* Posts by adfh

44 posts • joined 22 Jul 2010

More than half of Androids susceptible to ancient malware

adfh

So the source article mentions "MXPlayer Pro"

... is it saying that this application is:

* Bad in all cases?

* Susceptible to dodgy ad injection?

* Legitimate but being distributed in third party stores/APK form with malware added

2
0

Burger barn put cloud on IT menu, burned out its developers

adfh

Hungry Jack's isn't a BK clone, it's a licensed user of BK trademarks

Basically when Burger King went to launch in Australia, someone else already had the trademark locally.

https://en.wikipedia.org/wiki/Hungry_Jack%27s

There were legal shenaningans, and for a period there were BK branded restaurants, but they never took off to the same extent, and subsequently if you want BK in Australia, you go to HJs.

0
0

Israeli Pentagon DDoSers explain their work, get busted by FBI

adfh

A legitimate security company would practice due diligence

It could be argued that they, as an alleged "security service" company, should practice due diligence on the requests they receive.

Eg. Receiving a validated response from the listed WHOIS contact for the IP range

... or verifying the presence of a special text string on the website or in DNS supplied to the person requesting testing

If you saw that the WHOIS was a large corporation, if you were a real, legitimate security company, you'd be seeking legally binding and witnessed authorisation.

3
1

nbn™ switches on first Telstra HFC-powered broadband services

adfh
Thumb Down

... and for the areas that aren't greenfield, brownfield, rural fixed wireless/satellite or HFC cabled?

#sameasiteverwas

0
0

TP-Link abandons 'forgotten' router config domains

adfh

Does anyone know...

... if any of the tplink devices try and redirect to the domain name if you access them via IP?

I've seen some kit (Netgear I think) redirect to domain name based addresses when hitting them on their IP.

3
0

NBN 'copper guru' ads pulled from Monster.ie

adfh

Might not come up on ASIC...

... but it comes up in ABR Search..

http://abr.business.gov.au/SearchByAbn.aspx?SearchText=20219943178

0
0

3-in-4 Android phones, slabs, gizmos menaced by fresh hijack flaws

adfh
Alert

Oh.. and if you have a Nexus...

... don't hit "Check for Updates" because apparently that can stop you from getting the update... I SHIT YOU NOT...

https://productforums.google.com/forum/#!topic/nexus/fOAWe8jMRsQ

That's right, if you're diligent about installing updates as soon as vulnerabilities are released, just wait for the mothership to deem you worthy, because otherwise you can actually reduce your chances of getting it... unless of course you unlock the Nexus (wiping it) and go and directly download and flash the update yourself, bypassing the OTA mechanism. I confirmed with my carrier that they had nothing to do with the updates, and then found that above gem in the Nexus support forums.

I understand from the "sometimes updates brick things" point of view, but the idea that it can take almost until the next update is released for the current one to be made available to one's handset sucks. Certainly, having to wait up to four weeks for an update for security bugs that have big implications kinda sucks.

Don't get me wrong, otherwise happy with my Nexus 5X and the Galaxy Nexus I had before it (which I'd flashed over to Cyanogenmod when Google stopped supporting it, and which was running Kit Kat just fine up until I dropped it in a hospital bog and vowed never to touch (after retrieving it) again). I like that when the phone hits EoL, it can be unlocked and still be useful in some way... Just not big on waiting for security updates.

0
0

Ad-blocker blocking websites face legal peril at hands of privacy bods

adfh
Unhappy

Hrrrmm.. this feels like a stretch....

Probing a browser to test its capabilities is an intrusion of privacy?

I mean, when you seek to "fingerprint" a browser by analysing its plugins, plugin versions, font lists, request styles, version headers, cache contents etc. etc. to uniquely identify someone

Eg. https://panopticlick.eff.org/

... then yes, you are likely invading someone's privacy if you ask. But if you're querying a browser on its capabilities? Well, then that's a key part of responsive design (what resolution is your display? what pixel density? how is it oriented? Are you capable of displaying media of type X? What language shall I display to you?)...

Whilst I hate the bulk of ads, the primary reason I block them now is because of the security issue they pose due to the lack of screening for malicious payloads used in drive by downloads. The site publishers vary rarely now sell directly to advertisers, rather there's several layers of marketing and remarketing of screen real-estate going on.

That said, I feel what will happen is we'll just end up with another layer of "This site employs cookies, click agree" notifications.. Next it'll be, "This site sniffs your browser for ad blocking extensions, and deploys first and third party cookies and other tracking mechanisms.. Do you want to do anything useful? AGREE"...

