* Posts by Walter Bishop

1314 posts • joined 16 Jan 2016

Page:

Twitter: Don't panic, but we may have leaked your DMs to rando devs

Walter Bishop
Silver badge
Big Brother

Msg leak bug present in Twitter API

Do you think this feature was included under instructions from a Government agency, and Twitter is only now coming clean after being found out by some third party. Or maybe the Ruskies or Chinese or NORKs or Iran hacked the API?

0
2

The curious sudden rise of free US election 'net security guardians

Walter Bishop
Silver badge
Big Brother

China’s massive Aurora attacks on Gmail in 2009?

“After China’s massive Aurora attacks on Gmail in 2009” elReg 2018

“In order to comply with government search warrants on user data, Google created a backdoor access system into Gmail accounts. This feature is what the Chinese hackers exploited to gain access”, Bruce Schneier Jan 2010

“Google provided no evidence that China was even indirectly involved in the attacks targeting its source code.”, elReg Jan 2010

“it’s the Wizard of Oz-like enigma of Russia, which doesn’t just hack systems, but uses fake news, confusion, and the tragic anger-of-the-commons as a sort of mind-hack on entire populations”, elReg 2018

“Classified memo shows the CIA has sought to influence the US media and how journalism is taught since at least 1984”, Edward Snowden

6
1

Congrats on keeping out the hackers. Now, you've taken care of rogue insiders, right? Hello?

Walter Bishop
Silver badge
Terminator

The logical application of UAM over UEBA

The logical answer to misbehaving insiders is user activity monitoring (UAM) and/or user and entity analytics (UEBA)

The logical answer is to encrypt all users data, failure to do so should be grounds for dismissal. Require a hardware security dongle present on the client to access that data. Given the nature of modern systems, relying on a firewall and deep packet inspection is just so much palliative medicine as in it won't prevent the patient from catching a 'virus'.

0
0

Patch for EE's 4G Wi-Fi mini modem nails local privilege escalation flaw

Walter Bishop
Silver badge

Security procedures are good – follow them and you get to keep your job

Walter Bishop
Silver badge
Linux

The real threat to your business

uTorrent, WireShark, Powershell, Ccleaner, SnippingTool, FreeWatch, DontSleep, PDF converters and Caffeine were among the more common risky apps.”

Risky apps, you have got to be kidding. This report, just an excuse to trash Opensource. It's also an insult to IT techie everywhere who do a thankless task. The real threat to your business is the accounts department, oh and a certain software company, that musn't ever be mentioned in relation to security violations.

1
0

Euro bureaucrats tie up .eu in red tape to stop Brexit Brits snatching back their web domains

Walter Bishop
Silver badge

The real lessons of Brexit

Back in May, the European Commission stunned the DNS community – including the company that runs the .eu registry, EURid – by announcing it would scrap 300,000 .eu domain names owned by UK residents due to the country's planned exit from the union.”

Such actions on behalf of the European Commission are a punishment for GB deciding it wanted to run its own affairs and a deterrent to anyone else who is thinking of doing the same. The fact is the EU has already split into a two-tier system with a German-France alliance running it for their own benefit and the rest take the hindmost, effectively reduced to client states of the Greater-German .. er .. Europe. The treatment Greece has received since joining the EU being a typical example.

19
11

M-M-M-MONSTER KILL: Cisco's bug-wranglers swat 29 in single week

Walter Bishop
Silver badge
Mushroom

Cisco roaming privilege escalation vulnerability

“The Umbrella Roaming Client from Cisco OpenDNS includes a service named Umbrella_RC which is executed as SYSTEM on startup .. The service looks for two Windows binaries in a non-standard path, as seen in Figures 2 and 3, prior to finding them in the Windows System directory allowing us to perform a “Binary Planting” exploitation:” ref

Why didn't Cisco pick up these vulnerabilities in the testing and debugging stage of these security devices, they do actually have a department dedicated to such an important task?

0
0

Could you hack your bosses without hesitation, repetition or deviation? AI says: No

Walter Bishop
Silver badge
IT Angle

Baselining and AI-driven security

AI-driven security, some sort of technological snakeoil, similar to the current fashion for attaching everything to AI or blockchain, to gave it credibility.

The network perimeter has been compromised by attackers, threats, and risks on both sides of the firewall.”

Don't have an inside to hack, have all internal transactions implimented using encryption and kerberos one time tickets or some such. Put everyone on the outside and impliment a full irrevocably audit trail with a hardware dongle required to attach to the system.

1
0

Revealed: British Airways was in talks with IBM on outsourcing security just before hack

Walter Bishop
Silver badge
Terminator

BT was going to outsource security says leaked memo.

