The chances are this attack is sponsored / carried out by one or other of the five-eyes. End-to-end encryption! not allowed!
3335 posts • joined 19 May 2010
Landis pleaded guilty to felony counts of computer trespass, tampering with public records, and unlawful use of a computer.
He didn't do any of that, in fact nobody did, he just tried (unsuccessfully) to hire someone else to do it?
He could be convicted of intent, but surely that's a different charge?
Re: What's "cheapskate" in Galician?
Exactly, no-one should be using Google translate for official documents (or websites), it just isn't clever enough yet to deal with the myriad of variations in human language.
And people misuse it without checking what it is the algorithms think they are translating, too.
Re: Luhn Check to Retrieve card details
believe PCI-DSS should be much more restrictive than it currently is and not allow masked details to be included in the same detail as the encrypted card number as you are basically making breaking the encryption easier.
I think you are misunderstanding.
The encryption is applied to the stored data, which is only the first 6 and last 4 digits. There (should be) no circumstance where the full card number is stored in any format.
Whether Talk Talk followed this is, of course, open for discussion.
Re: No one planned to ban encryption
Few people have a legitimate need for encryption so it's a lot of noise over nothing.
A-Huh. So only a few people use credit cards, or have confidential data? So you'd be quite happy for anyone to be able to access all your bank details and personal information?
These providers will not be able to block or throttle traffic in their networks or give priority to some particular content or services in exchange for payment.
To be fair, the telling phrase is that one in bold, and shouldn't have any impact on government imposed filtering, which (should) not be driven by commercial interests.
@ Graham Marsden, Yep, having waited so long for the sequel to appear, I was very disappointed with the eventual release, far too much psychobabble and soap opera. When you think of the classic hard sci-fi that Clarke had previously produced, the follow-up to Rama could have been so good :-(
Re: Osgood is back !
Osgood got killed off by Missy last season, so why is she back now?
I mean, I always liked Osgood and was disappointed when she was killed, but you can't just blatantly ignore it and shove her back on next time you want to do a UNIT episode.
I'm guessing that they will retcon it so that the Osgood who Missy killed was the Zygon one, and not the human one.
TalkTalk plays 'no legal obligation' card on encryption – fails to think of the children (read: its customers)
Journalists reporting on this and other recent cases seem to think that the PCI-DSS is a set of strict Regulations, all of which must be met to gain PCI compliance,
This is not actually the case, PCI-DSS is a collection of recommendations for best practice, but they are not "laws", and in fact so long as a valid reason can be given and noted in the risk register, most of these recommendations can be set aside.
The classic case is in the matter of SSL cypher suites. If you follow PCI-DSS to the letter, and turn off all the cypher suites that are considered insecure, then a large percentage of the internet would be unable to browse your website, only those with the newest browsers and operating systems which support the newest cypher suites would be able to make a secure connection.
Curiously, one PCI audit we had, the QA wanted to fail the us because the firewall rules allowed https connections to the load balancer from any IP - this is a public facing website!!
None of this excuses how TalkTalk have handled this, though, just thought it worth setting the record straight.
Re: some would say the taxi meter is the device that tells you the cost of the journey
Originally, a "taxi" was an abbreviation of taximeter cab, as in "a cab with a device that measures the charge".
I always thought it was originally a taxidermy cab - as in "a cab in which you get well and truly stuffed"
Yes, I understand that, but whether they are licensed or not isn't the point, there's still a contradiction.
The FCC are trying to stop the installation of custom firmware on WiFi routers, their stated reason being the possible interference if the firmware is used to make the router transmit out-of-band.
However no amount of firmware mods can make a WiFi router transmit at the sort of power levels that could cause any widespread disruption - at most you'll get a few milliwatts out the end of it, whereas this "gun" must be transmitting at Kilowatt or even Megawatt levels to achieve the stated result, and yet it's described as "harmless".
Re: So a load of customers had their personal details put into the public domain ....
So a load of customers had their personal details put into the public domain
Um no, not into the public domain, just accessible if you were able to set up a matching account.
