* Posts by Edward Phillips

15 posts • joined 3 Mar 2007

Surrey teen charged over Mumsnet hack attack

Edward Phillips

Hacking as a Job Application

I was talking to a bunch of computer students in a London college a few months ago. Several of them thought that the best way to be offered a high-paid job in cyber-security was to hack something, rather than messing about with CVs and all that stuff.

Maybe it is - but if that is true it's not a great system.


FBI's Tor pedo torpedoes torpedoed by United States judge

Edward Phillips

Stable Doors

Is it not possible to get a retrospective warrant by presenting the same evidence to a different judge and asking him to grant it?

Or is it just a presumption that a warrantless search is unlawful which a later court can rebut given the information provided (and given that a magistrate was persuaded the first time around).

The FBI clearly messed up and need a telling off, but it can't be in the public interest for this many convictions to go down on a technicality.


Bloke sues dad who shot down his drone – and why it may decide who owns the skies

Edward Phillips

UK Law

In the UK, in Bernstein of Leigh v Skyviews & General Ltd [1978] 1 QB 479 it was held that a (manned) plane overflying properties (once) and taking a photo (one) was not trespass (they were selling the owners photos of their houses from the air, in pre-Google days). It overturned the previous (13th century) maxim Cujus est solum ejus est usque ad coelum et ad inferos (for whoever owns the soil, it is theirs up to heaven and down to hell) for the air, saying instead that property owners only have rights over the air above their property to such height as is necessary for the ordinary use and enjoyment of his land. There are earlier cases - in 1815 it was decided that floating across land in a balloon wasn't trespass, nor was firing a bullet across it (unless it landed or hit an animal).

The court did say that if a claimant was subjected to the harassment of constant surveillance from the air, accompanied by the photographing of his every activity then that would be a "monstrous invasion of privacy" and an actionable nuisance (for which damages would be given). Nowadays the Data Protection Act 1998 rights would also apply.

Overhanging cranes can constitute trespass and it is common for crane operators to get a licence from neighbouring owners.

More generally, the relevant Air Navigation Order 2009 (SI 2009/3015) imposes rules on flying in congested areas or within 50m of any person. Breach of the ANO is a criminal offence for which people have been prosecuted.

s.76 of the Civil Aviation Act 1982 imposes liability for any damage caused on the ground (if the drone crashes into your greenhouse). That was for manned planes but it is thought to extend to drones. Also Regulation (EC) No 785/2004 requires all commercial air operators (including drones) to have insurance. Private model aeroplanes have an exception.


National Crime Agency: Your kid could be a nasty interwebs hacker

Edward Phillips

I was speaking to a load of schoolkids on an IT course recently. Many of them believed that the way to immediate riches and a well paid job was to hack a high profile organisation, and then the security industry would immediately scoop them up and give them a lucrative job.

I suggested that perhaps criminal hacking was a high-risk interview approach but they were convinced.

Either they're right (in which case the NCA has a different problem) or they're wrong (and convincing them of that would be more useful than telling their parents to check their browsing history).


Why OH WHY did Blighty privatise EVERYTHING?

Edward Phillips

Re: The Purpose of Government.

I was taught at college that the Crown has a couple of prerogative duties (to go with its Royal Prerogative rights):

1. Defense of the Realm

2. Maintaining the Queen's Peace

Which align with your longboats and police bit and explains why those are the hardest bits to privatise because they are the core responsibility of the state. If a state can provide a peaceful and secure environment then the rest of society may be able to pick up the rest itself.

The state may feel that it has to do something to ensure that utilities, public transport and so on actually happen - if the water, sewage and food distribution system fail the Queen's Peace will fail shortly afterwards - but it doesn't have to do them itself, it can just regulate to enable them.


Australia mulls dumping the .com from .com.au – so you can bake URLs like chocolate.gate.au

Edward Phillips

Re: Dot Oz?

No they don't. It's drawn from an ISO list (ISO 3166-1 alpha 2, for the pedants out there). One or two early adopters cheated slightly (.uk) but otherwise it's fixed.


Armouring up online: Duncan Campbell's chief techie talks crypto with El Reg

Edward Phillips

Re: Truecrypt is a threat

An interesting idea but has it happened? The prosecution have to prove on the balance of probabilities that you have not handed over the keys, but if your defence is that there is nothing encrypted won't the judge expect them to explain which keys they had in mind?

Also, the penalty isn't life imprisonment, but that's a side issue.


Why Nominet disconnected 1,000 sites with no court oversight

Edward Phillips


For everyone who says "Go to the courts", "get a court order" etc.

Who are you going to sue? The address details are false. This isn't America, so you can't sue the domain names themselves (and frankly, how does that provide any protection?)

The only way out is for Nominet to demand that the people involved provide correct addresses. But if they're crooks, they won't bother - they'll just start new companies/sites/domains.

PS Yes, with 8 million names of course Nominet only response to a false address complaint when someone makes it, and of course they trust the police at PeCU (who they know) more than they trust a caller on the phone (who they don't) and vary their checks accordingly. So what?


