Re: Need details
http://www.bigbrotherwatch.org.uk/home/2013/05/everything-everywhere-ipsosmori-and-the-mystery-of-27m-peoples-data.html
Posts by Vimes
1319 publicly visible posts • joined 3 Dec 2012
Brits' phone tracking, web history touted to cops: The TRUTH
China: Online predator or hapless host?
Monday 13th May 2013 08:38 GMT
It’s difficult to feel much sympathy with Beijing given the apparent volume and persistence of state-sanctioned attacks originating from within the Great Firewall. But it’s also worth remembering that activity of this kind is certainly being carried out to a lesser or greater extent by all major global powers.
*cough*NSA*cough*Utah*cough*
Life's a lot easier isn't it when you don't have to hack the PCs and the telcos just roll over and play nice?
Løvefïlm signs hit beards’n’berserkers series Vikings
Serious WPAD flaw in IE?
Sunday 21st April 2013 22:12 GMT
Serious WPAD flaw in IE?
https://nodpi.org/forum/index.php/topic,5549.msg50007.html#msg50007
Before fetching its first page, a web browser implementing this method sends the local DHCP server a DHCPINFORM query, and uses the URL from the WPAD option in the server's reply. If the DHCP server does not provide the desired information, DNS is used. If, for example, the network name of the user's computer is pc.department.branch.example.com, the browser will try the following URLs in turn until it finds a proxy configuration file within the domain of the client:
http://wpad.department.branch.example.com/wpad.dat
http://wpad.branch.example.com/wpad.dat
http://wpad.example.com/wpad.dat
http://wpad.com/wpad.dat (in incorrect implementations, see note in Security below)
(Note: These are examples and may not be live URLs.)
Meaning the person controlling wpad.co.uk or wpad.com has the potential to return malicious proxy configuration to almost anyone who isn't on a corporate network.
That is soooo bad. So so bad.
Microsoft plasters IE8 hole abused in nuke lab PC meltdown
US Department of Defense fingers China as top cyber threat
Tuesday 7th May 2013 22:32 GMT
Re: Hmmm...
The majority of attempts on my site seems to be originating from US IP addresses at the moment, with Russia/eastern Europe being a close second.
As for the rest:
http://forums.theregister.co.uk/forum/1/2013/04/21/Vimes_Serious_WPAD_flaw_in_IE/
Perhaps a more productive course of action would be for the DoD to focus their attention a little closer to home? If they tried to do something about US companies releasing software with these sorts of mistakes then maybe at least the Chinese would find things a little more challenging?
Avoid using IE for your browser if you're in the UK.
The mention of Verizon is also interesting given that they have been caught handing over to the NSA. The US government don't have to hack people when they have the active cooperation of the telecoms companies.
US Navy builds master control for military drone ops
Tuesday 7th May 2013 18:59 GMT
Re: OMG Soldiers controlling submarines, Marines controlling USAF assets.
Even worse - from the PoV of those working within the armed forces - a unified control system implies a unified help system.
Cue the picture of that damned Clippy assistant popping up with 'You appear to be trying to bomb Iran. Would you like some help?'
Hotel marketplace Airbnb: Show us your privates if you want to book a bed
I would really like to know how the porn-filtering is supposed to work. Anyone?
Wednesday 1st May 2013 08:27 GMT
Re: @ Vimes - I would really like to know how the porn-filtering is supposed to work. Anyone?
I never said the system would be effective. In any case the concept of 'naughtiness' is relative as you have noted yourself.
Personally I suspect this move is partly down to the links that industry has with government. It's easier for the phone companies to pay lip service to child safety than it would be to start asking questions as to why children are being given smartphones to start with. Asking those sorts of questions would end up costing them money if parents ever realised that their kids having them is a bad idea and that limiting them to dumb phones is a safer option (and opt for cheaper price plans as a result).
As for wifi why are they being allowed access to devices that in turn give them the option of unsupervised internet access? Stop that and you get rid of the perceived need for filtering. But then that would cost companies selling the gadgets money again.
And we absolutely can't have that now can we?
Saturday 27th April 2013 20:35 GMT
Re: I would really like to know how the porn-filtering is supposed to work. Anyone?
I suspect a blacklist, not whitelist, will be used as a basis of this in order to try and at least minimise the possibility of over-filtering.
The real problem however will lie in how the blacklist is established. Political blogs have been known to find their way onto such lists for example with little or no reason. My own experience also tends to suggest that even once the list has been established that problems can arise once it has been put into use. Like all UK customers my mobile phone connection started out by being filtered. I got them to take the filtering off eventually (just getting that far proved to be a challenge) but then seemed to get switched back on without me asking for it. Even if they manage the impossible by designing a perfect system there will still be problems with how it's used. Depend upon it.
