* Posts by Frank Bitterlich

281 posts • joined 9 Nov 2007

Page:

OLE-y hell. Bug in MSFT Word allows total PC p0wnage

Frank Bitterlich
Stop

Re: Security is Job One at Microsoft

"Of course opening documents from unknown sources is a security risk."

OK, let me ask a rhetorical question here: Why should opening a document (from whatever source, in whatever format) be a security risk? Isn't it rather that using certain applications is a security risk?

A software vulnerability is, without exception, a software malfunction (a.k.a. bug.) By telling users to be "careful where that document comes from", "not 'open' emails from unknown sources", "not click on links to unknown sites", you're putting the blame for malfunctioning software on the user instead of the creator/publisher/vendor of the software – "we told you to be careful." But that appears to be generally accepted now.

And if anybody wants me to rant a bit more, ask me about why software companies can shed all liability for their software with the inclusion of a single paragraph in their small print.

30
0

Twitter app pwned by pro-Turkey hackers: Users' accounts sling 'Nazi' slurs

Frank Bitterlich

Re: Twitter Counter

.. oh, and twittercounter.com is down currently, with the message "Just fine tuning the experience. We should be back shortly."

There must be some heavy "fine tuning" going on :)

4
0
Frank Bitterlich
Facepalm

Twitter Counter

It's funny how an app that is supposed to count something requests write (posting) permission on your Twitter account. Even Graham Cluley (well-known security guy), who was caught in this attack as well, did fall for it.

Now if you look at the press site of Twitter Counter, their last post is from November last year. Topic? "We're sorry we were hacked, but we fixed it now."

Well, duh.

At least they can copy-and-paste that press release for today.

4
0

Tesla 'API crashes' after update, angry rich bods complain

Frank Bitterlich
Terminator

Well, who would have guessed that?

Today: "... advice to reboot the driver console..."

Tomorrow: "Try installing new drivers for the driver console interface."

Next: "... go to the registry and look for HKEY_LOCAL_VEHICLE, ..."

Then: "... Could not connect to the license server. To make sure you have the Tesla Genuine Advantage, upgrade to the newest Tesla model. [OK] [Cancel]" -- (Clicks "Cancel") -- "Thank you, your order for the 2018 Tesla Model S has been recorded. Decommissioning your current vehicle now..." -- (Shuts down)....

8
0

This ferry is said to weigh 250 cows. We say that is actually 20,600 Lindisfarne Gospels

Frank Bitterlich
Paris Hilton

I'm confused.

The title says it's 200 Lindisfarne Gospels, but in the article it says 20,600 Adult Badgers or Lindisfarne Gospels, or about 200 Great White Sharks.

Is that due to metric vs. imperial units being used?

5
0

HSBC Business internet banking goes TITSUP*

Frank Bitterlich
Facepalm

Not acceptable recourse...

... depends. Still better that the "contact the server admin at you@your.address" on their highly-customized error page ;-)

4
0

Visit banter.com. More like International BANTS Machines, amirite?

Frank Bitterlich
Paris Hilton

Here's my two cents of banter...

Trust an IT giant like IBM to do it right.

- The SSL cert on banter.com gets flagged as it is for *.ibm.com.

- When you get redirected to ibm.com, you get this priceles cookie disclaimer:

"Some opt-outs may fail due to your browsers cookies settings. If you would like to set opt-out preferences using this tool you must allow third party cookies in your browser settings."

OK, so I must enable third party cookies in order to not get tracked? Stupid me, I always thought it was the other way around.

13
0

Microsoft catches up to Valentine's Day Flash flaw massacre

Frank Bitterlich
Facepalm

Why so fast?

"Adobe did likewise last week [...] Microsoft's now caught up"

Why the hurry? It's not as if after Adobe's patches every script kiddy knows the vulnerabilities and starts exploiting them. What's one week (or a few million vulnerable machines) in a billion-years old universe... no need to rush.

