* Posts by robidy

142 posts • joined 11 Jan 2010


US midterms barely over when Russians came knocking on our servers (again), Democrats claim


Re: Always blaming Russia

Not sure if you've read the court filing but the theft of internal Amazon architecture isn't a list of Russian IP addressses...I think you're in Friday night beer goggles mode. The are also the best part of 111 pages of stuff not listing web site probes from Russian IP's.

We all see port scans everyday...that's not a problem they are on about.

South Korea reckons mystery hackers cracked open advanced weapons servers


Re: Good heavens

China trying to derail Trumps Korean peace deal....would be handy for thsm if the norks copped the blame...would also benefit Russia.


Donald Trump for all his faults is doing just that with trade tariffs on Chinese imports...AND profiting from said tariffs.

Say GDP-aaaRrrgh, streamers: Max Schrems is coming for you, Netflix and Amazon


Until they face a multi million/billion dollar fine.

Then sudden the cry the and scream that the nasty EU are picking on them.

Microsoft partner portal 'exposes 'every' support request filed worldwide' today

This post has been deleted by a moderator

Marriott: Good news. Hackers only took 383 million booking records ... and 5.3m unencrypted passport numbers


Re: Huh?

Says a lot for duediligence they didn't do or a bizarre risk acceptance if they knew about it.

GDPR: Four letters that put fear into firms' hearts in 2018


GDPR isn't pronounced as a word...I suspect it's actually an initialism as opposed to an acronym.

However if we move from the realms of the English language to geekery then WTF, ROFL and CUNT are called acronyms but are technically initialisms.

Of course MYSQL and SQL could be either or a hybrid.

So this boxing day everyone's a winner ha ha :)

It is with a heavy heart that we must inform you hackers are targeting 'nuclear, defense, energy, financial' biz


Re: emails contain poisoned Word documents

Interesting post.

Docx and xlsx don't have the same exploit risk as doc and xls.

Hence doc being the transmission vector of choice for miscreants.

I'd consider allowing docx and xlsx and analyse my logs to see if they supported that hypothsis...while still blocking encrypted ones.


Really, that's no guarantee...a compromised server accessed via an anonymous vpn..or three...job done, how do you find them.

I trust you don't work in tech security.

Taylor's gonna spy, spy, spy, spy, spy... fans can't shake cam off, shake cam off


Ah, Taylor Swift....clothes make ready for Yoda.

Huawei CFO poutine cuffs by Canadian cops after allegedly busting sanctions on Iran


Re: Canadians as puppets

It's no just Americans, it's also commonwealth countries.

I'd avoid letting my view of Trump cloud my judgement of international security.

Trump will be gone in 2-6 years China will still be agressively protectionist.

NHS supplier that holds 40 million UK patient records: AWS is our new cloud-based platform


Re: Storing PII Data in AWS (S3)

Correct me if I'm wrong but the US Patriot Act covers US corporations regardless of server location.

The act covers corporations not their location...otherwise there would be some massive data centres in Canada and Mexico to avoid it.


Re: Bullshit Alert

Err erm, how are my or anyone else's medical records out of scope of the US Patriot act in AWS?

El Reg, this is something we UK citizens need help answering?

Warning: Malware, rogue users can spy on some apps' HTTPS crypto – by whipping them with a CAT o' nine TLS


Re: It's time to start over

To be fair, some languages allow users to make bigger mistakes more often than others.

Marriott's Starwood hotels mega-hack: Half a BILLION guests' deets exposed over 4 years


Re: Card numbers

That's exactly why innovative startups succeed in all industries...a defence of the status quo as opposed to a drive for positive improvement.

You can change and improve if you want to.

You can have multiple accounts so you can do an orderly transition...heck acquirers will give you a temp account to help with the transition...you just have to ask for one.

Apple in another dust-up with its fans: iMacs, MacBooks lack filters, choke on grime – lawsuit


Re: Who is in charge?

Yes now share price is tanking...question is will they fix this...only if it drives shareholder value.


