* Posts by taxman

398 posts • joined 14 Sep 2010

Page:

Word up: Embedded vids in Office docs can hide embedded nasties, infosec bods warn

taxman
Holmes

MS Word conduit?

See icon

Got a new Surface? Have some firmware. Old Surface? La la la la la, we can't hear you

taxman
Happy

HP Sauce

Well my HP Touchpad is still working fine.

But I wonder how many UK Gov workers are having problems seeing as some Depts switched over to SP3s and 4s a couple of years ago.

Why are sat-nav walking directions always so hopeless?

taxman
Thumb Up

And even the free version provides you with access to enough maps and bells and whistles to enjoy while working out what those close brown wiggly lines mean to your rate of breathing!

Perfect timing for a two-bank TITSUP: Totally Inexcusable They've Stuffed Up Payday

taxman
WTF?

Too much a coincidence?

One or two banks perhaps, but so many different businesses within a short space of time should make one think is there more to this than meets the eyes? Or is that just my normal suspicious self?

Still, glad I never made the decision to move over to using a mobile application. Never liked or trusted them.

Fallover Friday: NatWest, RBS and Ulster Bank go TITSUP*

taxman

Banks, banks and banks

Today the RBS group of banks (that all use the same firewall with such a single point of failure?), Barclays yesterday, Lloyds not so long ago along with Halifax. And so the list of names goes on. Seems to becoming more prevalent - and at a time when King Cash is being threatened. It does make you wonder if somewhere in the world there is a rubbing of hands.

Like tax? Love networks? UK taxmen have a job just for you

taxman

Re: Twaddle

At this grade it could be a CBE.

And how likely that the successful candidate could also be a Scot (or if an outsider some one from Sainsbury - HMRC appear to have given up on folk from Severn Trent and mobile phone companies for the time being).

Email security crisis... What email security crisis?

taxman

Re: Email is absolutely broken...

To secure YOUR sending emails you'll need the SPF/DKIM/DMARC trio applied - but that doesn't stop fraudulent email from coming in to you. In addition to setting up your own email receipt rules (like how can an email purporting to be from your own business be coming in from outside your domain) you need every other email sender to apply the trio - and/or use (read pay for) a propriety protection or alert system. Which is a growing industry.

The IETF have had plenty of time - and examples - to examine how broken email RFCs are and, along with the apwg and MAAWG, could have started to address some of issues (like checks on the header from address in addition to the envelope from address, IP/domain chains....). But perhaps they have realised that as use of email has progressed beyond that envisaged that it may be easier to try to educate to end user. Unfortunately that cannot be applied in many cases.

Dixons Carphone 'fesses to mega-breach: Probes 'attempt to compromise' 5.9m payment cards

taxman
Meh

Half a story

What I find interesting about a large number of these data breach stories is that so often there is one piece of information missing that is really useful - the period of the breach. This is not even mentioned in the press release from Dixons.

Techies! Britain's defence secretary wants you – for cyber-sniping at Russia

taxman
Holmes

Joint Cyber Reserve

Had a thought about this way in, extra pay, chance to mess a bit with some more interesting pentest/hack/cracking stuff...then realised that perhaps the joint bit wasn't what I thought it could be when I read about the sailor being busted on HMS Queen Liz for peddling.

Sherlocks bong is the nearest thing

UK 'wife'-carrying champion named

taxman
Thumb Up

The Alternative one

Perhaps a little more trying for competitors with there being a little more up and down involved....it being Wales of course

http://www.worldalternativegames.com/

Hypersonic nukes! Nuclear-powered drone subs! Putin unwraps his new (propaganda) toys

taxman
Devil

Trumps pal (allegedly)

Great announcement from the Russian Leader to enable the current US of A Leader demand greater spending on Defence (and De-Wall).

You don't think this is another way of "controlling" the US of A folk now that the social media front has been blown?

Scouse marketing scamps scalped £70k for 100,000+ nuisance calls

taxman
Facepalm

Re: And people wonder why we dumped our landline ?

