* Posts by DaLo

656 posts • joined 30 Aug 2012

Page:

Evil third-party screens on smartphones are able to see all that you poke

DaLo

Re: Who else would have a fox’s cunning that brings these attack vectors coupled w/ spare time?

It can't "miss a touch or two". It would be built in to the screen's digitiser. Therefore if it missed a touch then it wouldn't send that data to the CPU in the first place.

It could also "read the screen" so that it knew what information was being displayed and there what app was in use and what apps were installed potentially making it 100% accurate.

1
0

Google’s Android Emulator gains AMD and Hyper-V support

DaLo

"But those features were available on MacOS and Linux only:"

Hmmm, and Windows using a PC with an Intel processor.

0
2

Cisco surges after pricing switches-plus-subscriptions just below old hardware prices

DaLo

"If Cisco had taken what customers were already buying and added subscription licences, customers would have seen straight through it "

Read between the lines ... we had to adjust it to make it more opaque so they wouldn't "see straight through it". This term is usually used when you have an obvious scam.

0
1

Yorkshire cops have begun using on-the-spot fingerprint scanners

DaLo

"I always thought it was bizarre that the government cancelled the ID card system"

It wasn't bizarre, it was a simple fact that they needed to get a significant amount of people to sign up to the voluntary scheme or else it would not work. As soon as the majority are signed up then you can make it difficult for non-IDers to access services. However it was heading for a disaster, colossal amounts of money for a system that in trials very few people were subscribing to and there was a significant public and media backlash.

An national ID scheme needed to either be made compulsory, have started a long time ago when people weren't interested in privacy so much, be linked with a decent incentive or be a slow burner where children get to sign up when they are 16/18 as the de-facto age verification/NI card etc.

56
0

Electronic voting box makers want kit stripped from eBay – and out of hackers' hands

DaLo

Re: @ DaLo

"He was saying that the paper voting method was less susceptible to fraud. The crap state of voter registration in the UK is a different matter."

I gave 1 example of voter registration fraud and 5 of possible voting method fraud. Postal voting and no-ID voting is rife for abuse in the current system.

3
2
DaLo

Re: @ DaLo

"Our voting method in the UK is understood by anyone ... far less doubt that the process has been meddled with"

Seemed to suggest that using a paper based system created less doubt that it had been meddled with - meddled I would assume meant a chance of fraud which also meant less chance of fraud than an electronic system.

So I would imagine that a list of areas where the UK voting system can be meddled with in response to a post saying that the UK voting system had far less doubt that it had been meddled with is hardly "the least [ir?]relevant place" to post a reply.

2
4
DaLo

Ah yes, no voter fraud at all. It is impossible to register your dog to vote or utilise the postal voting system to gather as many votes as you want. It's not like anyone could turn up to vote saying they are someone else.

Luckily no blank voting slips go missing or boxes with completed ballot papers and all the blank postal ballots are delivered safely.

Absolutely agree nothing can beat the good 'ol UK paper voting system for ensuring no fraud takes place.

9
10

OK, Google: Why does Chromecast clobber Wi-Fi connections?

DaLo

Re: Nice evasion router vendors...

Because "TP-Link warned, the burst will fill up the router's memory and leave a reboot the only option to restore connectivity."

Hence a DoS, hence it is vulnerable to a DoS.

4
0
DaLo

Re: Nice evasion router vendors...

Or is it more like the neighbour's kid repeatedly kicking a ball against your front door and when he does your door lock pops open.

The door manufacturer says "well the kid is at fault for kicking the ball against the door several times", you might reply "yeah, he shouldn't have been kicking the ball but right now I'm more concerned about the door's locks popping open"

3
2

Smartphones' security enhancements just make them more dangerous

DaLo

"...is stored as a salted hash in the Secure Enclave of the phone, unreadable and unsynchronised with the cloud..."

But what if, and I know this is pushing bounds of reality, a processor had a flaw that allowed un-privileged access to the secure enclave you mentioned, either by being able to read the encryption keys, the salt or directly from the authentication mechanism.

However there is not much chance that a processor would have a design flaw like that, is there?

22
0

£185k in fines rain down on dodgy PIs and claims firm for illegal data slurp

DaLo

Sooo how were the PIs able to get bank transactions? I guess they could have gone rummaging through bins but if they didn't it would be interesting to know how they obtained them.

5
0

Woo-yay, Meltdown CPU fixes are here. Now, Spectre flaws will haunt tech industry for years

DaLo

Re: Insider trading

What's great about the MotleyFool's write up is that the suspicion was raised at the time of the sale (i.e. not in hindsight based upon what we know now). So the author already suspected that his selling off of 100% of the shares he was allowed to sell off was highly suspicious and indicative that he might know something about the stock price.

