I usually start whispering in an attempt to get them to turn up the speaker volume at their end before suddenly unleashing the deafening noise.
308 posts • joined 16 Jun 2009
Fake broadband ISP support scammers accidentally cough up IP address to Deadpool in card phish gone wrong
The fix is just as bad
Now the software relies on a key that only Sennheiser privately keeps a copy of.
So they've just appointed themselves as a root CA. Wait until that key leaks and...
What would be better in this case would be to generate a unique key on install. If it's only to authenticate 'localhost' then no-one else needs access to that key or to trust it. Plus if an attacker manages to steal a key off someone's installation, it will affect .. no-one else. If they have access to be stealing private keys, your system is already hosed without Sennheiser's help.
Re: Giving the vendors a choice will give the users a choice
If you have enough knowledge about firewalls and how the Mikrotik works, it is a great bit of kit, but for the average user the default configuation leaves a lot to be desired.
It is quite obvious that Mikrotik devices are not aimed or marketed at the average home user. It's quite obvious from the feature-set, UI and documentation that these devices are aimed at networking professionals who should be expected to be able to secure their own stuff. I wouldn't recommend Mikrotik kit to Joe Average for the same reason I wouldn't recommend Cisco, Checkpoint, Juniper etc. etc.
However, for those that can handle them, they provide huge capability for the price.
That said, there's no need for insecure by default.
Re: We've asked the Information Commissioner's Office to confirm it is aware of the issue. ®
PlusNet store your password in plain text
.. or at least encrypted in a reversible fashion.
Whilst this is not best practise for storing credentials, the PPPoE layer uses CHAP authentication. I've not kept up with PPP authentication methods but a few years ago at least, the options were send in clear, some sort of CHAP variant (where the server needs to know your credential in clear) or something proprietary that will restrict the type of router you can use. At this layer, they are making the best of a bad set of options.
and will email it out to you
This is where it all falls down though. They use the same credential store for access to manage your account and has accessible mechanisms to discover it. To my mind, they should be making every effort to make the credential store a 'write only' system.
Re: 'It's not clear whether he also has a FB account or whether he's a non-account'
But that's the thing with the GDPR, the potential fines are quite large.
If someone has the will (and I'll admit it's probably quite a big if) then this sort of case could cause some massive changes of behaviour in the tracking and advertising industry. Probably just for European end users though. It will either cost a shed load in fines or a shed load in lawyers fees (and then hopefully a shed load in fines on top! - Hey, I can but dream)
Re: 'It's not clear whether he also has a FB account or whether he's a non-account'
Let's take the thought exercise a bit further ..
They have a bunch of data that is classed as personal. You may even go so far as being able to deanonymise some of it making it potentially identifiable (don't ask me how, but the deanon crowd can be scarily inventive when they get a hold of big datasets).
For any particular data element, they can say that they don't know who it is about. Therefore there is no way that they can evidence any informed consent for the collection and processing of said data. The individual is not (necessarily) a user of Facebook so there is no way that the data is collected as an essential part of any service provided to the individual. Therefore, as far as I can see, they would have no legal basis to keep hold of the data and should therefore delete it.
That will probably save them megabucks in storage costs ;)
Re: 'It's not clear whether he also has a FB account or whether he's a non-account'
Why does it matter whether he's a member or not? It's personal data that they have collected about him.
From a technical aspect, if he's a member it should make it easier for them to extract and collate the relevant data. If he's not a member, they have no justification or permission whatsoever for collecting and processing that data in the first place.
I had that same situation. It is likely a 'problem' with the configuration or provisioning of your SIM. I also thought it was because I was using a non-network phone. However, the last time I bought a new handset I needed to migrate to a nano sim. I made the mistake of getting a replacement sim (free and pretty much instant process in the local store). Ever since then it has been properly registering 'tethered' traffic.
Re: F1 is a Car Crash
They do need to sort out the media rights again. Hopefully something more along the lines of what Formula E are doing
.. giving it to a broadcaster that does not care about it enough to show it consistently. You have to play guess the channel does not lead to audience retention. Will the next race be on Five, will it be Spike or will they find some other channel to dump it on.
their emphasis seems to be on fan engagement and large audiences.
