* Posts by Kevin Fairhurst

168 posts • joined 25 Aug 2008

Page:

WPA2 security in trouble as KRACK Belgian boffins tease key reinstallation bug

Kevin Fairhurst

Re: ...the attacker would have to be on the same base station as the victim...

As with all these things, this starts as “has to be on same base station” but people will work out a way to replicate this approach without having to authenticate first...

In the meantime, disconnect from public WiFi...

7
2

Rejecting Sonos' private data slurp basically bricks bloke's boombox

Kevin Fairhurst

I'm not sure why Sonos haven't...

Enabled firmware updates with a new *feature* that can be enabled/disabled, depending on whether or not you agree to the dta slurp.

Oh wait, that would mean very few people would agree to it, whereas with this method, people are coerced into agreeing!

I wonder how many T&C changes there have been where this kind of thing hasn't been noticed... how many jokingly added the Human Centipede clause? Does one unworkable clause render the whole agreement null and void?

6
0
Kevin Fairhurst

I do believe that was the point... your child may not be able to agree to the terms, but they are capable of clicking “ok” buttons to get things working again...

73
0

Want to keep in contact with friends and family without having to sell your personal data?

Kevin Fairhurst

Sounds tempting...

especially if you can get a shared google calendar on there...

(of course, for about the same money you can roll your own with a Pi, camera & a touchscreen monitor, but it won't look as nice)

3
2

Brit uni builds its own supercomputer from secondhand parts

Kevin Fairhurst

Re: Eeeew

And yet still you drink it...

10
0

US engineer in the clink for wrecking ex-bosses' smart meter radio masts with Pink Floyd lyrics

Kevin Fairhurst

If he hadn't been so stupid and done something that caused the towers to disconnect, he could have done something considerably worse for the companies involved e.g. Adjust all meter readings down by a given percentage, thereby reducing the bills of all customers...

19
0

Tory-commissioned call centres 'might have bent data protection laws'

Kevin Fairhurst

Apparently the CEO is an ex Conservative MP candidate, and a party member, so almost certainly a definite link!

11
0

Homes raided in North West over data thefts from car body repair shops

Kevin Fairhurst

Someone drove in to the side of my vehicle a couple of weeks ago, as I was on a dual carriageway. Got a call last week and the caller knew all about the accident, and made it sound as though he was from the third party's insurance company. Started going on about putting a claim together on my behalf to cover any injuries or twinges I might have experienced, with a value of £1500. At this point I asked him to call back as I was busy with something.

When he called back I got him to clarify who he was calling on behalf of, and it turned out to be a company called Motor Assist. Apparently they're a personal injury specialist, and are not affiliated with either my insurance or the third party's insurance.

So I asked where he got my details, and he said he got them from the central Motor Insurance Bureau Database, where all accidents are logged. He claimed that they had access and got the details from there. He got very tetchy when I paraphrased him and said "so you were scanning down the database for accidents to see who to cold call?" - refused to accept that they were doing anything so awful!

After answering a couple of questions negatively (Did anyone else send you the details? Did anyone else access the database and send the details on to you?) I restated my previous comment that they had been scanning the database for accidents for people to contact, as the data isn't going to magically extract itself. He went off on one before hanging up on me. Shame It was a withheld number or I would have made sure it got reported!

9
0

User jams up PC. Literally. No, we don't know which flavour

Kevin Fairhurst

Re: You missed out

But if you didn't make the requisite blood sacrifice when dismantling/reassembling, you knew for a fact that it wouldn't work when you tried powering it on...

15
0

Parents have no idea when kidz txt m8s 'KMS' or '99'

Kevin Fairhurst

Re: More parental fun

A standard filter like you suggest cannot check that the kids have done their chores, homework, etc. It also cannot block devices on the nights when the kids aren't allowed wifi (which can change from week to week).

So resetting it daily to me is the best option.

Of course, this is on the kids wifi network... they're not allowed on the grown-up network where the password doesn't change :)

0
3
Kevin Fairhurst

Re: More parental fun

Install RMerlin on an Asus router, and implement a script that resets the wifi password to a random phrase at 10pm each evening...

2
0

Devs reverse-engineer 16,000 Android apps, find secrets and keys to AWS accounts

Kevin Fairhurst

From reading the article, and no specific knowledge, my impression is that you get a "master" api key when you setup the account. This has all of the permissions needed to do everything.

You're then meant to create an "application specific" api key, which will only ever have permissions to do what is needed for that application. It is this api key that should be hardcoded in to the application, not the master key.

Additional authentication/obfuscation (to ensure it is the application that is making the api call) would always be welcome :)

10
0

Nest Cam: A compelling piece of hardware-software

Kevin Fairhurst

Also...

No mention of fitting - how do you get this connected to power, is PoE an option if your wifi won't penetrate your outside wall, is configuration easy even when adding multiple cameras?

