* Posts by David Shaw

162 posts • joined 23 May 2007

Page:

Russia appears to be 'live testing' cyber attacks – Former UK spy boss Robert Hannigan

David Shaw

Re: More FUD

Having personally received malware from UKUSA and partners, whilst not being a terrorist, I do think it highly likely that the Russians are also flinging exploits around at their home and abroad; perhaps they are better at it than our esteemed keyboard warriors?

Remember that the Russian cyberwarriors are typically many moves ahead of us playing “chess,” our Hannigan-led typist forces admittedly seem to be playing an anti-democratic candy-crush/flappy-bird with all the Trump shenanigans whilst the ascendent empire just “go” for it!

This next article describes a Chinese attack in Jan/Feb 2018, which pwned the USNavy, allegedly.

https://www.independent.co.uk/news/world/americas/china-government-hackers-us-navy-contractor-fbi-investigation-a8390831.html

5
0

PGP and S/MIME decryptors can leak plaintext from emails, says infosec professor

David Shaw

Re: "...exposure of the contents of past messages.”

Call me old fashioned, but as soon as I was required to communicate some other project with a CERT using PGP at their request, I chose a random ancient PC (out of hundreds available) to do the offline encoding and later decoding. And I set my PGP keys to expire in 3-weeks, not sure if that was overkill?

I then just used a generic mail client to send blobs of text back & forth, it seemed to work OK as the uptick in the spear-phishing from Gloucestershire was noticeable. They even phoned me up, pretending to be intel. Well done chaps. Go after some real targets.

I don’t trust non-mathematically proven ‘secure’ mail ‘add-ons’, never mind html-rich or remote beacon pixel laden emails

5
0

Ozzie Ozzie Ozzie, oi oi oi! Tech zillionaire Ray's backdoor crypto for the Feds is Clipper chip v2

David Shaw

Re: Weren't Lotus Notes backdoored with weak Crypto?

refreshing my mind further, it was weak crypto and it was escrowed crypto.

IBM/Lotus said: We deliver 64 bit keys to all customers, but 24 bits of those in the version that we deliver outside of the United States are deposited with the American government. That's how it works today,'' says Eileen Rudden, vice president at Lotus. Those 24 bits are critical for security in the system. 40-bit encryption is broken by a fast computer in several seconds

I can half remember Lotus steganographic key leakage too, but I haven't the time to hunt down that paranoid thought, so I might be mis-remembering.

3
0
David Shaw

Weren't Lotus Notes backdoored with weak Crypto?

I seem to recall that there was a mild kerfuffle when Sweden discovered that all their diplomatic-comms were rooted by Lotus, a 'feature' that they were seemingly unaware of.

looking on yandex.RU, as Slurp sometimes 'forgets', I found a UK document mentioning that it wasn't weak but escrowed crypto. Ray seems to have form!

Secret Swedish E-Mail Can Be Read by the U.S.A.

Fredrik Laurin, Calle Froste, *Svenska Dagbladet*, 18 Nov 1997

One of the world's most widely used e-mail programs, the American Lotus Notes, is not so secure as most of its 400,000 to 500,000 Swedish users believe. To be sure, it includes advanced cryptography in its e-mail function, but the codes that protect the encryption have been surrendered to American authorities. With them, the U.S. government can decode encrypted information. Among Swedish users are 349 parliament members, 15,000 tax agency employees, as well as employees in large businesses and the defense department. ``I didn't know that our Notes keys were deposited (with the U.S.). It was interesting to learn this,'' says Data Security Chief Jan Karlsson at the [Swedish] defense department. Gunnar Grenfors, Parliament director and daily e-mail user, says, ``I didn't know about this--here we handle sensitive information concerning Sweden's interests, and we should not leave the keys to this information to the U.S. government or anyone else. This must be a basic requirement.''

but this *was* over twenty years ago, so I'm sure everything is reasonable now, cough CryptoAG, cough.

10
0

Tim Berners-Lee says regulation of the web may be needed

David Shaw

Yes trolly, Tim 'invented' the WWW quite a while before release, hyperlinking all his DD department notes on his CompaQ 80286 'luggable', so that he could find a document in the vast space of its 20 megabyte hard disk. He did some typing in my apartment near Prévessin, probably before the ISO 8879 SGML release?

His genius, apart from regularly beating me at Scrabble, was to extend an idea that 'worked on his PC' in the mid 80's, to just 'the rest of the world.' And then defend it, gratis. That's why The Queen's College, Oxford have named a [small] cafeteria after him.

