* Posts by Alan Brown

10617 posts • joined 8 Feb 2008

Yes, you can remotely hack factory, building site cranes. Wait, what?

Alan Brown Silver badge

Re: RF control for trains.

It doesn't really matter where the driver is, if the guy handling the coupling doesn't have direct control over the motion (in terms of safety). 1/2 mile or 12 feet is enough to make squishy things get squished.

Remote control of cranes, etc has been a great boost to safety because it puts the operator at the point where the dangerous bit is. If the security of said systems isn't up to snuff and there's a safety risk due to compromise then it's time for HSE involvement - and you KNOW that things will get fixed fast if there's a sniff of regulations forcing the units to be sidelined until they are.

Brit hacker hired by Liberian telco to nobble rival now behind bars

Alan Brown Silver badge

Re: highly skilled hacker

" DVRs and IP cameras that were put online with factory-default passwords "

It's worse than that. Whilst you can change passwords a lot of the holes are hardcoded.

Alan Brown Silver badge

Re: Sentences for white collar crimes really are soft

"This guy from the safety of his own home caused millions of dollars in damage to a telco, inconvenienced hundreds of thousands of customers, took down the internet for an entire country, AND is implicated in similar attacks on other firms (including banks) and he gets less than 3 years."

It was only BECAUSE of the telcos and banks that law enforcement took an interest.

He and his friends have been knocking smaller hosters offline with DDoS attacks for years for commercial gain without so much as an eyelid being batted. This is why companies like Akamai have been able to make a fortune in providing DDoS protection services.

It's only when the companies being affected are large enough to have political clout that cages start to be rattled.

Alan Brown Silver badge

Re: highly skilled hacker

"if he himself found the Dahua vulnerabilities"

He didn't. If you read the Krebbs articles you'll see he was merely another skiddie who commoditised the source code dump.

Alan Brown Silver badge

Re: What Kaye did

"but these charges were withdrawn before trial"

These were the parts where he rented his botnets out to 3rd parties.

At 28, he knew damned well what he was doing. My dealings with IRC skiddies showed that they either grew out of it by 15-16 or became habitual criminals - and one who was covered in El Reg in the early 2000s over a number of court appearances popped his head above my radar recently - showing that leopards don't change their spots despite accruing convictions and supposedly being very sorry for what they did.

Alan Brown Silver badge

Re: He was hiring the attack net OUT

Nope. One of the other Beeb articles on the goings on at Blackfriars stated charges related to a number of other DDoS attacks were dropped because they were attributed to him hiring the DDoS net out to 3rd parties (Why that would let him off the hook I don't know either)

He was bulking things out all by himself - it was the scanning for more victims to add to his botnet which caused the outages at TalkTalk, Postoffice and Deutsche Telekom when he knocked over vulnerable enduser routers on those networks

https://krebsonsecurity.com/2017/07/who-is-the-govrat-author-and-mirai-botmaster-bestbuy/

https://krebsonsecurity.com/tag/daniel-kaye/

Contrary to claims he's not the first person to knock entire countries off air. It was quite easy for IRC skiddies to do it in the 90s when a lot of places were only on 128/256kb/s links - and a fairly regular occurance. Interestingly the people concerned had Israeli skiddie connections back then too.

Alan Brown Silver badge

He was hiring the attack net OUT

Not renting it IN.

FFS the BBC article on this was more in depth and accurate overall than the bolloxed pile of fetid dingo kidneys that's been posted on El Reg.

https://www.bbc.co.uk/news/uk-46840461 - also goes into more depth about the german charges

https://www.bbc.co.uk/news/uk-england-surrey-41115800

https://www.telegraph.co.uk/news/2019/01/11/briton-knocked-entire-country-offline-cyber-attack-jailed/

In any case, he was a skiddie not a hacker.

https://www.zdnet.com/article/hacker-bestbuy-sentenced-to-prison-for-operating-mirai-ddos-botnet/

Poland may consider Huawei ban amid 'spy' arrests – reports

Alan Brown Silver badge

Re: Questions, Questions, Questions

"I am puzzled why several governments, allegedly independently,"

Up until now, the "allegedly independent" governments have been members of Five Eyes and New Zealand in particular has a long history of doing whatever it's told, due to severe economic kickings when it's done its own thing (1963 report on the futility of the US entering the vietnam war, 1986 nuclear armed ship ban, etc etc). Australia's never needed the kicking (Pine Gap).

