* Posts by mr_souter_Working

69 posts • joined 27 Nov 2013

Page:

Use an 8-char Windows NTLM password? Don't. Every single one can be cracked in under 2.5hrs

mr_souter_Working

Maximum Password length

the sites that bug me (and there are a few banking sites that do this) - are those that have a MAXIMUM password length.

so I can only use a 12 or 14 character password - mine tend to be 20+ characters long when I want something secure, and around 15 for the sites I am not giving any financial information to.

Wanted – have you seen this MAC address: f8:e0:79:af:57:eb? German cops appeal for logs in bomb probe

mr_souter_Working

assume the perp is reasonably smart

step 1 - run an open WiFi hotspot in a popular location

step 2 - harvest all the MAC addresses you can

step 3 - repeat in several locations

step 4 - spoof a random assortment of those MAC addresses when using the net for nefarious purposes

step 5 - wait until they start looking for one of them and move to another

mr_souter_Working

beat me to it

I came here specifically to say the same thing

Error pop-up? Don't worry, let's just get this migration done... BTW it's my day off tomorrow

mr_souter_Working

been there - done that

had all these support calls at one time or another - and this is the tip of the iceberg

app no longer works - license expired

Site no longer works - Certificate expired

Internet not working - didn't pay the bill for 6 months

UK rail lines blocked by unexpected Windows dialog box

mr_souter_Working

Why do companies use full blown PC's for displays?

It's easy - they want an easy to maintain solution - and there are a lot more people that know about Windows than know about RasPi devices

At a previous company, I tried to convince my boss to suggest that we could use cheap Raspberry Pi devices to power screens at the various receptions for the council we supported (these screens only display a list of meeting rooms and what is on in each - with the data being pulled from an Exchange calendar)

His reason for not doing it - if I left, nobody would know how it worked.

So, at each reception for the council, they have a dedicated desktop PC, complete with windows, full office, keyboard and mouse, antivirus, that is a member of the domain, and is logged in as a specific user account, which is used to drive a screen to just show some basic information.

cost of each PC - £600

software licenses are bundled with the enterprise agreement, so are not a major factor.

they run 24/7, and use all that electricity.

I would put total running costs at £200 per year per device, to cover maintenance calls and electricity

inertia, fear, take your pick of the reasons why this happens, and why it will continue to happen.

Upset fat iOS gobbles up so much storage? Too bad, so sad, says judge: Apple lawsuit axed

mr_souter_Working

Re: "Apple refuses to add SD card slots to its iOS devices..."

yes, because forcing the encryption of SD cards in phones (or disabling them entirely) is such a difficult thing to do.......................

DXC: Everything is going to plan, too well in fact... we've chopped so many staff, our IT projects are now behind

mr_souter_Working

Re: This is fake news. Y'hear? FAKE NEWS!

nope - still plenty of us around - for some reason

I had the chance to jump a couple of months ago - really wish I'd taken it

mr_souter_Working

hahahahahahahahahaha - pull the other one, it's got bells on.

we are being told that the company "Puts people at the heart of everything we do"

and that we are all important, and our opinions matter

lets see what we get told on Thursday.......

Has science gone too far? Now boffins dream of shining gigantic laser pointer into space to get aliens' attention

mr_souter_Working

A good way to get the Galactic police at our door

we prosecute people for shining lasers at planes and people - I struggle to imagine how big the fine would be if we started strafing entire solar systems with a laser.......................

Plex plucks media cloud service, sends users scurrying to exit

mr_souter_Working

who knew that renting someone else's computer might not be a sustainable model....

lifetime plex pass - never touched Cloud, because I don't have any interest or need for it

I have all my media stored on a couple of NAS boxes, my home server, and my desktop - I have no issues playing any of it from anywhere with an internet connection. The DVR function works well, since I took the leap of buying a dual tuner HD network tuner.

if they add an audio books category (something that people have been asking about for a while) then I will be very content.

A boss pinching pennies may have cost his firm many, many pounds

mr_souter_Working

Re: Server room cooling

I took over as systems manager for a very small company just as they were moving (they were having the new offices fitted out, so it was an empty shell when I started)

The previous systems manager had helped plan out the building, and the "Server Room", was just a big cupboard with no outside walls, no ventilation, etc...

I looked at it, said we needed a much larger room, with a window, and aircon - got everything except the aircon - had to make do with a home unit sitting on a shelf (with drip bucket underneath), vented to the outside, an open window, and leaving the door open during the day.

