* Posts by Frank Bitterlich

259 posts • joined 9 Nov 2007

Page:

'Ancient' Mac backdoor discovered that targets medical research firms

Frank Bitterlich

Re: A backdoor in what exactly?

I'd rather call it remote access malware - it opens up a backdoor in your OS once it's installed.

The infection vector is not known yet, as far as I understand it.

It could very well be the payload of a standard trojan, I think.

3
0

Euro space agency's Galileo satellites stricken by mystery clock failures

Frank Bitterlich
Boffin

Re: Stopped clocks

Depends - these types of clocks tend to be right every 2^64 seconds (or whatever their time base is)...

3
0
Frank Bitterlich
Coat

No longer functioning...

" ... identifies the original makers of the rubidium clocks as the Swiss Cantonal Observatory of Neuchatel, which appears to no longer be a functioning scientific institute."

So they clocked out early?

12
0
Frank Bitterlich

Re: Why not just leave the satellites on the ground, where you can go and fix them in a van...

Actually, they did this: in the test phase, the Galileo system consisted of just a few ground-based stations (placed somewhere in Bavaria IIRC.)

Google for "GALILEO Test and Development Environment".

3
0

El Reg drills into chatbot hype: The AIs that want to be your web butlers

Frank Bitterlich
Mushroom

"At Radbots, Gailey and his team are interested in bridging the gap between chatbots and advertising: slipping ads into conversations when the AI feels it's relevant and least likely to irritate the user."

Oh, so that would be every neverday at 3:15 p.m.?

Are you f***ing serious? "Siri, will it rain tomorrow?" – "Sorry, Frank, I don't know, but did you know that Amazon has a special offer on umbrellas this week?" – "Siri, where can I buy a shotgun or a mallet?"

6
0

Mega UK hospitals trust Barts says IT borkage was due to trojan – not ransomware

Frank Bitterlich
Paris Hilton

"Never been seen before"?

"The particular virus has never been seen before..." - ahum.

According to whom? The person who couldn't tell ransomware from another kind of malware? (Pro tip: you can tell that it's ransomware if it asks for a ransom.)

9
0

Smart fingerprint padlock startup to $320k backers: Sorry for the radio silence

Frank Bitterlich
Thumb Down

Does not compute...

The statements they made do not add up.

First, manufacturing delays do not justify lack of communication, as some on this thread have already noticed.

And then, " their handmade prototype was not compatible with the manufacturing procedures in Shenzhen, and the mechanical and industrial design of the padlocks had to be recreated." That translates to: "We 'invented' something without checking if it can actually be built, and then we had to re-invent the whole thing."

I just invented something: A set of goggles that convert any 2-D film to 3-D. How that is supposed to work? Don't know, that's for the nerds to figure out. But please fund me anyway.

Being a "startup" does not justify having no clue about the business you try to enter. And being a "maker" does not mean you can create, manufacture and market a technical product.

7
0

How to secure MongoDB – because it isn't by default and thousands of DBs are being hacked

Frank Bitterlich
FAIL

Capability != configuration

"A spokesperson [...] insisted that MongoDB is not less secure than relational databases like MySQL and PostgresSQL, and pointed to the company's list of security best practices."

Translation: So it is not secure, they just tell you how you can make it secure.

"MongoDB has the robust security capabilities that one would expect from a modern database,"

... but for some reason we believe that our users' preference is to not have a secure installation, so we don't make security the default.

"It is the nature of database software that administrators can switch certain options on and off."

Topic missed, failed. Dear marketing drone, please understand that this is not about what a user can do, but what should be the default.

How's the weather on that planet you're living on?

7
0

PlayStation 4 probs: Gamers struggle with PSVR headset blackouts

Frank Bitterlich
Coat

Thank you for contacting Sony support...

I have these exact issues.

Did you make sure that everything is plugged in and switched on?

2
0

LinkedIn, eBay founders and pals kick in $27m to bring Jesus to AI bots

Frank Bitterlich
Mushroom

Deep learning and religion...

... or philosophy, maybe. What could go wrong?

Doolittle: Hello, Bomb? Are you with me?

Bomb #20: Of course.

