* Posts by IT Hack

318 posts • joined 29 Nov 2011

Page:

No, eight characters, some capital letters and numbers is not a good password policy

IT Hack

Re: Layers...like an onion

Probably though not the best policy for...

We are not talking about family pictures or drawings by ones kids. We are talking specifically about information that is considered sensitive.

So when you don't need it you lock it away. It is not difficult or complicated. Of course if you approach this like a bull in a china shop you will put peoples backs up. Much like any project that involves people...get the interaction wrong and you will have an uphill struggle. Basic management 101 (or should be). You are right in that regard. I find most reasonable people understand the reasoning if explained properly...not to viewed as a punishment but rather a best practice.

IT Hack

Re: Layers...like an onion

Best practice??? By whose definition?

Pretty much every infosec pro I've spoken to or worked with. On top of that we also consider passworded screen savers a best practice.

New regulatory issues also drive the adoption of these policies, the newest being GDPR. Of course GDPR does not stipulate clear desk policies but as a security manager one would consider a clear desk policy as a mechanism to reduce the risk of data breaches.

https://www.sans.org/security-resources/policies/general/pdf/clean-desk-policy

IT Hack

Layers...like an onion

Thing is that you cannot look at this as just a password policy. There are other security aspects that also impact on usage.

I see a lot of people say that post it's are vital to remembering a password. Well as we know that is also a risk. We mitigate that risk by using clear desk policies as a best practice.

Of course in and if itself will not solve the issue of bad passwords. There are plenty of other policies to deal with that. As already mentioned...monthly scans to blacklisting.

So yeah...onions.

Amazon, ditch us? But they can't do without us – Oracle

IT Hack

Data what?

Should have gone Access.

The above is an attempt at humour. Can't be arsed to slag off Oragivemeallyourmoneycle or indeed Amazlavelabouron.

Still if Oracle goes tots I bet a bunch of luxury car dealers will be sad.

IBM memo to staff: Our CEO Ginni is visiting so please 'act normally!'

IT Hack

Re: "Act normally! Ginni and the team are here to see what Austin is really like."

LDS - That's why true entrepreneurs show up unexpected and look at how things really work.

I wonder. I suspect you are right that many CEO's have a bit of a delusion going on when it comes to visits. Some not so much.

I used to work in a tech support centre for US based storage appliance company a few years, ok a lot of years back. Our CEO was coming to visit the place (not only the support centre but also euro HQ). I was (don't hate me!) a tech support manager there and was working to the of shift with the guys and we started talking about the CEO and the visit. On of the team said the CEO would never come up to the centre to see them hard at work as the clock headed towards 7pm. The company made a big thing of being a team etc so thought bugger it.

I went down to the reception area where the great and mighty had congregated and was lucky enough to catch the CEO sort of by himself at the buffet. Now not really having much truck with this kind of thing I asked him if he'd like to visit the tech centre. He readily agreed and I must say the look on the faces of the people in reception as I ascended like some tech support god (ok ok...maybe not but I enjoyed the look of horror/shock on my local compatriots assorted EVPs, SVPs and senior leadership very much). I engaged in some small talk on the way up, mainly about my team.

So we reach our floor and I introduce the CEO to the team. Who then went around to each of my engineers shook hands and spent a good twenty minutes chatting with the guys. He then went around the rest of the centre and met the other teams also working late shift.

Frankly if you cannot approach execs then there is a major problem.

Do UK.gov wonks understand sci-tech skills gap? MPs dish out Parliamentary kicking

IT Hack

Re: Stream the schools not the children

If our powers that be really gave a figs ear regarding the education of our nation we would not be having this discussion.

Grammar schools are not effective if you want to have a real open and democratic country (the number of MP's who went to comprehensive schools stood at 51% in 2017 - https://www.channel4.com/news/factcheck/factcheck-qa-how-posh-is-parliament).

The issue is actually quite simple to resolve. Problem is that it costs money and of course spending money on investing in the strategic future of the country is clearly socialist and utterly barmy magic money tree.

Kids are kids and have friends throughout their childhood. So why break those relationships up when instead those who need coaching get the required amount and those who are brighter or have specific educational needs or challenges get the support they need from their teachers but...shock horror their own friends! Imagine that!