I did persuade them to double up the number of power and network ports in the small technical area just outside the server room, where myself and my colleague worked.

As far as I know, that's how they are still running.

mr_souter_Working

Re: Communications company...

"Odd that we couldn’t afford it as the company owner had a personal fortune of £60m at the time."

How do you think he got a £60m fortune?

hint - not by spending any more money than he absolutely had to. And even then, only if forced, preferably at gunpoint....

'Can you just pop in to the office and hit the power button?' 'Not really... the G8 is on'

mr_souter_Working

Re: Long ago.

I know somewhere that invested a lot of money in web power switches - but then left them accessible from the same VLAN as the servers, and never configured them - so no note as to which server was plugged in where (never even changed the default passwords) - so anyone could access them and turn off any port they wanted. As far as I know, they are still unconfigured.

People hate hot-desking. Google thinks they’ll love hot-Chromebooking

mr_souter_Working

Re: Live USB sticks did it first and still does it better

@saif

"Puppy on a stick

thanks for that mental image....................

mr_souter_Working

Re: lowest common denominator

@Macka

Besides, if your workflow isn't mostly browser based (+extensions) then you're still stuck in the 90's and I feel sorry for you.

some of us need locally installed apps that require some much more serious grunt than offered in a browser

if your work is mostly browser based, then you're well on your way to becoming a PHB - congrats.

for those of use doing real work, local VM's, Visual Studio, to name just two of them - leave us alone with our workstations

and some of us are also in environments where we cannot use cloud based services, and often cannot access the internet at all.

thin clients are suitable for some users. Chromebooks are suitable for some users. Heavy duty workstations are suitable for some users. there really is no "one size fits all"

Heatwave shmeatwave: Brit IT departments cool their racks – explicit pics

mr_souter_Working

Too Hot = bad - too cold = bad

previous company I worked for (small IT company, did some maintenance and support) - one of the customers had a small dell server sitting under the stairs in their very old building.

got a call one morning - went out to it, to discover that it had shut down overnight due to the cold (pretty cold winter in Scotland).

a big blanket to trap the heat in it's little nook, and a heater nearby - it was fine - they were advised that it should be in a temperature controlled area, but the scottish newsreaders that owned the company probably never did anything about it.

at the same time. the company that I worked for moved into new offices in Glasgow - with no aircon in the server room - the solution proposed by my boss (he wanted to reuse the waste heat from the servers to warm the office) - was to put a small desktop aircon unit on the shelf in front of the only window in the room, and open the window - servers regularly hit 50C during summer months - and shut down more than once while I was there.

A previous company to that, one of our customers had their servers in a hall cupboard - just about every night the servers would shutoff due to heat, and come back on in the morning - they were always complaining about the systems being down in the morning - turns out they were closing the cupboard door when they left, and opening it when they came in - no airflow, heat built up - servers shut down.

DXC execs to investors: It's say-on-pay time. Give us a bump, would you?

mr_souter_Working

What morale?

people being let go regularly, contractors not having contracts renewed (no demand for their skills is the reason given - which is a surprise to everyone that needs those skills).

no pay rises or bonuses since we became DXC (maybe there will be some money this month - not holding my breath)

nice to know that the execs will be getting bonuses and healthy pay packets - after all, they contribute SO much to the success of a company!

yes, it's a wonderful life working for DXC......................................................................................................................................

BOFH: The trouble with, er, windows installs

mr_souter_Working

Database Normalisation Warning

yep - that would be an issue for me as well, sadly i work in a low building.........................

System Center's first semi-annual release debuts

mr_souter_Working

?Added Linux monitoring?

we were monitoring Linux in Operations Manager a few years ago - maybe they have made it better, but it's not new

Fine, OK, no backdoors, says Deputy AG. Just keep PLAINTEXT copies of everyone's messages

mr_souter_Working

Re: Lots of criminals in here

"Some people refuse to grow up and accept the world as it is." - sounds like a pretty accurate description of all the government wonks that want bloody idiotic things like secure end to end encryption for users, and plaintext copies of everything those users send/receive.

Star Wars: Big Euro cinema group can't handle demand for tickets to new flick

mr_souter_Working

Re: it's up, but doesn't work

yes, there are two months before that film comes out

but I wanted to book tickets to see a film today - and the entire booking system is currently not working

:\

mr_souter_Working

it's up, but doesn't work

the site itself is up - but the booking system is not working properly

looks like they failed to anticipate that some people might be interested in booking tickets.

