* Posts by Captain Badmouth

608 posts • joined 1 Aug 2015

Page:

Data breach rumours abound as UK Labour Party locks down access to member databases

Captain Badmouth

He's got a copy of the electoral register so he probably thought he was being polite. By register I mean the complete register, not just the "public" register available to anyone - at least that used to be the case. Not sure how current data regulations have changed that.

Use an 8-char Windows NTLM password? Don't. Every single one can be cracked in under 2.5hrs

Captain Badmouth
Paris Hilton

I suggest

supercallousflagellisticexpertcunnilingus

Ticketmaster tells customer it's not at fault for site's Magecart malware pwnage

Captain Badmouth
Happy

Re: I guess this is lawyer talk for..

"All because whoever is coding their site, isn't checking the legitness (is that a word?) of the code they are embedding."

Legitimacy. hth.

Captain Badmouth
Happy

Re: Just out of curiosity

Also:

https://www.theregister.co.uk/2018/09/12/feedify_magecart_javascript_library_hacked/

Captain Badmouth
Thumb Up

Re: Offsite scripts GAH!

Sorry for that, we'll understand in future.

Captain Badmouth
Happy

Re: Just out of curiosity

The page you are looking for :

https://www.theregister.co.uk/2018/09/11/british_airways_website_scripts/

Captain Badmouth
Headmaster

Re: Offsite scripts GAH!

"F.F.S. people if its an even vaguely secure area no script that you have not copied locally and validated does what you think it does goes in, is this so hard to understand."

Without proper punctuation, yes.

Worrying Windows 10 wrecking-ball weapon weirdly wanders wildly on worldwide web

Captain Badmouth
FAIL

"It can be exploited by a malicious logged-in user or malware on an already infected computer to arbitrarily delete or tamper with anything from application .dll files to critical system components."

The silly man has just discovered the latest windows update.

Sealed with an XSS: IT pros urge Lloyds Group to avoid web cross talk

Captain Badmouth
WTF?

Re: Multi-layered security controls across our systems

"I got a similar answer from EDF when I asked them why I needed to disable 'Auto remove overlays', 'uBlock Origin' and Safescript in order to access the site."

With noscript you have to enable google.com and gstatic.com and sometimes an amazonaws script in addition to the edf script in order to log in. The google and gstatic scripts seem to be there for supplying the captctha. The amazonaws is not always present but if it is you have to enable it. I've complained about this excessive use of 3rd party stuff but they seem not to understand, their ssl labs rating was a B until I told them about it, they've since improved it.

The Reg takes the US government's insider threat training course

Captain Badmouth
Devil

Trusted individuals

"You might also be a person who tends to underestimate the value of the information being sought or given."

In which case you should be put on the white house, er, white list I mean.

No, black list, black list...hide that piece of paper...

When is a patch not a patch? When it's for this McAfee password bug

Captain Badmouth

Re: I always refer to it as.........

McCRAPAFee.

In which case you should use the trouser extension...

Revealed: British Airways was in talks with IBM on outsourcing security just before hack

Captain Badmouth

Re: BT was going to outsource security says leaked memo.

BA?

C'mon, if you say your device is 'unhackable', you're just asking for it: Bitfi retracts edgy claim

Captain Badmouth
Holmes

A solution

Mr Mcovfefe should have put antivirus or something on it I was told by my mate who heard it in an internet cafe from an expert...

Bank on it: It's either legal to port-scan someone without consent or it's not, fumes researcher

Captain Badmouth
Terminator

Re: Scanning for free?

Money for nothing and your scans for free...

Nah, that can't be right.

RBS bank manager ---->>>

Captain Badmouth
FAIL

Security?

Well I've just scanned their site on the sophos security header website, and they get a "C" grade, failing 4 out of 7 tests. The result is not hidden on the sophos site for all those interested.

'Fibre broadband' should mean glass wires poking into your router, reckons Brit survey

Captain Badmouth
Happy

Re: Surfboard modems

"The first cable modems they supplied were Surfboard modmes. They used a soft config file sucked off the server and stiored in EPROM. The config file set you up/down speed, otherwise all you had was 64k to the server and no other connectuion. It turned out to vbe suprisingly easy to sniff config files as they zoomed past, save them, read them, reset the mac address of the modem, then copy up the config file. You paid for 128k but got 10Mb"

You sure they weren't Surfboard mod-me's?

