* Posts by charlie-charlie-tango-alpha

82 posts • joined 28 Jun 2011

Page:

Punctual as ever, Equifax starts snail-mailing affected Brits about mega-breach

charlie-charlie-tango-alpha
FAIL

Don't bother 'phoning

I got one of these missives, as did my wife. I've tried calling the "helpline" (largely to vent my spleen rather than in the hope of any real action) only to be met with the usual robotic: "Thank you for calling Equifax, please choose from one of the following three options". Option 1 is the one you need if you are calling about their "data breach service" (nice name, sounds like a new product). Pressing that number reults in the repetition of the same message. As does pressing any other bloody number.

So they can't even get a fucking answer system robot to function correctly.

1
0

Open source sets sights on killing WhatsApp and Slack

charlie-charlie-tango-alpha
Thumb Up

Re: Not too sure about this...

+1 and I agree entirely

As I read the artcle I thought, oh hell, why pick Dovecot? The configuration files are a nightmare. XMPP makes perfect sense as a messaging protocol, just don't, please don't tack it onto Dovecot.

0
0

Patch your WordPress plugins: Scum are right now hijacking blogs

charlie-charlie-tango-alpha

Re: Oh Joy?

It's worse than that. Try example.com/wp-json/ or wp-json/wp/v2 etc.

This is best blocked by installing the "disable REST API" plugin. See:

https://wordpress.org/plugins/disable-json-api/

0
0

Red panic: Best Buy yanks Kaspersky antivirus from shelves

charlie-charlie-tango-alpha

Re: @Amos1

That reminds me of the (possibly apocryphal) story that during the early days of the "space race" the Americans spent millions trying to perfect a ballpoint pen which would work in zero gravity.

The Russians used pencils.

13
5

If you love your email standards, SMTP your feet: 35 years later

charlie-charlie-tango-alpha

Re: RFC 2549 et al

My favourite April RFC is Steve Bellovin's "The Security Flag in the IPv4 Header" (RFC 3514) from 2003.

5
0

Police anti-ransomware warning is hotlinked to 'ransomware.pdf'

charlie-charlie-tango-alpha

This stupid sidebar is stil there

See

http://baldric.net/2016/10/24/do-not-click-here/

Sometimes I wonder.

Then sometimes I just weep.

You can't make it up.

1
0

Apache OpenOffice: Not dead yet, you'll just have to wait until mid-May for mystery security fixes

charlie-charlie-tango-alpha
WTF?

Re: Use Googles office suite online equivalent to Office

"Free, usable on windows and linux. What't not to like?"

Oh jeeeeez.

Fine, if you are happy for Google to own one more bit of your data. A BIG bit of your data, to go with all your email and all your search data.

I despair. Why do people care so little for their privacy?

3
2

Cisco's WebEx Chrome plugin will execute evil code, install malware via secret 'magic URL'

charlie-charlie-tango-alpha

Re: An Adobe Wannbe?

"If that's what they do with things like a browser plug in, what's their router source code like?!"

You don't want to know. You really don't want to know.

0
0

Sneaky chat app Signal deploys decoy domains to deny despots

charlie-charlie-tango-alpha
Black Helicopters

Re: Buyer beware

"PS: If you want proper secure IM from a known and honest developer, take a look at Conversations.im (no, I have no connection to the developer and his software does not rock my boat so I don't use it myself)."

Or do what I do and set up your own XMPP server (there are plenty of options available) on a VM somewhere you trust with a provider you trust, and then use the conversations app to communicate with that server. In my case I use my own X500 certicate on the XMPP sever for TLS protected comms and OTR for end to end encryption between parties.

It works. It's cheap. I manage it. I trust it.

2
0

Investigatory Powers Act signed into UK law by Queen

charlie-charlie-tango-alpha

Re: Could someone recommend a VPN?

openvpn.

Set up your own on a rented VPS somewhere outside the UK/US (and not owned by a UK/US company).

