Feeds

* Posts by Robert Helpmann??

745 posts • joined 31 May 2011

Page:

Brainboxes caught opening Bitcoin fraud emails. Seriously, guys?

Robert Helpmann??
Bronze badge
Childcatcher

By Design

Because Bitcoin transactions are irreversible and difficult to trace by design, victims will have little or no recourse but to accept their losses. ...if your Bitcoin wallet is compromised, the contents are gone for ever, and there is no way to get anything back. Unfortunately, this is one of the reasons why Bitcoin fraud is becoming popular.

Welcome to the wild, wild West! This system was purposefully set up to shut out government eyes, doing away with both the good and the bad of governmental oversight. No surprise that it makes for an awfully tempting target.

1
0

TRANSMUTATION claims US LENR company

Robert Helpmann??
Bronze badge
Joke

Re: Oxygen transmuting to Hydrogen

How to make a million bucks:

1) Start with two million bucks

2) Give half of that to these guys

0
0

Security precogs divine web vulnerabilities BEFORE THEY EXIST

Robert Helpmann??
Bronze badge
Childcatcher

Their predictions, made with 66 per cent accuracy...

It would have been 100% except an amazing full third of the flagged web sites were subsequently patched by their administrators.

0
0

Memory troubling you, Android? Surprise! Another data slurp vuln uncovered

Robert Helpmann??
Bronze badge

Re: a cheque?

The article mentioned banking apps using photos of checks/cheques as an example. There are plenty of other things that being able to essentially capture a screen shot might accomplish. There are plenty of examples of extortion schemes on FB over "private" pictures that have come to light, for example.

1
0

Gigantic toothless 'DRAGONS' dominated Earth's early skies

Robert Helpmann??
Bronze badge
Childcatcher

Geographical Oddity

A species confined to Autralasia is responsible for the Arabian stories about Rocs? Tell me - did you do geography at school?

Because folks from that area never got out and about? I wouldn't care to speculate on the origins of a myth, but the premise of the stories I am aware of about rocs involve sailors encountering them. Of course, sailors never talk to anyone when away from their home ports and are certainly not known for embellishing a tale, so you are probably right that there is no way a story of this nature could have its roots in some far-away place.

2
1

'Leccy racer whacks petrols in Oz race

Robert Helpmann??
Bronze badge
Childcatcher

Re: That's nice.

When will people realise that electric racecars just aren't useful outside of a racetrack?

About the same time they realize that race cars in general are not useful outside a racetrack.

4
0

Cryptolocker flogged on YouTube

Robert Helpmann??
Bronze badge
Childcatcher

Re: Malware through ads...

The research pair said there was very little advertising networks could do to prevent the attacks.

My first thought when I read this was, "Why not?" It's not as though at least one app store has made a reasonable attempt at controlling their process. This shouldn't be that much different. Ads generate enough revenue to be able to support some in-house vetting. Taking control of the process rather than allowing their customers to have free rein would go a long way toward filtering out the riffraff.

0
0

Something's phishy: More holiday scam spam flung at real hotel customers

Robert Helpmann??
Bronze badge
Childcatcher

Re: Modern Mores

I would expect to see an online dump if it was a hacker going for bragging rights. I would expect it to show up for sale, just as you imply, otherwise. My understanding is that most people who are capable of breaking in and grabbing up this sort of information are more likely to sell it off as they are not necessarily set up to exploit it. It's a tried and true concept: one person performs the theft and then sells the goods.

0
0

'Chinese crims' snatch 4.5 MILLION patient files from US hospitals

Robert Helpmann??
Bronze badge
Childcatcher

Victimized!

So they have just failed to protect some of the most sensitive data concerning their customers who pay very real money with the expectation that this company would exercise due diligence in their actions? I would appreciate a statement from the company explaining how it is the victim and not its customers. Obviously, I do not know the details in this or any of the many other similar cases, but given the well known and publicized nature of this threat, it seems reasonable that any such breach should be grounds for a third party or regulatory investigation of negligence.

0
0

LulzSec supergrass Sabu led attacks against Turkey – report

Robert Helpmann??
Bronze badge
Childcatcher

Re: Robert Beyond Helpmann Jurisdiction?

"The New York Times previously reported how Monsegur worked with the FBI on cyber-attacks against governmental websites in Brazil, Iran, Iraq, Pakistan and Syria."

