* Posts by Tom Paine

1747 posts • joined 19 Aug 2008

Use an 8-char Windows NTLM password? Don't. Every single one can be cracked in under 2.5hrs

Tom Paine Silver badge

Up to a point

"The eight character password is dead."

But if an attacker's got your password hashes it's probably game over already, because of the level of access that implies. No?

Q. What's a good thing to put outside a building of spies? A: A banner saying 'here we are!'

Tom Paine Silver badge

They'd be silly if they WEREN'T doing it, thogh asd @GossiTheDog pointed out, if you've ever seen Huawei code you'll realise there's no need to plant a backdoor; you can just use one of the myriad "bugdoors".

Tom Paine Silver badge

Re: You are so wrong.

Yeah. But hardly anyone's heard of Bude yet.

National Enquirer's big Pecker tried to shaft me – but I wouldn't give him an inch, says Jeff Bezos after dick pic leak threat

Tom Paine Silver badge

Oh, come ON

Bezos said that he had asked an associate and investigator, Gavin de Becker, to probe the sources [...]"

Come, come, Commander Register! "Pecker vs. Dr Becker"? You expect us to believe that you're not just making this up?

Nurse Gove, wheel in the laser cutter, please."

Things that make you go .hm... Has a piece of the internet just sunk into the ocean? It appears so

Tom Paine Silver badge

Subs!

we've spoke to four current or former registry managers

"Tragic"? Whatever do you mean?!

Trolling in the Reg's forums... we mean, er, 'working' on the train still rubbish thanks to patchy data coverage

Tom Paine Silver badge

London

Ten years ago I was unsurprised to be sold a phone and then warned that there was no coverage for 10 miles around my address; this was the wilds of the remote west country with a relatively sparse population and a lot of hills and valleys, and the sales droid was in sales. (I shoul dbe surprised there's STILL no signal in my old home area, but that's life.) what astonished me was moving to the SE and finding even 3g disappearing completely for substantial stretches of my train journey whilst well inside the M25. (yes this the Thameslink N-S line I'm talking to.) I mean... Hendon?? How can there not be 5 bars in Hendon or Cricklewood or Kentish bloody Town for heaven's sake?

Oh, it makes me _mad._

Hey, UK.gov: If you truly spunked £45k on 1,300 Brexit deal print-outs, you're absolute mugs

This post has been deleted by a moderator

Post-Brexit plan for .EU tweaked: No dot-EU web domains for Europeans in UK, no appeals, etc

Tom Paine Silver badge

Re: "The rules were invented in Brussels by unelected civil servants"

The hereditary peerages were largely abolished (as being eligible to sit in the HoL) 20 years ago.

The monarchy is entirely symbolic and has absolutely zero involvement in policy or decision making. We had a bit of a war about that once.

Tom Paine Silver badge
Thumb Down

Re: Didn't the UK create these rules?

They are accountable to MEPs (directly elected), the Council of Ministers (minsters who are appointed by national governments that are directly elected) or the Commission (Commissioners being appointed by, yes you guessed it,elected national politicians.)

Have another go.

Data flows in a no-deal Brexit are a 'significant' concern – MPs

Tom Paine Silver badge

Eh?

DPE (1918) implements GDPR, so what's the issue? Of all the myriad interconnections between the UK and the EU that could cause chaos, data flows are ,well, not bottom of the list perhaps but I can't think of many things less likely to feel some impacts. I forget the exact terminology but even pre-GDPR, transfer of PII outside the EEA was perfectly OK as long as the destination country was adjudged to have "equivalent legal protections" or words to that effect -- similar data protection and privacy laws, and working institutions and processes to enforce them. There's a short list of countries passing the test, .. ah, here we are:

https://gdpr-info.eu/issues/third-countries/

Seems pretty obvious the UK goes straight on that list, and that any reasonable lawyer* at an organisation that's party to data transfers to/from UK jurisdiction would see that there's obviously no issue.

Or they could, you know, stop AD sync'ing between the firms in the UK that are part of operations that also exist in the EU27 - just like they don't have shared AD infrastructures that cross the borders of the EEA today.

:-|

* yes, I know

Q. China just landed on its far side, the US woz there 50 years ago – now Europe wants to mine it? A. It's the Moon

Tom Paine Silver badge
Trollface

Do they have...

Do they have Brexit on the moon? No? Sign me up, I'm off to rob a few hedge funds.

En garde! 'Cyber-war has begun' – and France will hack first, its defence sec declares

Tom Paine Silver badge

Re: Britain's " muted line about its offensive cyber capabilites"

Geopolitics and inter-state messaging is a bit more subtle than that. Some of the related topics are touched on by Dave Aitel now and then (and many others of course, I just don't have time to keep up)

https://cybersecpolitics.blogspot.com

Tom Paine Silver badge

Re: Britain's " muted line about its offensive cyber capabilites"

what benefit is there in boasting/threatening like the French do?