Re: Errr....

Are the down votes on @msknight's post the count of Apple PR execs who have read it?

Baroness Trumpington, former Bletchley Park clerk, dies aged 96


Re: Advocatus Diaboli

Sometimes, it's best not to advertise one's ignorance.


I didn't think May was dead...

Just because you're paranoid doesn't mean hackers won't nuke your employer into the ground tomorrow


Re: Paranoid

In the the tech world it's paranoia...everywhere else worrying about the threat/competition is being an entrepreneur

Qualcomm: Welp, there's a $5bn-ish Apple-shaped hole in the books, but at least we have other chip buyers


Re: Qualcomm is dreaming

If the consumer is told it's faster than a home Virgin or BT connection AND you can take it with you then 5G will be a masssive hit.

Mobiles have replaced landlines so home broadband could be next.

FYI: Drone maker DJI's 'Get it on Google Play' website button definitely does not get the app from Google Play...


Re: Police Drone Use

My comment was ironic :)


Re: Police Drone Use

Ha ha! I thought my comment about the Police was outrageously ironic...does this mean 50% of El Reg readers are American or have they been infiltrated by the Chinese thought Police.


Users will forget to turn security back on after loading a non-play store app.

Chinese company DJI will have a list of these users.

No UK Police or other law enforcement have ever used drones, let alone any from DJI.

Of course Chinese companies and the government would never dream of doing anything with this info.

Virgin Media? More like Virgin Meltdown: Brit broadband ISP falls over amid power drama


The internet or the status page ;)

UK's Openreach sends full fibre to Coventry


Re: Removing the copper cuts us off

Remind me how a sip phone or homehub router work in a power cut?

Rural places have multiple power cuts a year...often for hours...

VirusTotal slips on biz suit, says Google's daddy will help the search for nasties


Re: owned by google

Think it through...virus total uses AV packages to scan files.

It includes Russian, Chinese, American and European vendors amongst others.

Are you suggesting Google have hacked into all these vendor's packages?

Are you suggesting no one ever double checks the results?

Now here's an idea: Break up Amazon to get more shareholder cash


If all retailers paid Amazon levels of tax we'd have a massive budget issue.

Why shoild bricks and mortar retailers subsidise Amazon's agressive tax avoidance?

British Airways hack: Infosec experts finger third-party scripts on payment pages


The domain was registered by the miscreants...are there not http headers to limit this.

There are a number of basic things that could have been implemented to expose parts of the hack that weren't.

Yet again the basics being missed cause a cluster f***.

So yes, the lesson (still) to learn is get the basics right before blowing millions with IBM or whoever.

Dear America: Want secure elections? Stick to pen and paper for ballots, experts urge


Re: It doesn't matter if an OMR machine can be hacked

There in lies the problem...you are assuming all machines need to be tampered with.

You only need to tamper with sufficient machines, to cover the winning margin+1 vote.

Anything else is a waste of resources you could use hacking other things.

However if your're on the voter machine security side, you must secure ALL voting machines for the election to be credible BEFORE the election.

This changes AFTER the election dependent on tbe result...i.e. you need the winning margin-1 to have been secured.

$200bn? Make that $467bn: Trump threatens to balloon proposed bonus China tech tariffs


It's a back door tax on profitable tech companies like Apple and Amazon.

It's actually quite clever....must be a side effect of a Trump policy.

Tech manufacturing is already starting to move away from China so it's a double win for Trump...though can't see it moving on shore...more likely to SE Asia and then Africa.

'World's favorite airline' favorite among hackers: British Airways site, app hacked for two weeks


Didn't that go to TSB?

Congress wants CVE stability, China wants your LinkedIn details, and Adobe wants you to patch Creative Cloud


When did u rename it?

Are you confident your security is good?

Could evidence a more recent data breach at Linkedin.....


Re: CVE Funding

The industry (closed and open source) has had over 3 decades to do something.

The only notable action was Google's and that is hardly adequate.

The alternative is not worth contemplating.