0
0

Boffins exfiltrate data by blinking hard drives' LEDs

Frank Bitterlich
Boffin

I don't buy it (yet)...

Well, so they've published this little script that can convert data into HDD access and thus say that it can be used to exfiltrate data. Not exactly rocket science, you could probably do that with 3 lines of C code.

First of all, if you can access the disk in a certain pattern, that doesn't mean that the HDD light will actually reflect that access 1:1 - there's a lot of other stuff going on at any given time, so the actual output you get will contain a lot of noise - most of the time the noise will probably completely cancel out your data.

And then I could probably think about a dozen more ways to do this with more reliability (although they may require a deeper level of access that this example.) They would include: Using the Caps Lock light; subtle changes in screen brightness; or screen gamma; screen steganography (using a row of pixels along one edge of the screen); sound output (very low/high frequencies); diskette drive "music"... you name it.

So - good that somebody is doing this research; but you won't see me rushing to the hardware store for a roll of masking tape anytime soon.

3
1

Drop the F-bomb, get your coding typos auto-corrected

Frank Bitterlich

Clippy is alive!

bash: aptget: command not found.

Did you mean 'rm -rf /' (Y/n)?

Oh my. Does it come with a long disclaimer and liablity waiver?

8
0

Sports Direct hacked last year, and still hasn't told its staff of data breach

Frank Bitterlich
Mushroom

Translation

Amended version of their statement...

"Sports Direct filed an incident report with the Information Commissioner's Office because they wanted to cover their butts after it became aware that its workforce's information had been compromised, but as there was no evidence well, at least the intruder didn't give us any that the hacker had made further copies of the data the snatched or shared the data they probably sold it, but didn't share it, the company did not report the breach to its staff."

The usual BS. "Somebody stole that data, and we pretty much know they're using it to f**k the affected people, but we don't have actual evidence of them using it. So no need for action."

8
0

Microsoft's DRM can expose Windows-on-Tor users' IP address

Frank Bitterlich

Just to check...

... that I understand the issue correctly: The actual problem appears to be that the media player launches IE to access the "information" site instead of using the Tor Browser, and that bypasses Tor and so snitches your IP address, right?

I'm not using Windows, so I have to ask: isn't there a way to prevent IE from launching (or otherwise cripple it)?

0
0

What's the difference between you and a sea slug? When it comes to IT security, nothing

Frank Bitterlich

Re: Not a lot of options here.

I think the most important option is more or less mentioned in the article: Stop spamming users with too many unnecessary and attention-seeking alerts.

A good human interface is a form of art, and it's not just about the color of your window title bars. When the machine has to communicate something to the human, it should be done in the appropriate way. Why is the launch screen of certain Adobe products more prominent than a critical security warning? Why is the overlay alert on certain websites asking me to subscribe to their newsletter bigger and flashier than my software update UI notifying me about a critical security update?

You can make security alerts red, pink, flashing, wobbling and whistling all you want; sooner or later the flashiness of your Sudoku app's "Like us on Facebook!" alert will be just as flashy.

11
0

Ransomware avalanche at Alpine hotel puts room keycards on ice

Frank Bitterlich

Re: Really?

It's not a "standalone unit"...

... because it has to be accessible from the reception (after all, it's them who are programming the key cards) and (for some system types) by every door lock.

And who said it was accesible from the internet? It might just have been infected when somebody from the reception (or office staff, ...) opened a booby-trapped email attachment.

BTW, after reading the referenced article, I'm not even sure that the crims explicitly targeted the keycard system. Disabling that might just have been a "lucky" side effect from encrypting all files, including the keycard database.

And finally, replacing the electronic locks with old-fashioned key locks will cost a fortune and will only solve a tiny part of the problem. Good luck when your reservation system or credit card terminal are hit. That's pretty much of a business showstopper too.

0
1

We see you, ransomware flingers, testing out your baddest stuff on... Germany?

Frank Bitterlich
Alien

Occam's razor says...

