* Posts by Voland's right hand

3881 posts • joined 18 Aug 2011

Spies do spying, part 97: The CIA has a tool to track targets via Wi-Fi

Voland's right hand
Silver badge

Re: History disagrees.

Until the tools are leaked and incorporated in the malware du jour.

Location is of little interest for malware du jour. It becomes of interest only if the meatware attached to the laptop becomes a target. That is definitely not part of the malware du jour repertoire.

1
2

In touching tribute to Samsung Note 7, fidget spinners burst in flames

Voland's right hand
Silver badge

Re: There's an opportunity here

Make it big enough to accommodate a hoverboard and I think you have a product.

8
0

French general accused of nicking fast jet for weekend trips to the Sun

Voland's right hand
Silver badge

There is a venerable tradition here

A friend of mine went to ask for the hand of his future bride in his army "vehicle".

As you might expect when the question is asked with a T72 parked on the street in front of your house with the gun pointed at it, the answer was a resounding "Yes of course".

39
0

NHS WannaCrypt postmortem: Outbreak blamed on lack of accountability

Voland's right hand
Silver badge

Wrong Pic

Should have used Green Wing. Specifically, some of the scenes with the HR department and the computer guy come to mind.

6
0

Virus (cough, cough, Petya) goes postal at FedEx, shares halted

Voland's right hand
Silver badge

Re: Well, MAYBE this will get their attention

an idiot user was using a work PC to do some personal business and a friend e.mailed him the virus

That is exactly the point of having a secure network. Any number of users can do it and the infection should remain contained to them only (ideal case) or a very small pocket which can be surgically removed and replaced.

2
0

America throws down gauntlet: Accept extra security checks or don't carry laptops on flights

Voland's right hand
Silver badge

Re: Last I read...

... planes had yet to be fitted with bomb proof holds.

There was an attempt to bomb-proof containers (as used in a lot of airports for loading and unloading) shortly after the Lockerby investigation concluded. The attempt was successful - the container contained an explosion with high explosive of the same quantity as the one which was used at Lockerby. The incremental increase in weight of the container even with that level of technology was minimal.

It was not implemented because:

1. The whole chain for loading and unloading of luggage would have needed to be modified and containers which are optional today would have become mandatory.

2. The containers today have canvas sides - that would have had to become hard requiring extra maintenance and once again changes to loading and unloading

3. Probably the biggest issue. There is no way to design a fire suppression system when fully enclosed containers are in use. So while the explosion was contained in the experiment, further experiments with LOWER energy explosives which are easier to obtain and result in both fire and explosion were failures all of them - no fire suppression system could effectively mitigate a fire inside the container.

20
1

Kaspersky Lab US staff grilled by Feds in nighttime swoop

Voland's right hand
Silver badge

Clarification needed

a firm that has publicly prostituted

You are mistaking prostituting (taking payment for carnal activities) and whoring (doing them for fun and pleasure). Those two are not equivalent. While the former may be a form of "for fun and profit" of the latter, it is usually done as a last resort - when there is no other source of daily bread.

I will leave which one MSFT and nearly all large US corporations excluding Apple(*) specialize in.

(*)disclaimer: I am not an apple fan and I do not own any apple devices or stock

3
3
Voland's right hand
Silver badge

McCarthy Lives

The Reds Are Under Our Beds.

All hail the congressional committee on investigating the anti-American activities.

27
5

Astroboffins dig into the weird backwards orbit of the Bee-Zed asteroid

Voland's right hand
Silver badge

Did I just see that "asteroid" firing thrusters...

14
0

Dixons Carphone stirs PC Curry, reports 10% profit gravy

Voland's right hand
Silver badge

They have their uses

If your washing machine fails (which it always does on Friday night)...

If you cannot wait until Tuesday when Amazon or Coop electricals will deliver a new one, because by that time you will need an archaeologist to find anything under the pile of dirty clothes piled up by the offspring doing 3+ contact sports...

That is the only time they are useful and they are quite useful indeed.