Do you need a map of the USA to help you work out where those cities are?

I will leave it to you to work out what is inside the US and not.

1
0
Robert Helpmann??
Bronze badge
Childcatcher

Jurisdiction?

The FBI is going after foreign targets? I guess someone has to take up the slack with other three letter entities turning their focus homeward.

1
1

Five Totally Believable Things Car Makers Must Do To Thwart Hackers

Robert Helpmann??
Bronze badge
Childcatcher

We will all be driving $25.00 cars that get 1,000 miles to the gallon

Oh, God! I just realized that car manufacturers are working to make the joke about Microsoft making cars come true, except someone else will be opening and closing all the windows. It looks as though there will be some security positions opening in the automotive industry soon.

5
0

Another step forward for diamond-based quantum computers

Robert Helpmann??
Bronze badge
Joke

Re: Fibre to the chip

If it works like my ISP, then it's fibre to the chip, then a converter and modem hookup once it's inside.

3
0

GCHQ recruits spotty teens – for upcoming Hack Idol

Robert Helpmann??
Bronze badge
Childcatcher

Preemptive Strike

The competition consists of two rounds ...downloading a virtual computer image full of vulnerabilities that could present opportunities for a cyber criminal. The teams have ...to identify and fix these vulnerabilities.

No, changing the OS is not an option (because it is the very first thing I thought of).

2
0

America's hot and cold spots for broadband revealed in new map

Robert Helpmann??
Bronze badge
Joke

On Being

Sometimes being small...is a good thing

I understand medical science can work miracles these days.

0
0

Hey guys. We've got 1.2 BILLION stolen accounts here. Send us your passwords, 'cos safety

Robert Helpmann??
Bronze badge
Childcatcher

Re: Confused?

[T]hey sound worse criminals than the supposed russian hackers

I believe you are confusing incompetence with malicious intent.

1
0

Car hackers build kit to protect you and your motor from fiery death

Robert Helpmann??
Bronze badge
Childcatcher

Re: "Turns out IDS is actually useful for something".

Since it does something other than simply report, it is technically an IPS - an intrusion prevention system - though it probably would not produce as much entertainment on your side of the Atlantic and confusion on mine. Ah well, I learned something unexpected today.

0
0

Microsoft KILLS Windows 8.1 Update 2 and Patch Tuesday

Robert Helpmann??
Bronze badge
Childcatcher

Security patches ... are arguably necessary. Extending the scope of the changes to include updates to the Applications is going to produce chaos.

Not applications, the UI is where the problem is. Applications can have security issues too or have additional functionality added without causing much in the way of distress, but if the entire menu system is rearranged (e.g. drop-downs for ribbon) there might be a bit of trouble. Decouple functionality from cosmetics and things will get a lot better for all.

0
1

Six MEEELLION gigabytes-a-year space 'scope wins funding

Robert Helpmann??
Bronze badge
Childcatcher

Think of the Children!

“By digitally imaging the sky for a decade, the LSST will produce a petabyte-scale database enabling new paradigms of knowledge discovery for transformative STEM education. LSST will address the most pressing questions in astronomy and physics, which are driving advances in big data science and computing.”

This is what you get when you run "We will use this telescope for basic science and keep records of what we did," through a manager-speak/buzzword generator several times.

5
0

US cyber-army's cyber-warriors 'cyber-humiliated by cyber-civvies in cyber-games'

Robert Helpmann??
Bronze badge
Childcatcher

Re: Not much of a surprise there then

Having worked for both regular and reserves, I can say there is not much difference in the training and expectations for the troops in the different commands. The point about outside experience is more pertinent. Really though, while it has been rightly mentioned that there is a huge difference between defense and offense, what is missing from the discussion as to how the military actually functions when it comes to IT. Most of it is handled by contractors who are told what to do and how to do it by someone, often a civilian, who probably is not very technically inclined and has to trust someone else, often someone who works for a competing contracting agency, for information on which a decision can be based. Yes, it makes good headlines to hear about the AR Red Team's victory and I am sure someone got a wonderful dressing down. Will it result in meaningful change (which is really the point of these exercises)? Who knows?

