* Posts by Robert Brown

21 posts • joined 13 Aug 2007

UK watchdog snaps on glove to probe Tesco's 'security fails'

Robert Brown

Yup, but the password reset link can only be used once and forces them to change the password (and can also be made more secure by making the link time-sensitive and maybe verifying the link is followed from the same IP that requested it). The problem with sending out a new password via email is that someone else could have used it to get in and you'd be none the wiser.

1
0

Google Wallet PIN security cracked in seconds

Robert Brown

Superuser Prompt

If you've rooted and have Superuser, it'll prompt you if an app tries to run as root and will ask for permission. So this can't happen silently under default settings. Of course this doesn't protect you against a stolen phone, either rooted and then stolen or stolen and then rooted...

0
0

Spotify scores over £1m a month from subs

Robert Brown
Alert

@Spotify (or Napster) and Squeezebox

I've heard they're going to look at getting onto various types of hardware such as internet radios, etc.

@Richard IV

Where are your figures from?

0
0

Nation's moral guardians snap over 'shag bands'

Robert Brown
FAIL

Urban Myth?

The bands thing is a myth that's been going on for years according to a book a recently read.

Hippo Eats Dwarf by Alex Boese mentions it being a long standing story that repeatedly crops up from time to time in the media.

0
0

Apple decrees Spotify worthy of iPhone

Robert Brown
Alert

Time to wipe my iPod

Excellent, at last.

I already subscribe so I'm looking forward to deleting all the MP3s off my iPod touch and updating the songs via WiFi.

@Glen 1 (b). Yes hopefully,although 2 of my favourite albums have recently been deleted from Spotify (or made not available to UK, either way its the same effect).

0
0

Spotify: iPhone sideloads for £120 a year, unlimited

Robert Brown
Thumb Up

What I've been waiting for...

I listen to everything on Spotify now - even if i have the same albums on MP3. So much quicker to use than iTunes and a much better UI as a whole. It took me a couple of months to decide to part with a tenner a month, but has definitely been worth it for no adverts and now the high bit-rate option.

The ability to listen when I'm not at a computer is all that's missing - this will fill the hole, assuming Apple let it in. I have an iPod enabled car stereo, so I'm hoping that I can load the Spotify app up on my Touch, set the playlist going and then listen on my long commute to work. I don't expect the Alpine XDA-x100 to be able to control playback, but hopefully it'll output the sound and allow me to control the volume. Pity Apple don't let a finer grain of control for applications authorised by the user to allow for background play and control via the connector, as they do with the built in music app.

0
0

Windows 7 UAC vuln not a vuln, MS repeats

Robert Brown
Gates Halo

@Well, personally ..

The reason it fills the entire screen and fades everything behind it is so the user knows it is the OS prompting and not a malicious program. With any other sort of alert this prompt could be spoofed by the program itself.

If it could be spoofed I suppose what it could do was to keep asking the user if it could continue and then keep appearing if the user clicked No. The user would get pi**ed off with this and eventually click Yes, allowing the program to do what it wants if that happened to be the real OS dialogue. Also,Vista might control this so you can only have one instance of the elevated privileges prompt appearing once per process so the user cannot be tricked in this way if Vista is the only thing that can fade the screen. I wonder if you could spoof this prompt though by taking a screen shot, fading it and the displaying it as your app's background at full screen?

0
0

BT cuts 0870 charges

Robert Brown
Thumb Down

@O2 Freefone

Wasn't free for me when I was on O2. The "drop the 0" was something to stop you inadvertently dialling an 0800 number expecting it to be free. Instead you got a message saying dial again without the 0 to accept the charges.

Fair enough if these numbers aren't free from a mobile, but why can't they just take the minutes our of your tariff's free minutes? Very clinical and money grabbing IMO.

0
0

Sony Ericsson Cyber-shot C905 eight-megapixel cameraphone

Robert Brown
Go

Return to form after the K850i excuse for a camera phone

I've had this phone for a couple of months and it's excellent. Infinitely better than the K850i as a camera phone.

Good points:-

- Fast and slick user interface.

- Brilliant call sound quality and from external speaker.

- Did I mention the excellent camera?

Bad points:-

- Eats battery with wi-fi enabled. Even in power saving mode. Even when not actively used.

- No manual lock. You have to open and close slider again, or wait for auto lock timeout.

- Texting is very tricky. The T9 software is very good, but I still haven't got used to the spongey feel of the number keys.

I recommend it, unless you're one of those people that sends tens of texts a day then I'd look at something else.

