* Posts by Frank Bitterlich

361 posts • joined 9 Nov 2007


Tens of millions more web accounts for sale after more sites hacked, Mac malware spreads via Windows.exe, and more

Frank Bitterlich

Facbook "protecting" its employees?

"On one hand, Facebook can and should be able to protect its employees from any threat of harm."

No. It should not. Since when should Facebook take over law enforcement duties? So in order to "protect their employees", they do what even police wouldn't be allowed to do - they track and monitor people 24/7 without their knowledge...?

If someone is threatening Facebook employees, they should refer that case to the police instead of taking the law into their own hands and using illegal actions against these so-called "threats."

Worried about Brexit food shortages? North Korean haute couture has just the thing

Frank Bitterlich

Let them eat shirts...

The items are aimed at outdoorsy types that might come unstuck on a mountain somewhere and need something to chow down on while awaiting rescue rather than for citizens enduring food shortages.

Just assuming that this is a clever marketing campaign to target the many adventure-loving North Korean folks who love nothing more than taking their SUV for a quick weekend trip to their luxurious mountain cabins for some free-climbing fun and maybe some heli skiing...

OK, so you're stuck somewhere up on a North Korean mountain for an extended period (maybe your snow mobile broke down, and as usual the heli taxi needs forever to pick you up), such that starvation might become a factor. Outside temp around freezing point. What do you do? Eat your shirt and freeze to death?

Ever feel like all your prayers go unheard? The Catholic Church has an app for that

Frank Bitterlich

Re: Development question

I'd be more interested in his IP address and what the whois record looks like...

Frank Bitterlich
Thumb Up

"Pray for me that the Greek test will be canceled."

"... and the English test, too!"

Me fail English? That's unpossible! -- Ralph Wiggum

Cops: German suspect, 20, 'confessed' to mass hack of local politicians

Frank Bitterlich

Re: "Hacker Attack"

There were a few bank account statements and invoices in the dumps, hardly what I would call publicly accessible. More typically what you would find if you rummaged through someone's email or cloud storage accounts.

Frank Bitterlich

"Hacker Attack"

So far there has been zero mention of how he got his hands on all that data. I can't believe that he actually did all of the actual hacks himself.

My guess is that he got all that data from multiple (probably more or less publicly accessible) dumps and just dumped them in a somewhat organized way.

You were told to clean up our systems, not delete 8,000 crucial files

Frank Bitterlich

Re: Backups

Stuff you want to use again is kept in the recycle bin, that's why it's called "recycle"

A long time ago (not too much later than Sam's story) I was doing routine maintenance on a Mac for an office worker of the company I was working for... and that included emptying the trash can (as the Recycle Bin is called in Mac OS). Cue some serious berating about how I dare empty the trash – she was "keeping important files in there"...

Sounds funny, but apparently some people have trouble understanding what the word "trash" means, and still get beyond flipping burgers in their professional carreer.

Germany hacked: Angela Merkel's colleagues among mass data dump victims

Frank Bitterlich

AfD data missing

Another theory on why the dump lacks data from any AfD politicians so far ist that the data might be somewhat old (and the AfD having made it into Bundestag this legislative period for the first time.)

Unfortunately the reporting on what exactly has been dumped is a bit thin so far in most German media.

So I'll leave it to the usual tinfoil hats to make up a suitable conspiracy theory on why they have been spared. Bob, you are reading this, right?

Peak tech! Bacon vending machine signals apex of human invention

Frank Bitterlich

Pork barrel

To me it looks like that already. A vending machine that wants a dollar for products that have been donated?

Customers baffled as Citrix forces password changes for document-slinging Sharefile outfit

Frank Bitterlich

An email...

... that for some reason travelled backwards in time from May 2019 into my today's inbox:

"Dear happy Cixtrix user,

as you please have heard must please reset password now. Or not have access. Convenienly, plase click [a href="someplace.please-dont-block-my-account.wherever.tk]here[/a] to not have account removed and set new password. Must enter old password first. Please ignore if some get warning browser message, all is OK. Awaintingly, Cxitrix user best support team."

