* Posts by spellucci

21 posts • joined 30 Jun 2011

Bright spark dev irons out light interference

spellucci
Headmaster

Office 365 Slogan

I had the devil of a time parsing the Queen's English title to this story. Yes, I'm from the other side of the pond.

"Bright spark dev irons out light interference"

What is the verb in the title? Spark? No, sparking a dev iron doesn't make sense. Out? Better, in the sense of exposing or "outing" something. But what does it mean to have a dev iron expose light interference? Light? No, too far into the sentence. Iron, as in iron out? Ah, now we're getting somewhere. But what is a spark dev, and what does it mean for a spark dev to iron out something? I think I need to go back to school to study English at Cambridge on the River Cam instead of Cambridge on the Charles River.

Bruce Schneier: You want real IoT security? Have Uncle Sam start putting boots to asses

spellucci
Coat

Really Lousy Idea

A big IoT issue is the number of devices that do not auto update, and as a result fall prey to being commandeered into botnets. My Really Lousy Idea (TM) is that if a consumer owns a device that gets taken over and used in, say, a DDOS attack, that consumer is held accountable for damages. Imagine the damper that would put on buying IoT devices that are not really damn secure, or at least auto update.

Security MadLibs: Your IoT electrical outlet can now pwn your smart TV

spellucci

Help from America

Americans,

You are big consumers of this IoT stuff. And big producers of law firms. Can we arrange for you to create a class action lawsuit or two? Lawsuits that hold individual IoT owners liable for their unpatched devices contributing to, say, the DDOS attacks that those devices take part in.

"If you own device X, and you cannot show it was fully patched, you are hereby assessed $50,000 for damages your device caused." When said device cost $50. That will slow down sales. And have the manufacturers make sure their devices can be patched so we can at least have a chance at keeping them secure.

Sincerely,

Well, everybody

Windows 10 Insiders see double as new builds hit the deck – with promises to end Update Rage

spellucci

Office 365 Slogan

I get the frustration but YIKES is managing an update stream as complex as the Windows Update stream a complicated beast. I am happy for Microsoft to test all the interactions of all the different updates and make sure that that particular mix of updates works together. For me to disable one of those updates would require me to have knowledge of the update interactions that I would not want to have to wade through, thank you very much.

Open Internet lovin' Comcast: Buy our TV service – or no faster broadband for you!

spellucci
Facepalm

Verizon, too?

I asked Verizon how much I could save if I cancelled the TV part of my TV + Phone + Internet bundle. They said it would be $5 more per month for just Phone and Internet. I kept the 3-way bundle.

spellucci

Verizon, too?

I asked Verizon how much I could save off my TV + Phone + Internet bundle if I cancelled the TV and gave them back the set-top box. They said it would be $5 more per month. I kept the bundle.

Here we go again... UK Prime Minister urges nerds to come up with magic crypto backdoors

spellucci
WTF?

How Hard Can It Be?

Not original, but I cannot find the original author:

If we can land a man on the moon, surely if we put our minds to it we can land a man on the sun.

Fine, OK, no backdoors, says Deputy AG. Just keep PLAINTEXT copies of everyone's messages

spellucci

I tried to start a movement once of everyone printing out the call detail records from our phone records and sending them to the NSA so they would have hard copy, and lots of it, but I didn't get very far.

spellucci
Facepalm

Dear Mr. Rosenstein

Here is what I wrote to Mr. Rosenstein today.

Dear Deputy Attorney General Rosenstein,

You made an important case for public/private partnership in your remarks to the 2017 North American International Cyber Summit. At the end of your remarks, however, you undermined the credibility of your message by asserting, without proof, that it is possible to have strong encryption that is both secure and available to law enforcement, and that the challenges involved are simply engineering ones.

I was taught in school that ignorance of the law is no excuse. Likewise, ignorance of the fundamentals of encryption does not excuse the fallacy in the both-secure-and-available claim. If authorized individuals can access an encrypted message, then so can unauthorized individuals. Please do not set policy based on the false assumption that this issue can be somehow worked around by engineering. This is not an engineering problem and does not have an engineering solution.