Stob latest: It was a cunning trick, says Open University

Edward Phillips

Try complaining....

Verity Stob needs to use the university complaints process. The University may be more prepared to clean up the mess privately via the complaints process than under the full vulture-sight of El Reg - although its an interesting article.

If they won't deal with it she could try complaining to the University Ombudsman (officially, The Office of the Independent Adjudicator for Higher Education) - http://www.oiahe.org.uk/

If its a matter of academic judgement they may decide not to do anything, but it is worth a go.


UK net registry battles coup d'etat

Edward Phillips

@ Angry AC + Prices

Nominet calls itself not-for-profit, which is technically true because no-one gets that profit. Really, its more a case of "not-for-dividend" because any profit doesn't go to the members, which discourages carpet-bagging.

Of course, it could stop making a surplus by reducing prices. The board cannot just do that - they'd need the membership to vote for it (weird constitutional restriction of Nominet - not normal for a company). As comments here show, not everyone wants domains cheaper (bulk domainers clearly do, others don't).

So what do you do with the money? There's only so many USB sticks you can buy for techies without breaking the no-dividend rule. They spent a chunk on suing some scammers a few years back. So now the board are giving it to charity (personally, I like the idea - certainly better than giving it to the Government, especially since Nominet isn't Government owned).

As for all this stuff....

>you cant register an IDN - international domain name (xn--) with any

>NOMINET owned addresses (see their arcane rules) - hello? this is 2008

>for f***s sake.

True, but they did a consultation about it, decided that it was difficult and focussed on other things. Read the consultation. Technically it isn't hard for Nominet, but the public don't understand them and customer support would be a nightmare.

>you cant use a direct TLD of .uk (every other country in the world

>does this) - those 5 or 6 that exist redate 1996 when the rule was

>changed to not allow .uk

True, but is that bad? Increases the number of available names - its just that most people only recognise .gov.uk and .co.uk - but that's just advertising to fix.

>Theres still no real moves for .gb release - thanks.

They don't own it. Look at IANA.

>theres still no real move to give scotland and wales their country code

>names either.

They don't allocate top level domains (.scot, .wal etc). Go ask IANA.

>..and dont even get me started on DNSSEC. back in late 2007 they

> published a 'positional paper' which started off bright - they believe that

> it should be done - but by the last couple of pages they finished with a

>dozen cop-outs and tried to infuse a simple matter into something far

>more awkward and custom. hello? RFCs?

The original design allowed the entire .uk domain name list to be stolen, and from that all names and addresses to be taken from the WHOIS. They couldn't implement it. Slow and dull writing a better RFC may have been, but it turned a design that none of the big european registries (who comply with data protection laws) could use into one that they can.


UK gov issued 250k snoop licences in nine months

Edward Phillips

Phone taps - or communications data

Phone taps - someone listening to my (boring) calls.

Communications data - looking at my itemised phone bill and web-browser history as stored by my ISP.

Do you really mean a quarter of a million phone taps, or do you mean a quarter of a million requests for communciations data - one is a lot less scary than the other?


MySpace wins UK domain name that pre-dated its service

Edward Phillips
Thumb Up

Abuse through use

With Nominet's DRS there are two tests - is it abusive when it was registered (no), is it abusive today, now that life has moved on (in this case the expert said yes).

Just because he registered the name ages ago doesn't mean that once it (by accident or design) later becomes famous for something else, he can jump on that bandwagon and take advantage of that fame. If he had started a genuine business at the time and was still doing it, the DRS says "fine". But he wasn't - he changed to take advantage of the later company's subsequent reputation and that's what the DRS doesn't allow.


Illegal immigrants spared the gamma-ray scanner

Edward Phillips


Surely the solution is to bang on the side of the van and say "If you don't consent to being scanned, get out now." Wait 1 minute then scan the van. Am I missing something, or should I be a highly paid consultant to the Border and Immigration Agency?


Hot-air powered railway to harvest energy from cars

Edward Phillips

Is it really free energy?

The petrol is used to push the car forwards which involves moving the air out of the way. If the flow of the air is impeded by an air turbine taking the energy out and slowing the air, is it not going to require a greater and/or more prolonged push to move the air out of the way of the car i.e. aren't the car drivers going to increase the amount of petrol used to drive along that motorway?

Wouldn't it be more efficient to put that fuel in the train and save on the costs of setting up the turbines and maintaining them?


Scotsman wins £1,300 settlement against spammer

Edward Phillips

In response to "Hmmmm..."

In answer to the "Hmmm..." poster -

It doesn't matter if he put the email address on the website, or Transcom got his email address because he had emailed a list (from Nominet or anywhere else) that Transcom (or an associated company) happened to have been subscribed to. The law does not allow:

1. spam to be sent to any email address you happen to be able find; or

2. spam to be sent to someone just because you have have had some contact with them through work.

There is an exemption that allows businesses to send emails where that person has previously had contact with you as a customer and you meet various other requirements.



Biting the hand that feeds IT © 1998–2017