Then we need a more democratic alternative to https certs. I just don't think it's reasonable to expect everyone to get https set under the current system.
Posts by Old Handle
1602 publicly visible posts • joined 4 Mar 2011
Page:
Time to ditch HTTP – govt malware injection kit thrust into spotlight
Password manager LastPass goes titsup: Users locked out
eBay bans CD sales of metal band Burzum, citing offensive material
HTTP-Yes! Google boosts SSL-encrypted sites in search results
Friday 8th August 2014 15:29 GMT
Re: Slightly off-topic but
But to use the same argument, most users probably wouldn't notice if they suddenly found themselves on a completely insecure site. Shouldn't the browser throw up a series of scary looking dialog boxes every time you visit any http site? I mean to be honest I might look for the lock icon the first time I buy something on a new site (before entering CC details) but that's about the only time I think about it. I doubt I'd really notice if I somehow got sent to a perfect replica of Amazon only it was http.
Warning forums.theregister.co.uk is insecure. OK / Cancel
This means your information will be sent unencrypted over the internet. Are you really sure you want to do that? OK / OMG No!
EVIL HACKERS WILL STEAL YOUR IDENTITY!!! Yes please / No thanks
Ecuador follows Bitcoin ban with digi-currency proposal
Thursday 7th August 2014 20:37 GMT
Re: Why?
It would be different because it'd be the first altcoin to be legal tender. Even outside Ecuador, that could be significant. It would be a foreign currency after all, rather than just some weird digital asset your government hasn't figured out how to handle yet. I can't say who specifically would want that or exactly in what situation, but I do think it would be enough to distinguish it from the others.
UK.gov eyes up virtual currencies, fingers red tape dispenser
Thursday 7th August 2014 19:08 GMT
Re: Missing a vitial point
I would argue it's intermediate in terms of snoopability between the two. Even cash is somewhat traceable due to the serial numbers, but generally pretty good. Of course it can only be used in person (or somewhat inadvisedly, by mail). Credit cards on the other hand are very convenient online but heavily regulated and closely tied to the cardholder's identity. The credit card industry is also controlled by just a few companies which makes it easy for governments to turn the screws and get whatever info they want.
Bitcoin is more traceable than cash since a complete record of transactions is available, but only by account number. You can't see that Mark paid Lisa, or Quanto LLC paid Bizmerf Inc, only that 1HiKJwUoK5eP4Rku9kFtwj2N7rXxGKRamN transfered money to 1NEjMXjPtuYRxKvyWtwKJpkkfZ2QhRCK1U. Plus, since it's decentralized* it's harder for governments to directly control.
*Kind of, this isn't as true as it was at one point.
Gmail gains support for non-ASCII email addresses
BT FON fail: Telco CHARGES customers for FREE Wi-Fi usage
Google's 'right to be forgotten': One rule for celebs, another for plebs
Wednesday 6th August 2014 18:07 GMT
I noticed that. This is why I originally came to the mistaken conclusion that they were only showing the message when something had actually been removed. I googled one of the names from the lawsuits, got the message. Then I googled a some famous name (I forget who now), no message. I also tried "john doe", also no message.
While trying to figure out how they award celeb status I just noticed something else odd. If you put the name in quotes the message always shows up, even if it's "johnny depp" or "barack obama".
Google on Gmail child abuse trawl: We're NOT looking for other crimes
Tuesday 5th August 2014 23:59 GMT 
I was just thinking, you know what's ironic? They talk about protecting children, but this will only catch the lowest lever child porn users. Think about it, if someone is actually molesting a child and sharing the pics with their pedo pals, those pictures won't be in the database! The one guy who it would actually do some immediate good to arrest is the one who has the least to fear from this.
Tuesday 5th August 2014 23:38 GMT
For all we know this picture WAS simple a naked child. Though obviously it had to be one that was reported and determined (by somebody) to be illegal in the past. "Child abuse images" is just the politically correct term for child pornography now, don't assume it actually means the pictures show abuse.