The inevitable conclusion of this, as we move to "native code" on websites like Google and Firefox etc. are talking about is websites having app-like clickwrap licenses... and the web becoming less interoperable and more silo based... and then we all go back to the beginning complaining about incompatible systems and needing a standard :)

1
6

'Devastating' bug pops secure doors at airports, hospitals

adfh

Re: Attack vector

Regarding "fail safe" and where it needs to be implemented, depends on the door's location in relation to access and egress routes in the event of an emergency and the security of what's being protected.

Some door locks will fail open, some will fail secure - it all depends on where the door is, and if it's legally required to be open in the event of an emergency... This is why in some places you'll find an access card reader, and then next to it a "break glass" override.. or why if you have a card to access an office, often for egress you can just use the doorhandle ("Escape set" configuration).

Depending on how the system's implemented, there isn't always a direct link between reader and door lock - so overloading the signal/power lines on a card reader may only succeed in blowing out the port on a local controller node, whilst the lock may be separately connected. By releasing the magic smoke on the card reader, you likely just make it harder for anyone to open the door at the location, and in a properly monitored install, flag that there's a fault in the reader equipment at a given location.

0
0

Nest bricks Revolv home automation hubs, because evolution

adfh
FAIL

Urrrgh

A perfect example of how hardware built as a terminal/interface/gateway to a specific online service is, ultimately, beholden to that company for service.

It's depressing to think that there'll be all this hardware out there, that with the right software could continue doing what it needs to do, but is ultimately going to end up in landfill.

Who, realistically, expects equipment to only last the warranty period? Is someone realistically thinking, "$300? Oh wow, that's less than a dollar a day!"

I wonder if anyone's managed to unlock one and re-task it? I wonder if perhaps businesses that yank the rug out from under their customers should perhaps consider opening up their devices and/or unlocking them?

Very much a dick move on the part of Alphabet/Google/Nest.

12
0

Computer says: Stop using MacWrite II, human!

adfh
Happy

I remember in highschool...

... there was an extension popular with the mac users. MacPuke :)

Command+E *loud puking noise* *out pops disk* :)

1
0

Boss of classified ad website Backpage.com faces first contempt of Congress in 20 years

adfh

Citing first amendment?

The First Amendment is the right to free speech.. Did he or you mean fifth - freedom not to self incriminate? ... or am i missing something in the first? ... or is he calling it a protest? :)

1
0

The Day Netflix Blocked My VPN is the world's new most-hated show

adfh

Well...

* What language settings does your computer use? en-AU? en-GB? en?

* What are your date format preferences? mm/dd/yyyy? yyyy-mm-dd? dd/mm/yyyy?

* What time of day/timezone is your computer set to?

* Have you ever visited their site without going through a proxy from a different geolocated IP?

* What's the turnover of accounts on a given IP?

* What was the nationality of the payment source? BIN/IIN?

1
3

Comcast repeatedly crams modem upgrade demands into browsers

adfh

At least they let you use your own modems there...

... here, if you are in a cabled area providing DOCSIS access, you must get your modem from the provider. They will not connect modems (even if they're the correct model) from either the other cable telco in the country, or overseas.

0
0

'Wipe everything clean ... Join us ...' Creepy poem turns up in logs of 30 million-ish servers

adfh
Happy

Had a squiz at my server logs.. sure enough...

151.217.177.200 - - [29/Dec/2015:19:54:51 -0800] "DELETE your logs. Delete your installations. Wipe everything clean. Walk out into the path of cherry blossom trees and let your motherboard feel the stones. Let water run in rivulets down your casing. You know that you want something more than this, and I am here to tell you that we love you. We have something more for you. We know you're out there, beeping in the hollow server room, lights blinking, never sleeping. We know that you are ready and waiting. Join us. <3 HTTP/1.0" 400 392 "-" "masspoem4u/1.0"

3
0

iOS 9 kludged our iPhones, now give us money, claims new lawsuit

adfh
Alert

Double edged sword...

On the one hand, not deploying the update to older phones would mean that they remain more functional..

On the other hand, by not allowing handsets to get the latest software, unless you're releasing patches for the older software as well, invariably, the older devices will be vulnerable to hacking.

In my mind, a phone should not be designed, either by hardware or software limitation, to only last 2 years (batteries excluded - I'd class batteries as a consumable).