0
0

African samba queen: Don't cut off pirates' net connections – cut off their FINGERS

Robert Helpmann??
Bronze badge
Coat

Lost in Translation

Someone is confused about what constitutes an appropriate and effective punishment. There are many historical examples of amputation being used on thieves. It resulted in many people with missing bits, but no overall reduction in theft. No, in order to do it right, you have to go straight for the most severe punishment. Kill them. Kill them all along with their families and neighbors then resuscitate as many as possible so they can be killed again. That will show them!

Mine is the one with a copy of Draco's legal code in the pocket.

2
0

Microsoft hacks out new EMET, spits out Adobe Flash

Robert Helpmann??
Bronze badge
Childcatcher

Application Hooking

The big two enhancements that Microsoft is talking up the loudest are an improved Attack Surface Reduction (ASR) tool “... configured to block some modules and plug-ins from being loaded by Internet Explorer while navigating to websites belonging to the Internet Zone”.

The new ASR will “also block the Adobe Flash plug-in from being loaded by Microsoft Word, Excel, and PowerPoint.”

So, they are implementing a limited control on application hooking? It's a good first step, but it would be nice if it were more generalized and configurable... and had better online documentation. Still, it's decent of MS to create a rich environment for third-party security vendors.

0
0

China: Our approved vendor list – Kaspersky, Symantec AREN'T on it

Robert Helpmann??
Bronze badge
Childcatcher

Re: Hmm

You might add hooks into email and backup services. As far as firewalls are concerned, those holes for updates should be in-bound only, not that aren't ways around this to get information back out.

0
0

Your fitness tracker is a SNITCH says Symantec

Robert Helpmann??
Bronze badge
Childcatcher

Re: This is news?

The Nigerian 419'ers are moving onto new ways to extract money from you

Yes, but they will continue to target the least educated and tech savvy. In fact, the way their scams work weed out anyone with a clue. That is not to say that there aren't many individuals and groups out there willing to take advantage just as you suggest, just that there are different "target audiences" for each kind of scam.

0
0

Brit balloon bod Bodnar circumnavigates planet

Robert Helpmann??
Bronze badge
Joke

Re: Stealth Baloon

Jast saying that balloon had to cross some very paranoid airspace

Especially Canada!

0
0

Plane grounded so cops can cuff semi-legless passenger

Robert Helpmann??
Bronze badge
Childcatcher

Re: Unemployed and going on holiday overseas?

But, she did pay! Obviously, you missed the part where it cost her a leg. The return trip would have cost an arm.

20
0

Grabby baddie scours Paddy Power's towers: 650k punters leaked and it took 4 years to admit it

Robert Helpmann??
Bronze badge
Childcatcher

Re: See logo

This is exactly what I, and apparently other commentards, thought of first. Hold on a moment...

Cognitive Dissonance, ENGAGE!

No, it's OK. It's all good.

0
0

Plug and PREY: Hackers reprogram USB drives to silently infect PCs

Robert Helpmann??
Bronze badge
Childcatcher

USB Firewall

USB firewalls that block certain device classes do not (yet) exist.

Um... actually, they do. There is a McAfee product, Data Loss Prevention that has just that sort of functionality built in. Alas, it is only for Windows devices, but there are likely similar products out there. It is a pain to administer - it has all the hallmarks of an acquired product that was slapped into an existing management console - and is likely to be resented by users as it will keep them from doing what they desperately want to do (infesting the corporate network with malware), but it exists.

0
0

CIA super-spy so sorry spies spied on Senate's torture scrutiny PCs

Robert Helpmann??
Bronze badge
Unhappy

Re: oh, sorry!

...immediate cessation of chocolate rations.

There's chocolate?! Why am I always the last to be told?

6
0

Multipath TCP speeds up the internet so much that security breaks

Robert Helpmann??
Bronze badge
Childcatcher

When in trouble or in doubt...

Network operators shouldn't shortsightedly kill something because they don't understand it - there are more sensible ways to deal with a threat than panicking and beating it to death.

Welcome to the fun, Catherine, and thanks for the research. Most of what you say makes good sense, though I have one quibble with the above statement: this is exactly how network admins should react to anything on their network they do not understand. They should make every effort to gain the knowledge to make a rational decision, but until that point, not so much. Besides the obvious concern that it, whatever it is, is not under your control, there is also the idea that if you do not understand it, you have no assurance you it is configured properly and doing what you want it too. I am not so sure about the panic portion of the equation, but I am sure someone in management can cover that.

0
0
Robert Helpmann??
Bronze badge

Re: Does IDS that actually work?