0
1

Facebook hit two billion users today and SugarCRM reminded us you are Zuck's product

Voland's right hand
Silver badge

CaaS

Creepware As A Service

16
0

UK's Ministry of Fun considers what to tell social media firms about online bullying

Voland's right hand
Silver badge

Re: Get the popcorn

Umm, but isn't that a Russian company,

No. German company. Telegram is registered in Germany and run out of there too.

So, in fact, this is exactly what we will see one day (especially if Teresa continues to get things her way).

2
0
Voland's right hand
Silver badge

Re: Get the popcorn

Same way as here: http://www.theregister.co.uk/2017/06/27/telegram_warned_by_russian_regulator_roskomnadzor/

Why do you think UK govt has been pushing SPs to implement blacklists for various "good causes" so much? It is first good causes, then compliance and at the end outright censorship.

5
1

Concorde without the cacophony: NASA thinks it's cracked quiet supersonic flight

Voland's right hand
Silver badge

Re: Hey...

Look further. Up and back.

Ben Bova, Asimov, Clarke, Lemm had this figured out.

Increasing the speed of an aircraft is diminishing returns. The true solution for high speed travel beyond 3000 km or thereabouts is going ballistic via suborbital trajectory.

The main issue there is not so much technology. Wwe are going in that direction with Space X and ReactionEngines and will be there in a couple of decades well before quiet supersonic aircraft is productized. It is the fact that with the current level of paranoya and militarization nobody will allow you to lob a payload the size of an airliner cabin on a ballistic suborbital trajectory to LA, NY, Moscow or Berlin.

18
0

Encrypted chat app Telegram warned by Russian regulator: 'comply or goodbye'

Voland's right hand
Silver badge

Re: "he said Roskomnadzor had demanded Telegram give keys to decrypt "

This is about Telegram 1:Many services aka channels which IS NOT end-to-end encrypted.

7
1
Voland's right hand
Silver badge

Re: This is not about person to person communication

So, under the point of view you just outlined, is twitter also a "news service"

Yep, twitter, facebook, the lot fall under this law and most of them have complied. LinkedIn tried to be funny and pretend that Russian regulatory regime is a S.E.P., got a hatchet, not sure if they are or not compliant now.

Perhaps even a busy IRC channel might count, for that matter...?

Actually - yes. Even a website.

I have not read in full the relevant parts of said law (it is all online by the way). However, this portion appears solely about "who is the controlling interest" register - similar to the one in UK Ofcom keeps about all TV and Radio stations. In fact all countries have it for TV, radio and in some places printed media - it is part of your permission to operate. Russians are just the first to extend it to the Internet. Que for our politicos to copy it (to deal with "fake" news) in 3, 2, 1...

9
0
Voland's right hand
Silver badge

This is not about person to person communication

Durov is being slightly disingenuous here.

This is about the one-to-many function in telegram which is deemed to be a form of media and according to RossComNadzor subject to their regime for media registration. According to their law they can request anyone to supply information about the controlling interests in the company and if the company fails to respond block it from operating in Russia.

The law was originally phrased for TV stations, radio, news, etc. Most countries have similar laws, they are however "behind the times" and have not expanded them to cover Internet news sources. Yet. AFAIK it is the first time a law like this has been applied to an Internet service.

So Durov refusing to answer is refusing to admit that Telegram is operating a news service, which it actually does - there are channels with hundreds of thousands of subscribers. It has nothing to do with what he is saying. His argument is entirely about the "communications" aspect of telegram, not about the "news dissemination" aspect of telegram.

Now, is the law right or wrong is a different story. As they say - the law is an ass and then we copy the Russians and implement the same law. At least as far as the Internet is concerned. Putin put in the metadata collection program in 1999. We screamed about it being undemocratic, then copied it after 9/11. And so on...

18
1

Idea to encrypt stuff on the web at rest hits the IETF's Standard Track

Voland's right hand
Silver badge

It's at rest - it will annoy the hell out of anyone trying to riffle through the web cache on your machine to see what did you browse. Police, Best Buy's bounty hunters, etc.

14
0

Researchers blind autonomous cars by tricking LIDAR

Voland's right hand
Silver badge

By illuminating the LIDAR with a strong light of the same wavelength as that the LIDAR uses, we can actually erase the existing objects in the sensed output of the LIDAR.”

