Posts by Richard 12 6094 publicly visible posts • joined 16 Jun 2009
That's not true.
The problem is almost always that some "security" gets imposed from upon high that is impracticable if not impossible to use, or doesn't even work.
Usually both.
Eg a lot of these systems require the nurse to remove gloves and re-scrub multiple times during a patient contact. Not possible in the real world.
When the organisation is large, you don't know most of the people in it.
Most people think Teams is only for internal communication.
So if someone contacts you on Teams and claims to be from your corporate IT dept, most people will probably believe them.
Yes, there might be some UI hints, but that's basically useless as nobody has ever been trained on Teams UI - and nobody ever could be, because they change it without warning every few weeks.
When you control the actual hardware.
There are several well-known ways of creating nearly perfect entropy using actual hardware components.
A warm diode, for example.
However, a given design produces entropy at a specific rate, so will stall if a system consumes it faster than it can be created.
The real issue is often that the hardware rng won't tell the kernel how many bits it has available.
For example, today I ran into an issue with macOS code signing. Something Gatekeeper does when moving builds between buildbots made signing fail.
I searched for solutions, and every single one of them said "Disable SIP".
So there's two ridiculous issues. Codesign is somehow incompatible with Gatekeeper, and Apple haven't documented what Gatekeeper does - which is probably why codesign fails.
It happens all the time. Microsoft, Apple, AWS etc ship a new security feature, but refuse to document what it does or how to use it properly, even internally.
So everyone turns security features off, and we end up with systems that are even less secure than before.
Insecurity by obscurity, one might say.
Every new development gets a note from the water company saying "please don't discharge rainwater down the foul sewer, unless it would cost something to avoid this"
And whaddya know, all new developments just dump the rainwater down the foul sewer - and then the water company simply dumps raw sewage into the rivers and beaches for half the year, with no consequences.
It's a total failure of legislation. The water company should be held directly liable, at an existential risk level, and developments required to deal with their own rainwater. If that costs too much, then don't build there - it costs a lot because it's a bloody flood plain!
Any amd64 emulation would defeat it, because those implement what an amd64 processor like an Intel or AMD is specified to do - not what they actually do, internally.
So while the emulation will go ahead and use the real hardware in a fairly efficient way, the exploit sees what should happen, not what does happen due to bugs imperfectly hidden implementation details.
It is absolutely certain that well-funded criminal gangs are routinely decrypting TETRA, and have been for many years.
It is also practically certain that several forces within the EU realised this, and that is why this investigation was funded and carried out.
"We're pretty sure X is listening in on our TETRA" is by far the most probable reason for doing this research in 2020-2021. After all, there was a lot of other things happening around that time.
There's no way a fishing expedition would get funded - but a "Damn well find out HTF the bad guys are doing this, so we can stop them" would.
TETRA certainly has been cracked, repeatedly, by many actors, state and criminal.
This is merely (probably) the first published one. Criminals and state actors tend to keep such things a closely guarded secret.
Security by obscurity is how you get vulnerabilities like "80 bits cut down to a trivially-brute-forcible number", because the vendor can claim some large number of bits while actually only using four.
The vast majority of customers don't have the expertise or budget to check for trivial errors - forced or unforced - and the ones that do are bound by contract not to let anyone know about the holes.
TomTom updates were horrific.
I bought one for the "lifetime updates" and ability to buy maps for other areas for travel.
The purchase and update application was possibly the worst piece of **** I've ever had the misfortune to encounter.
In the end, the only way I could actually get the maps was to intercept the HTTP request and download the ISO myself.
Then chargeback the map purchase because it didn't bloody work...
It's not surprising. Gates has had nothing to do with Microsoft for a long time.
SMRs are still experimental - the technology is mature (it's been used in submarines for ages), but manufacturing more than a handful at once has never been done before. It needs a lot of work before they could be built at scale.
This OCGT will be built as fast as possible, as cheaply as possible, and may even be mostly second-hand because a lot of sites have been ripping them out because they're so inefficient.
They need Internet access because they must interact with external suppliers - paying bills, confirming payroll, checking whether said supplier actually exists in the industry suggested etc.
There may be ways to avoid some of that by spreading responsibilities, but it seems unlikely.
And of course, secretaries do a huge amount of interaction with disparate external suppliers, booking and arranging all kinds of things.
I refer the honourable gentleman to the concept of "updates", with their accompanying "release notes", "new version of the manual" and ongoing guidance.
I suppose Google do have the capacity to mirror a significant percentage of the Internet within a few hours of the changes.
Most companies don't.
Any jobs that require consulting documentation require Internet access these days, so everyone who actually does anything to the Google stack is going to need Internet access.
Upper management needs to find their latest set of buzzwords.
All the staff who do directly physical work like lugging boxes around, cleaning etc won't have a desktop, they'll have a phone, because they need to be on the move most of the time.
So that leaves who?
Macs regularly do inexplicable things. I know this, because I have the temerity to develop for the platform.
The moment you leave the One True Path, it all falls apart.
That path also changes every year, and you cannot just keep using your old, perfectly working software to do the needful because Apple will break it.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