Captain Badmouth
Coat

Re: It was always fibre though, right?

Collecting code books from adjoining areas so you could dial various exchanges to check for faulty ones ( dial remote exchange from local exchange then code for local exchange from remote location) to see if paybox gets bypassed. Rinse and repeat. Result : faulty exchange bypasses paybox- free phone calls.

Otherwise dial exchanges in a string to avoid long distance charges- gets noisier with more hops.

I've said too much...

Mines the one with all the little red books in it. ( No, not those little red books...)

US military manuals hawked on dark web after files left rattling in insecure FTP server

Captain Badmouth
Paris Hilton

Re: Well for the record....

"I have even seen night vision devices and and electronic sites at pawn shops."

Pwn shops shirley...?

Paris, knows all about porn shops... (allegedly)

Dr Symantec offers quick and painless checkup for VPNFilter menace on routers

Captain Badmouth
Devil

That's the problem gents, by the time you've enabled (one at a time) the first few scripts, you find the check doesn't work. Of course you look again to see a whole new shitload of other scripts waiting for your permission. I'd be more trusting if I hadn't remembered that Todd Davis (Symantec co-founder) had his identity stolen 13 times!

Would you want to steal his identity?

Captain Badmouth

How many separate scripts would you say are necessary?

Captain Badmouth

How nice to see a web page, that purports to check your router security, crawling with javascript.

Cryptography is the Bombe: Britain's Enigma-cracker on display in new home

Captain Badmouth

Re: When?

Possible mix-up of dates. I seem to recall that the Poles had early warning of invasion due to being able to decrypt some Nazi signals, so got out early- 1938 perhaps?

Stop us if you've heard this one: Adobe Flash gets emergency patch for zero-day exploit

Captain Badmouth
Big Brother

Re: McAfee Antivirus

" think it's funny that when you install Flash from the Adobe website, there's a checkbox to install McAfee Antivirus."

Funny? It's hilarious. Not just one security hole but two!

Someone, somewhere has your computer by the goolies.

Rowhammer strikes networks, Bolton strikes security jobs, and Nigel Thornberry strikes Chrome, and more

Captain Badmouth
Devil

Re: Mixed signal?

Silly boy, it's all about draining the other guy's swamp, not the trumpswamp ©.

Brit healthcare system inks Windows 10 install pact with Microsoft

Captain Badmouth
Gimp

Dear Patient

I'm afraid we have had to cancel your appointment for the 15th of july as our records computer is still downloading updates...

ct scan patient after radiology dept. updated to win10. ---->>>>>>

Great Western Railway warns of great Western password reuse: Brits told to reset logins

Captain Badmouth
Happy

Re: Spam email or not?

"Before downloading them? You think people still use email clients?"

Yes, I don't like leaving sh*t lying around on a server somewhere when it could be *safe* at home with me.

Captain Badmouth

Spam email or not?

Windows users should be taught to use the likes of mailwasher to preview their emails before downloading them. Viewing everything in plaintext is very useful to see through the html links.

Microsoft patches patch for Meltdown bug patch: Windows 7, Server 2008 rushed an emergency fix

Captain Badmouth
WTF?

Re: Patching hell...

I'll wait for the patch for the patch for the patch for the patch.

Thanks.

On second thoughts...

Captain Badmouth
FAIL

Patching hell...

I'll wait for the patch for the patch for the patch for the patch.

Thanks.

Mad March Meltdown! Microsoft's patch for a patch for a patch may need another patch

Captain Badmouth
Holmes

I'm getting

too old for this shit.

I'll have some of what he's smoking........------------>

It's March 2018, and your Windows PC can be pwned by a web article (well, none of OURS)

Captain Badmouth
Thumb Up

Re : Reports on reddit

Thanks for the heads-up, no win7 updates for me atm.

$14bn tax hit, Surface Pro screens keep dying – but it's not all good news at Microsoft

Captain Badmouth
Pint

Re: Another RoHS victim?

And possibly they've been manufactured by the same clowns who produced those wonderful HP laptops of fame a few years back.

Anyway, it's beer o clock...

It gets worse: Microsoft’s Spectre-fixer wrecks some AMD PCs

Captain Badmouth
Happy

"The title implies that the update bricks (damages) the hardware, but it seems like it would be fine with a new installation of Windows (a previous version) or Linux. Nevertheless, it would be rather inconvenient..."

So, unhalfbricking?