And SGML was written by a non-programming car-rally enthusiast called Charles, don't forget, who commented The World Wide Web, for example, succeeded commercially while many nobler, more technically interesting hypermedia systems proved only of academic interest, because of the Web's artful compromise in connecting technology to the needs of a real user community Tim was awake, he groks tech.

15
0
David Shaw

Professor Sir TimBL was always an optimist, but realist too

Dan55, I ilked this extract from the Grauniad article that you linked

Berners-Lee has always maintained that his creation was a reflection of humanity – the good, the bad and the ugly. However, his vision to create an “open platform that allows anyone to share information, access opportunities and collaborate across geographical boundaries” has been challenged as the web has become more centralised.

“I’m still an optimist, but an optimist standing at the top of the hill with a nasty storm blowing in my face, hanging on to a fence,” he told the Guardian in November. “We have to grit our teeth and hang on to the fence and not take it for granted that the web will lead us to wonderful things.”

TimBL saw as soon as his W.W.W was launched that it needed defending, and he set about taking and standardising the carpet away from under the extend, embrace, extinguish mob. The centralize, snoop, subvert/weaponize mob are hard-at-it now, ramping up control since the late 90's. They are doing historically-unprecedented attacks on behalf of their sovereign nation states, following or sometimes leading a political agenda, intertwined with a badvert business model. As sovereign nations they of course *can* do this, they just have to rationally explain to the people of the web , why.

Come on nations that aren't scared of their people, invest in the future, like the 2004 Finnish: Millennium-teknologiapalkinto

http://www.nytimes.com/2004/06/14/business/pioneer-who-kept-the-web-free-honored-with-a-technology-prize.html

4
0

Europe is living in the past (by nearly six minutes) thanks to Serbia and Kosovo

David Shaw

'free' German NTP?

I bought a bunch of Meinberg hardware references, for work

I also use them for home amongst a few other different tools for time-sync using - for example weak signal propagation reporter (WSPR or the WSJT-X) Ham Radio digi-modes, from https://physics.princeton.edu/pulsar/k1jt/

you could try Meinbergs's NTP software for Windows

https://www.meinbergglobal.com/english/sw/ntp.htm#ntp_stable

they used to have a special offer, write them a mail saying why you'd like to become an NTP node, and they might send you all the hardware!

0
0

Private browsing isn't: Boffins say smut-mode can't hide your tracks

David Shaw

Re: Putin's hackers!

@PM, evidence here agree with you partially, 30 retired spies have been recently arrested for a multi-million dollar attack on oposition parties, opposition figureheads and just celebs who held the wrong opinion. Sadly lacks a link to Vlad.

http://english.yonhapnews.co.kr/national/2018/02/26/0301000000AEN20180226007600315.html

massive illegal political maneuver led by the state spy agency

reminder this is the South of Korea, refers to the previous administration, a previously fully on-message member of the enormous MIC *ntel agencies matrix. Subverting democracy, and getting caught - at least that sounds like a resurgence of democracy, if only, amazingly, in the snowy Korean Peninusula.

Spies/Officers do obviously have a real role to play, spy vs. spy, so counter corrupt Putin by all means - but stop subverting normal life with your cheap digital tools and your pervasive 'store everything' for later advantage. For the massed ranks of spies with their near trillions in budgets It is obviously so tempting to nudge 'your' version of democracy, that I'd be surprised if this wasn't happening everywhere on the planet, and not just where there are rooskies. That's an important fact, and I won't even mention the absurd Czech's. oops.

Back to the subject of the article, I have used TAILS(*), as a live boot CD, but in the correct paranoid-level of security I assumed even that was backdoored to some extent, and certainly my download of the tool was a flagged event. I consider 'private browsing' feature in Browsers to be another bit of security theatre - but maybe "Private Browsing" could work on some badvertiser javascript auction behind the scenes? getting a decent air-fare or insurance quote maybe!

(*)I needed to hide my data/metadata whilst I worked on some sensitive GMO related corn analysis figures for work, and that implied, and required, almost 'active terrorist cell' levels of IT, in order to preserve the security of the citizens, allegedly. It seems to have worked.

4
1

To hack Australia and learn its secrets, buy second-hand furniture

David Shaw

Re: Dangerous data

I was given a cardboard box in the late eighties containing a Mac512k (M0001W model just before the Macintosh Plus) in very small bits. It came with OS2.1 on 3.5" floppies. And a five megabyte Hard Disk.