Another huge error was made when idiots decided that renaming polytechnics to universities would be a good idea coz now we can offer degree courses in fucking golf fucking course fucking design.

Britain mulls 'complete shutdown' of 4G net for emergency services

IT Hack

Data - A slurp too far?

So part of the spec is 'data' and increasing the availability of data.

Talk about an open check! Clearly the idea is to allow Emergency Services more data in tactical situations. So we not only have the issue of high availability/high coverage data services but also issues around data management as well as device management.

I'm not a sales guy but even I salivate at the idea of such a project and the, shall we say - generous billing opportunities.

Of course Emergency Services have exemptions and the like in terms of legislation but that does not mean they are completely exempt from things like privacy rights covered by GDPR. So in the natural way of things the use of data will absolutely grow as will data breaches.

Still its good to know that the powers that be have already considered all these and even further issues for this roll out.

What larks.

Welcome to your sci-fi dystopia: Sonic firewalls to crumble inaudible ad-tracking phone cookies

IT Hack

Re: Where there's a way, there's a will

Lazy devs. Or devs who have been badly trained. Or devs who don't give a fuck.

I am sure management has some input into this as well.

Pentagon in uproar: 'China's lasers' make US pilots shake in Djibouti

IT Hack

Re: Binding Protocol?

Please! No fighting in the war room!

Amazon warns you have 30 days before Music Storage files bloodbath

IT Hack

NHS slackers

So who did Maybot screw to pay off the DUP? The NHS? Amazon tax breaks?

Ex-cop who 'kept private copies of data' fingers Cabinet Office minister in pr0nz at work claims

IT Hack

Firewalls

Nice to see the HoC IT bods allowing dodgy websites through their firewall.

May the excessive force be with you: Chap cuffed after Star Trek v Star Wars row turns bloody

IT Hack

Re: No contest

> "My vote for best goes to Bab5."

> And mine goes to Battlestar Galactica.

>Pfft! Firefly was best

That would be Blakes 7.

mic drop

Ride-snare: Lyft ruse helps cops cuff suspect in tech CEO murder case

IT Hack

Re: Important information missing from article

Silver Toyota Prius

I heard it was a Honda. With a ton of silver in the trunk. Fired out of a cannon.

Bookmakers William Hill under siege from DDoS internet flood

IT Hack

Dev Ops

Yeah....so how's that going Mr Hill?

Corbyn lied, Virgin Trains lied, Harambe died

IT Hack

Re: A/C rant "From the article"

@ IT Hack

See this is the thing...you don't even know if Corbyn 'smeared' Branson. Why else put a proviso in your comment. Rather blows your argument out of the water doesn't it? Of course if there is evidence of Corbyn smearing Branson lets see it. Oh...there isn't. All Corbyn said, and quite rightly, is that the privatised rail services are a complete shambles and why is it we are warding contracts to other nationalised state companies?

As for the rest of your post....excellent comedy material.

IT Hack

A/C rant "From the article"

Its more like a billionaire train operator smears politician over claims of rail passengers not being well served and that a return to a nationalised rail service is better than what we have at the moment.

That is why the use of the CCTV footage is regulated. Or are you suggesting that the billionaire rail operator has the best interests of the public at heart?

I must ask. Are you that naive?

I would also like to draw attention to the other recent railways issue, the awarding of the East Anglian service to Abellio. Abellio is foreign arm of the Dutch National Railway. Which begs ever so many questions...

IT Hack

Don't Lie.

"from brick-chucking Corbynistas"

I hope you have proof of this, because no one else has. In fact her office was never touched. Her office located in a communal building, with the damaged window also in the communal area. Pretty much signs of a ordinary attempted burglary.

As a bonus, Angel Eagles office windows were festooned with Labour posters. None of which were damaged.

Please retract your comment about brick chucking Corbynistas.

And no. I am not a Labour Part member. Just a citizen sick of bullshit media, lazy and quite ignorant journalists and of course of not having an effective opposition against the Torys. You know...that difficult thing called democracy.

Italian MP threatens parents forcing veggie diets on kids with jail

IT Hack

I don't think you'll find many vegans eating anchovies. Actually...can you call people who eat fish vegetarians?