So how does this work reliably when every car has one and they are all using sensors at the same wavelength. Even if different manufacturers use different ones, ending up in a stretch with all others using the same wavelength as you is simply a matter of probability.

2
1

UK Parliament hack: Really, a brute-force attack? Really?

Voland's right hand
Silver badge

Re: Not only missing 2FA

But does this mean it's one rule for us, and a different one for them?

I thought Animal Farm is part of the national curriculum.

Remember? All Animals are equal, but some are more equal than others.

11
0

UK parliamentary email compromised after 'sustained and determined cyber attack'

Voland's right hand
Silver badge

Re: If it did not have 2FA or certs it was asking to be hacked

"determined and sustained" search for "weak passwords" sounds like a bog-standard brute force to me.

It sounds like "a day in the strife" for me - there is a constant trickle of brute force attempts in my logs. The current fashion is to try SMTP auth for that.

8
1
Voland's right hand
Silver badge

If it did not have 2FA or certs it was asking to be hacked

No 2FA? No certs? No failed login limits? In 2017?

What f*** state sponsored bullshit are these cretins talking about? A kid can assemble the scripts to mount the attack on this on his desk. It is 20 years out of date in terms of security policy - this could be attacked by a scripting kiddies in 1997 same as it can be attacked by anyone today.

I thought the parliament bought into Office365. If that is still the case which cretin DISABLED the failed login limit which comes by default with the cloudy version of Exchange and Outlook? Can the idiot be named, shamed and publicly take responsibility.

By the way - this is literally a reprint of what Graunidad and other news outlets have already posted. I would have expected el-reg at least to be able to update us on what are they using and which idiot did they outsource the maintenance to.

12
2

Intel's Skylake and Kaby Lake CPUs have nasty hyper-threading bug

Voland's right hand
Silver badge

Re: ugh

I have a laptop given to me by IT sitting in the corner. As anything handed out by corporate IT it is an Intel. To be more exact Hell with Skylake. I do not recall a "hyperthreading off" toggle in the BIOS though...

I had to put it on extended leave because it was showing some seriously weird behavior with Java coredumping. I suspect it is the same bug. Based on its behavior I would say - every couple of hours under heavy load.

14
0

FCC: LEO ISPs A-OK

Voland's right hand
Silver badge

You never know whom to blame for what. Virgin is an investor in this thing.

0
0
Voland's right hand
Silver badge

Re: My guess is that they'll follow the Iridium model...

Dunno. I have two remote sites. While one of them has HSPA (if you use a 19db MIMO directed antenna), the other will not be getting decent connectivity any time soon. It is 13 miles from the edge of 4G coverage, in the 2G only twilight zone.

I am willing to pay ~ 50-70£ per month for decent Internet there. If the local mobile company there continues to scratch its butt by 2019, I will be one of the first subscribers the moment they have self-install terminals.

0
0

US Secretary of State: I will work with Russia on cyber security issues

Voland's right hand
Silver badge

Re: " both sides must mutually agree and abide by the rules of engagement, "

Good luck with that.

Indeed. On BOTH sides.

7
0
Voland's right hand
Silver badge

Re: Wait, what? Maybe missing irony quotes around belligerent?

Lots of quotes needed at the moment.

Most newspapers published this along with "Russian pilot unprofessionally approached a NATO aircraft over the Baltic" on the same day based on a NATO press communique which deliberately came out together with the press release for this one.

The communique missed the fact that the NATO aircraft was a RC135 SigInt airplane, that it came within several hundred of meters of Russia defense minister jet and it was while two NATO F16s were harassing that jet by coming within 5m to provoke it to use emergency comms protocols so that the RC135 can listen and record. The actual incident quoted by NATO was the escorting Su-27 jet pilot inserting itself with missiles facing the F16 within the 5m between the Russian government jet. In the meantime the other escort did the same to the RC-135. That is ... what? Flying a bloody big heavy air superiority fighter "on its side" within 2.5m from two aircraft on both sides. Insane - yes. Unprofessional, I beg to differ.