Would also be worth knowing if any such devices can do facial recognition, allow you can add names to people, and then set it to ignore warnings when certain people arrive between certain times...

7
0

Fanbois iVaporate: Smallest Apple iPhone queues ever

Kevin Fairhurst

Re: What else can you queue up for any more?

Your mortgage is £35 a month?? How old are you expecting to be when you retire? ;)

7
0

World eats its 10 millionth Raspberry Pi

Kevin Fairhurst

There's half a dozen in our house

One in each bedroom plus one in the lounge, all running OSMC/Kodi. And a Pi Zero that I got free with a magazine, that sits on my shelf in the bedroom gathering dust!

0
0

Argos changes 150 easily guessed drop-off system passwords

Kevin Fairhurst

So how long until...

someone figures out they're just changed it all to ArgosStore123 & starts redirecting packages rather than advising people of the issue?

0
0

Thermostat biz Nest warms to home security, touts cam with cloud storage subscription

Kevin Fairhurst

Plugged in outside?

All you need to do is cover your face while you unplug it, wait five minutes, and then rip it off the wall. And the owner pays a premium subscription for this shit?

12
0

Gartner: Brexit to wipe $4.6bn off tech spending in Blighty

Kevin Fairhurst

Re: dollar = quid

Such comparisons invariably ignored the fact that the US prices always excluded any taxes, whereas the UK prices included them!

Current comments are that the top-end iPhone 7 will cost the same as the previous couple of models, i.e. $1050. From a UK perspective, we'll be paying an extra £100 if the current currency valuations were used to set the prices!

3
1

Apple TV can p0wn you in more ways than it entertains you

Kevin Fairhurst

Re: Does this mean...

Links? And does it do Netflix? :)

The best I can find for that price range appears to be the Amazon Fire Stick, which is £35. The AppleTV 3 is £50.

1
1
Kevin Fairhurst

Does this mean...

A jailbreak is incoming for the AppleTV3?

0
0

New gear needed to capture net connection records, say ISPs

Kevin Fairhurst

Re: trackmenot?

Did not know about that, thank you! Will be downloading & installing that on all my home devices!

1
0
Kevin Fairhurst

Re: A couple of points

I actually had the idea of developing a browser plugin... while you were happily surfing, it would run a google search against a random word from the OED, and load up a random result (i.e. not just the first entry on the first page). And it would keep doing this on a regular basis, as long as your browser window was open.

Not only would this overload the monitoring systems with plenty more crap data to store, it would also ensure that you had plausible deniability in the event of something untoward appearing in your ICR history...

0
0

Got an Apple Mac, iThing? Update it right now – there's a shedload of security holes fixed

Kevin Fairhurst

Re: Closed that jailbreak hole pretty quick

9.1 has been in beta since before 9.01 came out; I suspect that Pangu knew that the full 9.1 release would close the hole, and therefore released the jailbreak for those willing to put tweakability* before security.

* having insisted on only getting an original iphone once they could be jailbreaked to allow unlocking & custom apps to be run - remember this was before the original app store launched - i have now gone the other way; I no longer see a value in jailbreaking, as it causes more problems than it solves. e.g. my online banking apps can tell if the phone has been jailbreaked, and thus they refuse to work!

2
0

Bosch, you suck! Dyson says VW pal cheated in vacuum cleaner tests

Kevin Fairhurst

alternatively

get a dog :)

4
0

Amazon Echo: We put Jeff Bezos' always-on microphone-speaker in a Reg family home

Kevin Fairhurst

Bit pricey in the UK currently...

So based on the Amazon RRP of $180, and today's exchange rate, and add VAT, and you're looking at £140. So to allow for currency fluctuations, it will probably retail for £150 if released in the UK.

Looking on Ebay, they're going for £230-240 for UK stock (i.e. it's already been imported). Even allowing for postage & VAT/import duty, that's quite a markup!

Apparently most things work reasonably well, although it helps to have a VPN to hide the fact that you're in the UK. I think it would get a huge amount of usage in our house, and I would be all over it like a shot if it wasn't quite so expensive currently! Hopefully Amazon UK will start selling it soon so I can put it on my Christmas list :)

0
0

Testing CarPlay with Apple’s most expensive ever accessory

Kevin Fairhurst

after Siri finished reading out a text message the radio failed to resume

Having used CarPlay on a Pioneer head unit for a couple of months now, this is a fundamental failing in the way CarPlay works...

If you're listening to a non-CarPlay audio source (cd, radio, hard drive full of mp3s, etc) and CarPlay cuts in to tell you about a message, or to provide a map direction, it is unable to switch back to the non-CarPlay source to resume playback of whatever was interrupted.

