* Posts by h4rm0ny

4539 posts • joined 26 Jul 2008

Vote now: Who can solve a problem like Ashley Madison?

h4rm0ny
Silver badge
Thumb Up

Re: JMcA obviously!

Well the thing is, normally I would pick Bruce Schneier as he's undoubtedly brilliant and one of the most respected security professionals in the business. But at this point it's gone beyond a security problem and become the sort of PR debacle that no inside-the-box thinking and seriousness can fix.

Meaning the only person on the list who I think would have a hope in Hell of pulling something out of this fire is McAfee who would shrug, make some jokes and handle the unprecedented amount of criticism and hate without at any point appearing ruffled.

(Rumpled maybe, however)

1
0

Nano – meet her: AMD's Radeon R9 4K graphics card for non-totally bonkers gamers, people

h4rm0ny
Silver badge

Re: Having a giraffe..

Better at DX12 though, based on evidence so far.

1
2

Krebs: I know who hacked Ashley Madison

h4rm0ny
Silver badge

Re: salted duplicate check

>>"In any case, you need to store each user's salt value in plaintext so that you can use it when the user logs in."

This is correct, but the original statement was not. You do store your salt in the database - certainly not in the one that contains your password hashes. So for example, the webserver might have the salt, and it will use that to send only the hash to the database. That way if your database is compromised, the salt may not be. If people are going to use the Boffin icon and correct others, they should get their facts right. It is not necessary to have your salt in the database and is actually a bad thing to do.

1
3
h4rm0ny
Silver badge

>>"12345 that's the kind of password an idiot has on his travel luggage

And coincidentally the number of times I have heard that joke on El Reg forums..

4
0
h4rm0ny
Silver badge

Re: salted duplicate check

>>"If salted hash is used, the salt values for all existing passwords are necessarily stored in the authentication database along with the hashes"

No, that is NOT correct. In fact, storing your salt in the database alongside the passwords would be bad practice. You store it elsewhere and just query the database for the salted hash, not do it all on / within the database. All the database needs is the hash, not the salt.

1
6
h4rm0ny
Silver badge

Hmmmm

Reading this I have to conclude one of three things. Either this Twitter account is a dead-end, well protected and untraceable back to any physical body, someone has set them up to be a patsy or, option three, the hacker is an idiot.

EDIT: I suppose a couple of other possibilities having just had a look at their Twitter feed. Deuszu could just be a fan, playing at being a red-herring. If they and Krebs have a common source for that link then that is viable. Alternately they could be the hacker and are so confident in their concealing of evidence they actually want to "taunt" people with visibility. That would be rather nuts, though. Finding someone who hacked you can be very hard. Finding if a specific someone hacked you, is a lot easier because you can start from the answer and work backwards, as it were.

0
0

FBI probed SciFi author Ray Bradbury for plot to glum-down America

h4rm0ny
Silver badge

>>"A psychiatrist once said that optimists are people who should be certified as clinically insane. Whereas those defined as clinically depressed actually have a fairly good grip on reality"

And a non-psychiatrist once described psychiatry as "the study of people who don't need help by those who do".

I'll leave it up to El Reg readers to decide which view they trust.

6
0
h4rm0ny
Silver badge

Re: Corrupting America?

To be fair, he does seem to have some success at "corrupting the youth". :D

2
0

High-heeled hacker builds pen-test kit into her skyscraper shoes

h4rm0ny
Silver badge
Thumb Up

Re: Silicon Valley

>>"It might come as a shock. But it's not about you. Sometimes we do things for ourselves. Crazy, I know."

Hey. Welcome to The Register! I found your article fun. Building your own hacking kit into high-heels is pretty cool. Please ignore the troll - I think some people just enjoy feeling superior by looking down on what others like / choose. If your looks make some people underestimate your technical skills because they are stuck on some "geek" image of programmer, that's an advantage to you! :)

I like that your shoes will pass under many metal detectors at doorways, btw.

2
3
h4rm0ny
Silver badge

>>"however that LED-illuminated dress looks a fun idea for a girlfriend who likes to go commando"

Or actually an effective defence against perverts trying to take up-skirt photographs.

