* Posts by Mr Humbug

115 posts • joined 28 Jul 2010

Page:

Teen TalkTalk hacker ordered to pay £400k after hijacking popular Instagram account

Mr Humbug

My guess was that he socially engineered his way into some Telstra customer e-mail accounts and used the Instagram password recovery feature

Web body mulls halving HTTPS cert lifetimes. That screaming in the distance is HTTPS cert sellers fearing orgs will bail for Let's Encrypt

Mr Humbug

Re: Follow the money

https://certifytheweb.com/

See above :) (you posted while I was writing)

Mr Humbug

Re: Follow the money

I've found that

https://certifytheweb.com/

works well on Windows servers. I've only use dthe free version because my servers don't run many sites, but it will even automatically renew and deploy a certificate on an Exchange Server.

One person's harmless japery can be another's night of LaserJet Lego

Mr Humbug

On one April 1st I had all the HP LaserJets saying "OUT OF BEER". Only one person mentioned it and he refused to go and get beer for me to fit to the printer.

Storied veteran Spitfire slapped with chrome paint job takes off on round-the-world jaunt

Mr Humbug

I'm glad I'm not the only one to notice that.

And then remember Douglas looking at Polar Bears in episode Q (you fill in the full name)

What's the last piece of software you'd expect to spy on you? Maybe your enterprise security suite? Bad news

Mr Humbug

Yes, you're right. But one rule you will almost always find is

Any user device to destinationTCP ports 80,443 on any destination IP address.

Often this can, and does, go through a proxy, but that's not always the case. And even if it is, the proxy is normally looking for malicious stuff coming back, rather than strange traffic going out.

Mr Humbug

Our policy makes it clear that anything we do on IT equipment and services provided by the company is not private. We are allowed reasonable personal use, but it's monitored and certain events (such as file uploads to non-company web server - we trust but verify) generate an alert that is then investigated.

I don't mind because I get the alerts and do the investigating, but I've had to remind a few people that there is monitoring and, while their personal use is perfectly acceptable and I'm not going to gossip about their personal lives, they might not be comfortable with me knowing everthing I've seen.

UK PM Johnson spins revolving doors, new digital minister falls through

Mr Humbug

I can't see how you read that into what I wrote. I was pointing out that the reductions in police numbers did not mean there are plenty of trained people ready to walk back into the job.

Mr Humbug

<pedant>

Police officers are immune from redundancy (and also not allowed to unionise). So any recently former police officers either chose to go somewhere better or were thrown out for being caught at something they shouldn't have done. It might be difficult to get the first group back and can you imagine the Guardian's reaction to re-employing the second?

</pedant>

Guess who reserved their seat on the first Moon flight? My mum, that's who

Mr Humbug

Re: Man has definitely been to the moon.

It was faked. Photgraphic evidence and explanation:

http://web.archive.org/web/20030401130307/http://brainsluice.tripod.com/moonlanding.html

Operation Desert Sh!tstorm: Routine test shoots down military's top-secret internets

Mr Humbug

I am confused

> because a DC in a VM is easier to move over to another host

But don't the hosts have to be members of the domain in order to move a VM between them? Or would you just copy the virtual disk file(s) and create a new VM to use them?

My Hyper-V hosts are members of the domain, but they will start up OK, allow you to login (with cached credentials) and start virtual machines without a DC being available

For pity's sake, groans Mimecast, teach your workforce not to open obviously dodgy emails

Mr Humbug

Re: you could do that, but...

It's orders of magnitude higher cost, but it seems it must work. If it did not then "Domain Resgistry of America" wouldn't send out invoices to renew your domain's "internet search registration"

Mr Humbug

Re: Individual people can be smart.

> tell 'em that opening and/or responding to such emails is a firing offense.

The trouble with that approach is that at some point someone will make a mistake. When they do, would you like them to report it so that you can respond as quickly as possible, or would you like them to keep quiet and try to conceal it?

Of course you then have to decide whether that will work in your company's culture and with the people you have working there. And that will be affected by whether they see themselves as part of the business or as someone who turns up to complete a task and then go home.

