* Posts by Adam 1

827 posts • joined 7 May 2012

FREAK show: Apple and Android SSL WIDE OPEN to snoopers

Adam 1
Silver badge

Re: Stuck on old Android

I'm completely sure Google will have patched this 90 days after it was reported.

9
2
Adam 1
Silver badge

>FREAK (Factoring RSA Export Keys)

I'm just glad that we have a proper acronym for this vulnerability.

12
0

£280k Kickstarter camera trigger campaign crashes and burns

Adam 1
Silver badge

Re: Risk?

I would have thought so. Unless there is some suggestion of misrepresentation of the state of affairs when funding was sought or the funding was used improperly, that's just a risk of business.

Perhaps the bit about going back to the drawing board was improper or perhaps this isn't the whole story.

All that said, the investors retain the right to be pissed about the situation.

5
0

Reckon YOU can write better headlines than us? Great – apply within

Adam 1
Silver badge

Re: Don't! Forget!

There's a few more you have to know.

Apple was contacted but had not responded at time of publication should be added as a boot note to all fruity news.

All references to Google need to be translated as the chocolate factory.

1
0

FORK ME! Uber hauls GitHub into court to find who hacked database of 50,000 drivers

Adam 1
Silver badge

Re: A step too far?

It's not uncommon for an employer to hold next of kin contact details.

2
2

Australia to get spooks charter at cost of at least AU$188m

Adam 1
Silver badge

Absolutely shocking legislation, with exclusions big enough to drive a bus through and absolutely laughable 'protections'.

The GDR would be proud.

2
0

SSL-busting adware: US cyber-plod open fire on Comodo's PrivDog

Adam 1
Silver badge

There are lots of banks. There are even more providers for whom you are arguing should be blacklisted.

So who maintains the list? That list will get big for an enterprise running in 50 countries.

Much easier to just tell people it is not permitted and may be monitored. If you know the risk and do it anyway, that is your fault.

0
0
Adam 1
Silver badge

Their tools their rules.

If I want to create my own fake root cert and install it on my own box and inform anyone who uses my box that i can record any traffic going to the web, that is my prerogative.

I don't see any difference between me doing it for personal reasons and a company doing it for security reasons.

If you want to use a personal service, use hardware you own, not mine.

0
0

Not even GCHQ and NSA can crack our SIM key database, claims Gemalto

Adam 1
Silver badge

Re: No air-gap?

Homework essay:

Discuss the success of air gap defences in mitigating attacks on the centrifuge facilities in Iran.

2
0

Why does the NSA's boss care so much about backdoors when he can just steal all our encryption keys?

Adam 1
Silver badge

Re: Why is this guy allowed into a cyberSECURITY conference at all??

Meh. It all tastes like chicken to me.

5
0

Google offers 'INFINITY MILLION DOLLARS' for bugs in Chrome

Adam 1
Silver badge

If you find one, and it's not fixed in 90 days, can you also sell it to someone else?

8
0

Samb-AAAHH! Scary remote execution vuln spotted in Windows-Linux interop code

Adam 1
Silver badge

Why does samba need root?

1
4

Norton Internet Security antivirus update 'borked Internet Explorer'

Adam 1
Silver badge

Re: I don't understand

It failed to check that an alternate browser was available.

4
0
Adam 1
Silver badge

Re: "...then reinstalled NIS..."

Don't be so harsh. People reset their computers back to factory image* from time to time.

* that is the only way these things get installed right @

1
0

Evil CSS injection bug warning: Don't let hackers cross paths with your website

Adam 1
Silver badge

Re: Going to ignore this until it has a catchy name.

Something like DEATHNEEDLE and I would be all on it. PRSSI just sounds like one of the cards on your motherboard.

0
0

Euro broadcast industry still in a fug over that 4K-ing UHD telly

Adam 1
Silver badge

Re: “the most significant advance since colour”

Also, it is just a stupid statement full stop. As we become capable of squeezing more pixels into an LED display, matching those additional pixels with more from the source rather than an upscale is at best an evolution rather than a revolution.

I mean if you want tangible improvements, look at increasing the effective frame rates of the broadcast.

2
0

TrueCrypt + Norton AV = BSOD, wail disgruntled users

Adam 1
Silver badge

Re: OEM encryption

My customers trust me with their data. In turn I do my bit to keep their data private in the event of a theft.

The data itself is worth orders of magnitude more than the hardware it sits upon BTW.

1
0

This one weird script continually crashes Android email

Adam 1
Silver badge

I hope he gave them 90 days....

7
0

Samsung's spying smart TVs don't encrypt voice recordings sent over the internet – new claim

Adam 1
Silver badge

Re: If they aren't encrypting data...