Sysadmin tells user CSI-style password guessing never w– wait WTF?! It's 'PASSWORD1'!

mr_souter_Working

Re: I'm unintentionally awesome at work regularly

wouldn't count on anyone realising after you leave either - I left my previous job just over a year ago, and only the techs that I worked with (and still ask for my advice on the odd occasion) realise how much work I did.

mr_souter_Working

Re: "They looked for the password on the CD . . ."

the certificate wasn't encrypted - it merely required a password to install it

Totally bog standard, and when you generate that type of certificate you MUST enter a password - admittedly the password can be a single character, but you do have to provide one......

I think it's a miracle that it was as complex as PASSWORD1 - I would have assumed password1 as a first guess, or even just 1. Of course, there are no limits on the number of times you can guess the password, so it does make it kind of pointless.

Apple: Our stores are your 'town square' and a $1,000 iPhone is your 'future'

mr_souter_Working

Face ID

will it work in near total darkness first thing in the morning, when your head is half buried in the pillow, and you are struggling to wake up?

will it work when you are bundled up against the elements and have most of your face covered?

but seriously, an ID system that only works if you have your face uncovered and are looking at the phone?

seems like the wet dream of some NSA analyst.

and wireless charging? how many years late to the party? are we supposed to be impressed that they finally caught up?

Boffins: 68 exoplanets in prime locations to SPY on humanity on Earth

mr_souter_Working

so - we can only see a small proportion of possible planets then?

if there are limited numbers of possible planets that can potentially see us, then surely that means that we can only see a limited number of possible planets (due to their orbital axis around their sun)

this would then require that there are presumably vastly more potentially inhabitable planets around than our orbital position will allow us to detect

or am I missing something fundamental?

Biz sends apps to public cloud, waves 'bye to on-premises server folk. NO! WAIT!

mr_souter_Working

As good as the job advert i saw in 2004 that wanted 5+ years experience in Server 2003

Linux-loving lecturer 'lost' email, was actually confused by Outlook

mr_souter_Working

Re: been there - seen that - never been shouted at to that extent (yet)

yep - every time i thought that i'd seen it all, someone came up with another way to screw up.

that's why I said "just about every form of stupidity" - but not every variant on that stupidity

:D

luckily, I only deal with servers, project managers and other techs

of course that does present a whole new level of stupidity and its own problems

mr_souter_Working

been there - seen that - never been shouted at to that extent (yet)

collapsing folders and complaining that everything is gone - check

deleting emails/folders and complaining that they don't know what happened - check

dragging items/folders into other locations and not being able to find them - check

users (and helplessdesk staff) not being able to use the search function to find items - check

users complaining that the never received an email (and being proven wrong) - check

junk mail settings that the user configured causing emails to disappear - check

helpdesk staff restoring most of a mailbox because the user insisted that everything was gone (just moved) - check

users complaining that they are not able to send/receive email, because they have ignored the warnings every day for the last 3 months about the quota - check

Been in the game so long (as many of us have), that I have seen just about every form of stupidity users can come up with for email (not limited to Exchange and Outlook either).

I think that if I'd encountered that individual, he would have been told succinctly exactly where he could shove his attitude, before showing him exactly how stupid he was being.

Then I would have torn my boss a new one, and my colleagues, all while pointing out that we had backups of the PST files for this very reason (assuming he had actually lost any emails).

Boffins' five eyes surprise: Bees correct colour for ambient light

mr_souter_Working

Ambient light sensors in a phone

pretty sure most phones have those already (not colour sensitive, but definitely light sensitive)

Approaches to building the enterprise cloud

mr_souter_Working

Re: I hate Agile as well

"Does HCI actually give you the ability to go to a web interface, spec your server and provision it without ever going near a techie like a cloud platform does?"

That was possible 7 or 8 years ago - just using Microsoft VMM - I know because it is exactly what I did for the small company I worked for. Couldn't get the developers to use it at first, and it wasn't as fast as these days - but they could request and provision servers themselves without asking anyone (they were allocated a certain amount of resources, and once used, they needed to start deleting old servers before creating any new ones).

Currently working for one of the big names - and getting any sort of server is a nightmare of red tape and excuses. Things go backward - we sell these sort of solutions to our customers, but can't get them working internally.

