* Posts by Tom Paine

1569 posts • joined 19 Aug 2008

Now Pushing Malware: NPM package dev logins slurped by hacked tool popular with coders

Tom Paine
Silver badge

mini-wince

No biggy, but....

... possibly initiating a chain reaction of cyber-crime.

I know what the intended meaning was - I think - but the phrase doesn't communicate it very well. Yeah I know, everyone's a critic,.. I'm just picturing a tabloid hack looking for stories to lift (or background) seeing the expression and getting altogether the wrong idea.

0
0

Every step you take: We track you for your own safety, you know?

Tom Paine
Silver badge

Re: This will work...

But only someone with a parcel on the van that would have access to that data. Narrows down the range of suspects quite a lot, especially if they do it more than once..

1
0
Tom Paine
Silver badge

Re: Corporate Security

Pretty sure MDM with location tracking would be a pretty major no-no under GDPR. Some employers may have a legit interest in knowing staff locations (delivery drivers, taxis, er,.. ) but as with Dabbsy's Amazon drone, the tracking should be of the vehicle only.

4
0
Tom Paine
Silver badge

Re: Corporate Security

* The area becomes saturated with additional traffic as first responders arrive.

[ argue_mode="the toss" ]

In many (not all) such circumstances, the first thing that any non-medical first responders will be doing is explaining to everyone around that they should vacate the area as fast as practical. (the police training in that "voice of command" thing is remarkably effective.)

Secondly the first responders are still using AirWave, rather than mobile phones, as the plan to move them onto the EE cellular network is going about as well as you'd expect it to. I trust the emergency services don't take personal devices with them on duty (anyone know?)

Not calling people to check they're OK in case they're hiding in a cupboard has only ever been an issue in the US, where marauding shooters are a weekly or daily occurrence. There have been a couple of hostage situations in France where it could have had tragic consequences.

4
1
Tom Paine
Silver badge

Re: Smartphone pouches

Turning off location is the first thing to do with a new phone; I've never so far had cause to turn it back on. As fara sI know that only deactivates the GPS, though - it doesn't stop the various other techniques for localising a device.

1
0
Tom Paine
Silver badge

Enterprise Upskirting

Just laughed out loud in the hotel bar. Top marks

2
0

Things that make you go hmmm: Do crypto key servers violate GDPR?

Tom Paine
Silver badge
FAIL

Wrong

An email address is unique to a person. "It's still personal data even if you can't find out who is the person behind it," Grooten added.

This is bollocks. I suspect the quotee is getting confused by the notion of a pseudo-anonymous key, such recording a user's identity with a serial number. If the organisation can de-anonymise it by looking up Sir Arthur Streeb-Greebling of 23, Acacia Gardens in another table or database, then the record with the serial number is considered PII. If the ID number is entirely random and there's no way to lookup the number and find the human identity it relates to, it's not PII for the purposes of GDPR.

1
0

US Declaration of Independence labeled hate speech by Facebook bots

Tom Paine
Silver badge

Re: This could be solved by...

You don't get targeted ads.

Er... yes, yes you do, unless you're using an ad-blocker or other anti-tracking technology.

Agree a forum / commantard playpen isn't "social media' though

6
0

Bill Clinton's cyber-attack novel: The airport haxploit-blockbuster you knew it would be

Tom Paine
Silver badge
Mushroom

.

Parts of the book, such as a passage relating the telephoning the mother of a dead soldier, have the mark of authenticity.

I guess he knew what he was signing up for, right/

1
0

Euro bank regulator: Don't follow the crowd. Stay off the cloud

Tom Paine
Silver badge

Re: I wonder?

I wonder if they include India in their High Risk Areas?

I imagine they're using the same list as for AML purposes. See e.g.

https://aml-cft.net/high-risk-countries/

1
0

Budget hotel chain, UK political party, Monzo Bank, Patreon caught in Typeform database hack

Tom Paine
Silver badge

Re: Billing.

>On the brightside, at least the Lib Dem breach didn't affect any sizeable number of people.

Heyyyyy...l Don't knock it til you've tried it! We've got >100,000 members - more than the Tories or UKIP, dash it all -- and we're growing faster than Labour. (Not that there's much chance of a Corbynoid army of enraged middle classes taking to the streets and demanding the abolition of capitalism, but some might say that's a good thing rather than a bad.) Anyway, my membership card shows a pair of pasty white knobbly knees and shins clad in yellow socks and shod with 70s style sandals,. What other party would take the piss out of themselves like that?

2
0
Tom Paine
Silver badge
FAIL

Side note here n the pestilential trend for everyone and their dog to launch "apps" rather than websites. Flash breaking news - 98% of apps are just websites that would like to steal more of your data than a page in your web browser can.

3
1
Tom Paine
Silver badge

Re: We take the security of our data seriously...