It works on phone calls as that acts as a system-level interrupt, and the whole device switches to the phone call and then switches back. They would need to change CarPlay to work in the same manner, which would probably make other functions screw up, so it may not be an easy fix...

Another flaw due to the lack of supported apps is that as the head unit becomes a secondary display for the phone, you cannot have the music or podcast app showing on the head unit and a different app (Waze, for example) showing on the phone! Either the music app shows on both, or you have Waze on the phone and the CarPlay menu on the head unit.

The workaround I currently use is to listen to music from the phone & use apps for radio stations if required. I run Waze on the phone for mapping, and put the head unit in Pioneer mode where you can still see track information etc. Would be good to have it all kept in one "system" but that would require "splitting" the display so that the head unit was seen as a second screen rather than just the first screen remapped...

3
0

332M Kick Ass pirates get asses kicked by scareware ass-kickers

Kevin Fairhurst

Other than the reporter...

There surely can't be that many visitors to that website who don't have adblockers on in full. Assuming they're actually visiting the site directly, and don't just have an automated system to do the dirty deeds for them (eg SickRage, HeadPhones, CouchPotato)

5
0

Crash Google Chrome with one tiny URL: We cram a probe in this bug

Kevin Fairhurst

Re: RE: Dear Coders - Rules You Learned in Kindergarten

It's getting on for 20 years since I studied it at uni, but there are methodologies to development and testing that you simply have to follow when working on critical or embedded systems. This allows for you to consider race conditions and unexpected input values as well as simple coding mistakes. Once you go live, patching is incredibly difficult, so yeah i imagine it is possible for someone to have gone years without a bug being found in their code once it had gone live.

I'm sure quite a number of bugs get found during unit testing, then more once your code gets to interact with others in system testing. As was highlighted, a bug in the production environment could be catastrophic - be it nuclear meltdown or planes dropping out of the sky!

0
0

Ashley Madison wide open to UK privacy lawsuits, claim lawyers

Kevin Fairhurst

Any financial institution with an ounce of sense is going to be searching the dataset to see if any of their staff are on there... there could be an increased risk of blackmail with that person, and it needs to be managed accordingly. Imagine your partner finding out through THAT rather than searching through the dataset herself...

"HI dear, you're home early, how was work? Is everything okay?"

"I've been put on gardening leave as I'm at risk of blackmail due to the Ashley Madison data leak..."

2
1

Adulterers antsy as 'entire' Ashley Madison databases leak online

Kevin Fairhurst

Textpad? It's a load of SQL INSERT statements so to do it properly you could roll your own tables together and run the scripts en masse (may take a while!) - whack in a few indexes, slap a gui on the front (with a huge number of banner adverts) and you can offer it up as a "free" way to see if your email address / name / credit card number can be found within the data archive. Just don't keep a record of what searches are made though, right? :)

(and for reference, amino_member_email.dump contains 120 occurrences of the string gov.uk)

0
0

Wanna harvest a stranger's Facebook data? Get a mobile number and off you go

Kevin Fairhurst

Having manually worked out who missed calls from unknown numbers were using this "feature" I'm just waiting for the next Android dialler that will automatically do a lookup using the Facebook API of anyone who calls...

"You have 3 missed calls from Derek. His current location is the Red Lion pub"

2
0

Nokia sells HERE maps to Audi, Daimler and BMW for €2.8 billion

Kevin Fairhurst

Re: How long before all new cars have gps/satnav as standard?

I could be wrong, but I believe that the majority of Google's live traffic information comes from Waze, which they slurped not too long ago...

0
0

James Woods demands $10m from Twitter troll for 'coke addict' claim

Kevin Fairhurst

How does he arrive at the damages figure?

Can he really claim that he has lost that much work due to some Twitter postings, or is he making it up and hoping he can con the jury?

11
2

BT hit by data centre fire: Some ISPs just love watching the net BURN

Kevin Fairhurst

Re: It depends..

It's as though they have an inate instinct as to how to cause the most damage... case in point, I was WFH yesterday and my 2yr old wanted to see what I was up to. Next thing you know he's somehow managed to press the right key combination to get my laptop to shutdown, in about half a second. I couldn't do that if I was trying!

0
0

Microsoft releases free Office apps for half of all Android phones

Kevin Fairhurst

Re: Storage...?

The actual Office application side of it is tiny; it's the virtualised version of Windows Mobile that it runs on that takes up the space ;)

11
1

Buh bye fakers? Amazon tweaks customer product reviews system

Kevin Fairhurst

Re: trustworthy i think not

Likewise... I ordered an iPod Touch for my partner's birthday present, and in instead received a shitty old film on DVD. I complained and another iPod Touch was sent out, and this time I received some crappy CD. I remember filming myself opening the second one, showing that there was no way the wrong item had been substituted in the supply chain... those items had been wrapped in the cardboard packaging at source. So I imagined it was someone at the warehouse pulling a scam (order something for themselves, make sure they picked their own order, swap labels so I get the dross they ordered, and they get the high value electronics I ordered) and asked for my money back.