It should cost you between £3.25 and £5.00 pcm

Make sure you don't keep logs.

Better yet, use Tor.

3
0

Blighty's National Cyber Security Centre cyber-reveals cyber-blueprints

charlie-charlie-tango-alpha

Plus ca change....

GCHQ always hated the fact that NISCC reported to the DG of the Security Service. So, NCSC re-invents NISCC but reporting to GCHQ. I see nothing here that NISCC wasn't already doing, and more openly, years ago.

Whoop de do.

0
0

For fsck's SAKKE: GCHQ-built phone voice encryption has massive backdoor – researcher

charlie-charlie-tango-alpha
Black Helicopters

of course it will work

Anyone remember PGP for HMG? Now that went down well.

0
0

Half of UK financial institutions vulnerable to well-known crypto flaws

charlie-charlie-tango-alpha

"Not having a CISSP badge doesn't mean not qualified."

On the contrary, it can mean the actor actually takes security seriously rather than being impressed by post nominal "qualifications"

Cough "MBCS" Cough "CITP"

0
0

Painfully insecure GDS spaffs £21,000 on online narcissism tool

charlie-charlie-tango-alpha

Re: Can anyone answer this?

"Suggest you either tweet the questions or send the letters via your MP."

I'd go for the letter to your MP as the most effective route if you want a Minister to actually see your complaint - whether that Minister actually does anything as a result is of course a moot point.

Letters from the public to HMG Ministers are treated in one of two ways. If the letter is direct to the Minister (or his office or an official in the Department) then the Minister never actually gets to see it. It is handled only by officials (this is known as "treat official"). If, however, the same letter is sent to an MP and is then forwarded by that MP to a responsible Minister for reply, then the Minister will get it in his red box along with a draft reply (from the same official who would have replied directly as before). The Minister then signs the reply to the MP and encloses the constituent's original letter with the reply. Said constituent then gets back the official line trotted out by the Department with a nice letter from both his or her MP as well.

In my experience however, this is a largely futile exerccise unless you happen to like collecting letters from Ministers and MPs.

1
0

Yet another Android app security bug: This time 'everything is affected'

charlie-charlie-tango-alpha

Re: In God's name

+1 to that

But regardless of whether or not there is any remotely exploitable vulnerability, trusting a bloody phone for sensitve transactions is just loopy. The damned things get lost and stolen.

http://www.ibiblio.org/Dave/Dr-Fun/df9604/df960410.jpg

9
0

Facebook flings PGP-encrypted email at world+dog. Don't lose your private key

charlie-charlie-tango-alpha

"a lot better than ROT13"

Personally I prefer ROT26 - 'cos, you know, double encryption has got to be better.

3
0

UK.gov crackpots: Let's build vapourware-based sharing economy CITIES

charlie-charlie-tango-alpha

Re: Subversive

+1 and have an upvote.

When I read that I thought "Fuck me, a thinking Tory. Whatever next."

2
0

Paranoid Android Kaymera smartmobe takes on Blackphone

charlie-charlie-tango-alpha
Black Helicopters

Re: brilliant solutions for gangstas, bankstas, terrorists and others in search of ultimate privacy

+1 to that. Anyone who trusts any Israeli "security" company deserves all they get.

Black helicopter - for obvious reasons.

2
0

Google, Amazon 'n' pals fork out for AdBlock Plus 'unblock' – report

charlie-charlie-tango-alpha

Re: You can add your own filters....

Yes. Dan Pollock has a very good site at http://someonewhocares.org/hosts/. I uses his hosts file, appended to my own local hosts file on my home DNS server (which runs DNSmasq). DNSMasq reads the local hosts file before consulting a downstream DNS server. Dan's host file listing points all unwanted domains at local loopback.

Take that you malicious ad-serving bastards.

6
0

Switch it off and on again: How peers failed to sneak Snoopers' Charter into terror bill

charlie-charlie-tango-alpha

Re: Here's your problem Lord B

"Better yet, send them an email (using AES-256 encryption) that explains how it all works."