Windows 0-day pops up out of nowhere Twitter


Re: "and their dog being able to use the Administrator account"

Cisco wouldn't do that ha ha ha plop...

Netadmins: Grab a plate and wander down El Reg's network buffet


Nice click bait...where's the free food for my plate...is there free alcohol too?

Everyone screams patch ASAP – but it takes most organizations a month to update their networks


Re: I dunno

If you understand the issue and you're not vulnerable or have mitigation in place that's fine.

If you don't know what the vulnerability is then you shouldn't be responsible for patching.

Patch Tuesday heats up with pair of exploited zero-days squashed – plus 58 other vulns fixed


Re: 70 updates with no restart?! What magic is this?

Err, erm no...you'll need restarts on devices.

BlackBerry claims it can do to ransomware what Apple did to its phones


Nah, any decent ransomware wipes shadow copies before encrypting.

Shock Land Rover Discovery: Sellers could meddle with connected cars if not unbound


Re: GDPR to the rescue

Staff take their annual holiday quota in one go?

US Homeland Security warns of latest hacker craze – ERP pwnage


Re: "segregation of duties"

It depends on implementation.

It's a very good layer in a properly secured system to help prevent internal abuse.

It's also a very good tool to help reduce the level of access each user account has.

Having one user with complete control and acess means you're only one USER mistake away from total loss of system control to miscreants.

Oh boy: MPs prepare to probe UK.gov's digital prowess and tech savvy


Re: @ robidy

Your tone of questioning implies you're trolling.

Public records you've already read answer your own questions and show we live in a democracy.


Re: @ robidy

But the post was about people elected to the house of commons...at present less than half are part of the government so you category is in a minority.

I guess next you'll point out I'm picking on a minority group...


Re: House of Commons Science and Technology Committee

I was of the same opinion so I stood, got myself elected and made a difference.

There's nothing to stop you doing the same if it matters to you.

If you don't vote and don't stand I'm not sure I would entertain your right to complain <cue python sketch>


Re: House of Commons Science and Technology Committee


Given we the general public voted for them, they are a reflection on our collective decision making, as those opposed were unable to persuade enough people to vote for those not elected

UK.gov commits to rip-and-replacing Blighty's wheezing internet pipes


Re: scrap HS2 use the "savings" to get BT's fibre network up to scratch

BT already have their pound of flesh from OpenReach...why not use it to fund a loan to build a national fibre network to every home and work place with a phone line?

Whay should it go to BT's "profits" as opposed to accelerating a fibre to the home rollout?

It will benefit BT in the long run just like the national copper/aluminimum network has in the past - companies need to focus longer term not short term hand to mouth when it comes to national infrastructure.

Not to mention solve the problem of us having worse internet connecticity than much of the world including some 3rd world countries. I had better 3G coverage in the remote Atlas mountains over a decade ago than I get NOW in rural England!

The UK didn't get where it is today on thinking small....Stephenson...Brunel...Whittle...Baird...let's do something amazinglets make FTTP a reality!


scrap HS2 use the "savings" to get BT's fibre network up to scratch

Why don't we -

1. Scrap HS2 and the others in its collection.

2. Take the money and FORCE BT Open Reach to take it as a loan.

3. Charge a decent interest rate like ventre capitalists do.

4. Require BTOpenReach to deliver 1GBps connections to anyone that orders it for the same price as current FTTP.

5. Also require them to upgrade all exchanges and active lines to FTTP starting with rural areas slowly working into the cities to reduce rural brain drain.

If BT object, take back the national network and cancel the BAD sale and lease back deal(s) on all the exchanges and other bits then properly open access the network.

We just love small firms, screams UK.gov after palming AWS UK £4.1m


Obviously this class of small business is based on tax paid.

So, one assumes they didn't want to embarrass Amazon by calling them a micro business.

It's time for TLS 1.0 and 1.1 to die (die, die)


I thought that's why seat belts etc. get retro fitted.


Biting the hand that feeds IT © 1998–2019