It's rare to see an analysis of wrongdoing before the alleged wrongdoing is actually known.

40
0
DaLo

Re: Error?

"No. A high resolution enables you to 'see' more. High resolution=high precision."

Isn't that the point MacroRodent was making? A high precision timer will not mitigate it as JavaScript will have access to high precision/resolution timing. The mitigation would be to only allow it access to low precision timing.

17
0

Damian Green: Not only my workstation – mystery pr0n all over Parliamentary PCs

DaLo

Well the ICO has waded in now so expect a severe word in her ear behind closed doors.

http://www.bbc.co.uk/news/technology-42225214

3
0

Crypto-jackers enlist Google Tag Manager to smuggle alt-coin miners

DaLo

I would suggest that this has happened either because someone at the TV site decided to add the miner to their site to 'test it out' whether with authorisation or not, or the company's Google account was hacked and so the hacked had access to the company's tag manager control panel. You probably won't find out as it would be blamed on a hacker anyway.

If they had access to the website itself then they could just add the code directly or obfuscate with one of the many shortening services available.

0
0
DaLo

Re: Google is complicit

This is for websites so it would be unusual for the chrome or other browser not to have internet (or INTERNET) permissions. Save your aghast for a story about apps.

3
0

Another UAV licence price hike? Commercial drone fliers rage over consultation

DaLo

Re: Logic?

"But I don't have to pay the DVLA to renew my driving licence every year."

But you do pay them £0~£2000 to tax your car.

3
0

OnePlus 5T is like the little sister you always feared was the favourite

DaLo

Re: Fingerprint sensor on the rear

Voice Unlock?

NFC (on car dock) Unlock?

0
0

Jet packs are real – and inventor just broke world speed record in it

DaLo

Re: Flying is the easy bit...

He did take a dive straight into the lake on this outing as well!

6
0

Self-driving bus in crash just 2 hours after entering public service

DaLo

Re: German Efficiency

"Germany has already decreed that robot vehicles must be programmed to kill animals and destroy property before thinking of harming humans"

But a small collision where the other party is to blame (truck reverses into you) and their insurance coughs up in full, including hire car costs etc turns into your car reversing back and hitting a house meaning that your insurance now has to foot the bill, you have to pay the excess, you have to hire a car out of your own pocket and you premiums go up, meanwhile mr truck drives off without a problem.

0
3

Coinhive crypto-jacking increasingly pops up in top 3 million websites

DaLo

Oh come on guys, that's really cheesy!

9
0

VMware open sources VR overlay for vSphere

DaLo

That CA Unicentre demo is pretty impressive for 1997.

Pointless but impressive.

2
0

Humble civil servant: Name public electric car chargers after me

DaLo

Re: Because these electric cars won't be internet enabled

But you would surely have a charger at home? 14 miles to the next hop doesn't seem too bad. Even the worst EVs can do 14 (0r 21) miles without needing their next top up.

As many workplaces are also starting to install chargers, for many people covers most of their commuting needs.

1
0
DaLo

Re: Because these electric cars won't be internet enabled

"Still - this is of limited use here in rural Somerset. I wonder how many chargers will be seen here?"

Already quite a lot: https://www.zap-map.com/live

0
0

WhatsApp? You still don't get EU privacy laws, that's WhatsApp

DaLo

Re: Interesting

"The EU privacy law as it's currently drafted does not permit it."

Yes it does. If you give clear unambiguous consent to users with an opt-in rather than opt-out and clearly detail the processing you will be using then you can do what facebook/whatsapp require.

The problem is, that if they followed the law then most people would not opt-in and so they wouldn't get that data, so they don't. They rely on ignorance not informed consent.

12
0
DaLo

Re: Interesting

"Is it though? It's end to end encrypted so surely they have meta data but not message contents?"

If they own the app they could have access to your messages. End-to-end encryption stops a middle-man or their comms servers, but it doesn't stop a back-channel directly from the app. I'm not suggesting they do use this capability, I very much doubt they do but they could.

12
0

Xperia XZ1: Sony spies with its MotionEye something beginning...

DaLo
0
0

WPA2 security in trouble as KRACK Belgian boffins tease key reinstallation bug

DaLo

Re: So in theory

It's equivalent to being as secure as you would be on a public WiFi network. Anything you wouldn't do on a public WiFi network you wouldn't want to do if you thought your WPA2 network may be compromised.