YouTube fight gets dirty: Kids urged to pester parents over Article 13

Frank Bitterlich

Re: Isn't it bad?

"Google will have no choice but to block Europeans from accessing Youtube if Article 13 passes." [citation needed]

Alleged crypto-crook CEO cuffed by FBI after $4m investment in his bank bafflingly vanishes

Frank Bitterlich

Re: I had trouble with the headline.

Yep, and he told you so: "Decentralised banking." As in, the money's not in the bank, but rather... ah, somewhere.

Er, we have 670 staff to feed now: UK's ICO fines 100 firms that failed to pay data protection fee

Frank Bitterlich
Thumb Down

The other way around?

So, if you register as a data processor, submit to audits, do everything right, then you have to pay the ICO.

If you fail to do all that, you get slapped on the wrist, and a stern warning.

How about making those companies and individuals pay for the ICO which are the actual reason why an ICO is needed in the first place? 1£ per customer record lost, 50p for every spam email sent, oh and 10£ per illegal nuisance call. Wouldn't the whole problem just go away then?

Or, keep the current system, but with a money-back guarantee. Being affected by one violation of the DP rules (domestic, within the reach of the ICO) and you get your money back.

The way it is now is more like a protection racket than a just fee.

Talk in Trump's tweets tells whether tale is true: Code can mostly spot Prez lies from wording

Frank Bitterlich

Re: Ignorance can be very powerful

That said, I have a problem with the dataset. Only 30% were factually incorrect ? Really ?

Combine this with "[...] while tweets with religious terminology were less likely to be false." – I would say that the fact-checkers were not diligent enough...

Bomb squad descends on suspicious package to find something much more dangerous – a Journey cassette

Frank Bitterlich
Black Helicopters

Re: Crimes against music -- the IT angle

Hmm, not a bad thought. Maybe the tape didn't actually contain the works of Journey, but rather a C64 copy of Leisure Suit Larry, complete with virus? I hear the recipient was a power company, prime target for hacking. Maybe somebody wanted to prove that hacking can be done without the internet... if the recipient owns a Datasette, that is...


F***=off, Google tells its staff: Any mention of nookie now banned from internal files, URLs

Frank Bitterlich

Austria too...

Just like the inhabitants of Fucking, Austria, whose town will probably be replaced by a black bar on Google Maps now...

Chinese Super Micro 'spy chip' story gets even more strange as everyone doubles down

Frank Bitterlich

Re: How can I put this?

Where do I get some of what you are smoking?

BTW, it's even worse. I hear that they have now compromised the tinfoil-making industry. They added secret circuits to every roll of household-grade tinfoil so that when you make a hat out of it, it actually amplifies your brain waves so that they can more easily read them. Plus, they added TLS encryption.

Which? That smart home camera? The one with the vulns? Really?

Frank Bitterlich

Minor flaw? Where?

"Which? found a minor privacy concern with this device..."

Where on earth did they find a "minor privacy concern"? All the flaws reported here were pretty much worst-case vulns (total stream takeover.) The only thing worse would be rooting the device. That is major, not minor.

So did they discover some more vulns, or did their spellchecker replace "major" with "minor"?

Microsoft yanks the document-destroying Windows 10 October 2018 Update

Frank Bitterlich

"The guy who wrote the update"

Seriously? "The" guy? You're assuming that one dev wrote this release?

It's not exactly breaking news that developers do make mistakes; it should be the job of QA to prevent these mistakes from hitting the street. As such, a Release Preview program (a.k.a. "Install-at-your-own-risk-club") is a good last step to catch catastrophic bugs that the rest of QA didn't catch.

But to some PHB it also looks like a good thing to scrap when you want to get your release out quicker and cheaper.

NSS Labs sues antivirus toolmakers, claims they quietly conspire to evade performance tests

Frank Bitterlich

Test for yourself

Next time your get one of these "invoice" emails with a MS Word attachment and a misspelled subject line, upload the file to Virustotal. You'll be lucky if half of the engines detect the malware, even two weeks later.

That gives a good inidication how much these "award-winning", "widely tested" packages are worth.