The timing of this is "rather suspect", given the upcoming conference....

As for why these rattles are being waved so loudly: It's a combination of economics, mindshare and access. The chips inside the Huawei kit may be Broadcom, but most of the money is going to China, the equipment is seen as Chinese and american spooks aren't getting a chance to intercept shipments to put _their_ spyware onboard.

If I could turn back time, I'd tell you to keep that old Radarange at home

Alan Brown Silver badge

Re: Pesky microwaves

"reception varied between great and almost unwatchable as the tide rose and fell."

The trick is to have 2 antennas spaced vertically apart by at least 6 wavelengths, an _odd_ number of wavelengths apart. One or 'tother will have a useable signal.

Alan Brown Silver badge

Re: Pesky microwaves

"One day I noticed that things near the horizon were stretched vertically. It was really surprising as I'd never seen anything like it before."

You'd be surprised how frequently this causes UFO reports if there happens to be a light in the "things near the horizon" and it's dar or twilight, as it will appear to be bouncing around merrily with atmospheric distortions

Alan Brown Silver badge

Re: Pesky microwaves

"In the swampy areas, certain atmospheric conditions (like calm and cold nights) could cause the air to stratify into layers that would diffract the microwave,"

This used to regularly happen to microwave links across the English Channel and Irish Sea with fog layers on calm nights. It wasn't just diffraction. The layers of fog could act as quite effective waveguides.

Far less of a problem with fibreoptic cables of course - until someone drags an anchor.

Alan Brown Silver badge

Re: Pesky microwaves

"The link passed across the bay she lived near and would fail at high tide."

This is why (in a previous life) when I was a comms tech we used vertical receive diversity on such links. The signal might drop out on one antenna but it wouldn't normally drop out on both at the same time.

Alan Brown Silver badge

Re: Running backwards ?

> It said they installed "specialised accurate time cards"

These usually use GPS to produce a NTP stratum 0 time signal. Quite expensive (or used to be, now you can cobble one up out of an old smartphone)

Alan Brown Silver badge

Re: NTP

"if the clock was too far wrong"

I remember 2 problems

- firstly they wouldn't touch the clock if it was off by more than 10 minutes IF you could get a time from the server

- secondly if no servers were available they'd set the time to the start of the epoch

And then there was the issue of sensitivity to whitespace (tabs vs spaces)

An upset tummy and a sphincter-loosening blackout: Lunar spaceflight is all glamour

Alan Brown Silver badge

Re: Lunch from both ends?

I've seen (and experienced) flat cola work on airsick passengers (Cessna 208 on a really bad day). You really do need to ensure the carbonation's out, but a few minutes with the kind of shaking we had made sure of that.

Curiously I've _never_ been seasick. Only car/airsick and _only_ when having the stuffing shaken out of me in a small aircraft for a prolonged period for the latter.

On the other hand, once someone starts chucking in an enclosed cabin on a small boat, you can guarantee a chain reaction. Fouveux Strait ferry crossings were always fun and generally best to be outdoors on even if the waves were higher than the top deck.

Alan Brown Silver badge

Re: As time goes on the space program gets more amazing to me @jake

"You probably actually can't retire because of 2008"

I worked out that I wouldn't be able to retire in 1984. I was 17 and did the math on birthrates in the developed world, the developing world, china, etc and looked at how government pensions were funded - having realised that there wouldn't be enough working taxpayers to fund pensioners, I realised that if I was _very_ lucky I might be able to draw a state pension at age 75 but it was more likely to be 78 and it would be means tested - and it pretty much didn't matter WHICH country I was in.

GenXers have been screwed for a long time. Millenials doubly so.

Alan Brown Silver badge

Re: As time goes on the space program gets more amazing to me @jake

" It is always sad to see when oppressed people are given power - and then they often implement the same intolerant policies as their oppressors had."

This is one of the reasons why the first thing you need to do after a revolution that's overthrown a nasty government, is _kill_ all the revolutionaries who attempt to govern. If you don't they will form an even nastier government.

Alan Brown Silver badge

Re: As time goes on the space program gets more amazing to me

"The vast majority of us would rather see the money spent on something useful, like education. Or pothole repair."

Unfortunately, the idiot in chief is following a policy which was set in motion by those who ignored the warnings of a certain gentleman who cautioned about 55 years ago against letting the military-industrial system take control of the economy.