NASA tests crazytech flying saucer thruster, could reach Mars in days
Fiendishly complex password app extension ships for iOS 8
Senate introduces USA FREEDOM Act to curb NSA spying excesses
Indie ISP to Netflix: Give it a rest about 'net neutrality' – and get your checkbook out
Friday 25th July 2014 21:23 GMT
It's sounds like he covered that to be honest. Obviously Netflix puts a different spin on it, but it really says the same thing. "ISPs can do this either by free peering with us at common Internet exchanges," but if that isn't nearby you'll have to pay for the link yourself "or can save even more transit costs by putting our free storage appliances in or near their network." i.e. host their power-hungry servers for free.
It's not too hard to imagine that neither option is very appealing for a small ISP.
Tails-hacking Exodus: Here's video proof of our code-injection attack
Thursday 24th July 2014 22:54 GMT
So it's a bug in I2P but...
They claim it works on the on a default install with no configuration changes, but as of the last time I used Tails (admittedly several versions back) it didn't even start I2P automatically. I guess it's strictly true that launching a program is not a "configuration change", but if that's their game, it's more than a little dishonest to call this a vulnerability in Tails.
It's possible Tails has changed since I used it, or maybe there's some hook left for I2P that makes this attack work even when the main program isn't running, but I doubt it.
US Social Security 'wasted $300 million on an IT BOONDOGGLE'
Lads from Lagos turn from 419 scams to basic malware slinging
Black Hat anti-Tor talk smashed by lawyers' wrecking ball
Tuesday 22nd July 2014 17:43 GMT
Risky Business
Just speculating here, but it seems like the biggest concern for the university lawyers would be the claim that the presenters had actually unmasked illegal hidden services (if I understood the claims correctly). They would open themselves up to libel lawsuits if they reveal that information, and open themselves up to subpoenas if they don't. Publicly claiming that you know who runs Silk Road or <insert popular CP site> is just asking for trouble.
Assuming this is true and all, you can't blame them for setting their sights high, but there are other hidden services hosting things like political rants, legal porn Tor directories, and privacy guides. They could have proved the concept on one of these without risking anyone (guilty or innocent) getting hurt.
Will the next US-EU trade pact prevent Brussels acting against US tech giants?
British cops cuff 660 suspected paedophiles
Friday 18th July 2014 00:37 GMT
Re: What worries me about this
Although this hasn't been officially confirmed, it seems likely these are simply P2P file sharers. Due to their collaborative nature, it's really quite easy to track what people are doing on those programs. Of course the anchorites would prefer to leave the impression that pretty much read anything anywhere.
Remember when Google+ outed everyone by their real names? Now Google's sorry
Panic like it's 1999: Microsoft Office macro viruses are BACK
You 'posted' a 'letter' with Outlook... No, NO, that's the MONITOR
Saturday 5th July 2014 18:38 GMT
Re: Parents
I helped out in a computer class for seniors some time ago, and double-clicking (or sometimes just plain clicking) was a challenge for them. Part of the problem was that when it didn't work the first time, their natural inclination was to try hitting the button harder, but of course that just made their precision even worse.
Lords try shoehorning law against revenge porn into justice bill
Friday 4th July 2014 01:23 GMT
It's not the porn part I'm questioning, it's the revenge. It could be an orgy with creative uses for vegetables, and it still wouldn't be revenge porn unless it's posted for revenge. Unless that element is required, it's just yet another example of a new law being sold for one purpose when it will inevitably be used for something else.
Most crimes require an element of intent. I really doesn't think this is such a hard thing to prove. Was it posted right after a breakup? Probably revenge pron. Was it posted with nasty comments and identifying information? Probably revenge pron. Was it posted on a website explicitly for revenge pron? Probably revenge pron.
Thursday 3rd July 2014 00:48 GMT
While I'm not completely opposed to some type of law on the subject, I think it needs to be focused on the revenge aspect. Suppose A hooks up with B and then posts an intimate picture taken during the encounter with the caption "Hottie I banged last night!". B may well be distressed by that, and A is almost certainly an asshole. But it's not revenge porn. What's missing is any clear evidence of maliciousness.
Some might say that kind of behavior is bad enough it still deserves to be punished, but I think the bar needs to be set higher to avoid catching people who really didn't mean any harm.