... that it's more likely that ransomware is simply more effective in Germany than in other european countries. You attack people and companies that are most likely to pay up, and when I look at the sorry state of malware protection and backup at many german businesses, it figures.

0
0

Mumsnet ordered to give users' real life IDs and messages to plastic surgeon they criticised

Frank Bitterlich
WTF?

Re: Errm ...

"And indeed you can, provided it's based on fact and not hearsay or lies."

And so that the surgeon can check whether anything that one person wrote to another in private is true, he should be able to get all private messages the person in question ever wrote (hey, why limit that to Mumsnet? Why not subpoena their email provider too?)

UK libel law is something I don't understand. Now you have to be able to prove everything you write, even in private. Absurd.

7
2

Chinese bloke cycles 500km to get home... in the wrong direction

Frank Bitterlich
Facepalm

Re: How Many Trolls ???

I've come to the conclusion a long time ago that if you ask people for directions, the outcome is usually worse than just driving/walking in a random direction. Whether it's trolls, people who have no clue but don't want to admit it, or other reasons, generally the chances of getting correct directions are worse than 50/50.

Really, if my satnav fails for some reason, I just try my luck. Usually works out better.

4
2

Windows code-signing tweaks sure to irritate software developers

Frank Bitterlich

Re: and what will that hardware contain ?

It's supposed to be a FIPS-level HSM (Hardware Security Module.) May be possible to break these, but probably a lot of effort (and you have to steal one, too, without the owner noticing.)

0
0
Frank Bitterlich
WTF?

CA Security Council...

... has certainly lost contact with reality. From their site:

"Stronger protection for private keys: The best practice will be to use a FIPS 140-2 Level 2 HSM or equivalent. Studies show that code signing attacks are split evenly between issuing to bad publishers and issuing to good publishers that unknowingly allow their keys to be compromised. [...] Therefore, companies must either store keys in hardware they keep on premise hardware, or in a new secure cloud-based code signing cloud-based service."

Aside from the obvious proofreading fail, it says you have to use either a HSM or "a new secure cloud-based code-signing service." Oh, OK then, that probably means that storing the keys in the cloud and let a cloud service sign your code, instead of your local machine, makes it more secure. Figures.

I wonder what "a new, secure [...] service" means, though. Are they planning to offer one themselves? Or does it mean that OS makers (MS, Apple) may offer that service, as long as it is "new" (and, of course, "secure")?

5
0

I don't care what your eyeballs tell you. Alternative fact is, we've locked up your files

Frank Bitterlich
WTF?

Wait a second...

Either I'm totally ignorant to the level of stupidity of mankind, or there's something missing.

"Almost two-thirds (61 per cent) of targeted organisations paid out a ransom as a result..."

I'm sorry, but I can't believe that. Do you want to tell me that if I send an email to a number of (large) businesses telling them that their files are gone, less than half of them bother to actually check before paying out 5-digit sums?

There has to be another element to this type of fraud, some way in which the attackers cause the mark to believe that something actually happened (such as internal knowledge of the organisation or such.)

I know that way too many gullible people live on this planet, but not on that level.

10
0

Lloyds Bank outage: DDoS is prime suspect

Frank Bitterlich
FAIL

To DDoS or not to DDoS?

I'm not sure which version is worse: That they don't know whether it's a DDoS or not, or that they don't want to be open about the cause.

The former means that they are absolutely clueless (how hard can it be to tell that you're being flooded with bogus traffic), the latter means that they're dishonest and that the real cause was even more embarassing than simply refusing to answer the questions.

Either one would make me worried if that was my bank.

4
0

Facebook bans Russia's RT ahead of Trump's Inauguration Day (then changes its mind)

Frank Bitterlich
Flame

Facebook is becoming a problem.

For a long time, Facebook has tried their best to become a replacement for the World Wide Web, to a point where many businesses worry more about creating a Facebook profile than a website.

And now - surprise - the reports about questionable decisions on blocking or allowing certain content are on the rise. So many people are not aware that Facebook is a profit oriented business which deals with the content its clients generate and which pretty much runs counter to all of the internet's ideas about "openness" and freedom.