At some point the tail is going to wag the dog so hard that they'll part company or the dog will be knocked out. It's beginning to look like the latter, rather than the former.

Alan Brown Silver badge

Re: As time goes on the space program gets more amazing to me

"From a time When America Got Shit Done(TM)."

Very much on a "a wing and a prayer" - the walls of the LEM were tissue-paper thin and when Russians examined examples after the end of the cold war they were quite shocked at the risks taken to be "first"

Risk-aversion in missions was something they'd developed well before the americans, despite the many spectacular and fatal accidents which are mostly atrributable to poor funding and extreme political pressure of the kind where one might end up dead anyway.

Alan Brown Silver badge

Re: "almost ridiculous"

"One being the comment that original engines were assembled by highly skilled engineers"

Being the kind who turn things on lathes and do precision welding type engineering

"and we don't have those skills any more"

We do, but they're not in as much demand because you know, greater precision in manufacturing means they're not needed so much.

One of the bigger problems is the loss of trade knowledge that came about because the use of them was a "trade secret" and explicitly NOT written down, so when the number of apprentices went to near zero, the skills simply weren't passed on and noone thought to write anything down.

NASA had to scramble around retirement homes in the 1970s to find metallurgists who knew how to make the seamless tubing needed for SSME cooling nozzles - something that was routine in the 1950s - and resorted to cutting gun barrels off the ghost fleet to get some of the alloys needed for SSME internals..

Talk about beating heads against brick walls... Hard disk drive unit shipments slowly spinning down

Alan Brown Silver badge

Re: Steep drop in prices for SSD

"The thing that spooks me is that I've heard too many tales of them dying without warning."

Ah, someone who doesn't make backups.

What's the fate of our Solar System? Boffins peer into giant crystal ball – ah, no, wait, that's our Sun in 10bn years

Alan Brown Silver badge

Re: Duh!

"You're a ball of white hot gases,"

Liquid metallic hydrogen, according to latest predictions.

No plain sailing for Anon hacktivist picked up by Disney cruise ship: 10 years in the cooler for hospital DDoS caper

Alan Brown Silver badge

> @imanidiot the problem is "justice", such as it is costs a rediculous amount of money.

One the very first day of most law schools the students are told it's a LEGAL system and to knock any misguided ideas of it being a JUSTICE system out of their stupid heads.

xHamster reports spike in UK users getting their five-knuckle shuffle on before pr0n age checks

Alan Brown Silver badge

Re: Government Pass

As ever the login and pass are likely to be cypherpunks/cypherpunks

Alan Brown Silver badge

Other countries noted the "blast all the local content in the wee smalls" gag and legislated that the mandatory local content percentage had to be "PER HOUR" - which led to some interesting mathematical and semantic gymnastics about what comprised local content when said material had been entirely recorded offshore (and never released locally) or were big name offshore acts which featured an ex-local performer in a minor role in the backing chorus.

Alan Brown Silver badge

"Call that a microchip? - it looks more like a thermionic valve to me"

A Telefunken U47 - in leather

Alan Brown Silver badge

"Wow, China even has VPNs banned. I guess it's not entirely surprising."

VPNs have been banned in China for years - with criminal penalties if caught using them.

What's happened recently is that they've been actively cracking down on it - and targeting foreigners, who they used to turn a blind eye to.

China has a shitload of draconian laws on the books and a history of only using them when it suits the authorities to do so (aka, when they decide they don't like you, you can be done for walking on the cracks in the sidewalk).

At $orkplace we've been having to remind people wanting us to setup VPNs for travel into China that

a: Such things are illegal in China

b: Getting caught would not be a good thing.

c: We're not allowed to assist in illegal activities in any case.

These kinds of laws in the UK are a backdoor way of implementing a "Great Firewall", but legislators all tend to forget one key factor - LEO satellite internet is on the horizon and all the firewalls on all the physical gateways on all the terrestrial borders won't make much difference if people switch to those for their xhamster or uncensored newsfeeds (good luck working out where someone's satellite dish is pointing when you don't need a satellite dish)

Alan Brown Silver badge

Hamfisted technological solution to a social problem

Aka me and my friends sneaking into R16 and R18 movies when we were 15 by bluffing our way past the ticket taker (note they never asked ages when selling tickets, only when actually entering the theater - they weren't stupid)