Crafty plan to give FBI warrantless access to browser histories axed

IT Hack

Republicans

Always looking out for the little guy fighting 'big gov'...

Google AI gains access to 1.2m confidential NHS patient records

IT Hack

Soveriegnty

So...the rest of Europe people need to opt in. In the UK we require people to opt out if they want their data shared.

Can someone tell me how Europe is telling us what to do again?

William Hague: Brussels attacks mean we must destroy crypto ASAP

IT Hack

Re: Jugend

Actually he hasn't matured since his speech as a sixteen year old at the Tory party conference.

Why Tim Cook is wrong: A privacy advocate's view

IT Hack

Data

I would not be surprised if in fact there is absolutely bugger all on that phone.

Just yet something else caught up in the dragnet that we call modern law enforcement.

Quotemehappy? No, I'm furious: Insurance site loses customer details

IT Hack

Aviva Quote

Quotemehappy.com has identified an incident where a small percentage of customers were able to see another customer’s contact details, such as name, address and telephone number, when they logged into their account.

These details could not be changed and no sensitive, personal or financial, information could be viewed or accessed.

The issue has now been fully resolved and we have contacted all impacted customers to explain the situation and have notified the FCA and the ICO.

------------------

And I hope both the ICO and FCA smacks these muppets upside the head.

You can see the details but not view them? Notwithstanding this invention called writing that can be used, you know to write stuff down. You know...access?

Telephone numbers and addresses with names...that's bad enough but to make a statement like that is justification enough to stand, point and laugh at these idiots.

Facebook tells Viz to f**k right off

IT Hack

Revived

Looks like is back to normal...

Google to pump free gigabit Fiber into homes of hard-up families

IT Hack

Also only one l in spelt

IT Hack

@AC

Sadly el reg is no longer (and hasn't for a very long time) a totally UK staffed site.

UK Home Sec's defence of bulk spying: We 'found' a paedo (we already knew about)

IT Hack

Credibility

Does May have any left?

30 years on from Challenger, NASA remembers the fallen

IT Hack

Re: If you want to truth..

Boils down to this -

Killed by management.

Home Office lost its workers' completed security vetting forms

IT Hack

Re: Too Many Errors

@ ledswinger

Why this one? Coz she's the current Home Sec. If it had been under labour I'd be saying the same thing.

There is something about the office of Home Sec that really brings to the fore the utter disdain the post holder has for the citizenry.

IT Hack

Too Many Errors

She needs to resign. Preferably forced to resign. To highlight how utterly odious the Home Sec actually is.

RSA asks for plaintext Twitter passwords on conference reg page

IT Hack

Affirmation

Well...as I've often said. Too many cowboys in our profession.

I for one am glad RSA did this. I hope to see heads rolling soon. I don't expect it though.

Fuckwits.

GCHQ summer schools to pay teenage hackers £250 a week

IT Hack

Re: Facepalm

>>"what would be the point of tying up the vetting process with a bunch of teenagers who will have access to absolutely fAll in terms of sensitive data?"

Presumably to avoid GCHQ teaching a bunch of hacking skills or whatever to the latest subversive / terrorist / activist / whatever, I would presume.

If they're not vetting them, then what they're teaching can't be that awesome. Or if it is, they should be vetted. No?

---------------------

Yes. I fear this is yet more taxpayer money being spunked by some PFY in some obscure government dept in an attempt to follow some vague directive to make it cool for kids. This is not serious. If it were serious they'd be targeting the most promising maths prodigies and the like. The ones winning the appropriate academic accolades.

IT Hack

Facepalm

Reminds me of the ads I keep getting to learn how to become an ethical hacker.

I bet they don't even vet the entrants.

Engineer's bosses gave him printout of his Yahoo IMs. Euro court says it's OK

IT Hack

Court

Am surprised this did not get rejected by the ECHR...what a waste of time and money.

When you join a company you sign a contract. The vast amount (if not all) of these contracts state the digital policy in terms of disciplinary action. Most will state that company kit is for company use as well as what would be deemed appropriate kinds of communication.

Unless the contract is illegal there is nothing for the company to answer to.

BBC risks wrath of android rights activists with Robot Wars reboot

IT Hack

I, Robot

Andriod rights activists...for a millisecond I thought my smartphone gained sentience.

