722 posts • joined 24 Feb 2012
Re: When booking a hotel...
The desk clerk is unlikely to know unless it is a tiny owner operated hotel.
In the UK and USA it would be a violation of the law to spread knowledge of security letters beyond the bare minimum people needed to carry out the request and the company's lawyers.
Insider Knowledge to Violate Fair Tradingi Laws
"... there is a profit motive to espionage, and we all trust that the GCHQ has imbibed enough of the Thatcher spirit to monetarize their snooping ... "
It isn't just selling porn.
I don't imagine anyone at the SEC or Serious Fraud Office, Financial Services Authority or Office of Fair Trading is checking to see if NSA or GCHQ employees are using insider knowledge to violate fair trading laws.
Look at Russia. If you want to be rich, if you want to succeed in business, join the FSB or be ex-KGB. This is where we are headed if we don't change course.
Re: LinkedIn (etc) and browser security
Fictional spy shows so ironic they must be a hipster's dream.
Please try to remember that fictional TV programs are not news reports.
You saw it on Spooks. Spooks isn't a new show.
I'm sitting here watching the US TV show "Alias".
When it was made 10 years ago it was a fictional account of an agency called SD-6, sort of a new world order type organization. And its employees thought they were working for the CIA.
Alias portrays all sorts of psychopathic bad guys and dirty tricks by the English, the French and people in turbans.
Most of it still is over-the-top fantasy. But what isn't, the dirty tricks that are no longer fictional, they're what the CIA and NSA have been doing.
And rather than the employees of SD-6 thinking they're working for the CIA but actually working for some fantasy "new world order" it seems the reality is that the CIA is working for SD-6 working for some new world order.
It isn't precise. It is still fiction. But the irony is monumental.
Is this technique why Tony Blair forced the UK to join the Attack on Iraq?
"Targets can also be discredited with a "honey trap", whereby a fake social media profile is created, maybe backed up by a personal blog to provide credibility. This could be used to entice someone into making embarrassing confessions, which the presentation notes described as "a great option" and "very successful when it works.""
This particular technique would work great against politicians in democratic countries.
I cannot see it working against terrorists.
So how many democracies has the UK undermined? How many elected officials? How many foreign prime ministers and presidents?
Did GCHQ use this technique to undermine the UK's own democracy, by subverting our elected officials, perhaps including prime ministers?
Parliament is the UK's only legislature. Are ministers commiting sedition
Parliament is the UK's only legislature. Are ministers or bureaucrats committing sedition by usurping Parliament's role as the UK's sole legislature?
"All of GCHQ's work is carried out in accordance with a strict legal and policy framework," said the agency in a statement, "which ensure[s] that our activities are authorized, necessary and proportionate, and that there is rigorous oversight,"
From what is reported, we know what they're doing and that they're doing it to companies -- not terrorists.
From what is reported, we know what they're doing and that they're doing it to governments -- not terrorists.
Only a psychopathic criminal would consider what the UK government authorize such measures as necessary and proportionate against such targets.
If there is rigorous oversight, then that oversight must be provided by people with similar high levels of psychopathic criminality.
Windows has nothing at all to do with it, regardless of what you've read.
Windows has nothing at all to do with it, regardless of what you've read.
People want the OS they have. Which is why they don't all switch to Windows 8.1, MacOS, Linux, etc. We want what we already know, it doesn't matter how easy to learn the new thing is, it can't be easier than what we already know.
People can easily buy Windows 7 computers, and they can buy Windows 7 software to install on a Windows 8 machine.
And they can buy Apple computers or download Linux.
Desktops and laptops are not constrained to only running Windows. Windows and MS could vanish and sales would remain the same, after a blip.
Bundling some compelling new software with a Windows 9 wouldn't going to do it either. People would buy Windows 9 for $120 instead of a new computer for $800.
The problem is merely that we've all got laptops and desktops already and won't need replacements for several years.
We don't all have smart phones and tablets. And the ones that we have from two years ago were underpowered. So that market will stay alive.
How often do you buy a TV? Every 8 years? Nothing is going to make you buy one ever year. How often do you buy new shoes? Every 1 year. Shoes and portable electronics wear out quickly.