Also as another point, Orange seem to let me send MMS's with 2MP pictures included. What's the maximum now, or do they scale it down on their MMS server for the recipient?

0
0

ArseASA rules 'Feck' non-offensive

Robert Brown
Joke

It's fecking offensive...

...so the ASA should feck off. I fecking bet that there are already at least 10 fecking similar comments on the page already by the time this is fecking published (or not).

0
0

iPhone developer stoops to straight bribery

Robert Brown
Jobs Horns

@Colin Mountford

Well journalists are sometimes invited to sunny climates, all expenses paid, for product demonstrations in the *hope* that they will give good reviews. In this case they are actually paying only when they *have already given* a good review. Sounds like a step further to me.

0
0

Software update nobbles Sky+ boxes

Robert Brown
Thumb Up

@Tom

It's updated via satellite, so not plugging it in won't help. I don't think there's a way to stop it updating, but I know you can press something if you want to force it to do an update check and then download.

0
0
Robert Brown
Unhappy

Wish they'd roll it back!

I've had this problem since Thursday, although I have upgraded the HDD to a 250GB drive. Wondered whether it was because they'd not tested it properly, or whether they'd only tested it with standard Sky + boxes. If it's the former then I wish they'd apply a roll-back until they've developed a fix for the new version!

0
0

Phisher-besieged PayPal sends users faux log-in page

Robert Brown
Stop

Why not stop sending emails with links and URLs?

PayPal have the following footer on their emails:

"How do I know this is not a Spoof email? Spoof or 'phishing' emails tend to have generic greetings such as "Dear PayPal member". Emails from PayPal will always address you by your first and last name."

What's the point in that if they then send emails with random domain links? At any rate, finding a user's first and last name wouldn't be too hard if you had their email address. e.g. if you were FredBloggs@hotmail.com a phisher could run that against a database of first names and deduce that the match is the first name and the remainder is the last name and then generate an appropriate greeting.

A better solution would be for Paypal never to send links or even URLs in messages and just state that they have to type Paypal.com into their address bar. But that's too easy.

0
0

'Podestrian' risk rising for drivers, warns insurer

Robert Brown
Jobs Horns

Stupid people

Bloody idiots listing to iPods while crossing the road - I had to drop my mobile to swerve round one the other day.

0
0

Renault looks to wee-hued windows to cut car power draw

Robert Brown
Thumb Down

I'm NOT driving that

I don't want an electric car anyway, but one with GREEN tinted windows definitely won't persuade me.

0
0

Net game turns PC into undercover surveillance zombie

Robert Brown
Paris Hilton

Creepy Wording

"This game demonstrate how the user's camera and microphone can be spied uppon [sic] without her knowing."

Her!?

Paris, cos I believe she may have fallen for this before now.

0
0

Jesus Phone vuln delivers fanboys to phishermen

Robert Brown
Go

@AC

I've heard that in certain cases you can get wildcard Verisign certificates that will match any subdomain. So if that's true, you could get the certificate and the setup securelogin.facebook.com.yourdomain.com with a valid cert root path.

0
0
Robert Brown
Unhappy

Possible solution?

Something should really be done about links in emails. It is there for convenience, and is really useful on devices that don't have real keyboard input so typing would be too cumbersome. Would a message box work clarifying the domain solve this? 'You are about to navigate to the domain "securelogin.facebook.com" on HTTPS. Continue?' This could be a standard thing on all email clients, much the same way as not downloading images is (or not).

Companies don't do themselves any favours with the types of links they put in emails either. e.g. http://email1.paypal.co.uk/u.d?PG2ZaAmgKj7fd4Uep=390 . If they want average joe to be able to identify phishing emails, they need to keep it simpler.

0
0
Robert Brown
Jobs Horns

Took someone long enough

Thought it was a bit poor having no option to not download external images. You'd have hoped someone at Apple would have noticed the lack of feature and identified it as a high priority issue. No-one else seemed to have identified it either when I spotted it happening and Googled the problem.

Annoying when you see a spam email come in, so ignore it and read the others, delete after reading them and then the email client goes and opens the next one in the list which happens to be the spam one and loads the images. Grr!

0
0

Council employs automatic PC shutdown

Robert Brown

What about the cost of time lost in the morning?

I usually think that shutting your work PC down every day means that so much time is lost each morning waiting for Windows to load and then loading all the programs you were using again. Sure, there's hibernate but how many people in the council will know about that?

I wonder if these costs have been factored into the savings?

0
0

Forums