Phased out: IT architect plugs hole in clean-freak admin's wiring design

Frank Bitterlich


Disclaimer: I have zero experience with three-phase UPS...

But wouldn't there be a circuit breaker for each phase output? I know that there is one on every one of the small single-phase UPSes I use.

New Zealand school on naughty step after ransomware failure

Frank Bitterlich
Thumb Up

Backup 101

"The worst hit, she said, will be students in [photography and] some technology subjects, who were more likely to be storing their work locally."

And this, dear students, concludes our course on "Why backing up your stuff is important." I hope you all leaned something. There will be NO pop quiz on this subject, as the pop quiz database has been encrypted by the ransomware, too.

Leatherbound analogue password manager: For the hipster who doesn't mind losing everything

Frank Bitterlich

Re: Name > website / Phone No. > password

Look closely... they din't even change the column headings. The righthand column still has telephone symbols in the heading.

I suspect this started as a practical joke in the marketing department, until some sales dude put it onto their website. Then the orders started pouring in, and there was no way back...

Bankrupt Aussie Hells Angel scoops £750k lottery jackpot

Frank Bitterlich

Re: Huh?

The "tax" bill comes from a separate scam somehow involving diesel fuel rebate (tax rebate?) that he was cought running some time ago.

Weird series of coincidences, anyway.

The strange tale of an energy biz that suddenly became a blockchain upstart – and $1.4m now forfeited in sold shares

Frank Bitterlich

"Free Energy" maybe?

To me, it looks like the energy generated comes in the form of hot air...

When Google's robots give your business the death sentence – who you gonna call?

Frank Bitterlich

Re: More info?

"Normally only use "enterprise" levels if you have heavy usage..."

... or if your million-dollar business critically depends on the service. Or if you don't think it's necessary to have local backups of said million-dollar business' data and - even more weird - code.

OK, killing your service and deleting your stuff with just three days of warning is rude. But I don't get it how you can bet your house on a free service that is clearly not meant for such use.

People just don't get business continuity any more.

CIMON says: Say hello to your new AI pal-bot, space station 'nauts

Frank Bitterlich

Re: W.O.O.

Apparently none of those involved have ever watched Dark Star.

Or maybe they have, and just have an evil sense of humour. And want to see the crew explainin phonomenology to that thing...

IBM memo to staff: Our CEO Ginni is visiting so please 'act normally!'

Frank Bitterlich

Fun and vibrant team...

... of marketeers? Or rather "[...] a bunch of mindless jerks who'll be the first against the wall when the revolution comes."

Sounds much like the Sirius Cybernetics Corporation marketing dept. to me.

"Just leave the PJs at home, please!" – So I guess Casual Friday is cancelled, then?

John McAfee plans 2020 presidential tilt

Frank Bitterlich

Re: Finally!

You may be right. I've always thought that McAfee looks a bit like Zaphod Beeblebrox.

And Donald Trump certainly acts the part.

Awaiting the arrival of the Vogon Constructor Fleet any day now...

Indiegogo grants ZX Spectrum reboot firm another two weeks to send a console

Frank Bitterlich

Re: why an extra 2 week extension...

Probably just a cheap chinese wired headphone. They had to give it some unique features.

If they write "Bluetooth", people will complain if it doesn't actually have that.

"Compatible with Vega+"? I don't think they will ever have to prove that...

Real fake scam offers crypto-coin to replace frequent flier points

Frank Bitterlich

Life imitating art once again...

... in the sidebar of this very forum page: An ad stating "The best, new crypto currency 2018 is called XYO."

You've got pr0n: Yes, smut by email is latest workaround for UK's looming cock block

Frank Bitterlich

Re: Email account verification?

That's a feature - Plausible Denial.

"I never requested this smut, someone else must have signed me up!"

How a QR code can fool iOS 11's Camera app into opening evil.com rather than nice.co.uk

Frank Bitterlich

Re: For info

The "port" part (":443" or any other number) is essential for the flaw to happen.