The PC and laptop market is mature. What does anyone expect?
The PC and laptop market is mature. These machines last 5 to 10 and 3 to 5 years. Everyone who wants one has one.
Why would any reasonable person not expect sales to drop down to an equilibrium level where new purchases match failure rates of old machines.
Re: Wrong analogy
Quote: "Except this is more like allowing the police to go around crashing the cars"
Standard practice in the USA and Canada too.
It is taught in most state's and province's police schools.
But you can't just do it whenever you want. There are certain criterion (low levels of criterion in many states, high levels of criterion almost never met in Canada).
The criterion for permitting attacks, military, cyber or otherwise, by government workers and troops need to be high, the supervision needs to be close, and the laws of parliament should be followed.
"There's no lasting damage, it's just disruptive. A common comparison is the sit-in protest in the real world:"
If we accepted that reasoning we'd have to accept that government employees could do it too without needing a court order or warrant.
They would not even need the agreement of senior managers, they could just do it on their own.
I reject that reasoning.
1. DoS attacks do cause lasting damage. They cause great expense in preventing them happening again.
2. Sit-ins done for *some* reasons are not peaceful political protests, but rather are a form of extortion. As with most criminality, it comes down to intent. Is the intent legal.
Is the intent to force someone change how they do business -- illegal?
Is the intent to force someone to spend money -- illegal?
Or is the intent to make someone consider something -- legal, provided it doesn't cause harm. Harm includes paying service providers for protection against future attacks.
Not just Ed Milliband but just under half of Cameron's own party.
Politically active people often quarrel within their own party, it is a normal state of affairs.
But LulzSec and Anonymous are neither political parties nor political discussion groups.
They are groups that actively break the law and disrupt the normal functioning of governments and companies.
I see the problem as only that GCHQ or Special Branch should have had a warrant from a judge to do this.
Government workers should be made to work within the laws set by parliament, and they should be fired or sent to prison when they violate those laws. Being a government employee should be considered an aggravating circumstance that makes the punishment worse, rather than a 'get out of jail free card'.
Acts are seldom ever either "legal or illegal"
Acts are seldom ever either "legal or illegal".
Shooting someone. Locking them up. Putting milk in their coffee. Holding a door open.
These are all acts that can be either legal or illegal depending on the circumstances.
Shooting someone? It could be self defense. Locking someone up?
It could be locking the door to your house and keeping you and your infant inside.
If you put milk (instead of non-dairy creamer) in the coffee of someone you know has a serious allergic reaction it would be a criminal act.
Holding a door open to knowingly facilitate a robbery is a crime.
Acts are seldom ever either "legal or illegal". Intent is a major part of the law, and necessity can be a defense.
DoS attacks should only happen with court orders
While LulzSec and Anonymous are not physically violent groups, they are not law-abiding political organizations either.
DoS attacks on peaceful mainstream or even peaceful fringe political groups would be outrageous.
But these two specific groups are not groups set up merely to exchange and develop political viewpoints or engage in peaceful lobbying. They do advocate law breaking and denying the civil rights of other citizens.
There may be other issues I have not thought of, but only issue I currently see is why wasn't the DoS done openly under a court order. Police and security agencies must not be allowed to become an all-in-one legislative, policing, judicial and punishment system.
Police and security agencies must remain under democratic control of our parliaments and our judges -- otherwise it means the Soviets and Maoists won the Cold War.
To me this is far far less disturbing than spy agencies gathering material on regular peaceful citizens of long-time allied countries and their current and future political, business, academic, technological and religious leaders.
In other news Benedict Arnold hailed as a true patriot and idol
Spy agencies spying on the people they're supposed to be protecting.
In other news Benedict Arnold hailed as a true patriot and idol of US spy agencies.
Re: I thought my marching days were over
And yet you and I both took time to comment on the story, Obama takes time out of his day to comment on it, the CBC, NY Times and NY Post to articles on it.
People care, just not enough. They don't realize how serious this is.
Is it the position of the Reg is that German PM Angela Merkel was up to something nefarious?
"As the story points out, the attack could be the first known instance of a spookhaus action against an individual not under investigation for something nefarious."