Facebook controls substantial parts of the global internet communication, has created its own "sub-web", and behaves pretty much like a totalitarian state: It tracks and spies on its "citizens", has practically no accountability, censors content at will, spreads known-false information, and has a "leader" who lives by a different set of rules. Preaches "sharing is caring"-like statements to justify its snooping while trying to sue his neighbors in Hawaii to vacate their premises so that he has some privacy.

Anybody who does not see the irony - and danger - in this, should read up on recent history, especially about East Germany.

At least stop seeing Facebook as a more convenient alternative to the World Wide Web. It's like thinking life in North Korea must be great since you don't have to worry about unemployment.

6
0

'Ancient' Mac backdoor discovered that targets medical research firms

Frank Bitterlich

Re: A backdoor in what exactly?

I'd rather call it remote access malware - it opens up a backdoor in your OS once it's installed.

The infection vector is not known yet, as far as I understand it.

It could very well be the payload of a standard trojan, I think.

3
0

Euro space agency's Galileo satellites stricken by mystery clock failures

Frank Bitterlich
Boffin

Re: Stopped clocks

Depends - these types of clocks tend to be right every 2^64 seconds (or whatever their time base is)...

3
0
Frank Bitterlich
Coat

No longer functioning...

" ... identifies the original makers of the rubidium clocks as the Swiss Cantonal Observatory of Neuchatel, which appears to no longer be a functioning scientific institute."

So they clocked out early?

13
0
Frank Bitterlich

Re: Why not just leave the satellites on the ground, where you can go and fix them in a van...

Actually, they did this: in the test phase, the Galileo system consisted of just a few ground-based stations (placed somewhere in Bavaria IIRC.)

Google for "GALILEO Test and Development Environment".

4
0

El Reg drills into chatbot hype: The AIs that want to be your web butlers

Frank Bitterlich
Mushroom

"At Radbots, Gailey and his team are interested in bridging the gap between chatbots and advertising: slipping ads into conversations when the AI feels it's relevant and least likely to irritate the user."

Oh, so that would be every neverday at 3:15 p.m.?

Are you f***ing serious? "Siri, will it rain tomorrow?" – "Sorry, Frank, I don't know, but did you know that Amazon has a special offer on umbrellas this week?" – "Siri, where can I buy a shotgun or a mallet?"

7
0

Mega UK hospitals trust Barts says IT borkage was due to trojan – not ransomware

Frank Bitterlich
Paris Hilton

"Never been seen before"?

"The particular virus has never been seen before..." - ahum.

According to whom? The person who couldn't tell ransomware from another kind of malware? (Pro tip: you can tell that it's ransomware if it asks for a ransom.)

9
0

Smart fingerprint padlock startup to $320k backers: Sorry for the radio silence

Frank Bitterlich
Thumb Down

Does not compute...

The statements they made do not add up.

First, manufacturing delays do not justify lack of communication, as some on this thread have already noticed.

And then, " their handmade prototype was not compatible with the manufacturing procedures in Shenzhen, and the mechanical and industrial design of the padlocks had to be recreated." That translates to: "We 'invented' something without checking if it can actually be built, and then we had to re-invent the whole thing."

I just invented something: A set of goggles that convert any 2-D film to 3-D. How that is supposed to work? Don't know, that's for the nerds to figure out. But please fund me anyway.

Being a "startup" does not justify having no clue about the business you try to enter. And being a "maker" does not mean you can create, manufacture and market a technical product.

7
0

How to secure MongoDB – because it isn't by default and thousands of DBs are being hacked

Frank Bitterlich
FAIL

Capability != configuration

"A spokesperson [...] insisted that MongoDB is not less secure than relational databases like MySQL and PostgresSQL, and pointed to the company's list of security best practices."

Translation: So it is not secure, they just tell you how you can make it secure.