:(

What does an enterprise cloud look like?

mr_souter_Working

yeah - not so much

As someone who is working for one of those global organisations that you would expect (or at least hope) to be leading the field in this sort of stuff (our advertising crap says we are anyway) - I can tell you that we can't even get 5 year old tech working properly for our internal systems. The last excuse I was given was - "not enough storage allocated to enable document versioning - and not enough storage available to assign more".

All in all, I will believe it when I see it.

US voter info stored on wide-open cloud box, thanks to bungling Republican contractor

mr_souter_Working

Re: Data mining?

where did you learn basic maths?

John Smith - born in 1970

current year - 2017

(2017 - 1970) is how many years again?

that's right - it's 47 years.

UK PM May's response to London terror attack: Time to 'regulate' internet companies

mr_souter_Working
Childcatcher

my rant

I'm not going to bother about the whole "bomb the middle east = create more terrorists" issue, that is a whole different can of worms.

problem 1 - the politicians either don't understand technology, or have a vested interest/ulterior motive in pushing their specific agenda.

problem 2 - the public that will vote for these politicians do not understand technology, they are pushed into being frightened of the terrorists/paedophiles/bogeyman of the week, and someone proposes an easy solution to the problem (people like easy solutions, and like to know that someone is "doing something")

A cynical person would find the timing of the latest attacks and the sudden flurry of arrests to be a touch suspicious - not that i'm a cynical person!

Terrorist attack at a concert kills 22 (less than 2 weeks before an unnecessary election), entire country says "screw you, we're not terrified, lets have a concert to raise money for the victims", PM looks weak and poll numbers slip, loads of arrests and police shown to be clamping down on the terrorists, controlled explosions in various places, some of the people arrested are released without charge

Day before concert, another terrorist attack kills 7, suddenly "enough is enough" says our PM (maybe she is trying to look tough) - and lets regulate and clamp down on the internet - we need people to have less encryption, less privacy, more monitoring (because that's worked so well in the past!), etc...

so, we get led up the garden path, and all online privacy is gone (does anyone expect that any future government of any party will attempt to get rid of the Investigatory Powers Act?), unless you know what you are doing, in which case you become a suspect (we don't know what that person is doing online, they must have something to hide!!!!! Investigate them!!!!)

now, where did I put that tinfoil, need to make myself a new hat................

(I really want to put three icons on this - damn you Register, stop limiting what I can do online!) :D

Retirement age must move as life expectancy grows, says WEF

mr_souter_Working
Unhappy

Pension age vs retirement age

Currently, I will be eligible for state pension at age 67 (only 20 more years).

I should be able to start properly saving for retirement at about age 65. (that should be when most debts/mortgage/etc are cleared)

I will probably need to work until I am in my mid to late 70's (maybe even early 80's) to be able to afford to retire with any degree of comfort.

Just as well that most of my family tend to live well into their 80's/90's before finally dropping dead - hopefully I will have a couple of years to enjoy retirement.

Of course this could all become moot if one of the nutters currently in charge of a country with Nuclear weapons decides they really want to play with their shiny toys.........................

Twice-crashed HPE SANs at Oz Tax Office built for speed, not strength, and turned off error reporting

mr_souter_Working

Re: Common guy interpretation?

"1- The fibre optic cables feeding the SAN were not optimally fitted -

How is this possible? There should be a "click" sound when the LC connector is fitted in. It's always been "insert" or "not inserted". I don't recall any instance where a FC cable can be halfway inserted. Maybe the cables were "bent"."

at a place I worked previously, we had an issue with some servers with FC attached storage arrays that took forever to start back up - eventually I went to each of the DC's and discovered that years earlier (when they were installed) someone had attached the first FC card in the server to the input on the storage array primary controller and then the output of the same controller on that storage array to the output of the second card in the same server - it took me a while of head scratching before i finally figured out where the cables were supposed to go (they were all properly seated, and to a casual glance they appeared fine - and the servers started and worked, just VERY slow to boot), but that caused repeated array issues for years that nobody had ever really bothered with - we found that all of the servers were connected the same way to their external storage (6 servers in all). luckily it was only the Exchange system, and it was a fully redundant system (active/passive nodes in primary DC with offsite passive in DR location).

WannaCrypt: Roots, reasons and why scramble patching won't save you now

mr_souter_Working

Re: Lack of any finger pointing at the right people.