I call baloney on this leaked internal memo, a retrospective attempt by BT executives to put a positive spin on the hack. I think the tell was where the memo mentions consulting their own IT staff. Besides outsourcing security has to be the dumbest idea ever. Security has to be baked in from the design stage and not implimented from a call center in India.

ps: nobody who wants to be taken seriously ever uses cyber in a sentence.

5
15

Cybercrooks home in on infosec's weakest link – you poor gullible people

Walter Bishop
Silver badge

Re: Lambs to the slaughter

Restrict Internet access for example, only allow business emails, segregate areas of the business that need unfiltered interactions,... All technically possible.” .. and use a computer that doesn't run remote executables by clicking on a malicous weblink.

2
0

Premera Blue Cross hacker victims claim insurer trashed server to hide data-slurp clues

Walter Bishop
Silver badge
Mushroom

Staging computer A23567-D

What class of a computer was it that could be compromised for at least eight months without anyone noticing?

0
0

Cloud-slingers get 3-week extension to pitch for Pentagon's JEDI contract

Walter Bishop
Silver badge
Terminator

Enterprise-level computing in the war cloud

Is it wise, putting all your war machine communications in the 'cloud'?

4
0

Microsoft sharpens its claws to cut Outlook UI excess, snip Ribbon

Walter Bishop
Silver badge
IT Angle

Re: Meet the Fockers

Julie Larson-Green .. oversaw the successful launch of .. Windows 7 .. She has had between 1,200 and 1,400 program managers, researchers, content managers and other members of the Windows team reporting to her.”

Amazing how a handfull of people came up with Go's PenPoint OS or BeOS

4
2

Silence! Cybercrime's Pinky and the Brain have nicked $800k off banks

Walter Bishop
Silver badge
Mushroom

First investment of $5,000 was repaid in a week.

We started with a small lab in MSTU but very soon we could rent our own office. The first investment of $5,000 was repaid in a week when we got our first investigation.” ref

Who said you can never make money out of Microsoft Windows :]

1
0

Go Pester someone else: TSB ditches CEO over bank's IT meltdown

Walter Bishop
Silver badge
Facepalm

Interface problems with TSB migration

May 2018: “If you had taken due notice of our concerns regarding the migration of customers onto Proteo4UK, which were coming directly from members working on the project and involved in the testing , TSB's IT fiasco could have been avoided.” ref

April 2018: “Are @TSB developers seriously coding live changes in production? I've found loads of ugly debugging logs in the code which are being spat out in the browser console. I don't dare to imagine what mess they have in the back-end.” ref

Dec 2017: ‘Proteo4UK is running “in a very active mode” out of two new data centres in the UK. In case of a disaster in one of the centres, all critical services will switch “with no interruption or loss of customer data, transactions or services”’ ref

June 2017: “Welcome to the Banco Sabadell Open API .. Our API is RESTful, we use JSON format and OAuth 2.0 authorization." ref

June 2015: “Banco Sabadell acquires Banco CAM: leveraging a cloud computing strategy” ref

March 2015: “Management track-record: IT Know-how Proteo4 Roadmap” ref

11
0

TSB goes TITSUP: Total Inability To Surprise Users, Probably

Walter Bishop
Silver badge
Facepalm

TSB demonstrates agile and flexible in the 'cloud'

We have created a more digital, agile and flexible TSB,” stated Paul Pester, CEO of ... It is hosted on the Amazon Web Services (AWS) cloud.” ref

Yer average agile computing solution in the cloud, a cobbled together smörgåsbord of web server, database, scripting engine, all stuck together with sealing-wax and chewing gum .. in the cloud ...

2
0

BT scoops Home Counties chunk of new NHS IT contract

Walter Bishop
Silver badge

Secure patient data in the cloud

BT reckoned the deal will help medics get themselves and their patients' data on the cloud, and then to "access patient data securely over high-bandwidth digital connections".’

Will it be as secure and agile as the TSB backend? Has BT provided such a service on such a scale anywhere else on the planet and if so, can we see it working, before HM Gov invests our money in such an enterprise.

5
0

Big Baboon ain't gibbon up: SAP, HP accused of aping software squirt's e-commerce patent

Walter Bishop
Silver badge
Facepalm

Automated business functions across multiple business domains

A method comprising the steps of: providing an end-to-end, business-to-business, e-commerce business automation software for automation business functions across multiple business domains.”

WTF! .. Who Is Big Baboon Inc.? .. appariently a serial patent troll. Big Baboon Corporation v. Dell, Inc.

