* Posts by Bog witch

22 posts • joined 8 Feb 2011

Here's 2018 in a nutshell for you... Russian super robot turns out to be man in robot suit

Bog witch

Overlords

I for one..... Ah, forget it.

The future looks bright: Prepare to be dazzled by HDR telly tech

Bog witch

Piss-poor marketing?

Oh, the irony of using low resolution text on an infographic for HDR TVs.

This 125mph train is fitted with LASERS. Sadly no sharks, though

Bog witch

Mega sensitive!

I'm massively impressed that the sensors can detect load as the rain rolls over the track, particularly as the train is rolling over the track at the same time! That's some high resolution sensors right there!

Fandroids at pranksters' mercy: Android remote password reset now live

Bog witch

This has been available for Corporate Google Apps customers for a while now, good to see it's been pushed out to the free version.

NSA spooks tooled up with zero-day PC security exploits from the FRENCH

Bog witch

Birds of a feather

Two equally likeable organisations working together - who'd have thunk it?

UK.gov intros shiny CREST badge for cyber crime-scene cleanup squad

Bog witch

@mort

I don't expect anyone to advertise they have taken up the CREST response service. No-one wants to advertise "We got hacked but we used government approved people to investigate it"

To address your point about take-up of the service. It will work something like this:

1. All companies who process Government material MUST report any breaches to HMG.

2. To ensure confidentiality, those companies must use a CREST approved supplier to perform the investigation / cleanup.

3. CREST suppliers must pay CESG to have their personnel certified and renewed (As they currently do with CLAS and CHECK)

So, in short, I do not expect the scheme to flounder, I expect it to thrive. The additional costs that the company receiving the CREST service will no doubt incur will be passed on to the Government department for which they are subcontracted which, in turn, will come out of our tax pounds. It's just another way to feed our tax money into the OBN.

Bog witch

More pedantry

For the record, CESG is not the "Communications Electronics Security Group" and has not been since 2002. It is the "The National Technical Authority for Information Assurance."

http://www.cesg.gov.uk/AboutUs/Pages/history-CESG.aspx

NSA gets burned by a sysadmin, decides to burn 90% of its sysadmins

Bog witch
FAIL

Security is not just confidentiality, people!

OK, subject says it all. I doubt these systems administrators are there to ensure confidentiality, they're there for the purposes of availability. Until the systems are reliable enough, scalable enough, etc. they will not be parsing 900 sysadmins.

@localzuk The accepted rate has always been 1 admin per 25 employees. Obviously there are some economies of scale to be achieved here but given the amount of data they're slurping, I would imaging a significant proportion of those admins are purely employed in adding storage and processing nodes.

One final point - the confidentiality that the NSA is referring t - that of the data it is collecting - is *NOT* the data leaked by Snowden, AFAIAA, he has only leaked methods and operational information, not subject information.

Security boffins say music could trigger mobile malware

Bog witch
Black Helicopters

Music controlling electronic devices?

May I predict some 'experimental' musician introducing the words "OK Glass, take a picture" into the lyrics of their tracks? Or "OK Glass, signup for [bandname] newsletter" Perhaps "OK Glass, Install [malware/adware/spyware app]"

Or my favourite: "OK Glass, send all my information to [insert goverment agency] then delete my account"

Fedora cooks up new Linux for Raspberry Pi

Bog witch
Paris Hilton

joe vs. vi

Am I alone in preferring joe over vi? I know, the wordstar-like commands clearly demonstrate my age but I find it SO much easier than vi. It's also laziness, not wanting to learn a new set off key sequences!

Also, a tip of the hat to Slackware since they're mentioned above. Slackware user since 1993.

Paris as we're talking about something easy to use.

Google Apps win ISO 27001 certification

Bog witch
Facepalm

Repeat 100 times:

Certification is not security.

Certification is not security.

...

Facebook: 'We don't track logged-out users'

Bog witch
Facepalm

Lies

Given that it is an obvious lie that '...we have no interest in tracking people' I think it is pretty safe to assume any other utterings from this mouthpiece are also a lie.

It is probably safe to assume that FB, G and many, many others would want to track you and FB and G are the ones that have the best capability to do so.

Malware burrows deep into computer BIOS to escape AV

Bog witch
IT Angle

Factually incorrect

According to the article, the code is loaded onto a ROM -READ ONLY memory. It is, in fact, an EEPROM, Electrically Eraseable Programmable Read Only Memory. If it was actually READ ONLY, how would the code write to it?

Since it's primarity attacking computers in China, will the three-letter agencies claim it is the Chinese Government attempting to monitor it's people or will China claim it is an attack by the US and it's allies?

Three in ten Americans urge feds to read their email

Bog witch
WTF?

America

The land of the free?

Crypto shocker: 'Perfect cipher' dates back to telegraphs

Bog witch
Trollface

Article text

<mode="pedantic">

I think the article text should read 'provably unbreakable' rather than 'theoretically unbreakable'

</mode>

NHS bitchslapped by ICO on data security

Bog witch
FAIL

The NHS have a long way to go

Until the NHS get the physical side sorted out, they're never going to get the electronic side sorted out. In the grand scheme of things, a few errant faxes, delivered to other NHS bodies (in the main) are nothing compared to the risks posed by the general public. And heaven forbid they should actually be targetted - it would be far easier than taking candy from a baby.

http://insideinfosec.blogspot.com

Travelodge hacked, investigating

Bog witch

Gmail

Interestingly, I have not received any spam apart from the usual stuff from Travelodge, the last being on June 16th.

I guess GMail is doing a good job of blocking it.

Thankfully, I do not use the same password on any sites so that won't be an issue and any credit card associated with Travelodge will have long since expired. I used Travelodge once - never again. It was a hole.

Met Police confirms ICT outage but plays down attack fears

Bog witch
Trollface

Erm...

I know LulzSec were claiming responsibility for taking down SOCA - could this be related?

Trollface for the obvious reasons.

Sony hack reveals password security is even worse than feared

Bog witch
Holmes

Password complexity vs password length

Actually, password length is more important than password complexity.

given two, completely random passwords, one containing only lower case characters and the other containing characters from all the typeable characters, a 10-character lowercase password would be harder to crack than a 7-character complex password. The lowercase password would be considerably easier to remember, too. If you want to take it to extremes, a 14 digit number would be harder to crack than the 7-character complex password.

You try explaining that to a PCI or SOX auditor though!

Chinese army: We really need to get into cyber warfare

Bog witch
Holmes

Sleeper keyboards

It is clear that the majority of computer equipment is made in China.

In excess of 70% of retired computer equipment is shipped to China for recycling.

The cost of embedded hardware key logging is trivial.

With these three facts combined, it is not beyond the realms of possibility for the PRC to subvert the manufacturing process to ensure ALL keyboards (or keyboard controller ICs on motherboards) to be manufactured with logging capabilities. It is only a matter of time before the vast majority of keyboards are returned to the PRC for log dumps, providing highly concentrated information, straight text, passwords, etc, for analysis.

Elementary! Although a tin hat icon MIGHT be more appropriate.

NHS Barnet reveals 187 breaches of personal data

Bog witch

It's far, far worse out there...

I blogged about the state of NHS infosec a few months ago. Seems the stats back up my observations.

http://insideinfosec.blogspot.com/2011/02/tragic-state-of-nhs-information.html

Two councils hit with big fines for laptop blunder

Bog witch
Paris Hilton

Fine?

Who benefits from the fine? Who gets the money?

Biting the hand that feeds IT © 1998–2019