Obligatory...

1
1
Adam 1
Silver badge

Re: If you want to mess with them

Or, you know. Fire up curl and send random crap in the right structure.

The binary blob is likely to be one of the standard formats.

1
0

$10,000 Ethernet cable promises BONKERS MP3 audio experience

Adam 1
Silver badge

Re: One born every minute

Well I, for one, am definitely attracted* to these types of cable!

* with a force proportional to the product of our masses and inversely proportional to the square of the distance between us.

2
0

Who's the auto tycoon that makes Apple employees swoon? It's ... MUSK!

Adam 1
Silver badge

> to legal counsel

They will clearly need a crack defence team to argue their case for going 'round corners. I can't imagine a better place to source such counsel.

2
0

G.Fast sand-slinger says it's slung bits at 500 Mbps over 200 metres

Adam 1
Silver badge

Re: We really need a reference Usain

That is quite a lot of him. Of they were all carrying a DVD it would leave gfast for dead.

0
0

Swap your keyless key for keyless key-less key. You'll need: a Tesla S and Apple Watch

Adam 1
Silver badge

Easy, there's a USB port in the dash. Open the door, plug it in and it will start to draw power. This should provide enough charge to fire up the phone. You can then launch the app, open the door, plug it in and it will start to draw power. This should provide enough charge to fire up the phone. You can then launch the app, open the door........ Stack overflow

0
0

Still using Adobe Flash? Oh well, get updating: 15 hijack flaws patched

Adam 1
Silver badge

What's the El Reg stance on https?

2
0

LICKED: Behold my TOAD-PROOF ERECTION, boasts Aussie boffin

Adam 1
Silver badge

Problem is that they are mostly Queenslanders so it is a bit hard to tell.

18
0

Australia's (current) PM Tony Abbott again calls for metadata trove laws to pass, ASAP

Adam 1
Silver badge

Half term Tony trying desperately to get anything else on the front page.

4
0

Ransomware 2.0 'crypts website databases – until victims pay up

Adam 1
Silver badge

^ ouch

0
0
Adam 1
Silver badge

Any backup must be considered as of unknown success until you have successfully restored it to another machine.

If you go 6 months without noticing your backups don't restore with the encryption keys you hold, your problems are deeper than ftp passwords.

4
0

DARPA: We KNOW WHO YOU ARE... by the WAY you MOVE your MOUSE

Adam 1
Silver badge

A good point. This sort of authentication is not designed to be a primary authentication because you really couldn't tell whether to let them use the computer until after a length of time. Generally speaking, you want someone to authenticate before they start using it, so I see this more like a mechanism to protect workstations where the user has wandered off without locking it. As a secondary measure, it would most likely be quite forgiving to minimise the false positive rates, or could work with tertiary measures like activating the webcam for facial recognition when it has a doubt.

The point about the arc refers to the fact that it is very difficult to move your mouse in an absolutely straight fashion due to how people usually hold their mouse. The size of that arc would depend on a number of factors, such as how you grip the mouse, your usual posture and what part of your wrist is still in contact with the desk, the size of your hands etc. Also, the basic direction you move would influence the extremeness of the arc (which would go back to whether you hold it square on or at an angle).

As a result, (in answer to your question) a relatively simple calculation could create a believable profile for pressing minimise or close. The end point and clicks would be chosen by the attacker, but the mouse movements would not raise any alarms because they emulate the speed and direction such a user is likely to take. The easiest attack vector I can think of is to send some exec a "free mouse" and embed the attack code within it.

0
0
Adam 1
Silver badge

Wouldn't this be fooled by recording of mouse movements. I can imagine the following data points without specialist mouse hardware.

* the rate of acceleration and deceleration as you move from the original cursor point to the target.

* the angle of the arc of movement between the two points.

* the delay between movement ceasing and clicking

* double click profile (time between each click and how still you can keep the mouse)

OK, so plug those into some algorithm and give a score as to how likely it is the same user.

Now do all that again and imagine some malware software is recording your mouse movement profile (could even be embedded in a freebee mouse). A vnc style piece of software could after not too much time now allow you to perform an action but instead emulate the recorded profile in those actions.

Not as trivial as a rainbow table, but if these techniques take off you can bet such tools will become available.

2
0

Chipotle insider trading: Disproving the efficient markets hypothesis

Adam 1
Silver badge

Re: Much complication.

The creators of the transaction are not only the customer. Equally without the vendor, no such information would exist. The vendor will provide a receipt if you want your own record of the transaction.

More interesting, unless you opt out, Google will track your location via your android smartphone through location history. They would be in an amazing position to track the movements of customers over time through various businesses. If they play those cards right, they could well and truly beat the financial markets at their own games.