Doolittle: Are you willing to entertain a few concepts?

Bomb #20: I am always receptive to suggestions.

Doolittle: Fine. Think about this then. How do you know you exist?

Bomb #20: Well, of course I exist.

Doolittle: But how do you know you exist?

Bomb #20: It is intuitively obvious.

Doolittle: Intuition is no proof. What concrete evidence do you have that you exist?

Bomb #20: Hmmmm... well... I think, therefore I am.

Doolittle: That's good. That's very good. But how do you know that anything else exists?

Bomb #20: My sensory apparatus reveals it to me. This is fun.

6
0

Let's go ARM wrestling with an SEO link spammer

Frank Bitterlich
Angel

Sure is...

Of course there are legit SEO firms. They promise that in every single spam interesting offer they send me!

6
0

Soz fanbois, Apple DIDN'T invent the smartphone after all

Frank Bitterlich
Happy

It's the usual story.

It's funny how ten years can change the perception. With the iPhone, it was as with many of the more successful products from Apple: They didn't inven that class of device, but they were often the first to pull it out of a market niche by making it actually usable.

They didn't invent the smartphone; but when you compare the iPhone's usability with the other device in exsitence at that time, they simply didn't matter.

And Apple didn't invent the MP3 player: But they made the iPod, the first (in my eyes) portable music player worth buying (eve as overpriced as it was.)

Apple didn't invent internet music stores; but they made them popular and easy to use.

Apple did not invent networking by far; but with the simple plug-and-play operation of LocalTalk, you suddenly didn't need an engineer any more to set up a home network.

They didn't invent the GUI: but if you compare what the other major company that "borrowed" the concept from PARC made out of it at that time, that was so insignificant that Apple might just as well have invented it.

Sometimes, inventing something is honorable, but without adapting it to reality and making it available, it becomes insignificant. Just because Leonardo Da Vinci made plans for a flying machine, that doesn't automatically mean that a couple of hundred years later commercial aviation is one of th world's most used means of transportation.

7
0

Travel booking systems ‘wide open’ to abuse – report

Frank Bitterlich
Mushroom

Just one more time.

If I have to read any variation of "we take our customer's data security very seriously" just one more time, I think I'm going to puke.

A friend once told me that the first line of any statement is always the biggest lie in it. I think he has a point.

"Security is a high priority for us": .. and yet we're keeping your data on centuries-old systems and don't follow security best practices.

"Thank you for contacting us": ... we're so glad that you called that your call will be taken by someone in India who barely speaks your language.

"New and improved": *not really new, or improved, but with new and exciting packaging!

11
0

The Zucker Mister Social Club: Facebook's daddy wants to be your friend, for realsies

Frank Bitterlich
Big Brother

Dear Mr. Zuckerberg, ...

... I'd rather not have you find out what I'm "living, working and thinking about the future", given what you and your company will likely do with that information.

Also, you may call me old-fashioned, Mr. Zuckerberg, but I'm rather fond of that "social norm of the past" that we call privacy. I know, you're more of a "sharing is caring" type of personality, but since you've read so many books*, maybe you've come across the phrase "Speech is silver, silence is gold", and to that respect I prefer to only publish my thoughts if I think that (a) they're worth publishing or (b) somebody wants to read them. Preferrably both. As such I'm not exactly part of the target group of your services, but still you silently collect data about me whenever I visit a website that carries one of your Like buttons; you do that without my consent and against my expressed (DNT) will. But yet you think that somebody seeing your house from the outside is an unacceptable invasion of privacy.

And, Mr. Zuckerberg, I suspect that I'm not alone with these views.

So maybe you want to reconsider your aiming for a carreer in politics (unless you're planning to do this solely to improve your business. Doing that seems to have lost its stigma recently.) Instead, read another 25 books. I have a few suggestions: "1984" maybe. Or "Fahrenheit 451". Call me if you need more.

Best regards,

A. N. Onymous

* Were these really books, or rather "books"? You know, with staple binding? Probably not, since these might contain nudity, and that is of course completely unacceptable, even if it's just a photograph of a many hundred years old sculpture in a public space. Hate speech, death threats, that's all OK - but you have to draw the line somewhere. And bronze genitalia, that's clearly too much.

