Feeds

* Posts by diodesign

986 posts • joined 21 Sep 2011

Page:

ISIS terror fanatics invade Diaspora website after Twitter ban

diodesign
(Written by Reg staff) Silver badge

Re: Medieval terror bastards?

Whatever

C.

1
0

What a pain in the mass! Euro craft Rosetta to poke its probe in 10-BILLION-tonne comet

diodesign
(Written by Reg staff) Silver badge

Re: Mephistro

Billion is always 1,000 million.

C.

0
0

Microsoft refuses to confirm 'Windows 9' unzip lip slip

diodesign
(Written by Reg staff) Silver badge

Re: FrankAlphaXII

"What exactly does a desktop/laptop OS made by Microsoft have to do with a new iPhone?"

Headlines and deadlines. It'll be interesting to see the two go head to head for coverage, if they happen at the same time.

C.

14
1

Need a green traffic light all the way home? Easy with insecure street signals, say researchers

diodesign
(Written by Reg staff) Silver badge

Re: Sorry that handle is already taken

"This needs to be qualified by a statement that they've taken over a particular system"

Which is explained in the article.

"Can be used on any traffic signal site, anywhere in the world"

Read the article. What you've claimed is not reflected, overall, in what's published here.

C.

9
0

RealVNC distances itself from factories, power plants, PCs hooked up to password-less VNC

diodesign
(Written by Reg staff) Silver badge

Re: Does Yahoo really go around taking screenshots of peoples desktops?

I think the keyword here is "similar" – it's in the interests of web giants to avoid indexing or accepting email, etc, from obviously insecure hosts.

C.

0
0

Did you swipe your card through one of these UPS Store tills? You may have been pwned

diodesign
(Written by Reg staff) Silver badge

Re: What OS & server platform was infected?

"Any idea what the OS and server platform that was infected with the Malware was?"

No. I did ask the UPS PR team on the phone as desk editor. They wouldn't tell me the malware type. When I asked: "This is Windows malware, right?" There was a pause and the reply: "I couldn't possibly comment."

As soon as I find out, I will push out an update. UPS right now is in alert-affected-customers mode. Once they've got through the financially tricky stage of supporting pwned citizens, they'll release the techy details – or so they tell me.

C.

2
0

Speaking in Tech: Meet the man who SURRENDERED to Facebook

diodesign
(Written by Reg staff) Silver badge

Re: JDooley

"I actually *was* just catching up with some old friends."

I wouldn't worry, that's kinda how SiT is supposed to go :-)

C.

0
0

What happened to the Citrix story ?

diodesign
(Written by Reg staff) Silver badge

Re: What happened to the Citrix story ?

Sometimes we agree to publish stuff on a particular day if it means we can ask questions and get answers ahead of an official announcement being made. It means our take on some development appears at the same time as the vendor's, rather than hours later. There are pros and cons to this approach.

In this case, a story ran a day early. Check again tomorrow, I'm afraid.

C.

1
0

Microsoft Azure goes TITSUP (Total Inability To Support Usual Performance)

diodesign
(Written by Reg staff) Silver badge

Re: Total Inability To Support Usual Performance (TITSUP)

"May I have permission to officially use this acronym when describing issues to our company's customers?"

Go for it: IT giants ask why we use the word 'titsup' in headlines to describe services suffering outages, some even going as far as to suggest we should stop using the word. Today we spell it out.

C.

31
0

Supervalu supermarket stores stung by sneaky sales system scammers

diodesign
(Written by Reg staff) Silver badge

Re: "Wait, there really is an ACME company?"

There's quite a few.

C.

0
0
diodesign
(Written by Reg staff) Silver badge

Re: Two different organisations?

Sure, that's why the article says "It's not the first time the Supervalu brand has been targeted."

C.

0
0

Time to ditch HTTP – govt malware injection kit thrust into spotlight

diodesign
(Written by Reg staff) Silver badge

Re: Come on El Reg.....

"Not even SSL on account creation????"

Yes, we know. Hopefully this will change.

C.

0
0
diodesign
(Written by Reg staff) Silver badge

Re: HTTP?S?

Yes, The Reg doesn't serve over HTTPS. Hopefully, we can change that soon.

C.

