* Posts by Tom Paine

1669 posts • joined 19 Aug 2008

What could be more embarrassing for a Russian spy: Their info splashed online – or that they drive a Lada?

Tom Paine
Silver badge

Nope - you are mistaken - in principle, a citizen of Russia (or any other non-EU citizen) is covered by GDPR as long as they're residing in an EU member state.

19
0
Tom Paine
Silver badge

Re: If the spy is living in the EU...

I thought there were the usual national security exemptions in GDPR?

13
0

Salesforce dogged by protests, leaked emails, and guerrilla blimps on first day of Dreamforce

Tom Paine
Silver badge

Freudian PR

we can deliver great customer experiences for businesses around the world.

A great customer experience FOR A BUSINESS is to rinse them of every penny they've got, and find them banging on your door hoping to sell you some of their family members in exchange for more of your products.

0
0

A story of M, a failed retailer: We'll give you a clue – it rhymes with Charlie Chaplin

Tom Paine
Silver badge

Re: Surprising

Retailers will generally aim for a gross margin of 40%

LOLWAT? A supermarket that made 5% gross would be coining it in, let alone 40%

0
0
Tom Paine
Silver badge
IT Angle

The Beancounter

This article appears to be about accountancy. What's it doing here?

0
0

Perfect timing for a two-bank TITSUP: Totally Inexcusable They've Stuffed Up Payday

Tom Paine
Silver badge

Re: Banking privacy

That's all true except for the word "because". I doubt any of those tweeters are aware there's any sort of potential security issue with telling the world who they bank with under their real names.

0
0
Tom Paine
Silver badge

Re: The future is coming!

The whole point of using a hard currency is that it's not subject to hyperinflation. An box of eggs may cost £10 in six months time but in principle they'd still be worth $1.49 .

0
0
Tom Paine
Silver badge

Re: "If you don't leave, TSB will continue to not give a fuck."

Er. And the CEO having to quit, and let's be honest, anyone involved with this at a senior level has it on their CV for the rest of their careers (if they still have one). And I think you'll find the FCA and PRA will be levying fines in due course.

2
0
Tom Paine
Silver badge
WTF?

It's the end of September 2018...

...and now you're considering switching away from TSB? Because the mobile app's playing up for a couple of hours?

Users... can't live with 'em, pass the dry roasted.

1
0

WLinux brings a custom Windows Subsystem for Linux experience to the Microsoft Store

Tom Paine
Silver badge
Facepalm

Re: Why?

Rightr, because Linux web browsers don't support cookies. Or Javascript.

1
0
Tom Paine
Silver badge

Re: Indeed you are expected to pay

[...] in the hope they become collectibles...

My dear old thing -- if you're collecting them, then...

1
0
Tom Paine
Silver badge

Re: Indeed you are expected to pay

I tried sublime text 3 with vcxsrv and it "just worked" although I had to add "export DISPLAY=:5" to my ~/.profile

Ahhh *nix, don't ever change XD

(I speak via 4.15.0-34 )

2
0
Tom Paine
Silver badge

Re: The Other Way Round

Yes, experimentation with MS stuff is good, and I encourage all my competitors to try it,

( Coined by someone on NANOG years ago, not my line. Apologies/ acks to whoever.)

2
0
Tom Paine
Silver badge
Pint

Popcorning pedantic Free / Open Source nerds

Barnes expects users to pay for downloading his work from the Microsoft Store, which will prove controversial in the Linux world.

Nothing wrong with that, as long as the source is there. Red Hat are doing OK with charging money.

It's still Friday night, and what better excuse is there for a beer?

1
0

Health insurer Bupa fined £175k after staffer tried to sell customer data on dark web souk

Tom Paine
Silver badge
Joke

Re: ROTFLMAO

"No, Mr Version 1.0 -- I expect you to die!"

5
0
Tom Paine
Silver badge

Total game changer!

Well, GDPR has certainly put the cat among the infosec pigeons now! This gigantic, eye-watering fine will devastate the £12 Bn[1] annual turnover firm and cause a revolution in security throughout the country.

As a humble grunt toiling in the security trenches I for one can't wait for another 70 mins to pass so I can open a nice bottle of cask-conditioned real risk controls and get mitigating.

