* Posts by Marcel

32 posts • joined 9 Apr 2012

Russia's bid for mobile self-sufficiency may be the saviour of Sailfish

Marcel

Re: CE marked hardware

The Fairphone 2 (https://fairphone.com) is a EU-designed and CE-approved phone that runs Sailfish, although not officially supported (yet). See: https://wiki.merproject.org/wiki/Adaptations/libhybris/Install_SailfishOS_for_fp2

2
0

Great British Block-Off: GCHQ floats plan to share its DNS filters

Marcel
Black Helicopters

Easy to avoid

Cybercriminals could:

- use IP-addresses instead of domain names (which they already do)

- use other people's computers (which they already do)

So basically it will not work, while creating yet another secret real-time website blacklist.

1
0
Marcel

Re: Who uses the ISP DSN anyway?

Wouldn't that be illegal with a Net Neutrality law?

0
0

Come in HTTP, your time is up: Google Chrome to shame leaky non-HTTPS sites from January

Marcel
Megaphone

Re: Really?

You visit BBC and The Reg's website because you believe they bring you reliable news. If it's over HTTP it's not reliable anymore. And maybe you don't give a damn about privacy, but I do. So please let me visit sites over HTTPS and you keep visiting the non-secure version of it.

6
9

Fight over internet handover to ICANN goes right down to the wire

Marcel
Stop

Re: The devil you know?

The US doesn't shut down sites because of speech, but it does for commercial/legal reasons. FBI/DoJ has shut down many "illegal" websites, just because the .com/.net/.org domains happens to be administered from the US and they therefore have "jurisdiction". Some examples here: https://www.techdirt.com/?tag=domain+seizures

I don't want any single government to be able to shut down sites, for whatever reason (because they will always find a "legal" reason).

8
0

Crims set up fake companies to hoard and sell IPv4 addresses

Marcel
FAIL

Own fault

IPv6 development started 20 years ago or something. That was for a reason. If we started migrating to IPv6 10 years ago, IPv4 address scarcity would be a non-problem. Oh well, human nature...

BTW: theregister.co.uk --> IPv4-only

15
0

IP address clerks RIPE: Feds, come back with a warrant, er, web browser

Marcel
Paris Hilton

Clueless

First I read this: http://fusion.net/story/287592/internet-mapping-glitch-kansas-farm/

And now this article. Is it me or are LEAs completely clueless?

1
0

USB-C adds authentication protocol

Marcel

It already exists for a while and it was indeed originally called the USB Condom: http://syncstop.com/

0
0

Microsoft joins Eclipse Foundation. Odd thing for a competitor to do

Marcel
Thumb Up

Re: I'll start worrying when MS starts to commit code to emacs

I'm currently using Microsoft's Python Azure API (https://github.com/Azure/azure-sdk-for-python). On Linux. And it works too.

0
0

Samsung sued over 'lackadaisical' Android security updates

Marcel

Re: but

This is what Fairphone is doing (see https://www.fairphone.com/roadmap/design/). Their phone costs a bit more and it's not as shiny as an iPhone, but it will last longer, can be repaired, can be upgraded and no children were harmed during production.

0
0

Trend Micro: Internet scum grab Let's Encrypt certs to shield malware

Marcel
FAIL

Trend Micro fail

Trend Micro probably relies on unencrypted HTTP connection to spy on your internet connection to detect malware. Until now, TLS encrypted connection were used for well-known non-bad sites and could be disregarded by virus scanners. Now that TLS is available for the masses everything gets encrypted, including bad things and Trend Micro can't easily check it anymore.

The malware problem is not a problem that has anything to do with Let's Encrypt. It has to do with webservers being easily hacked, badly secured advertising networks, DNS policies, leaky browsers, unpatched Windows machines, etc.

Let's keep on encrypting people.

4
0

Superfish 2.0: Dell ships laptops, PCs with huge internet security hole

Marcel

Re: Feeling SO fine

Lenovo is doing it. Dell is doing it. What makes you think HP is not doing it?

7
1

GOOGLE GMAIL ATE MY LINUX: Gobbled email enrages Torvalds

Marcel

DIY

He can write his own OS, his own version control system (Git), why can't he write his own spam filter? Or at least bother to setup his own LINUX server with a nice FOSS mail server and spam filter.

6
12

America's cyber-security proto-laws branded 'surveillance in disguise'

Marcel

So, how exactly will this information sharing make us (or them, I'm not American) any safer?