I complained to Amazon about the whole scam and heard nothing back, so I posted a review warning other potential purchasers.... sadly, the review didn't last long before it got pulled :(

2
0

Everything Apple touted at WWDC – step inside our no-hype-zone™

This post has been deleted by a moderator

Blocking pirate sites doesn't weaken pirates say Euroboffins

Kevin Fairhurst

Re: Am I the only one

Ah, the Barbra Streisand effect... "We're shutting down/blocking access to site X" and everyone goes "ohh that sounds like it would have been awesome, I'll google a replacement or proxy service to access the site anyway"

It happens with "conventional" piracy (ie downloading films & music) and it happens with "streaming" piracy (where people like my dad want to watch sports matches live but physically cannot buy a legal service that allows them to see the games in this country, due to restrictive licensing deals that favour the money men rather than the fans)

19
0

Chinese cyber-spies hid botnet controls in MS TechNet comments

Kevin Fairhurst

Re: This is not true

MUSHROOM MUSHROOM!

0
0

Enjoying the Spring? Microsoft has 13 ways to fix that

Kevin Fairhurst

i get this problem on my office pc. whenever i notice it being slower than usual, i have a small window of opportunity to get in to the services and kill the wuaserv entry before it grinds my entire PC to a halt.

30-60 mins of random downtime during each working day is surprisingly counter-productive!

1
1

Sorry, Windows 10 early adopters: Microsoft Edge WON'T block ads at launch

Kevin Fairhurst

Re: Answer: The hosts file.

If you're not blocking ads at the router level, you're doing it wrong!

https://github.com/RMerl/asuswrt-merlin ftw

7
1

Bloke faces 25 years in the cooler for upsetting Thai king on Facebook

Kevin Fairhurst

and by "worried" you mean "secretly hoping that" ? :)

7
0

iBank: RBS, NatWest first UK banks to allow Apple Touch ID logins

Kevin Fairhurst
Facepalm

This isn't Apple Pay - try reading the article next time!

All Natwest have done is enable you to log in to the Natwest app using your fingerprint. In the same way the Amazon app lets you log in with your fingerprint.

You can not go in to a shop in the UK and use RFC payments with this. Worst case scenario, your phone would need to be unlocked when the thief gets it, and it has to remain unlocked while they clone your fingerprint. Then they run the app and spoof as you, getting access to your bank accounts!

Where they can either transfer money to existing payees, or arrange for a small amount of money to be available at a cashpoint if you enter a code...

3
0

Why Windows 10 on Raspberry Pi 2? Upton: 'I drank the Kool-Aid'

Kevin Fairhurst

Re: Security???

It *was* the most secure... but someone wanted to play a copied version of SWOS, and they're infected with a bootloader now :(

3
0

Strap on fitness finesse: Withings Activité Pop

Kevin Fairhurst

Currently £24.99 from an online retailer known as Amazon...

0
0
Kevin Fairhurst

Having picked up the Withings wifi scale for £20 at tesco, I was considering one of these...

However while the price tag is 1/3 that of the iWatch, it seems the usability side of things hasn't been thought of at all!

And who thought that showing 100% of your goal was sufficient? What if I manage to do 12,000 steps in a day? What then??

I think I will pick up a misfit flash for about £100 less; it will still be frustrating to use, but at least I save some cash!

0
0

Is it humanly possible to watch Gigli and Battlefield Earth back-to-back?

Kevin Fairhurst
Headmaster

Re: What?

Pedant mode... Meldrew's catchphrase was "I DON'T believe it"

5
0

Acer Chromebook 13: The best Googletop on the market?

Kevin Fairhurst

Re: have they sorted out the lack of citrix yet?

Replying to myself in case anyone else is interested... Apparently event the native Citrix chrome app requires StoreFront so if your IT department is sticking with the Web Interface (which is the case where I work) then you're still outta luck :(

0
0
Kevin Fairhurst

Re: have they sorted out the lack of citrix yet?

No, it's the Citrix Receiver. They canned it and said use the HTML5 version. But you could only get that downloaded and installed if your IT dept had signed up to a certain level of Citrix support; it wasn't a standard client as with windows etc.

A quick Google suggests that they finally saw sense and re-released a native receiver app last August - probably about a week after I gave up on chrome books when I was last looking :

http://techcrunch.com/2014/08/21/google-and-citrix-team-up-to-make-chromebooks-more-attractive-to-businesses/

0
0
Kevin Fairhurst

have they sorted out the lack of citrix yet?

or do you still have to have your own citrix shop at work (or whatever it bloody well is you need) ?

0
0

Page:

Forums

Biting the hand that feeds IT © 1998–2017