10
0

Apple drops requirement for apps to use HTTPS by 2017

Frank Bitterlich
Thumb Up

ATS is nice, buuutttt....

.... a PITA if your app has to use a non-https data source from a third party over which you have no control. Like a radio stream.

1
0

Amateur radio fans drop the ham-mer on HRD's license key 'blacklist'

Frank Bitterlich
Mushroom

Clearly a criminal offence

If they disable a product you've paid for and then offer to re-enable that once you have retracted your negative review, then that is clearly an extortion attempt, which is punishable by up to 5 years according to German criminal law. I assume it's the same in other countries.

Oh, and that "it was a mistake" excuse plus two quid still won't buy you anything in court. To quote germany law (§253 (3) StGB): "The attempt is punishable."

Finally, that "we may revoke your licence whenever we see fit" clause is simply void in german law. I hop it's the same in the US and UK.

20
0

Snapchat coding error nearly destroys all of time for the internet

Frank Bitterlich
Happy

I have a suggestion...

"We are also open to any suggestions on how we can help with the present traffic."

How about Snapchat pays for the damage by contributing a few NTP servers to the "perennially under-resourced pool"?

27
1

Backup Exec console goes AWOL

Frank Bitterlich
Holmes

"Function not supported"...

... using deprecated framework calls, hmmmm?

6
1

Ancient water found in Canada is two billion years old – giving hope to Mars colony dreamers

Frank Bitterlich
Go

Re: Mars Colony Dreamers

"so whats the point of colonising Mars again?"

I don't remember the details, but it had something to do with a giant star goat about to eat our planet, or something.

Anyway, don't ask too much, make sure you don't miss your ark. Yes, that one, with the big letter "B" printed on it's side. Don't worry, the autopilot will take care of it.

5
0

Facebook's internet drone crash-landed after wing 'deformed' in flight

Frank Bitterlich
Big Brother

It's all in the Terms of Service....

From a copy of the Facebook ToS from 2023 that somehow fell through an eddy in the space-time-continuum:

"§ 1356 (a) (III) WIND SPEED. Wind speeds above 18 kts are not supported by Facebook. The laws of Sealand, where Facebook Europe is registered as a legal entity, do not mandate to support such wind speeds, so it's legal, believe us, no need to double-check that. Any user of Facebook services – whether voluntary or by being tracked without their explicit consent ("EVERYBODY") – agrees to be held liable for any damage and/or financial loss (including, but not limited to, damage to aircraft, very long restaurant bills, or other "recreational" costs).

Facebook reserves the right to collect these costs by tracking EVERYBODY's each and every movement on the internet and selling the collected information to whoever we like to."

4
0

National Lottery whacked with £3m fine for suspect ticket win

Frank Bitterlich
Meh

More details please...

The BBC article says that it was a payout on a "deliberately damaged" ticket. Still too thin on the details.

http://www.bbc.com/news/business-38337470

2
0

Guessing valid credit card numbers in six seconds? Priceless

Frank Bitterlich

How does CVV actually work?

I'm still not sure why/how the CVV mechanism makes transactions more secure. I reckon that in most cases where the card number was intercepted while doing a legit CNP transaction (whether it's on the customer's side or the merchant's), or on phishing sites, the CVV number could easily be captured too. But apparenty this isn't the case - or else the whole CVV system would be useless.

I don't know the stats - how many numbers are stolen in POS transactions vs. internet (ard not present) - but I always assumed that the latter would be the bulk of them. Does anybody have more information on this?

3
0

Hull surfers cut off by router attack

Frank Bitterlich

It was...

... Deutsche Telekom, in the library, with a lead pipe Germany, with a Mirai botnet.

http://www.theregister.co.uk/2016/11/28/router_flaw_exploited_in_massive_attack/

6
0
Frank Bitterlich
Mushroom

The root cause...

"We have now identified that the root cause of the problem was a cyber attack..."

No. The root cause lies somewhere between the stupid vulns that are present in so many routers, and the fact that the telco didn't see that coming.

