* Posts by John H Woods

2483 posts • joined 14 Nov 2007

Ransomware scams cost Brits £4.5m per year

John H Woods
Silver badge

"£4.5m a year? So that's significantly less than a 20p per head of population"

And you've only got one chance in a hundred thousand of being murdered, so I suppose you don't see that as a massive concern, either?

"Still commuters in San Francisco got a free ride to work to day, so every cloud has a silver lining...."

No, the SF company will simply bring their next price increase forward a bit, it'll be the customers that pay the ransomers --- who else?

1
0

Small ISPs 'probably' won't receive data retention order following IP Bill

John H Woods
Silver badge

Re: If I said the next thing a say will be a lie and the last thing I said was the truth

"I will admit this has bitten me in the arse...twice...through the stupidity of an adorably excitable dog and her ability to trip a power cable. But the price you pay for security and all" --- Andy Tunnah

You could probably mitigate against this by having a second USB key stashed somewhere on your dog walk :-)

0
0

'Data saturation' helped to crash the Schiaparelli Mars probe

John H Woods
Silver badge

Re: Easily said, not easily done

"This was NOT a programming mistake. The end"

It might be a programming mistake; it depends what the design said. I think there's probably a good case to consider there to also have been a testing mistake (of omission, if nothing else).

0
0
John H Woods
Silver badge

Re: Welcome to embedded system engineering

indeed. I'm not sure that there's any reason deploying parachutes at a negative altitude.

17
0

Jingle bells, RM tells, some staff to go away... via Skype

John H Woods
Silver badge

Re: The 380Z was good...

Thank you for my Friday PM blast-from-the-past. I used to love that big black serious-looking box! Years later I just bought one of the boxes to house a home made hard disk (20MB?) for my Atari 520 ST.

0
0

How to confuse a Euro-cop: Survey reveals the crypto they love to hate

John H Woods
Silver badge

Re: Encryption will only work as intended until everybody is using it all the time

"I thought steganography - encoding messages within picture files - was fairly easily cracked?" --- Esme

Consultancy answer 1b) "it depends"

It can be fairly easily disrupted, by performing invisible-to-the-naked-eye transformations on pictures in transit. But as properly encrypted material is indistinguishable from random data, providing you're hiding something much smaller than the picture and nobody else has a copy of the original, then it is quite hard to detect. However, even if you can detect it, what you are detecting is properly encrypted material, and it's just as hard to crack as something that is obviously a PGP encrypted mail, for instance.

TL;DR: Steganography is for hiding the movement of data; you can (should) still use encryption for hiding the data itself.

1
0
John H Woods
Silver badge

"infiltrate the groups in question, or get a bug onto their PC directly, or work it out by other means" --- Lee D

And this is the entire problem: none of those techniques can be used in bulk, for mass surveillance of whole populations, and that is what politicians all seem to want to do.

7
0

Deliver-oops! Takeaway pusher's customers burger-ed by hijackers

John H Woods
Silver badge

Re: Please!

who would knowingly use the phrase "domino effect" ... Andy The Hat

I'm disappointed they didn't refer to anyone losing 'wedge'

0
0

Hey techbros, make an airplane mode but for driving for your apps – US traffic watchdog

John H Woods
Silver badge

Missed one ...

Surely message notifications (text and messenger) should be supressed when driving? I use Tasker to auto-answer "Sorry I'm driving. If urgent, please call me on xxx [handsfree] and I'll answer if safe to do so"

1
0

Telegram API ransomware wrecked three weeks after launch

John H Woods
Silver badge

Snapshots

I wanted to experiment with ransomware (well, to be honest, more like user error :-) ) resistance, so I set up a small home ZFS system. It's old hardware but it can still snapshot every minute at my usage level (family media server) without anyone noticing. I haven't tried it in a small business setting yet, because I need to load-test it.

It keeps 2 hours' worth of minutely snapshots; a day's worth of 10-minutely snapshots; a week's worth of hourlies ... blah blah ... and keeps the quarterlies for ever. ... probably about 1000 snapshots in all (another cron job tidies them up). They are read-only, of course, and only root may delete the snapshots (and root may not log in remotely). No-one who may log in remotely is in is in sudoers. I haven't yet had the nerve to deliberately infect myself (not sure I'd know how) but I've tried doing my worst to delete and corrupt files from my client devices and it all seems fine, they can always be rescued from a previous snapshot. There's probably a better way of doing this so please feel free to educate me - in particular you have to hunt back through snapshots for the most recent good copy.

Storage is so cheap these days (relative to the expense of data loss) I'm not really sure why we don't automatically keep version history of every file like we used to in the old VMS days.

2
0

Signal security revealed: A triple-Diffie-Hellman with a double ratchet

John H Woods
Silver badge

Nice ...