Ummm. In order to send an MP an encrypted email you would need that MP's public key (assuming a PKI type system). My MP barely copes with email in clear. He certainly doesn't have a GPG key. And even if he did, GCHQ would never allow encrypted email in through the Parliamentary email gateway.

1
0

UK.gov SLASHES ICT frameworks by more than HALF

charlie-charlie-tango-alpha

Re: CCS is very badly resourced.....

and back in the day, CCTA, one of CCS's predecessor organisations, had precisely 1.

I weep.

2
0

What a pity: Rollout of hated UK smart meters delayed again

charlie-charlie-tango-alpha
WTF?

Re: Pointless and dangerous fads

One of the /really/ cool things about these devices is that they can be used (remotely) to switch off supply. Guess how they need to be reset? Yes, that's rght - manually.

Now imagine finding the resource to reset 20 million domestic units which have been remotely terminated in an attack.

WTF we are still even contemplating this madness is beyond me. Especially with Crapita in the driving seat.

51
1

London cops cuff 20-year-old man for unblocking blocked websites

charlie-charlie-tango-alpha
Holmes

Re: Short term memory loss

"Using either WILL get you under the baleful eye of various spooks"

Using ANY form of encryption will draw attention.

The question is, do you care?

(And I agree with a later poster, the FACT poodles - COLP have massively over reached here. I sincerely hope they try to take it to court).

0
0

Lawyer reviewing terror laws and special powers: Definition of 'terrorism' is too broad

charlie-charlie-tango-alpha
Black Helicopters

Re: I have argued for many years

6... any of the old chemistry books I possess (from the days when they included details of explosives, or "hazards in the chemical laboratory").

7. Copies of strong anonymising software such as tails or whonix.

8. Copies of privacy enhancing software such as GPG.

9. Provision or maintenance of privacy enhancing tools such as Tor....

10......

7
2

Use Tor or 'extremist' Tails Linux? Congrats, you're on an NSA list

charlie-charlie-tango-alpha
Black Helicopters

Re: And if I actually USE Linux..........

"One of the problems with Linux is it's probably a hell of a lot harder to insert spyware, if you're any sort of a halfway decent admin."

Ummm - no actually it isn't. Where did you get your distro? How do you update it? Which repos do you use? Are you /certain/ that last update was completely free of any /deliberate/ trojan? Are you /certain/ that last update didn't contain any remotely exploitable vulnerability?

"If you look at the Windows processes list, you have no idea what half that shit is. They could probably run xkeyscore.exe and I sure as hell wouldn't find it."

Thay just says that you are not a windows admin. It does not mean that no-one else understands the windows process listing. But see the argument above. The same applies (but worse because the software is proprietary.)

"However, on my Linux box I know what every single process in pstree is doing and why it is there. I also know what's going on in the network activity bar of xosview and the netstat listing. Anything reporting back to NSA HQ would have to be pretty subtle."

No you don't. You just think you do. And even if you did, your pstree could be tojaned and not show processes it wanted to hide. So could netstat, or wireshark. That cupsd may not be just listening for print commands you know.

The point is, unless you have an external monitor (say a /known/ /provably/ clean network monitor running on a /known/ /provably/ clean OS) sitting on the wire between you and your ISP you have no guarantee whatosever that what is going in or out of you nice safe secure linux box is all it should be.

And even if you have, you could still be stuffed unless you /really/ understand network protocols in depth (Ever hear of DNS being used as a wrapper for file exfiltration? Or long time based UDP to call home?)

Don't be complacent. The only secure computer is one not switched on, not connected to anything and buried in a lead lined box in concrete.

And even then I'd worry in case it was exhumed and disk forensics run on it......

14
0

Microsoft: NSA security fallout 'getting worse' ... 'not blowing over'

charlie-charlie-tango-alpha

Re: Cloud security

Well, I had to make it 50.......