If you want to know exactly how it will be implemented I suggest you look up Bluecoat as a good example. Despite some rather questionable practices there are a number of organisations in the UK that use their services (Hampshire police being one of them). They already seem to be used by at least one wifi provider if the forum thread linked to below is anything to go by, and have already been used by at least two national telecom companies in the UK too.
https://nodpi.org/forum/index.php/topic,4603.0.html
Feds want to fine companies that refuse wiretap requests
Tuesday 30th April 2013 21:09 GMT
Re: Dangerous thinking ..
Don't rely on your own national laws to protect you.
http://www.computerworld.com.au/article/413379/australian-based_data_subject_patriot_act_lawyer/
From the article:
Data located in Australia but owned or operated by a US company could be accessed under a Patriot Act request, even if this violates National Privacy Principles, a legal expert has warned.
Connie Carnabuci, a partner of the law firm Freshfields Bruckhaus Deringer, said that under the Act which was passed in 2001, US authorities have the ability to pass orders for the disclosure of non-US data that is stored outside the country. “The basis for that disclosure is that you have to establish a sufficient connection with the US,” she said.
“One is that you have a US company with foreign subsidiaries outside the US, such as a service provider setting up in the Asia Pacific. The second might be that you have a non-US company that sets up a US subsidiary.”
BT and O2 ink deal to build mega 4G network
Brits on benefits: 'Dole office site only works on PCs over 10 YEARS OLD'
Hunt on NHS data sharing: Obviously we HAVE TO let people opt out
Friday 26th April 2013 14:04 GMT
@breakfast
Personally I would disagree where civil servants are concerned. Using Phorm as an example: it was home office / BERR civil servants that deliberately failed to take minutes of meetings that involved Phorm. It was home office civil servants that tried to give out 'comforting' advice about Phorm, and it was in all likelihood not a SPAD that admitted Phorm to UKCCIS. Then of course you have the likes of the CPS that try to pretend that Phorm doesn't need to be dealt with.
'Non partisan' is not necessarily the same thing as 'No agenda'. They no doubt have their own opinions as to what should happen, and it's possible that this 'experience' that you mention leads in some cases to an unhealthy arrogance when it comes to who they think is right.
I also came across this:
http://www.guardian.co.uk/public-leaders-network/2013/apr/25/gus-odonnell-ucl-lecture-political
He clearly has some very strong views, many of which would have found their way into the advice given to ministers.
Friday 26th April 2013 10:51 GMT
How about getting people to opt in rather than out?
If the only people you're including are those that have previously chosen to take part then the worst that can happen is that they're removed from a list in error and information is not shared and takes a little longer to retrieve. The other way around could lead to information being shared without the consent of those involved.
UK gov's troll-finder general says he's hanging up his axe
Wednesday 24th April 2013 19:40 GMT
Re: @A/C 15:46
It's easy to not find anything when you don't want to do so. The CPS used the same police officer in the second investigation as the one that ran the first one, despite his conclusions being the subject of the second investigation. It's even easier when that police officer has been wined and dined by Phorm prior to him dismissing any concerns without ever formally interviewing them.
Trying to ignore something hoping it will go away. Being part of the same civil service trying to give out information that they want to be 'comforting' to Phorm. Using somebody who you know will give answers that you want to hear.
Are you honestly going to suggest that there wasn't something amiss here?
As for the phone hacking:
http://www.huffingtonpost.co.uk/2012/05/01/john-yates-and-and-keir-s_n_1467432.html
Wednesday 24th April 2013 16:45 GMT
@A/C 15:46
There's nothing subjective about doing nothing to punish those involved in the illegal interception of communications - interceptions that involved tens if not hundreds of thousands of BT customers affected by the trials.
As for the rest there are other instances - phone hacking and Simon Harwood both come to mind.
Would you really like me to find more examples?
Privacy crusaders: ISPs in 'conspiracy of silence' over Snoop Charter
Tuesday 23rd April 2013 14:15 GMT
Re: Here we go again
@RocketBook - Home secretaries come and go, but it's always the same civil servants in the background. Those same civil servants have got good at destroying what little moral backbone still exists in anybody by the time they reach that level of government. Tales of possible doom and destruction - you name it...
Verizon: 96 PER CENT of state-backed cyber-spying traced to China
Blogger, activist pals answer Anons' CISPA website blackout call
Monday 22nd April 2013 13:14 GMT
What's bad about this is that it has the potential to affect people well outside the borders of the US.
Take the mobile phone companies in the UK. I know I'm repeating myself here, but at one point both 3UK and Vodafone were using the services provided by Bluecoat. This entailed them sending all URLs being visited by their customers to Bluecoat, whereupon Bluecoat would then attempt to access the same page. Apparently this was all part of the filtering product they offer - the one downside to that being that it just didn't work the moment you started visiting pages protected by SSL (and the less said about redirecting known Bluecoat IP addresses or deny them access entirely with a few simple lines added to the .htaccess file the better).
In any case a US company both based in the US and subject to US law would at that point have a complete browsing history where non-SSL protected traffic of UK based users is concerned and would be able to hand over personal information even more easily and with fewer checks than before.
