* Posts by JohnG

1387 posts • joined 27 May 2007

Page:

Lawyers for Marcus Hutchins: His 'I made malware' jail phone call isn't proper evidence

JohnG

Re: Signed a Miranda waiver form after being read his rights

"Based on the evidence disclosed so far there's nothing to suggest Hutchins was involved in packaging and deploying Kronos."

If I understood it correctly, Hutchins was arrested on the word of someone who was caught with some of the money but got a plea deal i.e. the individual actually responsible for the theft/fraud will get less punishment than someone who at best, had mininal involvment.

0
0
JohnG

"Otherwise, the standard Miranda Warning is short and explicit, and probably comprehensible on about a grade 6 or better level, and enough like the similar warning given in the UK for Mr. Hutchins to understand it unless he was really quite impaired."

The UK's equivalent of the Miranda law was changed some years ago (thanks to Tony Blair) and there is a significant difference: in the UK, there is a right to silence but a court is allowed to assume something bad about anyone who exercises that right.

0
0
JohnG

"Miranda rights are not a secret code. "You have the right to remain silent" is about as clear as it gets."

For a British person that is not true. In Britain, we used to have something equivalent to Miranda rights but it was changed... Now people have a right to silence but if they exercise that right, this can be used against them in court.

1
0

What could be more embarrassing for a Russian spy: Their info splashed online – or that they drive a Lada?

JohnG

Re: Or

"What spy, or spy-wannabe, has only one set of ID?"

Having several sets of ID is useless if you can be found on a publicly accessible car registration database, because you chose to register your car at spy HQ, so you could get out of traffic fines.

2
0
JohnG

Re: Or

"It's a really good address to have when the ordinary Russian plod pulls you over.."

It's like a "get out of jail" card when driving in Russia but could be a "get arrested and deported" card elsewhere.

1
1
JohnG

Re: No need for Russia to be a part of the EU

"The spy only needs to live legally in the EU in order to get full protection under the GDPR."

Yes - but according to their car registration data, these alleged spies all claim to live at GRU premises in Moscow, which is key to the gist of this story.

23
1

Dutch cheesed off with Russians, expel four suspects over chemical weapons Wi-Fi spying

JohnG

Re: "Expelled" Not Held -- What?!?!?

"They get caught red handed, interfering with a legal investigation, and they were just let go?!?!?"

They were travelling on diplomatic passports, with all the privileges and immunities that such status affords.

1
0
JohnG

"One kinda wonders how exactly they were caught in the first place"

I suspect the Dutch would routinely keep an eye on new arrivals with diplomatic passports but in this case, they were tipped off by British intelligence agents that the OPCW and/or other bodies might be hacked. Quite how British intelligence agencies knew of this in advance is not known/stated.

2
0

Manchester nuisance-call biz fined £150k after ignoring opt-out list

JohnG

"...and to ensure the directors don't just form another firm and repeat the cycle – the government is planning to make directors personally liable for the fines.

I thought the whole point of the "Limited" in "Limited Liability" is that the liability of directors for their company's debts is limited to debts that have not been accrued through the course of normal legal business activities. When directors allow their company to do anything that is illegal, they can be held liable for the comany's debts and can be held personally responsible for any crimes committed/their negligence. Running a company that engages in making illegal marketing calls and then folding the company when a fine arrives from the regulator seem to be exactly the sort of things for which directors should be held liable.

6
0

New Zealand border cops warn travelers that without handing over electronic passwords 'You shall not pass!'

JohnG

Re: Have fun!

"I'm not telling you the code to unlock my phone..."

If you ever visit the UK, I would suggest you don't take that approach - it could land you with a two year term in jail.

18
8

Holy smokes! US watchdog sues Elon Musk after he makes hash of $420 Tesla tweet

JohnG

Re: 5 minute recharge time

"Electricity already has VAT paid on it."

Yes, although at different rates for commercial or domestic use.

"It's also impossible to charge duty on electricity used to drive a car without charging duty on other electricity. Electricity is electricity."