VC who wants to split California REVEALED as Silk Road Bitcoin slurper
Dating app Tinder faces sexual harassment suit from ex-exec co-founder
Bitcoin was illegal in California? Whoops, governor fixes that 165-year-old money law
Facebook: Yes, we made you SAD on PURPOSE... for your own good
Google adds 'data protection' WARNING to Euro search results
Thursday 26th June 2014 21:03 GMT
Re: Really, El Reg?
Oh really? I guess I was mistaken. It certainly doesn't do that for every search, or even every name. I wonder how it works then. That does explain why it says "may have been removed" though.
I owe the author an apology. Although I still think the tone was a bit over the top.
Thursday 26th June 2014 17:37 GMT
Really, El Reg?
Normally I trust the Register to report things in an unbiased way (Except Orlowski, of course) but this is pretty sad. You make it sound like Google is either plastering a giant warning over their localized sites tying to push everyone to .com or have set up some kind of explicit click-through to evade blocked results. Neither is true.
The data protection removal notice only shows up when you do a search for someone who has been "forgotten", such as Mario Costeja-González. This is the same policy they use when search results are removed for other legal reasons, and it seems perfectly reasonable to me. And in this case they don't even disclose any details about the case like they do with copyright claims. Nor is there link to google.com on either the search result page or page explaining how they handle that law, only on the front page.
I just don't see any kind of "wink-wink nudge-nudge use the link for the good stuff" message here.
US Supreme Court: Duh, obviously cops need a warrant to search mobes
Thursday 26th June 2014 20:05 GMT
Re: cant this be solved
That's not a silly question, actually. Apparently it matters in Ontario. But as far as I've heard the US ruling doesn't require this. Obviously I prefer the rule that they always need a warrant, but it does make some sense that a supposed "incidental" search would have to have to stop upon encountering a lock.
Warrantless snooping on American man was LEGAL in terrorism case, rules US judge
Firefighters deliver trapped student from GIANT GERMAN LADYPARTS
Google spaffs $50 MILLION on 'get girls coding' campaign
Saturday 21st June 2014 05:07 GMT
Re: Not a feminist
As I understand it, the the campaign really is directed mainly at girls, i.e. female children and adolescents. Slightly confusing since the site features lots of pictures of women, not girls, but I think the idea is "you can do cool stuff like this when you grow up" or something.
PoW! Academics KO Bitcoin mining mammoths
Tor is '90 per cent of the net' claims City of London Police Commish – and he's dead wrong
Wednesday 18th June 2014 20:48 GMT
Re: @Wowfood - Don't quote me on this
I'm inclined to believe he really is that idiotic. The reason I believe it is that I've heard this weird confusion about the "deep web" before. He didn't actually use the words "deep web" but both hidden sites (such as those on Tor) and the vast amount of non-indexed data have been called that. They are not, of course, the same thing, but some people seem to think they are. House of Cards (US version) made practically the same mistake, except this guy took it an extra step by using "The Tor" as a synonym for "the deep web", rather than an example of it.
Wednesday 18th June 2014 20:06 GMT
Re: More likely - 90% of TOR traffic is P2P
It would make more sense, but it's still almost certainly wrong. Tor is really pretty terrible for P2P. It doesn't support UDP which almost all the P2P programs use now. At least if we're talking about file sharing. Other types of peer-to-peer network (such as Bitcoin) might do better on Tor, but it's still hard to believe they make up 90% of it.
Indian DEITY hands down new manufacturing subsidy plan
Bankrupt Bitcoin blunder bunker MtGox finds a friend to fend off out-of-pocket investors
Top Canadian court: Cops need warrant to get names from ISPs
Tuesday 17th June 2014 00:48 GMT
Re: Just an administrative task
Yes the prosecutors will need to get a conviction and with proof beyond a reasonable doubt they should and will get it. It just means more administrative work to imprison perps - which all of society ends up paying for. As long as the crims go to prison, it doesn't matter.
Trials are such a waste of time, right?
Tuesday 17th June 2014 00:39 GMT
Re: Old Handle No sympathy.
The evidence was found on Spencer's computer, he was tried in a court of law and found guilty by a jury of his peers.
Alright it seems there are two separate charges. He was convicted of possession and acquitted of the more serious distribution charge. Each side wants reverse part of that. Oh, and there was no jury. So you're still wrong. But, I admit, less wrong than I first thought.
Biting the hand that feeds IT
