* Posts by Adam 1

1575 posts • joined 7 May 2012

'Non-state actors*' likely to blame for Dyn mega-attack – US intel chief

Adam 1
Silver badge

Re: uhhuh, sure

You must be an idiot.

0
0

20 years to get Amiga Workbench 3.1 update, and only a fortnight to get first patch

Adam 1
Silver badge

Why all the hate? Updating your Samsung to the latest critical fix is really easy online. Simply visit Amazon or your favoured electronics retailer's website and order the new model. Once it arrives, simply dispose of the old one in accordance with your local electronic waste disposal guidelines.

10
0

Paging 1994: Crap encryption still rife in devices

Adam 1
Silver badge

Re: SMS?

> I believe that (almost) all data between a mobile and the base station is encrypted, including SMS, so yes, it's better.

Better != Good enough

I guess as long as talktalk et al don't have any of their keys compromised, it's all good.

1
0
Adam 1
Silver badge

Re: SMS?

> Would anyone really put anything confidential on them?

Like the call-in number and conference key for whatever teleconference service they are using for that "call in" message

0
0

Aussie trams equivalent to 30 skateboarding rhinos

Adam 1
Silver badge

The weather radar. They may be walking around in board shorts but need to know when it's time to put the snow gear on.

4
0
Adam 1
Silver badge

Re: We've been here before…

and as you pointed out then; "trams are designed for carrying passengers, and do not usually have the specialist equipment that would be required to weigh a rhino."

Why do people insist on trying to weigh rhinos using trams? Shirley there are more convenient, cheaper, easier to operate machines out there? Not to mention that both operating a tram and the handling of aggressive mammals weighting well over a ton each require substantial training and experience to do safely. Simply put, this is cost cutting gone mad.

2
0

IBM Australia again blames ISPs for #censusfail, is also 'unreservedly' sorry

Adam 1
Silver badge

Re: 3Gbps - Really?!?

> bring down a decently designed survey site

I think you just answered your own question there. Their ddos mitigation plan was to block overseas traffic, which they self evidently didn't test sufficiently. But even if they did get that part right, that is a rather blunt sledgehammer which is going to both impact legitimate users (on VPNs, tor and possibly even those using overseas DNS servers) and is useless once the attackers figure it out as they will just switch to a botnet built from compromised Australian addresses or attack other infrastructure like Telstra/optus/tpg/iinet DNS servers.

0
0

Acronis: Yep, we're using blockchain for backup now

Adam 1
Silver badge

Re: I see Mr. Mellor was in a hurry to get to the Pub

In my client's defence; it was Friday.

1
0

Today the web was broken by countless hacked devices – your 60-second summary

Adam 1
Silver badge

Re: "....big names including GitHub, Twitter, Reddit, Netflix, AirBnb ...."

> They might come for El Reg

Distributed Denial of DevOps?

4
0
Adam 1
Silver badge

Give Musk some credit to that end.

0
0

IBM throws ISP under a bus for Australia's #Censusfail

Adam 1
Silver badge

They are so far out of their depth. It would be funny if not for the millions of man-hours wasted that evening and the almost certainty that the information collected will be pwned at some point.

The ddos was too small to even register on global attack map yet overwhelmed their configuration. And they believed that all the bad guys are overseas and can therefore be easily blocked on IP ranges. That strategy was never going to cut it. They clearly haven't looked at the paid er "load test services" on offer over the dark web. You know, the ones where you can select the country from which the attack should originate. The only thing that surprised me is that noone took credit for it. That combined with the lack of presence on digital attack map leads me to believe they ddos'd themselves by underprovisioning.

8
0

Microsoft reveals career-enhancing .PNG files

Adam 1
Silver badge

DevOps Certified ....

0
0

Australia's new data breach disclosure laws have a rather floppy definition of 'breach'

Adam 1
Silver badge

I read/watched/heard recently about a particular data breach. The vendor had in between the time the breach occurred and the time they discovered it changed something about how they stored the passwords, so they judged it unnecessary to inform anyone who had a new structured password. On one level it makes perfect sense as "someone has just stolen your old password you don't use anymore" doesn't sound like a big issue. Of course it means that anyone using the same password for their e-mail or other services is waiting to be pwned. I would name names if I could remember. So in short, yes, self appraisal of the seriousness of a breach (particularly from companies who don't deal in security day in and day out) is rather problematic.

0
0

South Australia blacked out by bad bespoke software, not wind farms

Adam 1
Silver badge

well called Richard

As you predicted, a safety mechanism caused by grid issues caused these generators to perform an emergency safety shutdown. Did exactly what it should have.

Why the grid operators and generators hadn't specifically consulted each other on what those thresholds should be is very much a live question. The fact it took them so long to acknowledge the cause is also regrettable as it allows the opportunist pollies to come out. I wouldn't hold my breath for an apology from them however.

1
0

US government wants Microsoft 'Irish email' case reopened

Adam 1
Silver badge

Re: users don't control where data resides?

> Why don't they buy an island, make their own country, and move their HQs there?