You are referring to network IDS. I cannot comment much on those as my experience has been with host-based solutions, but my understanding is that firewalls are fairly static, whereas an IDS or IPS should perform some analysis based on heuristics or signatures similar to an AV product (and yes, I know there are some of my fellow commentards who decry their use). However, you mention firewalls, which the article said could be broken by MPTCP. It is more complex than that, depending on configuration of the FW to accept it, the implementation of MPTCP, the FW being used. However, the simple solution, as far as I can tell, is to disable it at the FW if possible. Also, the cited Cisco article includes NATed networks as being affected.

Unless there is a business case for using it, it should be disabled (pretty much true for anything from a security standpoint). If there is a good reason for using it, I'm happy I'm not the person doing the implementation.

1
0

BitTorrent launches decentralised crypto-fied chat app

Robert Helpmann??
Bronze badge
Childcatcher

How secure is it, really?

Well, this gives you confidentiality (at least in theory) and integrity (with the same caveat). As far as availability goes, how hard would it be to implement a DoS attack against this kind of traffic? Would such an effort affect everyone with a torrent client or would it be possible to target an arbitrary client?

0
0

Russia to SAP, Apple: Hand over source code to prove you're not spies

Robert Helpmann??
Bronze badge
Childcatcher

Re: Not exactly new

A good point. So why is Russia OK with Microsoft products while China has banned at least some of them based on security concerns?

1
0

Tor attack nodes RIPPED MASKS off users for 6 MONTHS

Robert Helpmann??
Bronze badge
Childcatcher

No ACs Allowed

Anonymous internet usage in Russia is surging...

I think the real question governments should ask is not how to stop anonymous internet use, but why it is needed. Soon, there will be slogans around the world echoing the gun rights people here in the States: when anonymous surfing is made illegal, only criminals will surf anonymously.

15
0

Ethicists say Facebook's experiments not SO creepy

Robert Helpmann??
Bronze badge
Childcatcher

What about OKCupid?

The service is free; they were not being bilked out of money by getting something other than they put down their hard-earned for. They were merely lied to, so that's all right then.

0
0

Scotland's BIG question: Will independence cost me my broadband?

Robert Helpmann??
Bronze badge
Childcatcher

Re: Realism

Quite possibly Belgium too for similar reasons. They're facing a split down the middle.

Belgium has always been a house divided. Then again, their government stopped working for a while and pretty much no-one cared.

11
0

14 antivirus apps found to have security problems

Robert Helpmann??
Bronze badge
Childcatcher

Re: Point of Issue

Hmm... Next thing, you'll be burning Noah Webster in effigy.

2
0

Bitcoin on ATM? Pfft! We play DOOM on ours

Robert Helpmann??
Bronze badge
Childcatcher

Re: Yawn

Yes, but Chess was included in OS/2 (in contrast to Solitaire and Minesweeper being bundled with Windows), so 50% effort on both groups. For a complete win, you must show proof of an install on a machine in the wild.

0
0

CAPTCHA challenges you to copy pointillist painter Seurat's classic

Robert Helpmann??
Bronze badge
Childcatcher

Re: Another Tech That Should Die

For more entertainment, the CAPTCHA could present a series of Ishihara tests.

0
0

Russia: There is a SPACECRAFT full of LIZARDS in orbit above Earth and WE control it

Robert Helpmann??
Bronze badge
Childcatcher

Important Stuff

You have to get this stuff right if there is to be any hope for space tourism to really take off!

3
0

US Social Security 'wasted $300 million on an IT BOONDOGGLE'

Robert Helpmann??
Bronze badge
Childcatcher

Re: There seems to be no penalty for running over budget

Additionally, the people writing and approving the contracts are often not those actually involved in them. When it comes to IT, this is especially telling as they are often completely unaware of what the actual requirements of a project should be and are thus unequipped to make a reasonable determination on any bids submitted.

In many cases, while the contract is supposed to be written and reviewed by a panel, they often all report to the same person which essentially grants that person all the decision-making power. The advise of the panel may be ignored or, if the manager in question is more skillful, steered to the desired outcome.

There is so much waste built into the way our government runs. It is no surprise, though, given how much money is at stake. While most rules put into place around this process were made to minimize government expenditures, money will find a way to overcome.

1
0

Six charged over StubHub e-ticket heist for Elton John gigs

Robert Helpmann??
Bronze badge

There oughta be a law...

