* Posts by Adam 1

830 posts • joined 7 May 2012

Page:

Insurer tells hospitals: You let hackers in, we're not bailing you out

Adam 1
Silver badge

Re: Good

"Adequate" is inadequate (excuse the pun). It is a weasel word that makes it very easy for the customer to think that they have one policy but learn a hard lesson when they try to claim.

In principle, I agree with the insurer. Failure to take "adequate" precautions makes you a higher risk, and if that is not recognised against your policy cost then everyone else's must increase to socialise the loss caused by your lack of foresight.

But adequate must have provable definitions if you are going to deny claims based on it. If my car insurer stated that my car must be adequately maintained, a current certificate of registration proves that my car passed the required certifications. If they have other additional expectations, like 6 monthly services etc then they need to stipulate that explicitly.

Back to the case in point. If adequate means that patches should be applied within 30 days, what do they mean by that? Windows update? Sure. What about that old version of jre that is still needed to run that legacy system? What about that system that has been powered down for 6 months with its user on some type of extended leave? Is your policy torn up because they switched their computer back on and it was not updated for a few days? Is your router patched?

Most people don't want to accidentally leave their networks open to pwnage. For many, it is a case of being naive rather than reckless. Providing easy to digest guidelines for your customers had the double advantage of protecting them, making your offering more valuable in their eyes and by extension more profitable for you.

0
0

Skype hauled into court after refusing to hand call records to cops

Adam 1
Silver badge

1. Suspected criminals; if they had been found guilty by a competent court then these logs would hardly be necessary.

2. Yes. Privacy of citizens should be the default position.

3. Microsoft Ireland is subject to EU laws. If Belgium fills out the right forms through established EU processes, they will get the data.

4. Even if held by an entity outside Europe, Interpol processes are available to them.

22
3

World loses John Nash, the 'Beautiful Mind'

Adam 1
Silver badge

Re: It should also be pointed out

Why (should it be pointed out)?

4
1

Hacker launches ransomware rescue kit

Adam 1
Silver badge

Re: Detection better than cure?

How does one detect that a file is encrypted? It is just a sequence of 1's and 0's until an application decides how to process it. Detection online just moves the problem further down the stack. Take an xlsx file as an example. It is just a zip file holding a set of XML documents and other artifacts. What makes it valid? A valid to an online scanner? Is a valid zip file header enough? If so you can expect the encrypted xml document to be added to a valid zip file. It is a seriously hard problem to solve. Regular test restores to clean VMs are the best we have at the minute.

0
0

Mozilla flings teddy out of pram over France's 'Patriot Act'

Adam 1
Silver badge

Re: the problem is ...

No you're not.

4
0

That DRM support in Firefox you never asked for? It's here

Adam 1
Silver badge

Re: Netflix ?

>What is Netflix ?

An ISP comparison website, kinda like speedtest.net

1
0
Adam 1
Silver badge

Re: CDM is better than plugins

+1 Stuart

(From one of the 150 million people whose security Adobe compromised a few years back)

@Mozilla, keep their crap off my box.

1
0

SHOCK! Robot cars do CRASH. Because other cars have human drivers

Adam 1
Silver badge

Re: caused by human error and inattention

Driving is more than yaw computations. Sorry, was that a packet of crisps that can be safely run over or a rock that must be avoided by an aggressive manoeuvre. No time to get a response from Watson in this crappy 4G zone.

It stands to reason that a mesh of autonomous cars can process more information and not do the stupid things is humanoids do from time to time. But! What would happen if you were overtaking this car at the moment it decided that the abovementioned crisp packet was to be aggressively avoided? This could easily create accident scenarios that are not so today.

4
3

Ding-dong, the cloud calling: The Ring Video Doorbell

Adam 1
Silver badge

Re: HD video?

No problems recording an HD stream for its security purposes, but as a doorbell I would much prefer a 1 second notification in poor WiFi range if it just meant a lower quality broadcast to my phone.