... to see Kerkhoff's law actually in action

1
0

Twitter bans own CEO Jack Dorsey from Twitter

John H Woods
Silver badge

What he thinks in private ...

... isn't there a word for just saying the first (dumb) thing that comes into one's head? Braintrump or something?

1
0

Comcast is the honey badger of ISPs – injects pop-ups into browsers, doesn't give a fsck

John H Woods
Silver badge

"Not defending Comcast, but it's not easy to get in touch with customers." -- Dan 55

Yeah if only they knew my address...

... but seriously, the PAYG data providers have sussed this. You hit the cap, everything stops working and you get redirected to the page where you can purchase more.

10
0

Pre-Trump FCC – get a grip on mobe data caps, racist Stingray spying, urge Dem senators

John H Woods
Silver badge

"Because these things are only O.K. when Democrats do it." -- BillG

It's very annoying when people are hypocrites but, like the fat doctor who tells you to exercise more, it doesn't invalidate their position.

2
5

UK.gov flings £400m at gold standard, ‘full-fibre' b*&%*%£$%. Yep. Broadband

John H Woods
Silver badge

Re: Not competent?

"Why cant it work in Tower Hamlets?? Here's how I envisage it working. Local yoofs & gang bangers go and nick the diggers ... " --- AC

^^^ COTW

0
0

Irish eyes are crying: Tens of thousands of broadband modems wide open to hijacking

John H Woods
Silver badge

According to this pdf on TR-064...

"Access to any action that allows configuration changes to the CPE MUST be password protected."

ISPs and manufacturers can probably make a case for including the TR-064 configuration functionality but this looks like a bit of a half-baked effort. Surely when it gets to the bit of the requirements where ISP access to end-user routers is required people should automatically be thinking "Danger Will Robinson" rather than "Let's just add this"

1
0

China cites Trump to justify ‘fake news’ media clampdown. Surprised?

John H Woods
Silver badge

"but how *can* our democracy work properly if good people are fed lies to serve a billionaire media owner's agenda?" -- smartypants

I agree, but it seems to me that perhaps a better educated electorate is the key. Seems a long shot, I know, but I think it's even less likely that we can solve the problem by attempting to regulate the press.

1
0

Hacker dishes advanced phishing kit to hook clever staff in 10 mins

John H Woods
Silver badge

Warning ... Dumb Questions ...

I'm interested in security but would certainly not claim to be an expert, so there's a good chance I'm talking rubbish but ...

Could a corporate email server replace links in external emails with a link to an intranet page containing the "don't click on links in external emails" guidance?

Could the email server be integrated with the web filter so that incoming links that aren't already whitelisted get put on a temporary blacklist, and staff needing to follow the links could contact IT to have them removed from the blacklist? Perhaps the interface that reads the email server's dumps of the incoming links could look them up and just blacklist those that were registered less than, say, three months ago.

Couldn't the corporate web filter default blacklist .co domains --- and domains that have characters other than periods, dashes and A-Za-z0-9? There must be plenty of valid something-uk.com domains but anything -com.tld seems automatically suspicious to me.

I know none of these solutions are watertight, but wouldn't they help mitigate the risk?

3
0

Facebook Fake News won it for Trump? That's a Zombie theory

John H Woods
Silver badge

"The liberal/left is the beneficiary of peace in Europe, not the cause." -- Big John

Sure, there could have been peace in Europe without liberal opposition to Hitler: as described by Robert Harris in Fatherland.

3
1
John H Woods
Silver badge

(unpopular) Solution

Teach children critical thinking in school, and help them to be prepared to encounter advertising, propaganda and misuse of statistics.

"The great body of physical science, a great deal of the essential fact of financial science, and endless social and political problems are only accessible and only thinkable to those who have had a sound training in mathematical analysis, and the time may not be very remote when it will be understood that for complete initiation as an efficient citizen of one of the new great complex world-wide States that are now developing, it is as necessary to be able to compute, to think in averages and maxima and minima, as it is now to be able to read and write." --- H G Wells

9
0
John H Woods
Silver badge

Re: Does democracy work if people based their vote on lies^Wpost-facts?

Absolutely agree with all of that apart from one slight niggle ... "the elite who lost" suggests that it was not an elite who won.

24
3

The encryption conundrum: Should tech compromise or double down?

John H Woods
Silver badge

Re: Is it me?

"The pro-crypt guys say the difference between encryption without a back door and true encryption is nil."

That's because it's mathematically possible to prove that the difference is nil, just as it is possible to prove that the difference between 0.9 recurring and 1 is nil.

0
0
John H Woods
Silver badge

Re: Predictable sequence...