"spookhaus action against an individual not under investigation for something nefarious."
They're investigating all of us, just generally not doing anything with the info they gather.
So what is your definition of nefarious?
Exactly my fear. It *may* be that our politicians are already under spy agency control.
Listening to US Senator Dianne Feinstein (Democrat from California and Chairman of the Senate Select Committee on 'Intelligence') on the news, I can't believe she supports the words coming out of her mouth on this issue.
Re: I've given this some thought
I look at it differently. Politicians aren't the only danger.
It is the spies themselves grabbing power that is the biggest danger.
- Look at J. Edgar Hoover in the USA. What he did over decades makes what Nixon did in a few years look trivial.
- Look at Russia today and the old USSR.
- Recall the Warsaw Pact.
- If you know 20th century South American history, look there.
Politicians can be a problem, but they are not the main problem. The main problem is the security and military apparatus taking control and destroying democracy through intimidation, coercion and later, after they have power, more extreme methods.
Re: Caught in the cookie jar denials
As Lars said, if Cameron really did think the public was okay with this he wouldn't have kept it secret from the public.
The succession of lies coming from Cameron and Obama, each lie revealed in the next day's news. Total disgrace to our puppet politicians.
Tories and Labour will give us a UK resembling Putin's Russia
Any politician worth 2 pence would stand against spying on his own people.
In the early stages it won't be the general public being intimidated and coerced by our own spy agencies, it will be politicians.
Sure GCHQ and the NSA can help you keep down backbenchers and opposition parties, but take the long view, look at your legacy Mr. Cameron.
Do you want to join Tony Blair as the other PM who destroyed British democracy?
And that is what all this is about.
Democracies are not destroyed by terrorist attacks (with one debatable middle eastern exception).
Democracies are destroyed by their own spy agencies, with or without external spy agency help.
If you don't think Warsaw Pact history is sufficiently close to the UK situation, look at 20th century South American history. Lots of democracies as good as the UK's (if younger) toppled. They're like the black death.
Time and time again it is spy agencies who topple democracies.
Yes we need spy agencies, but not invasive spying on our own political, business, academic and scientific leaders.
I'm a UK expat.
What Blair did, what Cameron is doing, out-of-control domestic spying will transform my homeland into a UK resembling Putin's Russia were government and business is dominated by spies and ex-spies.
We need GCHQ. We do not need a UK equivalent of a super Stasi or super KGB monitoring every cellphone and every landline and able to subvert our leaders and our democratic methods.
Re: And what have we learned Microsoft?
Now that is good thinking and MS should take this to heart.
Keep the user interface, secure and improve the internals.
Most people want what they're familiar with.
To most users, familiarity is at least 50 out of 100 possible points for usability.
A user interface change always has to be sufficiently better that it justifies the inconvenience of re-learning how to do something. In other words a user interface change has to be *much* better to be worth subjecting your users to it.
MS forgets this with Windows and Office.
MS took that to heart and people still complain.
I remember on here a few years ago people couldn't stop themselves from complaining about how bad XP was, how lousy its security was.
I remember all those folks saying, "security had to be designed in, not added on in patches."
Well MS took that to heart and people still complain.
There is no winning.
ComputerSecurityLevel = Min(OSSecurityLevel, AppSecurityLevel, AdminSecurityLevel, UserSecurityLevel);
Where's Linux and MacOS on the graphs?
Where's Linux and MacOS on the graphs?
Climate Change is Currently More Theology Than Science
1. Climate change is currently more theology than science.
2. We're told to believe it because 'climate change scientists' believe it.
3. Normal scientific dissent and discussion is suppressed.
4. Only one proposed solution is presented.
5. Raw data is suppressed.
6. Data is manipulated to fit results.
7. How accurate are climate change models? Test them on something simple.
- Do they forecast past weather changes?
- Do they forecast future weather changes?
They're never going to be able to forecast the weather in the UK accurately -- the UK is simply too small an area and weather is too chaotic. They're never going to be able to forecast the weather on a specific day accurately -- again too chaotic.
