* Posts by TheVogon

3511 publicly visible posts • joined 17 Jan 2013

Everything you need to know about the Petya, er, NotPetya nasty trashing PCs worldwide

TheVogon

Re: Decrypting?

"The scum use AES-128 to encrypt the files and then a 2048-bit key to encrypt the 128 key."

So symmetric and asymmetric encryption respectively...

"As I understand it, the shorter keys are susceptible to brute force crunching these days"

Not really. Unless you have billions of years to spare... Symmetric and asymmetric key lengths are also not equivalent.

"And is it possible/likely that they use the same 2048 bit key for every case?"

If it is used to encrypt a unique AES key which is then stored locally, then yes they could use the same public key to encrypt that on every system.. The private key would remain on the decryption server with the attacker and your encrypted AES key could be decrypted remotely once the ransom had been paid.

"can the HDD be mounted as a secondary drive on something else and have the MBR re-written?"

Potentially, yes. However it presumably encrypts something to stop that being a viable recovery. Otherwise what are the keys for?

TheVogon

"Each person should have their own local account, which may have local elevated permissions locally"

Nope. Elevated permissions should be a separate admin account. Without a roaming profile / email and anything else that might encourage you to login with it rather than use Run As...

We'll drag Microsoft in front of Supremes over Irish email spat – DoJ

TheVogon

Re: They dont want to use the MLAT.

" T-Systems own and runs the data centre and controls the access"

Local resources would presumably be subject to local law anyway, so that they could be Microsoft employees shouldn't really make any difference locally. Sounds like a PR exercise in that regard.

Microsoft also already offer "bring your own keys" solutions based on Thales HSMs specifically designed to protect against cross jurisdiction access.

"Since Microsoft doesn't control the access to the data, they are unable to comply to demands to give the data to US LEOs."

That's probably more the design goal - make Microsoft immune from US fines if they loose their court case

TheVogon

Re: They dont want to use the MLAT.

"This further implies that whatever it is that the DoJ wants is likely to be illegal under Irish and/or EU law"

No, not at all. The could easily get the information via a Irish court order.

What it would do is set a precedent that US law doesn't apply to the whole planet, which has been the general US government approach up until now.

Men charged with theft of free newspapers

TheVogon

Re: This is England. We use common sense here.

"By copying a song/tune, leaving the original intact."

NO. That's copyright infringement, which is not theft under law or otherwise. Common misconception though thanks to recording / movie industry propaganda.

Here, let me help you understand the difference:

https://www.youtube.com/watch?v=xFNKw2nYG9A

TheVogon

"A/C to protect my own ass."

Were there photos of you and your donkey in the paper then?!

TheVogon

It's advertised as free at the point of consumption. I think they might have trouble getting a theft charge to stick...

Heaps of Windows 10 internal builds, private source code leak online

TheVogon

Re: Open Source Good

"As many eyes on the source code improves Linux, right?"

This is what we were always told. However Linux doesn't have a lower bug count than other OSs and major holes have been found that were a) apparently obvious, and b had been there for years.

The problem I have with it is that there will always be bugs somewhere, and a well funded attacker will presumably find it easier to find and exploit them with the source code than without it.

Of course it's also common knowledge that security by obscurity isn't really security. And that holes can be found by fuzzing, reverse engineering, etc. But imo that does make it a bit harder for the attacker.

TheVogon

Re: Am I the only one...

"Works great for me"

Me too. And if you care about the telemetry and / or want it to look like Windows 7 - which seem to be the main complaints, it's just 2 free apps to install to fix that. Personally I don't care what info they collect just so long it isn't used to target adverts in the browser, or is sold to others for any sort of marketing / sales activity. Which Microsoft do not do.

If you haven't yet upgraded to Windows 10, it must be because you are blind and missed all the popups - and therefore you still qualify for a free upgrade! https://www.microsoft.com/en-us/accessibility/windows10upgrade

Australian govt promises to push Five Eyes nations to break encryption

TheVogon
Trollface

Re: Fight terrrism

And a happy Ramavan to you too...

Amazon adds Hyper-V file support to its storage gateway

TheVogon

I can't see that many people would want to complicate their Azure environments by adding anther cloud vendor into the mix just for storage. A very niche requirement I think...

Costa Rica complains of US govt harassment over Pirate Bay domain

TheVogon

Re: Er ...

"is that creating a dangerous precedent"

Of course. That would mean acknowledging that US law doesn't apply outside of the US. Not going to happen any time soon. So countries just ignore US attempts to pretend it does.