0
0
h4rm0ny
Silver badge

>>"I quite like that idea, but does it recurse? I.e. if OP had included a picture of himself in heels and a tight dress, and I wanted to criticise his appearance would I need to go wardrobe raiding too?"

Yes, it's turtlesblack mini-dresses all the way down.

7
0
h4rm0ny
Silver badge
Paris Hilton

>>Is that her in the picture? She looks deformed

I think there should be a rule that anyone posting physical criticisms of people in an article should be required to accompany it with a recent photo of themself. Similarly dressed, for fairness.

34
6
h4rm0ny
Silver badge

Re: Given the size of a small mobile

>>I've never been sure if that was meant as a blessing or a curse

Generally meant as a curse. It is alleged to be the reply Confucious gave to a student who moaned about finding themselves living in a peaceful society instead of the interesting times they read about in history. But that is probably a later invention. All we really know is that it was supposed to be a Chinese curse by the British.

7
0

Brit hydro fuel cell maker: our tech charges iPhone 6 for a week

h4rm0ny
Silver badge

Re: Bah, humbug

>>"Streaming spotify will empty most phones in under 8 hours"

Yeah, of their personal data you mean.

0
0

Even 'super hackers' leave entries in logs, so prepare to drown in data

h4rm0ny
Silver badge

Re: Teeth grating

And invidious.

0
0

Ashley Madison spam starts, as leak linked to first suicide

h4rm0ny
Silver badge

Stealing a rival company's customer list and then spamming all of them with sales pitches is not, imho, "something positive".

Anyway, whilst I'm posting I might as well add my own voice to the Trustify are scum crowd. Troy Hunt (in the article) set up a system whereby you could search for your details but it would only confirm by sending the results to the registered email address. THAT is responsible. Trustify are not.

8
0

Windows 10 market share growth slows to just ten per cent

h4rm0ny
Silver badge

Re: not cause for celebration

"Pushed" is one word for it. 'Rammed' might be a better one. It took me three goes to finally get rid of ads for Windows 10 popping up in my 8.1. installation. Tried uninstalling the update - it just comes back. Tried uninstalling and blocking the update - no way to block them on the Pro version. Well there is, but this one is excluded from the ones you can block. Tried a registry edit I found online - no effect. Found the GWX service buried in a list of services, disabled that AND applied a different registry edit I found, finally seems to have stop shoving ads in my face.

Very unimpressed.

23
0

Ashley Madison hack – Tory MP Green denies registering account

h4rm0ny
Silver badge

Excellent.

I love our politicians being judged on the basis of their sex lives. It's such an important part of their jobs, you see. That's how we got rid of Clinton and kept Bush, for example.

13
3

Spotify now officially even worse than the NSA

h4rm0ny
Silver badge

Yeah, a bit like airport security 'ask you' to "step this way".

1
0

Spotify climbs down on new terms and conditions

h4rm0ny
Silver badge

Re: peer-to-peer

Wow. That one needs a little more publicizing - I had no idea it did that. That could be especially bad in a work context but either way is not in. Maybe they should be paying their users instead of the other way around, given all we're finding out about them.

1
0
h4rm0ny
Silver badge

Re: but I don't *want* to

>>I don't know if Deezer is any better, but I am going to give it a go.

http://www.deezer.com/legal/personal-datas

Hard to say whether they're actually good in practice without trying the software, but they at least appear to allow a choice in the matter.

1
0
h4rm0ny
Silver badge

I used to have a paid Spotify account - "Premier" or whatever it was called. I cancelled it when they started really pushing Facebook-integration and playlist sharing.

If they want to advertise to free users, that's up to them. But they don't get to treat my data as some sort of bonus on top of my subscription payments. So goodbye to them. I find it hard to imagine they make more money from advertisers per user than the subscription fee so their loss. These days I just buy the MP3's and on-balance, I think I actually save money that way with the range of music I listen to.

10
0

Second Ashley Madison dump prompts more inside-job speculation

h4rm0ny
Silver badge

Re: Really?