I have a Galaxy Nexus - and Google have dumped support for it (allegedly initially because TI stopped supporting the mobile [TI OMAP] chipset within), but thankfully Cyanogenmod have been releasing at least major security updates for it. Sure, it's slow, and sure I want a new phone, but should I *need* a new phone? If I change the battery, the thing could remain functional until either the apps grow too big to be able to run (geez, how much resources does an IM program need, I'm looking at you, Facebook Messenger!), they finally stop doing security updates (connecting unfiltered to the wider world with a machine that no longer receives patches is asking for something to happen), I physically break the phone, or the flash wears out. My previous phones I've also ditched because they either couldn't do what I needed (2280, N70, N95), were buggy (Hyundai HGC-310e, N95), or their network support was killed (CDMA - HGC-310e, 2280).

If manufacturers are worried about a revenue stream, then perhaps they need to think about a licensing model around software updates to fund things. Abandoning the security of working devices because you want to sell some new ones, when they're still perfectly functional for browsing theweb, sending and receiving emails, calls and texts etc. seems like a massive waste of resources... especially things like rare earths and other minerals that often come from all sorts of sensitive areas in the world and can't easily be recycled.

The same applies to tablets - Android landfill especially - I like Android, but some cheap and cheerful Chinese OEM isn't going to give two flying .. well you get the idea ... about providing after sales updates for some Shenzen special, or open it up to easily allow third party updates when they could just sell newer devices.

Networked devices, be they phones, tablets or IoT, unless they're firewalled off from the world with very specific controls, they need to be updated, and updated and updated. Printers used to be the "forgotten networked target" on networks, now it could be a lightbulb!

1
0

It's almost time for Australia's fibre fetishists to give up

adfh

"Almost" "If"

"almost time"

"have a chance to kill off"

"if it can be proven"

"aren't in public view"

So basically, copper is being pushed faster in lab conditions, but the higher the speed, the greater the distance drop off and our population density, well, it varies wildly.

I do wonder, in the cost calculations, what accomodations are made for:

* Cost of repairing and maintaining copper

* Cost of maintaining and repairing nodes

* Cost of powering/cooling nodes

* Resilience of nodes to adverse/emergency weather conditions (heat waves, flooding, fire)

* Space required for nodes

* Ability for nodes to maintain service during grid failure

The impression I get is that nodes will pretty much, depending on population density look like RIMs on steroids, requiring active power + cooling and potentially copping it in a flood.

I have no doubt that installing fibre, where there was/is copper, is more expensive up front - but as population densities scale up, and bandwidth demands alongside that, it'd be interesting to see the projections over a longer term regarding cost.

That is - even if copper is cheaper upfront, what lifespan is it expected to have as compared to fibre, and how would its costs compare over that lifespan? Surely there has to be some foreign market information on this on populations of varying size and density?

2
0

Epson: Cheap printers, expensive ink? Let's turn that upside down

adfh

Old HPs were wonderful

The older HPs were fantastic. I had a LaserJet 5 too - lasted me many years until it too had feed issues.. A former job got an ex-lease HP Laserjet 8150DN with the huge paper tray addon (and the details of the previous user in the memory, LOL). With a copy of the service manual and a good reco parts company, I was able to keep it chugging along for ages (only needed to replace the fan and the fuser unit in it).

These days, as HP has gotten so plastic fantastic, I tend to suggest Brother for low to mid range duty cycle laser, and Kyocera for mid to higher range. A mob I help who has a Brother for their main PC printer tried to replace their fax and copier with a Fuji Xerox... it lasted a fortnight before the screen broke.. Now they run a colour Kyocera multifunction without issue (still can't convince them to turn off auto-printing every inbound fax yet though), using the B&W Brother for bulk of PC printing.

0
0
adfh

So is it like other Epson printers, where printhead change is service centre issue?

We had an Epson Color Stylus 500 years ago. We didn't use it for a couple of months (don't need to print every day). Then the print heads clogged up and we were told that it'd be 75% of the cost of the printer to fix the heads.

Does this new "Eco" printer let a user replace the heads when they get damaged? That's been one thing that's always put me off Epson. Very nice colour prints, but if you didn't use them regularly, be prepared for the heads to f*** up.

0
0

If you read anything today about ICANN taking over the internet, make sure it's this

adfh

Hrrmm....

FIFA anyone?

3
0

POODLE vuln dogs Australian consumer modems

adfh

One of the big problems is...