8
1
diodesign
(Written by Reg staff) Silver badge

Re: Missing information

"What systems can it infect?"

You name it, your government can own it.

C.

12
2

Hackers' Paradise: The rise of soft options and the demise of hard choices

diodesign
(Written by Reg staff) Silver badge

Re: Cynic_999

"It is impossible to have hardware segregation to prevent malware attacks because the hardware cannot know the legitimate purpose and scope of an application"

You're absolutely right, IMHO.

C.

0
0

Intel forced to shoot down viral 'Israeli boycott' whopper

diodesign
(Written by Reg staff) Silver badge

Re: Re: Boring Green Re: Anon Cluetard

"Time for more multiple posts to try and work out what has upset the PCness of El (or should that be Al-) Mod."

Stone me, stop your crying.

C.

4
1

AMD's first 64-bit ARM cores star in ... Heatless in Seattle*

diodesign
(Written by Reg staff) Silver badge

Re: Why compare it to a Xeon?

"A fair comparison would have been to the Atom C2758"

Ah, good spot - fair enough. I'll add it in.

C.

0
0

Flying United Airlines? If you could just scan your passport with your phone, that'd be great

diodesign
(Written by Reg staff) Silver badge

Re: Why not

"just use your facebook login?

Don't joke, the UK government floated the idea of using Facebook accounts as official ID for accessing public services.

Exclusive - Facebook and other social networks could be used by British citizens to sign into public services online

C.

2
0

Hacker crew nicks '1.2 billion passwords' – but WHERE did they all come from?

diodesign
(Written by Reg staff) Silver badge

Re: Hold Security

I kinda feel sorry for Alex Holden because he's proven in the past to be an investigative infosec bod - such as helping to uncover the massive Adobe hack with Brian Krebs.

Announcing a Russian gang had, one way or another, obtained a lot of passwords and then asking ppl to join an ID-theft alert service is going to rub people the wrong way.

C.

0
0

Now even Internet Explorer will throw lousy old Java into the abyss

diodesign
(Written by Reg staff) Silver badge

Re: WTF ????

Calm down, love. You're causing a scene.

From Microsoft's IE Blog (it's linked in the article):

"As part of our ongoing commitment to delivering a more secure browser, starting August 12th Internet Explorer will block out-of-date ActiveX controls."

The keyword here is "out-of-date". Yes, IE blocks dodgy ActiveX controls but what's significant here is that MS has decided to rule out all but the very latest Java plugins. So if you'd OK'd an earlier version, tough: it's now out of date.

C.

2
0

Not a load of Tosh: 5TB 'surveillance drive' from Toshiba hits shelves

diodesign
(Written by Reg staff) Silver badge

Re: It'll outlive me!

Yup (according to Tosh).

C.

0
0

no commenting?

diodesign
(Written by Reg staff) Silver badge

Re: Re: so we have a new bug

Nah, that was to avoid a flamewar in which we get loads of people reporting each others comments. In the end, I donned the fire-proof suit and switched the comments on.

C.

0
0

BANGKOK-BLOCKED: Thailand's dictators 'ban dictator sim Tropico 5'

diodesign
(Written by Reg staff) Silver badge

Re: Too good to be true?

It's only right to have a healthy level of skepticism. If we can stand it up any further, you'll be the first to know.

C.

3
0

The Register is HIRING technology hacks for the WORLD

diodesign
(Written by Reg staff) Silver badge

Re: A tabloid journalist for El Reg with Fluency in English eh

"in case you weren't so aware, a tabloid press / outfit, is generally associated with sensational news"

We're very aware of it :-) I love being accurate and in-your-face; it drives boring people mad.

"I wonder why El Reg would require fluency in English"

Editing is a PITA if the writer isn't fluent in the language. Plus, you need to be fluent to be funny, interesting and informative in your writing.

"I learned from what I consider the best."

Whom, mate.

C.

3
0

Plug and PREY: Hackers reprogram USB drives to silently infect PCs

diodesign
(Written by Reg staff) Silver badge

Re: Re: I call semi-bollocks

"This isn't a tool for the S'kiddies, this is potentially grown-up stuff."