Why would a site need to access sometimes many 10's of 3rd parties just to display it's own pages?

So they get paid, of course.

Some of them get paid more equally than others, of course. ("Have you heard? There's a natural order...")

1
0
Tom Paine
Silver badge

Re: We take the security of our data seriously...

Non-existent data protection laws? You're behiond the times dear heart - they have well over fifty; a minimum of one per state, plus Federal laws. IIRC the shortest mandatory disclosure period is 28 days (Iowa, is it? Can't remember)) but there's a straightforward lowest-one-wins effect for companies likely to conduct business in every state. for the ones that also operate in the EU, it'd be much simpler to just bite the bullet and go full 72 hours -- unless they're Facebook of course.

0
0

RIP Peter Firmin: Clangers creator dies aged 89

Tom Paine
Silver badge
Thumb Up

educational

Seek out the episodie of the Clangers where a robotic rover with a manipulator arm arrives...40 years before Curiosity arrived on Mars!

https://www.youtube.com/watch?v=HArUmqqiL0s

21
0

CIMON says: Say hello to your new AI pal-bot, space station 'nauts

Tom Paine
Silver badge
Terminator

And when it breaks down....

and starts to annoy,

or grinds when it moves

and gives you no joy,

'cos it's eaten your hat

or had sex with your cat,

bled oil on your floor

or ripped off your door

and you get to the point

you can't stand any more...

...then what, eh?

1
0

Foot lose: Idiot perv's shoe-mounted upskirt vid camera explodes

Tom Paine
Silver badge
WTF?

Shoo, camera (sorry)

The subject reported he had purchased a shoe camera

I'm really struggling to conceive of a legitimate use case for such a device. Of course banning them won't stop pitiful creeps trying to build their own, but the comedy potential when the homebrew equivalents blow up could be pretty good, and there'd obviously be fewer attempts.

26
0

Automated payment machines do NOT work the same all over the world – as I found out

Tom Paine
Silver badge
Joke

That's ENOUGH!!

https://www.youtube.com/watch?v=Rj9Xh4A5dFA

0
0

Adidas US breach may have exposed millions of customers' personal info

Tom Paine
Silver badge

Re: A US Breach

Er, no it doesn't. Not if there are EU residents' PII in those databases. (Note: _residents_, not citizens. An American citizen with a US passport working in the UK is covered by GDPR. IANAL, if you get your advice from commentards you deserve anything you get, but that's my understanding anyway... )

6
1

Not OK Google: Massive outage turns smart home kit utterly dumb

Tom Paine
Silver badge

Re: "Not OK Google: Massive outage turns smart home kit utterly dumb"

What's the market penetration of mobile phones again? 96%? 98%?

It's not dumbness; it's ignorance. Very few people have the experience we commentards have of spending our working lives trying to, broadly speaking, keep stuff online and working -- and of how much fun it is when you're unable to do so and everyone suddenly knows your first name and phone number.

1
0

Is it a bird? Is it a plane? Is it a giant alien space cigar? Whatever it is, boffins are baffled

Tom Paine
Silver badge

Re: Comets

Sputtering.

0
0
Tom Paine
Silver badge
Alien

Hayabusa 2

Any chance of another story on Jaxa's Hayabusa 2, which has rendezvoused with Ra, er, Ryugu?

https://www.upi.com/JAXA-probe-Hayabusa-2-rendezvous-with-asteroid-Ryugu/6201530116820/

0
0

UK taxman warned it's running out of time to deliver working customs IT system by Brexit

Tom Paine
Silver badge
Facepalm

MPs

every single [MP] should be thrown out on the street because of this debacle (and half of them sent to prison)

Bit harsh on the LIb Dems who have consistently voted against Brexit at every opportunity.

7
0
Tom Paine
Silver badge
Thumb Up

Market analysis

Buy lorry parks and landfill operators!

(and canned food and shotguns, of course0

4
0

Relive your misspent, 8-bit youth on the BBC's reopened Micro archive

Tom Paine
Silver badge
Thumb Up

Obligatory

I thjink I may be overdue for my annual rewatching of Micro Men.

https://www.youtube.com/watch?v=XXBxV6-zamM

When I win the pool^ lottery I'm going to organise a geekfest with a showing of MM where everyone has to shout the lines at the screen.

PS The British IBM also -- https://www.youtube.com/watch?v=gCyLLFNh24E

4
0

Tech giants! How do you know Jim in accounting isn't Putin moves on you

Tom Paine
Silver badge

Re: They infiltrated the Vatican

but "sleepers', those that are totally unaware to the effect of what they do and those that just don't care.