"one side seemed to be arguing using logic and facts, and the other side seemed to be using wish fulfilment" --- Youngone

I'm afraid that in post-truth society, the latter is seem as at least equally valid. What do so called 'experts' know, after all?

4
0

Experts to Congress: You must act on IoT security. Congress: Encourage industry to develop best practices, you say?

John H Woods
Silver badge

Re: How do you deal with China?

"Sadly, we've bred a generation of politicians who know that the market is better than government, but haven't a clue why." -- Ken Hagan

Fun activity is quoting their hero Adam Smith at them --- often results in them telling you to stop quoting Marx.

2
0

British politicians sign off on surveillance law, now it's over to the Queen

John H Woods
Silver badge

List

"Not sure where the list came from - could not find it." --- Shadmeister.

I don't think it is changed from the original draft bill (pdf) it's Schedule 4, page 168 or thereabouts.

0
0

UK warships to have less firepower than 19th century equivalents as missiles withdrawn

John H Woods
Silver badge

"In the current financial climate especially, it is not good policy to spend untold billions of £ on weapons we can't envisage actually using..." -- AC

You make the same mistake as President Elect Trump. We *ARE* using them right now: that is how you use nukes --- you keep them safe, maintained and ready to fire. Actually detonating them is crazy.

7
1

Mac book, whoa! Apple unveils $300 design tome

John H Woods
Silver badge

Re: Leave these people alone FFS!

"If people want all 17 different variations of the iPhone, MacBook or "book of Mac", it's their money, they can spend it on those things if they wish can't they?" --- FuzzyWuzzy

It is indeed, and they can indeed. But what part of that is a good argument for not poking fun at pretentious piffle?

4
0

UK.gov has 18,000 IT contractors on its books due to dearth of skills

John H Woods
Silver badge

Re: Gordon Brown started it

"you can't be a one person company... " --- AC

This is what they seemed to be saying --- but for some reason almost entirely to IT people. I work in IT so it may be confirmation bias on my part, but it seems to me that lots of non-IT service companies are allowed to be 1 person companies: not just the more "hands-on" professions but a quick read of Private Eye shows a huge number of top political and media people working as 1-person corporations without too much bother from HMRC.

9
0

Reg meets 'Lokihardt', quite possibly the world's best hacker

John H Woods
Silver badge

Enquiring minds ...

"I don't understand how this leads to an exploit?" --- Destroy All Monsters

I concur. For a moment I thought that he took a patch and modified it so that it actually introduced a vulnerability, but surely that would break the signing and the patch would be rejected.

3
0

Britain must send its F-35s to Italy for heavy overhauls, decrees US

John H Woods
Silver badge

Re: but what exactly were you planning to attack with those drones?

Those drones are indeed fierce. As to whether they are fierce enough to protect the carrier they have been launched from ... I'm not sure that's a job for which they are particularly well-equipped ...

0
0

Spain's Prime Minister wants to ban internet memes. No, really

John H Woods
Silver badge

Re: Honor

Tyrion: "I'm not questioning your honour, I'm denying its existence."

24
0

Trumped? Nope. Ireland to retain corporate tax advantage over the US

John H Woods
Silver badge

Re: Seems to me ...

"It doesn't however pay you, and with these generous benefits it never makes a profit - so nobody pays any tax." -- Yet Another Anonymous Coward

I understand what you are saying, but surely this is a solved problem? If my employer supplies me with a car, or accommodation, or clothing that is neither protective nor uniform, surely that is a benefit-in-kind and taxable as salary whether my employer is a big multinational or my own personal services corporation.

5
0
John H Woods
Silver badge

Seems to me ...

... like the only long term sustainable corporate tax rate is zero. It's effectively zero for big multinationals and why should smaller and more local businesses pay proportionally more?

5
5

Panicked WH Smith kills website to stop sales of how-to terrorism manuals

John H Woods
Silver badge

Re: Pointless

"but when moving to the sticks even more people had guns" --- tiggity

... Reminds me of the great exchange from the great Hot Fuzz:

Andy Cartwright: Everyone and their mums is packing round here.

Nicholas Angel: Really, like who?

Andy Wainwright: Farmers.

Nicholas Angel: Who else?

Andy Cartwright: Farmer's mums.

7
0

Chirp! Let's hear it for data over audio

John H Woods
Silver badge

Not new...

I buy cheap IPcams to monitor horses and rural locations --- many of them use an Android app to configure. Typically these can both scan QR codes on the cameras for setup AND transmit Wifi details from the phone to the cameras (which have microphones) by what certainly sounds like an audible chirp.