WTF - "Why on earth do we accept Microsoft (and every other vendor) declaring that their OS /software is not going to receive critical security patches within a reasonable lifespan of the hardware it supports and in the absence of 100% backwards compatability"

A - personally, I class 17 years as well outside most reasonable expectation of hardware support (most enterprises work on a 5 year hardware refresh cycle in my experience)

B - for YEARS everyone has been complaining that MS have NOT removed all backward compatibility - now you are moaning that they are not keeping ENOUGH backward compatibility.

C - most of the security issues faced by modern OS's are because of backward compatibility - the Wannacry worm exploited a hole in SMB v1 FFS!

LastPass now supports 2FA auth, completely undermines 2FA auth

mr_souter_Working
Black Helicopters

One of the biggest issues

Most people use the same username on all sites - and usually the same email address

personally, I use a different (and random) email address (from one of the 3 domains that I own) for most sites, together with a unique password for that site. It gives me the advantage of knowing if a site has been hacked (or has just sold my information), as I then see spam coming to an address that was only ever used on that single site.

Never sign in with any Social credentials (Facebook, Google+, Microsoft, etc...)

I also use a combination of KeePass for day to day stuff (several copies stored in different locations and synced every few weeks), encrypted text files contained in encrypted zip files on an encrypted USB stick for truly important stuff (with encrypted backups on my home NAS and at least one offline USB drive).

Me? paranoid? never! who said that I was?

mr_souter_Working
Pint

Re: Better alternatives...

have a beer for the Hitchhikers Guide reference

I am going to assume you mean to use a full (to the brim) chamber pot, and put your encrypted USB stick in a sealed bag inside it - no burglar or hacker is going near it (especially not after it festers for a few weeks) - of course, you may have to move out of your own home due to the smell..............................and obviously write the password down on the underside of the pot. :D

WannaCrypt 'may be the work of North Korea' theory floated

mr_souter_Working

Re: Hmm... North Korea is a good scape goat

"So it's convenient to have a space goat"

I like the idea of a space goat - it'd be useful on the ISS.

:D

74 countries hit by NSA-powered WannaCrypt ransomware backdoor: Emergency fixes emitted by Microsoft for WinXP+

mr_souter_Working

Re: How bad will it get...?

"the horrifically badly locked down macro facility of Word" - actually this is an issue in all MS Office apps - and it can easily be locked down by Group Policy - assuming that the Technical staff are consulted and ALLOWED to make the required changes.

too often they are overruled or ignored because locking things down may result in some person complaining that they are not able to use X, Y or Z that worked yesterday - despite it being a gaping security hole.

and then a lot of the in-house IT is being outsourced, often to other countries, where they don't know the internal systems well enough to make any proper recommendations, and even if they did (and were willing and skilled enough to make recommendations), they have no idea who to recommend anything to.

mr_souter_Working

my tuppence worth (as everyone else has their opinion, why not add mine) :D

for what it's worth, here's my take on this (and all the other instances where some virus has trashed a network).

Most viruses arrive by email, generally spoofed messages either purporting to come from another user inside the network, or from a trusted external contact. The user then opens the message, then the attachment, (or clicks the link), and then allows the attachment to run macros. This then allows the malware to download the nasty bit of itself, and possibly contact the command and control network.

The nasty stuff then starts encrypting files on the servers - and on the local PC. it will open every drive that the user has mapped, and will create an encrypted version of every file it can see, before deleting the original. Some variants (like this one) will also seek out all other machines on the network to infect them.

So, how do we stop this from happening? or at least slow down the spread when it does hit, or limit it's effectiveness when it arrives.

1. Educate the users so that they stop blindly opening any and all emails they receive.

2. Stop users from treating their work computers like their home PC's - they are not, they are for business use only, but people are very rarely held responsible for the state of their computer, and the higher up they are, the less likely they are to be held accountable.

3. Have working email filters that can identify internal email addresses and reject them as spam (spoofed). Also some external email scanning to remove spam and viruses before it even hits the perimeter of the network.

4. Use file filters to prevent the malware from creating its encrypted version of the file - this stops it from deleting the original. The desktop might be infected, but as long as the file servers are OK, all user data should be safe. It would actually be better to have a file filter that only allows specific file types to be saved to the server, but I am not aware of any way to do that at the moment.

5. Stop using a single AV product across an organisation. There should be one (or more) AV engines scanning emails coming in, a second in use on client desktops, and a third for the servers.