And have you seen all the permissions the TrueCaller app wants to have on your phone? Microphone, picture gallery, camera, wifi connection info, com sec permission read and write......

Former UK.gov IT man and Python king's guide to neural networks

taxman

Re: Well...

Indeed. "That enabled them to expand from using just BlackBerry devices into support for Android, iOS and Chromebooks. "I was proud of that," he adds" Most still using Blackberry phones, odd bits like MoD accept Apple in "some" places. Some are using Windows OS phones.

Android? CESG passed Samsung Knox a couple of years ago but hasn't got traction yet.

But yes, Seems a nice guy. But why years working in a relatively low paid job!

MPs accuse Amazon and eBay of profiteering from VAT fraudsters

taxman
Facepalm

Ahem *Whois* cough

So HMRC, nay but also GDS and central Gov use Amazon for their own services.

Less of an elephant in the room, more a Brontosaurus!

Cybersecurity world faces 'chronic shortage' of qualified staff

taxman

Endemic problems

One of the issues often seen is that "management" are keen to be known as "experts" but do not have the aptitude or passion for the subject.

Once you get "management" to understand that they have to recognise that those with the correct aptitude and passion for the work should have money spent on them to obtain qualifications rather than "managers" who use the cash to attend "cyber" conferences, then you might, just might, get an improvement.

And Senior Management also need to start understanding that they need IT managers in place who also have an aptitude and passion for the work - and these need to be listened to. So often you see IT Dept managers who have no operational interest or ability but know who to appease Senior Management as that is where they have set their target to get to.

DMARC anti-phishing standard adoption is lagging even in big firms

taxman

“Deploying a DMARC policy where p=none along with a relevant SPF record is simple, but it is only the first step......"

Just having a DMARC record in place is a chocolate fireguard. Perhaps when writing reports like this the folk concerned really should make it clear that you also need a SPF or DKIM as well - as a minimum. But best to have both.

And yes we all know that DMARC+SPF alone "can" break when mail servers forward mail when p=reject. Particularly when mail forwarders or loadbalancers overwrite/insert their sending IP address in the header :-(

UK uni warns students of phishers trying to nick their tuition fees

taxman

Perhaps GoDaddy are having problems contacting the site admin Walid Sayed

Nearly three-quarters of convicted TV Licence non-payers are women

taxman
Stop

Re: See me...

"Cleveland topped the charts for the number of suspected evaders....."

Another very basic error. That county was abolished over 20 years ago and the area divided into 4 unitary borough councils. So really Warwickshire was top and London second.

Specsavers embraces Azure and AWS, recoils at Oracle's 'wow' factor

taxman
Paris Hilton

Re: Interesting

More interestingly will Louise McCarthy be leaving too. She was under Pavitt in TfL, HMRC, Aviva and now Specsavers.

Track record suggests.....

And could Pavitt return to HMRC now Dearnley has left?

Identity disorder: Does UK govt need Verify more than we do?

taxman

Re: Pension Forecast

You don't need a GGW account for a pension forecast, just a printer attached to your PC to print a form off and post it. Keeps folk employed (post office, drivers, civil servants).

And before you comment - how do you know if your application isn't just printed off at the other end and handled just like a posted application :-)

Update or shut up: Microsoft's choice for desktop Skypers

taxman

DLP disaster awaiting?

"....... the better to allow baked-in services like file sharing from within the Skype client....."

Oh dear. What could possibly go wrong here?

GCHQ cyber-chief slams security outfits peddling 'medieval witchcraft'

taxman

Bad news

Inland Revenue service? That's not existed for over 10 years.

If it refers to HMRC then they "got off their arse" and implemented DMARC and SPF back in 2013 and have been trying to get others to follow suit. Looks like their actions have been noticed and now NCSC have taken up the baton.

Parliamentary watchdog: Bank IT concerns not yet addressed

taxman
Facepalm

Regulating the FCA

Perhaps it would be an idea if the FCA looked into www.fssvcuk.com.

Looks like the FSA have now moved their operations to The Philippines!

GDS has no real strategy for £450m budget pot, internal plan reveals

taxman
Mushroom

Re: Top Civil Servants

If only that were true. Trouble with GDS is that this was a Cabinet Office initiative bringing in "experts" from outside the Civil Service to provide expert advice on how IT dev should be done. So althought a number of these are now CS they are not old stream....who have got their hands dirty by keeping legacy systems running and trying to do things on a shoestring as all the funding appears to go to new web functions with "cool" fonts.

£450m given to Depts would result in a lot of infrastructure improvements...but to GDS?!!!

Pentagon fastens lasers to military drones to zap missiles out of the skies

taxman

Dale Brown

Wings of Fire AL-52 Dragon plane.

Just saying

RBS and Natwest online banking goes titsup

taxman
Coat

El Reg Phishing?

Lovely piece of work. Say a site isn't up and running and make a note of all those who say they have no problem logging in.

So you bank with........ do you ;-) Thanks.

(email address, pseudonyms, bank.....)

BBC News website takes New Year's Eve break

taxman

Re: Akamai? Breach?

Then again are the Beeb just using Akamai for CDN rather than CDN and DDoS protection? They do have some IP addresses out in plain sight so a DDoS could have gone through the back door

Try looking up without the www and you get

canonical name bbc.co.uk.

aliases

addresses

212.58.244.22

212.58.244.23

212.58.246.79

212.58.246.78

taxman

Oh Dear

www.bbc.co.uk

Address lookup

canonical name a1733.g.akamai.net.

aliases www.bbc.co.uk

www.bbc.net.uk

www.bbc.co.uk.edgesuite.net

So either it was a massive DDoS that could overcome Akamai's Edgeserevrs (assuming BBC do not just use European ones) or there was a bit of a cockup in some configuration activity within BBC or Akamai.

GCHQ creates Github repo, offers graph database code

taxman
Happy

Just a thought

Perhaps they are showing that they can produce better code than GDS as well as other things better than GDS?

So perhaps an attempt to shaft plans of GDS/Cabinet Office to take work away from CESG/GCHQ?

Bridge, ship 'n' tunnel – the Brunels' hidden Thames trip

taxman

I remember breaking ground on this back in 1975 when working for the Brunel Exhibition Rotherhithe through CSV. Two of us a shovel and a sledgehammer working a derelict site. Didn't make much of an impact and annoyed neighbours on a Sunday morning but found interesting hoards of illicit goods buried under rubble on the site.

Google polishes Chrome security with Password Alert

taxman

Black pots and kettles

What WOULD be of use to the world would be if Google stopped allowing it's mailing system be used by phishers in the first place.

Yahoo! Mail! goes! titsup! in! Blighty! due! to! mystery! error!

taxman

Re: Yahoo and DKIM

The thing about BT is that they are causing denials themselves with their CPcloud server acting as a mail forwarder. If you look at BT they are running THREE email services under the name of BTInternet.com, one of which uses the Yahoo! mail service. To direct to mail to the correct service the CPcloud server is stripping off the original header info and substitutes itself as the sender. A great way to get mail be labelled as Spam.

Telly chef Jamie Oliver in embarrassing infection double shocker

taxman
Windows

bukka fukka pukka

Pukka icon

Regurgitated, a bit like the recipes, There is only so many ways something can be done or mixed together and it's been being done for quite a while yet. As ever there are suckers willing to be drawn in all the time,

Oh, and there's WordPress too.

Toshiba packs NUMERIC KEYPAD onto self-bricking USB drive

taxman

Re: What price freedom?

And even at $95, what price freedom? What a load of tosh!

UK DataShur 4Gb FIPS 140-2 Lvl 3 USB £39, their 32Gb version only £99. Same same keypad, number of tries, clearing down of data etc.

Their SSDs are also worth looking at, built on the same principle.

Goldilocks Gliese planets don't actually exist

taxman

Re: They did exist-

Bebo. A real Intergalactic Laxative.

Brit SPACE HEDGEHOG team flies student Mars payload

taxman

But why helium

One of the few elements that will disappear forever. Really good to encourage youngsters to think about science and the tomorrows to come....shame the organisers don't do the same.

Rap chap tapped for $3 BEELLION: Apple buys Dr Dre's Beats

taxman

WTF?

Most expensive hearing loss tool paid for. Is this a tax loss thing?

As for music streaming.... surely the geeks employed by Appfelsaft could have aye Tunes do this...hang on. Doesn't this exist already?

Jeez. 3 Bs!!! Looks like mushrooms are back in favour.

BEAK DRONE: 1080p HD Wi-Fi quad-copter by Parrot takes to skies

taxman
Thumb Up

Re: More importantly...

Too late.

Was watching a demonstration the other week of how raptors (feathered type!) can be trained by dropping lures from quadcopter.

Set up a flying pattern of direction and varying heights then have it drop the lure at a set way point before the 'copter returns to base.

BBC hacks – tweet the crap out of the news, cries tech-dazzled Trust

taxman
Happy

Infographics

News for those who are allowed to play with fonts and crayons but are yet to move beyond the picture book and animal sounds.

Cuffing darknet-dwelling cyberscum is tricky. We'll 'disrupt' crims instead, warns top cop

taxman
Facepalm

CCCP

"They are out of reach and there's no extradition, so the best we can hope for is local prosecution,"

Well, unless the perps go to Ukraine for a Black Sea holiday where even the US will sweep them off the beach. Ah, yes that explains it now. Invasion funded by Interweb perps.

Tooled-up Ryobi girl takes nine-inch grinder to Asus beach babe

taxman

Re: Getting as bad as motorcycle and car shows

I always thought that first line was:

Get up in the morning bacon for breakfast......

Not sure how it fitted with the song title though.

Record labels sue Pandora over vintage song royalties

taxman
Coffee/keyboard

Re: Pensions

"And bugger Cliff Richard........"

As well as a new keyboard it's half a cup of coffee too. Well played Sir.

Is tech the preserve of the young able-bodied? Let's talk over a fine dinner and claret

taxman

Open bar you say?!

Somewhere to go after Infosec then.

Mounties always get their man: Heartbleed 'hacker', 19, CUFFED

taxman
Big Brother

Re: Can't wait

Nothing to sniff at?! ;)

Hot, young under-25s: Lonely slab strokers who shun TV

taxman

Going against the trend

Being from the 'Boomer years' I don't have a telly, don't want one and can't really see the need for one. Laptop and 26" monitor with speakers is quite adequate for watching the rare programme from BBC on iPlayer (didn't get that one Apple! - sorry and the logging in aspect of the commercial channels is a pain) or for watching DVDs/Bluray.

And now Amazon/Lovefilm are introducing unlimited film streaming even less of a need for a telly and the £140+ licence to pay for the extortionate paypackets of lovvies and "DJs". Any sport can be watched in the company of others in the pub - supporting local business and enterprise - as many people who have a telly do as well.

Three's money man reveals UK mobe firms' dark pricing dealings

taxman

Re: Three 0800 pricing

From the latest 3 Price Guide:

All 0800, 0808 and 0500 calls are free.

Your data allowance can be used as a personal hotspot (we used to call this tethering) – if you choose a plan with all- you-can-eat data, you can use up to 2GB of this allowance each month as

a personal hotspot.

So yes you can give up your current contract to get free 0800 calls and lose your unlimited tethering.....or keep the tethering and not call any 0800 etc numbers.

Bulls hit city streets after alleged Samsung ad shoot hits the fan

taxman

Need eyes testing

as I pretty sure that word was NOT beasts!

BT caught in data gaffe drama: Whistleblower squeals over alleged email fail

taxman
Facepalm

Critical Path Failure point

Is that why there is so much spam/malicious mail coming from IP 65.20.0.12 Hostname lb.lon5.cpcloud.co.uk? I've been wondering how. Thank you.

Page:

Biting the hand that feeds IT © 1998–2018