Posts by Andrew Commons

Re: Simple workaround?

Yes you can, but it's rarely used.

Re: ..Osborne, you were spoilt!

@Doctor Syntax

The Silent 700 Model 763 - the one with the bubble memory - was 17 lb. I had an Osborne as well but I never had to lug that 1km to the train so it seemed lighter.

@Bill M

Presumably the firewall was relocated to where it was originally meant to be...blocking access from the Dev boxes to Production?

Re: Rotating blades at groin height

"2.5 meters (high enough to avoid most urban obstacles testicles)"

There, fixed it for you.

Re: At exec level the word Agile has a completely different meaning

"They will not even realise its the name of a methodology."

Strictly speaking it is the name of a Manifesto, the methodologies associated with it try to adhere to the principles but may do so in different ways.

Re: This is when I know I'm getting old...

Software defined money. That it's broken is no surprise because we cannot write software.

Thank god we don't have software defined networks, software defined infrastructure or software defined security because we would be royally screwed then.

Re: The algorithmic model can be can be selectively tested with different types of input

Some research recently published on the arXiv preprint server examined inserting back-doors in algorithms during the training phase. The rationale was that training was likely to be outsourced - sent to the Cloud - to get the compute resources and that the training data could be manipulated while it was in the Cloud. Worked well. Back-door could not be detected looking at the model and it survived additional training largely unscathed.

Re: Router firmware updates?

It looks like an update for my SOHO Access Point has been available for about a week. Check vendor support sites.

Re: One thing I always failed to understand....

I believe iOS does a pretty good job of MAC address randomisation when not associated, Android is generally very poor. This could bias the sample.

Re: Actually, there are plenty of us out here.

@Warm Braw

That really needs to happen!

And the security industry has to stop pushing snake oil 'solutions' that haven't solved anything and start pushing solutions for secure architecture, design and coding. Most of the 'Top This' and 'Top That' coding flaws are either validation or error handling problems, or stupid design/architecture decisions.

Both likely to be driven by time to market pressures and the latest rapid development fad. Look how long DevOps was around before we saw the Ooops moment leading to DevSecOps...and then the next fad will blow it all away again.

Re: Farewell Sonos

If you did own a Sonos I wonder if changing the T&Cs to something you no longer agree with provides a case for you to return the goods for a full refund?

You would not have acquired the goods in the first place with the revised T&Cs.

Re: sometimes you need a very simple clear rule like this to stop the BS explosion

@Charles 9

Exactly. This is what Netscape did with SSL. Nothing to stop it happening again.

Re: "It's a bit silly to leave debug code in production apps"

I think at least one of the Mars rovers was saved because debug code had been left in the production software.

Re: Save the women and children first!

@ Steve Button

Thinking much the same way. 4 seconds is considered opinion and would probably not match instinctive reactions. The assumption is that this is a good thing but now you may be deliberately mowing down A to preserve B which will be making lawyers salivate.

Re: It is not the amounts of data that matter, it is the labelling

Exactly. It is very easy to get many GBs of security logs but labelling them is a huge issue. So relatively ancient KDD Cup data is used over and over because it's among the few instances of tagged data available.

Re: Cash still has some advantages

Here in OZ TELSTRA will charge you a fee of $1 to use it to pay your bill.

Re: Not only missing 2FA

It's quite easy to lock out all accounts if you implement lockouts after a certain number of failures. Even lockouts that expire can be prodded to keep the account locked. So the malicious actor can't get in and neither can any of the users of the system.

Re: In effect "traffic analysis" applied at the bus level.

@elDog

That's how you usually defeat traffic analysis.

Re: Really bad design

@Paul Crawford. Exactly. Educating the people who want to put this gear into these environments is not easy. But these devices are manufactured and sold by reputable players.

Re: Don't Just Blame Users

Agreed. I have had sites reject random passwords with 'special' characters in them without any indication of the allowable character set. The error message - logs - have displayed the password string in full so just changing a bit here and there is not an option.

Desperation may lead you to 12345 just to move forward. Finding some way to go back and rectify that accommodation may be non-trivial.

So users should not shoulder all the blame here.

Re: It's not the first country

Well Wikipedia says this in the link you have provided:

"Today, as elsewhere in the developed world, most Australian broadcasting is on FM - although AM talk stations are still very popular."

It came back.

Re: I'd like my fridge to be able to import my CA certificates

That would certainly be a step in the right direction. The consumer environment is not going to be able to cope with a 'trust nothing' model for quite a while. Migrating 'old school' corporate technology into this space would be a viable alternative in the short term. Consumer edge devices become UTM by default.

Re: There was never an era where all hats were white

My hair is very white :-)

My comment is based on the lack of success seen in all 'secure coding' initiatives. We see this every month.

While we are obsessed with shiny it will never change.

Re: Full Disclosure?

Leaks involving seamen is invariably bad news.

Maybe you should read this:

https://www.nasa.gov/feature/margaret-hamilton-apollo-software-engineer-awarded-presidential-medal-of-freedom

Re: Question?

However they do have other parties and even if they do not rate as credible they probably sucked up enough votes to impact the outcome of this election.

Re: The Golden Ant

Mythology maybe...Jason and the Golden...

Re: S/Mime

Actually not much will break and if you adopt soft fails initially then this will be further reduced.

Anything and everything on the Internet can be compromised. It's really about building a framework that supports defence in depth and therefore requires multiple compromises to subvert.

Still possible but at some point the effort required and the reduced returns will start to have an effect.

It's all about doing something rather than passively accepting it all. And the tools are there right now.