>>"The hubris of these people is astonishing. Surely they can't survive as a going concern after this."

As pointed out multiple times by people, it is very, very hard to guard against attacks from the inside. Your technical safeguards can be as good as you like but ask Snowden how much that hindered him.

But yes, the witch hunt is on. One quote in the media I saw on this was from someone saying "they couldn't find their husband's email address on the list so they must have used a fake email account then". My other favourite is someone who is complaining about the leak because they signed up to AM to try and catch their husband cheating on them and now she's on the list and he is not - and she's blaming AM for it. I'm not saying AM are without fault here - I simply don't know and I doubt anyone outside the investigating people (and the hacker) actually can say. I'm just pointing out that a lot of the finger-pointing going on here isn't reasonable. Yes, you can score a few cheap upvotes by expressing disbelief at someone's hubris/stupidity/credulity/whatever - you always can because the Internet mob is addicted to seeing people have flaws pointed out. They love it more than chips. But that doesn't necessarily make it so.

7
0

US military says it will discipline Ashley Madison users

h4rm0ny
Silver badge

What's it got to so with them?

See subject. If the US army can kill hundreds of thousands of people in an invasion for oil and some soldiers looking for sex is what brings disgrace, then there's something deeply wrong here.

25
4

Ashley Madison wide open to UK privacy lawsuits, claim lawyers

h4rm0ny
Silver badge

Re: Wait a minute

>>"Class action Lawsuit's already started, led by a widower:"

He says that he signed up after his wife died and wants $7.5m dollars in damages. That's a lot of money.

0
0
h4rm0ny
Silver badge

Re: Might not be as easy as that...

>>"Yes, But... A company that refused to delete sensitive information, even when paid to do just that?"

Did they actually do that, though? I know it's been alleged but not sure there's any evidence. They still have the 'please close my account' ones in there, as expected. But do they have the paid for complete data removal ones. When is the dump from? A removal request could be after the time of the theft.

0
0
h4rm0ny
Silver badge

Re: Might not be as easy as that...

>>"3. You would have to prove AM failed to implement suitable security measures (i.e. the mere fact the breach occurred is not sufficient). This could be difficult if this is in fact an inside job."

Which looks very, very likely. The "blackmail" aspect doesn't hold up - pretty much everything points to this being someone with privileged access and a major, major grudge against AM. Maybe they got cheated on and blame AM for it, maybe it's something else. But this doesn't look like some random hacking team exploiting a SQL injection in order to make money. Which means they might be able to start from a shortlist of suspects and there's a very good chance, imo, that we might find out who did this. In which case they are in some very deep trouble.

But anyway, the point is as it looks like an inside job that is very, very hard to guard against. I work with companies that have excellent technical security but could be floored by one rogue employee. Can you sue someone for having lax security in this area? When even the most secure organizations are susceptible to betrayal from the inside?

If you disagree, consider the name "Snowden".

3
1

Now Ashley Madison hackers reveal 'CEO's emails and source code'

h4rm0ny
Silver badge

Re: Internal Emails

>>"Should be fun to find out exactly what the Company thinks of it's client base."

Doesn't really matter. With a sufficient volume of emails and the ability to present them selectively, you can make ANY company look like angels or devils according to which you wish to prove.

0
0
h4rm0ny
Silver badge

Re: "No, that data dump is totally fa" *SMACK*

>>"AM is still advertising on TV in Sydney Australia. I guess they're hoping no-one has heard what's happened"

I don't know but would guess, that TV ads aren't sold and organized the week before they air on a "let's buy an ad slot before tomorrow's Coronation Street, I'm feeling like it". I also don't know but would guess, that calling up a TV station and saying "we've changed our mind about that ad slot on Tuesday can we have our money back please?" doesn't get you a full refund.

0
0

Microsoft will explain only 'significant' Windows 10 updates

h4rm0ny
Silver badge

Re: @Mark 85 The seem to be going in an unsavory direction...

>>"Guess again., If none of Microsoft's Win 10 shenanigans up to this point haven't gotten you to actually move to Linux then there's no reason why this particular shenanigan should be the deciding factor."