Unfortunately, with many users having poor password practices, attacks like this are only likely to increase

There are plenty of laws and rules surrounding financial institutions. Why shouldn't sites that are work with or gather financial data treat customers in the same manner corporate IT tends to treat users, enforcing password strength, forcing them to change on a regular basis, et cetera? I know this would not be popular among customers, so it would cause many to go to less secure sites as they would be easier to deal with unless there were some industry-wide requirement to have this in place in order to do business.

There has been plenty of discussion among El Reg readers concerning passwords and their use, so I am sure that someone will point out the error of my ways, but I would like just once to see government get ahead of a real problem instead of being completely reactive or, worse and more typical, manufacturing the crisis themselves.

0
0

World Solar Challenge contender claims new speed record

Robert Helpmann??
Bronze badge
Childcatcher

Re: How far?

Please define what a 'kms' is, as it does not appear to be a standard SI unit of measurement.

500 km = 3,571,428.5714285714285714285714286 lg

give or take

0
0

METRE-LONG DINOSAUR POO going under the hammer

Robert Helpmann??
Bronze badge
Joke

How much...

...to own the oldest poop joke ever? There has to be a joke in there somewhere.

0
0

FRIKKIN' LASERS could REPLACE fibre-optic comms cables

Robert Helpmann??
Bronze badge
Headmaster

Massive Speeds

As most Reg readers will know, fibre-optic cables work by bouncing a light beam along a wire without losing focus or intensity, allowing information to be transmitted along huge distances at massive speeds.

So, roughly the speed of light in that medium? Fast enough for the data to acquire mass? Sorry, I am caffeine deficient this morning.

2
0

Reg Latin scholars scrap over LOHAN's stirring motto

Robert Helpmann??
Bronze badge
Childcatcher

WD-40

The "WD" in WD-40 stands for "water displacement," so to rephrase: With duct tape* and Water Displacement 40. Using Google Translate (with apologies), it yields this:

Ductum lineam, et cum Praesentibus Aquam XL

Going back the other direction gives us this mess: Drawing the line, and with the presence of water, 40. Clearly this needs work that I'm not up for... er... for which I am not up.

* Duck Tape is a brand name.

1
0

Android ransomware demands 12x more cash, targets English-speakers

Robert Helpmann??
Bronze badge
Childcatcher

Pump and Dump

P.S. Proof of concept: Stock market pump-and-dump spam has almost entirely stopped. The stock exchanges acted to block the profits, and the spammers gave up moved on to greener pastures.

Fixed that for you. The problem is that there are so many suckers. Still good points - Have an up-vote.

0
0

Secondhand Point-o-Sale terminal was horrific security midden

Robert Helpmann??
Bronze badge
Childcatcher

Re: Er... news?

So this is another "stuff bought second hand not wiped" news story?

Yes, in as much as there was data on it that might be valuable in and of itself (e.g. account details). However, the researcher was able to learn enough about the second hand box to be able to hack systems that are still in production, assuming they are still set up the same as the terminal he purchased. Knowing that the owner doesn't change the default password or that the password can be recovered from the discarded machine and is likely to be the same on systems still in use can be pure gold (literally). Finally, "Oh's findings suggest the retailer had a poor security policy that went beyond anything particular to the terminal he bought on eBay."

I would like to know which retailer this is so I can avoid walking through its doors.

0
0

New BOMB detect-o-tech 'could give sniffer dogs competition': TRUE

Robert Helpmann??
Bronze badge
Childcatcher

Blade of grass on a football field

"I worry about the accuracy of their research if they think there's as many as a billion blades of grass on a football field."

Turns out this is a mathematics project/thing currently used to teach kids how to estimate. There are a number of examples posted online. This one gave the result as "about 63,350,000." A bunch of 5th graders could have told them better.

1
0

Manic malware Mayhem spreads through Linux, FreeBSD web servers

Robert Helpmann??
Bronze badge
Childcatcher

Re: Tired admin

A sysadmin really should check that every patch works and doesn't break critical services/applications before deploying.

I could not agree more and yet the people who get pissy if the "critical services/applications" aren't working are typically the same bunch who will not fork over the cash to set up development or test environments. I have had to work in several large network environments in which we had to "test in production," which basically means that we target a subset of the overall production environment and see what happens next before proceeding with the rest.

3
0

Page: