* Posts by Don Dumb

312 posts • joined 20 May 2013

Page:

PM resigns as Britain votes to leave EU

Don Dumb
FAIL

This isn't democracy.

"It's called Democracy*. Sometimes you get your choice because the majority agree with you, sometimes you don't because the majority don't."

The majority didn't vote to leave, it was 17m people, in a country with over three times that number.

Taxpaying permanent residents in the UK weren't allowed to vote, UK citizens permanently resident in the EU weren't allowed to vote, under 18s weren't allowed to vote. The game was rigged for Leave, amazingly by someone campaigning to stay (Cameron)

This wasn't a majority decision, as others have pointed out, to make such a massive jump into the dark with such a tiny percentage lead is nothing less than reckless. I hope the next few years of complete uncertainty is worth it.

13
9
Don Dumb
Coat

"Vote Yes for London Independence! And Scotland while we'r'e at it."

Take us* with you!

'Us' = Bristol, Bath and Cheltenham

7
1
Don Dumb
Childcatcher

Backward not forward

Less than half the electorate voted to leave, with the voting age held at 18 (unlike 16 with the Scottish referendum) and apparently that is enough to force the UK to leave.

Looking at the demographics of the vote it would seem that the older the group the more likely the vote to leave, with the youngest groups voting to stay - pensioners, owning property outright, deciding to gamble on the future of the young. No one knows what is going to happen, so it is a complete gamble, especially with many not knowing if there is anything to gain.

One wonders what the result would be if it was held two years later.

It genuinely upsets me today that so many of my friends, who have lived and worked here for years are now facing the fact that the UK might decide they are no longer welcome, partly because they didn't get UK passports as they didn't need to.

NB - Although the worst aspect is the prospect of seeing Farage's smug face forever and the knowledge that now we "have control" the people going to take it aren't going to make things better.

13
6

Mandarins plotted to water down EU data protection regs

Don Dumb
Unhappy

Re: And these are the people...

"Roll on 1984"

The value of the pound has already been there today...

20
0

Kill Flash now. Or patch these 36 vulnerabilities. Your choice

Don Dumb

Re: Killed.

"possibility of Auntie charging to use iPlayer...Doubt the beeb will be in any hurry to do so though."

Sigh, again with this.

iPlayer does have an HTML5 feed, you don't need flash for iPlayer. It's the BBC News videos that are unwatchable without Flash.

That they don't extend HTML5 to news is utterly baffling, considering that they have actually done this for mobile apps.

3
0

Lester Haines: RIP

Don Dumb
Pint

RIP

I'm sure many have already said it but I will nonetheless add my thanks to Lester and my condolences to his loved ones.

He has made his mark and I am personally grateful to Lester for being one of the people that made The Reg the enjoyable mix of both serious and frivolous.

0
0

Apple quietly launches next-gen encrypted file system

Don Dumb

@AC - "if it wasn't for BBC iPlayer (which uses *&%$ Adobe Air) my machine would now be Adobe free."

If you're willing to watch through streaming rather than downloads, you don't need the iPlayer application and can just use the iPlayer website which is using HTML5 (if you disable or remove Flash).

Alternatively, there is getiplayer which worked the last time I used it.

Now if only they extend HTML5 to the rest of the BBC (particularly the news section).

2
0

It's [insert month] of 2016, and your Windows PC can still be owned by [insert document type]

Don Dumb

Re: The obligatory question

For me the updates had become magically 'unhidden', but they were unchecked and in the optional updates group. So a mere check of their Knowledge Base descriptions and they were promptly re-hidden again.

For what it's worth, I haven't needed any other tools than simply not allowing or installing the pesky Win10 related updates every month.

1
0

Microsoft splashes Virtual Reality-slinging 'Scorpio' Xbox

Don Dumb
Pint

Yeah, thanks for that picture

Now all I have in my head is the Bond theme-esque song about Hank Scorpio at the end of that episode

"And on Friday the canteen serves German beer.

He loves German beeeeeer"

3
0

Get ready for Google's proprietary Android. It's coming – analyst

Don Dumb
Holmes

If it's true

"Technology analyst Richard Windsor says that a highly confidential internal project is underway"

Clearly not *that* highly confidential then - Unless of course it's bollocks.

18
0

Cyber burglars love to pillage Euro businesses they've pwned before

Don Dumb
Joke

He just hasn't worked out how to switch off the camera or the fingerprint scanner.

1
0

Why everyone* hates Salesforce's Marc Benioff

Don Dumb
Stop

Re: Why is Hillary election propaganda being posted here?

"The vilification of the Trump Voter as know-nothing flyover country hillbilly seems to be reaching new levels of hysteria."

But I thought Trump said there was "too much political correctness?" - clearly that must only be when attacking women, muslims, latinos and everyone else who isn't Trump.

20
3

Watchdog snaps: Privatise the Land Registry? What a terrible idea!

Don Dumb
Go

Re: UK is really going to the dogs.

Dogshit, as seen on pavements

0
0

Got a Fitbit? Thought you were achieving your goals? Better read this

Don Dumb

@AC - "They don't measure continuously, fitness machines only measure when you have a firm grip on the electrical contacts and that's not possible during vigorous movement."

Those HRMs are terrible, fortunately most gym machines I've seen will accept data from chest strap HRMs (Polar, Garmin, etc) that are much more accurate, the chest strap just pairs with the machine. In my gym, all of the cardio equipment have the metal grips for monitoring but the gym staff hand out chest straps sensors when people are trying to do actual heart rate based training,

0
0
Don Dumb
Stop

Armchair doctor?

@ckdizz -

"the only person that should have a heart rate of 50 in the middle of the day is an endurance athlete, which he is most certainly not."

That simply isn't true, IMO Looking at heart rates in this overly narrow way is like using BMI to determine obesity. Testing someone's heart rate after telling them they may have a medical condition, is a great way of getting a higher reading.

Resting heart rates can differ greatly - <boast>while I'm in good shape I'm not an elite athlete, I was hooked up to a heart rate monitor at the hospital not long ago (so I assume was accurate) and my resting heart rate was 37.</boast>

There are many things that affect heart rates apart from cardiovascular training, age, sex, diet has a massive effect, stress levels, simple genetics, lifestyle.

I'm guessing your friend perhaps doesn't drink much tea, coffee or alcohol? Perhaps he doesn't eat much red meat or foods that are bad for cholesterol levels? Does he walk to work? - Many factors.

None of this is to say that Fitbits are accurate but that heart rates do vary greatly in perfectly healthy people, much like BMI.

2
0

Galileo satnav fleet waxes orbital

Don Dumb
Thumb Up

So we will have the satellites...

Can anyone point to how many Car sat navs and which consumer gear is ready to receive the signals or do we have to wait a generation to actually be able to use the service? I notice that my iPhone can pick up GPS and Glonass but I will probably replace it by the time the constellation is in service, would be nice (although not that important) if it also picked up Galileo.

If I buy a (European) car this year I assume I wont be able to benefit from this. How long before we can directly benefit?

1
0

Google asks the public to name the forthcoming Android N operating system

Don Dumb
Coat

Nutmeg

As in - it goes between your legs?

0
0

US-CERT advice says kill Quicktime for Windows, quickly

Don Dumb
Facepalm

Quicktime is very much still there

Just checked Apple Software Update on my Windows box. Quicktime is there (although not checked). However the text on the description is fantastic. This is the first line-

"QuickTime 7.7.9 improves security and is recommended for all QuickTime 7 users on Windows."

Considering this is text pulled from their servers today, you would think Apple might want to be responsible and put some sort of health warning up front. But apparently no.

5
0

Dear Windows, OS X folks: Update Flash now. Or kill it. Killing it works

Don Dumb
Headmaster

Re: Get the content producers to kill it

@To Mars in Man Bras! - iPlayer works on HTML5 without Flash now.

If you haven't got Flash it just works. If you do have flash, you can opt into their HTML5 beta and get the HTML5 feed instead. BBC News still uses mostly Flash though.

Grateful for your guide but it hasn't been neccessary since they started the beta

0
0

Adobe preps emergency Flash patch for bug hackers are exploiting

Don Dumb

Re: Flash Flushed

@theModge - if you remove flash from your system, iPlayer defaults to HTML5, no need to opt in at all. Unfortunatelt many of the videos in the news site are flash only - here's hoping the beta ends soon.

1
0

Bleeping Computer sued by Enigma Software over moderator's forum post

Don Dumb

Re: Anticompetitive

@Gordon861 - "Perhaps including Spyhunter as a special 'one time challenger' in the next AV-test might show how crap it is and end the case?"

Good idea, but I fear that has the danger of rewarding their bullying tactics and giving Spyhunter the air of legitimacy by being involved in a SPyware test at all.

I guess my point is - why should AV-test even give them the time of day? There might be other Spyware tools that don't get on the list that are more deserving than SpyHunter that haven't resorted to childish tactics to get noticed. Also, the AV-test result would then be itself the subject of litigation ('not fair', 'biased', 'badly carried out'). Most of these sites don't have the resources to contest litigation. If I was AV-test I wouldn't want to open myself up to that possibility if I didn't have to. And thus Enigma is self-punished by a lack of recognition from independant sources who don't want to touch them.

2
0
Don Dumb
FAIL

Re: I tried to give a f**k...

@ForthIsNotDead - "I tried to give a f**k...

...but failed."And then you even failed at that as you gave enough of a f**k to post a comment.

22
0
Don Dumb
FAIL

"You can't spell 'dishonorable', without 'honorable'"

@AC - "I would never buy a security product with *Spy* in the name. You are just asking for trouble."

But what about an anti-spyware tool? Would it not be more meaningful to have the term 'spyware' and therefore 'spy' in the name?

Would you avoid an anti-coagulent as you would be worried they will clot your blood?

5
0
Don Dumb

Re: Anticompetitive

@Andy Taylor - "Enigma say that not including affiliate links to Spyhunter as well, Bleeping Computers are anticompetitive."

But are they specifically *prevented* from becoming an affiliate? Or do they simply *choose* not to be. It isn't anti-competitive to not advertise a company that chooses not to advertise through you*, if they are being quoted exorbitant rates (compared to Malwarebytes) then they might have a point - but I doubt it.

Furthermore, as the Bleeping Computer page points out, 'AV-Test' doesn't include Spyhunter in its list of regularly tested anti-spyware applications to determine its relative success rate against its peers. If Bleeping Computer has to advertise SpyHunter, along with Malwarebytes, then they have to advertise *every* piece of software that *claims* to be an anti-spyware tool. And thus AV-Test would have to test all of those software tools also. I'm going to guess that the particular tools that any review or advice site tests or advertises is entirely their choice, they aren't under any obligation to present an exhuastive list.

<CarAnalogy>A Car magazine doesn't have to review *every* hatchback in its hatchback roundup review does it? And they will have car adverts, but not for every car they review.</CarAnalogy>

* - Apologies for the multiple negatives in one sentence.

13
0
Don Dumb
Facepalm

Striesand Effect? No we haven't heard that album,

This story links to the 'bad review', the bleeping computer forums flash up on entry a fundrasing page, which links to the same 'bad review' and my guess is that this will get attention in other national news outlets (as they do show an interest in companies undermining public created content on the web).

All Enigma Software has managed to do is aggressively promote comment on how bad they are.

You'd think that at some point, someone might learn the lessons of the Striesand Effect.

And that's before you start to ask, why does anyone have an obligation to give a good review rather than a bad review? (even though it's not a review at all) And how is it even 'advertising', so as to be falsely advertising?

55
0

Europe's Earth-watching satellite streaks aloft

Don Dumb
Facepalm

Re: Is this the sentinel...

@ac - "Is this the sentinel that comes with the 'correction' software to 'prove' the sea levels are rising faster and faster?"

You seem to be one of those people that have your own 'correction' software running. Yours is buggy.

7
4

All-American Apple challenges US gov call for iOS 'backdoor'

Don Dumb

Re: Letter target

@ac - "Shouldn't Cook be arguing the issue in the court?

Is this a case of not expecting to get much traction there on either legal or technical merits and hoping to get further with the "court of public opinion" and pressurize the court through the politicos?"

Well, they are also arguing the issue in the court.

I guess that Apple is ultimately answerable to its shareholders and it cares about public opinion which affects sales. Even though they are taking court action, it seems smart to explain to everyone, *before* a negative backlash, why they are fighting the court order.

2
0
Don Dumb
Stop

Re: To my mind... - Phil Kingston

@BenR - "Admittedly in this case, it's all a bit post hoc and arguably pointless"

I think people seem to mistakenly think the FBI is after the two (now dead) perpetrators. Rather I believe they want to review the phone to help establish whether anyone else was involved (also culpable) or whether the 'workplace dispute' angle is valid.

It certainly doesn't seem to me to be fishing to review the phone of a couple of mass murderers to establish any further background behind what really happened.

"If the authorities, be it the local police of some arm of the government security apparatus, has actually been to a court and got a court order, then isn't this exactly what most people have been asking for? Clear, accountable judicial process and a valid warrant for the information?"

Apparently what people kept asking for isn't what many people really want, if the comments on this story are anything to go by...

Personally, I agree that this seems acceptable. I can't see what more the government can be expected to do - there has definitely been a serious crime commited for which further investigation is in the national and public interest, they have got an open court order to help unlock the phone and the court order is specifically limited to getting assistance into getting into the phone in question.

3
0

Health and Safety to prosecute over squashed Harrison Ford

Don Dumb
Alert

Re: Are all employer liable?

@Cynic_999 - "So how does that work when the employer is the M.O.D. and the machinery in question is a machine-gun in hostile territory?"

"It shall be the duty of every employer to ensure, so far as is reasonably practicable,"

Yes, the MOD does have to take reasonably practicable steps, even in war, this equally applies to the Police Force in shootouts, Fire Service in firefighting etc.

Google 'Coroner report MOD' and you will see examples where the government has been found to not have taken such reasonable steps, even in places like Iraq.

Basically, in a warzone (or police shootout) you can't stop your enemy shooting at you but you can take many steps to make it less dangerous -

intelligence to understand the threats/risks; armour protection to reduce the risk of the bullets causing damage; equipment appropriate for the situation & location; years of planning, tactics and training to reduce the chance of it happening and deal with the situation if it does; medical evacuation and support in place to treat injuries; desicion making that takes into account the risks (of say going on an assault) weighed against the need to act (do you need to do the assault? or with the intended approach?)

- if the employer (MOD, Police force, fire service, etc) hasn't done any of these to the level of 'reasonably practicable' then they will be found cupable.

The principle is that you cannot eliminate danger, especially in a warzone, so you don't make things more dangerous than they need to be. The key has always been - Understand the dangers, try and reduce them and consider very carefully about whether doing things are worth the risk that remains.

3
0

Zero. Zilch. Nada. That's how much Netflix uses its own data centres now

Don Dumb
WTF?

A familiar smell

"...made way to continuous delivery, engineering teams making independent decisions using self service tools in a loosely coupled DevOps environment, helping accelerate innovation."

Why is it that any statement involving the term 'DevOps' is mix of various buzzwords?

Even terms which have usually have meaning somehow lose any meaning at all in the context of a statement like this.

10
0
Don Dumb
Stop

Re: Single Source

@A Non e-mouse "So Netflix now have a new single point of failure: Amazon. Do you really want your entire business dependent on just one supplier?"

No only that but would you want that one supplier to be your direct rival?

15
1

Bank fail: Ready or not, here's our new software

Don Dumb

Re: Lloyds online banking

@AC - "Lloyds online banking...completely freeze for 30s+, repeatedly, waiting for the content. Content that's blocked by multiple browser plugins as unsafe for various reasons including coming from a different domain."

I had the same problems, so I'm going to assume you are using NoScript (which seems pretty sensible with a banking site) and have just found out how to solve this, without turning off NoScript.

You have to specifically whitelist ONLY secure.lloydsbank.co.uk without allowing all of lloydsbank.co.uk, this isn't the norm for NoScript. The site works fine now that I have done this.

If you told Lloyds that their site didn't work properly they would simply tell you to turn NoScript off, which isn't particularly responsible behaviour IMHO. Considering that cyber is one of the big 4 threats to our nation, I can't help thinking that some good old fashioned regulation of what security compromises banking sites can and cannot allow is in order.

3
0
Don Dumb
Boffin

Project Manager empathy...

@AC - "Late delivery can incur penalty charges. Defective delivery never really does. It's a lesson they learned from government projects - even the quality is similar."

This.

Just remember people, everytime you join in the criticsm of a massively complex government IT project for lateness or cost overrun, you're fuelling the drive to deliver on time and cost, rather than on quality. Naturally the testing regime will suffer to satisfy this.

1
1

Who wants a quad-core 4.2GHz, 64GB, 5TB SSD RAID 10 … laptop?

Don Dumb
Boffin

Re: Weight.

@ZanzibarRastapopulous - 5Kgs is nowt you bunch of pussies.

Try running a half marathon with a 5Kg weight, I can assure you it is far from nowt

2
0

Hollywood given two months to get real about the price of piracy

Don Dumb
Boffin

Re: Reminds me of...

@Danny 14 - "the rule change was a nightmare as it now made borderline "chucking" harder to umpire (it was previously "obvious") however, the rule change was originally in good faith."

Putting aside the assertion that the rule was made in good faith (I'm not so sure) - The problem with legalising actions such as Muralie's, is that the umpires can't actually know if a player is bowling within the rules or not, they can merely cite the bowler as 'suspect'. This means that the only way to determine whether an action is legal or not is by taking the bowler to a laboratory and putting them through several tests, which can take many months. I think the rules are pretty screwed up if no one at the match is able to know whether a bowler is bowling legally or not, even with TV replays.

It is the equivalent of the Lawn Tennis Association writing a rule about the serve action that is so difficult to judge and then saying "so we can't actually know if a serve action is legal or not, therefore we will let a suspect player carry on for a few more tournaments and then test him at some point to see if he was playing within the rules or not".

Good faith or not, it's an abject failure to write rules for which the game can be decided and only be able to find out several months later if the bowler was bowling wihtin the rules or not IMHO.

4
0

Kids' TV show Rainbow in homosexual agenda shocker

Don Dumb
Facepalm

Re: Sentenced to zippy.

@Old Tom - "Po was red, Tinky Winky was purple and had a handbag"

Self fail. You are quite correct. If I recall, Po wasn't without controversy as she/he was the one played by a communist. That also got the tabloids outraged in the usual "commie beeb" style.

0
0
Don Dumb

Re: Sentenced to zippy.

@Teiwaz - "He'll be having a go at James and his magic torch next, or Mr Benn."

We get stories like this every year in the UK for us to laugh at. Anti-gay idiots in the US decried the Tellytubbies, the character Po was apparently "openly gay", the heinous charges being that 'she' carried a handbag and was purple (apparently that bit of the light spectrum is gay). The rest of us wondered how someone could look that hard for spurious clues of sexuality in a kids TV show.

Harry Potter was demonised for promoting magic and witchcraft, which apparently prevent kids from learning about Christianity.

Probably every kids show that isn't a bible story gets construed as somehow teaching kids to be the devil incarnate. These Pastors are seeing the things they 'despise' everywhere, in a way that wouldn't be at all an indicator of severe repression.

21
0
Don Dumb
Facepalm

Here we find a Daily Mail Journo in training.

"The BBC should have had its broadcast licence revoked for showing such filth"

That would be pretty harsh, considering it was an ITV show.

29
0

Donald Trump wants Bill Gates to 'close the Internet', Jeff Bezos to pay tax

Don Dumb
FAIL

Re: Solution: More free speech, not less.

@gazthejourno - "You're kidding. They [The Nazis] were the very definition of socialist when it came to the economy - nationalise, centralise, directed production. Look at VW: a private enterprise whose capital was effectively impounded and diverted into state-directed military production for the duration of WW2."

Perhaps you didn't do much history but the Nazis hated actual socialism. Other's have pointed out how they really operated and they purged socialists as soon as they could.

In respect of your point about VW, it is worth remembering that many nations nationalised critical production *during the war* regardless of political bent.

The whole "Nazi's were SOCIALISTS" mantra,seems to be pushed by right wingers in a bid to convince themselves that they aren't anything like that when so accused.

3
0

Domination: Crims steal admin logins, infect sites, drop Cryptowall 4

Don Dumb
Unhappy

Law enforcement?

"Zaharia says the campaign is "extensive" and operates from six bulletproof hosting servers in Ukraine."

Genuine question - We've identified the servers, so why can the Ukrainian government not simply go there and pull the servers out of the wall?

Or does Zaharia mean "the difficult bit of Ukraine which doesn't really have a government"

1
0

Star Wars Battlefront: Is this the shooter you’re looking for?

Don Dumb
Happy

Re: Move along

@dogged - "I'm not interested in multiplayer-only games. I don't have enough time to get good at them and frankly, being bawled out by foul-mouthed 13 year old for not pwning sufficient face is not a pleasant use of my time."

I have no interest in multiplayer for similar reasons.

I think I could be enticed if there was some sort of league hierarchy system, much like there is in sport (in Britain at least). Everybody starts at the bottom level and if they are good and win a lot, they get moved up into a higher level. That means that those of us that play for a few hours at the weekend (at most) stay in the bottom level and are well matched against each other. Those who are good, or put the hours in, play against those who are also good. You could have many levels, with the pros at the top and us losers at the bottom. You wouldn't be able to play against those in higher or lower levels unless you enter a special cup or 'open' competition.

Perhaps those of use that don't want to interact with 13-yr olds, can then form side-leagues at the relevant level. Or even have age-group levels, people only play in their age groups unless they are good enough to progress, in which case they are good enough to play with good (or older) players anyway and don't get in our way when we just want to have fun. (That also could sell to the 'think of the children brigade')

It seems that gaming is in its infancy and the structures of established UK sports like rugby and football, would work well in gaming if they could be managed in the same way.

7
0
Don Dumb
Happy

Re: ... most perfect slice of Star Wars yet

@thomas k - "Really? More perfect than KotOR 1 or 2?"

I've just had the pleasure of playing through KotOR again, as it has been re-released for the iPhone. What a wonderful game, easily the best Star Wars games and still one of the best RPGs. It really upsets me that they could have made such engrossing stories in that universe in these two games and yet completely screwed up the films by trying to stick to closely to the original films (which never happened btw)

1
0

I've lost the remote! Fury as Samsung yoinks TV control from its iOS app

Don Dumb
Thumb Down

Re: Have got an older Samsung TV

@TheFirstChoice - "I've got an older Samsung (non-smart) TV - they just abandon any form of support for them, even when they're still current models and they could update the firmware"

Your's is a different experience to mine, I have a 2012 mid-level Samsung Smart TV, I have had may updates over the last few years, the most recent system firmware being April 2015 I believe.

The UI is still filled with many shitty needless apps (I only want a few - iPlayer, Youtube, All4 & Netflix) but gradually some of the bloat has receeded. What they haven't upgraded or even got close to working is the DLNA service. The TV can barely find anything on the network and the Samsung AllShare application is awful, didn't work at all - that application hasn't been updated since before I even brought the TV.

That said, Samsung do seem to be generally pretty awful at updating their software on most things, certainly a premium smartphone should be updated for several years after being discontinued, especially considering the sensitive personal data held on most phones, the frequency of attacks and the vunerability that using any moble device naturally entails (frequent use of untrusted networks, connections to untrusted devices, etc).

They aren't the worst company but aren't great and they have few excuses to be so much better than they are.

1
0

Windows 10 growth stalls during October

Don Dumb
Stop

Re: Interested to see how this turns out...

@alain Williams - "Partly because Linux is not counted properly. A week ago I bought a new laptop, it came with Windows 8.1 installed; I immediately upgraded it to Linux Mint - but it will be counted in the statistics as another MS Windows 8.1 installation."

I don't think that's true, I beleive the stats are based on web usage, so if you didn't use 8.1 to access the web* but did use Mint then only Linux would be counted. The problem with these stats is that it can't count those machines not connected to the net. If anything that means WinXP (many manchines unplugged from the net) is most under represented.

* - or at least the site(s) that are used to collect the stats

16
0

TalkTalk incident management: A timeline

Don Dumb
Stop

Re: A TalkTalk customer says...

@Quotes - This might be stating what you already know but I'm pretty sure you haven't been contacted by TalkTalk there, you're a victim of the hack. The hackers have your phone number and name from the hack and are phishing for to get whatever other info they need. Imagine there's many people working through the data contacting the gullible/naive/week to get 'missing' data.

This is why it doesn't matter that 'not everyth bit of customer data has been taken' as once you have some, you can start targeted phishing. You know they are a talktalk customer, so can pose as talktalk and work from there. I wonder how many TalkTalk customers have been contacted by phone by "TalkTalk" in the last week, who have then lost money....

0
0

Ransomware victims: Just pay up, grin, and bear it – says the FBI

Don Dumb

Re: you *are* able to get your data back?

@wierdsmith - "If these criminals took the money and failed to deliver the hostage data back, then no subsequent victim is going to pay them knowing they will get nothing for the money."

Except that people don't like to state that they paid ransoms and thus wouldn't like to admit they paid a ransom that didn't work.

It would seem that there are some stories of ransomware ransoms not resulting in decryptions. An indication - https://blog.kaspersky.com/cryptolocker-is-bad-news/3122/ "It comes as no surprise that a few infected users that paid the ransom are saying that they never received the decryption key in return"

Because many groups use ransomware, one could make a lot of money without having to give out decryption keys, as somany will payout in desperation in case they are held by a group that does decrypt. It is still a case of putting a lot of trust into a group that doesn't deserve it.

0
0
Don Dumb
Stop

Re: you *are* able to get your data back?

@1980s_coder - "No, because in this case once the data has been de-crypted, you should do a fresh, full backup of everything, (just as you should have done before for forensics), re-install OS and applications from read-only media, or digitally signed sources, and finally manually restore your configuration files and user data, after looking through them to be sure that they are safe and uncompromised."

You misunderstand me. Yes, one *should* do as you stated, but considering many companies have gotten into this situation and didn't had good backups, what are the chances they don't do anything or everything that you list? Just look at some of the examples above.

Many small organisations barely had the money to pay the ransom, I'm betting they had terrible sysadministration before, that got them into the mess and they wont have the resources or nous to properly prevent the situation afterwards.

