DevOps Certified ....
1614 posts • joined 7 May 2012
I read/watched/heard recently about a particular data breach. The vendor had in between the time the breach occurred and the time they discovered it changed something about how they stored the passwords, so they judged it unnecessary to inform anyone who had a new structured password. On one level it makes perfect sense as "someone has just stolen your old password you don't use anymore" doesn't sound like a big issue. Of course it means that anyone using the same password for their e-mail or other services is waiting to be pwned. I would name names if I could remember. So in short, yes, self appraisal of the seriousness of a breach (particularly from companies who don't deal in security day in and day out) is rather problematic.
well called Richard
As you predicted, a safety mechanism caused by grid issues caused these generators to perform an emergency safety shutdown. Did exactly what it should have.
Why the grid operators and generators hadn't specifically consulted each other on what those thresholds should be is very much a live question. The fact it took them so long to acknowledge the cause is also regrettable as it allows the opportunist pollies to come out. I wouldn't hold my breath for an apology from them however.
Re: users don't control where data resides?
> Why don't they buy an island, make their own country, and move their HQs there?
Yes, you can host with Oracle if you like.
Re: Turn that one on its head
> If this, or other, research comes to fruition, doesn't that make the limitations asserted in the article irrelevant?
I wouldn't worry too much about our research coming to fruition. "Efficiency dividends" will ensure these sorts of projects get shelved.
Re: Hash functions
> it is the ease (or otherwise) of engineering such a collision so that you can fake a digital signature for nefarious purposes.
Let's be honest here. Nefarious actors can just tell Wosign that they own github. No collisions necessary.
Re: Hash functions
> mapping data of size > n into a space = n creates collisions.
Formally known as the Pigeonhole Principle.
Re: We should not forget
> Theres always that eCat thing... The one that lives in a shipping container full of AA batteries that nobody is allowed to open when they "test" it.
I'm sure that uses fusion.
Not quite. It's a bit hard to explain, but in essence you have what looks like a miniature wind turbine, except attached to each blade is an array of cats, arranged in such a way that some of them always have their feet up in the air. The feline self righting principle then takes over causing the turbine to spin at very high velocity. Most of the box is simply sound proofing (very high rpm) and the inverters to produce AC and various step up transformers (largely off the shelf stuff).
> Crime, but where's the punishment?
Oh it's there, you must have missed the bit where the staff were warned. That'll teach them...
> Internal oversight failed, with highly sensitive databases treated like Facebook to check on birthdays, and very worryingly on family members for ‘personal reasons’.
So who's in jail?
The biggest problem with these sort of databases is the complete disregard for oversight. When was the last time you heard a TLA ask their ministers'responsible for additional penalties against their own who are caught doing the wrong thing? No, the solution is always apparently additional powers, secret orders, unwarranted surveillance, indefinite detention without charges etc. Here's an idea. How about they start behaving above reproach with the powers they have today before asking for more?
Re: Password revealed
That's the password on my luggage!
And here I was thinking that casino's were benevolent organisations looking out for the little guy.
Re: So, ....
"Others who purchased a Volkswagen also purchased 'new gear box for ...."
> We'll never know because applicants request restrictions on trade data through a confidential process: the Bureau of Statistics won't ever divulge who requested data be fuzzed, or why.
Unless they accidentally publish it in a senate inquiry submission outlining why various bungles were everyone else's fault and that they can be trusted on privacy.
I guess we can all be thankful that the current mob will accidentally vote against it.
solving the wrong problem
OK George, you clever boy. You solved the problem so that law abiding citizens can't de-anonymise the data. Job well done.
Can you now solve the other part? I mean the bit about preventing non law abiding citizens and foreigners who are not subject to our laws from doing the same. Then we can draw a line under it and move on...
> Australians who don't what the nation spends on defence also don't mind the country's data retention regime.
Guessing that quote isn't from their School of Literature, Languages and Linguistics....
Re: Security bug?
Don't even make jokes about such matters. Someone should report him.
Re: Nuff said
Oh it's worse than you think. You can flash the whole machine, permitting a malicious actor (whom I will assert to be a nation state because that seems to be the thing™) to change settings so it always makes American coffee.
One issue/feature/fact of life about DH is that whilst on paper it takes however many gazzillion years to reverse, if they are created using the same base seed then the first four phases of the algorithm can be precomputed leaving just a minute or two of actual computations needed on the specific key used.
Now consider some of those bullet points. A small handful of precomputed keys gets you practical computational access to most of the VPNs in use. Don't get me wrong, precomputing the seed is not cheap, but we live in a time where large CDNs can be overwhelmed by IoT video devices, so the "it would cost too much" argument only holds water if Mallory is paying the bill.
Wait! Who broke brake? I said no breaking changes, not no braking changes! Ah hang on. I think I can see the confusion.
Re: unlocked ? WTF?
They should have expected someone to commented on that.
Yeah, iOS already does that. Hence the San Bernardino incident. Otherwise they would have just brute forced it.
Re: Label you, label me, label us all together
> quite a few people , when learning to drive, have to have their hands labelled "L" and "R"
I know some who need "R" and "the other R"...