Fanboost needs to die in a fire. Having a popularity contest contribute directly to the available power a driver has isn't racing. Sam Bird is at a massive disadvantage, I reckon most Brit racing fans are traditionalists so he never wins the vote yet he still brings home the points.
An next year's Formula E car looks like something straight out of the Hot Wheels factory
yep, the Gen2 car looks hot hot hot. They actually designed in the halo instead of just plonking it on top like a pile of scaffolding.
I love F1, i also love FE. I don't understand the "it's slower" argument. The cars in an F1 race are going slower than in Qualy yet you don't say there's no point in watching the race. The enjoyment in the race is in watching the drivers getting very close to each other indeed and battling to get past/stay ahead through corners. there's typically much more of that in FE than there is in f1 nowadays. That said, both series were blessed with cracking races this past weekend.
Re: Might not look scripted, but they've prearranged the interviews and for how long in advance.
Pretty much all of the gridwalk interviews is based on spur of the moment judgement, luck and being well-known enough that the drivers want to talk to you.
Brundle is pretty much the king of the art. I do remember one (not by Brundle) where the hopeful interviewer didn't have any luck. the entire gridwalk was basically repeating "Let's go and speak to <x> ... oh, he's gone to the toliet"
Keep it light, and keep doing something. Even if it goes horribly wrong the viewer will hopefully let out a sympathetic chuckle.
Re: Note to Nvidia
Why is it 'abuse' anyways? and why is one type of 'abuse' a licensing issue an another ain't?
if I decided to massively overclock a card, push 1KV where it's expecting 5V or dissolve the thing in acid, that can be construed as 'abuse' of the card but no-one is gonna come round and try and sue me for doing so, the worst that would happen is laughter if I tried to claim a replacement under warranty.
Consumer cards aren't designed to be run at full power 24x7. OK, state that and state that it's not covered by warranty if it breaks, that should be the beginning and the end of ir.
Re: Don't open unexpected attachments
Malware can harm a company even without elevated privileges. Even if everything a user has access to is regularly backed up, a ransomware attack can still cause great disruption and expense.
Whilst there are gateway systems that can extract all "non-active" content from incoming files and just deliver that, they are not perfect, can throw away important content and are currently insanely expensive. Until that sort of system is perfected and commonplace, this sort of attack vector is going to be a massive risk.
Although we don't expect normal staff to "be" security guards, we expect them to not open the fire exit doors because some randomer wants to be let into the building. (That said, we all know that people hold open access doors for unknowns far too often) A bit of awareness is not an unreasonable thing to ask. Yes, mistakes will happen from time to time but "don't click links or attachments in unexpected emails" and awareness that emails may not be from who they say they are should not be difficult concepts for anyone performing pretty much any task in an organisation.
Re: Farewell Sonos
If you did own a Sonos I wonder if changing the T&Cs to something you no longer agree with provides a case for you to return the goods for a full refund?
I don't believe that anyone managed it when Sony released a firmware update that removed functionality from the PS3.
IIRC, they used a similar sort of language as Sonos in that if you wanted to keep the OtherOS function, you simply didn't have to install the (unremovable) update. Though in reality if you wanted to play any games released after that, you had to install the 'optional' update.
Re: PANIC!!!!!!!!!! :-)
That test looks flawed to me.
AMT sits between the physical ethernet controller and the os.
127.0.0.1 only represents the visual lo loop back device and therefore goes nowhere near the network hardware. Even doing that to the ip address assigned to your nic wouldn't work as the kernel would know that it doesn't need to send across the network.
Try it from another host on your network towards your i7 and you will get more accurate results.
There is no licensing issue. GrSecurity's kernel are license under GPLv2 which specifically allows the recipient to re-distribute.
However, you are not obliged to re-distribute and nor are grSecurity obliged to do business with you, so if they find that you have distributed the kernel they are entirely within their right to refuse to give you their next version.
The use of the grSecurity trademark is a different matter and I suppose the usage of it depends on what they are claiming in the associated documentation.
Re: fortunately 3 do reasonable all you can eat data packages
It actually seems to be done via the SIM or network.