Probably the ones that did get removed were in breach of registry regulations. Quite often there is a cover-all clause about potentially illegal content...

TheVogon

Re: As usual.

"Why not also pressure ISPs into filtering torrent traffic"

Because torrent traffic can be encrypted and can use any port. So it can't realistically be filtered...

Sorry Google, it's boring old workloads that are pumping up AWS and Azure, not sexy AI

TheVogon

>>If CIOs were in love with MSFT, they would be the market leader...

Apparently CIOs do love Azure, but AWS had a head start:

http://www.techrepublic.com/article/cios-favor-microsoft-azure-over-aws-according-to-new-survey/

Microsoft's new Surface laptop defeats teardown – with glue

TheVogon

Re: Recycling also difficult

"as it is clearly non-compliant to Eu electronic waste disposal directive."

Repairing != breaking into recyclable pieces.

EU regulators gearing up to slap Google with €1bn fine – reports

TheVogon

Re: Chump change to Google.

It's about time Slurp got a spanking. 1 billion seems on the low side though. They should make that per month that they don't change their ways...

TheVogon

Re: Before

"Many Brits probably believe you have to know some foreign language to use the EU market"

God, no. We all know English is the language of business and diplomacy everywhere and hence we brits don't have to bother learning any foreign gibberish. If they don't understand we just need to say it louder and slower...

Microsoft HoloLens apps to be piloted with 'Hogwarts for the MoD' chapesses, chaps

TheVogon

Re: Education specialist Pearson

The price will drop. Microsoft are rumored to be launching a wireless AR / VR headset for the Xbox One X next year...

Researcher says fixes to Windows Defender's engine incomplete

TheVogon

Re: MS & security in the same breath?

"See the NIST vulnerability database"

Yes, that where I would go too, and that site backs up my comments above, so I assume you are agreeing with me. Not sure why you posted a link to number of products per vendor though?

TheVogon

Re: MS & security in the same breath?

MS still manage fewer vulnerabilities than any enterprise alternatives though be it Suse, Solaris, Red hat, OS-X, etc etc.. And the most secure enterprise database + OS every year for the last decade has been Windows + SQL server.

Don't touch that mail! London uni fears '0-day' used to cram network with ransomware

TheVogon

Re: windows permissions model is much more flexible than UNIX

" grsec/gradm, no? apparmor/selinux, still no trace of recognizing anything?"

Still nothing close to what Windwos can do with features like Discretionary Access Control

TheVogon

Re: Fundamental problem in vulnerable OS protected by AV

Yes, it's a download link to a zip file that contains an executable Java Script file.

Labour says it will vote against DUP's proposed TV Licence reforms

TheVogon

Re: Amazon and Netflix?

" Their coverage of important Welsh events is unrivalled. "

When is one man and his dog back on?

TheVogon

"They lost their court case today in the European Court."

I doubt they care much. They have been legally based outside the EU for years now.

TheVogon

Re: People who do not pay up commit a criminal offence

"remember, citizens, THEFT is A CRIME"

And also remember that copyright infringement and license fee evasion are not theft.

TheVogon

Re: I Think We Need The BBC

"The NHS is not terrible, just chronically underfunded for years"

The conservatives increased spending in real terms though over the last government. The real problem is too many people being let into the country for the NHS to cope with.

"can't be long now before the government inevitably announces that privatisation will be stepped up "

Seems unlikely as Labour lost. It was Labour that privatised great chunks of the NHS via PFI contracts...

TheVogon

Re: Speaking from NZ

" Is your preferred search engine broke?"

I think Yahoo are closest to broke. Or did you mean broken?

Nokia snatches clump of 16nm FinFETs, crafts 576 Tbps monster router

TheVogon

BT are apparently using these already.

Intel to Qualcomm and Microsoft: Nice x86 emulation you've got there, shame if it got sued into oblivion

TheVogon

"This sounds a lot like Microsoft's attempts to spread FUD about how many patents protected FAT."

Microsoft won nearly every patent case regarding that I believe. Just like everyone now has to pay them to use exFAT.

HPE ignored SAN failure warnings at Australian Taxation Office, had no recovery plan

TheVogon

Re: I'm calling BS

"We had two 3pars and peer persistence, in different rooms. Both hung at the same time"

So what did HP say?

"hundreds of vms went read-only"

Ah, so it didn't hang then. Sounds like someone ran out of disk space on a thin provisioned system. That's a well known problem with 3PAR - the fix is to insert someone competent between the chair and keyboard...

TheVogon

Re: I'm calling BS

"I am sure 3 PAR is great"

It's not quite VMAX, but then neither is the bill...