[1] H118 half-year report https://www.bupa.com/corporate/our-performance/financial-results

6
2

Microsoft: We busted Russian Fancy Bear disinfo websites

Tom Paine
Silver badge

Re: How things have changed

Surely I'm not the only one old enough to remember Reagan's speechmakers coining the phrase "empire of evil' to refer to, yes, the Soviet Union?

0
0

Intel rips up microcode security fix license that banned benchmarking

Tom Paine
Silver badge

Who would win...

Who'd win in a fight between Theo de Raadt and Linus Torvalds?

0
1

Why waste away in a cubicle when you could be a goddamn infosec neuromancer on £50k*?

Tom Paine
Silver badge

Why?

Or just become a skilled trades - good builders make far, far more than £50k round here, a reasonably competent and experienced chippie, sparks, tiler, plumber, plasterer etc will be closer to £100k than £50k.

22
0

Google Chrome 69 gives worldwide web a stay of execution in URL box

Tom Paine
Silver badge

stop inventing stuff!

My pile of unread reading is threatening to topple and cause devastation in a 40 mile swathe from here ot Basingstoke.

The PublicKeyCredential type allows individuals to log in using mechanisms that support an asymmetric key pair, which is potentially more secure than a password. Two devices that do so are the Android fingerprint reader and the macOS TouchID sensor, which means websites implementing the Web Authentication API will be able to read the PublicKeyCredential passed from either of these biometrics sensors to log the user in.

How much more fresh hell do we really need??

1
1

Hackers faked Cosmos backend to hoodwink bank out of $13.5m

Tom Paine
Silver badge

Re: Hack against third-party interface

Or poor network segregation, weak controls of admin accounts and working practices, unhardedened systems on the same desktop network as Reception being used for administration of production systems, poort staff awareness,.. tons and tons of stuff that could have lead to the attackers getting access to the switch.

As you say, I doubt it was itself directly "on the internet".

0
0
Tom Paine
Silver badge

Re: It is all about penetration testing

real world attackers (and gov agencies) use - bribing, woman, booze.

Such attacks are extremely expensive to carry out, and risky (as there's a human being who can, if detected. be tracked, surveilled, captured, interrogated etc.) There's a lot of highly specialised tradecraft involved. And so on. Very, very few organisations have that class of attacker in their threat models, for the obvious reason that either they're not a threat, or because realistic defences against such attacks would be too much trouble and money to be worth it. For instance, you start with DV-level vetting of all your staff, firing everyone who fails it. Your firm wouldn't have any problem losing 50% of it's headcount, right?

If they want you that much, they'll send ninja scuba divers up through the sewers at 4am to plant pinhead audio bugs that can relay the sound of typing to someone who can reconstruct the keystrokes, or whatever.

0
0

Official: Google Chrome 69 kills off the World Wide Web (in URLs)

Tom Paine
Silver badge

Chromium

...the upstream open source project's browser is pretty good before Google gets to it. I use it on Linux. Must check Firefox out again though, I was always a Ffx user but it choked horribly on LinkedIn for some reason whilst I was job hunting, and I'm too lazy to have switched back.

1
0
Tom Paine
Silver badge

Nope

Very bad idea.

1
0

Revealed: British Airways was in talks with IBM on outsourcing security just before hack

Tom Paine
Silver badge

Re: BT was going to outsource security says leaked memo.

Or they're communicating with non-IT, non-security people. Hate the break this to you, but the "cyber" boat sailed some years back.

When I first read El Reg people were still complaining about the use of "hack" / "hacker" to mean malicious activity.

3
1
Tom Paine
Silver badge

Re: Its the 3rd-Party Code that always burns you

That's not what a supply chain attack is, Professor Alan Woodward.

0
2

UK.gov's no-deal plans leave HMRC customs, VAT systems scrambling to keep up

Tom Paine
Silver badge

Re: A total waste of effort to support a transparent bluff

Exacerbated by Russian ops, of course. Would the vote have been Leave if Putin hadn't deliberately pushed 5m refugees out of Syria towards Europe?