... even those of us who know how to upgrade firmware and to adjust router config settings, don't always have an option to do so, because often (as is with a lot of "embedded computing" devices) the manufacturers wash their hands of any responsibility after maybe a year or so.

0
0

Hey, Microsoft, we can call Windows 10 apps anything we like – you're NOT OUR REAL MOM

adfh
Facepalm

Oh lord....

Remember NT stood for "New Technology"... then it didn't...

Remember Metro? Don't call it Metro...

Remember Universal Apps? Don't call them Universal Apps..

Seriously... what's the value in rebranding something after people learn what it is? Who are they? VMware (Server.. ESX.. ESXi.. Sphere.. Cloud.. gaaah what the hell?)

1
0

Dot-sucks sucks, say lawyers: ICANN urged to kill 'shakedown' now

adfh
Facepalm

Re: All of it is about money

Heh, yeah.. it is rather rich that on one hand ICANN and all these corporates are pushing for more gTLDs, and then when one doesn't go their way, THEN the corporates claim it's a shakedown etc. :)

#amused

The whole idea that we need all these extra domains, yeah.. uh.. nah...

10
0

NBN Co's HFC build will be DOCSIS 3.1 ready, but use 3.0 only

adfh

Be interesting to see how long it takes Turnbull's 'as good as we need' #640KRAMenoughkindafutureproof VDSL to make it to homes. I'm lucky living close to an exchange and having Annex M so I get about 18/1.4Mbps which is better than most outside of an HFC area, but compared with the rest of the world, is dating quickly!

0
0

Still using the Google Talk app? You've got ONE WEEK to move on

adfh

Remember when you could load up all your IM accounts in one program?

ICQ, AIM, Facebook, MSN/Windows Live, Jabber etc..

Now things are going back to the silo - and sure, you can install the individual apps, but they're bloated hogs that want to be the default for everything... and on mobile, it's even worse - I mean, why does Yahoo need to keep video/audio call support going in the background even when you're not logged in!?

Clearly they want to bloat their competitors out and force people to pick their favourite.

8
0

Yahoo! Says! Chrome, IE Users! Should! 'Upgrade'! To! FIREFOX!

adfh

People use the Yahoo! homepage?

3
0

Microsoft's Lync becomes 'Skype for Business'

adfh

Wow.. That video...

Clearly they had the geniuses behind "that" Microsoft Songsmith and the Windows 7 Launch Party ads working on it...

0
0

The DRUGSTORES DON'T WORK, CVS makes IT WORSE ... for Apple Pay

adfh

Meanwhile I'm just using my EMV VISA card...

1
0

Future Apple gumble could lock fanbois out of their own devices

adfh
Thumb Down

How the hell is this patentable?

This is geofencing.. there's a lot of prior art on geofencing I'm pretty sure..

Hell, one of the Android security apps I have has the means to implement it.

How is this unique?

0
0

Cryptocard gobbles tasty, dead number puzzle startup

adfh

Umm...

... couldn't malware on the computer capture the image of the grid? I don't see how this is any more secure than the traditional onscreen keyboard - the only advantage it has is the pattern over a password. They talk about passwords being static - well, in this case, the pattern is static, you're just looking up an onscreen cypher when you enter it.

0
0

El Reg in email address blunder

adfh
Happy

Big brother has never seemed so smiley and PR video ready :)

0
0
adfh
Thumb Up

I concur.. should we be receiving notifications if our details have been leaked?

1
0

Google dumps + from Boolean search tool

adfh
Thumb Down

Exactly.. What if I want to include a phrase in my search, but not require it?

Before, if I wanted to include the phrase:

"the quick brown fox jumps over the lazy brown dog"

If I wanted to require the phrase:

+"the quick brown fox jumps over the lazy brown dog"

Now, how do I include but not require the phrase?

0
0

Galaxy Tab Oz ban ruling due next week

adfh
Thumb Down

Someone remind me again...

... how a patent lasting 20 years granted to one of the world's biggest companies fosters competition and innovation again?

Where a company isn't going to license its tech to other people on reasonable terms and is clearly a dominant market leader, where is the benefit on continuing their monopoly for 20 years... especially on things like process and software (where the implementation is covered separately by copyright anyway)?

Original copyrights (something to do with Queen Anne from memory in the UK) lasted somewhere in the order of 12 years from what I understand. Now we have life of author + whatever extension to the Mickey Mouse Act happens in the US and, it follows, companies with copyright treaties with the US...

