hmmmm personal data is valuable. We can profit from this. But how do we get people to handover their sex, age, interests etc? I know, let's call it social networking, where under the rouse of staying in touch with friends, we'll get people to hand this stuff over to us freely"!
AND IT WORKED! 900 MILLION PEOPLE FELL FOR IT!
YouView vs Windows Media Centre + TunerfreeMCE
A common front end user interface for ALL UK TV catch up services...... 1......... 1
The ability to do the above since 2008...................................................... 0......... 1
The ability to take your chances with WiFi connection............................. 0......... 1
Not have viewing habits data-mined for behavioural advertising............. 0......... 1
Choice of Freeview HD or Freesat HD for primary broadcast content..... 0......... 1
Freeview and Freesat carry on working if broadband is down................... ?......... 1
The ability to access US IPTV services over VPN................................... 0........ 1
The ability to purchase VOD content....................................................... 1......... 0
Ease of use for the technically challenged............................................... 1......... 0
So in short, I've already been enjoying the majority benefits of the YouView service for 4+ years thanks to a mini-PC under the telly. The question now is price. If YV STP's stick to the rumoured £300 ballpark, the challenge is to build a legit Win7 PC to go under the telly for a similar cost and I'm quietly confident that is achieveable. Sure I'll lose out of the premium subscription content, but I'm a freetard and wouldn't be buying any anyway. If I did fancy a Lovefilm or Netflix subscription, my TV has support for both integrated anyway.
The only thing I can see YV succeeding on is if they carry BT's new Premier League channel and it isn't wholesaled to other platforms - a killer app. But that's about it. How's the YV business model work anyway? Ok, there'll be a comission on any PayTV content, but the take up on the pay-for-extras remains to be proven, as BT already found out to their cost having first launched BT Vision as a subscription-free service, hoping that people would buy some premium VOD. Presumably they didn't given BT Vision changed to a monthly subscription model. A one off STB purchase isn't going to perpetually fund the infrastructure behind the service, so I have a running theory that YV will attempt to inject personalised advertising into your otherwise free and unfettered UK TV catchup viewing for a recurring profit, and charge the user £300 for the priviledge! No thanks!
VP Of Hardware Engineering?
He should be so proud. Like that "really cool" engineering that gave us the grip of death antenna.
For another article breeding all that is wrong in the IT industry. These kind of truths should be published from a perspective of highlighting and stamping out such negative behaviours, not promoting them. Truely shameful. Every person who buys into this unethical tripe is just another a-hole I have to work around in my daily grind. Thanks for the dis-service and damage to my profession.
Re: cloud? enterpise quality data center? hmmm :/
Not looking very "elastic" is it.
Why on earth didn't Amazon fail over the workload to another DC within minutes of a problem occuring? Isn't that the whole bleeding idea of the all magic, highly resilient, always on cloud?
PMSL. Epic Cloud Fail. Just another example of a cloud hype vs reality disconnect.
Another re-skin YAWN!
SInce Apple built a load of optimisations into IOS Safari that are not available to 3rd party browser apps, I had given up using 3rd party browswers on my iPad because every single one of them underperforms stock.
So how does a poor performing reskin of the un-optimised Webkit browser API become no. 1 app? Free or not I don't think I'll waste my time. I know before I try it it will be inferior in performance to the optimised IOS Safari.
!=Outsourcing best practice
No better example of failing to consider the golden rule "do not outsource a function that is critical to your core business". Like a banks mainframe perhaps...
Haven't we heard all this before in the hyping of previous OS releases?
I'm sure they tried telling us previously that Vista was more secure, then Win7...
The ICO lands another hefty fine on a public service organisation, presumably taking money away from front line service and back to the treasury.
Yet all the while, if a private company whom commits a data offense, the ICO's stance is softly softly, work with them to help them follow the guidlines and a token pocket change fine if we're lucky.
It's about time the NHS learned to deploy the "actions of a single rogue employee" defence which get's you completely off the hook, or at least it does for a private company.
So I implore all El Reg readers here, follow the pattern of how the ICO exercises it's powers against public sector vs private and you'll see this is true.
All the while the ICO is still considering its position of Google's national WiFi slurp data rape. They failed to investigate, took Google's word for it at every stage, and then only thanks to the US FCC actually knowing how to investigate something, the ICO are left looking more weak and incompetent than words can justify.
Poor scumbag advertisers. That's all.
Good for Microsoft. Let's hope others follow suit.
I'd be so much happier just to see Facebook operate fairly and with integrity, respecting every detail of our Data Protection laws and use of individual opt-in consent to make any form of changes to their ownership and processing of user data. The very fact that when Facebook were bombarded with 1000's on Subject Access Requests, which by law must be honoured within 40 days, saw them respond "sorry, this is not reasonable, we can't possibly process this volume in requests in that period" demonstrated that they are incapable, by design, of operating legally.