The location where it appears makes it, technically, a "password" (http://user:password@domain.org), but it makes the flaw see this as a port number and so the NSURL sees the whole fake domain part as valid.

Frank Bitterlich

The problem may be bigger...

I just did a quick test, and it looks like Apple's NSURL class generally has that problem of not getting the host right. Using NSURL -URLWithString:, the backslash version doesn't work at all - and the one with the percent-escaped backslash produces the wrong hostname when calling NSURL -host, namely: facebook.com.

This is bad.

Meet the open sorcerers who have vowed to make Facebook history

Frank Bitterlich

Re: providing a good UX - Facebook?!?

How in hell is that a good UX? Can't find things, can't dig back, can't organise. It's just a dumping ground. Photos get resampled, cropped and generally befouled. Videos likewise. Coments don't thread. Ads are poorly targeted bollocks if I disable blockers. Recommendations for 'you might like' are nonsensical babble.

All true. But, as scary as it may be, hardly any FB user cares about that. They typical Facebonker wants to just dump their stuff in there. They do not care about about an interface that gives them control - they want an "easy" one, and the less control they have over their stuff, the "easier" it appears.

Ten or 20 years ago, many of those people would have operated their own blog or other website, but today FB to them looks like the same thing, but much easier. Heck, even businesses these day think that a FB page is equivalent to a prober website. I know a group of people who think their CMS is too complicated, so they post all news on FB instead. Don't have a Facebook account? Tough luck, customer.

Does beating FB mean playing it at its own crazy game? Interoperating with it?

If you want to make as much money as them, yes. You'll have to rip off your users, take sneak control away from them, and sell them out in any way you can.

For another definition of success, e.g. making the 'net a better place, combining a good protocol with a good UI will probably do the trick. If it really works out well, people will adopt it and operate services on that platform. If they have enouph pull, users will eventually adopt it.

There has never been a better time to pull this off than now.

Reflection of a QR code on PoS scanner used to own mobile payments

Frank Bitterlich

Good research, but...

... some of the scenarios are somewhat constructed.

His tactic for such tokens was to surreptitiously turn on a smartphone’s front-facing camera to photograph the reflection of a QR code in a point of sale scanner’s protective cover. This attack also detects the configuration of the QR code and subtly changes its appearance to make it unreadable. The malware running the attack on the smartphone, however, manages to retain a perfect and usable QR code.

OK, so the targeted phone has already been compromised to such a level that the attack app has control over the screen. What's the point then to use the camera to try and catch the code? Why not just get it from a screengrab?

The technique can also be used to craft malicious QR codes that, when used for smartphone-to-smartphone payments, see the victim machine directed to download and run malware.

That's a vuln in the target smartphone's payment app. If it expects a payment token, and gets a "http:..." instead, it probably won't blindly say "oh, hey, why not, let's visit that site..."

All interesting techniques, and good that he did that research, but not very close to see that in the wild. Way more likely (and easier) to attack the payment service (for example with POS malware) directly.

UK data watchdog raids companies suspected of 11 million nuisance texts

Frank Bitterlich

That'll teach them...

Computer equipment and documents were seized for analysis at two Greater Manchester-based premises of the unnamed entities, the ICO said.

"... and we won't give it back until you have paid the fine. The whole £200 of it!!!"

Facebook Onavo Protect doesn't protect against Facebook

Frank Bitterlich

Who on earth...

... would, when looking to protect their data, turn to Facebook by any means?

/shakes head in disbelief...

FBI chief asks tech industry to build crypto-busting not-a-backdoor

Frank Bitterlich

"You just don't *want* to solve that problem!"

The whole reiteration of "it's just not possible because you guys haven't invented it yet" reminds me of that Big Bang Theory episode, where Penny's idiot (ex-?)boyfriend proudly tells about the invention he just made – goggles that convert any movie into a 3D movie. How does it work? "I don't know, I'll let you figure that out."

Now there are two possibilities: Either all of those "the laws of Australia trump the laws of mathematics" statements are made honestly and those making them are really ignorant enough to believe in that; or that this is just a clever ploy to get Joe Public to sooner or later think "The tech companies just don't *want* to do it because they are evil."