That is about to change... Part 2 of the Automated and Electric Vehicles Act 2018 is all about the charging network for electric vehicles. In addition to mandating the provision of EV charging points in new property developments, on streets, etc., the act also states that future EV charging points must be "smart":

Smart charge points

(1)Regulations may provide that a person must not sell or install a charge point unless it complies with prescribed requirements.

(2)The requirements that may be imposed under subsection (1) include requirements relating to the technical specifications for a charge point, including for example the ability of a charge point—

(a)to receive and process information provided by a prescribed person,

(b)to react to information of a kind mentioned in paragraph (a) (for example, by adjusting the rate of charging or discharging),

(c)to transmit information (including geographical information) to a prescribed person,

(d)to monitor and record energy consumption,

(e)to comply with requirements relating to security,

(f)to achieve energy efficiency, and

(g)to be accessed remotely.

i.e. They want to know (via remote access) how much energy is being used to charge an electric vehicle (because they will be losing all that fuel duty). They also want to be able to turn EV chargers off and on, presumably to protect the grid.

As the feed-in tariffs for solar panels are diappearing, I foresee a market for illicit solar panel and/or home battery storage setups, where EV owners will charge their vehicles without paying the relevant tax. Unlike red diesel, the government can't put a dye in the electricity.

5
0

Fancy Bear still Putin out new modules for VPNFilter malware

JohnG

Re: Some devices are unpatchable.

Some may be able to find some open source firmware for their device but this is not a solution that normal users are likely to take. Most normal users just use their devices, rarely/never check for firmware updates and don't read articles about network device vulnerabilities.

0
0

Office 2019 lumbers to the stage once more as Microsoft promises future releases

JohnG

Re: Classified and commercially sensitive documents?

"This allows us to ensure documents and emails are encrypted at rest and in transit and when we're talking about documents stored in the cloud we have BYOK (bring your own key) and shortly HYOK (Hold Your Own Key) encryption facilities, this is all baked into Azure"

That's nice but to give an example of the problem, EU classified documents may not be transported or stored outside the EU, even if encrypted. Even if Microsoft promise to only use cloud storage within the EU for certain customers, once the data has left the customer's site, how can they be sure? After all, governments and companies in several European countries have been the subject of spying by US intelligence agencies, despite being allies.

2
0
JohnG

Classified and commercially sensitive documents?

As Microsoft push users to use their cloud, what is the situation with sensitive documents e.g. classified or with commercial secrets? Can users be sure that copies of their documents are only stored in accordance with their organisation's security policy or their country's national security legislation?

13
2

Microsoft pulls plug on IPv6-only Wi-Fi network over borked VPN fears

JohnG

Re: It’s not going to happen

"Most things are on IPv4, but there are some IPv6 only things out there..."

Like what? Nobody is going to put their stuff only on IPv6, except those trying to make a point about using IPv6, for the simple reason that they don't want to risk being invisible to the majority of Internet users. And until there are enough useful things only available on IPv6, very few people are going to bother with IPv6.

The majority of Internet users wouldn't care about not having a unique IPv4 address, even if the issue were explained to them.

1
0

Euro bureaucrats tie up .eu in red tape to stop Brexit Brits snatching back their web domains

JohnG

.ue ?

Given that English will no longer be an official language of the European Union after Brexit, one would have thought that the EU would want to grab the TLD ".ue", corresponding to "Union Européenne"

4
3

2-bit punks' weak 40-bit crypto didn't help Tesla keyless fobs one bit

JohnG

The simpler translation is that nobody will lend the researchers a horse, sorry, McLaren, to hack.

0
0
JohnG

Re: Would have been nice to target the right manufacturers El Reg

"Nope. Fair game. Tesla, which claims to be being "disruptive" by running an auto company like a tech company, should have known better than to use a 40-bit key in the first place."

Tesla didn't use a 40 bit cipher, Pektron did. Tesla bought a keyless entry system from Pektron but Pektron had used a 40 bit cipher (which is why the same problem is thought to exist on other cars using keyless entry systems from Pektron). In retrospect, perhaps Tesla should have checked what they were buying more carefully.