Most organisations that do as you state proably wouldn't have gotten a ransomware problem in the first place (because they had good security, long term offline backups, etc). I'm betting most organisations that do get ransomware infections they can't clear up without paying ransoms are still good targets after they have had to pay the ransom. Just cows to be milked.

0
0
Don Dumb
Terminator

you *are* able to get your data back?

@AC - "The price you pay for not having back-ups, I guess. Just be glad you're able to get your data back."

That assumes that paying the ransom *will* actually get your data back. There's nothing stopping the perpetrators from simply pocketing the money and going silent. It's amazing the amount of trust people place in faceless, ruthless, criminals who have no incentive to actually do what they are claiming to. Considering some organisations can barely afford to pay the ransom, paying the ransom without any confidence that you will get your data decrypted really is taking a risk.

Especially as a smart criminal could simply give the decryption key, while remaining present on the network and re-encrypting the data again (perhaps they already have), for another payout in a year's time. Before you know it there's an unhealthy protection racket going. I'm betting that a small organisation that gets badly hit by a ransomware attack would doubtful be completely secured after the cleanup, which probably wouldn't completely cleanup the mess, the best targets are the ones who you've already hit.

<evil thought>The best time to hit an organisation with a ransomware attack would be just as they are rebuilding the network and storage following a previous ransomware attack, then you can be sure that all data is within the reach of the attack. You probably wouldn't even have to leave the network, just stay low in a rootkit somewhere on a network device, biding your time.</evil thought>

2
0

Malvertisers slam Forbes, Realtor with world's worst exploit kits

Don Dumb
Boffin

Re: responsibilities

dan1980 - "Take a restaurant found to be serving food that makes their customers ill. If it's in the handling and storing and preparation of the food then the case is clear - it's the restaurant's fault. But what if the cause was bad produce from the supplier?"

The analogy is a good one but there is a bit of a flaw when think about who the customer is in each situation.

Putting aside criminal responsibilities for a moment, the responsibility a restaurant has is between itself and those it enters into a contract with (the customers and suppliers), the supplier is merely a subcontractor in the contract to provide its customers with a meal. Therefore, if you have been given dodgy food in a restaurant, it is the restaurant that should reimburse you. The restaurant might then attempt to get those damages back from its supplier (who may then go to its supplier, etc) but that isn't the concern of the customer. The customer doesn't have any contract with the food supplier.

So yes, the restaurant should have standards about the quality of the food supplied as they are expected to deliver a standard of quality to their customers. Basic supply chain and subcontracting.

However, the problem with this is what is the contract that is being entered into? You're not paying for the website like you are a meal.

I'm sure the websites would claim that they are not delivering adverts to their readers, they are delivering news stories to the readers and eyeballs to *their* customers (advertisers). This would be like the restaurant giving you food free of charge but in return they just simply play the radio (and the radio pays them for this) and if your ears are damaged by the adverts on the radio, well that's not their responsibility its the radio station's.

I think a better lever to encourage websites to do their job properly is criminal responsibility - do websites have a legal responsibility to ensure that the Computer Misuse Act (or non-UK equivalent) is not violated by content delivered on their site? I would argue that they do and that malvertising is very much a violation of 'anti-hacking' laws. If torrent sites are considered responsible to not link to torrents that violate copyright then news websites are even more responsible for adverts that their pages direct the reader's browser to download. If Cyber is the big national security threat then why aren't police forces prosecuting websites that assist in unlawful computer hacking. A few prosecutions and I can guarantee any major website will be vetting advert agencies very closely.

2
0

It's still 2015, and your Windows PC can still be pwned by a webpage

Don Dumb

Re: Anyone have a clue about...

KB3083324 - it is stated as an update to the Windows Update Client. It doesn't say what the update improves about Win Update but considering WinUpdate has been taking ages lately, I'm comfortable installing it.

0
0

Page:

Forums