I don't have to save my work, it's in The Cloud. But Microsoft really must fix this files issue

Mr Humbug

It might be the configuration - not sure whether I've changed the default (you saying it doesn't work for you made me look to see if there was an option). If you look in

File, Options, Save

there is 'Keep the last AutoRecovered version if I close without saving',

which is enabled in mine

Mr Humbug

It does that if the file was already saved and you tell it you don't want to save changes, but if you create a new file, do something in it then close and say you don't want to save, Word will keep it in the Unsaved documents folder. I tried it earlier and the file is still tehre at the moment.

Mr Humbug

Ah, but Word does do that - and has done for a while.

When you go to open a file, in teh Recent files section there is a button called 'Recover unsaved documents' which takes you to %localappdata%\Microsoft\Office\UnsavedFiles which is where Word autosaves a file until you give it a proper name (they're ASD files, not docx).

It doesn't throw the unsaved file back in your face like Notepad++ does, and I' not sure how long it will keep the files there, but it does at least give you a short opportunity to change your mind about not saving.

It's 2019 and SQL Server can be pwned by an SQL query, DHCP failover server failed by a packet, Edge, IE by webpages...

Mr Humbug

Chromium based Edge is on preview at the moment. Presumably the EdgeHTML version will still need patches until the last version of Windows (1903/1809 ??) that uses it goes out fo support.

Although it's also conceievable that Chromium will push EdgeHTML out of those versions too - there's a preview of it for Win7 now.

Reach out for the healing hands... of guru Dabbs

Mr Humbug

Re: Ah, you have "the glare"...

"You took your foot off the 'create fault' button on the floor under your desk"

At least that's what they tell me.

Oz watchdog claims Samsung's leak-proof phones ad campaign doesn't hold water

Mr Humbug

My daughter had the original Ulefone Armor, which she bought because she kept breaking her phone. She accidentally dropped teh Armor in about 8 inches of sea water while on holiday and it stopped working.

That was the first of three phones she destroyed that summer.

Will that old Vulcan's engines run? Bluebird jet boat team turn to Cold War bomber

Mr Humbug

Avro. Four engines - either Merlin or Olympus

The seven deadly sins of the 2010s: No, not pride, sloth, etc. The seven UI 'dark patterns' that trick you into buying stuff

Mr Humbug

I'da always assumed that was because selling through Amazon costs more than selling through eBay or selling through your own site

Remember the Nominet £100m dot-uk windfall it claims doesn't exist? Well, it's already begun

Mr Humbug

I had a similar one telling me I should ask my current registrar to register the .uk because otherwise someone else might take it at the start of July. My mail server thought it was a scam and quarantined it

> The automatic assumption that everything unsolicited is a scam unless readily proved otherwise is going to be quite interesting in the medium term...

It's starting to become interesting at work. The accounts address receives invoices (PDF attachments) from companies the accounts administrator has never heard of that later turn out to be the registered name of a company we were expecting an invoice from, but the PO was made out for its trading name. It makes some interesting conversations with the supplier's credit control people.

An alternative scenario is that the purchaser is slow about passing the PO to accounts, so the invoice arrives first - and gets deleted as spam.

We knew it was coming: Bureaucratic cockup triggers '6-month' delay of age verification block on porno in the UK

Mr Humbug

Re: Age of Consent

Also, they are not allowed to record themselves doing those "naughty" things.

PowerPoint to start telling you that your presentation is bad and you should feel bad

Mr Humbug

I am confused

Using 'leverage' or 'impact' as a verb should be gross misconduct.

Please be aliens, please be aliens, please be aliens... Boffins discover mystery mass beneath Moon's biggest crater

Mr Humbug

The evidence is mounting up

https://www.theregister.co.uk/2017/10/20/japan_finds_long_deep_tunnel_on_the_moon/

Mr Humbug

It's part of the Dahak's hull of course

DXC Technology seeks volunteers to take redundancy. No grads, apprentices, and 'quota carrying' sales folk

Mr Humbug

1.5 weeks per year over the age of 41. Only the most recent 20 years' service counts (so if you're 63 with >20 years' service you get 30 weeks' pay). Pay for one week is capped at £525 (I think it's a bit higher in NI). so maximum statutory payment is £15,750 (which is tax free).

Presumably the additional month they are offering is not capped.

I forget the exact details of ROI calculation, but the cap is higher and the number of weeks pay is greater

British Army cyber 'n' psyops unit 77 Brigade can't even brainwash civvies into helping it meet recruitment targets

Mr Humbug

Recruiting part timers...

... might be affected by this:

https://www.army.mod.uk/who-we-are/formations-divisions-brigades/force-troops-command/77-brigade/apply-to-join-us/

'Thank you for your interest in 77th Brigade. Unfortunately the Brigade is not in a position to assess new civilian candidates until September 2019 – however we are accepting CVs from interested candidates which we will process in due course. This is due to a number of factors including a reorganisation within the Brigade, an assessment of the skill sets required and the processing of existing candidates.'

A real head-scratcher: Tech support called in because emails 'aren't showing timestamps'

Mr Humbug

The French do have a habit of revolting: 1792, 1848, 1870, 1946 and 1958. Although after the first time they do seem to have made it less traumatic.

Mr Humbug

> I'm sure it wasn't that long ago that people had footnotes in their signatures asking the receiver not to print that email.

It's still there in lots of signatures, but you don't notice it because it's buried in the bit that says you shouldn't have read the message if it wasn't for you.

Out-of-office email ping-pong fills server after server over festive break

Mr Humbug

More than one way to go about this, but the essentials are:

A PXE boot server that your DHCP server can point to

The bootable environment on the PXE server

The image file that you want to install (if this is Windows then you MUST run sysprep on the machine you take the image from)

Any post-image scripts to customise individual machines or to complete the Windows Out Of Box Experience.

If you have Windows Server then MS provides the whole thing in Windows Deployment Services (WDS)

And whatever you use to deploy a Windows image, that image will need appropriate licences and istallation media for reimaging (OEM licences and media don't work properly, you need a volume licence key)

Buying a second-hand hard drive on eBay? You've got a 'one in two' chance of finding personal info still on it

Mr Humbug

Someone who works in a defence establishment (where they make self-contained combined power supplies and propulsion units) told me that the normal procedure at the end of a project is to remove all the computer drives and bathe them in hydroflouric acid.

My normal procedure for disposing of drives is much easier - it just requires a power drill

A quick cup of coffee leaves production manager in fits and a cleaner in tears

Mr Humbug

> A really big workstation machine or an A3 colour laser printer might exceed the 3A limit but that's rare

We have discovered through experimentation that all of our laser printers draw more than 3A on start up. Also, the cleaners have established that vacuum cleaners draw more than 3A.

Although it usually then takes several months for someone else to report their "laptop won't charge from any socket on that strip (that one on the end worked until last week, but now now none of them do)"

Just the small matter of the bill for scrapping Blighty's old nuclear submarines: It's £7.5bn

Mr Humbug

Starships

If the US can retrofit an SSBN with a hyperdrive then we should be able to do that too.

https://en.wikipedia.org/wiki/Voyage_of_the_Space_Bubble

This is not, repeat, not an April Fools' Day joke: 5 UK broadband vendors agree to pay YOU daily rate for fscked internet

Mr Humbug

Re: About Time!

It should be the same amount that you get charged if you aren't there when the engineer arrives for an appointment. Last I knew (several years ago) that was £80.

Android clampdown on calls and texts access trashes bunch of apps

Mr Humbug

Re: Exempt BlackBerry-branded devices

I don't think it's deliberately exempt, but the Hub (now called Inbox) on my DTEK50 is still showing calls and texts. That, however, is still on Android 6

Brexit text-it wrecks it: Vote Leave fined £40k for spamming 200k msgs ahead of EU referendum

Mr Humbug

If you look at how most modern 'democracies' work, you'll see that they are actually designed to make sure that the 'right people'* make the decisions.

* the way the right people are selected differs between systems and over time within a system - the UK used to decide according to who your parents were, then it was how much money you had and now it's either money, who you went to school with or which trade union you joined

How many Reg columnists does it take to turn off a lightbulb?

Mr Humbug

This can be solved by proper parenting. My 20-year-old son can quote Aliens, Blade Runner, Terminator etc just as well as anybody else can.