I imagine this information sharing to be something like this:

"Hey FBI, I found this critical zero day and I think you might can use it to spy on bad guys. xxx, NSA"

"Hey Microsoft, can you please not yet patch this critical Windows vulnerability, because we're using it to hack terrorist right now. Regards CIA"

"Hey Whitehouse. Seems like we're being hacked by some kid in Russia and we have no clue how to stop him. Seems like we're screwed badly. Are you hacked too? Better have your spokesperson call it a cyberattack by a nation state, so at least we don't look stupid. Regards, Sony"

"Hey Apple, we can't really crack you iPhone security. Can you please build in a backdoor for us. Thanks, NSA"

9
1

Checkmate, GoDaddy – Google starts flogging dot-word domain names

Marcel
Megaphone

More interested in certificates

I'd love to see https://letsencrypt.org/ give away free certs later this year. Certificates are a much bigger scam than domains.

12
0

E-cigarettes fingered as source of NASTY VIRUS

Marcel
Alert

Re: Use a "USB Condom".

Indeed, use a condom: http://syncstop.com/

Stops computers being infected by malicious cigarettes. Stops your smart phone being infected by malicious chargers.

3
0

REVEALED: Reg trails claw along Apple's 'austerity' 21.5-inch iMac

Marcel
Linux

There are alternatives

Create your own all-in-one: get a Gigabyte Brix with Core i5, put in 8 GB RAM, a 500 MB HD (or SSD), a nice looking 24" IPS screen. Hook the Brix on the back of the screen and you have an upgradeable all-in-one for about 700 euro (much cheaper even if you go for a Core i3 or Celeron).

0
0

You are ALL Americans now: Europeans offered same rights as US folks in data slurp leaks

Marcel
WTF?

Human rights are non-negotiable

So the USA starts by granting all non-Americans no rights at all. Then when we complain, by the grace of God, they grant us *some* human rights in exchange for collboration with their unethical behaviour. F**k you, Eric holder and your soon to implode land of the free.

44
0

Iran brands Facebook boss Zuckerberg an 'American Zionist', bans WhatsApp

Marcel
Megaphone

People in Iran should download Tor while they still can.

0
0

Google buddies up with Intel for this year's big Chromebook push

Marcel
Linux

Linux please

I love Chromebooks, except for the OS.

Anyway, isn't a Chromebook without Chrome not a Netbook, the sort of laptops that were doomed (according to the Intel et al)? Innovation By Sticker™

4
0

Well done for flicking always-on crypto switch, Yahoo! Now here's what you SHOULD have done

Marcel

Re: Quite!

It's good for people to realize what is actually happening with their mail. Most don't and tech companies abuse this by giving us half solutions. Anyway, in my opinion, using TLS on all connections will at least make it much harder to do wholesale mass surveillance. It's pretty cheap to implement and pretty expensive to crack.

Anyway, meanwhile, people think of new alternatives such as Mailpile. Check it out.

https://www.mailpile.is/

3
0
Marcel

SMTP connections are (often) still unencrypted

Lately I have been trying to figure out whether the connection between Yahoo's mail servers and the recipient's mail server is encrypted. It seems that most of the cases it is not using TLS thus unencrypted a.k.a. plain text. I'm not quite sure what causes it to sometimes use TLS and sometimes not. It might be that no common cipher can be negotiated. Or that Yahoo has many servers which are not all configured in the same way.

You can test yourself by sending email to/from your Yahoo mail with another email account and then check the mail headers. How to view those depends on your mail client. In Yahoo mail you can do it by clicking on "More" below the email and then choose "View Full Header". In Outlook view the Message Options box. In Thunderbird press ctrl-U. Google for others.

You will see several "Received:" headers which will show the path of the nodes your email passed by (in reverse order). Now look for the top most (usually) "Received:" header where the mail is handed over from the Yahoo mail server to your ISP's mail server (or vice versa). There is will something like "with ESMTPS" or "with SMTP". The second S stands for secure. So ESMTP is good, SMTP is bad.

2
0

NSA gets burned by a sysadmin, decides to burn 90% of its sysadmins

Marcel
WTF?

Better solution

First he wanted to double the number to sys admins to make it more secure. Now he wants to get rid of 90% of them. I guess someone whispered in his ear that is would be cheaper.

Well, I have a even better solution: why don't you decrease your world-wide data vacuuming by 90% (and actually do what your agency is supposed to do). This has several advantages:

- cuts costs

- you don't break the law

- 90% less chance less of leaks

- you don't piss every on Earth off so much

44
1

Space boffins, oil giants, nuke plants 'raided' by MYSTERY code nasty

Marcel
FAIL

Install updates

It's beyond me why companies involved in top secret research and military don't update software that is used throughout all of their offices and has vulnerabilities that are rated "critical" or "severe" and contain words like "remote code execution".