3
0

Hackers faked Cosmos backend to hoodwink bank out of $13.5m

Walter Bishop
Silver badge
Facepalm

Hack against third-party interface

Ahem ...

Hackers were then in a position to establish a malicious ATM/POS switch in parallel with the existing (legit) system before breaking the connection to the backend/Core Banking System (CBS) and substituting their own counterfeit system in its place.”

What was this ATM/POS switch even doing on the Internet?

3
0

Windows 0-day pops up out of nowhere Twitter

Walter Bishop
Silver badge

Re: More cloud anyone?

‘"U$oft " to whose benefit is this?’

A more appropriate title would be Ubersoft :]

1
1

Black hats are baddie hackers, white hats are goodies, grey hats will sell IP to kids in hoodies

Walter Bishop
Silver badge
Terminator

Insider threats to your IP

Not all insider threats to your IP are malicious .. such as visiting unsafe websites, clicking on links in emails from people they don’t know, or plugging outside USBs into their work computersref

Good Grief :]

3
0

Voting machine maker vows to step up security, Fortnite bribes players to do 2FA – and more

Walter Bishop
Silver badge
Big Brother

ES&S harden its voting machines from hackers

Just who in their right-minds connects a voting machine directly to the Internet? Election Systems and Software (ES&S) that's who, who sometime back acquired Diebold’s voting machine division ‘Premier Election Solutions’. What is the make of hardware and software that these voting products run on?

ES&S .. was expanding its work with .. Homeland Security .. includes the installation of advanced threat monitoring and network security monitoring

Is it wise giving the state security apparatus full control over the voting process, especially as there is no paper trail. If a malicous actor were to come to power, s/he could manipulate the vote in his/her favour.

8
0
Walter Bishop
Silver badge
Facepalm

Security devices and web interfaces

Researchers at Project Insecurity have detailed a vulnerability in SOLEO's IP relay technology that disclosed sensitive files on affected installations. For example, the following HTTPS request to a vulnerable service”...

The solution being, don't put a web anything on security devices, remove the http server, remove the http browser, remove the java interpretor etc. and learn to use command-line tools and configuration scripts.

This vulnerability exists due to the fact that there is improper sanitization on the ‘page’ GET parameter in servlet/IPRelay. A developer should always check for dangerous characters in filenamesref

2001 is calling and want's its Directory Traversal attack back :]

4
0

Uni credential-swiping hack campaign linked to Iranian government

Walter Bishop
Silver badge
Facepalm

SecureWorks and Q4 earnings

“SecureWorks has sunk to new all-time lows on the back of its Q4 earnings report.” ref.

Is there some way of filtering out this kind of Russian/Chinese/Korean/Iranian cyber waffle?

1
0

Winner, Winner, prison dinner: Five years in the clink for NSA leaker

Walter Bishop
Silver badge
Facepalm

I call baloney on this whole story

I call baloney on this whole story, a pretext to insert the Russia-hacked-voting-machines meme into the zeitgeist Good Day Sir!

6
21

Tax the tech giants and ISPs until the bits squeak – Corbyn

Walter Bishop
Silver badge
Big Brother

Re: Roj blake

>> The "International Definition of Antisemitism" makes speaking out against the state of Israel an anti-semitic act.

> No, no it does not.

Do you think all these antisemitic accusations are a pretext to beat-up Corbyn, just in case he actually gets into power. For instance, there's a video online of a group of people at a Corbyn press conference, where one gets up to ask a question on 'antisemitism' and the rest signal each other and stage a walk-out. Press conference sucessfully hijacked. Why would ostensablly 'labour' supporters be so desperate to sabatage their own leader?

11
3
Walter Bishop
Silver badge
IT Angle

The BBC had a chance to compete honestly with other content providers?

They did once have a coherent digital policy but got shutdown through inxplicable execution mis-steps and legal challenges by News Corp, as presumably that would have cut into SKY revenue.

March 2006: Ashley Highfield, director of the BBC's new media division, shared a platform with Microsoft boss Bill Gates

April 2008: BBC technology chief bounces on to Project Kangaroo

July 2008: Huggers confirmed as BBC new media director

Aug 2008: Chris Dobson leaves Microsoft for BBC Worldwide

Feb 2009: Microsoft Online Chief Baylay Joins BBC After Highfield’s Arrival

Aug 2009: The BBC's former digital chief is now driving Microsoft's UK online operations

Nov 2009: Microsoft has been in talks with the media giant News Corporation

0
0
Walter Bishop
Silver badge
Big Brother

BBC an even worse version of Faux News

In the digital age, we should consider whether a digital licence fee could be a fairer and more effective way to fund the BBC .. This could also help reduce the cost of the licence fee for poorer households.”