But if they had accurate models they would be able to forecast whether the weather in a large area like Western Canada would be above average, near average, or below average for a 30 day period 3 months from now.
Environment Canada uses 20 different weather modeling processes, combines the results and only comes up with 50% accuracy. Three choices, 50% accuracy. Better than chance, but not much better.
The models are just not accurate yet.
8. What we should be doing is replacing the climate change theologians with real scientists and developing better models for what is going on.
- If current climate change is man-made that is actually very good news. We can probably deal with it one way or another.
- If current climate change is a natural process that is potentially terrible news. We might not be able to do anything about it.
- We need proper scientists doing real science to determine what is really going on. I believe this means more spending in taking measurements in space and oceanographic programs.
9. I'm 59. For most of my life scientists have worried that we'd lapse back into another glacial period. We're in an interglacial period in an ice age.
The old computer models that they had for most of my life showed that one summer the Bering Straight would not thaw in summer and we'd be straight into having glaciers covering Canada, the northern USA and huge parts of Europe and Asia.
A renewed glaciation is going to destroy way more cities and agricultural land than sea levels rising 10 m.
Low lying cities on ocean shorelines are libel to damage from tsunamis anyways.
10. We really desperately need better models of climate and the chemistry of the atmosphere and oceans to be able to know if we're at risk of another period of increased glaciation, or if we're in danger of the ice age we live in ending, or both.
We need to know what's broke and how it's broke before we going turning the world upside down to fix it. And we need to know it soon, just in case it turns out to be urgent.
That's how I see it.
I'm not surprised China doesn't want NSA software
I'm not surprised China doesn't want NSA software.
I'm sure the US government would not be happy if Chinese software was the only option for US citizens (the US government, especially Sen. Rogers complain about us Canadians having the mere option of Chinese software).
I just wonder why more governments are not following this path to protect their citizens.
This is an excellent article.
Its a pity there is not more plain speaking honest reporting done in this world.
Too many other journalists just parrot whatever lies and half-truths they are told, regardless of whether it is obvious lies. No newspaper should be in the business of spreading lies.
Too many newspapers and TV networks drop the "Sen. Smith said" and just repeat what Smith said as if it were a fact.
And even those that take the time and space to say "Sen. said" seldom ever point out that Smith is lying.
Well done Iain Thomson.
A monopoly is all we need
A monopoly is all our electronics industry needs to go up against now.
Fortunately there are many nations around the world with various rare earth ores. Unfortunately the pollution required to do the mining is so monumental that most nations require pollution controls that are not economically feasible.
Re: it's like prison. You don't get to say no but if you're lucky, you can pick the least painful
The linked article says that Gulf countries like to spread their dependence around so that they are not solely dependent on the USA.
Plus Russia has all the oil it needs in its own oil fields, Russia has no need to rip-off Gulf nations as part of its national energy policy.
"Generally, Arabian Gulf countries split arms buys to reduce dependence on the US, the specialist said. The UAE flies the Lockheed Martin F-16 and Dassault Mirage 2000-9, while the Saudis operate the Boeing F-15, as well as the Tornado and Typhoon."
Could you explain how in the world the UAE could benefit from a discrete conversation over this.
Maybe they could get a bribe to be quiet, but that would only benefit the bureaucrat concerned, not the UAE.
Borrowing the good old USA tactic of the little guy going to the press when he's up against a big powerful enemy seems to be the best solution.
From the linked article:
"A high-level UAE source said the two high-resolution Pleiades-type Falcon Eye military observation satellites contained two specific US-supplied components that provide a back door to the highly secure data transmitted to the ground station."
"France operates the Pleiades spy satellite in what is viewed as a critical piece of the nation’s sovereignty. Given that core competence, it seemed strange that France would use US technology, although there is an agreement between Paris and Washington over transfer of capabilities, analysts said."
"The French negotiations with the US on the technology for the UAE would have been sensitive. For example, when the US sold spy satellites to Saudi Arabia, Israel wanted to limit the resolution level in the payload, the second specialist said."
Re: it's like prison. You don't get to say no but if you're lucky, you can pick the least painful
You'd expect it from the Russians.
But the Russians have fewer skills and resources with which to hide their backdoors.