Incorrect. Things accumulate and eventually people get pissed off enough to do something. I have a lot of GNU/Linux skills - it's where I started out. I moved over to Windows mid-cycle of Windows 7 because I found it was a good OS and I liked a lot of what they were doing. It was a new era for MS, it seemed. I'm on Windows 8 currently and MS's recent change in direction (and constant ads for Windows 10 they inserted against my wishes into my Windows 8 installation), have recently made me re-evaluate switching my primary back of to GNU/Linux. Haven't yet - am still considering. But right now they're losing my trust so back to GNU/Linux is looking more and more probable with every story like this I read.

37
1

Enjoy vaping while you still can, warns Public Health England

h4rm0ny
Silver badge

Re: Why should they ban them?

>>"If you are personally offended by then, you can personally piss off.

And that was exactly the attitude of the American guy in the pub - didn't care whether he was bothering anyone else, just a smug sense of moral superiority that other people would have to deal with it and he didn't have to show any consideration.

He didn't stop until staff had to actually tell him to.

1
1
h4rm0ny
Silver badge

Re: "Almost certainly"

>>"No one believes or cares whether vaping is 'safe.' Vaping is SAFER. That's all that counts"

Obviously it's safer than traditional cigarettes - by far. The question of whether it's "safe", which lets face it nothing really is, matters because if it becomes accepted as harmless it will be promoted widely by Big Pharma who stand to make a fortune out of something that is still essentially a highly addictive drug. It's not even a fun one, really. Just something you keep needing. Being able to sell addictive cigarettes but without being damned as cancer-causing devils? Every big pharma company's dream. The new Prrozac.

So the question of whether it is "safe" matters very much.

7
3
h4rm0ny
Silver badge

"No worse than cheap perfume in my view"

I wouldn't like it if someone kept inhaling and blowing cheap perfume at me, either.

Point is, it's not suddenly a way for smokers to disregard others around them like the old days when smoking in restaurants was normal.

13
8
h4rm0ny
Silver badge

Still unpleasant to smell though. Was in a restaurant in London a while back and some American guy (vapourizers weren't as known over here then) pulled out his e-cig and started puffing clouds of the stuff over to our table. Seemed to think that because it wasn't actually a cigarette it was suddenly fine to use indoors in a place filled with non-smokers.

34
9

You CAN'T jail online pirates for 10 years, legal eagles tell UK govt

h4rm0ny
Silver badge

Re: Of course it will work...

>>"The link clearly states he was prosecuted for sharing files (i.e. distribution), not for downloading."

Jammie Thomas is a woman, actually. But you are correct, she was prosecuted for distributing the content, not for downloading it. Other important things to note are that this was American trial and the point was to find any cases in British law which is what we're actually discussing, and that contrary to what was claimed by the OP, the initial fine was $5,000 dollars, not $250,000. It grew over the intervening years during which court cases were dragged out and turned over again and again during which she claimed that: she'd never distributed copyrighted material, that distributing the files had been fair use, and that there was no financial harm from distributing the material. There was also the fact she bought a new hard drive and tried to fake load it with data to swap it into evidence in place of the actual harddrive from her computer. Or my personal favourite - hiring a professor of computer science from a local university to testify that the files could have been shared by someone on the same local loop as her spoofing her MAC address.

But like I say, not British law so not that relevant to this amendment. The OP will not be able to find cases of people receiving big prison sentences for downloading music in British law because there aren't any. To be honest, I'd be surprised if they managed to find cases of even tiny prison sentences for it. Maybe a couple of cases with special circumstances around them. Like I said elsewhere, what you get for small scale domestic piracy - in the rare case you get anything - is a fine. Even in this American case, that's what she initially got before she dragged it through a three-year court battle of escalating costs and outright perjury.

0
1
h4rm0ny
Silver badge

Re: I'm sorry

>>The person who downvoted that comment

>>"So downloading a bunch of films is worth more than a kids life."