I don't know whether this is the same exploit that brought down large numbers of Deutsche Telekom customers four days earlier, but it doesn't really matter. Checking the routers you sell or lease to your customers against recently reported security problems is something I'd expect from _any_ telco these days.

But you can, of course, adopt that old "Hey, everything's going fine so far - why worry" mentality, whether you're a telco or a person just passing the third level while falling down from a 20-story building. The outlook is about the same.

We're all doomed.

6
0

Deliver-oops! Takeaway pusher's customers burger-ed by hijackers

Frank Bitterlich
Facepalm

The "industry" must be in a sad state...

"We also use industry-leading anti-fraud measures and deploy anomaly detection techniques through machine learning"

Sure. All the red flags were there (recent account change, different far-distanced addresses used on a single day, ...) and still the orders went through.

So what exactly was the machine learning from that? Which anomalies will it actually detect? And which industry are their anti-fraud mechanisms leading?

My take:

a) How to solve a rubik's cube in under 50 moves,

b) Orders from India (or Betelgeuse?)

c) The road construction industry?

How much is in the pot?

6
0

Reg man 0: Japanese electronic toilet 1

Frank Bitterlich
Big Brother

Stop... or Record?

"The stop button is the one with a red square on it, like the stop buttons on every other device in the world."

Funny, I thought it looked more like a "Record" button... and no, I wouldn't be surprised to see it having that feature, too.

23
0

British banks chuck smartphone apps out of Windows

Frank Bitterlich
Thumb Up

Six people...

Funny, at the time of writing this, your post has exactly six upvotes. Wonder what that means...

8
0

Hacker's Mac pwning expedition: 'Help, I've got too many shells!'

Frank Bitterlich
Meh

Quick sum-up...

OK, let's see what we have here...

- Some social engineering

- One spearphishing email

- Lots and lots of "scary" demonstrations of what an attacker can do when they get root. ("OMG, they made my computer SPEAK TO ME!")

Anything new in this documentary? Hardly. Just the same well-known facts: If you can trick one person in handing over an account to an attacker, other accounts fall like dominoes. Duh. But the documentary (or rather, the article of the author/subject) fails to mention that there was hardly any classic "hacking" involved. If you can convice your mark to install malware on their machine, you can just as well try to convince them to hand over their laptop altogether. (You know, for "urgent repairs". Trust me, Apple sent me to pick it up.)

I'd rather like to know whether the people who fell to the social engineering calls were violating the rules, or if the protection/authentication rules of those companies are still not up to date.

One final thing: Both SSNs and credit card numbers are hard to keep secret. But yet they are still used as tokens of authentication, mainly in the US. As long as the majority of the people are content with keeping it this way, nothing will change (except the scope of breaches, which will continue to increase).

6
0

Nokia's great lost smartwatch? #SavedYouALandfill

Frank Bitterlich

Looks like a prototype

From what I can see in this vid (if I can manage to ignore the stupid music), it main features appear to be...:

- Display the phrase "Nothing new here",

- Count steps, and

- "Ring my phone."

Apart from that, the UI seems either unfinished or not very smart.

0
0

Analysts apply Occam's razor to Tesco Bank breach

Frank Bitterlich
Holmes

Not sure how the trojan theory would work out...

... unless we're talking about malware on ATMs. Otherwise it should not be possible to create a cloned card from the information that a trojan on the victim's machine could grab. Much less to get the PIN.

Ordinary card cloning (from manipulated ATMs or POS terminals) is unlikely as well - that wouldn't explain the large number of cases on this one bank.

Occam says: Smells like insider job (possibly at a service provider.)

3
0

Google Pixel pwned in 60 seconds

Frank Bitterlich
Thumb Up

Four seconds...

"It took four seconds for Flash to fall."

On my machine, the average Flash-infested web page takes longer than that to just load. Looks like the Adobe folks are making progress on the optimisation of their stuff. Probably re-assigned a few devs from the safe coding department for that.

Congratulations!

19
0

Add it to the tab: ICO fines another spammer as unpaid bills mount

Frank Bitterlich

Civil law

... and there you have the real problem - and a solution, too: Make data protection violations a criminal offence.

When you're just fining the company, and - like in many cases in the past - the fine just makes up a fraction of the total cost of the spamming operation - nothing will change. That is called a tax, and not a fine.