0
0

Crypto-guru slams 'NSA-proof' tech, says today's crypto is strong enough

charlie-charlie-tango-alpha

Re: NSA seal-of-approval

or as XKCD would have it - why attack the crypto when there are easier targets?

https://www.xkcd.com/538/

3
0

Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ

charlie-charlie-tango-alpha
Big Brother

it could have been worse

They could have chosen Charles Farr.

0
0

Running OpenSSL? Patch now to fix CRITICAL bug

charlie-charlie-tango-alpha

Re: And this is why you cannot trust open source

Words fail me.

Yes, we certainly need a troll icon.

1
1

Crack CERT warriors arrive to save UK from grid-crippling hack attacks

charlie-charlie-tango-alpha

Re: What's that sound ?

Actually I doubt that they will be paid very much. UK Public servants rarely get rich.

0
2

Rule of law: Turkish court nixes government Twitter ban ... for now

charlie-charlie-tango-alpha

"Everyone is getting Turkey's Twitter block wrong"

There is a very good post over at https://medium.com/technology-and-society/cb596ce5f27 by Zeynep Tufecki. She argues that Turkey is not really intending to block Twitter per se, because the Turkish Administration knows that to be largely futile (and it pushes the populace towarrds using avoiding technologies such as VPNs and Tor to bypass the problem). Rather, she says that Erdogan is attempting to "poison the well" of social media by painting it as a threat to family values in Turkey. She notes that Erdogan has talked about social media's disruption of privacy, and how the foreign companies do not obey Turkish court orders but obey US and European courts.

Well worth reading.

0
0

BT finally admits its Home Hub router scuppers some VPN connections

charlie-charlie-tango-alpha

Take a look at Andrews and Arnold (aaisp.net).

No-one, but no-one should use BT.

1
1

Fine, you can mock us: NSA spies back down in T-shirt ridicule brouhaha

charlie-charlie-tango-alpha

re: where's the GCHQ version?

I got mine from the Guardian offers page at http://entertainment.guardianoffers.co.uk/i-aa-rm001699/g-c-h-q-always-listening-to-our-customers/. My wife bought me the NSA version for Christmas.

Unfortunately, the GCHQ version does actually not feature their logo - more a generic HMG "crown". As another poster has said though, GCHQ's site specifically states that the logo may not be used "inappropriately".

No sense of humour.

1
0

Getting documents all too easy for Snowden

charlie-charlie-tango-alpha

Re: RTFNYTA?

Journalistic licence. And in my view, not unreasonable. When I read the original article last night, my immediate conclusion was "wget".

But whatever the tool, the principle remains the same. An NSA insider, and a contractor to boot, was able to recursively scan and download a bucketload of highly classified documents, including documents from a Five Eyes partner, without any effective alarms going off.

That says an awful lot about the effectiveness of the NSA's security practices (for both technical and personnel security). No wonder they are pissed off.

3
0
charlie-charlie-tango-alpha

Re: wget - The hackers friend

I have deleted all copies of wget from all my systems.

Honest.

1
0
charlie-charlie-tango-alpha

Re: It's a people problem

Plus 1 for that.

In the UK, the police call the "high vis jacket" the "cloak of invisibility". Wear one and no-one looks at you.

3
0

Hipster SDN firewalls can gentrify hypervisor slums

charlie-charlie-tango-alpha

"Aside from the orchestration capability, it also removes the most troublesome parts of running a cloud - network engineers."

Great. I'm really looking forward to hosting a bunch of applications with a "cloud" provider which employs no network engineers. I feel safer already.

2
0

UK picks Open Document Format for all government files

charlie-charlie-tango-alpha

Re: Seen it before

Yep. Back in September 2002 OGC published "Open Source Software: Guidance on implementing UK Government Policy." I wrote it.

And if you look very carefully at the cover of that document you will notice that it includes a picture of a laptop running the (then) popular X11 game called "kill bill".

Nobody, but nobody, in the publication QA process spotted it.