>>is a fucking idiot

I downvoted it. And did so because it's factually inaccurate and phrased to try and make this sound like something it isn't. You don't get two years for "downloading a bunch of films" nor will this amendment mean that you start to. And the maximum sentence for "Causing Death by Dangerous Driving" is 14 years. The poster is trying to make it sound like home piracy is treated more seriously than running someone over which is not the case. They either don't understand the law or, more likely, they're willing to misrepresent things with short sound-bites in order to bolster their preferred view. I bet they don't like it when politicians do that but they seem happy to do it themself.

3
2
h4rm0ny
Silver badge

And that's a fine thing to do. It's all the people who say movies / music / software is crap and not worth paying for and then torrent the Hell out of them that are the problem.

1
0
h4rm0ny
Silver badge

Re: There is another way

>>"If harmonising the maximum penalties for both the online and offline versions of the crime is necessary and raising the 2 years to 10 is seen as undesirable, why has no-one considered dropping the 10 years to 2. Obvious solution is obvious."

Because example cases where multi-year sentences have actually been handed out are for things like trading in $20million of pirated software, channelling £50,000 advertising revenue per month through Latvian banks to South American-registered companies, etc. So reducing everything down would put all this substantially lower than comparable crimes where you charged someone for the same thing under Fraud laws, etc. Do you also want to treat people more leniently for ripping off millions via fraud? Because otherwise your suggestion leads to two people committing equally damaging acts but one being treated wildly differently. And then if you're making fraud less of a crime, that's going to lead on to others in turn.

0
0
h4rm0ny
Silver badge
Thumb Down

>>"It begs the question is Mr Weatherly a responsible person ? Besides go digging on Mr Weatherly and just how tied in he is with the copyright mafia."

No, it doesn't. Someone marrying a woman who used to be a prostitute does not indicate they are morally flawed. That kind of Righteous Superiority says a lot more about your own tendency to throw around puritan judgements than it does about her or him. Honestly, I find that kind of temperament disgusting.

3
0
h4rm0ny
Silver badge

Re: I'm sorry

>>"The discretion between the treatment of the director of a bank rigging LIBOR and a black teen shoplifiting?"

Yes. If one person downloads a movie and another sells millions of dollars of pirated software, you don't want the law to allow no differentiation between how you treat both of them. That's obvious and that's why you have the concept of a maximum sentence and a minimum sentence (in this case let off with a warning, fine or suspended sentence) and not some fixed penalty. I can't help thinking that whilst illustrating my point you somehow think you're disagreeing with me.

0
1
h4rm0ny
Silver badge

Re: Not silly at all

>>"This reasoning is worthless. I'd much prefer having a grand stolen online from my bank account than being assaulted the ATM. Physical theft is a lot worse."

In which case you are now comparing theft to theft + assault. Would it make any difference to you if you were assaulted and then had the money stolen online as well? Suppose someone stole the physical money without assaulting you, would you want someone to be treated less severely because they used a computer to do it?

We spend half our time complaining about how the law and patent system applies a double-standard just because something was "done with a computer". Well now the law is catching up.

1
5
h4rm0ny
Silver badge

So what if she was? Were the Daily Mail forums full?

3
1
h4rm0ny
Silver badge

Re: I'm sorry

>>"The politicians say that I must go to jail for 10 years if I download a movie "

No, they don't. The inability of some people here to grasp the basics of UK law is depressing; viz. that it allows a range of sentences so that discretion can be allowed and you can differentiate between someone who sells $20m dollars worth of software and someone who torrents half a dozen movies at home to watch.

Also the inability to differentiate between mode, median and arithmetic mean.

5
12
h4rm0ny
Silver badge

Re: I'm sorry

>>"So downloading a bunch of films is worth more than a kids life."

No it isn't and you wont get ten years in prison for "downloading a bunch of files". You might get several years for conducting a large, for profit piracy operation however which are the actual examples you'll find of people having been given multi-year prison sentences for piracy. And the maximum sentence for "Causing Death by Dangerous Driving" which is what the actual charge is in the UK, is 14 years. That is since you're so fond of making comparisons based around absolute worst case scenarios.

3
17
h4rm0ny
Silver badge

Re: Of course it will work...