BBC an even worse version of Faux News. For one such example, listen here at 8:41 where the BBC chappie cuts off the interviewee when she tries to correct him on the China/Taiwan one nation agreement. The one signed by Nixons administration.

4
5

Juno this ain't right! Chinese hackers target Alaska

Walter Bishop
Silver badge
Facepalm

Chinese attack on US government facilities

Just who will protect us from these Chinese commie bastards. You would think Tsinghua would be clever enough to disguise their location. What would be interesting to know is the nature of the computing infrastructure and how they got in.

2
0

Criminals a bit less interested in nicking Brits' identities this year

Walter Bishop
Silver badge
Facepalm

ID fraud drops to four-year low

It isn't ID fraud, it's criminals stealing money from a bank:

Mitchell and Webb Identity Theft

1
0

India's Cosmos bank raided for $13m by hackers

Walter Bishop
Silver badge
Alien

Report points finger at North Korea for cyber-heist

I say it was shape shifting reptilian humanoids from a planet in the Alpha Draconis star system.

0
0

Former NSA top hacker names the filthy four of nation-state hacking

Walter Bishop
Silver badge
Terminator

NSA complains about russian hackers irony meter self destructs

According to Joyce there are four primary actors when it comes to states hacking states: Russia, China, Iran and North Korea

Just so happens to be the target of the US deepstate, you know the real rulers of America, the ones who tried to depose a sitting president and want to start a new cold war in Europe.

Russian hackers are constantly trying to penetrate key US networks

Even if this were true, so what and what are they even doing connected key networks to the Internet. Seriously, elReg editors, giving a platform to this neocon waffle is just going to dilute your own reputation as impartial tech journalists.

7
2

Hi-de-Hack! Redcoats red-faced as Butlin's holiday camp admits data breach hit 34,000

Walter Bishop
Silver badge
Linux

Re: "responded to a phishing email"...

"Did some numpty actually send the personal details of 34,000 people to someone outside the company in response to a phishing email, or did they just activate some malware by clicking-on-the-link?"

Does it really matter?’

Well, one is a clerical error and the other is a major defect in the underlying innovation :]

0
0
Walter Bishop
Silver badge
Terminator

Causality violations and phishing emails

"All breaches of personal information create a heightened risk from phishing emails and ID theft."

HAL 9000: I'm sorry Dave, but that sentence don't even parse. That would be like the the fault in the AE35 unit in the future created my psychotic breakdown in the past.

0
0

Crims hacked accounts, got phones, resold them – and the Feds reckon they've nabbed 'em

Walter Bishop
Silver badge
Facepalm

Looks like they were chasing Hispanic victims?

Looks like they were chasing Hispanic victims .. These days, in the US, they can kick you out if you've ever committed or been accused of a crime - speeding, littering etc.” Version 1.0

How about they apply for an Employment Authorization Document (EAD), provide the paperwork and then legally enter the country. Instead of jumping the queue, having children in the US and then expecting the US to automatically grant them residency.

This reminds me of the French Interior Ministers responce to the massive influx of migrants from North Africa that were allowed to travel unimpeded across Europe to Calias. Why don't HM gov open the border and take *their* refugees. ref

1
0
Walter Bishop
Silver badge
Facepalm

Cyber-criminals nabbed through IP addresses.

"To take down the alleged ring, authorities executed a search warrant on a residence in Mt Vernon, New York, on August 15, 2017. Two IP addresses linked with the residence were associated with at least 3,300 cell phone accounts at an unidentified service provider."

I think these cyber-criminals somehow didn't understand how TCP/IP actually worked.

0
0

UK govt's top tech heavyweight Maxwell quits for Amazon job

Walter Bishop
Silver badge
IT Angle

Where's the tech angle?

Liam Maxwell .. will have seen the progress of companies, including AWS, in winning deals in various government departments, notably and controversially HMRC.”

* Government minister steers massive contracts to the private sector.

* Private sector slings big paying job to government minister.

‘Yes Minister - Jobs for the boys

4
0

Cisco let an SSL cert expire in its VPN kit – and broke network provisioning brokers

Walter Bishop
Silver badge
Facepalm

Re: Manual Patch?

> How about being able to install your own or some other certificate?

Because the average cisco certified techie has never used anything else except a web browser and wouldn't know how. Cisco has multiple paths for certification; entry, associate, professional, expert, architect, routing and switching, cloud, cyberOps, industrial, security. Now tell me again, where do I click :]

0
2

Porn parking, livid lockers and botched blenders: The nightmare IoT world come true

Walter Bishop
Silver badge
Linux

IoT devices can send your bank account details to cybercriminals

that locker at the gym may be used to send your bank account details to cybercriminals.’