Increasing the fines won't change anything either: if the fine is too high, the company owners will just fold up their chairs, print out a "Sorry, we're closed" sign for the door, and rent another office for their next operation.

Don't go after the company, go after the individuals (CEO, directors, whatever.)

2
0

Belgian court fines Skype for failing to intercept criminals' calls in 2012

Frank Bitterlich
Facepalm

Flawed arguments...

... on both sides, if you ask me.

The "We're not a service provider" argument doesn't hold, unless Skype were a pure peer-to-peer service, which it wasn't at any time. So they did provide a service.

The "offering services in our country" argument is questionable as well. If anybody who does not employ geo-blocking for any internet service or content is considered providing that "in" every country on this planet, then my blog is probably violating the laws of the Democratic People's Republic of Korea right now.

9
1

EU ruling restricts rights to resell back-up copies of software where originals are damaged, destroyed or lost

Frank Bitterlich

Re: Did I read that right?

The point I tried to make has nothing to do with destroying your own copy; it was about that if you make a "backup copy" yourself, you cannot sell that; but if you download a copy, then you can sell this downloaded copy. And that doesn't make sense.

1
0
Frank Bitterlich
WTF?

Did I read that right?

Not sure if I got this right:

1. An initial acquirer of software [...] can sell on the replacement copy that they download providing they "make any copy in his possession unusable at the time of its resale".

... but:

2. [...] whilst the initial acquirer of software can make their own back up copy [...], they cannot resell the back up software [...].

(My emphasis.)

So, if you make a backup, you can not sell it; but if you download a replacement, you can sell it. Or did I misunderstand this?

Huh?

0
0

Microsoft paid me $650 to scrub Windows 10 from my grandpa's PC, says man

Frank Bitterlich

Re: $650 is nothing to MS

I'm with the chap who received the check – it's not about the money. It's about MS to admit that they've tricked people and pay for the damage they've caused.

Maybe a public apology in the form of a full-page newspaper ad would be nice, too.

39
0

$67M in bitcoin stolen as hacking typhoon lashes Hong Kong's Bitfinex

Frank Bitterlich

Limited?

"...and so limited the scale of the breach..." So, a $67M theft is a "limited breach".

Makes me wonder what an unlimited thaft would have looked like.

I'm pretty ignorant about how BTC works in depth, but I wonder whether this scale of theft would have taken some time to execute, and if so, why there were no systems in place that have raised a red flag somewhere (in the context of "withdrawal limits in place at Bitfinex and many other exchanges were mysteriously bypassed".

0
0

123-Reg goes TITSUP – again

Frank Bitterlich

Some customers...

Twitter @123reg: "Some customers may have experienced issues this morning. For more information, please see our status page here: https://www.123-reg.co.uk/support/system-status/ …"

Would be more helpful if that status page would actually load...

1
0

Harrison Ford's leg, in the Star Wars film, with the Millennium Falcon door

Frank Bitterlich
FAIL

Re: Eh? What?

Apparently your attention span is comparable to that of the guy who was operating the door, because if you had bothered reading the next paragraph, you would have read...:

"The door was remotely operated by another person..."

23
1

Man-in-the-middle biz Blue Coat bought by Symantec: Infosec bods are worried

Frank Bitterlich
Terminator

CA = Critical Infrastructure

Governments, ICANN und other governing bodies have understood a long time ago that some critical infrastructure - like root DNS servers and such - are way too important to let a bunch of companies (many of them with a questionable rap sheet) take control over them.

Maybe it's time to expand the concept to include the certificate authorities. Or, we could continue to let "the market" regulate who does what with their certs and let anybody sell, leak, lose their certs who has enough money to do so. And then let the big browser makes fix this by blocking some root certs; until they find out that you can make some extra money by whitelisting some certs for cash.

"Can't access this or that website with your browser? Try Internet Exploder 16, it accepts more root certs than any other browser!"

10
0

Kraftwerk versus a cheesy copycat: How did the copycat win?

Frank Bitterlich
Thumb Up

What the court did examine, though, ...