Yes, you can host with Oracle if you like.

0
0

SHA3-256 is quantum-proof, should last BEELLIONS of years, say boffins

Adam 1
Silver badge

Re: Turn that one on its head

> If this, or other, research comes to fruition, doesn't that make the limitations asserted in the article irrelevant?

I wouldn't worry too much about our research coming to fruition. "Efficiency dividends" will ensure these sorts of projects get shelved.

0
0
Adam 1
Silver badge

Re: Hash functions

> it is the ease (or otherwise) of engineering such a collision so that you can fake a digital signature for nefarious purposes.

Let's be honest here. Nefarious actors can just tell Wosign that they own github. No collisions necessary.

1
1
Adam 1
Silver badge

Re: Hash functions

> mapping data of size > n into a space = n creates collisions.

Formally known as the Pigeonhole Principle.

0
0

US reactor breaks fusion record – then runs out of cash and shuts down

Adam 1
Silver badge

Re: We should not forget

> Theres always that eCat thing... The one that lives in a shipping container full of AA batteries that nobody is allowed to open when they "test" it.

I'm sure that uses fusion.

Not quite. It's a bit hard to explain, but in essence you have what looks like a miniature wind turbine, except attached to each blade is an array of cats, arranged in such a way that some of them always have their feet up in the air. The feline self righting principle then takes over causing the turbine to spin at very high velocity. Most of the box is simply sound proofing (very high rpm) and the inverters to produce AC and various step up transformers (largely off the shelf stuff).

2
0

Court finds GCHQ and MI5 engaged in illegal bulk data collection

Adam 1
Silver badge

> Crime, but where's the punishment?

Oh it's there, you must have missed the bit where the staff were warned. That'll teach them...

2
0
Adam 1
Silver badge

> Internal oversight failed, with highly sensitive databases treated like Facebook to check on birthdays, and very worryingly on family members for ‘personal reasons’.

So who's in jail?

The biggest problem with these sort of databases is the complete disregard for oversight. When was the last time you heard a TLA ask their ministers'responsible for additional penalties against their own who are caught doing the wrong thing? No, the solution is always apparently additional powers, secret orders, unwarranted surveillance, indefinite detention without charges etc. Here's an idea. How about they start behaving above reproach with the powers they have today before asking for more?

4
0

ShadowBrokers put US$6m price tag on new hoard of NSA hacks

Adam 1
Silver badge

Re: Password revealed

That's the password on my luggage!

0
0

Casino cops are coming if we can't move all this cash in a hurry

Adam 1
Silver badge

And here I was thinking that casino's were benevolent organisations looking out for the little guy.

1
0

FYI: Amazon's corner stores scan your plates

Adam 1
Silver badge

Re: So, ....

"Others who purchased a Volkswagen also purchased 'new gear box for ...."

0
0

Bureau of Statistics hides trade data about monitors. Yes, monitors!

Adam 1
Silver badge

> We'll never know because applicants request restrictions on trade data through a confidential process: the Bureau of Statistics won't ever divulge who requested data be fuzzed, or why.

Unless they accidentally publish it in a senate inquiry submission outlining why various bungles were everyone else's fault and that they can be trusted on privacy.

2
0

Oz gummint's de-anonymisation crime is as mind-bendingly stupid as we feared

Adam 1
Silver badge

I guess we can all be thankful that the current mob will accidentally vote against it.

2
0

Brandis' boffin-busting de-anonymisation crime legislation has landed

Adam 1
Silver badge

solving the wrong problem

OK George, you clever boy. You solved the problem so that law abiding citizens can't de-anonymise the data. Job well done.

Can you now solve the other part? I mean the bit about preventing non law abiding citizens and foreigners who are not subject to our laws from doing the same. Then we can draw a line under it and move on...

1
0

Australian randoms are chill with Internet data retention

Adam 1
Silver badge

> Australians who don't what the nation spends on defence also don't mind the country's data retention regime.

Guessing that quote isn't from their School of Literature, Languages and Linguistics....

0
0

Command line coffee machine: Hacker shuns app so he can stay at the keyboard for longer

Adam 1
Silver badge

Re: Security bug?

Don't even make jokes about such matters. Someone should report him.

1
0
Adam 1
Silver badge

Re: Why aren't they following the standards ?!

You assume that the standard has been ignored, but I have seen no evidence that this "researcher" has even set the evil bit correctly.

https://www.ietf.org/rfc/rfc3514.txt

0
0
Adam 1
Silver badge

Re: Nuff said

Oh it's worse than you think. You can flash the whole machine, permitting a malicious actor (whom I will assert to be a nation state because that seems to be the thing™) to change settings so it always makes American coffee.

The bastards...

4
0

Crypto needs more transparency, researchers warn

Adam 1
Silver badge

One issue/feature/fact of life about DH is that whilst on paper it takes however many gazzillion years to reverse, if they are created using the same base seed then the first four phases of the algorithm can be precomputed leaving just a minute or two of actual computations needed on the specific key used.