Then I realised it was someone with too much time on their hands.

Microsoft kicks VMware right in its weakest, cloudiest spot

IT Hack

Azure

Is it reliable?

No.

Southend-on-Sea splashes £1.5m on hybrid cloud data centre

IT Hack

Cost

Of course it is difficult to speculate if you don't have a grasp of their project (how much data, networking etc) but 1.5m seems quite optimistic for a council the size of Southend.

Lights out! Newbie IT manager's dark basement trip

IT Hack

Murph

Murphy and his law, along with the associated engineering based corollaries, did not appear out of thin air.

Boozing is unsafe at ‘any level’, thunders chief UK.gov quack

IT Hack

Nanny State

So I guess this means we can call both Labour and the Tories as 'Nanny Statists'?

Or just the Tories?

How hard can it be to kick terrorists off the web? Tech bosses, US govt bods thrash it out

IT Hack

Disaster

Authoritarian politically appointed security services managers hooking up with micro tripping libertarian technocrats.

This will not end well.

The designer of the IBM ThinkPad has died

IT Hack

Still have one somewhere. Have to say that I loved the stinkpad and its nipple. Quite liked the look at the time as well.

ummm...this is not what it seems!

ISPs: UK.gov should pay full costs of Snooper's Charter hardware

IT Hack

Re: Depressing.

@ Detective Emil

The linage of wankery in the role of Home Sec is long and eminently distinguished.

IT Hack

Re: Depressing.

@ Gordon 10 - unless of course you assume - given the apparent continuity between this and the Labour snoopers charter - that is those same civil servants in Whitehall or more likely Cheltenham driving this.

Ironic since GCHQ already has most of this anyway - so its probably just an attempt to get the storage costs off their books and onto the ISP's.

----

Well...firstly the previous Labour gov was Blairite. This kind of thing was/is literally right up their ally, given the enjoyment they seemed to have with their fear mongering. So for there to have been a continuation was quite natural as the Tories also enjoy rule through fear. These things will have the hand of the civil service in the game of course. However the lead is always from the politicians.

Having said all that I do think you are spot on with your last sentence

IT Hack

Re: Depressing.

@ Voland's right hand

Despite my loathing of politicians I do think that there are some who are not batshit insane. My fear is that we eventually end up having a political milieu like that in the US where the insanity is quite evident.

This kind of thing (topic) tends to engender, or perhaps empower the insanity.

IT Hack

Depressing.

Sometimes I wonder if part of the political process should include screening for psychopathy.

Newspaper kills 'what was fake' column as pointless in internet age

IT Hack

If its on the internet...

yeah...that

Not just a smart arse saying but very much a needed default setting. And even then I was duped several times this year with click bait.

Frankly the behaviour is no better than spammers. Who frankly have the morals of someone with no morals.

Electrician cuts wrong wire and downs 25,000 square foot data centre

IT Hack

@ unwarranted triumphalism

I bet JF is glad all these armchair statisticians / electrical supply / datacentre experts are here to give him the benefit of their wisdom after the fact and tell him what he did wrong.

I thought my post was quite clearly aimed at management, not the poster.

I am a manager. That his manager was not capable of dealing with this issue is not the fault of JF. If I were JF's manager I would be mortified to have taken the attitude of his manager.

IT Hack

Change Control

It's not just for programmers.

This is just a massive catalog of errors and really there should be some rolling of heads. Mainly management. As usual. I am speaking as a manager.

It has already been mentioned in the comments that there were a number of issues not dealt with, which are the responsibility of management. IT management that. One of the golden rules of IT is that any activity in the machine room must absolutely be regulated. To that end I removed our company President off the mag lock door ACL. The guy has no reason to be there. If he does then he'll be escorted.

Any power works within a DC is not minor. I have to ask where the work orders were from the sparkies. Had they been dry runned? Amazing what you remember when you go through each step.

No roll back scheme either?

I am pretty speechless but not at all surprised that this happened. Too many utterly incompetent people in IT these days.

IT salary not enough? Want to make £10,000 a DAY?

IT Hack

Checks

How many companies vet these 'cyber'* security professionals?

* Cyber - swear to fuck this use needs to end.

Page:

Biting the hand that feeds IT © 1998–2019