1
0

How to avoid DDoSing yourself

John H Woods
Silver badge

Guilty

Back when Noah was a lad and CORBA was a thing I was tasked to test a pre-production Geographic Information System server. I was given the interface but no documentation ("too difficult to collate"), and instructed to use "dummy values" of the correct types. Finding that I could successfully pass in a null string on one query, I tried it a few times with success: then I wrote a bit of Java to run it multi-threaded. That's when we found out that a null street address (as it was now revealed to be) in the address query (ditto) caused the system to alphabetize every street in the UK and return the list to the client. Server and network became unhappy immediately, tech team shortly afterwards. And yours truly was suddenly supplied with the documentation!

5
0

Silicon Valley's oligarchs got a punch in the head – and that's actually good thing

John H Woods
Silver badge

Re: @IMG Entirely predictable?

"A typical Trump voter will ignore them, or refuse to answer. (Its really none of their business)

A typical Clinton voter will overshare personal information." --- IMG

Says someone whose politics I know from the name on the post (I'm not criticising that, I may be the same (or worse), but it's slightly ironic that you think it's only "the other side" who overshare).

I do wonder if there is an element of shame some people feel about the way they have voted, and that reflects on parties and people widely regarded as "nasty" performing better than polls predict.

1
0

IoT worm can hack Philips Hue lightbulbs, spread across cities

John H Woods
Silver badge

Well, yes

"This demonstrates once again how difficult it is to get security right even for a large company that uses standard cryptographic techniques to protect a major product"

Well, yes. Because one of those standard cryptographic techniques would appear to be key reuse. Even if the key isn't vulnerable to side-channel attacks or other hardware extraction, sooner or later it is going to leak from the manufacturer.

Key reuse in IOT becomes less acceptable with cost, lifetime and number for each SKU. Given the cost and expected lifetime of the bulbs, using the same key for even a few hundred items appears somewhat negligent.

0
0

Japanese cops arrest serial 'foot licker'

John H Woods
Silver badge

We need to stamp out these sick podo's!

0
0

Was IoT DDoS attack just a dry run for election day hijinks?

John H Woods
Silver badge

At least give her her full title...

... DANE Sandy Toksvig

2
0

Password reset warrior arrested for popping 1050 student accounts

John H Woods
Silver badge

Re: 'complex' password nonsense

If you're a Dvorak typist, typing Password on a keyboard in QWERTY mode usuall gives you something that passes nearly all complexity tests.

5
0

Twitter trolls are destroying democracy, warn eggheads

John H Woods
Silver badge

There's a bit of a difference between

"F*** you, you moron"

and

"You should be raped to death"

Saw that last one tweeted to Gina Miller, the US Sports anchor.

5
0

Teen in the dock on terror apologist charge for naming Wi-Fi network 'Daesh 21'

John H Woods
Silver badge

Re: who sees a wifi network called that and then calls the police.

"Call your hotspot Al-Khwārizmī" -- AC

No need to stop there, Unicode works fine: محمد بن موسى الخوارزمی

2
0

Brexit judgment could be hit for six by those crazy Supreme Court judges, says barrister

John H Woods
Silver badge

Banana law stupidity

Why the hell can people only see the banana regs in terms of what Mr(s) Consumer can buy from Supermarket corp? FFS If you are a buyer for Supermarket corp and you buy a container of Class I bananas that has to mean something specific. The reason there are banana regulations is that they are traded: it has very little to do with protecting consumers from the wrong shape bananas.

You know what? In a Brexit world where we decide to trade goods with e.g. Canada, there will be regulations affecting the classification of every single type of thing that we trade with them.

15
0

World-leading heart hospital 'very, very lucky' to dodge ransomware hit

John H Woods
Silver badge

Ransomware resistance is (relatively) reasonable

If the scope were to be confined solely to active fileshares (e.g. all backup provision is the same, system is only used for file sharing) and there are no "maxed-out" issues (e.g. no spare rackspace, no more UPS'd power) then a shared FS of up to 50TB could be made highly ransom (and user cockup) resistant for under £50k; project duration (excluding authorization and procurement) max 10 working days and perhaps 2 hours of outage.

The problem is that it looks like an unecessary expense until disaster strikes. As usual, my principal complaint about bean counters is that they often neglect the more actuarial aspects of their roles and focus too much on day to day and short term accounting.

5
0

Hm, is that a minefield? Let me just throw my magic bomb-sniffing spinach over there

John H Woods
Silver badge

Earworm

Brain surgery not required, simply hum a few bars of the Neighbours theme tune to yourself ...

0
0

Boffins one step closer to solving nanoscale computer challenge

John H Woods
Silver badge

500 atoms on a side.

^hydrogen^... big atoms can be 5x bigger.

2
0
John H Woods
Silver badge

Re: How are they coming on the second part...?

Unless you need the arm to assemble the device...

0
0

Forums

Biting the hand that feeds IT © 1998–2017