4
0

Concerns raised about privacy, GDPR as Lords peer over Data Protection Bill

DaLo

Re: What?

Also covers someone using a subject access request to ask for their personal details and you then quickly remove all the notes on file or emails of customer service saying what a 'pain'* this person or what a stupid name they've got before passing it on.

* or replace with an appropriate expletive

1
0

'There has never been a right to absolute privacy' – US Deputy AG slams 'warrant-proof' crypto

DaLo

"Result was the same, except for someone in Europe having sore typing fingers for a day or two."

Actually published it as a book with an OCRable font to save the fingers of the intern (although it was 'accidentally' published to usenet before then anyway)

21
0

Is that a bulge in your pocket or... do you have an iPhone 8+? Apple's batteries look swell

DaLo

Re: Wrong Swelling

Do I win £5?

No, because you didn't use proper formatting to create a link in your comment (e.g.https://static5.arrow.com/.../lt1389_0699_mag_fig.1.jpg), therefore your link did not work.

2
0

BBC Telly Tax petition given new Parliament debate date

DaLo

"To be honest, I'd be quite happy to scrap TV licensing and actually just tax TV purchases. Literally put a 10% import / sales tax on new TV's. Problem solved. "

Most TVs are around the £300 mark. So that's a tax of £30 for a TV that will last say 5 years.

Your Tax will raise £6 per year leaving a shortfall of about £141.

The Licence fee brings in £3.7billion per year.

There are about 27m TVs in the UK. If they last 5 years then the Tax per TV would have to be £685 per set. This could be a tax of 200% on the average TV. Combine that with the fact that people wouldn't then replace their TVs until they were kaput, and they'd also be a massive repair and secondhand market and you could easily see the 5 year renewal become 10 year or more.

You're now looking at a tax of perhaps £1,500 which would exacerbate the problem more and no-one could ever afford a new TV and everyone would just use a PC or buy them form Europe (While still in the free market).

So do you then Tax every PC as well? That'll go down well.

21
0

Microsoft gives all staff a marked-up 'Employee Edition' of Satya Nadella's new book

DaLo

@Updraft102 Re: FN+F5

@Updraft102

You've got the wrong end of the stick. The OP was talking about how the F1,F2,F3... keys can only be used by holding down the function key first as without holding it down it just activates the keyboard provider's own non-standardised shortcut. That is the reverse of a normal mode where you can press the F1,F2,F3... keys with one press and you need to use the Fn button to access the shortcuts.

The OP deduced this by the fact that to 'Hit Refresh' normally just requires hitting the F5 key, but if you have to hit Fn+F5 then it is one of those reversed mode keyboards (and a ridiculous design).

11
0

UK Home Office re-bans cheap call gateways because 'terrorism'

DaLo

"So people who are single and live in the middle of nowhere are on their own then?"

Yes, by definition.

23
2

Tick, tock motherf... erm, we mean, don't panic over GDPR

DaLo

Re: Up to €20m includes the figure zero

There has to be room for willfulness. So Talk Talk were heavily fined but it seemed to be for sheer incompetence.

The £500K fine would be for a company who made a decision to act recklessly or even criminally with data and were found out.

With the new fines I think there will be more emphasis on hurting the company's bottom line and will be relative to the size of the company but will still have a major element of whether it was premeditated or not.

2
0
DaLo

Sure, but until you see where the grey areas are you can't tell whether you are sitting in them or not. Most companies can't afford to be the one who is party to the proceedings that create the case law.

2
0
DaLo

So, does anyone know when the first draft will be published (or is it accessible somewhere now)? BBC were saying it would be published today but it now seems that it was just a proposal that was published today. It had also been stated that it was due in September.

There are important nuances and ambiguities with the current EU GDPR wording that might be a bit clearer in the published Bill so it would be useful to get some idea of the actual wording before too long.

0
0

Missed patch caused Equifax data breach

DaLo

Re: Typical problem of many large organizations

"This release addresses one potential security vulnerability:

Possible Remote Code Execution when performing file upload based on Jakarta Multipart parser"

"Namely, no explicit mention of the CVE fixed in the release, making it relatively easy for a busy admin - with several dozen packages status monitor, to downgrade the update from must do to 'pending'."

Hmm, Remote Code Execution would make any sysadmin's ears prick up. Anything that has a possibility of remote code execution needs to be investigated for risk asap and should get it straight into the "must do" pile.

4
0

UK Data Protection Bill lands: Oh dear, security researchers – where's your exemption?