Captain Badmouth
Devil

Dear windows user...

We detect that your machine is using an AMD processor. Unfortunately as a result of our most recent patch your machine has been rendered unusable which is why you cannot see this notice.

Thank you for "running" Microsoft Windows.

Russia could chop vital undersea web cables, warns Brit military chief

Captain Badmouth
Happy

Re: Cut off the UK?!?!

They've cut the cable?

Better get on the RT then.

Put down the eggnog, it's Patch Tuesday: Fix Windows boxes ASAP

Captain Badmouth
Happy

Re: IE and Edge

"Edge is just a rebranded IE. IE became a punchline in the browser/tech world, Microsoft needed to polish the turd and make it more palatable.2

So edge is proof you can't sharpen a turd either...

Brit bank Barclays' Kaspersky Lab diss: It's cyber balkanisation, hiss infosec bods

Captain Badmouth
Big Brother

Re: Bah!

"a visit from the government Department of Approved Digital Assets auditor..."

Bureau of Approved Digital ASSets auditor, shirley?

Stick to the script, kiddies: Some dos and don'ts for the workplace

Captain Badmouth
Happy

Re: With Great Power, comes Great Change Control.

"I'll only be able to talk to my machines once a week..."

Don't go telling them you talk to your machines, either.

Munich council: To hell with Linux, we're going full Windows in 2020

Captain Badmouth
Happy

Re: Thirty Eight

"well there was really no need to print it, hun."

Oooh! I see what you did there...

Captain Badmouth
Windows

Re: Not sure about Office?

"I guess that's the same business plan of your local drug dealer"

Hey, little kid, wanna buy 10p worth of heroin...?

OpenSSL patches, Apple bug fixes, Hilton's $700k hack bill, Kim Dotcom raid settlement, Signal desktop app, and more

Captain Badmouth
Happy

Re: What about Isreal

"You hacked a BBC Micro and write like a 25 year old? Looks fishy to me."

C'mon, it was an impoverished rough-arsed comprehensive, barely able to afford pencils and paper, comrade-ooh! what a giveaway!

El Reg assesses crypto of UK banks: Who gets to wear the dunce cap?

Captain Badmouth
FAIL

The co-op

The co-op login page gets a C on Qualys - due to it's (lack of) protocol support, and an F on security headers .io.

Worse than smile which is internet only.

Captain Badmouth
FAIL

Re: Smile please...

Qualys ssl gives them an A-, securityheaders.io gives them an F!

Microsoft flips Google the bird after Windows kernel bug blurt

Captain Badmouth
Windows

Re: Posturing?

"Imagine an antivirus program that said its "target" for updates in response to any new threat was 90 days give or take a few weeks..."

That's the one you get when you buy a windows pc from one of the major suppliers.

"Are you sure you want to uninstall McAfee,,,?

US says it's identified six Russian officials as DNC hack suspects

Captain Badmouth

Re : "confused"

"Are the Russians meant to have helped Trump win or were they trying to help Clinton?"

Assuming there is some Russian involvement, put aside those two separate aims, and ask whether the aim was to cast doubt on the election itself and both characters involved.

Punctual as ever, Equifax starts snail-mailing affected Brits about mega-breach

Captain Badmouth
FAIL

Re: Addresses

More to the point, as mentioned above, why aren't they double-checking their records before sending out letters?

Malware hidden in vid app is so nasty, victims should wipe their Macs

Captain Badmouth
Happy

Re: Sounds familiar @ AmenFromMars

"eh?"

How strange, you're not new here...

Captain Badmouth
Happy

Re: A complete wipe?

"If we were to treat the US government as an operating system, would I be right in diagnosing it's been rooted with a nasty malware infection?"

There's certainly something present that needs a good wipe...

'Open sesame'... Subaru key fobs vulnerable, says engineer

Captain Badmouth
Thumb Up

Re: Country Joe...

Country Joe... and the Scoobie?????

and the phish, shirley?

Upvote for the arcane reference reference.

It's 2017... And Windows PCs can be pwned via DNS, webpages, Office docs, fonts – and some TPM keys are fscked too

Captain Badmouth
Unhappy

Re: "if computers had totally separate data and executable storage"

"In a four ring model you could have the true kernel running at ring 0, for example, while I/O could work at ring 1."

Instead of which we have a four ring circus.

Page:

Biting the hand that feeds IT © 1998–2019