Absolutely. This isn't for Anonymous. This is for cops and g-men. Strike up a conversation with someone at a conference, you've had a few beers, he or she suggests you whack in a USB stick to copy over some stuff you'd be interested in. You're savvy, you know you've disabled autorun and open documents in a VM or a non-sensitive machine. You're confident.

Doesn't matter in this case. Game over.

C.

12
0
diodesign
(Written by Reg staff) Silver badge

Re: This is nothing new... this has been done for years!

"This type of hack has been done for year."

Again, like the modified mouse above, this is custom hardware. You have one evil USB plug, there. Just one. What are you going to do? Go around plugging it into everyone you want to pwn?

With this BH exploit automated, you can modify USB sticks using purely software again and again and again, whenever a device with a supported micro-controller is plugged in to an infected PC. That's the point of this BadUSB.

"We need better reporting."

I need a better reader.

C.

22
0
diodesign
(Written by Reg staff) Silver badge

Re: Errmm.. old news?

"There was stuff about this *years* ago. I saw a demo of an 'infected' USB mouse infecting a PC it was plugged into"

You're talking about this? Look at it. It's been *physically* modified. This BH talk is about rewriting the firmware in an undetectable manner.

Imagine automating the process of rewriting the firmware using just software: every time a supported stick is plugged in, and your malware is on the PC, you get to infect the stick's firmware silently and reliably.

Which means, in theory, you can spread your software nasty from thumb drive to thumb drive (if they're using supported micro-controllers), creating an infection.

Having said that, this process is not /that/ new - see the links in the story to older presentations. What I believe is new here is reliable and realistic firmware rewriting that can be demonstrated on stage and weaponized.

C.

8
0
diodesign
(Written by Reg staff) Silver badge

Re: Michael C

"I may be missing something but how does the malware get on the USB device in the first place?"

I imagine you reverse engineer a vendor tool that updates the firmware, so you can see the magic packets needed to put the device into program mode. You then either read the firmware off the chip (if poss) or download a firmware update and work out what the raw binary is.

From there, you work out how the chip works internally: where registers are and so forth. You add in your new code, hook it up so it runs, and then upload that modified firmware to the controller in program mode.

Now you're all set. After that, make sure the PC malware you install has the capability of automating the above. And now you're cooking on gas.

IMHO it's the reverse engineering of the firmware and the firmware programming that's impressive. You shouldn't trust USB sticks anyway on machines that are sensitive. If you genuinely care about information security, you'd compartmentalize your data and systems so that plugging a random USB thing into your gaming PC doesn't screw over your machine with your PGP keys.

C.

21
0

Strange invite received from @sitpub.com citing one comment of mine

diodesign
(Written by Reg staff) Silver badge

Re: Strange invite received from @sitpub.com citing one comment of mine

Thanks. Can you tell me, please, who that was so I can follow it up? Email cwilliams @ theregister dot co dot uk, thanks.

FWIW Sitpub stands for Situation Publishing, the biz wot does The Register.

C.

0
0

Secure microkernel that uses maths to be 'bug free' goes open source

diodesign
(Written by Reg staff) Silver badge

Re: Clarifications

"We're using it in HACMS"

OK - I've tweaked the article.

C.

0
0

HGST polishes Ultrastar SSD whoppers, stuffs with denser Intel flash

diodesign
(Written by Reg staff) Silver badge

Re: ... 50year warranty period ...

No, it's a typo.

C.

2
0

Google devs: Tearing Chrome away from OpenSSL not that easy

diodesign
(Written by Reg staff) Silver badge

Re: bar

"At least you have a couple decent ones pretty close to your office"

Being based in San Francisco, we were at a rowdy place in the Mission, 16th and Valencia actually. The thing about having smartwatches and smartphones is that work emails (particularly corrections@ which we take seriously) tend to catch our eye even after a few jars of Anchor Steam.

Anyway, in the sober light of day I've taken the manual mod off Brian Scott poster's account. But please do keep pinging the corrections address - we'll pick 'em up night and day :)

C.

1
0
diodesign
(Written by Reg staff) Silver badge

"Actually, that's OpenBSD not NetBSD"

So why didn't you email corrections@theregister.co.uk? So you'll find all your comments moderated from now on. Well done.

It was fixed as soon as we spotted the mistake - in fact, it was corrected while we were in the bar after work.

C.