Europe vs Facebook did some outstanding work in identifying multiple DPA violations. But you just knew it would turn out to nothing when the authorities come out with the usual "we will work with Facebook to address these concerns" instead of "we're sue their goddamn arse for these violations".
This voting scheme is a hopeless distraction and nothing but an illusion of progress.
Re: Give me my time back.
For me, any article that is prepared to challenge the mindless thinking of the herd is of value and service to our industry. More please.
Massive Kudos to IBM for being one of the first in this hyperbole rich industry for seeing through this nonsense and appreciating that cloudy services, and consumerism I.T. are not things that a company with the first clue about information security should be buying into.
BYOD isn’t about saving money, or being employee friendly. Never has been, never will be. The whole thing obviously started when the VIP’s, who bought their shiny iPad’s on expenses, then went bitching to their IT dept’s like spoilt children as they realised they can’t do anything useful with it in terms of corporate productivity. Could have told them that before they bought it one to be honest. Idiots.
Is it just me who thinks 100% IP TV is scarey?
My largest concern is availability.
Is there anyone on here who can claim knowledge of a DTT transmission fault that caused loss of reception for days and days? I certainly haven't.
But I, as I suspect many others, can identify with long periods of flakey broadband or length outages due to cable theft incidents etc. 5 days on my last one, and to think they that may one day be my primary source of TV too - this is in some way progress?
I just don't agree with consumerisation at all. The security issues are to me far too great and the whole thing is an unnecessary security risk. Other than pampering to gen-x and their lust for all things shiny, I see no good sane reason why a company would go down this road, unless, as I fear, they are just following the latest industry hype-mongering about this being the next big thing.
So take note of this from me any UK biz reading this, thinking of following the herd. If I hear you are backing consumerisation, I will take that as meaning that you don't take information security seriously. Because if you did, you would stick to the closed, controlled corporate device model and stop pandering to whims like this which I doubt have any direct business benefit at all. Surely the on-going management overhead for these security overlay solutions and risk management will outweigh the use of someone's phone for free.
And, if they did do any prroper research before coming out with this brain fart of an idea, they'd have understood there are complex legal matters in terms of employee/employer liability, the majority of which remains unclear, unproven and untested. And most likely, not catered for, or understood, at all.
I don't really understand where consumerisation came from originally and why, but I strongly suspect it's so the VIP's can find something to use their shiny iPad's for.
Jury still out != Denier
This is why the debate has become so rotten. You have to either be a believer or a denier.
I am neither, I'm just waiting for irrefutable evidence that demonstrates climate science has been able to successfully model the chaos theory of our ecosystem. I am yet to see any report that fits that criteria and doubt we will for many years.
I would suggest it is those who have already made their made up based on incomplete evidence that need therapy... well no, not therapy actually, just an education in the concept of critical reasoning and a grounding that all you are told to believe is not always true, , especially when it's coming from vested interests.
We've spent years listening to the woes of investing in fibre infrastructure in places where the economics don't fit. If no telco at all will cover some of the have not area's, I can kind of understand the need to pull the public purse strings.
But how on this planet can that argument be deployed to London, Manchester etc..? Surely it can't, thus there is no justification whatsoever for this to be government funded programme.
Re: BUZZ Word
public cloud: If you do not necessarilly know what data centre in what country your data is currently stored, it is surely negligent for any business to use such a "fuzzy" service for the processing of any kind of PII data.
private cloud: Nothing but an updated term for managed hosting
Given that the channel 60 map shows I may live in an affected area, and it's taken me years to get my flakey freeview just right (pre and post switchover), and extended multiroom, I'm going to be pretty pissed if I get hit by this.
Especially as I already have Freesat. I'm a maximum free-loader and use Freeview and Freesat together given there are a handful of channels on one and not the other.
So this would have no upside for me whatsoever. Or 100% detrimental affect?
"Sorry we've broke your Freeview sir, but you already have Freesat as well so in your case we'll do nothing". Errrr... and what are they going to do to give me back reception of the channels on Freeview that do not exist on Freesat???
Had to laugh...
"Our retail stores are all about customer service, and John shares that commitment like no one else we've met."
Yep, Dixons and PC World, those two pinnacles of high street customer service excellence.
Listening to Apple's empty words of concern on this issue is starting to grow seriously tiring.
They can quote audit's and inspections all they want, because like every type of audit, a complete fraud of best behaviour will be put on for show. I know it, you know it, they know it.
Apple can tell us they care until the world ends, they obviously don't, or else they wouldn't be doing business with these factories in the first place. How about Apple pull back the manufacturing to the west, and make only say $350 profit per handset instead of $400. With a $100bn in the bank, I imagine they could afford to.
(those figures were from a recent news item suggesting a $650 iphone 4s costs $196 to make)
Public vs Private
There seems to be a trend here.
The ICO grow a pair when it comes to hunting down Councils, NHS and other public sector organisations commiting data offences. Nice easy targets.