For whatever reason, they used to be unable to differentiate between my tethered and non-tethered traffic. I changed phone (direct from manufacturer, not from three) and realised I needed a nano SIM. Not having one of those hoe-punch style things to hand, I went to the local store where a helpful chap swapped my SIM out for free.
Result : my tethered traffic is now registering as being tethered - on the new phone and the old - no special firmware required. I can only guess that my previous SIM wasn't provisioned correctly.
As a long-term customer who doesn't (often) take the mick with the unlimited data, I enjoy a very significant discount on the unlimited service. they've bumped me off my old plan the other month but as it was the first price increase in about five or six years for me I'm not too aggrieved.
I would be very angry if any customer I looked after had had their details leaked knowing what could be on the way after such a breach of information.
if I were a Solarwinds customer in this case, I'd be worried what level of legal liability I would have to my customers if their data was involved in this.
Re: The Cloud...
That's a case in point. It was a dedicated NHS system so the 'damage' was contained with in the NHS.
Aside from a deliberate act, there's no conceivable way that, say, everyone's data can be sent to BUPA. However if they both used a shared third-party cloud platform, you cannot make such an assertion.
Re: Everybody who wants one, got one
For example, I am typing this on my Nexus 10, which is getting to be close to 5 years old. However, it still works fine, and anything mid-range I could get to replace it won't be an improvement in terms of the screen quality, which is the crifical requirement for me.
I also have a nexus10 though sadly the battery is on it's way out, after a couple of hours usage the thing just dies with very little warning ((battery monitor would be 60-70% not long beforehand). It has also started to feel a bit sluggish.
Totally agree that there seems to be nothing at a reasonable price that comes close to the screen quality - I almost wish I hadn't got used to the Nexus as then what's available now would seem like an upgrade.
Wasn't there some hysteria years ago that furbys might record voice and could be used as a spy device? This got them totally barred from many establishments even though the recording and playback was pretty much uncontrollable.
If you can change it's programming then this one could definitely be used in that way.
Of course releases are slow..
They are feature complete, do the job well and aren't chasing constantly changing standards or dealing with complex data in a changing security landscape.
That said, I agree that there's a lot to be said for stability, there should be different streams for browsers, one with feature updates and another concentrating with just bug and security fixes. I think that Mozilla have tried this with their esr(?) releases.
How can you say that the likes of vim and emacs are so much better than modern software that "feels like reinventing the wheel for the sake of it" when just in the previous paragraph you lauded Emacs' ability to render HTML.
Finally, yes if you have something written in a language or environment that can only be learned about by trawling through archive.org it should be re-written. The application is pretty much un-maintainable and the underlying infrastructure is obsolete and will therefore be crumbling. What happens if the execution environment has security issues or does not function in the next version of $OS?
Re: My 2p worth
<quote>I am not sure which of the two makes me sicker, some of the peodos are mentally ill, so some small sympathy, but the lawyer is scum.</quote>
Nope, the defence lawyer must and should do everything in their ability. The accused should get absolutely the best defence. that way any eventual conviction is rock-solid and beyond all doubt.
The laws against unwarranted searches etc.are there for very good reasons to protect society as a whole and the way of life you are accustomed to. They were put in place by people much cleverer in such things than you or I. Law enforcement should absolutely follow the spirit and intent law. By the sounds of it, the guy should absolutely be put away but he should have been caught in some other manner.
However, quite how a 'borderline' still from a known child sex abuse video would not be sufficient to get a warrant (wether the still was indecent or not) is beyond me.
Re: 'The capacitive buttons ... make it vastly easier to operate the phone in the car'
That has always been the case, the law has not changed. Anything that distracts you enough so that you are not paying enough attention to driving - whether that be a phone call, fiddling with the radio or talking to the person in the passenger seat - is dangerous and can lead to a charge of driving without due care and attention. The hand-held mobile law is different as it is illegal even if it isn't obviously affecting yur driving at the time. I think that the penalties have changed recently though.
OVF doesn't work
.. At least with vmware.