For the same reason nuclear states are generally quite happy to have that status be publicly known. Its not much of a deterrent if the adversary only finds out you have an ICBM capability when you launch an all-out retaliatory strike in response to their incoming wave of surprise attack warheads, is it now?

Tom Paine Silver badge

Re: Simple

I have some shock news for you.

1. in a large organisation with huger numbers of different data communication systems, which DOES have to be able to communicate with untrusted networks (How'd you think people email the army? How'd you think soldiers use email, come to that?) -- it's not really a five minute job to make sure an airgap really is airgapped

2. You do not have to have military equipment connected to the internet to be vulnerable to a good hard cyberring from an adversary. A couple of recent examples you may have heard of --

* https://en.wikipedia.org/wiki/Operation_Olympic_Games

* https://www.theguardian.com/world/2018/jan/28/fitness-tracking-app-gives-away-location-of-secret-us-army-bases

* https://en.wikipedia.org/wiki/Russian_interference_in_the_2016_United_States_elections

Tom Paine Silver badge

Re: And .....

*embarrassed liberal coughs discreetly

"glorious military history" is oxymoronic. It's the organised killing of men women and children, often in grotesquely violent and horrific means.

If war's so glorious, why aren't politicians falling over themselves at election time to promise war more and more war?

Nationwide UK court IT failure farce 'not the result of a cyber attack' – Justice Ministry

Tom Paine Silver badge

Re: wtf does not "freeing prisoners unlawfully" mean ?

No British ljudge has "gotten" close to anything, because it isn't a word.

Build the wall... around your DNS settings, US govt IT staff urged by Homeland Security amid domain hijackings

Tom Paine Silver badge

Re: Brave New World

*cough* https://en.wikipedia.org/wiki/Operation_Aurora

This must be some kind of mistake. IT managers axed, CEO and others' wallets lightened in patient hack aftermath

Tom Paine Silver badge
FAIL

Fools

Three staff – one from database management, one from the software configuration management team, and one security management staffer – not only escaped criticism, but were given letters of commendation for “diligence in handling the incident beyond their job scope and responsibilities.”

What mugs! Now management know these three will work their backsides off (the piece doesn't say, but I bet that's long evenings and weekends of unpaid overtime) just to pull management's butt out of the fire, in return for... a piece of paper with the words "thank you" on? Dear oh dear.

When I win the lottery, I'm gonna start me the Amalgamated Union of Security Droids, Pentesters, Analysts and Ancillary Trades" and organise a strike. Solidarity, Reg!

More nodding dogs green-light terrible UK.gov pr0n age verification plans

Tom Paine Silver badge

*fit for purpose"?

N/t

Can't unlock an Android phone? No problem, just take a Skype call: App allows passcode bypass

Tom Paine Silver badge

Sorry to break it to you, but the (admittedly subjective and anecdotal) evidence I've seen is that Skype for Business / MS InTune is remorselessly eating the corporate VOIP market via O365.

Tom Paine Silver badge
WTF?

So... there's no bug, after all?

Then what have Microsoft "fixed"?

A few reasons why cops haven't immediately shot down London Gatwick airport drone menace

Tom Paine Silver badge

Re: How about a high power laser burst ?

"...the Comrade General found your joke with the flowers very amusing."

Tom Paine Silver badge

Re: How about a high power laser burst ? (or things I saw in Star Wars)

...how about an Electron Ram?

London Gatwick Airport reopens but drone chaos perps still not found

Tom Paine Silver badge

Re: How many drones does it take ...?

That the possibility of a twinjet at MTOW losing an engine to FOD on climbout turns "abundance" into "excessive" for perfectly understandable reasons.

Having guessed that's "maximum take-off weight" and looked up "foreign object damage", the question that naturally follows is whether a twin-engined aircraft at max t/o weight losing an engine as it climbs away from the runway should be anything more dramatic than the engine-shutdown checklist, a lot of fuel being dumped at low altitude before the a/c lands back where it took off? Cos even MJN Air lost an engine on their elderly 737 on takeoff and lived to tell the tale - S3E6 was it? St Petersburg? Not on iPlayer or YT alas.)

Tom Paine Silver badge

Re: The only thing stacking up here is the holding pattern

Then the further night-time reports (both sets of reports apparently from airfield personnel) So, rather dark. Being able to see and identify a drone would require it to be extremely close. Otherwise its just "lights in the sky moving in what appears to be a controlled manner"

I invite you to reconsider your assumptions.

[..] ...unless those in charge at the airport know something we've not been told.

It's hard to believe the airport operators, police, military etc aren't live-streaming everything they do on YouTube. It's 2018 for heaven's sake!