Assembled all the bits, got it to boot, but no joy from the HDD. Opened it back up, and noticed that the HDD was slaved off the Mac PSU and had a dry-ish joint, possible due to overcurrent, overtemp in the unventilated box. Bit of lead/tin later & it booted into a Ferranti defence-secret environment containing encrypted HDD, in 1986! missiles, sonar, eurofighter - who knows. The HDD was encrypted, but as it failed mounted, it was able to be remounted without a problem, allowing me to delete everything, including the crypto system and install boring office programs. The Mac still boots and the 5MB HDD still overheats.

7
0

UK Army chief: Russia could totally pwn us with cable-cutting and hax0rs

David Shaw

Re: Senior service

but we apparently dont even have anything bigger than police/coastguard - basically ceremonial

some study {or DailyWail article} showed UK RN having three boats to cover inshore water, compared to Italy RN having hundreds (for an approximately similar coastline)

I wouldnt be surprised if the Swiss actually have more water craft

1
0

'The capacitors exploded, showering the lab in flaming confetti'

David Shaw

capacitors exploded? we had an exploding antimatter target

Im not sure if this is 'entertaining', but it did contain a 'Who, me?' moment. I said 'Yes'

The excellent University of Sheffield designed us an antimatter production rod, a target for the conversion of incoming pulses of GeV protons, into high energy pbars. The antimatter fell out of the back of the target, in a Pratchetian magic way, as statistically it was able to. I daren't use the word quantum, as most sentences which use the 'Q' word are wrong. We of course also got a lot of electrons, positrons, neutrons and positive and negative pions, kaons and muons, which was lovely, but not wanted in the pbar phase space.

The pbar target then was basically a solid rod of copper (size of a pencil), using magnetic focussing to self-contain the GeVp to allow maximum matter/energy/matter interaction magic, and a bit of cooling.

This focussing current was around 320000A pulsed(*), at some hundreds of volts. It worked well, low p/-p efficiency , but we were able to make and store more antimatter than had existed since the big one, quite a while ago. (*other Lithium targets take 1 MA pulses, @ ~6Hz)

One day, something didn't go very well, I never found out what, maybe a UPS tripped?, the Norsk Data computerised interlock system did manage to dump the incoming 26GeV pulses and switch everything off, but still the room and all the activated engineering inside it burned. Some heroes, as they do, ran towards it & put the 'nuke fire' out.

I was 'volunteered' into the second response team, as were the other twenty engineers on the un-named project, we were lined up by age - those childless were moved to the lower bias, and then we went in for an annual rad dose in my case I was painting everything with super sticky paint for around 6 minutes to get my dose. Senior colleagues took much more. Our WTF alarms were screaming all the time. We stabilised the errant activated BeO etc dust/soot. Think Wii-U Splatoon, we were the glow-in-the-dark squids.

Science started again after about a month. I salute Eifionydd who led the team and made the show go on.

3
0

VW's US environment boss gets seven years for Dieselgate scam

David Shaw

I'm not allowed to comment on this

1
2

Investigatory Powers Act: You're not being paranoid. UK.gov really is watching you

David Shaw

Re: Operation haystack...

Yep, been there and done that - since about 2006 (when I was slightly involved with sensitive GMO detection % levels and so the work called for a legitimate use of TAiLS, ToR & TrackMeNot etc)

it really annoyed the IT support at work, it didn't seem to perturb particularly the professional watchers, I guess that you do have to write your own traffic generators/mixers to avoid the backdoored complier type problem.

I think it is a very valid countermeasure to the commercial slurping, which is *almost* worse than the 'gov stuff, but as they are sovereign - they all are allowed to do whatever they want, provided they occasionally explain/justify, which is nice.

3
0

Damian Green: Not only my workstation – mystery pr0n all over Parliamentary PCs

David Shaw

An MP that gives credentials to their staff . . .

obligatory Dilbert (actually today's)

http://assets.amuniversal.com/5af325a0b04a0135ff38005056a9545d

alternate link incase the above hash is temporary http://dilbert.com/strip/2017-12-05

maybe the staff just guess, accurately! (or can read the Post-It repo)

1
0
David Shaw

Re: Did he do it or not? was it planted or not?

there's a very nice free ebook pdf on the reliability of even real forensic digital evidence here, written by a UK Barrister & a univ. prof.

http://ials.sas.ac.uk/digital/humanities-digital-library/observing-law-ials-open-book-service-law/electronic-evidence

leaks/hacker/secret-squirrels/pr0n who knows what was going on !, but read and worry. . .