0
0

Living with a Renault Twizy: Pah! Bring out the HOVERCRAFT

Adam 1
Silver badge

Re: It's KW

>I think even a tiny electric car might take a few days to charge at 3W

But on the bright side, at least it could use a standard USB charger.

7
0

Apple CEO: Fandroids are BINNING Android in favour of IPHONES

Adam 1
Silver badge

Just because they provide updates doesn't mean you should install them. Some of the older models that scrape onto the list of compatible devices work so slow you will soon need an upgrade.

0
0

Powering the Internet of Stuff – by sucking electricity from TREES

Adam 1
Silver badge

>The nature of a circle means that adding 1cm to a 2m turbine blade increases the catchable wind by almost half (4.52sq m compared to 3.14), while removing 1cm reduces the harvested wind by half a square metre

Not the circles I am picturing...

6
0

Top smut site Flashes visitors, leaves behind nasty virus

Adam 1
Silver badge

So firing up fiddler and, um "doing research for your story" eh?

2
0

Boffin finds formula for four-year-five-nines disk arrays

Adam 1
Silver badge

Re: Some wierd assumptions

Plus the assumption that you run a data centre but would have to call a guy in to replace the drive?

0
0

Jellybean upgrade too hard for Choc Factory, but not for YOU

Adam 1
Silver badge

Re: So is Firefox safe or what?

The problem isn't so much the browser (or they would just update it in Google play or advise you to use another browser). The problem is that the WebKit rendering engine is used by apps to integrate web content into a regular app. Most commonly, this is how the ad supported apps show those ads, but there are also things like phonegap which lets you wrap an html5 website and deploy it to the various app stores in what appears to the user to be a regular app on their platform.

We are in a state where a dodgy advertisement on a free game is a relatively easy attack vector but Google won't fix it.

Not good enough Google!

(Posted from my Nexus 5 running lollipop)

1
0
Adam 1
Silver badge

Re: Wait 90 days and publish the exploit?

Came in here to find this comment. Was not disappointed.

5
0

Oi, Aussie sports fans! Take that selfie stick and stick it

Adam 1
Silver badge

Re: Wouldn't this problem take care of itself?

You have to keep an eye on the drop bear with a selfie stick. That never ends well.

2
0

Free Windows 10 could mean the END for Microsoft and the PC biz

Adam 1
Silver badge

>That said, 8EiB is about a couple orders of magnitude or so higher than even today's high-end RAM usage.

And the fart of a flea is also a couple of orders of magnitude quieter than a jumbo jet at take off.

The 64 bit address space is really big [citation needed].

The Titan supercomputer at oak ridge is the current largest by RAM. If you decided that you needed you needed a million times more RAM to play the latest version of Crysis, you are still an order of magnitude from running out.

0
0
Adam 1
Silver badge

>Because 64 bit software support is only going to last so long.

May I make a bold prediction;

16EiB ought to be enough for anybody.

1
0

LEAKED: Samsung's iPHONE 6 KILLER... the Samsung Galaxy S6

Adam 1
Silver badge

Re: Apple Worried, more like happy!

Not all android is Java.

1
1

Possible Lizard Squad members claim hack of Oz travel insurer

Adam 1
Silver badge

Re: People still buy travel insurance?

Mostly to get you first world (or as close as available nearby) hospital cover if you fall ill or get injured abroad. Some injuries have long recovery times and prevent you travelling home on your cattle class tickets.

1
0

REGARD our TINY but POWERFUL LASER, suitable for very SMALL sharks

Adam 1
Silver badge

Shirley they could have used more understandable units of measure. I mean we all know that hair driers need a lot of energy [citation needed] so saying that could mean anything.

Why not just state the number in terms of how it compares to the power used by a London bus to drive one beard second.

0
0
Adam 1
Silver badge

Re: Lacking history

I just learnt something today from a cat on the internet.

6
0

Elon Musk: Wanna see a multimillion-dollar rocket EXPLODE? WATCH THIS

Adam 1
Silver badge

Re: Acronym fun

Seems a good candidate for Total Inability To Support Usual Performance...

20
0

Microsoft snubs Codeplex, moves big projects to GitHub

Adam 1
Silver badge

Re: Microsoft FAIL

Eadon?

4
1

Australia tries to ban crypto research – by ACCIDENT

Adam 1
Silver badge

Re: Necessary sacrifices

I, for one, welcome our new <noun> <adverb> overlords.

5
0

What do UK and Iran have in common? Both want to outlaw encrypted apps

Adam 1
Silver badge

Already happening I'm afraid. Some well known technical news sites based in the UK don't even use https in their comments section.

9
0

Forums