That's not what a sleeper agent is.

https://en.wikipedia.org/wiki/Sleeper_agent

0
0
Tom Paine
Silver badge

Re: Why infiltrate

This is Russia we're talking about. Greenbacks are not something they currently have a large surplus of. It's mostly sitting in offshore trust multi-layered, multi-jurisdictional shell companies. If you have a look at the Putin doctrine over the last 18 years and the way the "entrepreneurial' groups, teams, departments, bureaus and whatnot develop their semi-detatched autonomous operations, you;ll notice an innovative disinterest in expensive stealth measures. Consider the notorious troll factory, for instance -- they weren't highly trained FSB or SVR officers, they were 20-something unemployed graduates who just wanted a job and had reasonable English. Same with the myriad of evidence trails thrown off by dozens of people in the Trump set-up. I suspect the notion is that it's a cheap win/win tactic. If the op's not blown, win, you get a puppet into the White House. If the op's blown and disclosed that''s also fine, because by the time the last shady "businessman' has been perp-walked into the Black Marias the public's trust in the institutions of the state and government has been massively eroded, the pro- and antio- camps have hardened their positions to quasi-religious state of ecstatic ingroup/outgroupery, where none of the Trump base will ever believe it's anything other than a coup by the deep state or the UN black helicopters etc etc when he's finally jailed. (Remind anyone of events closer to home?)

In that ops mode, cheapness has a double virtue.

The NATO Handbook is a very good read. http://www.ndc.nato.int/news/news.php?icode=995

1
0

Dixons Carphone 'fesses to mega-breach: Probes 'attempt to compromise' 5.9m payment cards

Tom Paine
Silver badge
Unhappy

Well aware?

As a multinational organisation, Dixons Carphone would have been well aware of the Target breach.

As an infosec grunt toiling in the trenches, _I_ am well aware that this is absolute bollocks. i nearly fell off my chair when our CIO mentioned Maerk, but that was a week or tweo after the post-mortem "how we covered from having our entire estate bricked" was publicised.

I bet if you took 100 CIO, COOs, CSOs etc - let alone the line management - and asked them to name 3 big hacks from the last decade off the top of their heads,85% would struggle.

0
0

Great news, cask beer fans: UK shortage of CO2 menaces fizzy crap taking up tap space

Tom Paine
Silver badge
Thumb Up

Re: Gas shortage

Had to read 95% of the comments before someone pointed this out! You /can/ hand-pull from the keg to the glass, but if the beer's literally down in a cellar, it's (a) slow and (b) very tiring work. (Although -- as modern kids today seem to go to the gym twice a day, perhaps that's not an issue these days?)

The Boat Inn at Redbrook had the right idea - the barrels and kegs were behind and above the bar.

* type type

just about visible to the right of this pic http://www.theboatpenallt.co.uk/wp-content/uploads/pic34.jpeg

(yeah, that's me after a hard day down the data cetre, right there)

2
0
Tom Paine
Silver badge

Re: "Pick up that can!"

Yeah? Why haven't the American people risen up against the current regime, then?

8
0
Tom Paine
Silver badge
Pint

Re: Bravo madam!

By far the best comment on this little threadlet, so naturally it has fewer votes and any others! Have a consolatory pint of Watling St IPA

2
0

Universal Credit has never delivered bang for buck, but now there's no turning back – watchdog

Tom Paine
Silver badge
FAIL

Google: "Tony Collins Crash"

n/t ....

0
0

BOFH: Got that syncing feeling, hm? I've looked at your computer and the Outlook isn't great

Tom Paine
Silver badge

the PFY took every single nut, bolt and screw out of everything.

I've *always* wanted to do that, with the addition of hanging every individual part from the ceiling on lines of black monofibre, so as to make a meatspace version of on e of those exploded views you used to see in kids encyclopedias, Ikea assumbly instructions and the like.

When I win the lottery and retire, maybe...

8
0

In defence of online ads: The 'net ain't free and you ain't paying

Tom Paine
Silver badge
Trollface

Re: If only I could pay

Netflix? That's easy - I can save you the bother. It's all shit, none of it is worth a second of your attention, and the billions of human cycles wasted on that trash is one of the great tragedies of our age.

Yes, I realise I'm in a minority of near-to-one-as-makes-no-difference on this. That doesn't mean I'm wrong.

18
16
Tom Paine
Silver badge
Facepalm

Re: If only I could pay

I'd be happy to, but the option is rare.

*sigh*. Do we have to go over the singular vs plural senses of the English word "you" again?

1
21
Tom Paine
Silver badge

I looked at the comments to see

Old man talking, gather round, gather round...

The left-channel vocal track of Gabriel reciting supermarket prices - and even the names (O Wavy Line where art thou? Merged with Fine Fare?) on the reciprocal track of Dancing Out with the Moonlit Knight, "Aisle of Plenty", send me into a weirdly physical spasm of early 70s nostalgia> I was a child in the Essex countryside (yes there still was some then, and very nice it was too for a 6 year old before paedophiles and terrorists were invented) -- I remember being taken round pre-supermarket general grocery stores and independents. The brightly-lit, plastic-fascia'd supermarket chains with the dayglo price flashes and special offers painted on the windows were really exciting. PLUS you got a big cardboard box to play in when you got home!