1
0

Apple sprays down bug-ridden iOS 11 with more fixes

David Shaw

Re: With an annoying feature.

you can make that <!> go away by starting to set up apple pay (which might eventually be needed when all the ATM's have gone) and after a few seconds into the set-up procedure you can choose the "finish setting-up later' option in tiny font at the bottom of the screen, and then forget about it, until cashless society hits.

3
0
David Shaw

Re: 11.2 screws up . . .

11.2 also helpfully wouldn't connect to any of my WiFi access points

"incorrect password for network "fluffywhatsits"

even tho' I struggled to enter the ~23 random digit key verifiably correctly, several times

Cured, seemingly, via a simple General/Reset/Reset Network Settings and its restarts and the mobe started to behave

11.2 does tell me that when I turn OFF my Wi-Fi it isn't, gives me a pop-over filled with info - it still doesnt address environmental profiling / the supermarkets that are alleged to be using device Wi-Fi & BT MAC addresses, MAC LUT, then in some cases use dynamic on-shelf pricing - charging JesusPhone users a bit over the odds, do I need to keep a landfill android for my trips to ASDA or Carrefour?

and by the way, the bug, dubbed "I Am Root" is possibly going to come back when we get the macOS 11.3.2 upgrade, with its inevitable nice new emojis

2
0

Report: Underwater net cables are prime targets for terrorists and Russia

David Shaw

old news

I seem to recall big bad Russia asking the telco where I worked in the early 1990's for some cross country infrastructure. My company proposed, and then probably installed (I was not involved so have no idea), a chain of submarine cables strung across the north of their massive landmass. It was smirked locally at the time that the cable would be much easier for us to 'record for continuous improvement of the service' ELINT type stuff, rather than if someone else sold them a network of MLOS towers from Königsberg to Vladik. Apparently, allegedly, probably was just a joke?

more worryingly, I was recently wandering around a quaint fishing village in a big euro nation, saw a nice small obviously telco building down a side street. it had a large proud sign on the outside, something like

"THIS IS THE INTER EU TERMINATION POINT FOR UNDERSEA CABLES FROM X, Y & Z, a VERY IMPORTANT BUILDING"

sigh, OK, keep the sign for bigs, but stick it on a nearby decoy small garden shed that doesnt contain the termination systems and their redundant equipment. paint the actual target to look like something other than a very important small building, perhaps pretend it is a small garden shed.

resilience?

0
0

UK.gov admits Investigatory Powers Act illegal under EU law

David Shaw

I’m actually in favor of Police having wide access to intelligence data

They are, after all, the service that sorts stuff out.

Meanwhile, I’m impressed that the UK is being transparent about their “data-retention illegality,” many EU MS have continued to DR as much as possible, possibly only Slovenia stopped?

More transparency at http://statewatch.org/news/2017/nov/eu-ctc-data-ret.htm

2
8

As Apple fixes macOS root password hole, here's what went wrong

David Shaw

Re: Mistakes happen, part two

seems (from Apple themselves) that fixing the root password bug introduces a file-sharing fail bug, more specifically a fail-to-ever-authenticate file sharing no-go between High Sierra machines, and sometimes apfs SMB, NAS permissions problems etc

https://support.apple.com/en-us/HT208317

SNAFU used to be the appropriate .mil term, how quickly will we get Security Update 2017-001b?

12
0

10 years of the Kindle and the curious incident of a dog in the day-time

David Shaw

Re: One good reason for the Kindle...

The Kindle has a web browser ..... the original 3G kindle's (experimental) web-browser even worked via whisper-net (sim-free UMTS) behind/thru the great firewall of China

good call on the Gutenberg txt repository too, I d/l every book in every language on that site (before I was banned) to use for part of my password-finding dictionary

modern kindle paperwhite works really well on a beach , tho' not tried it yet on a Chinese beach

4
0

FYI: iOS apps can turn on your camera any time without warning

David Shaw
WTF?

Great, so my new Samsung Galaxy ‘X’, if I can afford it, will have colorful post-it notes back and front!

Have you all tried the iOS11 calculator trick yet?, seeing how quickly you can use Calculator to add 1+2+3, and just how big the answer can be?