While I understand the desire of some idiots in the Pentagon and NATO HQ to get some listen in on latest Russian coded comms, can we do it without:

1. Lying in a press communique reprinted by all newspapers (El Graunidad corrected it later though).

2. Attaching the communique to a clear case of violating other country's sovereignty in at least 3 different ways as a distraction. Dunno which bit of bad news where they trying to bury in which, but it is definitely a case of "bury bad news".

3. Trying to start WW3.

I do not know who is at the wheel at the moment in the Pentagon (if anyone is at all), but they definitely need to be removed and diplomats be put to work to deescalate. Otherwise we will all end up as radioactive ash at this rate.

9
1

Smart burglars will ride the surf of inter-connected hackability

Voland's right hand
Silver badge

Re: instead, they upload malicious code from a USB stick

This is precisely why I refuse to program in "Home" on any of my GPS devices.

I do not enter it either. The miscreants can still get to within 3 houses of yours if they open the route logbook. All it takes for them to determine which one is yours after that is 5 minutes of pretending to be evangelicals.

2
0
Voland's right hand
Silver badge

instead, they upload malicious code from a USB stick

Why bother - just grab the GPS details of $HOME.

Not new either - it is the traditional "treatment" cars get when they are broken in at amuzement parks, airport parking lots or anywhere else where you have a reason to believe that the occupants will be for at least a day.

By the time they get home their home is squeaky clean. And empty.

P.S. This is one of the reasons why I categorically refuse to this day to have an integrated car GPS. I should be able to chuck it in the bag when I park it for a long time somewhere.

4
0

AES-256 keys sniffed in seconds using €200 of kit a few inches away

Voland's right hand
Silver badge

Re: In effect "traffic analysis" applied at the bus level.

Basically you need to keep a constant(ish) power level in the system

Not even that - your power level should not correlate with the encryption task. That will actually be the case if the system is doing enough other things. Makes up for an interesting argument against dedicated hardware.

13
0

Algorithmic pricing raises concerns for EU competition law enforcement

Voland's right hand
Silver badge

Also, I've seen what seemed to be implausible bargains on Amazon

There is both that and putting ridiculous prices on items like 1200 grand for a bag of bolts. Both are done specifically to skew other people's pricing algos and amazon pricing assistance tools (there is a nice cottage industry brewing which helps your determine and alter pricing based on what other people are selling their goods for).

Theoretically - you can complain to Amazon about it. Practically - it is a wild East (not even West) environment.

4
1

WikiLeaks doc dump reveals CIA tools for infecting air-gapped PCs

Voland's right hand
Silver badge

Re: Who watches the watchers?

How do you know what they have been up to,

I know more than I would have preferred to know. I have multiple granduncles who have worked for one of the "firms" and I know about some of their older "handywork" which is now past its classification "window" (lots of it is still not published, it officially does not exist, just no criminal penalty if you happen to know about it without having the relevant clearance).

As far as the morals of the staff employed by the CIA, GRU, MI6, Mossad, etc, you get both sides of the coin. People who do it for their country and people who you would rather not meet in a dark alley. Both of them have little respect for the law as their job is to break the law to get the work done.

It is the job of the political control of the agency and whoever gives orders to ensure that the subject of their interests is the enemy and not their own population. Unfortunately, the 20th and the 21st century (so far) are a litany of failures as far as that is concerned. Pretty much all governments have taken a leaf out of the Stalin and Hitler's book and have deployed the secret services (along with their long list of dirty methods) against internal targets.

8
0
Voland's right hand
Silver badge

Re: Who watches the watchers?

Nothing wrong with THIS abuse - these are the guys their country pays to go and get info from ANOTHER country and/or attack another country by messing with its infrastructure, planting fake news, etc. The goal is to do it by any means necessary short of causing a war (unless they have been tasked with causing a war).

Like it or not, that is a the job of the externally facing secret services - CIA, GRU, MI6, etc. They are paid to fight dirty so that we do not fight "clean" on the battlefield according to the Geneva Conventions. Historically, they have been massively overdoing it on both sides and it is long overdue for them to be reigned in exactly because of that - a dirty cloak and dagger war can always spill out in the open and become clean and nobody wants to do that.