Russia probably buys most of its chips from other nations, for example.
Are there any western-made aircraft or spacecraft or communications systems that the USA has not put backdoors in?
Re: We're a lot further to the right on that graph than shown.
I wonder how many ideas and innovations have been scraped because the cost and complications of patenting are too expensive and how many ideas and innovations have been scraped because the risks of infringing on some unknown patent are too great.
Re: Tabarrok's curve, first mover and the elephant
First to market is at an advantage?
That ignores global markets and the inability of any regular sized company or innovator to release even a modest product world-wide all at once.
For less modest products production is to expensive for many innovators. Consider ARM, the CPU architecture designer, they could not exist without patents.
Eliminating the patent system completely would aid only mega business.
The patent system (especially in the US) needs overhaul, but not elimination.
Re: Can of worms
My dad died after being hit by a car.
You don't see me posting that cars should be banned.
Re: Loser pays
US patent law changed in 2011 and again in 2013.
I don't see any reason to expect it to not change again soon, the only question is what will the changes be?
Will the changes be designed to protect lawyers, big business, small business, academics, trolls, US business, foreign business, or what? I suppose that depends on who lobbies most effectively.
Re: Proof by assertion
Celebrity chefs, fashion designers, are artists sell their names/labels/signatures more than their products, so what they produce is not a 'public good'.
You go to a celebrity chef's restaurant, you think that's him in the kitchen that night? No, but by going there you are showing your friends your affiliation with that chef.
Same with designer labels on stuff (including much Nike and Apple stuff). Knock-offs, even of superior quality to the original, cannot be sold for the same high prices.
And consider what happens to the price of a paint if its attribution changes from a middling artist to a great master -- same painting, same artistic and aesthetic value, but suddenly goes from being worth $20,000 to $20 million.
Duration of copyright protection is too long
I only see one problem, that being the length of copyright protection is too long for what it currently covers and would also be too long for software. It has evolved evolving from 'life + 20 years' to 'life + 95 years', and there is significant lobbying to lengthen the duration even further.
Re: Perhaps a Soviet Double Agent ordered Turing's Death
You do not need to have a security clearance to work against the USSR.
However there is no evidence that his death was an assassination by anyone either.
Test the apple to see if it even contains cyanide suggest the guy in the article. If it did or didn't what would it mean? Nothing. He died from cyanide poisoning, the apple was the obvious path.
But knowing whether he took the cyanide as powder or a contaminated apple by fumes, would not point to or exclude accident, suicide or murder or assassination.
It is more lack of motive for assassination or murder that points to accident suicide. The UK government didn't have to kill him to revoke his security clearance, and neither did the USA nor the USSR.
Re: Posthumous Pardon?
You are not pardoned for things you did not do.
If you did not do it then your conviction is over-turned or set aside.
Re: Another person who thinks they're 'the only gay in the village'
So being gay did not automatically mean the UK would kick you out of top secret positions.
Another person who thinks they're 'the only gay in the village'
I think it was more the Americans who pushed to have Turnings clearance revoked.
The public school boys who ran/run things in the UK in those days would not have seen much wrong with being gay.
Look at the Cambridge Six (or Seven or whatever it is up to). Gay and working for MI5 & MI6, no problem. But they were not on joint projects with the Americans.
But even then, the circumstances, the experiment he was doing in his room with dangerous chemicals, I really doubt this was an assassination.
The real question is whether it was a suicide or an accident.
Don't connect to the internet, but do you have USB sockets or drives for removable disks?
Your XP computer might not connect directly to the internet, but does it have a USB socket, or diskette, CD, DVD or blu-ray drive?
Currently these other paths are being used to infect non-internet connected diplomatic and 'industrial command and control systems', and there is no reason to believe that they won't be used to infect XP systems in at least in 'attractive targets'.
It is even possible to migrate data off of these non-internet connected systems. The Israelis and Americans did it to the Iranian nuclear program, so it is feasible and who knows how often it has happened elsewhere.
Also, if you have an internet connected machine on the same network as your XP machines (whether or not it is running an up-to-date operating system and antivirus) it could be used as an entry point to any connected XP machines. One trojan, one stupid mistake, on that internet connected machine and it could quietly violate however many hundred XP machines are connected to it.
