Re: Need details
http://www.bigbrotherwatch.org.uk/home/2013/05/everything-everywhere-ipsosmori-and-the-mystery-of-27m-peoples-data.html
1319 publicly visible posts • joined 3 Dec 2012
It’s difficult to feel much sympathy with Beijing given the apparent volume and persistence of state-sanctioned attacks originating from within the Great Firewall. But it’s also worth remembering that activity of this kind is certainly being carried out to a lesser or greater extent by all major global powers.
*cough*NSA*cough*Utah*cough*
Life's a lot easier isn't it when you don't have to hack the PCs and the telcos just roll over and play nice?
https://nodpi.org/forum/index.php/topic,5549.msg50007.html#msg50007
Before fetching its first page, a web browser implementing this method sends the local DHCP server a DHCPINFORM query, and uses the URL from the WPAD option in the server's reply. If the DHCP server does not provide the desired information, DNS is used. If, for example, the network name of the user's computer is pc.department.branch.example.com, the browser will try the following URLs in turn until it finds a proxy configuration file within the domain of the client:
http://wpad.department.branch.example.com/wpad.dat
http://wpad.branch.example.com/wpad.dat
http://wpad.example.com/wpad.dat
http://wpad.com/wpad.dat (in incorrect implementations, see note in Security below)
(Note: These are examples and may not be live URLs.)
Meaning the person controlling wpad.co.uk or wpad.com has the potential to return malicious proxy configuration to almost anyone who isn't on a corporate network.
That is soooo bad. So so bad.
The majority of attempts on my site seems to be originating from US IP addresses at the moment, with Russia/eastern Europe being a close second.
As for the rest:
http://forums.theregister.co.uk/forum/1/2013/04/21/Vimes_Serious_WPAD_flaw_in_IE/
Perhaps a more productive course of action would be for the DoD to focus their attention a little closer to home? If they tried to do something about US companies releasing software with these sorts of mistakes then maybe at least the Chinese would find things a little more challenging?
Avoid using IE for your browser if you're in the UK.
The mention of Verizon is also interesting given that they have been caught handing over to the NSA. The US government don't have to hack people when they have the active cooperation of the telecoms companies.
Even worse - from the PoV of those working within the armed forces - a unified control system implies a unified help system.
Cue the picture of that damned Clippy assistant popping up with 'You appear to be trying to bomb Iran. Would you like some help?'
I never said the system would be effective. In any case the concept of 'naughtiness' is relative as you have noted yourself.
Personally I suspect this move is partly down to the links that industry has with government. It's easier for the phone companies to pay lip service to child safety than it would be to start asking questions as to why children are being given smartphones to start with. Asking those sorts of questions would end up costing them money if parents ever realised that their kids having them is a bad idea and that limiting them to dumb phones is a safer option (and opt for cheaper price plans as a result).
As for wifi why are they being allowed access to devices that in turn give them the option of unsupervised internet access? Stop that and you get rid of the perceived need for filtering. But then that would cost companies selling the gadgets money again.
And we absolutely can't have that now can we?
I suspect a blacklist, not whitelist, will be used as a basis of this in order to try and at least minimise the possibility of over-filtering.
The real problem however will lie in how the blacklist is established. Political blogs have been known to find their way onto such lists for example with little or no reason. My own experience also tends to suggest that even once the list has been established that problems can arise once it has been put into use. Like all UK customers my mobile phone connection started out by being filtered. I got them to take the filtering off eventually (just getting that far proved to be a challenge) but then seemed to get switched back on without me asking for it. Even if they manage the impossible by designing a perfect system there will still be problems with how it's used. Depend upon it.
If you want to know exactly how it will be implemented I suggest you look up Bluecoat as a good example. Despite some rather questionable practices there are a number of organisations in the UK that use their services (Hampshire police being one of them). They already seem to be used by at least one wifi provider if the forum thread linked to below is anything to go by, and have already been used by at least two national telecom companies in the UK too.
https://nodpi.org/forum/index.php/topic,4603.0.html
Don't rely on your own national laws to protect you.
http://www.computerworld.com.au/article/413379/australian-based_data_subject_patriot_act_lawyer/
From the article:
Data located in Australia but owned or operated by a US company could be accessed under a Patriot Act request, even if this violates National Privacy Principles, a legal expert has warned.
Connie Carnabuci, a partner of the law firm Freshfields Bruckhaus Deringer, said that under the Act which was passed in 2001, US authorities have the ability to pass orders for the disclosure of non-US data that is stored outside the country. “The basis for that disclosure is that you have to establish a sufficient connection with the US,” she said.
“One is that you have a US company with foreign subsidiaries outside the US, such as a service provider setting up in the Asia Pacific. The second might be that you have a non-US company that sets up a US subsidiary.”
Personally I would disagree where civil servants are concerned. Using Phorm as an example: it was home office / BERR civil servants that deliberately failed to take minutes of meetings that involved Phorm. It was home office civil servants that tried to give out 'comforting' advice about Phorm, and it was in all likelihood not a SPAD that admitted Phorm to UKCCIS. Then of course you have the likes of the CPS that try to pretend that Phorm doesn't need to be dealt with.
'Non partisan' is not necessarily the same thing as 'No agenda'. They no doubt have their own opinions as to what should happen, and it's possible that this 'experience' that you mention leads in some cases to an unhealthy arrogance when it comes to who they think is right.
I also came across this:
http://www.guardian.co.uk/public-leaders-network/2013/apr/25/gus-odonnell-ucl-lecture-political
He clearly has some very strong views, many of which would have found their way into the advice given to ministers.
How about getting people to opt in rather than out?
