* Posts by Walter Bishop

1468 posts • joined 16 Jan 2016

Windows Defender ATP is dead. Long live Microsoft Defender ATP

Walter Bishop Silver badge
Linux

Microsoft extends protection to other Operating Systems?

As part of Microsoft's ongoing effort to move beyond Windows with the likes of Microsoft 365, it is extending this protection to other operating systems.”

What is going to defend these Operating Systems from Microsoft Defender?

While Microsoft has published the definition for the data it is collecting, Anderson stated the obvious, "When you sign up to use this threat and vulnerability management, that does get commensurate with a level of that telemetry. And so it ties into a level of telemetry that you have to enable on Windows that is published."

I'm sorry, I must be having a slow day but that sentence isn't at all obvious to me. Could someone translate it into simple English?

“Wary perhaps of the notoriously litigious world of anti-virus”

Microsoft Security Essentials: Disclaimer of Warranty

Sorry, Linux. We know you want to be popular, but cyber-crooks are all about Microsoft for now

Walter Bishop Silver badge
Linux

How to put a positive spin on Microsoft in-security?

Sorry, Linux. We know you want to be popular, but cyber-crooks are all about Microsoft for now

This is the same kind of meme Microsoft have been shoving for decades. Linux doesn't get hacked not because it's secure but because it isn't popular.

Eight out of the ten most exploited vulnerabilities tracked by threat intelligence biz Recorded Future in 2018 targeted Microsoft products

What else would a Windows vulnerability target except Windows and hacks don't target product they target Operating Systems.

Contextualized threat intelligence is a vital component of any truly proactive security strategy.

How about a ‘computer’ that can't be hacked by opening an email/document?

Brexit text-it wrecks it: Vote Leave fined £40k for spamming 200k msgs ahead of EU referendum

Walter Bishop Silver badge
Big Brother

Vote Leave fined for promoting Brexit

@Snowy "I do not see why the leaver could object, if leaving is truelty the "WILL OF THE PEOPLE" then another vote should confirm this."

a. Scare the electorate with bogus stories of troops being deployed and food shortages.

b. Sabotage the negotiations in Brussels.

c. Then call for a second referendum.

I thinks it extraordinary and an attack on democracy that the courts are being used to punish people for exercising their democratic right to campaign in a referendum.

Ransomware drops the Lillehammer on Norsk Hydro: Aluminium giant forced into manual mode after systems scrambled

Walter Bishop Silver badge
Terminator

Ransomware outbreak hits Norwegian ‘computers’

Phil Neray .. told The Register that it was inevitable hackers would look to get ransomware onto networks at manufacturing and power giants, given how valuable system uptime is in those environments

Then why not connect your valuable system environments using VPNs runing on read-only embedded hardware. If you don't know how to do that then maybe you're not tempermentally suitable for a career in IT.

-------

19.01.2019

Cyber Attack Against the Hydro Network

Please do not connect any devices to the Hydro Network. Do not turn on any devices connected to the Hydro Network.

Please disconnect any device (Phone/Tablet etc.) from the Hydro Network.

Await new update.

- Security

UK code breakers drop Bombe, Enigma and Typex simulators onto the web for all to try

Walter Bishop Silver badge
Big Brother

Re: Explain like I'm five ..

> Was the flaw in enigma enough to crack it or was it only possible due to poor opsec?

I guess without the cribs, the answer would be no, at least not with the technology available at the time, a massive achievement all the same. I read somewhere they dismantled the equipment at the end of the war and shipped it off to the US. If they'd commercialized the technology then silicon valley could have happened here.

Thanking you @Mike Dimmick:

@Mark 85: Using "Heil Hitler" to close the msg must be an urban legend. I read somewhere that the cribs or clues were gotten as the initial key was repeated twice and the msgs used similar phrases for weather reports and enemy sightings.

Walter Bishop Silver badge
Big Brother

Explain like I'm five ..

Enigma machines turn text into ciphertext and back again; they were used by the German military, among others, to encrypt and decrypt messages during the Second World War.”