0
0
Tom Paine
Silver badge

Re: A total waste of effort to support a transparent bluff

Had there been a vote on Maastricht back in 1992 the polls all suggested that it would have been rejected by ~ 70% and attitudes have hardened even more since then. There is zero possibility that the UK would ever vote to rejoin the EU in its present form.

But the polling's hardly changed over the last two years: https://whatukthinks.org/eu/questions/should-the-united-kingdom-remain-a-member-of-the-european-union-or-leave-the-european-union-asked-after-the-referendum/

It's a solid fact in all teh data that Leave support rises pretty much linearly from around 15% in the 18-25 y.o age category to 70% or so in the 70+ age group. A lot of Remain campaigners believe each generation's opinion will remain more or less unchanged as they age, in which case the Leave vote will drop steadily over the following decades. Of course it's possible that people become more anti-EU as they age... me, I'm looking forward to going to the pub.

3
0
Tom Paine
Silver badge

Re: A total waste of effort to support a transparent bluff

You think the USA will be around in anything like it's current form in 2118? It's possible, I suppose.

1
0
Tom Paine
Silver badge

Re: A total waste of effort to support a transparent bluff

Easy to say in retrospect, but how long would it have been before Paul Dacre was calling on the masses to rise up and overthrow the state for their treasonous ignoring of the result?

2
0
Tom Paine
Silver badge

Re: A total waste of effort to support a transparent bluff

There's a reasonably substantial school of thought among people who seem to have some idea what they;re talking about that there's really no way to avoid it. There is no conceivable deal that could be negotiated that would be acceptable to all the parties who have an effective veto on the deal (MPs, mostly.)

I'm not qualified to say if they're right. My guesstimate is 3/1 that they are, but I've been wrong plenty of times before.

1
0
Tom Paine
Silver badge

SUBS!

Typo: "parrallel."

1
1

Canny Brits are nuking the phone bundle

Tom Paine
Silver badge

Logolic Nazi klaxon

Apple's history of premium pricing may count against it. 41 per cent of customers surveyed agreed (ticking somewhat or completely) with the statement that they would never buy an iPhone,..

How does that follow? Maybe they just don't like Apple's design aesthetic, or find Android more familiar and don't want to change even though it was price that first got them onto it 10y ago, or they don't like devices designed to explode when dropped, or they want to be able to backup their music outside the Apple compound, or... And so on.

2
0

TSB goes TITSUP: Total Inability To Surprise Users, Probably

Tom Paine
Silver badge

It's never been fixed

Not a TSB customer but every few weeks I remember to search for it on Twitter, and there are still many people complaining about problems unresolved since the original fail back on May (or April, was it?)

Directors responsible for signing this off really should all be disbarred by the PRA when the dust settles, from the CEO down.

5
0

Spies still super upset they can't get at your encrypted comms data

Tom Paine
Silver badge
Megaphone

SUBS!

Major firms should also set industry statements and help smaller firms deploy these capabilities on their own platforms.

Should presumably be 'standards'

0
0

Windows 0-day pops up out of nowhere Twitter

Tom Paine
Silver badge
Facepalm

Right, because they should have fixed it before they knew about it.

0
0
Tom Paine
Silver badge
Stop

Re: gpo help?

Remember the Bill Hicks bit about the annoying kid on the plane, who gets out of his seat and starts flipping at the cabin door emergency release? And the passenger next to Bill gets up to grab the kid, and Bill's, like, "Whoah - hold on a sec - we're about see someone learn a valuable lesson... "

I turned on all the auditing options NT4 provided, not long after I first got it (my first ever real OS, a few months before attempting to set up dual boot Linux for the first time.) THAT was interesting, and a lesson learned.

0
0
Tom Paine
Silver badge

Re: first windows LPE that I remember

I hate to break this to you, but anyone can use root. It wouldn't be a very useful account if it couldn;'t be used, would it?

Now, if you're talking about bad operational practices in GIVING users admin accounts... that's hardly Microsoft's fault, is it now?

0
0
Tom Paine
Silver badge

Re: "unaware of a practical solution to this problem"

You picked the wrong icon!

Srsly though - of course they're unaware of a solution to the problem, it;'s a 0day. Hence the headline, which reads "Windows 0-day pops up out of nowhere Twitter".