/s

Tom Paine Silver badge

Re: What drone?

"proof", as you put it, (I'd say "evidence", which doesn't necessarily mean it's real) is presumably in the hands of Gatwick, the police and associated types. The lack of an official "Have you seen this drone?" image is not necessarily evidence there is NO drone, but they really do need to produce something if they don't want to end up as the punchline to a lot of TV comics jokes early next year.

Tom Paine Silver badge

Re: This episode reeks of...

Dont ask me why, just a gut feeling

I didn't ask you why, but you told me anyway. Pretty good going to shoot yourself down in the same sentence.

Tom Paine Silver badge

Re: Preprogrammed drones

...assuming there was only one drone.

Tom Paine Silver badge

Re: Mass hysteria, sightings of the Virgin Mary, the Emperor's New Clothes, false positives

False positive? Maybe, maybe not. If it is, then presumably eco-whatevers who want to shut an airport can do it by organising mass phone-ins of people claiming to have seen drones near an airfield.

Tom Paine Silver badge

Re: "environmental rights terrorists"

But if no-one had noticed the first few overflights until one went through the windscreen of a fully laden long-haul heavy passenger jet climbing away from take-off, resulting in a few hundred deaths,.. would that have been terrorism?

Tom Paine Silver badge

Re: Fire and forget ...?

He would have to somehow buy the drone and prep it without getting any DNA on it or in it, even a single flake of skin dust, as you can be sure the authorities will dissemble and test every bit of it if they ever find

Attacker's threat model may say DNA recovery isn't a problem because (eg) their DNA isn't on the database in the first place, or they have reasonably good grounds to think they'll never get arrested and swabbed, or they don't care if they ARE positively made, eg they're planning to be back home in another country by that time.

Tom Paine Silver badge

Re: Shoot it down?

<blockquotes>

To me, that's a rather large hole in this lands defensive abilities....

</blockquotes>

Consider that there are other "lands" in the world. (Did you mean 'länder' perhaps?)

Tom Paine Silver badge

Re: Environmental Protestors?

As I understand it, drones were reported or detected every few hours for, what, 40 hours or so? That's a very, very dedicated lone nutter in a shed with a really powerful alarm clock, who can operate on 40 mins of sleep (allowing time to drive to a mobile launch site, launch, drive to recovery site, return home - to say nothing of interactive flight control, if they're not pre-programmed flightpaths.) And assumes the pilot's doing the launch and recovery themselves.

My bet is a minimum of two, probably three or four people.

Lulzsec kept their mouths shut and stayed lucky for, what, three months or so? Six? But the more people, the bigger the chance someone says something silly, snitches or flips.

Unless they're professionals, of course.

*shrug*

Tom Paine Silver badge

Re: Environmental Protestors?

They tend to...

That's a reasonable case for it not being people motivated by "eco" who've done direct actions before. There's other supporting evidence: the apparent professionalism, the lack of any PR (no point pulling apublicity stunt if you don;'t get publicity for your cause), and so on and so forth.

Terrorists "tended to" hijack planes, until they didn't.

Suicide bombing is (in the developed world. for practical purposes) a novel attack from the last 20 years.

The consensus about global warming has become much clearer and the consequences much better understood in the last 20 years, it's had far more publicity than it had in the last century, and the "Extinction Rebellion" lot are a new thing.

Digital communication and information technologies have radically changes the tools that lone nutters or small tight groups without big resources have to call on.

And so on and so forth.

However neither of the above mean the attackers /can't/ be motivated by The Ecos. I agree it looks unlikely.

Tom Paine Silver badge

The internet would be so much quieter if people who didn't know anything just asked questions, rather than offering silly theories or comment starting "Why don't they just..."!

Tom Paine Silver badge

Re: How hard is the approximate localization of a 2.4GHz sender operating in or near an airport?

They could be using any damn bandwidth they want that's functional with the size and distance requirements. There are a lot of assumptions being made about the type of equipment being used by the attackers. Let's see what public info emerges about the crashed vehicle they've reportedly recovered -- if any.

Tom Paine Silver badge

Re: How hard is the approximate localization of a 2.4GHz sender operating in or near an airport?

I think you'll find received power decreases as the square of the distance, so if you don't know the distance, how do you know whether it's "small... nearby. Big... FAR AWAY", etc.

Tom Paine Silver badge

Have you ever actually listened to Today In Parliament?

Have you ever watched a Select Committee session, and then followed the enquiry, and then read the report they issue?

Do you, in fact, know anything about how the UK parliament functions?

Tom Paine Silver badge

A google for "drone wars" is enlightening. And depressing.

Tom Paine Silver badge

OP obviously meant "probability".

Tom Paine Silver badge

Re: Don't just do something! Stand there!