4
0

Geneva boffins make light work of random numbers

Adam 1
Silver badge

problem though

Once you perform the test the steam ceases to be random.

1
0

App makers, you're STILL doing security wrong

Adam 1
Silver badge

Bloody autocarrot

0
0
Adam 1
Silver badge

I would argue that your GPS coordinates can be easily spoofed by anyone who can type "fake GPS" into the play store search window and as such its effectiveness as a fraud detection is rather limited.

You have to look at the perspective troy would be coming from. When you witness large multinational companies accidentally letting 150 million accounts be breached, you have to recognise that step 0 for security is to not collect the private information that isn't necessary to fulfill the transaction. Or to put it another way, how much do you think the home addresses of papal customers would be worth to identity fraudsters?

2
0

Welcome, stranger: Inside Microsoft's command line shell

Adam 1
Silver badge

Re: Piping and conditional logic

Many ps applications basically generate the appropriate cmdlet that achieves what you clicked. This lets you do it through the ui, then grab the script and do it in bulk.

0
0
Adam 1
Silver badge

Re: Obscure knowledge got me a job ....

>Only time that happens in a batch file is if I try to get really fancy with a FOR command.

Or any other processing involving the system date; stuff like rename that zip file with the prefix 20150428 is a right PITA with batch files.

1
0

Looking for laxatives, miss? Shoppers stalked via smartphone Wi-Fi

Adam 1
Silver badge

Re: Am I the only person in the world

>Am I the only person in the world

who has both WiFi and Mobile Data turned *off* unless and until I want to use it?

Yep. It's how we know it's you wandering around.

3
0

SUPERVOLCANIC MAGMA reservoir BUBBLING under Yellowstone Park

Adam 1
Silver badge

Re: I can't quite get my head around that measurement.

I believe the correct unit of measure would be Olympic swimming pools.

2
0

Windows 10 Device Guard: Microsoft's effort to keep malware off PCs

Adam 1
Silver badge

Re: Identity badges don't guarantee good behaviour

Minimal access levels is a good idea because the attack surface is reduced and the bad things the malware can achieve is more limited. But I will point out that encrypting all the xlsx files under "My Documents" doesn't require any privileges beyond what such a user would have.

0
0

Japan showcases really, really fast … whoa, WTF was that?!

Adam 1
Silver badge

Re: ten centimeters

>I haven't heard ten centimeters referred to as "excessive" before, but I digress

From my understanding the force required follows an inverse cubed relationship. So it is 8 times less energy to pick 5cm or 64 times more energy than an inch.

I am sure that there is a good reason to elevate it so high, just curious.

0
0
Adam 1
Silver badge

If the goal is to reduce friction, 10cm seems a tad excessive. Surely it just needs to be not in physical contact with the track? Anyone know the reason?

0
0

Lawyer: Cops dropped robbery case rather than detail FBI's StingRay phone snoop gizmo

Adam 1
Silver badge

I suspect nothing is wrong with such a tool per se. They would've got a warrant first, right guys?

3
0

Google broke own security with April fool gag

Adam 1
Silver badge

Fixed within 90 days. What's the problem?

5
1

Default admin password, weak Wi-Fi, open USB ports ... no wonder these electronic voting boxes are now BANNED

Adam 1
Silver badge

Re: That design is a travesty

Identification and voting should not go through the same system. Also, you ideally need to share between identification systems whether a given voter has already cast a vote to prevent someone voting multiple times.

Also, ss numbers alone are probably insufficient for authentication because they are guessable.

1
0

Want to go green like Apple, but don't have billions in the bank?

Adam 1
Silver badge

Re: Go one better

Some back of the envelope calculations...

148 x 100W fluorescent lights would draw 14800.

Switching to LED would realistically drop them to 85W but let's pretend that the laboratory achieved lumens per watt could get us to 70W.

This would save 4440W.