The best ever response to "Think of the Children!" is "Yes of course, after all Jimmy Saville was always thinking of them" (both in public and in private)

As at least one other poster has pointed out, abuse is almost always perpetrated by those known to both the victim and the victim's family (and when outside the family circle of close friends the abuser is usually someone in a position of significant social power/influence)

This smacks very much of "LOOK AT THE MIGHTY OZ AND PAY NO ATTENTION TO THE MAN BEHIND THE CURTAIN"

Begone, Demon Internet: Vodafone to shutter old-school pioneer ISP

Alan Brown Silver badge

Re: Wild West Days

"If I was running an ISP like demon around the time the big telecoms companies (with their networks, money, and other infrastrucure) started to sniff around at the thought of becoming ISPs, I'd have sold out for the fattest cheque too."

Looking back I'd offer that exact advice to anyone who contemplated holding out against the telcos (and there were quite a few). They had infinitely deep pockets compared to the small ISPs and they could afford to take a loss until the independents went under.

Illegal? Well yes - but even if they get prosecuted it's long after the event, the fines don't go to the people put out of business and most importantly of all, the vanquished competition isn't resurrected by court order in the state that it was before the illegal activity took place. Cartel/monopolist behaviour has ALWAYS been profitable for the entities participating in it.

Alan Brown Silver badge

Re: Wild West Days

"As a business owner you owe it to your customers"

You might think that's true. The reality is that most customers have no loyalty to you or the brand and will jump ship in a heartbeat."Goodwill" as a business intangible is very hard to pin down but in truth it's not worth very much at all.

If you do try to follow the espoused mantra and hold out for the best deal for the clients, you'll end up being eaten by the sharks.

Alan Brown Silver badge

Re: Modem ISP

"But there are many rural areas in the UK that still dont have ADSL never mind cable and if they want net access its either cough up for BT to set it up at the exchange (and potentially lay new cables) an expensive microwave system or dial up."

Whilst BT has systematically nobbled commercial rural broadband ventures it's relatively easy to setup a cooperative and you can get (for a short remaining period) EU grants to set such things up.

This very organ has documented how various groups and individuals have setup rural broadband wifi systems, frequenrly backending off someone's ADSL connection (not all suppliers prohibit such activity)

If you wanna learn from the IT security blunders committed by hacked hospital group, here's some weekend reading

Alan Brown Silver badge

Re: Not a Fan of Citrix

"I wish policy out-and-out forbade it."

In sensible places (ie: not yours) policy DOES.

Along with a bunch of other "convenience" services which compromise OUR security whilst increasing your convenience or allow other organisations to maintain their security facades.

Alan Brown Silver badge

Re: show me the money

"and of course there's always GDPR. In in the finance industry is an offence to not comply"

In both cases: Unless criminal/civil responsibilty falls _personally_ on manglement, they're unlikely to care.

It's the threat of finding _themselves_ in the dock which works the best at betting things fixed.

Alan Brown Silver badge

Re: show me the money

"because that really matters when you go for your next job"

Actually it does, because you can document that you warned them and they ignored you.

Drone goal! Quadcopter menace alert freezes flights from London Heathrow Airport

Alan Brown Silver badge

Re: "environmental terrorists"

"Any drone big enough to have a hairy scruffy type strapped to it would be hard to miss I'd think."

Well..... the police hairychopper got reported as "a Drone" at one point.

Alan Brown Silver badge

Re: "environmental terrorists"

"Lets face it the tree huggers have "form" in respect of various stupid, risky and obstructive actions"

And very publicly claiming responsibility.

So far noone's come forward,

Alan Brown Silver badge

Re: And so it begins

"No need for 3D printing, balsa wood will do just fine"

Rice paper and a bit of hot air will do nicely too.

Alan Brown Silver badge

No mention of Cranes?

The creek along Heathrow's southern boundary fence west of T5 is rather attractive to wading birds(*). I've watched both cranes and storks launch themselves out of it and then turn north across the operating airfield.

These are "somewhat" larger and more solid than 90% of drones.

(*) As is the marshy bit south of the west end of the airfield.

Border guards probe 'suspicious bulge' in man's trousers to find he's packing fluffies

Alan Brown Silver badge

Re: Ouch

There are worse things than kitten claws.

Kitten teeth, for instance - and they do try to bite anything that moves.

Attention all British .eu owners: Buy dotcom domains and prepare to sue, says UK govt

Alan Brown Silver badge

Re: Wow, it's almost...