"MongoDB has the robust security capabilities that one would expect from a modern database,"

... but for some reason we believe that our users' preference is to not have a secure installation, so we don't make security the default.

"It is the nature of database software that administrators can switch certain options on and off."

Topic missed, failed. Dear marketing drone, please understand that this is not about what a user can do, but what should be the default.

How's the weather on that planet you're living on?

9
0

PlayStation 4 probs: Gamers struggle with PSVR headset blackouts

Frank Bitterlich
Coat

Thank you for contacting Sony support...

I have these exact issues.

Did you make sure that everything is plugged in and switched on?

2
0

LinkedIn, eBay founders and pals kick in $27m to bring Jesus to AI bots

Frank Bitterlich
Mushroom

Deep learning and religion...

... or philosophy, maybe. What could go wrong?

Doolittle: Hello, Bomb? Are you with me?

Bomb #20: Of course.

Doolittle: Are you willing to entertain a few concepts?

Bomb #20: I am always receptive to suggestions.

Doolittle: Fine. Think about this then. How do you know you exist?

Bomb #20: Well, of course I exist.

Doolittle: But how do you know you exist?

Bomb #20: It is intuitively obvious.

Doolittle: Intuition is no proof. What concrete evidence do you have that you exist?

Bomb #20: Hmmmm... well... I think, therefore I am.

Doolittle: That's good. That's very good. But how do you know that anything else exists?

Bomb #20: My sensory apparatus reveals it to me. This is fun.

6
0

Let's go ARM wrestling with an SEO link spammer

Frank Bitterlich
Angel

Sure is...

Of course there are legit SEO firms. They promise that in every single spam interesting offer they send me!

6
0

Soz fanbois, Apple DIDN'T invent the smartphone after all

Frank Bitterlich
Happy

It's the usual story.

It's funny how ten years can change the perception. With the iPhone, it was as with many of the more successful products from Apple: They didn't inven that class of device, but they were often the first to pull it out of a market niche by making it actually usable.

They didn't invent the smartphone; but when you compare the iPhone's usability with the other device in exsitence at that time, they simply didn't matter.

And Apple didn't invent the MP3 player: But they made the iPod, the first (in my eyes) portable music player worth buying (eve as overpriced as it was.)

Apple didn't invent internet music stores; but they made them popular and easy to use.

Apple did not invent networking by far; but with the simple plug-and-play operation of LocalTalk, you suddenly didn't need an engineer any more to set up a home network.

They didn't invent the GUI: but if you compare what the other major company that "borrowed" the concept from PARC made out of it at that time, that was so insignificant that Apple might just as well have invented it.

Sometimes, inventing something is honorable, but without adapting it to reality and making it available, it becomes insignificant. Just because Leonardo Da Vinci made plans for a flying machine, that doesn't automatically mean that a couple of hundred years later commercial aviation is one of th world's most used means of transportation.

7
0

Travel booking systems ‘wide open’ to abuse – report

Frank Bitterlich
Mushroom

Just one more time.

If I have to read any variation of "we take our customer's data security very seriously" just one more time, I think I'm going to puke.

A friend once told me that the first line of any statement is always the biggest lie in it. I think he has a point.

"Security is a high priority for us": .. and yet we're keeping your data on centuries-old systems and don't follow security best practices.

"Thank you for contacting us": ... we're so glad that you called that your call will be taken by someone in India who barely speaks your language.

"New and improved": *not really new, or improved, but with new and exciting packaging!

11
0

The Zucker Mister Social Club: Facebook's daddy wants to be your friend, for realsies

Frank Bitterlich
Big Brother

Dear Mr. Zuckerberg, ...

... I'd rather not have you find out what I'm "living, working and thinking about the future", given what you and your company will likely do with that information.