DaLo

It also seems that Direct Marketing and Data Sharing have no clarity. The Bill states that the ICO must come up with a code of practice for each at some point and then have it approved by parliament, but failure to follow those guidelines does not make the company liable to prosecution.

Almost sounds like - "we're running out of time for this complex part where everyone is lobbying us and threatening to withhold their party contributions, we'll just pass the buck and deal with it later".

2
0
DaLo

Re: [an offense of] altering personal data in a way to prevent it being disclosed.

"I think that's it"

Nope. It is section 163

"It is an offence for a person listed in subsection (4) to alter, deface, block, erase, destroy or conceal information with the intention of preventing disclosure of all or part of the information that the person making the request would have been entitled to receive."

i.e if you get a valid data subject access request you must not change or withhold any of that data before giving it to the data subject.

4
0

Apple’s facial recognition: Well, it is more secure for the, er, sleeping user

DaLo

"...it would actually just be pronounced "Windows Neun" by any German speaker."

Yeah, I can see why that would really annoy Apple.

1
0

UK's new Data Protection Bill will be 'liberal' not 'libertarian', says digi minister

DaLo

I just hope they provide a bit less ambiguity to the 'Legitimate Interests' clause. Some commentators are taking that to mean - as long as I have (our company has) a legitimate interest (our interest) in doing it we don't need consent.

other commentators are saying that this is extremely narrow and only when explicit consent would have been impossible. I suspect the meaning should be the latter and very narrow. However it was also muddied by recital 47 which stated "The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest." which has caused major confusion. Everything seems so clear and quite black and white and then they throw this curve ball.

I can only think this was included as a lobbying measure. There's been a lot of commentary about it but the most informed seem to suggest that direct marketing when the is no explicit consent is not allowed as a rule.

Hopefully the DPB will clear all this up - I doubt it and looking at the IP/Cookie thing could cause even more confusion.

3
0

El Reg is hiring an intern. Apply now before it closes

DaLo

Re: If I were 30yrs younger

But surely if you have sufficient experience and skills, you could just apply for a real job with them?

7
0

'Don't Google Google, Googling Google is wrong', says Google

DaLo

Re: September 13, 2017

True but at least it is unambiguous. It is ridiculous that it still isn't standardised to use yyyymmdd with or without hyphens or colons. The amount of times I've either been struggling to find a log entry only to realise the date format hasn't been localised or I have to scroll down out of the single digit dates to see what format they are using [fragmentation, consider re-writing]

Similar for times when using a cloudy service.[don't use nouns as adjectives] Are they local to the cloud, are they local are they UTC?[Rhetorical, avoid]

23
0

ICO slaps cab app chaps for 10-day spam crap

DaLo

Not the greatest business move?

Why would a cab company give details of its customers to a firm that will then use them to get them to use a service to recommend a cheaper cab company.

Not just a bad move from a privacy point of view but also a bad move in understanding the value of your own customer base.

6
0

Equifax mega-leak: Security wonks smack firm over breach notification plan

DaLo

Re: Go to the organ grinder..

However this shouldn't be allowed after 25th May 2018 as the UK version of GDPR will be in place. You can refuse to have your data shared with Equifax and the company involved cannot withhold a product from you unless they can prove it is required for the purposes of fulfilling a contract.

they may be able to claim justification for the contract bit in gaining your credit profile but them creating extra information beyond that on your profile or the credit reference agency utilising it for marketing or selling it would not be allowed.

8
0

SpaceX X-37B launch

DaLo

SpaceX X-37B launch

Just watching that live launch. Pretty amazing, it looks so routine. Even with a hurricane bearing down in the next couple of days, it just seemed a case of popping it up before things get a bit too windy.

Oh, we'll just land the first stage perfectly back on land again.

Impressive stuff, looks like a lot more government and military contracts might head Elon's way.

0
0

It's official: Users navigate flat UI designs 22 per cent slower

DaLo

"Microsoft MUST have ..."

You've not used Visual Studio have you?

16
0
DaLo

UX testing can be performed on 71 users and give very good correlation.

It depends on the tests, the question/task set etc and the diversity of the pool of users (e.g. you couldn't ask 100 people in a pensioner home to carry out a task and think it applies to the whole population). This is very different from a statistical survey based upon opinion.

UX testing with a pool of just 5 users can provide sufficient result for your own apps to be clear about consensus if you have a clear problem you are trying to address. It may not suffice for a general subjective or opinion based question about your website or app.

Heatmap testing general requires around 40~50 participants.

82
2

Page:

Forums

Biting the hand that feeds IT © 1998–2018