Re: "Dropbox" ".. halfway through moving from the ageing SHA1 technology.."
It's actual difficult to change password algorithms when your user base is casual and you are using a hash because you have no way of determining the hashed password other than brute force, dictionary or rainbow attack, you have to passively wait for the user to authenticate again and force them through the change password roundabout.
When their cloudy visual studio login stuff went down a few months back they were incredibly open about the timelines, what went wrong, what lessons they had learnt etc. Sad if they are reverting to form.
Re: Naughty El Reg
Maybe Barbra Streisand can email Satya for you?
Re: That table actually tells us why Turnbull is right
Let me counter your analysis with a simple question.
Do you think that 2 wind farms that are 100Km apart would switch off within 0.05 of a second of each other because they independently judged the wind speed too strong?
Or is it just possible that they both went into a controlled shutdown after some safety system noticed something very bad about the grid they were feeding as indicated in the article?
Re: Get real
SAMSUNG BATTERIES GO KABOOM. Milton cries atrocious.
Re: why paper at all?
No thank you. That would only serve to reduce the transparency of the process. I have no major quarms about a self service kiosk system that lets people fill out their intention and prints out the form to be placed in the box (real toner on real paper that is, not a receipt printer that fades a week later) but there are a number of practical challenges for handling faulty hardware, and ensuring booth attendants can't ballot-stuff.
> For most of the other States, it seems it would take a lot of errors to change the outcome
I know it's a quote, but it seems that someone has forgotten many many many years ago in 2013, the WA senate election had to be rerun because a small number of ballots went missing whilst being transported for counting and it was realistically possible for preference flows to go one of two ways which changed the number of labor, liberal, pup and green senators depending on that variation.
is there a Pixel 5c?
You know, the one with a 5% slower CPU, a bit less glass and aluminium and a bit more plastic, a camera with a smidgen less terapixels but with a pricetag that more resembles the Nexus 5?
Re: An even better form of authentication:
I've heard about these mythical "house keys" that allegedly work even if they're flat.
Re: Eliminated the obvious
> Now going for the long shots.
ICBM what you did there.
> How do we clean house?
There was this novel approach after the blaster worm hit in 2003.
Re: Lack of regulation, blah, blah
> could vs could not care less for left pondians.
In case anyone missed the tech news of the year:
> has confirmed to El Reg
> the attacker put his hands around the throat of one of the guards
He's holding him wrong!
According to the guardian, 3 of the 4 lines feeding Adelaide from the north were taken down from 22 downed towers at 5 different places.
The coal plant they mothballed because of these wind farms is at Port Augusta. Those who down voted you evidently haven't ever looked at a map or think that coal power is magical and can be delivered to the population centres without these transmission lines.
> Wind makes the grid flakier, as Aussies found out this week. No sooner had the state of South Australia boasted about “going zero carbon” then it suffered black-outs.
No, they found that out a few weeks back when the Victorian interconnect was down for maintenance at an unfortunate time.
The statewide blackout was caused by a bunch of high voltage towers were downed by a rather large storm. You know, the ones between all power plants including the coal, gas and hydro plants and the national grid. Maybe their base load capacity is too low, but that is unrelated to their blackout this week. Renewables FUD is no better than nuclear FUD.
Perhaps he should rather look out on the internet to see if any "ghost writers" have written a "similar" textbook and he could maybe just offer to write the foreword?
Re: gmail is the answer
Doesn't Adobe have a cloud of some sort?
Hello Barbie does what? Oh right, different products.
Re: Is it just me
Meanwhile, one of the cattle class features is how if you drop your PED, the only place it can be is in your neighbour's lap. There's simply not enough room for it to fall in between.
FFS George, our problem with the census and it's ilk isn't just those law abiding citizens. It includes the less savoury types who are already flaunting several laws to get it in the first place. There's also the small matter of the more than 6 billion people out there who are not subject to our laws.
Rather spend your effort instilling a culture of individual's privacy, to only collect the minimum data required to perform the specific functions and to viciously guard against mission creep by unaccountable bodies. Cut bonuses from departments that leak private data and use it to compensate the inevitable victims of those leaks
> noting that while its original agreement with Optus was for “progressive migration of subscribers to the nbn™ network and the eventual decommissioning of the Optus HFC network.”
Why should nbnco care about that? As clearly demonstrated, their HFC network isn't able to deliver the scaling needed. From optus's perspective, they are being paid to shutdown a network they would have mothballed for their own commercial reasons or if they truly believed in the future scalability they would need to invest their own dollars in it. In short, this dumb decision means that taxpayers pay optus for doing what they would have eventually done on their own.
> Referring to the recent DDoS of Brian Krebs, which was powered by an IoT botnet – “cameras, lightbulbs and thermostats” all generating 990Gbps of traffic, “which would take most government websites down”
Not saying much there. You'd only need half a dozen to take down the ABS census site.
Re: The problem is a lack of imagination...
The same sort of thing happened a few years back with I(di)OT smart light bulbs.
Shirley it would have been easier
... to tell them to call a guy to fix it like last week's printer guy and head back to bed?