Is your business and that application an attractive target?
1. Would anyone be able to profit from the disruption of that application, directly or via blackmail?
2. Would anyone be able to profit from knowledge of data in that application, directly or via blackmail?
And there are doubtless other ways to be a high value target.
So if you're going to keep XP in your production environment I suggest you disable the drives for removable media and disable the USB sockets and make sure that no computer on the network with the XP machine have internet access.
When creating future surveys remember that "one copy" is meaningless
When creating future surveys remember that answers to questions about "one copy" of something are meaningless.
Yes we'll have a copy. On a machine in the testing lab, just in case we ever need it.
Meaningful questions would be:
1. Will you have a server or workstation running WHATEVER in any of your non-production (testing/educational/experimental/training) environments?
2. Will you have a server running WHATEVER in any of your production (non-testing/non-educational/non-experimental/non-training) environments?
3. Will you have a workstation running WHATEVER in your mainstream production environment?
-- and then if you want more precision --
4. Will you support WHATEVER on any machine in your production environment?
5. Will you only support WHATEVER on the production machines of a small number of politically powerful users?
6. Will you only support WHATEVER on production machines in non-critical applications isolated from your main business network?
Re: Spread the cost.
"that also most computers are left wide open with antivirus and antimalware."
Did you check to their website to see if your existing AV actually detects this?
I had to do a lot of looking, but eventually I found where Kaspersky says it protects against it.
Thing is, for the big AV vendors this is just another type of malware. They do not issue press releases for each new type of malware they can detect.
For the operating system, well operating systems cannot decide what files you should and should not open on your computer.
I think most AVs probably have protection against these encryption programs now
Kasperky has similar tools available. I'm on Kaspersky's mailing list and get this info. I think The Register should get itself on the list too.
And Kaspersky now includes protection against these ransomeware programs. They don't make a big deal about it, after all, it is just another version of the thousands of versions of malware.
I think most AVs probably have protection against these ransomeware programs now -- but only a few are trying to make bucks off of it.
With all the NSA and GCHQ spying going on, why haven't they identified this guy ?
With all the NSA and GCHQ spying going on, why haven't they identified this guy ?
Is it only the ATF that the NSA will help? It isn't narcotics so they do not care?
I'm against all the spying on regular folks, but if we're going to have this invasive spying on everyone, why not use it in cases like this?
Re: The Black Swan Theory
And that is one of the two main principles of the Black Swan theory, that luck has more to do with success than good ideas.
You must take risks, but you do not know which risks will pay off.
An example the book gives is the movie industry. Nobody has ever been able to predict which movies will be successful. So major motion picture companies risk a little bit of money in a great many movies. Smaller production companies each risk a great deal in a small number of movies.
Touch screens were around long before the iPhone and Apple. But they did not 'take off'. From about.com,
"Historians consider the first touch screen to be a capacitive touch screen invented by E.A. Johnson at the Royal Radar Establishment, Malvern, UK, around 1965 - 1967. The inventor published a full description of touch screen technology for air traffic control in an article published in 1968."
What made iPhone popular is what makes a best selling author or major painter popular: The bandwagon effect, that it is the person (Jobs) people wanted, not the technology. Owning Apple meant being being associated as a fan of Jobs.
Re: Abandon all hope.... you are entering "couldhavebeen land"
"it's just that successive bullshit governments have failed to have the vision to back the winners"
That thinking is the root cause of the problems.
Communist and socialist environments have never been hotbeds of new technology and have never given rise to real 'winners'.
What the UK (and NYC) should do is abandon making money through investment banking rip-offs of world + dog and make money through investment banking that invests in good promising technology -- that is what successful countries like the USA (apart from NYC) do.
- Crawling from the Wreckage Want a more fuel efficient car? Then redesign it – here's how
- TV Review Doctor Who's Flatline: Cool monsters, yes, but utterly limp subplots
- Downrange Are you a gun owner? Let us in OR ELSE, say Blighty's top cops
- Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
- Human spaceships dodge ALIEN BODY skimming Mars