How about you put a switch on your IoT devices rendering them read-only?

1
0

MikroTik routers grab their pickaxes, descend into the crypto mines

Walter Bishop
Silver badge
Linux

RouterOS is MikroTik's stand-alone operating system

RouterOS is MikroTik's stand-alone operating system based on linux v3.3.5 kernel. The following list shows features found in the latest RouterOS release:’

0
0

Alaskan borough dusts off the typewriters after ransomware crims pwn entire network

Walter Bishop
Silver badge
Linux

Matanuska-Susitna ransomware infection

A ransomware infection has cast the Alaskan borough of Matanuska-Susitna

By any chance, did this ransomware infection run under Microsoft Windows?

0
0

TSMC chip fab tools hit by virus, payment biz BGP hijacked, CCleaner gets weird – and more

Walter Bishop
Silver badge
Linux

Linux's leaky timer bug

“A researcher have detailed a bug in the Linux kernel that can be exploited to leak sensitive data”

Shouldn't that be a 'computer' timer bug, like the virus that infected the TSMC 'computers'

0
0

UK.gov ploughs cash into creaky police technology

Walter Bishop
Silver badge
Facepalm

Re: Microsoft

> Calling it an almighty clusterfuck is being kind. The primary task for the system is to assign resources (cops) to tasks (robbers, etc), but its so slow that it's completely unusable.

Maybe the crooks should be given access to the system. After all and lately that's the only way of getting a police responce to 'low-level' crimes. On the other hand, they will offer a call from the Victim Support Unit. How about shutting the Victim Support Unit and spending the money on police salaries.

1
1

SMS 2FA gave us sweet FA security, says Reddit: Hackers stole database backup of user account info, posts, messages

Walter Bishop
Silver badge
Linux

Re: Should have used a hardware dongle

> Then they'll just hack the source and reverse-engineer the implementation.

There is no source or implementation to attack, the dongle runs on a Field Programmable Gate Array (with added noise circuit to prevent side channel attacks) with any number of permutations to provide functionality. Each U2F token contains a unique key. Reverse-engineering one key provides no usable information on any other. If the token gets lost or stolen then the key is revoked.

2
0
Walter Bishop
Silver badge
Terminator

Should have used a hardware dongle

U2F Explained: How Google and Other Companies Are Creating a Universal Security Token”

2
0

Linux kernel 4.18 delayed: Bug ate my rc7, says Linus Torvalds

Walter Bishop
Silver badge
Facepalm

Re: That's the advantage of running Windows...

> Microsoft would never dream of delaying a forced Windows update due to bugs being found, so Windows people always get the new stuff first!

Sixty upvotes: you all do realize he's being sarcastic ?

7
6

Please forgive me, I can't stop robbing you: SamSam ransomware earns handlers $5.9m

Walter Bishop
Silver badge
Big Brother

Re: Guilt?

> I've a fiver on the 'legacy' Internet eventually being closed down for a completely regulated and patrolled one ..

There's nothing wrong with the Internet that needs fixing. The defects lay in the crapware connected at either end. I also suspect security on our devices are diluted so as to allow the security people keep an eye on us potential subversives and/or such hacking incidents are allowed precisely so as the surveillance industry can step-up to protect us from the cyber terrorists.

--

the only way to be happy is for everyone to be made equal

0
1
Walter Bishop
Silver badge
Terminator

What can save us from this malicious computer ransomware infestation

Does this run on anything other than Microsoft Windows? I see the only solution being to introduce the death penality for writing malware.

0
0

The internet's very own Muslim ban continues: DNS overlord insists it can freeze dot-words

Walter Bishop
Silver badge
Alien

Objections to TLD being added to the Internet

US-based ICANN placed the applications for .islam and .halal "on hold" in 2014 after a number of Middle Eastern governments objected to the top-level domains being added to the internet

The Organization of Islamic Cooperation has repeated its objection to the gTLDs .islam and .halal ever seeing the light of day.”

3
0

Microsoft devises new way of making you feel old: Windows NT is 25

Walter Bishop
Silver badge
Facepalm

IBM's OS/2 foundered on the rocks of Microsoft's Windows.

Windows NT .. Originally intended as a successor for IBM's OS/2, before the collaboration between the two companies foundered on the rocks of the success of Microsoft's Windows

Haaa .. you're a funny guy :]

--

let your plans be dark and impenetrable as night, and when you move, fall like a thunderbolt”, Donald J. Trump

0
4

Page:

Forums

Biting the hand that feeds IT © 1998–2018