Honestly, I don't know which one to believe. They both sound awfully plausible.

Google: Class search results as journalism so we can dodge Right To Be Forgotten

Frank Bitterlich

Re: Fahrenheit 451

At which point, why do we bother having a system of rehabilitation and spent convictions?

That is precisely the point. "Rehabilitation" –– all good and fine. You shouldn't be discriminated against for things that have long expired. But this is about that insane idea of a "right to be forgotten". You cannot force anybody to "forget" anything. But you can force media, search engines, and other publishers to censor information that is correct and true.

Google (the search engine part, which this is all about) has one job: To give us an overview about the information that is available about a certain topic. I can't grasp how anybody can think it's a good idea to suppress this information.

Does Parliament or Google decide when your criminal past is forgotten?

Frank Bitterlich
Big Brother

Re: Going back in time to modify history

It is not about re-writing history, the original articles aren't being taken down. The book isn't being rounded up and burnt.

No, not being burnt, but asking search engines (and possibly later retailers) to remove results that point to the book comes very close to banning the book altogether.

The whole concept of a "right to be forgotten" is kind of ridiculous. You can not force a person to forget something, and Google can not "forget" something either. It can only suppress information that exists. That is not "forgetting", that is censorship. No, it doesn't alter history. It just forces publishers, search engines, and other services to lie by omitting certain information.

'A sledgehammer to crack a nut': Charities slam UK voter ID trials

Frank Bitterlich

Re: 44 allegations

Not being from the UK, I wonder how that works? Don't you have voter lists where every voter is being struck out when they have voted?

Apple's new 'spaceship' HQ brings the pane for unobservant workers

Frank Bitterlich

Re: Especially deadly...

That's why ARKit was invented. Just hold up your iGadget and ARKit will augment the glass doors with virtual manifestations. Problem solved.

23,000 HTTPS certs will be axed in next 24 hours after private keys leak

Frank Bitterlich

Tout, flog, peddle

Welcome to The Register, new reader!

Intellisense was off and developer learned you can't code in Canadian

Frank Bitterlich

Reminds me of the one time I installed an OS for an english-speaking customer. Asked him what language he wanted, British English or American English. He lowered his head to look at me over the rim of his glasses, then after a short pause he replied: "Proper English!"

Firefox to emit ‘occasional sponsored story’ in ads test

Frank Bitterlich

Re: Easy as this:

Doesn't work for me. I can, however, close that "Recommended by Pocket" section - for now. Should it at one point re-open itself or become any more intrusive, then Bye Bye Firefox. You won't see me tinkering with my hosts file just to fight a browser pushing ads on me.

Bell Canada Canucks it up again: Second hack in just eight months

Frank Bitterlich

Re: Pop quiz!

And extra bonus points for any or all of the following:

  • "Bell Canada takes the security of your data very seriously."
  • "Our customers' security is our top priority"
  • "Bell Canada is committed to keeping you data safe."

How I love Data Breach Bullshit Bingo.

Hospital injects $60,000 into crims' coffers to cure malware infection

Frank Bitterlich

So, how about organ transplants?

A quote from an unnamed individual from the hospital which was transported back through time to me from the year 2023:

"Yes, we know it's a bad idea, but we were running out of kidney donors, so we made the conscious decision to buy a few from the black market. After all, it saved patients' lives!"

UK's Just Eat faces probe after woman tweets chat-up texts from 'delivery guy'

Frank Bitterlich

A single case of a creepy...

... pizza delivery boy abusing the phone number of a client to stalk her. That is bad, but it happens all the time. Just because a intermediate (Just Eat) is involved doesn't make this case special.

Of course the phone number gets passed on to the local pizza shop, which in turn gives it to the driver for address clarification and such. And I bet that Just Eat has clauses in their contract with the pizza shops that prohibit the (ab)use of contact info for anything other than just the delivery.

Fire the delivery dude and report him. Case closed.

Of course we don't spy on our users, giggles China's WeChat

Frank Bitterlich

In communist China...

... social media follows you.


Biting the hand that feeds IT © 1998–2019