This is the Send, encrypted end-to-end, this is the Send, my Mozillan friend

Mr Humbug

I see what you mean, but if you've got maliciaous insiders who can set this up on their own VPS then you've already got malicious insiders who can set up a VPS that accepts file uploads over https. ANd if that's a significant threat for you then you should already be locking down the end points and whitelisting permitted upload sites

Mr Humbug

I am confused

> It is however a DLP nightmare....

I suppose it depends a bit on how your users need to use information to do their jobs, but I don't see how this is any worse (for DLP) than the other file sharing services already available. You still have to control where people can upload stuff to and it doesn't really matter (when you look at the insider threat risk) whether the file is locally encrypted before it's uploaded if users have mobile devices that can connect from outside your perimeter. And if you can monitor and block access to sites such as files.fm then you can do the same with this.

Lenovo kicks down door of MWC, dumps a stack of sexy new ThinkPads

Mr Humbug

Re: Gained?

I see the T490s has lost the full size ethernet port in favour of a silly dongle, and it looks like it's a different silly dongle from the one on the X1 Carbon. That's a shame.

Mr Humbug

Re: Gained?

Yes, as do the T480s and the T580

Crowdfunded lawyer suing Uber told he can't swerve taxi app giant's £1m legal bill

Mr Humbug

Sounds like it's trying to put itself in the same position as eBay and Amazon Marketplace - an order processor and payment intermediary, not the provider of goods and services. Presumably the fee it charges to drivers includes some element of VAT.

Artificial Intelligence: You know it isn't real, yeah?

Mr Humbug

Re: What's worse than the biased algorithm

Actually I was agreeing with your point about the reliability of drawing conclusions from random internet search results :)

Mr Humbug

Re: What's worse than the biased algorithm

I tried that search in DuckDuckGo and I discovered that most doctors wear a lab coat, have a stethoscope hung round their neck and stand with their arms folded.

The main exceptions seem to be Matt Smith, David Tenant, Peter Davidson, Peter Capaldi, ...

Edited to add: obviously this is gender bias because you have to scroll down quite a lot to find Jodie Whittaker

Mr Humbug

AI or ML

Call it what you like. It's just a way of automatically repeating our past mistakes, but really quickly

Return of the audio format wars and other money-making scams

Mr Humbug

Our domain name incliudes 'lli' in the middle. Scammer registered a domain with 'lll' in it.

The most convincing one I've seen so far was an email that looked like a normal Exchange online synchronisation failure report that when youclicked through took you to a copy of the Office365 login process

One click and you're out: UK makes it an offence to view terrorist propaganda even once

Mr Humbug

Burden of proof

The government said the law still provides for the existing "reasonable excuse defence", which includes circumstances where a person "did not know, and had no reason to believe" the material acccessed contained terrorist propaganda.

"Once a defendant has raised this defence, the burden of proof (to the criminal standard) to disprove this defence will rest with the prosecution," the Home Office's impact assessment said.

I'm not sure how the Home Office arrived at that conclusion. The fact that you possess a chemistry textbook or have watched a video of a chemistry lesson that discusses nitration of toluene makes you guilty under 58(1). Then 58(3) says:

It is a defence for a person charged with an offence under this section to prove that he had a reasonable excuse for his action or possession.

Which looks like it places the burden of proof on the accused to show that the excuse is reasonable.

PS. I am not a lawyer

It's now 2019, and your Windows DHCP server can be pwned by a packet, IE and Edge by a webpage, and so on

Mr Humbug

Re: How oh how

And even worse, Edge doesn't render some PDF forms properly and has difficulty printing some PDF files. It did last time I tried to use it anyway

Cops looking for mum marauding uni campus asking students if they fancy dating her son

Mr Humbug

When my older daughter started looking at university a few years ago I was astounded that she *wanted* me to go with her to open days. When we got there I was equally surprised to find that nearly everybody else had at least one parent with them.

On the other hand, a few years later, when my (autistic) son started looking I was quite glad that having a parent with him didn't make him stand out so much at open days.

(PS. If anyone is looking for a University that is sensitive to students with additional needs, UCLan seemed very good, although he ended up going somewhere else)

Page:

Biting the hand that feeds IT © 1998–2019