And any WW2 enigma msg can be cracked in minutes using a current desktop computer. What's the difference between ‘rotor ring settings’ and ‘rotor initial value’ ref?

What made a super high-tech home in Victorian England? Hydroelectric witchery, for starters

Walter Bishop Silver badge
Coat

Nerds only toil for the sake of creation?

“But Armstrong was no nerd, toiling for the sake of creation: his inventions were intended to simply make Cragside work better and ..”

A nerd is by definition someone who wants to make things work better and there would be quite a few hanging round here.

Hackers cop a FILA thousands of UK card deets after slinking onto clothing brand's servers

Walter Bishop Silver badge
Facepalm

JavaScript intercepts credit card data?

“One-line card stealing code downloads a JavaScript Sniffer once a customer lands on a checkout page, which intercepts credit card data and sends it to local storage.”

Demonstrating yet again the unsuitability of using Credit Card numbers for online financial transactions.

Airlines in Asia, Africa ground Boeing 737 Max 8s after second death crash in four-ish months

Walter Bishop Silver badge

MCAS automatic trimming system

In order to accommodate the larger engine Boeing moved it forward of the wing and mounted it with extended nacelles. This had the unintended consequence of causing the plane to pitch nose-up. The solution being to install the MCAS system which forces the plane to pitch-down when it falsely detects a stall situation, such as incorrect readings from the air-speed indicators. Such a configuration is especially dangerous in the take-off phase. MCAS was installed without informing the pilots or giving them the ability to disable it. I think it a flawed model, where the computer can override the pilot.

Iranian-backed hackers ransacked Citrix, swiped 6TB+ of emails, docs, secrets, claims cyber-biz

Walter Bishop Silver badge
Mushroom

Remote-desktop giant hacked using remote-desktop software?

Remote-desktop giant hacked using remote-desktop software and had to wait for the FBI to tell them about it. Why is it that these cyber criminals are only ever from one of China/Iran/North Korea ..

Buffer overflow flaw in British Airways in-flight entertainment systems will affect other airlines, but why try it in the air?

Walter Bishop Silver badge
Linux

Thales TopSeries i5000 potential safety implications

"There are potential safety implications here, so testing an IFE in an airplane with passengers on board is unwise."

I thought these consumer systems were isolated from the planes avionics.

"The Register can reveal that the affected software is in fact made and maintained by Thales Group under the trade name Thales TopSeries i5000"

What would be interesting to know is what Operating System the Thales TopSeries i5000 runs on and why weren't such bugs picked up in the developenent and testing phase.

Level up Mac security, and say game over to malware? System alerts plus Apple game engine equals antivirus package

Walter Bishop Silver badge

Re: Malware and vulnerability exploits on Macs

> Certainly example of Adobe and Microsoft led raids

For the two down voters: “To even start carrying out this Rube Goldberg–style attack, a hacker would need a victim to already have some form of malware running on their computer.” ref

Walter Bishop Silver badge
Linux

Malware and vulnerability exploits on Macs

"Macs are softer targets, they're easier to attack, and Mac users are overconfident."

Are there any examples of Apple malware of the click-and-get-infected variety. That achieves root by opening an email attachment or clicking on a malicious weblink?

One-time Mars InSight Lander engineer scores $1.5m redress over whistleblower sacking

Walter Bishop Silver badge
Mushroom

ManTech committing fraud against the American government

David Lillie was able to "prove, by a preponderance of the evidence, that he had a good faith belief that ManTech was committing a fraud or falsehood" against the American government "to obtain the payment of money", according to a US jury verdict

What exactly was the nature of this fraud and were anyone at ManTech ever held to account and subject to legal sanctions? I figure ManTech was triple-dipping, as in putting in fake invoices for work not-done.

McAfee: Oops, our bad. Sharpshooter malware was the Norks' Lazarus Group the whole time

Walter Bishop Silver badge
Mushroom

Re: McAfee and the Nork malware

It was a rhetorical question, I don't see any mention of MI^H^H^H^H^H~1 WI^H^H^H~1 in that report.