"And a PM without a majority party in government can hardly be an autocrat."

David Cameron?

Alan Brown Silver badge

Re: That argument goes both ways you know.

"There should be a higher bar to making such a change than a simple majority."

Such as "achieving quorum" for any vote and "supermajority" for important ones.

Alan Brown Silver badge

Re: Wow, it's almost...

"Deny it to them and it seems most unlikely they’ll shut up."

They were most explicit that they wouldn't, if you recall Farage's pontificating on TV the week before the referendum on the subject of if it should it go 52% the other way.

One good thing about this last 2 years is that it's made the fascists and other roaches brave enough to peek out from under their rocks. Observers have been taking notes about names and hidey holes.

Alan Brown Silver badge

Re: Wow, it's almost...

>> Unelected autocrats such as Theresa May

>You do realise that she is an elected MP?

MP yes.

But not voted PM by the people. Anyone who claims they voted for a PM (or a leader) is repeating a common fallacy.

" If she were an autocrat, her vision of Brexit would already have been signed, sealed and delivered and she wouldn't be walking the greased tightrope over the shark-tank filled with rabid MP's.."

Considering the _actual_ voting percentages vs the way seats went, it's quite clear there's a shitload of gerrymandering going on to ensure that only 2 parties are effectively represented in Parliament and that where possible, one party is favoured. As such it's no wonder electoral turnouts are low when most seats are as locked in as any 17th century rotten borough.

It's even more pointed when the UK's claim to try and introduce a vote on "proportional representation" gave a choice between the status quo and the lame duck _least_ proportional option possible (ie: most resembling the status quo) and as such was rejected even by most who wanted PR.

Compare and contrast with New Zealand's referendum on the same matter:

1: Stay with the current FPTP system or change to PR?

2: If changing to PR, which PR system should we change to? (list of 5)

(Of course when the NZ population voted overwhelmingly for PR and MMP, which the politicians didn't want, they ran it again and got the same result, so it had to be adopted (lots of scare tactic adverts about MMP in the leadup). 20 years later when asking "do you want to keep this?" the politicians got told in no uncertain terms they had to keep it despite trying to switch back to FPTP)

Alan Brown Silver badge

Re: Wow, it's almost...

"MP wise, Cornwall has 6 Con MPs, who managed 48% of the vote , meaning 52% of peoples political views aren't reflected."

The word you're looking for is "Gerrymander"

Cops: German suspect, 20, 'confessed' to mass hack of local politicians

Alan Brown Silver badge

Re: Damage mitigation...

"like, is there any security about peoples' private information in our age of computers and networks?"

How much of this is actually private and how much is merely hard to find?

Reg Standards Bureau introduces the Devon fatberg as coastal town menaced by oily blob

Alan Brown Silver badge

Re: Fosters

" We only export that to you lot because we don't drink it."

Australians enjoy Fosters - by watching other people drink it.

Real-time OS: Ordnance Survey gets snuggly with Intel's Mobileye

Alan Brown Silver badge

Re: Personally, I'd rather they fixed the fucking potholes.

"Potentially they can use this data to identify and prioritize fixing of potholes"

One can hope......

Found yet another plastic nostalgia knock-off under the tree? You, sir, need an emulator

Alan Brown Silver badge

Re: Imagine anything as efficient

"...where the Amiga's Copper co-processor sprang from, you should read up on the Atari 800's video hardware: they had the same designer, and the same concepts are in there too..."

The "incestuestnous" of commodore/atari systems, designers and concepts is rather interesting reading. Affter going through the history you're left with the impression that it really should have been the Commodore ST and the Atari Amiga

European fibre lobby calls for end to fake fibre broadband ads

Alan Brown Silver badge

Re: It's the speed, not the method

"Just require all vendors to deliver the quoted speed over a minimum distance. "

Uh yeah. No problem. And the contention ratio back to the exchange?

Or the contention ration ratio from the exchange back to the ISP?

Alan Brown Silver badge

Re: Hardly the first time

"My utility is currently trying to get me to have a smart meter installed"

So are mine.

They don't think it's funny when I ask them how much they're willing to pay me to have it installed and how much they're willing to credit each month to keep it installed.

Apparently I should be falling over myself wanting this new toy and willing to pay THEM for it.

Biting the hand that feeds IT © 1998–2019