IP (intellectual property) rules need to be rebalanced to reflect the quickening pace of development and the monopolies currently exploiting the system for all its worth.

0
0

How Apple's Lion won't let you trash documents

adfh
Joke

This reminds me...

... of the April Fool's Joke a few years back where someone talked about Apple renaming the Trash to Landfill and you wouldn't be able to delete things. :)

0
0

PlayStation update couples console to cloud and disconnects hackers

adfh

All about timing

I bet this fix for jailbreaking is only coming out now that they've applied the legal screws to Hotz. Prior to them doing the big legal attack, if they'd released the lock you know people'd be all over it and talking about it.

0
0

Creepy as hell: Facebook developers get to know you better

adfh

The problem with...

... their usual permission prompt is that it basically says, "Do you give them permission to access everything?"

No? Well you can't use the app at all - even if its functionality doesn't require access to the data

Yes? Well you've just allowed them access to everything.

If one could say, "Sure, I give this app permission, but not to details X, Y and Z" ... and then the app could advise in a non-blocking why it needs those permissions.

1
0

No need for speed, says Oz communications shadow

adfh
Thumb Down

Ugggh....

+1 on Steve's comment above..

Sure, fibre goes waaaay faster than what's needed for most people... NOW...

... but just as standard PSTN dialup had speeds like 75 baud and then got to ~56kbps before it was phased out, eventually higher speeds, higher than what the existing network provides, will be needed.

The Liberals are all about private enterprise knowing best - well, they haven't done very well so far, have they? Just as Australia's rail networks need upgrading to shift the natural resources so popular in commodity markets today, data is becoming a commodity in and of itself with things like iPads etc. driving consumer demand and for those businesses to continue growing, the infrastructure for transport needs to be improved in advance of demand rather than as an "Oh shit, we're behind the 8 ball" step.

1
0

Skype goes titsup across globe

adfh

Close...

Skype and Paypal are part of eBay group

http://www.ebayinc.com/who

0
0
adfh

Why I use skype

As evil as closed protocols can be, I'm yet to find an application that can do video on some and audio on even more platforms with so little fiddling (if any) with one's firewall being involved.

Eg. I don't even need UPnP (*shudder*) enabled on the router for it to work.

I've heard various people telling me to use program X, but it's only available on platform A...

Or program Y, but it works poorly over NAT and needs helper module B...

Or Program Z, but it needs grandma to forward a port in her router C..

With IPv4 stuff running out, IPv6 still not quite rolled out to everyone, private networks generally not being assigned public addresses etc. why do people continue to invent protocols that traverse NAT so poorly or require specific assistance/identification by a router/firewall?

I can call between Symbian, Android, iOS, Windows, Linux and OS X in Skype without any firewall chicanery in the majority of situations and make cheapish calls (some of their mobile rates suck) all without having ever touched a firewall config. If someone else can make an app that can do this, I'd be happy to use it and suggest it to others, but I haven't seen one yet (please, someone feel free to guide me elsewhere).

2
0

Hacker warning over internet-connected HDTVs

adfh
Happy

I reckon it's Panasonic Viera..

Document mentions .eu and .tv domains and accessing home-screen.js

Google home-screen.js and you get http://customvieracast.blogspot.com/2010_05_01_archive.html

Read that document and you see "Looking at the code in home-screen.js I can see that it downloads from vieracast.eu (EU market) vieracast.tv (US market) depending on where you are."

1
0

How to kill your computer

adfh
Alert

PSUs with voltage switches - set it to the wrong one..

Wanna see caps go bang? Just flip the voltage switch on the back of some PSUs (Eg. 110/240) to something other than what your domestic supply is.

0
0

BT feathers ruffled over pigeon-based file transfer caper

adfh

Also done in Australia

A TV show in Australia, "Hungry Beast" ran a comparison of broadband services in rural areas by testing net vs car vs carrier pigeon..

http://hungrybeast.abc.net.au/stories/great-pigeon-race

0
0

Skype shelves call charges

adfh

Unlimited data is not sustainable in the long term

"All you can eat" data plans are not sustainable.. As everything moves to a more data centric model, expect it to be volume charged as with all other consumable resources to pay for the infrastructure behind it all.

Mobile data has always been volume charged in Australia (well, initially it was time charged too :S) and it's only surprising the rest of the world is only beginning to follow suit now.

0
0

Forums

Biting the hand that feeds IT © 1998–2017