Some pretty obvious inferences can be drawn from what's on the public record. The "AV companies write the viruses themselves!" bollocks is, well, bollocks. It's obviously not a test of anything. And the spotty teenager would have had his bedroom door kicked in with Standard Issue within a couple of hours, for extremely obvious reasons.

Tom Paine Silver badge

Re: @Robert Helpmann?? Don't just do something! Stand there!

What they don't seem to have done yet is carried out significant research or spending on safe drone disabling or capturing technology.

Of course not. Why would they? I'd be pissed off if they had, to be honest.

Tom Paine Silver badge

...SUBS!

Nobody knows quite why they haven't been caught yet, though one theory is that they may be environmental rights terrorists.

Are environmental activists uncatchable, then?

Tom Paine Silver badge

We don't yet have a large enough sample size of cases like this to study, from which we could draw conclusions about the deterrent effect of more severe sentences. (At the time of writing, n=0, as the perps - if any - have yet to be found or motive etc established.)

To pick some groups who've been speculated about - jihadists, eco-whatevers, engineering students out looking for lulz, highly sophisticated criminal gangs pulling off Italian Jobs, sinister politicians conspiring with MI5 and persons confused about the best way to express their opinions about Brexit -- all have a different propensity to think again in response to another year on their possible sentence.

Arguably, as there's no precedent for the purported attack, there's no deterrent at all. There are no previous perps they could look up and think "Hey, this guy shutdown Stansted for 18 hours and got 12 weeks and 1000 hours community service!" or "...had his goollies cut off"* , as the case may hypothetically have been.

* With apologies to Jones, Smith and Stephenson https://youtu.be/p6aQC-1-GF4

Tom Paine Silver badge

Re: Think abouit it

Shake up, weeple!

Tom Paine Silver badge
WTF?

Guys...

Now don't shoot the meesenger, OK?

Police tell BBC News they “cannot discount the possibility that there may have been no drone at all”.

https://twitter.com/TomPugh212/status/1076874388761440260?s=19

Yeah, that's pretty much what I said, too. I shouldn't really have sneaked a look a Twitter during the service, but the family were very understanding when I showed them.

50 years ago: NASA blasts off the first humans to experience a lunar close encounter

Tom Paine Silver badge

...teams from the Marshall Space Fight Center worked to reassure nervous NASA managers that a further uncrewed flight of the Saturn V was not required, demonstrating on Saturn test articles that their solutions to the Apollo 6 vibration issues would work.

But they didn't. Little known fact that one of the near-misses that came really close to killing the entire crew of Apollo 13 was massive pogo that developed on one engine that was so severe it bent the mountings 24" (yes, inches) vertically out of true. Another few seconds and the first stage would probably have broken up. As luck would have it, for reasons that were and remain unknown, the malfunctioning engine spotaneously shut itself down. IIRC this was /not/ as s result of the pogo - not directly, anyway.

Tons of fascinating detail (and more likely to be correct than my recollections from reading this article years ago) : https://www.universetoday.com/62672/13-things-that-saved-apollo-13-part-5-unexplained-shutdown-of-the-saturn-v-center-engine/

London's Gatwick airport suspends all flights after 'multiple' reports of drones

Tom Paine Silver badge

Re: Multiple drones/operators/battery packs?

....we have utterly failed as a nation.

The Daily Mail and BBC comments pages are just down the hall. Just follow the rolling eyes

Tom Paine Silver badge

Re: Multiple drones/operators/battery packs?

I's easy to buzz an airfield with a non-geo-fenced UAV. Doing so without burning through a lot of drones and/or getting caught will turn out to be a lot harder, especially now every airport will be on the lookout and will know what to do next time. Prediction: a few amateur copycats will caught in the next year or so.

These guys are not amateurs.

NASA spots asteroid on crash course with Earth – with just hours to go

Tom Paine Silver badge
Trollface

Oh no, not again

When a serious civilization-threatening asteroid approaches, our best bet right now is to either leg it or batten down the hatches, and make sure we have a space program to keep some survivors safe off-world.

To preserve the species from an impact capable of destroying civilisation, you need a colony with sufficiently large population and industrial base to be ENTIRELY SELF-SUFFICIENT on decadal to century timespans. Spoiler alert: never going to happen/.

(By "self-sufficient" I mean "capable of building and launching crewed interplanetary spacecraft from scratch, starting with digging out the titanium ore".)

Bear in mind too that incidence of quality engineers is maybe 1 in 10,000 of the population.

See what I mean? NEVVVVVER GONNA HAPPEN.

I have to pick the troll icon even though I'm perfectly serious and this is surely obvious to anyone with half a clue who thinks about the problem for 5 minutes, because there are an awful lot of Trekkies here who seem to think it's a documentary.

Biting the hand that feeds IT © 1998–2019