0
0

Take a former NSA head hacker, a Raspberry Pi, weird Kiwi radios and what do you get?

Tom Paine
Silver badge
Meh

I am reminded of John Peel's verdict on Emerson, Lake and Palmer.

0
0
Tom Paine
Silver badge

What stupidity - the NSA? You think it's stupid to have a communications intelligence capability???

You must be talking about the lights.

0
0

Intel Management Engine JTAG flaw proof-of-concept published

Tom Paine
Silver badge

Re: Hmm...

The very same.

The PoC code doesn't represent a significant security threat to Intel systems, given that there's a patch and the requirements for exploitation include physical access via USB

If the JTAG lines are present in the standard externally accessible ports, it's a problem. Plenty of smartarse dweebs out there in corporateland with user level accounts would love to get local admin on their desktops, especially if someone started sellling boxes to do it for 20 quid.

And then there are evil cleaner attacks...

0
0

Everyone screams patch ASAP – but it takes most organizations a month to update their networks

Tom Paine
Silver badge

Re: Oh FFS

I could have done anything I wanted to their systems and they would have had absolutely no way of tracking it back to me.

I worked in the SOC of a well-known multinational megabank, and I think you may be mistaken.

1
0
Tom Paine
Silver badge

Re: Patchy McPatchface

Pardon my ignorance - what's CE+ ? Not Windows CE surely?

3
0

Network monitoring is hard... If only there was some kind of machine that could learn to do it

Tom Paine
Silver badge
Stop

Hmmmm

How do you troubleshoot a network issue when a so-called AI is reconfiguring stuff every 100 millis? Even if you figure out what it's doing that's causing a problem, how'd you find out why it did it, or how to make it stop doing it?

Or is the thinking that our new ML overlords will net-eng with such incredible Homo silico skill and speed that nothing ever breaks?

I think I know which file this one's going in. Actually that file's quite full of other AI / ML bolllocks, it's about time I emptied it...

10
0

Australia's Snooper's Charter: Experts react, and it ain't pretty

Tom Paine
Silver badge
Facepalm

*wince*

...at another politician boning up on all the technical terms but still ending up with "Hello, fellow kids!"

installing software or legislating some other means to capture data as it is unencrypted on the receiving device undermines the very principle of end-to-end-encryption,” Steele-Joh [of the Greens said.]

Firstly: no it doesn't, it circumvents E2EE by going after content in plain at each end of the encryption tunnel. Unless the Greens have a plan to teach everyone to do memorise keys and do AES in their heads, it has to be in plain somewhere between the user's eyeballs and the phone or computer. The actual crypto is unaffected and works exactly as intended. Evidently Steel-Joh has not heard of the concept of a crypto SYSTEM, that there's more to it than the bit with the complicated maths.

Secondly, getting access to the plaintext is the whole point of the exercise. If they just don't want their domestic LEA / IC carrying out any surveillance at all, of anyone, under any circumstances, come out and say so. I don't think they'd get very far. If they accept that sometimes the state has a legitimate need to surveil, presumably they agree the state should do so as effectively as possible.

0
0

UK chip and PIN readers fall ill: Don't switch off that terminal!

Tom Paine
Silver badge

Re: Cars alternative

Candy bars? In Brizzle?

0
0
Tom Paine
Silver badge

Re: Cash on the barrel head

They don't have contactless yet? That's pretty shit for a but very rare by now, surely.

0
0

Drama as boffins claim to reach the Holy Grail of superconductivity

Tom Paine
Silver badge
Pint

Inspiriong words1

"I love the fact that we are all living in interesting times. Let us argue, let us fight, let us raise a stink and let us clear it ourselves! Let us make the best of the situation. Whether Thapa and Pandey win or not, let science win. Silence is not an option.”

-- Prof. Raychaudhuri

I'll drink to that!

In fact, I already am.

6
0

Funnily enough, no, infosec bods aren't mad keen on W. Virginia's vote-by-phone-app plan

Tom Paine
Silver badge

Re: Smartphone only voting???

It's not mandatory, it's just another option isn''t it? They'll still be running normal polling stations, unless they really are completely away with the fairies...

0
0

Forums

Biting the hand that feeds IT © 1998–2018