If we assume an average draw of 850W per server, that is about the same power reduction as switching off 5.5 servers. In the scheme of things, that won't be a measurable blip on the building power usage.

The only way I can see the savings becoming significant is that LEDs are dimmer friendly, so you could far more easily control the lighting to follow you as you walk around the building and be at very minimal levels elsewhere.

0
1

It's 2015 and a RICH TEXT FILE or a HTTP request can own your Windows machine

Adam 1
Silver badge

Re: Flash Player - or a Prayer?

Also, you may want to rethink your choice of PDF viewer now they bundle open candy malware.

2
0

Bloke hits armadillo AND mother-in-law with single 9mm round

Adam 1
Silver badge

This kids is why we need the interwebs. How else would I learn important tidbits like that?

11
0

Rand Paul puts Hillary Clinton's hard drive on sale

Adam 1
Silver badge

Re: Is this SATAire?

I'm afRAID that I just can't compete with those.

8
0

Google sticks anti-SQL injection vaccine into MySQL MariaDB fork

Adam 1
Silver badge
Adam 1
Silver badge

Doesn't set need to go before where?

0
0
Adam 1
Silver badge

So back to 80's coder's question. How have they mitigated SQL injection attacks? SQL injection works because the SQL language by nature interleaves instructions (select/delete/insert/where/etc) and data. Most DBMS have parameterized queries, where you specify the SQL query with placeholders and then pass the data as part of the parameter structure. The DBMS can then correctly escape strings that it is passed to avoid this problem (and reuse query plans which differ only by parameter value)

Without parameters, the developer has to remember to escape (and probably bound check) all the user enterable data before inclusion in the string. Humans forget things, or fail to understand that just because your JavaScript only accepts an integer, the data may be sent across a http post which a malicious user can easily modify.

So how have they stopped developer stupid?

1
0

Aluminum bendy battery is boffins' answer to EXPLODING Li-ion menace

Adam 1
Silver badge

Re: Bored of Battery "Breakthroughs"

No. Fusion is 10 years away.

6
0

Crack security team finishes TrueCrypt audit – and the results are in

Adam 1
Silver badge

uti nsa im cu si

0
1

Wind turbine blown away by control system vulnerability

Adam 1
Silver badge
Coat

This is what happens when you expose your wind turbines to the clouds.

20
0

Dear departed Internet Explorer, how I will miss you ... NOT

Adam 1
Silver badge

Re: Ahh CL

A (former) colleague was debugging some code and was caught out by a compiler bug which caused the debug symbols to not load unless you changed the source file. This meant that every time he tried to replicate the problem, the IDE would just jump straight through his breakpoint.

After much fist shaking, he figured out what was wrong and added a "suitably expressive pop-up window". The compiler then happily stopped on the breakpoint and the bug was quickly found and fixed. Just as quickly, the pop-up was forgotten and somehow was missed by testing. The MD found it with suitable displeasure announced to my then colleague.

2
0
Adam 1
Silver badge

>basing one of your strategic projects on open source code

I see. You mean something more like basing your own TCP IP stack on BSD.

0
0
Adam 1
Silver badge

Re: In a wonderful piece of irony...

Maybe this could be fixed with a site redesign?

:p

3
0
Adam 1
Silver badge

> I really doubt Microsoft would put their crown jewels in an open source project like that.

You're probably right. It's not like they've open sourced the .net runtime and hosted it in github.

1
0
Adam 1
Silver badge

Re: Bing thing?

127.0.0.1 bing.com

(Put it in your hosts)

6
0
Adam 1
Silver badge

Not quite my memory. Hard to believe but there was a time in the early days when ie was a more competent browser than Netscape. They then turned to dodgy tactics and then sat on their laurels until they were well and truly surpassed.

Tbh, I hope Spartan works out for them. I would rather we had another choice of browser out there rather than yet another rebadged WebKit.