6
1
JohnG

Re: Would have been nice to target the right manufacturers El Reg

Yes - in particular, Pektron should be asked to explain their design choices.

5
0
JohnG

"Even if your Tesla get stolen, it has a high probability to be returned to you. I read 113 out of 115 Teslas stolen in the US were returned."

The situation has been a bit different in Europe: There was a spike in Tesla thefts in summer 2017, with cars disconnected from tracking and mothership.tesla.com at about the same time they were stolen... and they were not subsequently recovered. In the same year, a Lithuanian man was arrested in Germany, when the lorry he was driving was found to contain major parts from a Tesla stolen in the Netherlands four days before.

7
0
JohnG

Pektron

Whilst Tesla seems to be getting all the flak, their major failing seems to be not checking what was being supplied by the OEM, Pektron - here in the UK. What does Pektron have to say about this fiasco?

7
0

UK networks have 'no plans' to bring roaming fees back after Brexit

JohnG

At least two UK networks were offering "no roaming" deals in several countries in the EU and elsewhere, some years before the EU decided to impose their directive on the matter. Three is currently offering their "Feel at Home" deal in 71 countries (including EU27) - it seems unlikely they would want to reduce this number to 44, purely because of Brexit. The driver for these deals is competition, not the EU's directive.

15
4

Roskosmos admits that Soyuz 'meteorite' hole had more earthly origins

JohnG

Bung

Presumably, the ISS has a tin of assorted bungs, to fill such holes. However, I guess it could be tricky procuring bungs - When a ROSCOSMOS or NASA procurement guy says "I need some bungs", the suppliers might get the wrong idea.

5
0
JohnG
Coat

"contract expiring in April 2019" = Brexit

"Russia has warned that its days of being a glorified (and pricey) Uber for NASA's astronaut corps are coming to an end, with the current contract expiring in April 2019 and no new seats on the horizon."

Will the fallout from Brexit never end?

1
1

Mikrotik routers pwned en masse, send network data to mysterious box

JohnG

SNMP

"....the controller oddly seems to be interested in collecting traffic from the relatively obscure SNMP ports 161 and 162."

One possibility is that there is some other exploit in the wild, that transfers information using SNMP, on the basis that SNMP packets to and from almost any device would not be considered out of the ordinary and would be unlikely to trigger an IDS/IPS.

2
0

Anon man suing Google wants crim conviction to be forgotten

JohnG

Re: Let me get this straight...

"Every case should be taken on it's own merits and while I agree they shouldn't be setting up an investment business that depends on what they were convicted for in the first place."

Sunlight is a good disinfectant. Let investors have the facts and decide for themselves whether someone's conviction is relevant. If I were an investor with this guy, I would be more worried that he has represented himself in court and managed to accuse the wrong company, using a defunct company name. He seems to be out to prove the quote: "A man who represents himself has a fool for a client".

43
1

IBM slaps patent on coffee-delivering drones that can read your MIND

JohnG

Re: What could possibly go wrong?

"Swap Coffee for Beer and this could work wonders at a large music festival."

Then some folk will start fitting hooks and nets to festival flag poles, others will bring catapults,....

1
0

Nork hackers Lazarus brought back to life by AppleJeus to infect Macs for the first time

JohnG

Re: Trojans, again

"I just Googled 'Celas Trade Pro'....."

If you try those searches again but with results from any date older than two weeks, you will see nothing about hacking, trojans or stolen cryptocurrency. It is so easy to be clever with hindsight.

One of the problems with cryptocurrency mining/trading apps is that many AV products will mark all of them as malware.

1
0

How's that encryption coming, buddy? DNS requests routinely spied on, boffins claim

JohnG

DNScrypt

Dnscrypt can mitigate the problem of interference by a local ISP. It may not be ideal but provides a workaround until a better solution is found/implemented.

1
0

London's Gatwick Airport flies back to the future as screens fail

JohnG

Re: "no redundancy in the internet link"

"...the smartphone they are holding. You can absolutely use it to whine and wail on Twitter, or... I don't know... maybe look up the gate information on Gatwick's website?"