Applesauce

2
5

Apple Cook's half-baked defense of the Mac Mini: This kit ain't a leftover

David Shaw
FAIL

Re: The 2011 one still works

I have a few 2011 MMs and had problems specifically with the one used for email etc. One with a 3TB usb3 timecapsule was always commiting self-DoS to the fruity ‘Magic-Mouse’ and BT trackpad and wireless keyboards. This hopping, skipping, jumping of the cursor happened with all attempted layouts of the desktop & wires and eventually I reverted back to wired peripherals. Putting the electromagnetic non-compatibility down to a poorly screened LaCie USB3 cable.

Recently however, when I bought the nano-connector and SATA harness to add a lower or was it upper SSD to max out the 16GB mini, I was surprised that the nice supplier included completely freely and off their own bat a linear inch of copper sticky screening foil. They had independently determined that the 2011/2012 macMini Bluetooth radio card is insufficiently screened from the rest of the Mac mobo, and with this five ha’porth of foil - solved all my EMC probs.

I had submitted the failures to Apple in bug reports as I’ve been beta-testing their OS’s over the years, there was never any feedback from Cupertino, good to see that the MM will be updated (probably with an hexacore A11X in a year?)

It’s nice to finally have a working macMini, thanks due NOT to Apple

4
0

He's no good for you! Ofcom wants to give folk powers to dump subpar broadband contracts

David Shaw
Thumb Up

Re: We have had this QoS based contract exit law in Italy for a few years already

I just checked, as there are quite a few Nemesys similar named anti-malware systems out there, this is specifically NeMeSys. http://www.tuttoadsl.net/NeMeSys.htm

Now also Mac/Linux versions, I did eventually get SLOWEB to speed up, but that’s another story.

0
0
David Shaw
FAIL

We have had this QoS based contract exit law in Italy for a few years already

The law guarantees a minimum broadband service of , say 2 mbps.

Telecom Italia offers 6 mbps or 20 or whatever , if you feel like checking this, then you go to the OFCOM equivalent website, enter a few unique Id codes (tax code , ni number , phone number etc) and they build you a personalized speed test app. This app (NeMeSys) will only run on Windows, only connect to the modem via Ethernet, it quits open browsers & then runs for 24 hours, making frequent calls to a neutral server somewhere else in Italy & measures the throughput. It then delivers the result of the test as a certified download, trusted & traceable and sends the data to the client and the appropriate TELCO.

In my test, it ran - showed that my 6megs at the end of miles of degraded cables was down to sometimes half-a-meg, and allowed me to leave Telecom Italia with no penalties. It really worked.

However, my new telco, SLOWEB as I call them, don’t permit NeMeSys to run, unless you give them 24hours notice that you are about to start profiling your line in a serious way! Magically, 24 h seems to be just enough time for someone to temporarily allocate a better contention ratio, or simply blast more line RF power, to perhaps just pass the tests?

Been-there , done that.

1
0

WikiLeaks a 'hostile intelligence service', SS7 spying, Russian money laundering – all now on US Congress todo list

David Shaw
Boffin

Re: The real hostile intelligence service

Here's the ZH article on Assange(tm)

http://www.zerohedge.com/news/2017-08-24/senate-declares-war-assange

It reads perfectly fine, they are just part of a spectrum of news/cointelpro, whatever you want to call it , much of which is a bit iffy/whiffy, like the Daily Mail or (whatever happened to) the Guardian in the last 5 years.

The 'diplomatic communication' (propaganda) budget of many nations is up in the billions of $/£/€ per year and it is now aimed domestically not just far-away by HF TX. Sometimes the propaganda is astroturfed in comments, even on El'Reg.

Read widely and wisely.

2
0

.. ..-. / -.-- --- ..- / -.-. .- -. / .-. . .- -.. / - .... .. ... then a US Navy fondleslab just put you out of a job

David Shaw

Re: Indeed

indeed, my kid at college was slightly flummoxed this year when they asked him to write a program in C, and just gave a blank sheet of A4. Upon checking, computers/compliers weren't (initially) allowed - just a pencil and a piece of paper. . . it does show if you've been paying attention

I do personally prefer digimodes/WSPR etc now to my very patchy morse (G8 = 1wpm), just invested in 16-bit DDC/DUC hardware made in EU, and even digital radio mondiale is being decoded

0
0

Britain's warhead-watcher to simulate Trident nukes with Atos supercomputer

David Shaw

Re: Hmm

We also use a lot of (sadly, sharkless - more octopus-like) lasers for testing the nuclear materiel.

I think it wouldn't fit in an old saucepan, perhaps a large Le Creuset?

0
0

Fresh cotton underpants fix series of mysterious mainframe crashes

David Shaw

Re: Finger of death

point her finger at the screen from a distance of a number of centimetres and it would die.