Actually, it's really immaterial the state of the prisons because this isn't about stuffing lots of home downloaders in prison. They (when actually caught and prosecuted which is rare) get fines. The prison sentences handed out have been for large-scale profiting operations. One of the biggest was 7.5 years for someone who was selling pirated software (traded about $20m worth), another person got 4.5 years and they were routing their profits to a bank in Belize via a bank in Latvia - not exactly your typical teenage downloader. Even that guy who the Guardian got so indignant about being extradited to America to be charged with copyright infringement had made $230,000 in advertising revenue from his site. (And he still wasn't sentenced to prison).

The reason for the harmonization is because it's silly to have different laws for the same thing done online as done offline when the effects are the same. It's not going to lead to swarms of people being sent to prison. Copyright infringers who get prison sentences are a tiny, tiny proportion of the total.

4
10

Adulterers antsy as 'entire' Ashley Madison databases leak online

h4rm0ny
Silver badge

Re: Karma?

>>"I'm all for the "duty of society" and so on, but parents (and given the >90% figure it will be the fathers) have duties and responsibilities too. If the consequences of their actions hurt their loved ones, well, perhaps they shouldn't have done it in the first place."

When something happens it is a product of all the people who made it happen, not just one of them. If someone cheated on their partner using this site, that is one requirement to be on this list (well, actually can be on it without that but anyway...). But there is also a requirement for these hackers to have publicized the list to make the problem much worse. It seems biased to respond to criticism of these hackers by trying to make being on this public list solely the fault of one party - clearly it is the product of both. It suggests to me you have a desire to blame the one party.

1
2
h4rm0ny
Silver badge

>>"Sure, the same "freethinking people who choose to engage in fully lawful online activities" are there for the single reason to cheat on their other halves... It is "lawful" after all."

Leaving aside all the people who may have signed up just looking for no strings attached sex without actually having a partner to cheat on or before they met someone; and leaving aside all those who may have signed up with their partner's awareness or together; and leaving aside those who signed on just to look at the profiles for solitary gratification or fantasy; and leaving aside all those who thought about it and then didn't go through with it... Well anyway, leaving aside all those people your comment wouldn't apply to but who will still suffer through this, there's the simple fact that two wrongs don't make a right.

An affair can be painful and damaging enough. What these hackers have done has been to make it far worse for many, many people. Imagine your partner has had an affair. You might deal with that in a variety of ways but very few of them are made better by having your co-workers see your partner's name on a database and announce it. Marriages (or any equivalent) are complicated enough without clear black and whites in many cases. It wasn't these hacker's privilege to get to spread deeply personal information around the world and it's certainly not your position to judge people whose circumstances you don't know for being on this list. This remains a criminal act AND an immoral one on the part of the hackers and they should be caught and dealt with appropriately.

All other sentiments belong in the Daily Mail.

41
1

Would YOU make 400 people homeless for an extra $16m? Decision time in Silicon Valley

h4rm0ny
Silver badge

>>"The way this is phrased makes it a loaded question. Alternatively stated, would be would you make effectively a $16m donation to keep people in their homes, and personally I think that is too much to ask."

Well there are reasons why it's phrased the way it is. This isn't an exact parallel to someone suddenly being asked one day if they'd like to donate $16m to help house people. It's actually his decision and responsibility. You could go round dozens of rich people in your version asking each but in this case he owns their homes and the profit he stands to make is from selling those people's homes. It's not a passive act, he has to make an active decision as to whether he's going to get a huge amount of money and let people keep their homes, or get 140% a huge amount of money by kicking them out of their homes. When the money is coming from you selling where people live, that's different to just being asked for money for people who have nothing to do with you.

1
0
h4rm0ny
Silver badge

Re: TAKE THE MONEY

>>"I have no sympathy for people who are close to my age and NEVER SAVED ANY MONEY. I worked my BUTT off literally and figuratively to get what I have today. I have NO sympathy for people who were grasshoppers not ants."

Or alternatively prioritized raising families, lower-paying careers they cared about such as teaching, or had more dependents than you, or etc.

Incidentally, your caps key appears to be broken.

3
0

Forums

Biting the hand that feeds IT © 1998–2018