7
0
Voland's right hand
Silver badge

Re: "Suspicion Deflection"

Name already taken - by the embedded ssh server build. The one used by OpenWRT.

3
0

Waymo: We've got a hot smoking gun in Uber 'tech theft' brouhaha

Voland's right hand
Silver badge

How cute...

Now a "spontaneous" grassroots campaign.

Why do I find it difficult to believe in the spontaneity for some reason...

30
0

In the week Uber blew up, Netflix restates 'No brilliant jerks' policy

Voland's right hand
Silver badge

Re: What do Netflix staff do that requires all these not-brilliant stars?

Scaling while staying with a well defined metrics envelope for jitter, latency, etc.

It is quite tough actually. In fact, extremely tough. If it was not that tough everyone and their dog would be able to run a video service.

13
0
Voland's right hand
Silver badge

worked its way into many-an-HR-person's strategies.

You mean "pretend worked", surely. Such things are not set in an HR strategy - they are set from the CEO and board down and the CEO and the board have to live by them. When an HR droid tries to imitate them within the scope of what is allowed to an HR droid the results are laughable.

16
0

TalkTalk customers complain of being unable to load Amazon website

Voland's right hand
Silver badge

Re: Rule #2

Rule #2

That is rule #0 - it goes before any other rules.

31
0

Honda plant in Japan briefly stops making cars after fresh WannaCrypt outbreak

Voland's right hand
Silver badge

The price you pay for using generic OS for industrial control

It is the price you pay for using a generic OS without stripping it down and securing it for industrial control. There will be more of that (lots more) and it will only get worse until it gets better as the I Do Internet Of Things people will continue to ship basic unsecured builds for the foreseeable future.

7
3

Ad 'urgently' seeks company to build national e-ID system

Voland's right hand
Silver badge

Enrolling children

They are already enrolled from a few weeks old - the new passports are biometric worldwide.

The "age of 5" + 4 million is interesting as it is not something I can map to any Eu country (or developed country for that matter). They all already have enrollment from the moment of first passport application.

4
0

Debian 9 feels like home with security upgrades and a flaming vulpine warming your toes

Voland's right hand
Silver badge

Re: Some rough edges

but I upgraded several server systems already in under 20 minutes each.

dpkg-query -l | wc -l

Development + office + day-to-day use desktop : 4338

Web, VPN + Mail Hosted Server with a fully blown catalyst env and a gazillion perl modules dragged in by foswiki dependencies: 858.

Single purpose server: < 400

There is nothing "wrong" to what I am doing, just a server is an easy upgrade. Very easy. Piece of cake compared to a desktop you develop on. 2.5-3h to upgrade that is actually not a very bad score.

1
0
Voland's right hand
Silver badge
Gimp

Re: Stop claiming that secure boot is a security advantage...

Secure boot is not about bootsector.

It is about having an uninterrupted chain of verified components starting at the BIOS/Firmware/Bootloader and all the way to the executable proven by cryptography.

Microsoft implementation of this is quite poor and relatively benign. If you want to see how really funky can this get have a look at ChromeOS on Arm ChromeBooks.

I am starting to swear at the mere thought of pushing Debian 8.8 on my Samsung Chromebook to 9.0. It took me one whole f*** afternoon to win the fight last time when I got it from 7 to 8. It is installed properly - on the internal SSD. That is something even Debian wiki claims to be not possible - it has a procedure for SD card install only and/or Crouton installs. While it is not impossible, the whole idiocy with the signed kernel makes it a form of BSDM experience. Very BDSM.

9
4
Voland's right hand
Silver badge

Re: Bold Statement

A very bold statement, indeed! - Concur.

Depends on the complexity of the install. My desktops worked fine, but the machine which I use for media processing and has an ungodly amount of packages on top of the desktop build + remnants of the build reqs for them barfed twice through the upgrade. It was on 8.8.

So it can barf even from 8.8. It does, however, recover so "Keep calm and carry on apt-getting" still applies.