I saw this happen to a live System-X (telecom) switch in central London, I'd taken my team of 20 budding engineers to look at the room filled with humming boxes, and an operations engineer pointed to the nearest PCM Concentrator unit. The other Concentrators and the cross-connect switching seemed to carry on - but all hell broke loose as a few thousand trading calls stopped.

I'm quite sure it was a gesture from around 3-feet away, I think the floor was correctly dissipative, dunno what underwear/pants were involved but Cable & W certainly stopped 'tourism' after that.

The O&M was rather fantastic getting new cards in & working within ten-minutes. Also late 80s.

4
0
David Shaw

Re: ughh- No static at all?

its quite possible that you're not getting a 'static' belt, but the 'leakage current' through the RF suppression components. On a Macbook this leakage can be solved by using an official earthed power lead into the white square blob instead of a generic figure-of-eight twin lead mains plug. If you're already using a 3-pin plug then its time to check for earth (non)-continuity, perhaps through adapters or extension leads?

the (safeish) leakage current of about half-a-milliamp (typical) on a metal framed laptop is floating at half the mains volts, so around 1.4 milliNylonBloomers - others describe the Macbook as feeling tickly - as the back of the hand can detect the alternating current quite well. Lenovo's have the charger with an earthed clover connector - many 'plastic' Lenovos are stuffed with light metal alloys that can also 'buzz' without an earth. . .and remember you can run MacOS Sierra on an X220 with a de-whitelisted BIOS & a £20 wifi card, allegedly.

3
0

PC rebooted every time user flushed the toilet

David Shaw

Re: Yank here.

Yes, "That device sounds suspiciously like a ferroresonant power conditioner." I found one of these in the HVPSU of an Austrian designed TV transmitter/transverter that I installed in the fairly peaceful and very beautiful KSA/Yemeni Asir border area in the '80s.

the ferroresonant device was 50Hz, but the previously installed TV repeater station genset was 60Hz, I was able to fudge it once I had worked out why the tetrode EHT fuses were popping! (for some reason I ate mostly parmesan cheese whilst doing this maintenance as the local market of horribly beweaponed ghat growing tribes sold whole round cheeses) The UHF driver amplifier was also multimoding as a second fault, and had to be filled with a lot of aluminium foil inside a plastic bag, to try and dampen down the feedback/gain/sprogs, all this whilst trying to breathe at 3500 metres asl, on top of Jabel Fayfa.

1
0

Millimetre wave.. omigerd it's going nowherrr.. Apple, you say?

David Shaw

~60GHz, IIRC, is (soon) going to be the ubiquitous Internet of Cars M2M - think the cell is around a hundred metres. That will be big business.

The Ham bands at 47GHz and 24GHz have achieved many hundreds of kilometres direct range, with good preparation, and worldwide coverage via a lunar reflector - with a lot of care.

Some of the very small motes for next generation computing nodes only have enough space for a λ/4 mmW array - so that's a niche use for the sort of IoT stuff that you buy by the kilogram.

cognitive/white-space was also supposed to solve the 'spectrum' - with my £20 NooElec (. . ..co.uk/dp/B01HA642SW/) I can see rather a lot of empty stuff, but thats just upto 0.0017THz, using SDR# on Win & Gqrx (old standalone) app on macOS newer macOS GQRX here

0
0

'Jaff' argh snakes: 5m emails/hour ransomware floods inboxes

David Shaw

Re: If you want to help scientifically test email providers for security/etc

thanks aCynic , yes canonically the email provider test is at mesa.jrc.ec.europa.eu (why we need three 'europes' in the URL is beyond me!)

a typical result is here

STARTTLS CERTIFICATE SPF DKIM DMARC DANE DNSSEC

100 50 100 100 100 0 0

which ended up providing 'minimum security' - all weird & wonderful providers welcome

0
0
David Shaw
Coat

If you want to help scientifically test email providers for security/etc

https://mesa.jrc.ec.europa

(I don't get to see any of the logs, so it's quite a safe test)

It showed me that one of my email services was open to fraud/spam, and that two of them were probably ok!

1
0

PC repair chap lets tech support scammer log on to his PC. His Linux PC

David Shaw

professional scammers

I work in Italy, so I was mildly surprised when I received a phone call from a UK '0345' number.

He/she/it/they said "Hello Mr. Shaw" in perfect English to which I replied in Italian, for the lulz.

He/she/it/they continued the conversation in Italian (wow!), claiming to be from Intel UK - wanting to send me "a pdf" of their latest processors.