Zero-day hole can pwn millions of LastPass users, all that's needed is a malicious site

spellucci

Already fixed

This bug only affected Firefox users and was fixed in version 4.1.21a. See https://blog.lastpass.com/2016/07/lastpass-security-updates.html/ for details.

Empty your free 30GB OneDrive space today – before Microsoft deletes your files for you

spellucci

Decent Security has a workaround for Windows 7 clean install issues: https://decentsecurity.com/enterprise/#/windows-7-fast-update/.

This is more of an enterprise solution, as the author says the solution is "unwieldy" but it might get you past the known issues of trying to use the unpatched Windows updater.

Put your private parts on display if you want to keep earning a living

spellucci

Re: The first three paragraphs

Could you, or any other kind readers, determine the actual topic of this article? I read through it a number of times, but could not tell what was real, what was the author enjoying the writing, and what the story was about. Many pardons if it is obvious to others, but I didn't get it.

Hello Kitty hack exposes 3.3 million users' details, says infosec bod

spellucci

Easy Fix

"The information exposed in the breach includes the first and last names, birth dates, genders, countries of origin, and email addresses for 3.3 million accounts."

Easy fix: just change your child's birth date.

UFOs in the '50s skies? CIA admits: 'IT WAS US'

spellucci
Alert

UFO at Otis AFB

There is a family story from the '60s or '70s about a man in Bourne, MA, USA who covered a box kite in aluminium foil, attached battery-powered lights, and flew it after dark on a r-e-a-l-l-y long string. He was listening to the police radio to see who noticed. The nearby Otis Air Force Base, that's who. He reeled the kite in rather quickly when the Air Force scrambled two fighter jets to intercept it.

Why Apple had to craft a pocket-busting 5.5in Plus-sized iPhone 6 (thank LG, Samsung etc)

spellucci
Facepalm

Gaining hardware but losing software = losing market share?

My teenage sons both have iPhone 4 phones that are just about to be able to replaced for free through my mobile carrier's two year contract renewal plan. I showed them the new iPhone 6s yesterday, and both of them said they wanted to go Samsung. What?!

My eldest said he uses his phone primarily for music, and he is tired of the loss of more and more of the features he likes due to software bugs. That resonated for me, because the only reason I buy iPods, and I have bought several, is to listen to podcasts. The podcast features I like have slowly disappeared over time due to software bugs. (E.g., I used to be able to sync the podcasts to my iPod and listen to them in order--feature now broken. E.g., the podcasts used to be removed from my smart playlist as I listened to them on the iPod so the most recent unheard podcast was always at the top--feature now broken.)

Is the technical debt of Apple's software catching up to them in a way that will dampen new sales? In my small market survey,100% of iPhone users' reaction to the new iPhone is not to get a new one--for free--or even an old one, when their contract is up, but to switch to Android.

EBay, you keep using the word 'SECURITY'. I do not think it means what you think it means

spellucci

Pardon my American ignorance: what is a "tat bazaar"? Is eBay's "tat bazaar" a subset of eBay's service, jargon for an online auction, or something else. Mr. Google links to lots of articles by El Reg on the topic, but using a term to define a term is term-inally unhelpful.

Google spews out 'privacy' email to Sky punters too

spellucci
Coat

Apple next?

I can't wait for Apple email addresses to start getting these privacy notices.

A simple HTML tag will crash 64-bit Windows 7

spellucci
Joke

For safety measures

For safety measures, I'm deleting kernel32.exe from my 64-bit Windows 7 machine as soon as I finish this post.

Judge orders search giants: Delist Chanel rip-off merchants

spellucci

Wouldn't it be a shame

Wouldn't it be a shame if somehow the Nevada district court's web site got mis-identified by Chanel as an offending site because of all its discussion about counterfeiting Chanel, and got seized.

Microsoft: Office 365 outages 'will' happen

spellucci
Joke

Office 365 Slogan

When it absolutely, positively has to be available eventually.

'Indestructible' rootkit enslaves 4.5m PCs in 3 months

spellucci

Microsoft Standalone System Sweeper

Microsoft has in beta a program called Standalone System Sweeper. It creates an ISO to boot from. When you do, it checks for rootkits that cannot be checked when booting from the MBR. See http://connect.microsoft.com/systemsweeper for details.

Biting the hand that feeds IT © 1998–2019