Now consider some of those bullet points. A small handful of precomputed keys gets you practical computational access to most of the VPNs in use. Don't get me wrong, precomputing the seed is not cheap, but we live in a time where large CDNs can be overwhelmed by IoT video devices, so the "it would cost too much" argument only holds water if Mallory is paying the bill.

0
0

Don't panic, but a 'computer error' cut the brakes on a San Francisco bus this week

Adam 1
Silver badge

Wait! Who broke brake? I said no breaking changes, not no braking changes! Ah hang on. I think I can see the confusion.

0
0

FBI wants to unlock another jihadist’s iPhone

Adam 1
Silver badge

Re: unlocked ? WTF?

They should have expected someone to commented on that.

2
0
Adam 1
Silver badge

Re: Killswitch?

Yeah, iOS already does that. Hence the San Bernardino incident. Otherwise they would have just brute forced it.

4
0

'Please label things so I can tell the difference between a mouse and a microphone'

Adam 1
Silver badge

Re: Label you, label me, label us all together

> quite a few people , when learning to drive, have to have their hands labelled "L" and "R"

I know some who need "R" and "the other R"...

1
0

Crooks and kids (not scary spies paid by govt overlords) are behind most breaches

Adam 1
Silver badge

Re: "Dropbox" ".. halfway through moving from the ageing SHA1 technology.."

It's actual difficult to change password algorithms when your user base is casual and you are using a hash because you have no way of determining the hashed password other than brute force, dictionary or rainbow attack, you have to passively wait for the user to authenticate again and force them through the change password roundabout.

4
0

Never explain, never apologize: Microsoft silent on Outlook.com email server grief

Adam 1
Silver badge

weird

When their cloudy visual studio login stuff went down a few months back they were incredibly open about the timelines, what went wrong, what lessons they had learnt etc. Sad if they are reverting to form.

1
0
Adam 1
Silver badge

Re: Naughty El Reg

Maybe Barbra Streisand can email Satya for you?

6
0

18 seconds that blacked out South Australia

Adam 1
Silver badge

Re: That table actually tells us why Turnbull is right

Let me counter your analysis with a simple question.

Do you think that 2 wind farms that are 100Km apart would switch off within 0.05 of a second of each other because they independently judged the wind speed too strong?

Or is it just possible that they both went into a controlled shutdown after some safety system noticed something very bad about the grid they were feeding as indicated in the article?

6
1

'My REPLACEMENT Samsung Galaxy Note 7 blew up on plane'

Adam 1
Silver badge

Re: Get real

SAMSUNG BATTERIES GO KABOOM. Milton cries atrocious.

1
0

Australia's e-Senate vote count: a good start but needs improvement

Adam 1
Silver badge

Re: why paper at all?

No thank you. That would only serve to reduce the transparency of the process. I have no major quarms about a self service kiosk system that lets people fill out their intention and prints out the form to be placed in the box (real toner on real paper that is, not a receipt printer that fades a week later) but there are a number of practical challenges for handling faulty hardware, and ensuring booth attendants can't ballot-stuff.

0
0
Adam 1
Silver badge

> For most of the other States, it seems it would take a lot of errors to change the outcome

I know it's a quote, but it seems that someone has forgotten many many many years ago in 2013, the WA senate election had to be rerun because a small number of ballots went missing whilst being transported for counting and it was realistically possible for preference flows to go one of two ways which changed the number of labor, liberal, pup and green senators depending on that variation.

0
0

Good God, we've found a Google thing we like – the Pixel iPhone killer

Adam 1
Silver badge

is there a Pixel 5c?

You know, the one with a 5% slower CPU, a bit less glass and aluminium and a bit more plastic, a camera with a smidgen less terapixels but with a pricetag that more resembles the Nexus 5?

6
0

True man-in-the-middle: Transmitting logins through the human body

Adam 1
Silver badge

Re: An even better form of authentication:

I've heard about these mythical "house keys" that allegedly work even if they're flat.

4
0

SpaceX searches for its 'grassy knoll' of possible Falcon rocket sabotage

Adam 1
Silver badge

Re: Eliminated the obvious

> Now going for the long shots.

ICBM what you did there.

14
0

Source code unleashed for junk-blasting Internet of Things botnet

Adam 1
Silver badge

Re: Bah!

> How do we clean house?

There was this novel approach after the blaster worm hit in 2003.

https://en.m.wikipedia.org/wiki/Welchia

1
0
Adam 1
Silver badge

Re: Lack of regulation, blah, blah

> could vs could not care less for left pondians.

https://www.youtube.com/watch?v=om7O0MFkmpw

1
0

Apple to automatically cram macOS Sierra into Macs – 'cos that worked well for Windows 10

Adam 1
Silver badge

Wow!

In case anyone missed the tech news of the year:

> has confirmed to El Reg

36
0

Apple's Breaxit scandal: Frenchman smashes up €50,000 of iThings with his big metal balls

Adam 1
Silver badge

> the attacker put his hands around the throat of one of the guards

He's holding him wrong!

4
0

Forums