I graciously declined his/her/its/their kind offer of a Remote Access Trojan or whatever, and they hung-up.

Perfectly professional, courteous, and slightly more intimidating than a run of the mill scammer - and FYI I use very-offline PGP (with a 3 month validity) at a non-networked PC when I en/de/crypt messages to that particular CERT - so in the end, fruitless - but carry-on chaps/chapettes/. . .

I get the MS calls from Asia too, but just leave the phone next to the radio whilst I simulate looking for the Windows administrator, until they too give-up. . .

12
0

RF pulses from dust collisions could be killing satellites

David Shaw

the VNIIEF January 1952 andrei sakharov emp grenade-generator, where he used tnt to blow apart a single loop of coppery/plasma with circulating high current was similar to this? basically back-emf EMP as an electromagnet turned to scattering dust. the small mass of the particle in the satellite case has rather a lot more momentum than a hundred grams of exothermic chemical, but would the overall energies be similar!

2
1
David Shaw

Re: Impact --> dense plasma --> charge separation due to differential velocity--> RF pulse

you can actually unroll a reel of sellotape in a vacuum to get X-rays, without DARPA

4
0

Chap 'fixes' Microsoft's Windows 7 and 8 update block on new CPUs

David Shaw

for those dedicated Astronomy apps why not try using, say, Windows 7 in a VM on a 2012 core-i5 Macmini (12GB)

OS X 'El Capitan' (10.11.6) runs Win7x64 in VMware Fusion 6.0.6 very well - snappily even!

macOS 'Sierra' (10.12.4) runs Win7x64 in Parallels Desktop 12 reasonably well (it was cheaper than the VMWare 8.5 upgrade) however kids complain that Roblox is laggy - it was better in VMware 6.0.6

or, install Linux Mint on a multi-core/multi-thread PC with 12 - 16GB RAM then sudo apt-get install virtualbox;sudo apt-get install virtualbox-guest-dkms

I just counted and I now have around thirty VM's on disk, I'll be migrating some to my new Pentium Kaby Lake G4560 build

7
0

Regulate This! Time to subject algorithms to our laws

David Shaw
Flame

Re: what...

The {national} parliament{s} these days even seems to bypass close scrutiny of any draft legislation.

I seem to recall one of the early ILETS data-retention laws being passed entirely by fax!

One noble Lord in the UK briefly noticed, but he was told to calm down as "it wasn't that important" - just seemingly - at present illegal per ECJ

As for the algos, by the time the Amazon Cloud has finished training my software defined architecture, can even I understand the rules, never mind explain it to the Palatial incumbents?

0
1

Smart meter firm EDMI asked UK for £7m to change a single component

David Shaw

I've got (so-far) three smart meters at home

A reads the left side of the house for one energy supplier [or it should] (LCD display has failed so I can no longer read it locally - I'm going to have to wire an arduino up to count the kWh led pulses)

B reads the right side of the house for another energy supplier

and a third one C checks what output my main FIT PV-array has, (installed immediately after the inverter to ensure that I don't cheat to get bigger FIT payments) [or they should]

The reality is that all my meters are read by company B, who sometimes send my consumption data to company A for billing, [once they delayed the data by a whole year] My B & C smartmeters are also not accurate for receiving my FIT payments as I'm simply receiving "an average" for my 3kWp array - I'm getting identical payments to a local friend. Maybe one-day they will correct with over/under payments?

As a new hobby, I've just bought a new set of PV components (from a major online book-seller) :- couple of "12V" 100Wp poly modules from somewhere in the EU@£80-ish each and a £79 MPPT 18V 600W grid-tie micro-inverter. I'll be feeding this 230V into smartmeter A, checking carefully to ensure that it doesn't register my generation as power-consumption! [smartmeters often don't run backwards] I hope to just get rid of my base-load on that side of the house. All lights are already LED.

In this part of the EU I was given no-option / zero choice about the first two meters, and had to accept the checksum meter as part of the FIT contract. It's good that you might get a choice in UK, if you say "NO" a lot when offered.

The initial load-shedding function hypothesis envisaged of smartmeters is that they will connect through a domotic API for turning off the fridge and freezer for a few hours [without any risk of spoiling the food], then progressively shed further loads until potentially fully off. However it seems that the current generation doesn't do that, my fridge & freezers certainly don't do that, and I don't really want to pay multi-millions to billions to implement this, without a lot more debate.