14
0

Apple: Those security holes we fixed last week? You're going to need to repatch

Adam 1
Silver badge

Re: Damned if you do

I'd crack some joke about Apple taking some lessons from Microsoft updates of recent, but security is a hard problem. The defender needs to succeed in every occasion. The attacker needs only to succeed once.

12
1

Noobs can pwn world's most popular BIOSes in two minutes

Adam 1
Silver badge

Re: require only access to a PC

Let's play through that encrypted drive scenario and assume the server has no cold storage of the encryption key (a surprisingly hard problem). That means on boot that someone or something must provide the said key at startup, or the key must be derivable from data held locally. The problem with the latter is pretty self explanatory; if the server can calculate that, so can anyone with access to that data. If the former, and that server must request from another (presumably uncompromised) - did we just solve or move the problem? Next, the credentials for that other server must be available to the cold one. If on the other hand, someone has to physically type something at the console, then it is trivial to add a hardware key logger and capture it when it is typed.

There are things you can do to minimise risk, but armed guards at data centres are not just to prevent people flogging kit.

0
0

OpenSSL preps fix for mystery high severity hole

Adam 1
Silver badge

Re: The real question...

Waiting for the logo from the marketing team?

8
0

Boffins brew up FIRST CUPPA in SPAAACE using wireless energy (well, sort of)

Adam 1
Silver badge

Bah! Next you will be claiming that blue whales come in different sizes.

2
0
Adam 1
Silver badge

Re: What about misdirected microwave beams?

It's amazing how short our collective memory can be. I mean that documentary came out nearly 20 years ago.

1
0
Adam 1
Silver badge

The Olympic swimming pool IS a perfectly valid scientific unit of measure. Unfortunately for the author, it is a measure of volume or displacement, not distance. Come on el Reg. We expect a technology news site to understand the difference.

1
0

Musk: 'Tesla's electric Model S cars will be less crap soon. I PROMISE'

Adam 1
Silver badge

>Interestingly, electric cars become more efficient the slower you drive.

According to physics, that rather applies to anything moving through anything:

Fd=ρν^2ACd/2

The velocity above is squared, so you double your speed relative to the air, it quadruples the energy required to overcome air resistance.

Where your point makes (more) sense is that there is a minimum amount of fuel needed to keep the motor turning over at low speed or idle, and this fuel is not achieving useful distance as it would at cruising speed. Of course it requires you to ignore things like headlights, air conditioners, CD players, brake lights and all the other goodies whose fuel requirements are not necessarily a function of the speed you are travelling.

On the original point, a detour will require more energy than you planned. Range anxiety is not so much caused by the km per charge, but the time to recharge. If my petrol light comes on 50km from home, I will fill up even though I know I would probably make it. That is because we are talking about a 5 minute inconvenience. If it meant waiting another 30 minutes, I am far more likely to risk it.

3
0

Microsoft RE-BORKS Windows 7 patch after reboot loop horror

Adam 1
Silver badge

Re: Wailing and gnashing of some teeth

>It hasn't caused me any problem.

Oh thank God. El Reg had me worried sick.

5
0

Apple slips out security patches while world goes gaga over watches

Adam 1
Silver badge

Sadly even Google haven't patched chrome on lollipop (nexus 5) according to freakattack. At least you can run Firefox as a work around I suppose.

1
0

Filthy – but sadly frothy – five door fun: Ford Focus 1.5 Zetec

Adam 1
Silver badge

>"but it’s the kind of car you’d be perfectly happy with as a company car"

One of the best backhanded compliments that I have read in a while.

1
0

Complicit Kiwis sniffed Pacific comms says Snowden

Adam 1
Silver badge

Re: Are we surprised by this...

I, for one, an surprised by this. I mean why would they be worried about losing SIG INT when they plug the other end into Hawaii?

0
0

Australia threatens to pull buckets of astronomy funding

Adam 1
Silver badge

This is such a beat up. We know that Prime Minister Turnbull will sort this before June 30.

0
0

Page:

Forums