Reports elsewhere indicated that updates to Gatwick's mobile app were affected by the same fibre outage. It seems that the design was engineered to fail comprehensively.

29
2

Prof claims Lyft did a hit-and-run on his ride-sharing tech patent

JohnG

Re: Also Known as ....

"That has *nothing* to do with GPS, a technology that wasn't commercially available until about 2000."

Somewhere in a cupboard, I have a Garmin GPS 12XL, that I purchased in 1998. However, Garmin's first handheld was the GPS 50, which was released in 1991.

0
0

I predict a riot: Amazon UK chief foresees 'civil unrest' for no-deal Brexit

JohnG

No more invoicing from Luxembourg

Amazon has just woken up to the fact that, in the event of a no deal Brexit, they will no longer be able to invoice from Luxembourg or Ireland, when selling goods within the UK. This would mean Amazon would have to pay rather more tax on their UK turnover/profits than they do now.

13
3

UK spies broke law for 15 years, but what can you do? shrugs judge

JohnG

Re: Protection racket

"Who protects us from our self-described "protectors?" Apparently, no one."

This is a very old problem - Quis custodiet ipsos custodes?

6
0
JohnG

Re: I would hardly expect precise targetting

"with the amount of dipshittery that goes on in Westminster, I would argue that they should, just in case said idiot walks down downing street waving at the photographers with 50mpix cameras focused on the documents on show detailing the terrorist targets they are about to round up.....

and its no joke.... its already happened at least once ..."

But that judgement is not within the remit of the intelligence agencies or other civil servants. For better or worse, we have a democracy and the civil servants work for the government, not the other way around.

British intelligence agencies have form for getting way out of line: MI5 spied on Harry Wilson when he was prime minister, because they believed him to be too left wing and possibly in contact with the KGB.

8
0

Galileo, here we go again. My my, the Brits are gonna miss EU

JohnG

Re: Fgs

"The EU has free trade agreements in place with 72 countries representing 75% of global trade."

Are you sure? I counted 35 FTAs in force and those include territories like "Akrotiri and Dhekelia" (British bases in Cyprus), "EU's Overseas Countries and Territories", "Palestinian Authority", etc. There's no way that these 35 add up to 70% of global trade. I'm fairly sure that the trade of USA, China, Japan and Hong Kong add up to over 25% of global trade and the EU doesn't have FTAs with any of them.

4
0
JohnG

Re: NATO... And the German car industry.

The fundamental problem with using GPS for anything important is that it is a US military system and the US government/military may decide to turn off the commercial signal locally, regionally or globally, to mitigate some perceived threat. The same can be said of GLONASS.

7
0

Creep travels half the world to harass online teen gamer… and gets shot by her mom – cops

JohnG

Re: Now he can get a tattoo, "Shot by the Mom!"

I think he is more likely to end up with tattoos indicating that he is someone else's prison bitch.

4
0
JohnG

Re: Isn't he supposed to be ...

The cops have already said there may be additional charges, on top of "breaking and entering with a deadly weapon with the intent to commit rape, robbery or murder". As I understand it, this is a Class 2 felony in Virginia and could carry a sentence upon conviction of 20 years to life and a fine of up to $100,000.

7
0

National ID cards might not mean much when up against incompetence of the UK Home Office

JohnG

Residency registration and national identity cards

There are two issues: identity cards and registration of residency - the UK has neither. In many other countries, in Europe and elsewhere, citizens and other residents are required to register their address with local authorities, within some period since moving in (usually, within three months). Not registering is seen as tax avoidance.

Similarly, national identity cards are often mandated in many countries, often with a requirement to produce ID on demand. ID is typically also required when signing up for a mobile phone, opening a bank account, registering a car, renting or buying a property, etc. When done without the sort of draconian nonsense attempted by UK government, ID cards can be quite useful.

Whilst not having residency registration in the UK seems like freedom, it can be a problem if you ever need to prove your residency in the UK for tax/pension purposes, entitlement to free non-emergency NHS treatment, etc. For immigrants, trying to prove the duration of their residency to establish their right to permanent residence or to British citizenship, it is a mess: The Home Office don't have a definitive way of proving residency and historically, they have rejected documentation that courts have subsequently declared as being conclusive.