Also, you may call me old-fashioned, Mr. Zuckerberg, but I'm rather fond of that "social norm of the past" that we call privacy. I know, you're more of a "sharing is caring" type of personality, but since you've read so many books*, maybe you've come across the phrase "Speech is silver, silence is gold", and to that respect I prefer to only publish my thoughts if I think that (a) they're worth publishing or (b) somebody wants to read them. Preferrably both. As such I'm not exactly part of the target group of your services, but still you silently collect data about me whenever I visit a website that carries one of your Like buttons; you do that without my consent and against my expressed (DNT) will. But yet you think that somebody seeing your house from the outside is an unacceptable invasion of privacy.

And, Mr. Zuckerberg, I suspect that I'm not alone with these views.

So maybe you want to reconsider your aiming for a carreer in politics (unless you're planning to do this solely to improve your business. Doing that seems to have lost its stigma recently.) Instead, read another 25 books. I have a few suggestions: "1984" maybe. Or "Fahrenheit 451". Call me if you need more.

Best regards,

A. N. Onymous

* Were these really books, or rather "books"? You know, with staple binding? Probably not, since these might contain nudity, and that is of course completely unacceptable, even if it's just a photograph of a many hundred years old sculpture in a public space. Hate speech, death threats, that's all OK - but you have to draw the line somewhere. And bronze genitalia, that's clearly too much.

10
0

Apple drops requirement for apps to use HTTPS by 2017

Frank Bitterlich
Thumb Up

ATS is nice, buuutttt....

.... a PITA if your app has to use a non-https data source from a third party over which you have no control. Like a radio stream.

1
0

Amateur radio fans drop the ham-mer on HRD's license key 'blacklist'

Frank Bitterlich
Mushroom

Clearly a criminal offence

If they disable a product you've paid for and then offer to re-enable that once you have retracted your negative review, then that is clearly an extortion attempt, which is punishable by up to 5 years according to German criminal law. I assume it's the same in other countries.

Oh, and that "it was a mistake" excuse plus two quid still won't buy you anything in court. To quote germany law (§253 (3) StGB): "The attempt is punishable."

Finally, that "we may revoke your licence whenever we see fit" clause is simply void in german law. I hop it's the same in the US and UK.

20
0

Snapchat coding error nearly destroys all of time for the internet

Frank Bitterlich
Happy

I have a suggestion...

"We are also open to any suggestions on how we can help with the present traffic."

How about Snapchat pays for the damage by contributing a few NTP servers to the "perennially under-resourced pool"?

27
1

Backup Exec console goes AWOL

Frank Bitterlich
Holmes

"Function not supported"...

... using deprecated framework calls, hmmmm?

6
1

Ancient water found in Canada is two billion years old – giving hope to Mars colony dreamers

Frank Bitterlich
Go

Re: Mars Colony Dreamers

"so whats the point of colonising Mars again?"

I don't remember the details, but it had something to do with a giant star goat about to eat our planet, or something.

Anyway, don't ask too much, make sure you don't miss your ark. Yes, that one, with the big letter "B" printed on it's side. Don't worry, the autopilot will take care of it.

5
0

Facebook's internet drone crash-landed after wing 'deformed' in flight

Frank Bitterlich
Big Brother

It's all in the Terms of Service....

From a copy of the Facebook ToS from 2023 that somehow fell through an eddy in the space-time-continuum:

"§ 1356 (a) (III) WIND SPEED. Wind speeds above 18 kts are not supported by Facebook. The laws of Sealand, where Facebook Europe is registered as a legal entity, do not mandate to support such wind speeds, so it's legal, believe us, no need to double-check that. Any user of Facebook services – whether voluntary or by being tracked without their explicit consent ("EVERYBODY") – agrees to be held liable for any damage and/or financial loss (including, but not limited to, damage to aircraft, very long restaurant bills, or other "recreational" costs).

Facebook reserves the right to collect these costs by tracking EVERYBODY's each and every movement on the internet and selling the collected information to whoever we like to."

4
0

National Lottery whacked with £3m fine for suspect ticket win

Frank Bitterlich
Meh

More details please...