Hand in your notice – by 2022 there'll be 350,000 cybersecurity vacancies

TheVogon
Trollface

Re: There is no skills gap.

"Are these recruiters the reason why there are so few women in IT?"

No, that's the fault of bean-to-cup coffee machines

BA IT systems failure: Uninterruptible Power Supply was interrupted

TheVogon

Re: Complete and utter rubbish... and Unforgivable.

"For larger sites, Flywheel UPSes are the same (incoming mains drives the flywheel motor-generator), but allowable dropout time is usually in the region of 15-20 seconds."

Dated technology these days. Gas fuel cells is usually the way to go: http://www.datacenterknowledge.com/archives/2012/09/17/microsoft-were-eliminating-backup-generators/

TheVogon

Re: If it got interrupted...

Maybe Emergency Power Off resembles the Indian for Light Switch?

TheVogon

Re: If it got interrupted...

"playing with buttons they should not have had access to."

EPO buttons are easily accessible. That's the whole point of them as emergency safety feature. Usually near the door in each DC hall...

TheVogon

Re: If it got interrupted...

"One lunchtime a visiting engineer carrying a few boxes of spare parts accidentally pressed it trying to open the door..."

They usually have a plastic cover. And a large label....

Does Microsoft have what it takes to topple Google Docs?

TheVogon

Re: Google Docs great until you need to communicate with other businesses

"Not to mention is is a huge productivity waste to work on a project and end up with 20 different versions of the doc"

You obviously are not aware that you can have multiple people edit a document at the same time in Office with full versioning control? It's been like that for ages. Both Office web and local install versions.

How do you do, fellow kids? Grandpa Puppet gets down with Docker

TheVogon

""Puppet claims that it's being used by 75 per cent of the Fortune 500 companies""

Used = someone somewhere in the org downloaded something ever from their website.

Microsoft's cunning plan to make Bing the leading search engine: Bribery

TheVogon

Works for me in the UK.

Whoops! Microsoft accidentally lets out a mobile-'bricking' OS update

TheVogon

Re: What's that???

"You didn't back up your device before applying a major update?"

Windows phone automatically backs up apps, config and settings. Most people use OneDrive to backup everything else.

And most people use the default settings to automatically install updates when the phone knows it isn't being used. Usually overnight...

Retirement age must move as life expectancy grows, says WEF

TheVogon

Re: So... we should do the opposite...

This is why Labour's triple lock policy on pensions is unsustainable.

Gay Dutch vultures become dads

TheVogon

Re: Great story

That's sure a big pecker in the photo....

Google to give 6 months' warning for 2018 Chrome adblockalypse – report

TheVogon

Re: Would you allow your website to serve ads that you would be held responsible for ?

"All kinds of print media used to contain ads which were indeed "served" in the same printed pages the content was. Didn't seem to be a particular problem."

But you didn't have to peel several layers of adverts off before you could read the contents every time you opened print media....

Trident nuke subs are hackable, thunders Wikipedia-based report

TheVogon

Re: Boom

"once it gets clear of the atmosphere it can see lots and lots and lots of stars."

The sun as viewed from near Earth has an apparent magnitude of -26.7. The brightest star, Sirius, is a -1.5. Since the magnitude scale is 2.512 inverse log, that means that the sun is ~ 1.2x10^10 times brighter than the next brightest star. So as I said, it might be more bit tricky in the daytime...

TheVogon

Re: MAD

"What's the point to have nuclear deterrence when missiles and vital pieces like re-entry vehicles are provided by another country?"

Because nuclear fission tends to blur the Made in the USA label a fair bit so they won't notice?

TheVogon

" Holy crap. Our subs were running on Windows? Probably XP at that. Now I'm scared!"

They did consider Linux, but decided it was too insecure in comparison at the time.

TheVogon

Re: Bog Standard Option in US Submarines, too

"they most likely use Windows 10."

Good idea. Then they can use Bing if they loose the launch codes...

TheVogon

Re: Boom

"Once the missile reaches an appropriate altitude it takes sightings of several stars "

What happens if you launch in the daytime? Might be a bit difficult to aim accurately if all you can see is one really big star?

Intel gives the world a Core i9 desktop CPU to play with

TheVogon

Re: But I don't want more cores!

"Haven't benchmarked Scorpio yet but a 6 core XB1 build "

Microsoft have described Scorpio as a "full custom CPU design", so I would assume it's likely a fair bit faster than the 31% clock speed uplift might indicate....Sony meanwhile went with non-customised Jaguars on the PS4 Pro.