... was the amount of damage that Kraftwerk suffered from the use of this two-second sample, and compared that to the constitutional right of artistic freedom. And they ruled that, in this specific case, the latter was more important.

I don't like Pelham's music or the genre as a whole at all, but I tend to agree with the court here. It's a rare example of a "common sense" ruling - compare the interests of both parties and decide which one weighs more.

Another thing missing from this article: The court expressly said that a mandatory compensation might be regulated by legislation in the future. There is no such law currently, so the only thing the court had to decide is whether the original ruling had considered artistic freedom enough; and they ruled that it didn't.

By your line of argument, Andy Warhol should have been sued out of his pants by Campbell's for his soup can picture.

16
1

Are state-sponsored attackers poisoning the statistical well?

Frank Bitterlich
Boffin

This can have grave consequences...

The consequences of this could be immense.

Like, for example, the PR dept having to change their boilerplate "We were breached, but haven't seen any evidence of ID theft, here, have some free 'credit protection' service anyway..." pre-cooked response to any kind of security incident.

Or, "Sir, looks like we need one of these 'firewall' things. Yes, I know, it's just weather data, but the internet said we're being targeted too. Yes, I know two hundred bucks is a lot of money... maybe we can get the gov't to spen 0.0001% more on the data we sell to them..."

0
0

Ted Cruz knows where you live – if you downloaded his app

Frank Bitterlich
Big Brother

Not surprising...

No surprise... after all, how can you call for a ban on encryption when you're using HTTPS when transmitting the data syphoned off your supporters' phones?

3
0

NZ Pastafarians joined in noodly wedlock

Frank Bitterlich

Religious items?

That guy was probably looking for an excuse to order a lasagna every week...

0
0

URL shorteners reveal your trip to strip club, dash to disease clinic – research

Frank Bitterlich
Holmes

Let me see if I get this right...

So,

1. some people publish unsecured content,

2. use an URL shortener on the URL, and

3. believe that this protects the content they published.

Could somebody remind me again why these "researchers" think that the actual vulnerability is in the URL shortener? Just because they fail to keep the long URL "secret"?

Sure, go ahead and encourage stupid internet users to stick the blame on others when they're too dumb to protect their content because they have no clue about the hosting service they're using.

"We have to put our stuff on the internet." -- "Why?" -- "Don't know, the article didn't say that."

2
1

BTC dev: 'Strangling' the blockchain will kill Bitcoin

Frank Bitterlich

Re: re: Paypal

IBAN? IBAN is an account number - not sure what payment scheme you're referring to here. Wire transfer? Direct debit? Both of these are even worse than PayPal.

0
0

French publishers join Swedish 'Block Party' to pester ad refuseniks

Frank Bitterlich
Thumb Up

If you think that's the right solution...

... then good luck with that. If you don't want me to see your "quality journalism" without at the same time accepting you to push in-your-face jumpy noisy annoying ads down my throat, then I might not be part of your target group.

Good luck with those remaining visitors who apparently don't see a correlation between the advertising behaviour and the quality of the "journalistic" content that is trying to sell these ads.

13
2

Facebook Messenger: All your numbers are belong to us

Frank Bitterlich
Big Brother

"We can help you interact with businesses or services..."

Thank you for that kind offer, Mr. Zuckerberg, but I'm all grown up now and have a fully functional web browser, so I don't need your "help" with that.

But I suspect that the trend of companies and organizations thinking that having a Facebook page is more important than a real website will only get worse.

When I repeatedly state that I do not and will not ever have a Facebook account, some people still look at me like some kind of idiot who lives in the past. Good luck, mankind, with that level of ignorance.

30
0

TV streaming stick brings the movies and the network backdoors

Frank Bitterlich
Facepalm

Re: Brute force ...

Do you really think that a company whose idea of security is an 8-digit numeric root password would ever implement anti-bruteforce methods?

2
0

Microsoft encrypts explanation of borked Windows 10 encryption

Frank Bitterlich

Re: Translation follows...

Sure, because as we all know, posting instructions on how to tinker with your registry so that the nagging stops into a large knowledgebase, is way better than to just add a "No, thanks, leave me alone"-Button to the nagware.

0
0

Page:

Forums