But should the offence involve a private corporation, I'm yet to see anything but "advice given" or token fines that are, in relative terms, pocket money.
CD != License
I thought in software licensing, it's the license + key that has value, not the physical media.
Isn’t the whole thing with an MS license that you don’t OWN the software, you don’t own the product, you are paying for and receiving a license to use that software under the terms given.
So 94,000 copied install discs is one thing, but they are surely useless without hacks or pirate keys, and I think we'd know by now if that was the case.
Presumably the discs were to accompany the license key stickers on the machines they were selling. I'm not for one second saying that counterfeit Microsoft branded discs on a commercial scale isn't seriously wrong, but I can't help but feel that a copy of an install CD that is useless without a paid for, legitimately owned license to use that product, isn't really software theft in the traditional sense? So what has actually been pirated here, a media CD and package worth say a pound?
"Nine per cent met someone offline whom they'd first met online "
Am I the only one thinking that's quite alarming?
So nearly 10% of these so-called savvy kids have arranged in life meetings with a stranger off the back of online chat and a true or fake profile...
Didnt bother to watch the video
.... it's already common sense.
1] Keep my data in a small in house data centre
Hand over my data to a company who might not even tell me which data centre it's living in
2] Ensure it's kept in a UK facility
Hand it over to some random country in a totally different legal jurisdiction with implications around local law enforcement rights over my data that I don't even understand.
3] Keep my data in a small private facility with a relatively small Internet presence and attack footprint
Keep my data with a cloud provider who have a HUGE internet footprint and therefore a significantly wider attack vector. Which is a more tempting, appealing target? My crummy web server farm, or (for examples sake) Amazon's EC2 admin control panel?
Bye the way, if you do know where your data is being kept in a cloud facility, then it isn't cloud anyway really - that would be called managed hosting.
But who did it....
Quite a few press items on this seem to gently imply this being Iran spying on Iran.
As much as I'd like to believe that, given tensions between the West and Iran, and the hypothesis that Stuxnet originated in the US, I can't help but wonder if there is some clever mis-direction going on!
I really enjoy the reg projects.
But I'm not quite feeling the amazement of this event. I mean come on, look at the photo's, at least half are your stereotype beardies and geeks. Some of those rockets look no bigger than a top end firework, and theres something cringey about folk holding their small dingers with such pride.
I am myself a geek and I want so much to get turned on by this article and run to the nearest model shop, but fact you can just tape a rocket motor into a pringles tube just kind of shows an almost childish level of skill required to play with off the shelf stuff.
Personally I just don't think the two things go together.
1] Will my cloud provider tell me where my data is being held (amazon allegedly won't?)
2] Does the location of data in the cloud comply with data protection/data export regulations?
3] If you’re fortunate to know what country your data is in, what legal jurisdiction does that country have over your data?
4] What if a cloud service has been procured by the criminal element, you know, hosting a piracy site or extreme porn etc. What happens if your data happens to be on that same storage block, and the local law bust in and take those servers away?
5] Fundamentally, any business has a liablity for the security and safety of confidential information that they hold, especially PII.... if they hand that over to a cloud service - and data theft incident occurs - what happens then?
6] Surely, moving your data from say a small private UK data centre and out to the cloud will exponentially increase the potential attack vectors and footprint to aim at.
Finally, in my own view, a cloud service where you KNOW WHERE YOUR DATA LIVES isn't cloud anyway, that's just hype. That would then be called "managed hosting" so the point is moot. And if you DON'T, then I would suggest it is at best careless and unethical, at worst illegal, to have private, personal or commercial in confidence data held within "the clouds" – god knows where.
There is one thing I would use the cloud for - for app hosting of non-sensitive data. Or to buy in a quick burst of CPU for a specific task. That makes sense.
"But I had never had a problem"
Sure doesn't mean there isn't one.
I've seen the antenna issue with my own eyes on a guys phone at work.. 2-3 bars gone with the grip of death. It doesn't necessarily result in a dropped call, depends how strong the signal was to start with. Now he has that rubber monstronsity wrapped round his no longer sleek and stylish phone and can actually use it for the purpose intended.
I have a friend who constantly declares "it's rubbish, I've never had a problem no matter how I hold it". Yawn. He is fortunate to live in a strong signal area, so chances are he's a lucky one (like many others) who won't experience dropped calls because of it.
Open your eyes deniers. The antennagate issue has a 1:1 relationship with that the signal strength was like to begin with. Go drive out to some remote rural area with marginal signal coverage (say 1-2 bars) and try the grip of death, then come back and tell us about this non-existant issue.
Just because it hasn't been a problem for YOU in no way means it isn't a very real problem for others.
- Updated Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
- Elon Musk's LEAKY THRUSTER gas stalls Space Station supply run
- Windows 8.1, which you probably haven't upgraded to yet, ALREADY OBSOLETE
- Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
- Android engineer: We DIDN'T copy Apple OR follow Samsung's orders