English ribs of beef cut down to 47p lb

Peek Frean's family assorted from 17 1/2 to 12p

Fairy liquid giant - slashed from 20p to 17 1/2p

Table jellies at 4p each

Anchor butter down to 11p for a 1/2 lb

Birds eye dairy cream sponge on offer this week.

https://www.youtube.com/watch?v=bxTS_NZOIlg

Yes children ha'pennies were a thing, as were Green Shield stamps and vinyl car seats too hot to sit on. I know where my country lies - 1973.

6
0

WannaCry reverse-engineer Marcus Hutchins hit with fresh charges

Tom Paine
Silver badge
Thumb Up

Re: Who do you trust?

I thought you were wrong, but you were right. Thanks!

https://en.wikipedia.org/wiki/Crown_Prosecution_Service#Charging_decisions

6
0

VPNFilter router malware is a lot worse than everyone thought

Tom Paine
Silver badge

Re: It's interesting how using more or less the same software for many different devices...

no software will be ever fully secure, sorry..

FTFY

12
1

1,300 customers of Brit bank TSB defrauded due to botched IT migration

Tom Paine
Silver badge

In t4he wis ewords of Zarniwoop....

"If you can't scratch a window with it, I don't accept it" (from the original radio series)

12
0
Tom Paine
Silver badge
Thumb Up

Re: 'There is no one who feels more for TSB customers than me' - CEO

Baggsie me being Vila! Triple adrenalin and somas all round!

1
1
Tom Paine
Silver badge

Re: Another false claim...

Ha ha ha.... no. He's had it, career-wise. If he's employed in any sort of executive decision-making capacity at a regulated FI this time next year I'll eat my hat.

5
5

'Tesco probably knows more about me than GCHQ': Infosec boffins on surveillance capitalism

Tom Paine
Silver badge

They don't make Sir Humphreys like they used to

But Ian Levy, technical director of the National Cyber Security centre, the defensive arm of GCHQ, argued that there have been hundreds of SMB vulnerabilities and hacks over the years, and the Eternal Blue exploit abused by WannaCry was just another.

(my emphasis)

What a lame bit of fallacious rhetorical logic.The issue with ETERNALBLUE wasn't the vuln it exploited, it was that it was a nicely weaponised reliable exploit for multiple target OS versions.I roll my eyes a bit at the knee-jerk "Western military-surveillance state leaks cyber-weapon that destroys the world" hype from the usual sort of suspects, but there IS a scandal there. It's not that TAO exists, or have exploits and frameworks and whatnot, it's that they got socialed. (And possibly externally hacked as well, IDK)

0
0

Visa Europe fscks up Friday night with other GDPR: 'God Dammit, Payment Refused'

Tom Paine
Silver badge

Re: Always have a backup plan

As with everything in life, there is no excuse for not having a dual vendor strategy

That's what I told her, and when I'd finished picking up my teeth her solicitor explained the drawback with that approach

1
0
Tom Paine
Silver badge

post hoc, ergo prompter hoc?

(Anyone got the spare time to do a survey and get some data? Didn;t think so. See, THIS is why I NEED to win the lottery... are you listening, universe?

0
0
Tom Paine
Silver badge

Re: Do you believe...

There are these things called regulators. And jails.

0
0
Tom Paine
Silver badge

Re: Bad workmen blame their tools.

The closet analogy I can imagine is having a loaded gun in your backpack, and the safety fail and the gun go off. Whatever the idiocy of doing that, the mechanical failure played a role.

Reality: "Hold my beer..."

https://www.bbc.co.uk/news/world-us-canada-44349521

0
0
Tom Paine
Silver badge

Re: Auguries of bad things

And how many days' cash would you advise keeping on hand? 24h? a week? a month? Some Ulsterbank customers affected by the RBS/NatWest outage were out of luck for 6-8 weeks as I recall. I don;'t know about you but I drink a LOT of beers in 8 weeks./...

0
0
Tom Paine
Silver badge

Re: Wake up call

True story! https://www.youtube.com/watch?v=HB81UgdqgT0

0
0
Tom Paine
Silver badge

Re: Wake up call

Welcome to 2003. Enjoy your stay. If you look over to your right in a few minutes, after the DCOM worm you'll see the swine flu pandemic and SARS coming up, Keep a look out for the BA and RBS/NatWest outages, and every second lame technothriller at local station's WH Smiths.

0
0
Tom Paine
Silver badge
FAIL

Re: Cash?

Spoken like a true random bloke down the pub with zero domain knowledge.

0
0

Forums

Biting the hand that feeds IT © 1998–2018