There should be a control of what information Banks are allowed to collect and store
I rather think banks probably do need to collect and store name, address and account details for their customers, otherwise it would be quite difficult for them to identify the customer's accounts.
Maybe if customers didn't splash their names, dates of birth and addresses all over social media, it would make life a bit more difficult for those with criminal intent.
However, that doesn't excuse the bank's imbecility in linking accounts between the two businesses.
The regulator is worried that, by allowing people to load their own software on these gadgets, they can reprogram the radio hardware to broadcast on any frequency they like
Is this really a problem at the moment?
Obviously it's not the sort of thing that many will admit to - even if they do it - but I've never heard of anyone re-programming the radio, custom firmware is more about improving the security and in a lot of cases reliability of proprietary hardware.
the unintended consequence of making it harder to gather around a PC to check out that really funny new thing on YouTube.
...and the further unintended consequence that the number of internal emails suddenly rises, as people send each other the link to the new You Tube Funny, instead of gathering round one notebook...
The problem, deep down, is that this wretched combo has become an ungodly mess of a hack on a kludge on a workaround on a tech that wasn't meant to do any of it.
On the contrary, I would say that HTML was designed to do exactly what it is doing every day on the web - to present information and media and provide linking between documents. Unfortunately, it's the way it is being implemented, and all the add-on cruft, that is the problem.
Re: Dumb, dumb, DUMB.
I agree with you about web optimisation of graphics, however, I don't agree with this sentence:
Re: Am I the only one ...
.. that expects business to carry on exactly as usual?
Um... well I think you may be in a minority.
Certainly any ruling which reflects the damning statement transfer of the data of Facebook’s European subscribers to the US should be suspended on the grounds that that country does not afford an adequate level of protection of personal data.” is going to have serious repercussions.
My employers will definitely be looking closely at this, as we deal with a lot of data for local government, and we already have to go through a rigorous assessment of how we handle and transfer that data. This will only make things worse.
Re: I'm puzzled as well
My point was not that the failure was when the control systems were originally designed; if something was then "unthinkable" then no - one can sensibly be blamed for not thinking it. The failure was later, when someone decided the connection to a public network was a good idea. They were entering the realm of Donald Rumsfeldt's "unknown unknowns" and should have though long and hard think about some of the possible implications; it was at that stage that any penny - pinching occured.
Ah, right, sorry, I misunderstood your point.
I agree completely, that whoever thought connecting such infrastructure to the internet without very strict safeguards was a fool, or just incompetent, or, as you say, working to an unrealistic budget.
Sadly, it's normally a decree from on high, from someone with no understanding of the ramifications, which causes these things to happen.
Re: I'm puzzled as well
I don't want to trigger an argument about public versus private ownership but there has to be a real possibility that simple commercial pressures meant that the connectivity was to the minimum practicable standard (i.e. the cheapest) rather than one that was properly fit for purpose; public ownership might have been less concerned about cost considerations, assuming of course that the risks were understood.
I think you are missing the point made earlier by James Metcalf, and one that has been increasingly forgotten: When the control systems were built, the idea that anyone would be daft enough to connect them to a network where members of the public could access them was unthinkable - in part because such a network didn't exist, and was (at the time) the merest science-fiction.
So it's not a question of being built down to a price, it's simply a (wholly understandable) failure of imagination.
In exactly the same way, the protocols used for the internet such as TCP/IP, DNS, SMTP were never built with security in mind, simply because nobody considered the possibility that these things could be used maliciously.
Like two previous posters, I feel it is a disservice to compare Cray to Jobs.
Jobs was a great salesman, but not a designer or builder, whereas Cray was all three.
The Cray legacy is all down to one man, who designed, built, sold and evangelised his products. He had a clear vision of what he wanted to produce, and he himself (with assistance) built, tested and refined the product until it did what he wanted.
The Apple legacy is much more of a dispersed effort, with Jobs as the figurehead. Jobs knew what he wanted the end product to be, but the realisation of that vision was done by other people.