2
0

BlackBerry sued by hundreds of staffers 'fooled' into quitting

David Shaw

Re: @two-weeks Legality

friends of mine worked in the US High Energy Physics sector/DoE, and their immediate line boss preferred/expected them to A) regularly work on Saturday - and B) choose to spend their 2-week vacation in the office. They are still advertising for a few people here https://jobs-us.technomedia.com/fermilab/

Here in the EU, working a basic 40-hrs/week, I do look forward to weekends off at least.

1
0

A webcam is not so much a leering eye as the barrel of a gun

David Shaw

I'm of course fully protected by an Arduino 'Hacked" sticker over my mac webcam/mic - and further by use of the free software produced by (allegedly) ex-NSA engineers here https://objective-see.com/products/oversight.html

I just need http://kgb.by/ to release a tool to monitor my ex-NSA monitor. . . etc

0
0

Ex-FBI man spills on why hackers are winning the security game

David Shaw

Re: Comfortable illusions about computer security

What we need is to design 'computers' that can't be hacked by opening an email attachment or clicking on a URL

I taught/mentored a few kids to develop a dedicated RaspberryPi "email-only PC", which was locked down so as not to give internet access to potential malware, to separate HTTP/HTTPS browsing and mail - at a cost of around £25. The idea was that the family/work more expensive/more capable Desktop PC then does everything but Mail (with badvert blocking too). They won a science prize at a school science symposium in Munich with their prototypes. Prototypes worked great!

You can , of course, achieve similar results by upcycling an older generation mobile phone/tablet configured just for 'generic' (your public) mail access, download your bulk mail in batches like UUCP, go offline, when you have time/energy try deleting most of the crud, queue the important validated mail for delivery to your work/home PC's (not very public) mail address , use DMARC validated services everywhere, certificate verification everywhere. It's all possible, but yes - there are many grey/black-hat opponents amongst the squirrels/seagulls data/sardines, trawling - to paraphrase a Cantona.

2
0

UK defence secretary: Russian hacks are destabilising Western democracy

David Shaw
Linux

oops

OK, fair-point, wasn't planned. I deleted the various /log/nginx access.log files without reading them.

I don't have time to map everyone with infosniper.net, and shirley everyone reads El'Reg via TAiLS anyway?

0
0
David Shaw

Guardian.com Nov2016 "Why is MI5 making such a fuss about Russia?"

summary (from a foreign correspondent):

1) blaming Russia carries little cost & is/(used to be) aligned with USA policy

2) UK population seems to be getting more sceptical

"for all MI5’s warnings, maybe Russia’s time as the UK’s all-purpose fall guy is nearing its end."

Disclosure: I visited Moscow in 1975, it was grey, smelly & scary.

12
0

Naughty sysadmins use dark magic to fix PCs for clueless users

David Shaw

Re: I am not making this up...

apocryphal story at one of my workplaces that a very annoying PHB had his Olivetti 386 similarly (deliberately) made unreliable, by rubbing two old brillo-pads together 5 inches above the mobo, allegedly . . . months of random BSOD

5
0

China's Great Firewall to crack down on unofficial VPNs – state-approved net connections only

David Shaw

how far?

consider that in Sweden in the 1950's the (forerunner to) Försvarets radioanstalt had wired up a surprisingly large percentage of homes to a centralised morse code click detection system. They were looking for HF transmissions, heading eastwards. This was sort-of a great RF Firewall. Nowadays achieved by a few SDRs e.g. http://hackgreensdr.org:8901/

What is the budget for the creation of your stegano compared to the budget that will be deployed against you?

1
0
David Shaw

Re: SSL

for a while, the Kindle/paperwhite/Voyage 3G using perma-licensed Amazon "whispernet" & experimental-mode browsing could get 50 megs of data a month through the GFW. I'm sure the regime was aware, but recognised it as a limited 'foreign-devil' type problem therefore not that serious.

This map shows it is fairly localised 'free 3G' http://client0.cellmaps.com/tabs.html#cellmaps_intl_tab

not much coverage in Uyghur areas, probably not many Amazon Prime accounts there either. . .

0
0

5G? Pff, don't bother, says one-time Ofcom man's new book

David Shaw
Happy

Re: What good is 5G when 1G doesn't even work?

Good reply, except why is there no 2G at Stansted airport? Lots of phones! No masts!

Specifically upper stories of the airport hotel, roaming with an EU Vodafone SIM, 2016.

No 2G network! not even hanging out the window

Mesh still has a future,

0
3

Page:

Forums

Biting the hand that feeds IT © 1998–2018