So yeah, let's continue building multi-billion dollar/euro cyber armies and buy multi billion dollar/euro cyber security products, while all we need to do is:

- right click blinking icon in bottom right corner

- press Update Now

- press Next

- press Finish.

2
1

Phone, internet corps SNUB US government's cybersecurity ABCs

Marcel
Coat

Common sense

These 20 controls are common sense and obvious and should be required for ANY company or government to implement that is in any way connection to the internet. It worries me these telcos can't or won't implement it. Most likely it was just the legal department talking, to prevent litigation by customers for not implementing it. Anyway, they suck.

2
1

New class of industrial-scale super-phishing emails threatens biz

Marcel
Thumb Down

Re: super-phishing emails threatens biz

All the scary security news of last few years comes from marketing departments of security firms. Firms like Symantec and McAfee pump out these things on a daily basis. I think news sites should start to filter this kind of "news".

1
0
Marcel
Linux

Spearfishing?

Doesn't spearfishing imply it's a very targeted attack with personalised emails? Sending so many messages to so many companies sounds more like regular phishing.

Since we will never solve the problem of users being misled and tricked to click a link, when will there be software that doesn't cause your computer to be p0wned only by clicking on a link?

5
0

APT1, that scary cyber-Cold War gang: Not even China's best

Marcel
Stop

More critical reading is needed

The evidence linking hackers to a government or to a certain group is very thin or non-existent. What seems to be happening is that all of the thousands of hacks that happen every day are grouped into categories, then labeled as being from a common source.

All this is being done by governments with political agendas, soon-to-be-unemployed army generals looking for the next war and security vendors with gear/services to sell.

I take all this with a grain of salt. Meanwhile, all these companies moaning about being attacked are wise to teach their employees not to get caught in phishing attempts, install the latest patches on *all* of their equipment and start using encryption a little bit more (anyone using S/MIME or PGP?).

3
2

Chinese PLA soldiers 'mastermind cyber-espionage Cold War'

Marcel
FAIL

Not hard evidence

I have read the report and I don't see much hard evidence. There are a lot of facts in the report, but how they are linked together or where the facts come from stays a mystery. Not much substance and some dubious assumptions, in my humble opinion.

For example, how do they link the attacks to PLA's Unit 61398?

- They found that all attacks come from 4 /16 IPv4 net blocks (a total of 262k addresses), all owned by China Unicom. China Unicom is the 3rd largest telco in the world, with 273 million (!) customers in 2008.

- Then they link the netblocks to a city, Shanghai (the largest city in China, population of 23 million).

- Next they conclude that because the office of the Unicom engineer listed as contact person for the netblock is in the Pudong area

- The PLA Unit 61398 is also in the Pudong area

- Hence the IP addresses must belong to the PLA and is the source of the attack

Let me translate this into English:

- Suspect IP address belongs to a netblock owned by BT and is used in greater London area

- The BT engineer's office is in the centre of London according to whois

- MI6 is in the centre of London

- Hence the attack came from MI6.

4
0

Amazon, eBay, banks snub anti-fraud DNS tech, sniff securo bods

Marcel
Go

I had the same question

I have often wondered why there aren't any big sites using DNSSEC. Sure, it's a little complicated for the average Joe. But it's must be a piece of cake for big banks and e-tailer that already have large IT-departments and millions worth of infrastructure. They have the resources to have a guy or 2 or 3 devote themselves to DNSSEC and just implement it.

0
0

RIPE NCC handing out last European IPv4 addresses

Marcel
Black Helicopters

Why don't we just take Iran's IPv4 addresses?

An American lobby group, United Against Nuclear Iran (UANI), is seriously pressuring RIPE (and ICANN) into cutting Iran off the internet. That's also a way to get some more IPv4 addresses...

https://www.ripe.net/internet-coordination/news/ripe-ncc-receives-communication-from-united-against-nuclear-iran-uani

P.S. Cutting a whole country off internet because their government supposedly does naughty things, is a very bad idea in my humble opinion.

0
0

WTF is... UltraViolet

Marcel
FAIL

The End Of Owning

This UV is the mother of all DRM. It's it's meant to be the end of piracy for once and for all. You will have no more freedom. Want to watch a movie? Want to listen to music? Want to watch a tv show? Come to the content companies who thought of this and be their slave. You will never own any content again. You will rent rent rent, even though they make it sound otherwise. This is bad and must be stopped.

3
1

Forums