* Posts by Pen-y-gors

1953 posts • joined 1 Oct 2010

AES-256 keys sniffed in seconds using €200 of kit a few inches away

Pen-y-gors
Silver badge

So, to clarify...

For this cunning plan to work the attacker

1) needs to get pretty darn close to the target machine without anyone noticing (Gyood mornink, tovarich, Do you mind if I put my large briefcase that goes ping next to your computer?)

2) Needs to know what sort of processor etc the target is using, so that it can run the initial work 'on a test rig' (Oh, I seem to have lost my car keys, can we take the case off your computer so I can check they haven't fallen inside?)

3) Needs a radio quiet environment (could you just power down the rest of the building for a few minutes, I'm having trouble getting a signal on my phone?)

Interesting, but not exactly a major real-world threat.

2
1

Tory-commissioned call centres 'might have bent data protection laws'

Pen-y-gors
Silver badge

ICO involvement?

From reading some of the reports, I think Mr Plod may also take an interest. Sadly all the ICO can do is fine them, and the Tories have buckets of dirty money to spend.

It would be nice if the Electoral Commish could take a stand and deliver a five-year ban on the party using telephones or social media in any election. And possibly even order a bye-election in the marginals they targetted.

8
0

UCL ransomware attack traced to malvertising campaign

Pen-y-gors
Silver badge

Footnote

1 These compromised sites hosted an exploit kit that used software vulns to push malicious code onto the Windows PCs of visiting surfers, a common hacking and malware distribution technique.2

2 unless those PCs are running up-to-date software and some decent up-to-date anti-malware software, like what any sensible user would.

4
0

Darkness to fall over North America from a total solar eclipse

Pen-y-gors
Silver badge

'Snot fair

Why do the Merkins get all the good eclipses? And of course most of us won't be able to see them, for various reasons.

Could we ask that nice Mrs May to include something in the wonderful forthcoming US-UK trade agreement to make the USians share their 2024 eclipse,and extend it to include the UK?

9
0

Cisco's 'encrypted traffic fingerprinting' turned into a product

Pen-y-gors
Silver badge

Veeeeery interesting....

So basically, although you can't see what's being sent, you can fingerprint a known thing and look for that fingerprint. But you do need to know what it is you're looking for and have a copy of it. And this will work for e.g. nasties phoning home, but is no use for intercepting the content of actual communications. And would this work on encrypted packets going over a VPN?

Pretty neat. There's bound to be a downside, but on the whole it's mainly upside.

3
2

Hacker exposed bank loophole to buy luxury cars and a face tattoo

Pen-y-gors
Silver badge

Re: Did he get the tattoo...

From the direction they'll be looking at him, they don't need to look at his face...

7
1

Researchers take the piss with pee-powered liquid energy project

Pen-y-gors
Silver badge

Re: Sustainable Parliamentary Power

Good thought - are the boffins working on a rear-mounted micro wind-turbine and methane fuel cell to harness other wasted energy?

0
0
Pen-y-gors
Silver badge

Re: like pavement power...

You'd probably be better off with a nice clean baseball hat

I read that at first at a nice clean baseball bat .... possibly an odd way to recharge a phone, but possibly a permanent way of removing the need for daily recharging.

Must go to specsavers...

7
0
Pen-y-gors
Silver badge

So in future, accidentally dropping your £900 iPhone down the loo will be a good thing?

6
0

Tesco Online IT meltdown: Fails to deliver THOUSANDS of grocery orders

Pen-y-gors
Silver badge

Glasto?

I thought the sort of people who go to Glastonbury were generally really right-on, cool types. So why are they shopping at Tesco?

3
0

Elon Musk reveals Mars colony rocket capable of bringing pizza joints to the red planet

Pen-y-gors
Silver badge

Kerosene?

Kerosene can't be made on Mars

Surely if you have the raw materials to make methane (C and H) then you have the raw materials to make paraffin (a mix of Cs and Hs). Granted it will be a lot more complicated, but it's not strictly impossible.

3
0

It's 2017, and UPnP is helping black-hats run banking malware

Pen-y-gors
Silver badge

Re: Is it fail Monday?

Down votes a bit unfair. It's something to do with uPnP, but it can only work if some other flaw allows the malware onto the machine in the first place.

Blaming uPnP is a bit like blaming the goalie whenever he lets a goal in - they had to get past 10 other players first!

4
7

As you head off to space with Li-ion batts, don't forget to inject that liquefied gas into them

Pen-y-gors
Silver badge

Spot on. CFCs should rule this precise setup out for commercial use, although the odd one in orbit wouldn't be a major issue. But the important thing is that "it opens up other avenues of research" - now they've found one gas that it works with, they can start looking at others.