Walter Bishop Silver badge
Big Brother

McAfee and the Nork malware

How does this Nork malware get onto your “computer”

We're not throttling you, says Vodafone, claiming slow vid streaming is down to the 'cards'

Walter Bishop Silver badge
Big Brother

Technical issue to blame for streaming video jitter?

‘"technical issue" is to blame for some broadband customers being unable to stream video’

Maybe the NSA hooks are causing the slowdown, I mean rerouting everything through Utah and back again ref.

When the bits hit the FAN: US military accused of knackering Russian trolls, news org's IT gear amid midterm elections

Walter Bishop Silver badge
Big Brother

NSA attacks Russian infrastructure then accuses Russia of same

“an organization based in St. Petersburg that US officials blame for spreading misinformation through social media to sow discord and interfere with elections.”

And that's our job :]

“The report lends support to claims that the US military conducted offensive cyber operations in Russia last year to prevent interference with the 2018 midterm elections.”

What is Cambridge Analytica? The firm at the centre of Facebook's data breach

The case of the missing 300 Swiss francs: WIPO fires CIO following probe into allegations of fraud

Walter Bishop Silver badge
Facepalm

Letter regarding WIPO reprisal against Mr. Wei Lei

“We are writing to you on behalf of the three staff federations of the UN common system, CCISUA, FICSA and UNISERV, representing 120,000 international civil servants worldwide, regarding what would appear to be a serious act of reprisal against Mr. Wei Lei” link

Wanted: DVLA CTO. Must love cloud, open standards, agile – and retiring outdated kit

Walter Bishop Silver badge
Devil

re: Wanted: DVLA CTO. Must love cloud, open standards, agile – and retiring outdated kit

> And combined with that one is just more shiny Unicorn poo.

I don't think the author of that article fully realized the cynical nature of elReg commentators :]

Walter Bishop Silver badge
Linux

Component-based non-old world tech architecture

the CTO will be responsible for continuing this "ambitious transformation programme", part of which is to kick the agency’s reliance on old world tech into touch and move to a component-based architecture

Pseudo technical sounding waffle .. in the cloud .. in the cloud .. in the cloud ...

In a January blogpost, the agency said it was planning to launch "several" new services this year, including the ability to register a vehicle and trailer, and apply for a tachograph card – which records information about driving time, speed and distance – online.’

WOW, in the future you can register your vehicle online, jeez, what cutting innovation

Thunder, thunder, thunder... Thunderclap: Feel the magic, hear the roar, macOS, Windows pwnage tools are loose

Walter Bishop Silver badge
Linux

IOMMU based DMA protection from malicious devices

“This includes automatic enabling of IOMMU based DMA protection from possibly malicious devices connected through Thunderbolt ports. In addition we make sure PCIe ATS (Address Translation Service) is not enabled for such devices to prevent them from passing IOMMU protection.” link

Huawei hasn't yet fixed its security vulns, says UK's NCSC overseers

Walter Bishop Silver badge
Terminator

Credible plan for dealing with security shortcoming?

“Huawei has not showed British government overseers a “credible plan” for dealing with security shortcomings flag[g]ed in a report issued last year” theRegister

How about hiring on someone full time to test the software for security vulnerabilities.

“The Royal United Services Institute, a military-themed think tank with close links to the government, described the use of Huawei network equipment in the UK as “at best naive, at worst irresponsible” in a paper it issued today. It based this conclusion on new Chinese laws that allow the Communist state to compel its citizens to co-operate with its spies.” theRegister

“The German, French, Spanish and Swedish intelligence services have all developed methods of mass surveillance of internet and phone traffic over the past five years in close partnership with Britain's GCHQ eavesdropping agency. The bulk monitoring is carried out through direct taps into fibre optic cables and the development of covert relationships with telecommunications companies.” Guardian

CAST links arms with Software Heritage to tease out your open-source ancestry

Walter Bishop Silver badge
Linux

Re: Yet more open-source litigation FUD

@big_D: “And all the companies that got sued for using GNU/Linux at the beginning of the Century, because it also breached patents and included proprietary code? A fair few companies settled, many for 6 figures, some for 7. It is rare these days, but not unheard of.”