6
0

WHEW! OpenBSD won't CloseBSD (for now) after $100,000 cash windfall

charlie-charlie-tango-alpha

Re: Volenteers != free

"Mind you, the picture at the foot of their home page makes it look like their test servers are in someone's garage!"

They probably are. I understand that TDR runs the build and test servers himself.

1
0

BT network-level STOCKINGs-n-suspenders KILLER arrives in time for Xmas

charlie-charlie-tango-alpha
Big Brother

Re: "strict", "moderate" and "light".

"All I want for Christmas is a VPN connection outside of blighty."

Try openvpn. You can rent a really cheap VPS (less than 5.00 USD per month) in a variety of places other than dear old blighty. With your own VPN to that VPS (running on say, port 443) you are good to go.

1
1

Linux Voice journos hit crowdfunding target

charlie-charlie-tango-alpha
Happy

Oh yes indeed. Because taking a tablet into the bog with you looks a little, shall we say, suspect.......

0
0
charlie-charlie-tango-alpha
Linux

Re: Linux

Despite the fairly obvious troll traits, I was going to comment on (and down vote) your original post. But a moderator quite sensibly removed it.

For some statistics on the relative usages of linux v BSD, take a look at http://w3techs.com/technologies/comparison/os-bsd,os-linux. BSD is not even in the running in an environment (servers) where it could be expected to be used. On the desktop it is not even a rounding error. I log statistics of OS/browser types hitting my website. I don't see any BSD anywhere.

And I note from your posting history that you have an apparently disturbing set of phobias. Seek help.

2
0

I thought I was being DDOSed. Turns out I'm not that important...

charlie-charlie-tango-alpha
FAIL

If you have to ask. then you wouldn't understand the answer.

14
18

Thought you didn't need to show ID in the UK? Wrong

charlie-charlie-tango-alpha

Royal Palace security

"You will also need strong identification to get into a royal event such as a Buckingham Palace garden party – Palace police are quite strict on checking ID"

I disagree.

Several years ago I was doing some work with the Royal Palace on behalf of the UK Gov Dept I then worked for. Entry to the site was controlled by Police Officers who insisted on two pieces of identfiication. My official pass sufficed as one piece, but they needed another. On my first visit I gave them my ID pass and my passport. On a subsequent visit I forgot my passport so the officer on duty asked for an alternative to add to my ID pass. I furtled in my wallet, but all I could come up with (beyond the usual bank cards etc) was a fishing licence. He said, "OK, that'll do, it's an official document."

You can buy fishing licences at a post office.

1
0

So many 'cyberspying hackers' about... and most of you are garbage

charlie-charlie-tango-alpha

kaspersky schmersky

Raiu said "“They are opening stolen documents on virtual machines without any internet connection to avoid exposing themselves that way,”

So how does he know that?

1
0

Watch BLUBBERING BILLION-DOLLAR BALLMER: Microsoft goodbye love-gush leaks

charlie-charlie-tango-alpha

At least he didn't sing.

8
0

Leaked docs: GCHQ spooks secretly haul in more data than NSA

charlie-charlie-tango-alpha
Thumb Up

Re: Quoting Terry Pratchett???

Good grief. I agree with Eadon.

0
0

Lego fan constructs Bletchley Park Colossus

charlie-charlie-tango-alpha

Relativity in lego

Very nice. But I think Andrew Lipson beats him. See http://www.andrewlipson.com/escher/relativity.html for example.

1
0

New Google Play terms ban non-store app updates

charlie-charlie-tango-alpha

Re: a plea

"contacted"

8
0
charlie-charlie-tango-alpha
Headmaster

a plea

Please dear Reg, use english in your reporting. The phrase "The Register reached out to Facebook" simply made me cringe. Yes, I am an old fart, yes I am being finnicky, yes I know what you think it means, but it is nonsense. It irritates me almost as much as "going forward" and other such twaddle.

There, I feel so much better now.

11
0

Page:

Forums

Biting the hand that feeds IT © 1998–2017