Oh, and in case other readers here have forgotten there are a number of UK.gov websites - including the ICO - that use Google Analytics from Google's own servers.
Japanese Feds urge ISPs to support Tor ban plan
Game designer spills beans on chubby-fancying chap with his stolen Mac
Friday 19th April 2013 10:21 GMT
If stuff was bought with the stolen credit card then presumably they have his address within the block of flats when he provided a delivery address.
Personally there is one other thing I would consider doing: try to get a hold of this address and then sign him up for as many samples as possible. Drown the bastard in unwanted mail and as much embarassing crap as possible being delivered to his door and in plain view of his neighbours.
Microsoft CFO quits as quarterly results fail to sparkle
Friday 19th April 2013 08:25 GMT
Re: Time to go Steve @Jordan Davenport
...that everything about it was by design...
It's the same with office too. They've changed the way protection works in Excel 2013 and other office applications so that it deliberately works more slowly. Apparently this is done to make brute force attacks more time consuming to perform, but it's irritating nevertheless. Working with a large workbook used to take ~1 minute. Now it takes nearer 10.
Yet again we have Microsoft telling us what we want without bothering to ask why we're using these features. In my case it's more to do with stopping users doing boneheaded things rather than protect information as such, but rather than listen to what users are telling them - there are plenty of complaints online if you go looking for them - they prefer to parrot the line about this being done 'by design' and there being no fix for it. They keep on repeating that this change has been made to comply with ISO standards, but this seems to ignore that those same ISO standards are based on Microsoft's own work.
In short Microsoft seem to be telling the users 'this is what we're going to do whether you like it or not - screw you'.
(and it would be nice to have editing features wouldn't it? personally I'm not sure why they would want to restrict this to members that have badges since a post with errors in affects them as much as anybody else)
Thursday 18th April 2013 23:07 GMT
Re: Time to go Steve
They also seem to have got stuck in telling us what we want rather than simply listen to what we're telling them. Complaints about Metro aren't exactly difficult to find after all and it's a pity they don't pay more attention to them beyond offering the option to boot direct to the desktop in 8.1 (perhaps they'll end up having to release an '8.1.1 for workgroups desktop users' so that TIFKAM can be removed entirely?).
Some executive somewhere at Microsoft is probably so emotionally invested in the whole Metro - TIFKAM? - thing that they seem to be completely incapable of seeing how much people would rather get rid of it. I guess working at a large corporation really *is* like living in a Dilbert strip...
T-Mobile UK ordered into humiliating Full Monty strip
Badges for Commentards
Wednesday 17th April 2013 12:13 GMT
Just out of curiosity why only count the posts under the current user name? When showing the total number of up and down votes the page seems to show the total for posts that include messages that I posted as A/C. I don't understand why then the badges can't be displayed for the user rather than current name being used provided they aren't posting as A/C at the time?
TalkTalk ads banned by watchdog over 'misleading' YouView offer
NZ plans interception law refresh
Tuesday 16th April 2013 23:25 GMT
And this is the sort of situation we'll end up with in the UK if the snooper's charter ever makes it onto the books here: intelligence services unable to understand what they can and can't demand because the only bureaucratic hoops that they will have to jump through to get what they're after will consist of ticking a few boxes on a form. They'll end up with a sense of entitlement that will put the GCSB to shame. It already seems to be happening too - even before the legislation has been put into place. I know I've posted this elsewhere but I think it should be repeated:
http://www.telegraph.co.uk/news/politics/council-spending/9991351/Town-halls-join-rush-to-use-the-snoopers-charter.html
The so-called snooper's charter isn't even in force yet and councils are already planning on how they want to abuse it.
And isn't it interesting how 'national security' always gets lumped together with the real reason for this sort of thing? In this case 'economic well being', although how NZ's 'economic wellbeing' is determined by the amount of money being made in the US by members of the RIAA and MPAA is a bit of a puzzle to me. I suppose in this case they couldn't shriek 'It's for the children' instead but they could of at least done more to explain why it's actually needed rather than simply rely on the old catch-all of national security.
Petition: Ban the fraudulent use of the term 'unlimited' by mobile networks and ISPs
Samsung hiring students to post negative HTC one comments online?
Firefox 'death sentence' threat to TeliaSonera over gov spy claims
Ban drones taking snaps of homes, rages Google boss... That's HIS job, right?
Town halls join rush to use the snoopers’ charter
Saturday 13th April 2013 22:44 GMT
Town halls join rush to use the snoopers’ charter
It's not even on the books yet, and councils are already wanting to abuse the systems that would be introduced by this.
Council staff, health and safety inspectors and even Royal Mail want to harness the Government’s proposed “Snoopers’ Charter” to monitor private emails, telephone records and internet use.
http://www.telegraph.co.uk/news/politics/council-spending/9991351/Town-halls-join-rush-to-use-the-snoopers-charter.html
Biting the hand that feeds IT