What were the names of these companies and the specific breach they were successfully sued over? Besides, two cases of software litigation that come to mind that don't involve open-source/Open Source are Oracle and Microsoft who both claim to ‘own’ Android. Oracle is suing Google and Microsoft is extracting a fee from the hardware manufacturers for each handset sold. Besides all of this, I thought SCO owned all of Linux. do you remember SCO sent out a letter to all fortune 1000 companies claiming a fee, whatever became of that case?

Walter Bishop Silver badge
Linux

Yet more open-source litigation FUD

‘"At-risk" components are then automatically flagged and suggestions made on what to do, giving users an opportunity to head off potential legal, IP and compliance nasties before the code seeps out into the hands of users and lawyers.’

Show us where a commercial entity was successfully sued by a third party for using Open Source in their business. Once you download the Source Code you accept the terms of the license. That is the sum total required in regards to your compliance. Anything else is open-source FUD.

US man and Brit teen convict indicted over school bomb threat spree

Walter Bishop Silver badge
Big Brother

George Duke-Cohan aka 7R1D3N7 aka DoubleParalla aka optcz1

Duke-Cohan being arrested

R -v George Duke-Cohan Sentencing Remarks

Surface Studio 2: The Vulture rakes a talon over Microsoft's latest box of desktop delight

Walter Bishop Silver badge

Microsoft's latest Surface Studio 2:

Why does the design, color scheme and keyboard remind me of an Apple?

Bad news for WannaCry slayer Marcus Hutchins: Judge rules being young, hungover, and in a strange land doesn't obviate evidence

Walter Bishop Silver badge
Big Brother

Hutchins received notice of his Miranda rights?

"Hutchins argues that there is insufficient evidence that he received notice of his Miranda rights. This argument is a non-starter, in part because Hutchins acknowledges that he was read his rights."

I distinctly recall reading that he wasn't read his Miranda rights before making any allegedly incriminating statements.

Lenovo ThinkPad P1: Sumptuous pro PC that gets a tad warm

Walter Bishop Silver badge
Linux

Lenovo ThinkPad Operating System

“Operating System Up to Windows 10 Pro for Workstations”

Can you put Linux on it?

Patch this run(DM)c Docker flaw or you be illin'... Tricky containers can root host boxes. It's like that – and that's the way it is

Walter Bishop Silver badge
Terminator

Re: A big told ya so.

> Why would you want to hire separate security, network, and OS guys, with decades of combined experience? Developers fresh out of school with maybe one or two languages, and a couple of years of practice can do it all, right? No? Big surprise.

The OS people: We'll rely on the app developers to write safe code to trap errors.

The APP people: We won't bother testing for boundary violations as the OS will trap errors.

Walter Bishop Silver badge
Mushroom

Runc the default container runtime for Docker

Why wasn't this picked up at the development phase. They do actually have someone tasked with hunting up potential security violations. If not they have no business releasing this to a production environment.

It's 2019, and a PNG file can pwn your Android smartphone or tablet: Patch me if you can

Walter Bishop Silver badge
Facepalm

Maliciously image could execute code

The worst vulnerability in the latest monthly batch, according to the ad giant, is one in which a maliciously crafted PNG image could execute code smuggled within the file, if an application views it.”

Why is this kind of thing still happening in the year of Ano Domini 2019, Anno Hegirae 1440, Common Era 2019.

Website programming? Pffft, so 2011. Python's main squeeze is now data science, apparently

Walter Bishop Silver badge
Alien

Python now used more for data science

Not only that, Python is also used on the communication devices on Counterpart.

Huawei pens open letter to UK Parliament: Spying? Nope, we've done nothing wrong

Walter Bishop Silver badge
Terminator

Room for improvement with Huawei product design processes.