If the only people you're including are those that have previously chosen to take part then the worst that can happen is that they're removed from a list in error and information is not shared and takes a little longer to retrieve. The other way around could lead to information being shared without the consent of those involved.
It's easy to not find anything when you don't want to do so. The CPS used the same police officer in the second investigation as the one that ran the first one, despite his conclusions being the subject of the second investigation. It's even easier when that police officer has been wined and dined by Phorm prior to him dismissing any concerns without ever formally interviewing them.
Trying to ignore something hoping it will go away. Being part of the same civil service trying to give out information that they want to be 'comforting' to Phorm. Using somebody who you know will give answers that you want to hear.
Are you honestly going to suggest that there wasn't something amiss here?
As for the phone hacking:
http://www.huffingtonpost.co.uk/2012/05/01/john-yates-and-and-keir-s_n_1467432.html
There's nothing subjective about doing nothing to punish those involved in the illegal interception of communications - interceptions that involved tens if not hundreds of thousands of BT customers affected by the trials.
As for the rest there are other instances - phone hacking and Simon Harwood both come to mind.
Would you really like me to find more examples?
@RocketBook - Home secretaries come and go, but it's always the same civil servants in the background. Those same civil servants have got good at destroying what little moral backbone still exists in anybody by the time they reach that level of government. Tales of possible doom and destruction - you name it...
What's bad about this is that it has the potential to affect people well outside the borders of the US.
Take the mobile phone companies in the UK. I know I'm repeating myself here, but at one point both 3UK and Vodafone were using the services provided by Bluecoat. This entailed them sending all URLs being visited by their customers to Bluecoat, whereupon Bluecoat would then attempt to access the same page. Apparently this was all part of the filtering product they offer - the one downside to that being that it just didn't work the moment you started visiting pages protected by SSL (and the less said about redirecting known Bluecoat IP addresses or deny them access entirely with a few simple lines added to the .htaccess file the better).
In any case a US company both based in the US and subject to US law would at that point have a complete browsing history where non-SSL protected traffic of UK based users is concerned and would be able to hand over personal information even more easily and with fewer checks than before.
Oh, and in case other readers here have forgotten there are a number of UK.gov websites - including the ICO - that use Google Analytics from Google's own servers.
If stuff was bought with the stolen credit card then presumably they have his address within the block of flats when he provided a delivery address.
Personally there is one other thing I would consider doing: try to get a hold of this address and then sign him up for as many samples as possible. Drown the bastard in unwanted mail and as much embarassing crap as possible being delivered to his door and in plain view of his neighbours.
...that everything about it was by design...
It's the same with office too. They've changed the way protection works in Excel 2013 and other office applications so that it deliberately works more slowly. Apparently this is done to make brute force attacks more time consuming to perform, but it's irritating nevertheless. Working with a large workbook used to take ~1 minute. Now it takes nearer 10.
Yet again we have Microsoft telling us what we want without bothering to ask why we're using these features. In my case it's more to do with stopping users doing boneheaded things rather than protect information as such, but rather than listen to what users are telling them - there are plenty of complaints online if you go looking for them - they prefer to parrot the line about this being done 'by design' and there being no fix for it. They keep on repeating that this change has been made to comply with ISO standards, but this seems to ignore that those same ISO standards are based on Microsoft's own work.
In short Microsoft seem to be telling the users 'this is what we're going to do whether you like it or not - screw you'.
(and it would be nice to have editing features wouldn't it? personally I'm not sure why they would want to restrict this to members that have badges since a post with errors in affects them as much as anybody else)
They also seem to have got stuck in telling us what we want rather than simply listen to what we're telling them. Complaints about Metro aren't exactly difficult to find after all and it's a pity they don't pay more attention to them beyond offering the option to boot direct to the desktop in 8.1 (perhaps they'll end up having to release an '8.1.1 for workgroups desktop users' so that TIFKAM can be removed entirely?).
Some executive somewhere at Microsoft is probably so emotionally invested in the whole Metro - TIFKAM? - thing that they seem to be completely incapable of seeing how much people would rather get rid of it. I guess working at a large corporation really *is* like living in a Dilbert strip...
Just out of curiosity why only count the posts under the current user name? When showing the total number of up and down votes the page seems to show the total for posts that include messages that I posted as A/C. I don't understand why then the badges can't be displayed for the user rather than current name being used provided they aren't posting as A/C at the time?
And this is the sort of situation we'll end up with in the UK if the snooper's charter ever makes it onto the books here: intelligence services unable to understand what they can and can't demand because the only bureaucratic hoops that they will have to jump through to get what they're after will consist of ticking a few boxes on a form. They'll end up with a sense of entitlement that will put the GCSB to shame. It already seems to be happening too - even before the legislation has been put into place. I know I've posted this elsewhere but I think it should be repeated:
http://www.telegraph.co.uk/news/politics/council-spending/9991351/Town-halls-join-rush-to-use-the-snoopers-charter.html
The so-called snooper's charter isn't even in force yet and councils are already planning on how they want to abuse it.
And isn't it interesting how 'national security' always gets lumped together with the real reason for this sort of thing? In this case 'economic well being', although how NZ's 'economic wellbeing' is determined by the amount of money being made in the US by members of the RIAA and MPAA is a bit of a puzzle to me. I suppose in this case they couldn't shriek 'It's for the children' instead but they could of at least done more to explain why it's actually needed rather than simply rely on the old catch-all of national security.
It's not even on the books yet, and councils are already wanting to abuse the systems that would be introduced by this.
Council staff, health and safety inspectors and even Royal Mail want to harness the Government’s proposed “Snoopers’ Charter” to monitor private emails, telephone records and internet use.
http://www.telegraph.co.uk/news/politics/council-spending/9991351/Town-halls-join-rush-to-use-the-snoopers-charter.html