6. Currently the UK compliance rules (well known) are that all critical and security patches released by vendors should be installed within 3 months - this is too long (as proven here). But everyone in IT is well aware that if they install a patch and something breaks, they get the blame - so there is reluctance to force the issue, instead they use staged patching and try and limit any blame they might get.

7. Stop using out of date Operating Systems - the excuse about testing software for compatibility only holds up for so long - Windows 7 is reaching end of life, and many organisations have not even started testing their software works on Windows 8, never mind 8.1 or 10. and to still be using Windows XP is poor.

8. Stop having non-technical people making decisions about technology. Put some qualified people in place and give them the authority and budget they need to put proper controls in place, back them up in their decisions, and test it properly to make sure that it meets (or exceeds) their designs.

9. Ensure that your internet connection is not allowing malware to come down - perhaps by limiting file downloads to only a few approved users or computers.

10. Use firewalls on local machines - they are often turned off, or opened to the point of uselessness simply to make life easier for everyone.

11. As one person found out, the original variant stopped when it attempted to contact a specific web address and got a response - this could be fairly simple, configure your network so that all unidentified URL's receive a response from a specific internal web server - as the malware gets a response, it exits. And if a user goes to an invalid URL, they will see a web site advising them what they did wrong - it becomes a win/win. (implementation may be difficult to accomplish on some environments)

12. If for some reason you cannot replace an out of date computer - and yes, there are valid reasons to retain old OS's - then either air-gap it from the network, or put it on a very secure locked down network with very limited access to and from it. If it's important enough, then you want to do everything possible to reduce the chance that it could be affected (maybe also look at installing some sort of deepfreeze software on it to try and reduce the time required to get it back to original configuration)

13. Have the separate teams work together to put in place effective strategies and solutions - rather than each team is responsible for only their small bit of the puzzle - this often means that things don't interact well and less than optimal decisions are often forced in place.

There are other things that could also be done to help limit the effectiveness of malware - nothing will ever truly kill it off.

WannaCrypt ransomware snatches NSA exploit, fscks over Telefónica, other orgs in Spain

mr_souter_Working

my tuppence worth

for what it's worth, here's my take on this (and all the other instances where some virus has trashed a network).

Most viruses arrive by email, generally spoofed messages either purporting to come from another user inside the network, or from a trusted external contact. The user then opens the message, then the attachment, (or clicks the link), and then allows the attachment to run macros. This then allows the malware to download the nasty bit of itself, and possibly contact the command and control network.

The nasty stuff then starts encrypting files on the servers - and on the local PC. it will open every drive that the user has mapped, and will create an encrypted version of every file it can see, before deleting the original. Some variants (like this one) will also seek out all other machines on the network to infect them.

So, how do we stop this from happening? or at least slow down the spread when it does hit, or limit it's effectiveness when it arrives.

1. Educate the users so that they stop blindly opening any and all emails they receive.

2. Stop users from treating their work computers like their home PC's - they are not, they are for business use only, but people are very rarely held responsible for the state of their computer, and the higher up they are, the less likely they are to be held accountable.

3. Have working email filters that can identify internal email addresses and reject them as spam (spoofed). Also some external email scanning to remove spam and viruses before it even hits the perimeter of the network.

4. Use file filters to prevent the malware from creating it's encrypted version of the file - this stops it from deleting the original. The desktop might be infected, but as long as the file servers are OK, all user data should be safe. It would actually be better to have a file filter that only allows specific file types to be saved to the server, but I am not aware of any way to do that at the moment.

5. Stop using a single AV product across an organisation. There should be one (or more) AV engines scanning emails coming in, a second in use on client desktops, and a third for the servers.

6. Currently the UK compliance rules (well known) are that all critical and security patches released by vendors should be installed within 3 months - this is too long (as proven here). But everyone in IT is well aware that if they install a patch and something breaks, they get the blame - so there is reluctance to force the issue, instead they use staged patching and try and limit any blame they might get.

7. Stop using out of date Operating Systems - the excuse about testing software for compatibility only holds up for so long - Windows 7 is reaching end of life, and many organisations have not even started testing their software works on Windows 8, never mind 8.1 or 10. and to still be using Windows XP is poor.

8. Stop having non-technical people making decisions about technology. Put some qualified people in place and give them the authority and budget they need to put proper controls in place, back them up in their decisions, and test it properly to make sure that it meets (or exceeds) their designs.