It's a great idea to allow interoperability between hypervisors. As the article says, the knowledge needed to convert between formats is well known and ovf was intended to be the standard to enable that. However, when the best known play only pays lip service then you have to ask what's the point...
Create a vm in virtual box and export as an ovf. Now try and import into esx or (shudder) vcloud. Even though all the required information is present in the ovf, vmware refuses to register the vm. You need to read the hardware details from the ovf, manually convert the virtual disk and manually create the vm. Btw, the import tool can clearly parse the ovf configuration and the disk conversion tool is part of esxi.
I hope that people have it better in the hyper v and xen space but from my experience ovf has failed.
Re: Haven't they just been given oodles of cash to protect us agains this kind of thing?
Because their website has zero operational impact and pretty much zero value to them.
Unlike most businesses, no-one is going to use their website in an attempt to use their services. The site is totally distant from their operational networks, it is pretty much a place to put out press releases and PR material.
Given that an outage has no impact, there is no ROI on spending thousands on DDos protection - money that could be far better used doing what they are meant to be doing.
There should be other (ralated) mandatory stickers in bright red on white in inch high text like
WARNING : This product sends your information to other people
WARNING : This product will be an expensive paper-weight when <company> closes or decides it does not want to continue running it or wants you to upgrade.
Anything requiring those stickers don't go near my home.
Re: nonce field - unfortunate choice of name
I never fail to giggle at it, but 'nonce' is a long established term in the fields of crypto based authentication. It is just a random blob of data that is generated on demand. basically it is unique and unpredictable so it can be used to establish a challenge for proof of possession of a key and a differentiator between different transactions.
As the actual value is irrelevant I guess that the name comes from a contraction of nonsense.
Re: Still Undecided
In partial defence of C4 as I totally agree with your thoughts about that other show (which was a totally different set of circumstances) ..
The BBC clearly didn't want F1 and were trying to do so in as quick a way as possible. So C4 picking it up has been a very good thing indeed. Whilst they haven't done quite as well as the BBC did in previous years, their coverage hasn't been too bad and also their live race sessions are broadcast advert-free (which wouldn't happen if a more commercial terrestrial channel picked it up).
With regards to EJ, he is essential viewing in the F1, his knowledge and insight is second to none (I don't believe any rumour until he has repeated it) but in TG he was totally wasted - not that I suppose he minded being paid to travel 1st class on the orient express.
One of my big annoyances is the way that Samsung do updates.
Each update is mandatory and takes an age to install. The annoying thing is that it doesn't check and apply updates while it's in standby, oh no. Clearly the absolute best time to do so is when the user says that they actually want to use it.
Yeah, can have video on deman... Just as long as you give half an hour's notice first.
Re: Who uses the internal TV smarts?
Me. It means that you can have a neatly wall mounted tv and not have to juggle with remotes etc.
A device that is a hdmi stick and uses the hdmi ethernet channel and integrates with the tv remote viahdmi-cec would be an ideal solution. Unfortunately it seems that no one wants to make one.
Re: Article 50
That has been the poison-drip from the Murdoch press
Successive governments have been to blame for this and they've allowed the press to fan the flames. Over many years, the blame for anything that could be seen as unpopular (regardless of the issue) has been placed with the EU., "It's not us, guv.. those forriners are making us pass these laws"
A case in point (one of many) is in food hygiene. At some point in the past, the UK gov passed laws forcing butchers to store cooked and fresh meat in separate coolers. This cost businesses a fair amount of money to implemented and caused a fair amount of wailing and gnashing of teeth. The presence of the law was blamed firmly on the EU. As France hadn't yet enacted such laws, some butchers were up in arms about how unfair and unbalanced the EU clearly was.
So... forcing you to reduce the risk of poisoning your customers is a bad thing., and of course you are going to lose business as your customer walking down the high street is going to see the price increase needed to pay for this in your shop (and all your local competition) and then therefore go over to France to get some bacon.
If past governments had grown some balls and pointed out that many of these rules (I'm not saying that this applies to every rule made over the channel) are a good idea and explain why it won't put most people at a disadvantage instead of weaselling out of it then we probably wouldn't have the strength of anti-EU feeling that has lead us to this.