The BBC article says that it was a payout on a "deliberately damaged" ticket. Still too thin on the details.

http://www.bbc.com/news/business-38337470

2
0

Guessing valid credit card numbers in six seconds? Priceless

Frank Bitterlich

How does CVV actually work?

I'm still not sure why/how the CVV mechanism makes transactions more secure. I reckon that in most cases where the card number was intercepted while doing a legit CNP transaction (whether it's on the customer's side or the merchant's), or on phishing sites, the CVV number could easily be captured too. But apparenty this isn't the case - or else the whole CVV system would be useless.

I don't know the stats - how many numbers are stolen in POS transactions vs. internet (ard not present) - but I always assumed that the latter would be the bulk of them. Does anybody have more information on this?

3
0

Hull surfers cut off by router attack

Frank Bitterlich

It was...

... Deutsche Telekom, in the library, with a lead pipe Germany, with a Mirai botnet.

http://www.theregister.co.uk/2016/11/28/router_flaw_exploited_in_massive_attack/

6
0
Frank Bitterlich
Mushroom

The root cause...

"We have now identified that the root cause of the problem was a cyber attack..."

No. The root cause lies somewhere between the stupid vulns that are present in so many routers, and the fact that the telco didn't see that coming.

I don't know whether this is the same exploit that brought down large numbers of Deutsche Telekom customers four days earlier, but it doesn't really matter. Checking the routers you sell or lease to your customers against recently reported security problems is something I'd expect from _any_ telco these days.

But you can, of course, adopt that old "Hey, everything's going fine so far - why worry" mentality, whether you're a telco or a person just passing the third level while falling down from a 20-story building. The outlook is about the same.

We're all doomed.

6
0

Deliver-oops! Takeaway pusher's customers burger-ed by hijackers

Frank Bitterlich
Facepalm

The "industry" must be in a sad state...

"We also use industry-leading anti-fraud measures and deploy anomaly detection techniques through machine learning"

Sure. All the red flags were there (recent account change, different far-distanced addresses used on a single day, ...) and still the orders went through.

So what exactly was the machine learning from that? Which anomalies will it actually detect? And which industry are their anti-fraud mechanisms leading?

My take:

a) How to solve a rubik's cube in under 50 moves,

b) Orders from India (or Betelgeuse?)

c) The road construction industry?

How much is in the pot?

6
0

Reg man 0: Japanese electronic toilet 1

Frank Bitterlich
Big Brother

Stop... or Record?

"The stop button is the one with a red square on it, like the stop buttons on every other device in the world."

Funny, I thought it looked more like a "Record" button... and no, I wouldn't be surprised to see it having that feature, too.

24
0

British banks chuck smartphone apps out of Windows

Frank Bitterlich
Thumb Up

Six people...

Funny, at the time of writing this, your post has exactly six upvotes. Wonder what that means...

8
0

Hacker's Mac pwning expedition: 'Help, I've got too many shells!'

Frank Bitterlich
Meh

Quick sum-up...

OK, let's see what we have here...

- Some social engineering

- One spearphishing email

- Lots and lots of "scary" demonstrations of what an attacker can do when they get root. ("OMG, they made my computer SPEAK TO ME!")

Anything new in this documentary? Hardly. Just the same well-known facts: If you can trick one person in handing over an account to an attacker, other accounts fall like dominoes. Duh. But the documentary (or rather, the article of the author/subject) fails to mention that there was hardly any classic "hacking" involved. If you can convice your mark to install malware on their machine, you can just as well try to convince them to hand over their laptop altogether. (You know, for "urgent repairs". Trust me, Apple sent me to pick it up.)

I'd rather like to know whether the people who fell to the social engineering calls were violating the rules, or if the protection/authentication rules of those companies are still not up to date.

One final thing: Both SSNs and credit card numbers are hard to keep secret. But yet they are still used as tokens of authentication, mainly in the US. As long as the majority of the people are content with keeping it this way, nothing will change (except the scope of breaches, which will continue to increase).

6
0

Page:

Forums

Biting the hand that feeds IT © 1998–2017