4
5

Arrr: Freetard-bothering Digital Economy Act tied up, thrown in the hold

diodesign
(Written by Reg staff) Silver badge

Re: bunch of tw@ts

"Would this kind of thing earn me a letter"

No, I don't think that sort of file is on the BPI et al radar.

C.

0
0

The triumph of VVOL: Everyone's jumping into bed with VMware

diodesign
(Written by Reg staff) Silver badge

Re: Re: #Dell / Equallogic

"Chris just didn't reach out to us for this story."

Full disclosure: LJL is a Dell employee.

C.

0
0

HP's Machine and IBM's $3bn R&D splash – aka how to survive Google

diodesign
(Written by Reg staff) Silver badge

Re: I Ask

We don't know yet beyond Machine will use a mix of standard processors (x86 or ARM, say), and then custom silicon to finish the job.

C.

1
0

YouTube radio stream boss 'quits Google' amid outcry from indie labels

diodesign
(Written by Reg staff) Silver badge

Re: Curious..

When we find out, we'll let you know.

C.

3
0

HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert

diodesign
(Written by Reg staff) Silver badge

Re: No, they're not sekret spying tools

"pcapd - so top sekret it's been a documented developer tool for years"

No - the developer doc you linked to is about analyzing traffic from another device on the network, not by the device itself which is what pcapd does, allegedly. The doc you linked to says "iOS does not support packet tracing directly". That's contradicted by Jonathan's claims.

The other things you link to are not documented by Apple officially (AFAIA). They may well have been known for a while. There's no harm in a serious security researcher joining up all the dots for everyone.

Unless you're just happy doodle dandy with everything as it stands.

C.

21
0

New BOMB detect-o-tech 'could give sniffer dogs competition': TRUE

diodesign
(Written by Reg staff) Silver badge

Re: Great article.

No.

C.

1
0

NASA: ALIENS and NEW EARTHS will be ours inside 20 years

diodesign
(Written by Reg staff) Silver badge

Re: Bob

Perl is perfection. No need to improve it.

C.

0
0

Own a Cisco modem or wireless gateway? It might be owned by someone else, too

diodesign
(Written by Reg staff) Silver badge

The HTTP remote management is on by default. And there is no workaround.

C.

1
0

OpenWRT gets native IPv6 slurping in major refresh

diodesign
(Written by Reg staff) Silver badge

Re: Come on!

The key thing is DHCPv6 from what I can tell. I've tweaked the article.

Don't forget to email corrections@theregister.co.uk - your comments won't be seen and articles won't be fixed unless someone drops us a note. And we all want articles accurate, right?

C.

3
0
diodesign
(Written by Reg staff) Silver badge

Re: Daniel Palmer

Yeah it was a typo - should be 3.10. Don't forget to email corrections@theregister next time.

C.

1
0

YES: Scotland declares independence ... from the dot co dot uk empire

diodesign
(Written by Reg staff) Silver badge

Re: Or just plain offensive?

I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question.

C.

3
0

Virty server bones thrown: Gartner mages see Microsoft rising

diodesign
(Written by Reg staff) Silver badge

Re: What A Load Of Shit

I was going to take your comment seriously, then I saw your username.

C.

2
0

Two years in the making: Sneak peek at VMware's future VVOL tech

diodesign
(Written by Reg staff) Silver badge

Re: NetApp is also a preferred design reference partner

Full-disclosure: gps1539 works for NetApp.

C.

0
0

Female! ex-Yahoo! coder! says! female! boss! fired! her! for! refusing! sex!

diodesign
(Written by Reg staff) Silver badge

Re: Digital Sex

"When I saw this story on the Daily Fail"

FWIW on the time delay: we saw this story first emerge on Friday evening (California time), but held off until we were able to obtain the court filing this morning. Just to check, y'know.

C.

14
0

Get ready for LAYOFFS: Nadella's coma-inducing memo, with subtitles

diodesign
(Written by Reg staff) Silver badge

Re: I can't believe

"I wasted a few minutes reading Nadella's memo"

We did warn you!

C.

13
0

Amazon Zocalo rocks Box, socks DropBox, clocks Google Docs

diodesign
(Written by Reg staff) Silver badge

Re: Most obnoxious article title in history

Thanks!

C.

4
0

Page: