* Posts by Robert Helpmann??

2583 publicly visible posts • joined 31 May 2011

Ex-NSA techie pleads guilty to selling state secrets to Russia

Robert Helpmann??
Childcatcher

Re: Dalke printed the documents he sent to the OCE while employed at the NSA.

Let me see if I understand correctly, they've got a machine at the NSA that prints-out “secret” documents :o

Yes, because sometimes it is necessary to print material that resides on a classified network. As with any other equipment on said networks, those printers are not allowed on unclassified networks.

US State Dept has no idea if its IT security actually works, say auditors

Robert Helpmann??

Been there, done that

I've worked in security for State, Defense and HS. DoD consistently has been the best in my experience. That should not be a surprise. State was too chaotic for my taste. I certainly hope they get it together quickly, but I won't be asking to help with that.

Decision to hold women-in-cyber events in abortion-banning states sparks outcry

Robert Helpmann??
Childcatcher

Re: Women in Jobs?

So the Quakers didn't leave because of the real threat of imprisonment with a possible bit of torture and death thrown in?

IT security analyst admits hijacking cyber attack to pocket ransom payments

Robert Helpmann??
Childcatcher

Re: The New International English Dictionary by ChatGPT

I'm actually surprised the OED doesn't have an entry for murderize given its (perhaps ironic) use in the wild. Still, it has a variety of murderish vocabulary, including my new favorites "murderdom" and "murderment".

AmigaOS 3.2.2 released for those feeling nostalgic

Robert Helpmann??
Childcatcher

Glad It's Still Going

I supported Amigas on two of my first tech jobs. The first was an art school where they were used to teach animation. At the second, one was used for video sequencing. I had to replace its hard drive which was an adventure. I still have a couple of manuals I keep as momentos.

Using them felt very much before their time. Too bad they're being kept around now mostly for nostalgia's sake.

Dridex malware pops back up and turns its attention to macOS

Robert Helpmann??
Childcatcher

Re: So, again ..

.. avoiding Microsoft altogether appears to be a good idea.

While I agree with you in principle, your reasoning doesn't hold up. As long as MS Office holds by far the largest share of the market, malware will target it. If an alternative grows in proportion in terms of users, especially if they are high value targets, the bad guys will expend resources to go after that, too.

US adds 36 Chinese entities to naughty list, drops 25 after checking it twice

Robert Helpmann??
Childcatcher

Re: I'm guessing ...

I'm wondering at what point China is going to ... start implementing their own measures in the name of national security etc to the same extent as the West is doing.

You say that as if that wasn't what they and other countries have already done. Likewise, you imply that economic and military security are completely different and separate things when they clearly are intertwined. From the West's point of view, not just that of the the US, engagement has failed. Welcome to the New Cold War. It's better than a New Clear War, but it's still not a pleasant place to be.

Twitter engineer calls out Elon Musk for technical BS in unusual career move

Robert Helpmann??
Childcatcher

Re: The Hospital versions..

When they mentioned "crazing", they might have thought they made up the word. While clearly a, shall we say, novel definition, crazing is a real pottery term. I was hoping they had related that in some way, but alas no.

Federal bans aren't stopping US states from buying forbidden Chinese kit

Robert Helpmann??
Childcatcher

Re: Getting a bit old

Made in China is a turn off for me. Hard to avoid of course.

Made more difficult if buying online where the source of products is often not mentioned. I want to make an informed decision when spending my cash. If I choose to shop locally rather than abroad, I ought to be able to actually do so.

California to phase out gas furnaces, water heaters by 2030

Robert Helpmann??
Coat

Re: Are they mandating the replacement tech?

A wood stove? Whichever you use, make sure to eat the edible bits before burning the rest.

Mine has a slightly foxed copy of Euell Gibbons' Handbook of Edible Wild Plants in the pocket.

Ukraine fears 'massive' Russian cyberattacks on power, infrastructure

Robert Helpmann??
Childcatcher

Re: WTF .... SNAFUFUDBAR

Give peace a chance if you dare care share win win.:-)

Sounds more like you have been listening to too much Roger Waters. Peace was given a chance and someone took advantage, pulled it into a dark alley and is in the process of mugging it.

China's infosec researchers obeyed Beijing and stopped reporting vulns ... or did they?

Robert Helpmann??
Childcatcher

The Council's team therefore set out to determine whether China's requirements to stem sharing of vulnerability reports is harming the global community.

It seems that would be a given and they should be looking to simply quantify the degree to which it does.

PC component scavenging queue jumper pulled into line with a screensaver

Robert Helpmann??
Childcatcher

We use smart cards for sign-in where I work. Forgetting to pull the card and walking away risks being sent on a treasure hunt through the entire office only to find it taped to the ceiling above your desk. A small bit of harassment can do wonders for the budding IT worker's soul.

Chinese-linked cyber crims nab $529 million from Indian nationals

Robert Helpmann??
Childcatcher

Re: There’s a twist

I can't decide if it is a case of greater and lesser fleas or turtles all the way down. Either way, I am glad at least some of the conspirators got collared.

Chinese researchers make car glide 35mm above ground in maglev test

Robert Helpmann??
FAIL

Fail open? More like open fall!

The Red Rail sees the train hover 30 feet above the ground with the track positioned above the vehicle.

I would hope that there are safety systems in place to prevent the cars from falling in the event of some sort of issue with the power or similar, but it seems that positioning the rail above the cars in a maglev system starts things off on the wrong foot. At best, it sounds needlessly complicated...

I did a couple of quick searches and found out this is being implemented in the north of China. They can have pretty strong earthquakes there. In the event of a collapse of this sort of system, the rail and accompanying support structure will land on the passengers, not the other way around. Not an ideal outcome.

BOFH and the case of the disappearing teaspoons

Robert Helpmann??

I'm glad I wasn't drinking anything when I read that!

Twitter launches probe after miscreants claim to have swiped 5.4m users' details

Robert Helpmann??
Childcatcher

Re: As always

"As always, we're committed to protecting the privacy and security of the people who use Twitter"

if people were actually committed, there would not be an issue with privacy or security

If people were committed, they would be denied access to sharp objects, stay sedated most of the time and have occasional interactions with hospital staff.

UK lays world's longest autonomous drone superhighway

Robert Helpmann??
Childcatcher

And when the medically unattended passenger is DoA it'll be a bit of a problem determining place of death.

I should think vitals would be monitored and logged as would location as the "delivery" progressed. This should be as simple as corelating two logs. I can only hope the human delivery compartments will look like giant pizza boxes and the tracking app will be licensed from Dominos.

Microsoft sunsets Windows built-in data leak prevention

Robert Helpmann??
Childcatcher

XaaS

Microsoft generally insists that users get more value from SaaS because it can be updated more frequently, doesn't need on-prem maintenance or hands-on admin, and … and well … cloud is just really good, okay?

This is like the argument that if you spend a lot more on things that you don't need or want but are marked down from their original overpriced amounts you are in some way saving money. In this particular case, it's also about the difference between purchasing something and renting it and it's pretty clear who comes out ahead in that scenario.

We've got a photocopier and it can copy anything

Robert Helpmann??
Childcatcher

Re: Don't know if it's just that my coffee hasn't kicked in yet...

"Hey, Cletus! Hold ma beer and watch this!"

"Hold my beer!" is the redneck equivalent for "Once upon a time" except it only applies to tragedies. For dramas, instead use "No shit, there I was." For romance, something like "I was at my cousins' wedding..." works well.

Five accused of trying to silence China critics in US

Robert Helpmann??
Childcatcher

Re: Double standards

The issue is more contentious than you suggest. A first amendment argument could be made by those whose reviews were deleted because critical of the xi book, less so by Amazon.

This wouldn't get very far as a free speech issue as Amazon's marketplace should not really be considered a public forum for a few reasons, not the least of which is that it is not the government implementing the restriction. Someone still might use it as a way to make a public point in other media, but a suit based on that alone would most likely be dismissed on the merits. Even given the possibilities brought up in the cited article, I doubt there would be much appetite among the Supremes to allow anything of that nature to stand longer than it takes to say "amicus brief".

Don't ditch PowerShell to improve security, say infosec agencies from UK, US, and NZ

Robert Helpmann??
Childcatcher

Re: Good

...this was clearly just an extended joke.

So a bit like PowerShell's original codename, Monad? To me, PS is emblematic of so much that is Microsoft: allow customers plenty of time to learn to use a given product and then switch it out for something that does the exact same thing differently while promising improved performance and functionality but in reality just costs a lot of wasted productivity while users have to relearn how to do the exact same things they could do perfectly well before... Which MS product does this sound like? My expectation is that PS is about due for a replacement because it has a large enough user base to make it worth targeting.

$6b mega contract electronics vendor Sanmina jumps into zero trust

Robert Helpmann??
Childcatcher

A good tool, but a bit oversold

I can see how this would be useful for most users in a given organization and definitely get that this might reduce bandwidth demands leading to a number of benefits. I especially like that they are working to address IoT issues, though they are vague on how they are attempting to address them. I am also curious how someone on the O&M side would benefit from this. I have worked in environments which require jump boxes to work on sensitive systems and they always, rather than making things better, instead lead to a different set of issues to solve. That's what this solution sounds like it would need. Perhaps VPN for some and this for most?

NSO claims 'more than 5' EU states use Pegasus spyware

Robert Helpmann??
Joke

Re: I don't understand

why anyone would buy this Pegasus stuff, when they can get the "leaked" N.S.A. stuff for free on the net"

So they can call the support line when they have deployment issues.

Telegram criticizes Apple for 'intentionally crippling' web app features on iOS

Robert Helpmann??
Childcatcher

Re: That's Apple for ya

They quite simply have fallen behind on developing their browser

You say "basic slothfulness" and I say "believable spuriousness" but it's all just BS.

Atlassian: Unpatched years-old flaw under attack right now to hijack Confluence

Robert Helpmann??
Childcatcher

Re: What ?

To avoid any number silliness, I just use the date as version number in YYYYMMDD format.

And I am sure there will be someone out there saying the same thing except formatting it MMDDYYYY.

Australian digital driving licenses can be defaced in minutes

Robert Helpmann??

Same with the "more secure" claim. An altered or counterfeit physical DL would show up as such the moment the police ran the card, so how does that back up the claim of more secure? If it was more secure, it would be harder to fake or change. This is actually easier as more people have access to the equipment needed to change it and learning how is presumably a couple clicks of the mouse away.

US won’t prosecute ‘good faith’ security researchers under CFAA

Robert Helpmann??
Childcatcher

Re: "That's breaking and entering"

Um, no ... it's not; it's simply "illegal entry".

I looked this one up because IANAL and wanted to check... Short answer is that if you have to open the door, you are applying force and this constitutes "breaking", at least in some jurisdictions. Obviously, practical definitions vary by jurisdiction within the US. I am not even going to try to address other countries' legal intricacies.

REF:

https://www.law.cornell.edu/wex/breaking_and_entering

It's time to kick China off social media, says tech governance expert

Robert Helpmann??
Childcatcher

Re: makes us no better than them

There are other ways to defend yourself. It's fine to allow Chinese or any other voices on Western social media as long as we know who is doing the talking. This is not to say there is no argument to be made for anonymous sites, but it seems a bit odd to me that what we call "social" media involves a lot of socialization with folks we don't know and have no way of finding out who they are.

#notapartymember

Researchers find 134 flaws in the way Word, PDFs, handle scripts

Robert Helpmann??
Childcatcher

...running a script within Acrobat is no more stupid than running one outside of it.

Depends on the level of security you want to have. Applications like Acrobat are well known for having this capability and are attacked for that very reason. People get sent booby trapped documents all the time in hope they will open them. Not allowing Acrobat, MS Office and similar to run scripts by default cuts down on this sort of behavior being successful. You can still run scripts which can be vetted or blocked independently, but in general this is a good thing to turn off.

Iran-linked Cobalt Mirage extracts money, info from US orgs – report

Robert Helpmann??
Paris Hilton

Re: Secureworks' Counter Threat Unit (CTU)

Maybe they're better at not getting caught. Using ransomware isn't exactly the best way to fly under the radar, after all.

Email domain for NPM lib with 6m downloads a week grabbed by expert to make a point

Robert Helpmann??
Joke

Part of the problem is that JavaScript developers often use JavaScript...

FTFY

REvil resurrected? Ransomware crew appears to be back. Keyword: Appears

Robert Helpmann??
Trollface

Re: Russian government ties to criminals? Can't say it would surprise me.

If they weren't already working for the Russian government before, it's likely they are now.

It's no longer crime if it's government sanctioned, after all.

Now Mandiant says 2021 was a record year for exploited zero-day security bugs

Robert Helpmann??
Childcatcher

Re: "Zero day"

And I expect that the bad folks have rather more (and possibly better organised) resources for finding the vulnerabilities, as there's potential for serious monetary returns for them.

It is important to keep in mind there are other motivations than money when it comes to hackers. These inform what the targets are and what methods are used.

Crooks steal NFTs worth '$3m' in Bored Ape Yacht Club heist

Robert Helpmann??
Childcatcher

All the cool kids are doing it

When I read miscreants stole four Bored Apes, six Mutant Apes, and three Bored Ape Kennel Club NFTs, plus "assorted other NFTs estimated at a total value of ~$3m", all I could think of was this is like a CCG for adults who thought those were a good deal growing up. Before that, baseball cards and before that, tulips with maybe a few other bits of foolishness in between.

Atlassian comes clean on what data-deleting script behind outage actually did

Robert Helpmann??
Happy

Re: Cut once

You still write cheques? How very last century! :-)

Yes. On a cow's back.

Singapore to license pentesters and managed infosec operators

Robert Helpmann??
Childcatcher

Doing the Necessary

In the US, the requirement for contractors is usually one of having a particular set of certs, so on a practical level, it is much the same. The biggest difference would seem to be who you give your hard-earned to.

Japanese startup makes baby carrier-style sling for 'Love Robots'

Robert Helpmann??
Unhappy

Re: I thought my brain would explode...

"LOVOTs are only sold in Japan – either on subscription or outright from ¥283,000 ($2,300) for a pre-loved unit."

Ew! Just ew! No amount of bleach is going to fix this!

The time you solved that months-long problem in 3 seconds

Robert Helpmann??
Childcatcher

Printer Down

I worked for an arts college as one of my first IT admin jobs. I got a call from the dean of the 2D school telling me he had a problem with his printer and that it hadn't fallen from the top of his filing cabinet (his words). I arrived, took a look at the HP IIP with the front crushed in lying on the floor and agreed that it had indeed not fallen, as he had claimed, and got him a replacement ordered the same day. I was able to use the rear portion of the original printer and the front of another piece of moribund equipment to create a Frankenprinter. The freshly ordered printer enjoyed a more secure perch on a work table in the dean's office. All was well.

China declares a new era of digitization has begun

Robert Helpmann??
Devil

There's also the matter of the "one card" being literally that: a single card. I equate that with a single point of failure. What happens when some government jobsworth pushes a patch out to a bunch of authentication servers this thing makes use of which causes the lot to go down? Or someone decides it's a good way to protest a horrible and oppressive regime? Hilarity will ensue.

Unable to write 'Amusing Weekly Column'. Abort, Retry, Fail?

Robert Helpmann??
Windows

Stay just the way you are!

OK, so it's not as funny but we all have to grow up at some point. That's what my kids tell me, anyway.

You have to become older but you do not have to become mature, no matter what your kids might say.

SAP community website leaks member data to savvy users

Robert Helpmann??
Pirate

"XXX takes security very seriously and we are vigilant about addressing security concerns."

Any time I see an official statement that tells the world a company takes security very seriously, I am sure they did not, it caused them to have some sort of exposure and they are most assuredly not going to learn from the experience. How does making your customer base and their contact info tie in to good security practice? It's not like a bad actor could harvest that information and use it for spear phishing or gain access to their accounts through already-exposed passwords from other sites because password re-use is a thing. Just a couple of issues typically explained in any corporate security orientation.

Another data-leaking Spectre bug found, smashes Intel, Arm defenses

Robert Helpmann??
Facepalm

Re: Actually...

...when a statement implying a discussion - "which engineers ended up prioritizing performance over security:" that discussion never happened.

Never happened because it never crossed their minds that it might be important? Color me shocked!

Russia labels Meta an 'extremist' organization, bans Instagram

Robert Helpmann??
Childcatcher

Re: Classic Putin

What is the alternative to diplomacy?

Aggressive negotiations?

Taiwan rounds up 60 Chinese tech workers on suspicion of poaching tech and people

Robert Helpmann??
Childcatcher

Re: Down with foreigners!

as much as I understand the anger towards "poaching" employees, wouldn't it just be "supply and demand" at work?

If I understand the issue correctly, the issue is more that these employees have knowledge of trade secrets that China wants to acquire and that these employees are not legally allowed to share. Just a SWAG.

Moscow to issue HTTPS certs to Russian websites

Robert Helpmann??
Childcatcher

Re: actually

I was just reading an article on IPv6 myths. Pretty funny, really, in that the author started out trying to debunk a few things concerning the format and ended up mostly proving them.

https://rednectar.net/2012/05/24/just-how-many-ipv6-addresses-are-there-really/

Europe's largest nuclear plant on fire after Russian attack

Robert Helpmann??
Childcatcher

Re: Evil mastermind or incompetence at work?

Don't attribute to malice what incompetence adequately explains, except perhaps when both are in play.

BBC points Russians to the Tor version of itself

Robert Helpmann??
Holmes

Old News

"Access has been restricted to a host of information resources owned by foreigners."

So moving from de facto to de jure? Expected this a while back and am surprised it has taken this long for Russia to move on this.

ARPANET pioneer Jack Haverty says the internet was never finished

Robert Helpmann??
Childcatcher

Re: It shouldn’t be completed

...people don’t understand how it happens they just care it does.

This phrase can accurately be applied to almost every user of technology throughout time. I say "almost" because some of those who create and support a given tech also use it and they might understand it as well. The rest have no clue nor care.

Microsoft offers defense against 'ice phishing' crypto scammers

Robert Helpmann??
Joke

Re: I have a sure fire way to avoid these Web3 Scammers...

Ice phishing? But what about my NFT collection? If someone starts targeting NFTs, what will we call it? Mushroom picking, because they have "fungi" in their name and they're a single step away from poop?