Personally, I would quite like to see the UK introduce simple national identity cards (without all the draconian nonsense of previous attempts). I think registration of residency for everyone is essential, regardles of the ID card debate.

5
1

Um, excuse me. Do you have clearance to patch that MRI scanner?

JohnG

Re: obvious solution ...

Some of a hospital's systems may need access to the Internet but certain pieces of equipment then need to be isolated, perhaps even standalone. However, as Stuxnet demonstrated, isolation is not a panacea for all security issues.

20
0

Meet the Frenchman masterminding a Google-free Android

JohnG

LineageOS

Probably best to start with LineageOS (forked from Cyanogen) and talk with the folk developing it. Then there's XDA Developers.

3
0

Russia appears to be 'live testing' cyber attacks – Former UK spy boss Robert Hannigan

JohnG

Is there much in the way of concrete evidence against the Russian govrnment and agencies? We hear a lot of rhetoric but we rarely get to see much in the way of evidence. On the other hand, we do have evidence that the NSA has been creating malware and that GCHQ were reading teenagers' encrypted sexting.

2
2

Oddly enough, when a Tesla accelerates at a barrier, someone dies: Autopilot report lands

JohnG

Re: It's all rubbish

I have had a few taxi rides in and around Slough where I would have felt safer in an autonomous vehicle in beta.

1
0
JohnG

Re: NOT autopilot

Most of that is what it does (or attempts to do), aside from disabling autopilot at junctions.

0
0
JohnG

Re: When will people learn

"Force them to hold the wheel, monitor their face, reaction times, issue activities to perform, keep them engaged with drive. And start bleeping and slow down if they don't react.

The problem is Tesla didn't bother with any of that in the first instance and has only begrudgingly implemented it now."

This is incorrect - the Tesla Autopilot does (and did at the time of the accisent) monitor if the driver is holding the steeering wheel and will first warn the driver but will ultimattely disengage. If it believes the driver is still not responding, it will engage hazard flashers, pull the car over and stop.

0
1
JohnG

Re: Everything makes mistakes

"A human driver would have no problem with leaving the 101 for the 85 yet should not have allowed the car to attempt this."

The fact that the crash barrier had not been repaired since being damaged in a previous accident indicates that at least one human driver had a problem leaving the 101 for the 85.

2
1
JohnG

Re: Non tesla driver here

"It's not fully autonomous, and I wouldn't be happy to leave it trying to drive without my guidance/overwatch if I were to get one."

Which is exactly what the user manual says you should do. The autopilot systems are in beta and full self driving is not yet available (FSD probably won't be available for a long time, probably eons or elons)

0
0
JohnG

Re: Nothing is right first time

"They can have their teething problems OFF THE PUBLIC ROADS!"

Then the systems will never be ready for public roads, because they will not have been tested in the real world and will have insufficient data/"experience" of the variations in real world road markings, signage and driver behaviour.

"Or did I miss it and those early jets were taking passengers and crashing into airports killing people while they worked the bugs out?"

That is precisly what happened with the Comet and numerous other aircraft types. Of course, manufacturers and safety regulators attempt to address all the bugs before the aircraft enter service but numerous accidents have resulted in recalls and retrospective changes. This is pretty much the story of every accident investigation programme on TV.

2
0
JohnG

Re: When will we learn? It's all about the money again.

"We need at least 10 years of solid off road, test track testing of these autonomous vehicles, tested to full destruction in as many situations as can be created."

Simulations and track testing really don't give adequate data, notably of variations in road signs and markings, the behaviour of other road users, etc.

0
1
JohnG

Re: The sad reality...

"The sad reality...

...of rushed to market, not ready for prime time products."

The snag is, these systems need to learn through data gathered in the real world. The nuances of driving in the real world are not all available through the use of simulations and test tracks. The Tesla Autopilot systems are in beta and Tesla cars collect and send driving data back to Tesla (Tesla cars are always online to mothership.tesla.com).

2
1

Page:

Forums

Biting the hand that feeds IT © 1998–2018