9. Ensure that your internet connection is not allowing malware to come down - perhaps by limiting file downloads to only a few approved users or computers.

10. Use firewalls on local machines - they are often turned off, or opened to the point of uselessness simply to make life easier for everyone.

11. As one person found out, the original variant stopped when it attempted to contact a specific web address and got a response - this could be fairly simple, configure your network so that all unidentified URL's receive a response from a specific internal web server - as the malware gets a response, it exits. And if a user goes to an invalid URL, they will see a web site advising them what they did wrong - it becomes a win/win. (implementation may be difficult to accomplish on some environments)

There are other things that could also be done to help limit the effectiveness of malware - nothing will ever truly kill it off.

Well this is awkward. As Microsoft was bragging about Office at Build, Office 365 went down

mr_souter_Working

Re: I'm in Texas

nobody disputes that the area covered by Texas is larger (nearly 3 times larger) than the area covered by the UK. But it kind of overlooks the fact that has less than half the population of the UK.

Microsoft use distributed locations to host their authentication servers - so different people in different places will authenticate to different servers - is that too much to grasp?

Obviously this was not a global outage - it was an issue with some of the authentication servers in some locations - thereby affecting some users.

America 'will ban carry-on laptops on flights from UK, Europe to US'

mr_souter_Working

If these are so dangerous, why allow them on any flight?

so you can't have laptops in the cabin on flights from Middle east countries - why allow them on any flight?

if they are so dangerous, and so likely to contain bombs (or be easily made into a bomb onboard), why allow them on any flight - ban them on all flights.

oh that's right - because they want to regularly show that they are doing things - and a blanket ban everywhere would be too much of a problem to impose, as well as not giving the security services the ability to shout about how the sky is falling every few months.

Virgin Media scales back Project Lightning target in first quarter results

mr_souter_Working

Speeds are not consistent

I pay for 200Mb (I did register my interest in the 300MB service that is available in my area, but so far they have not bothered to contact me) - but regularly get less than 100Mb

the upload speeds are laughable - 12Mb maximum, but at least I always get that

if you dare to use the internet at peak times and hit their bandwidth cap, you can expect to have your speed throttled to about 40Mb, until it resets at about 1am

I am a SamKnows tester (have been for years) - so get a monthly report card on my connection - so i know exactly how dire the service is, and how often it fails completely.

London councils seek assurance over Capita's India offshoring plans

mr_souter_Working

Re: Far too late

not just Capita

include WiPro and HPE in that as well - anything that can be offshored will be (and some stuff that can't/shouldn't will be going as well)

Friday security roundup: Secret Service laptop bungle, hackers win prizes, websites leak

mr_souter_Working

Disk encryption - yeah right

sure, they have whole disk encryption setup - assuming the drive ever completed the encryption process (i have encountered times where, after several months in use, it was noted that the disk had never encrypted, because the user only ever used the laptop disconnected from mains, and it was never powered on while connected).

Many public sector organisations also use incredibly insecure encryption passwords - often just some part of the asset tag of the machine - because users need something they can remember).

I have also seen cases where the encryption password was written on a label attached to the laptop, as the user could not remember what it was.

And of course, if the laptop was merely sleeping, then the disk encryption is bypassed - and it has already been shown that plugging in certain USB sticks, correctly configured, will net the account credentials.

All in all - you should always assume that if someone has physical access to a computer, that all data on it is accessible. The only way to be sure nobody can get anything off of a computer, is to make sure it never gets onto it in the first place (this applies to all computing devices, phone, tablet, desktops, laptops, etc...)

UK to block Kodi pirates in real-time: Saturday kick-off

mr_souter_Working

Re: Meh

"feetsball" - i like it

lump this and all the other sports in a barrel and shove it into the sea.

i could not possibly care any less about if any sport is on any form of television, provided i am neither obliged to watch it, nor pay for it. if Sky/Virgin/BT/et al want to gouge the people that want to watch it, that's their issue. I don't think the BBC should be squandering out license fee and trying to outbid any of them.

The Psion returns! Meet Gemini, the 21st century pocket computer

mr_souter_Working

hope this isn't more vapourware......

or an early april fool - or some weird joke from El Reg.

if this is real, and not too expensive, i could see me getting one

one of the things i really like about my Psion 5mx (still in use), is the Serial adapter, to let me interface with switches and the like. maybe this will at least work with a USB-Serial dongle.

Page:

Biting the hand that feeds IT © 1998–2019