I have not tried arm and ppc systems yet to see how it works there. They are next on my "menu"

3
0
Voland's right hand
Silver badge

Some rough edges

The new firefox "run in a container" security tech comes close to killing a machine at times - container + new input subsystem + badly written javascript (hello screwfix) == accepting one character per few seconds. It does not get completely stuck so you can Alt-Shift away and kill the process, but still unpleasant.

The upgrade is also hellishly long, especially on SSDs. It is so big that it hits the "reclaim" twilight zone on most consumer SSDs. As a comparison - two roughly equivalent machines, one with spinning rust, one with SSD, full desktop + development environment install. The spinning rust finished in under 3h. The SSD just about managed to complete the upgrade in 8.

There are also some gremlins related to the way locking the screen now works, especially on media center machines.

Otherwise, not bad. I will chose a weekend to update my the servers though - the process is way too long to consider doing it during working hours.

3
3

You can't take the pervs off Facebook, says US Supreme Court

Voland's right hand
Silver badge

just plain opening your mouth

Yes. Have a look at the history of convictions for sedition.

7
0

Fancy buying our aircraft carrier satnav, Raytheon asks UK

Voland's right hand
Silver badge

Some 40 per cent larger by displacement than QE, the Ford is designed to support around 160 launches and recoveries per day.

That is 160 fully loaded launches off a catapult that can come home without getting read of fuel tanks and ordnance to be caught by the arrestor gear. In terms of bomb load, etc the ratio is significantly better than 108/160.

4
0

Hotheaded Brussels civil servants issued with cool warning: Leak

Voland's right hand
Silver badge

Re: That's not hot. This is hot.

his is a temperate climate we're talking about, 29C is hot.

No it is not. Temperate can be continental temperate like Hungary, Romania, Russia or Bulgaria (depending on the year - it is straddling the border between temperate and subtropical). 40C+ is quite common. The saving grace is that humidity is usually < 50%.

It can also be coastal temperate like the British isles or Belgium where 29C is a big deal. It actually is as it comes with 70%+ humidity.

The difference humidity makes is two-fold. First it is easier to tolerate heat during the day if it is lower.

Second, low humidity equates to significant radiation cooling at night so you can sleep. Even if it was 35C a few hours ago, it happily drops to 18C by 10pm making it quite tolerable (especially out in the countryside). That does not happen during a heatwave in places like Belgium or UK. It stays at 24C at night and is throughly disgusting.

10
0

Backdoor backlash: European Parliament wants better privacy

Voland's right hand
Silver badge

Re: Unintended consequences

Indeed. Frankly, the "we promote https" crusade for plain old content by the ones like Google is mostly about ad revenue preservation and prevention of injecting/removing ads. Privacy? Security? Who cares.

In any case, IMHO both the parliamentarians and the Eu ministers are in the wrong here. The issue is very plain, simple and it has been known for nearly a century - long before the days of the internet. It is called legal intercept.

If you are running a revenue generating communications service, you have to provide legal intercept facilities. So the law says in pretty much all countries. What has been happening is that Internet companies have been skipping on this in the USA for a while by using an old SCOTUS decision that they are running information services, not communication services. That is bollocks. It is used to communicate. They have also transplanted the same services worldwide (and other copied the designs from them).

Legal intercept != mass surveillance. It is used (in most countries) via a court order which in some places (Germany, Swiss) is actually hellishly difficult to obtain. It is used on an individual basis and does not cost in for the police to use en-masse, because it is CHARGED for by the provider. It costs money.

IMHO, the fight against legal intercept as a service component is both stupid and wrong. It is a legitimate ask and if it is not provided and backed up by appropriate legal constraints we will get encryption backdoors and mass surveillance instead.

5
12

Texas says 'howdy' to completely driverless robo-cars on its roads

Voland's right hand
Silver badge

And I turn to her and say, "Texas"

She says, "What?"

I said, "Texas"

She says, "What?"

They got big long roads out there

(c) Chris Rea, from the Road to Hell album.

1
2

Forums

Biting the hand that feeds IT © 1998–2017