8
0

Oops! Facebook outed its antiterror cops whilst they banned admins

Pen-y-gors
Silver badge

Re: Zuck the cold-blooded tightwad.

It was reported that the guy mentioned was so frightened he fled Dublin to Poland for some months until his money ran out, but is now back, jobless and broke. Time for action Mr Zuck? They shouldn't even have to ask!

18
0
Pen-y-gors
Silver badge

It's unbelievable. Another report said that the bloke affected was REQUIRED to use his personal account. Why FFS? Never mind working whether you work for Stalkerbook or anyone else, if work requires you to use FB then you have a work FB account as well as a personal one. You know, a bit like e-mail and phones?

21
0

Worried about election hacking? There's a technology fix – Helios

Pen-y-gors
Silver badge

Re: My exact thought

@Voland

This is hardly something that can be called anonymous voting.

But then neither is the present UK system, technically. The voter number and ballot paper number are recorded on a list. In practice this is only used to provide a sort of audit of papers issued, but in a close election can be used to remove fraudulent ballots.

But it could also be used to track down the 52% for punishment...

Paper is the way to go. It provides a solid and safe audit trail, and with the supervision at all stages it's very, very hard to fix (except for the postal bit - and they're working on that). Security is tight, sealed boxes etc, and (many years ago now) when I worked a couple of times as a polling supervisor, once the polls closed and the records were written up, I had a police escort to the counting centre to hand the box to the returning officer. And the count is then overseen by representatives of the candidates. In fact, back then (late seventies in Scotland) we had a plod in the polling station all day. On overtime for 15 hours!

One odd feature of the system that I suspect most people aren't aware of...

One election the Liberal candidate brought a sweet little old lady in to vote. Asked her her number/address and checked the roll - it had already been crossed off! Oh bum! But then checked the pile of cards and found her card. So either someone had already voted for her, or she'd voted already. Checked the procedures and issued her with a PINK ballot paper. If it's close then the original paper can be removed and replaced with the pink one. We asked her if she'd already voted, and she said no, not recently - but she had voted last month (previous election was a year before!)

8
0
Pen-y-gors
Silver badge

Re: "Because you can"

@Volands right hand

Adding "yet another proposition" to a paper ballot is not cheap.

Democracy ain't cheap...but it's a lot cheaper than the alternatives!

22
0

BOFH: Halon is not a rad new vape flavour

Pen-y-gors
Silver badge

Halon?

Many years since I went near a mainframe Ops room, and that had Halon. Went off accidentally once, boy did they move fast!

Out of curiosity, what do they use instead of Halon these days?

5
0
Pen-y-gors
Silver badge

Re: This was a particularly good one

@Peter Gathercole

I just wish more bosses would read them.

Noooooo.....trade secrets!

22
0

Yeah, if you could just stop writing those Y2K compliance reports, that would be great

Pen-y-gors
Silver badge

How many?

I'd be curious to know how many Y2K compliance reports they actually received in the last ten years.

7
0

Brit hacker admits he siphoned info from US military satellite network

Pen-y-gors
Silver badge

Re: Only a piffling $628,000?

They should be paying him $628,000 as a pen testing consultancy fee.

15
1

Just like knotted-up headphones: Entangled photons stay entwined over record distance

Pen-y-gors
Silver badge

Daytime?

"Next step is to get it working during the day"

I love it!

2
0

Facebook has a solution to all the toxic dross on its site – wait, it's not AI?

Pen-y-gors
Silver badge

Nice try...

Muting my cynicism filter for a moment, sounds like a nice try. But whether they are using badly-paid humans or AI, how quick and easy will the appeal process be? Particularly with AI checking images, I can see images being wrongly classified as trrrrst and an account being closed, and it then taking several weeks of complaints and 'the computer says no' before you, may, possibly get your pictures of your pet naked mole-rats restored.

How does this AI image matching work? Obviously it has to be a bit fuzzy, or all the nutter has to do is tweak the colours or do a bit of cropping to alter it. But how fuzzy? Does that photo of Brenda tapping the new Sir Thingumy Whatsit on the shoulder look too like a beheading shot?

5
0

Samsung releases 49-inch desktop monitor with 32:9 aspect ratio

Pen-y-gors
Silver badge

Re: weighs 45 pounds

Stuff the practicality...this thing will surely be a big babe magnet! 49" will really impress. Anyone with one of these on their desk must be really serious about their work as well - although what's the betting it's only the boss gets one, who uses it to play solitaire and surf dodgy websites.

9
1

Banks could be stung for €5bn under GDPR, screams latest report on industry readiness

Pen-y-gors
Silver badge

Re: Regulations != better security

I'll see your few million and lower you half a million.

2
0
Pen-y-gors
Silver badge

Trackers?

There was another story today about bank sites having a lot of third-party trackers, grabbing data. Wouldn't those count as a data breach, unless the user had given specific informed consent - which I somehow doubt! Even Adblock Plus doesn't stop them all without a bit of guidance.

4
0

BAE accused of flogging mass-spying toolkits to assh*le autocrats

Pen-y-gors
Silver badge

Re: "It works with keywords"

...I must stop replying to myself...

Actually kudos to BAE for persuading them to buy such an unbelievable crock of brown stuff. It may well have had some clever bits in it, but "typing in an opponents name" ain't one of them.

I wonder, did they also buy any of those clever hand-held bomb-detectors that some British guy was flogging a while bag. The ones that couldn't detect anything?

9
0
Pen-y-gors
Silver badge

"It works with keywords"

""[It] works with keywords. You put in an opponent's name and you will see all the sites, blogs, social networks related to that user.""

By 'eck, but that's a bloody clever bit of software! So I just type in "Ali bin Mohammed" and it not only knows which one I mean, but can link it to his El Reg user account where he calls himself "Princess Alice", and his Facebook a/c where he's "Mad Gordon III"

Kudos to the software engineers. I wish I had their brains.

9
0

BA passengers caught in crossfire of Heathrow baggage meltdown

Pen-y-gors
Silver badge

Re: manual backup

The days of baggage handlers chucking individual bags into the hold are, I believe, generally long gone. Isn't most stuff containerised these days? And people go to the aircraft down those funny stretchy tunnels - how do their bags get down to ground level? And when would they all be weighed so they know the correct overall weight?

1
0
Pen-y-gors
Silver badge

Re: Baggage load

Possibly a bit simplistic - I suspect they have a very complicated automatic system that can route many thousands of pieces of luggage onto approximately the right flight every day. If something in that system goes ffut then switching to a manual handwritten system would be no small job. It's a lot slower for a start. And then where do the horde of humans come from to read the handwritten labels and carry the bags to the aircraft?

1
0

Banking websites are 'littered with trackers' ogling your credit risk

Pen-y-gors
Silver badge

Re: I think we need to know...

Someone needs to check up on the EU data protection rules - if UK banks (or banks operating in the EU) are colluding in leaking personal info to third parties they could be in very deep and expensive doo-doo.

33
0

Labour says it will vote against DUP's proposed TV Licence reforms

Pen-y-gors
Silver badge

Re: N.I.

@wolfetone

"I don't think, however, that the Tories/DUP will be voted in to power (as parliament have to vote on whether to accept the governments programme via the Queen's speech)."

You misunderstand the situation - if Mayhem offers an attractive enough bribe to the DUP then a majority in Parliament WILL vote to accept the programme. That's what a 'confidence and supply' agreement is all about. She'll only lose if some of her own backbenchers rebel. <FX> flying pigs, hell freezing over etc </FX>

9
2
Pen-y-gors
Silver badge

Re: @Pen-y-gors

@David Nash

No problem - just register multiple accounts and you can give me a dozen up-votes. The Russian trolls do it on all the news sites.

11
0
Pen-y-gors
Silver badge

N.I.

The DUP are in government in the North (sort of) and they've already done a good job of turning the place to shit (£490 million?). It's only power-sharing that's kept them on the leash, and since the Tories are now the DUPs little friend Stormont won't be starting up again soon. Which leads to Direct Rule from London. By the Tories. Who will be told what to do by the DUP.

Have we got enough troops to spare for all this...?

35
5
Pen-y-gors
Silver badge

Amazon and Netflix?

The success of Netflix and Amazon streaming services shows that subscription-based media can and does work.

How true, every evening I'm glued to Amazon watching their local and national news. Their coverage of important Welsh events is unrivalled. And the hard science documentaries like Horizon on Netflix are hard to beat.

We need a written constitution and it needs to include something to guarantee public funding for the BBC. But having said that, WTF don't they sell iPlayer licences globally?

39
13

Uber culture colonic cleanses CEO Kalanick

Pen-y-gors
Silver badge

Women on the board = more talking

I know it's not what he meant, but it's possibly true...

Women on the board might actually talk about an issue rather than silently rubber-stamping whatever they're asked to. NB to Uber Board - that would be a good thing.

1
0

Fear the dentist? Strap on some nerd goggles

Pen-y-gors
Silver badge

The march of technology

I suppose it's a step up from the mobile hanging from the ceiling at my dentist many years back - and soothing pictures on the walls.

Neither were much help when he accidentally drilled into a nerve. His response "Don't worry, pain is good for the soul" was even less help.

5
0

Five Eyes nations stare menacingly at tech biz and its encryption

Pen-y-gors
Silver badge

Just the spies?

create a piece of software that could be sent to an individual's phone that would allow spies and russian and chinese criminals direct access to the device and so enable them to bypass encryption protection.

FTFY.

Would this be the famous NSA that has never ever ever leaked any of it's code, exploits and data to the wide world?

25
0
Pen-y-gors
Silver badge

Privacy of a Trrrst?

Turnbull told Parliament: "The privacy of a terrorist can never be more important than public safety – never."

I don't think anyone is suggesting that, although there may be a different view about the privacy of an alleged trrrrst. But even more importantly I think a lot of people would say that the privacy of everyone in a country and their freedoms under the law are more important than limited public safety. Millions died in wars to make that point.

49
0

Oh snap! Election's made Brexit uncertainty worse for biz, says BT CEO

Pen-y-gors
Silver badge

Latest El Reg Brexit opinion poll

Some weeks ago I posted the results of some very rough evidence of opinion on Brexit based on the response to various flagrantly pro-Remain postings on this esteemed organ (Fnar, fnar - he said 'organ')

At the time of the referendum up and down votes were split about 50-50

A few months ago up was leading down about 2-1

It's now more like 4 or 5 to 1

Does this reflect (as that 'nice' Mr Heseltine has recently suggested), that public opinion is now swinging strongly against the whole daft idea? Obviously commentards aren't particularly representative of the population at large (we're much too intelligent and have absolutely no social skills), but it's an interestingly trend.

9
1
Pen-y-gors
Silver badge

Re: Abs Bullshit: "ultimately get to a situation where the whole of the country is fibre.”

Aluminium?

When I was having some problems with ADSL2+ the engineer told me there was a bit of Aluminium between me and the exchange that was causing trouble with speeds over about 10Mb, but he'd put in a request to get it replaced, and I believe that went ahead. (He may well have been bull-shitting of course!) I suspect their willingness to replace things depends on whether it's 20m or 20km!

0
0
Pen-y-gors
Silver badge

Re: Stability, certainty?

buy=> by

I need a new set of fingers...

13
1
Pen-y-gors
Silver badge

Stability, certainty?

Not difficult:

1) ditch May and the Tories

2) ditch Article50

3) Try and repair the damage already caused.

4) preferably buy next Wednesday.

36
6

Hundreds stranded at Manchester Airport due to IT 'glitch'

Pen-y-gors
Silver badge

FFS!

"Switch it off and on again" is a complicated procedure and should only be carried out by people who really

understand what they're doing. Do NOT switch off power to the building to change a lightbulb.

1
0

Two leading ladies of Europe warn that internet regulation is coming

Pen-y-gors
Silver badge

But Angela has a working brain...

...and a Physics PhD, so probably won't be insisting that the maths of encryption is un-discovered.

Interestingly, article in the Grauniad notes that Tory MPs are spending a lot of time on Whatsap. Isn't that the encrypted messaging system that trrrrsts use?

36
0

We're not saying we're living in a simulation but someone's simulated the universe in a computer

Pen-y-gors
Silver badge

And the day after they finish running that lengthy simulation...

Oh shit....is that meant to be a != on line 22716, not an == ?

9
0

Watch out Facebook, Google – the EU wants easy access to your data

Pen-y-gors
Silver badge

And how does this help?

How does giving the fuzz direct access to encrypted data in 'the cloud' help them, assuming the encryption keys are only available to the client?

4
1

Cabinet Office minister Gummer loses seat as Tory gamble backfires

Pen-y-gors
Silver badge

Re: Well look on the bright side

Well, the really bright side is that governments with wafer thin majorities tend to have a high attrition rate.

Hopefully the opposition will refuse any 'pairing' arrangements, which means that every Tory and DUP MP will have to turn up for every vote, just in case all the opposition decide to.

Stress-levels for Tories start to go through the roof.

And on important votes they'll be wheeling MPs in on trollies from Intensive Care so they can vote (it's happened before).

Popcorn time...

32
0
Pen-y-gors
Silver badge

Don't frighten me...

I read the headline and for a moment I thought that wee John Gummer, he of the mad-cow burgers, was back in the Commons.

Please don't do that...

16
0

DUP site crashes after UK general election

Pen-y-gors
Silver badge

Re: Conservatives + DUP = IRA?

There's some serious cognitive dissonance going on in the DUP (so, what's new)?

They want a hard Brexit.

They don't want a hard border to the south

They don't want a 'border' with Great Britain.

So, how will they stop those horrible Polish plumbers and Lithuanian chefs flying into Dublin, hoping on a train to Belfast (no passport checks) and then onto the boat to Liverpool (no passport checks). Ain't gonna work...

14
0

Forums

Biting the hand that feeds IT © 1998–2017