In the interests of security, the first thing Huawei should do is to remove hyperlinks and metadata from their PDF documents, this one was created with ApeosPort-IV C3373. This embedded URL http://purl.org/dc/elements/1.1/ points to a persistent URL that can be remotely redirected to a different resource, which means you have no real idea as to what it is opening. The second thing I would do is check the firmware in the ‘FujiXerox ApeosPort-IV C3373’. The third thing I would do is task someone for checking Huawei devices for security violations before shipping to the market.

LibreOffice patches malicious code-execution bug, Apache OpenOffice – wait for it, wait for it – doesn't

Walter Bishop Silver badge
Linux

Where is calc.exe on my computer?

calc.exe

Tedious Service Bulletin: No prizes for guessing which UK bank's services are DOWN for business users

Walter Bishop Silver badge

Upcoming report from UK's Huawei handler will blast firm for unresolved security issues

Walter Bishop Silver badge
Devil

We'd like you to put our back-doors back into your equipment.

FAIL The US push back against Huawei is simply an ... attempt to get people to install NSA compliant CISCO and other equipment. Makes it easier for GCHQ, too.”

They're a very cynical bunch round here :]

'Numpty new boy' lets the boss take fall for mailbox obliteration

Walter Bishop Silver badge
Linux

Novell NetWare and roaming profiles

“We had Windows NT 4.0 workstations for the most part, and the user accounts all used roaming profiles”

I've never seen ‘roaming profiles’ working even when they did work, minutes waiting for the profile to be copied down to the client and minutes waiting for the client to be copied back to the server usually because some process is keeping NTUSER.DAT locked.

NT 4.0 just over 18 months before, and they were seeing stability issues, especially as it related to the Novell login and roaming profiles.”

Wonder why that was:

On 05-21-98, I called our Microsoft Premiere Support number to request help with the conflict between GW and Outlook 98 .. I got a call from Adam. He told me that MS views the way Outlook 98 was operating as a "Feature", not a bugref

Below is the text of 2 messages sent previously regarding header files and libraries for implementing a Windows 95 Password Provider. To date, we have had no response, but we need this informationref

My MAPI service providers that used to work in the M7 time frame (January beta) no longer seem to work.” ref

It should be noted that these bugs, for the most part, are not problems with our software (the Win95 bugs are problems we addressed with Microsoft which they refused to fix).” ref

Open sourcerers drop sick Fedora Remix to get Windows Subsystem for Linux pumping

Walter Bishop Silver badge
Linux

What's the benefit of this over native?

It gets the ‘Microsoft Linux’ ™© meme into the zeitgeist.

Hadoop coop thrown for loop by malware snoop n' scoop troop? Oh poop

Walter Bishop Silver badge
Linux

Xbash hits a vulnerable server

If Xbash hits a vulnerable server, and can infect it, it first wipes the host's databases

How does Xbash initially infect the server and could we have a link to the actual Xbash source code?

Canonical brings some bling to the Internet of Things with Snap-happy Ubuntu Core 18 release

Walter Bishop Silver badge
Linux

Re: Linux is irrelevant

Ubuntu did try and fail with its Convergence project. Even with very deep pockets Microsoft couldn't gain traction with its Continuum project. I think both Microsoft and Ubuntu underestimated the difficulties in gaining market share on a platform they didn't have a monopoly in.

Ubuntu’s path to convergence

Continuum .. looks like a phone, does like a PC

EasyJet boss says pre-Chrimbo Gatwick drone chaos cost it £15m

Walter Bishop Silver badge
Facepalm

London's Gatwick Airport drone crisis

Seems to be yet another example of no organization or the one individual who would take responsibility for the drone crisis. Similarly, try and contact an organization and get something done. There is only a generic email or a "team" contact phone number. Phone the number and you get an answering machine that directs you to a website that directs you to the exact same phone number.

Wow, fancy that. Web ad giant Google to block ad-blockers in Chrome. For safety, apparently

Walter Bishop Silver badge
Linux

Privoxy content filtering proxy

“Privoxy is a web proxy with advanced filtering capabilities for .. removing ads, banners, pop-ups, etc.” link

Want to spin up Ubuntu VMs from Windows 10's command line, eh? We'll need to see a Multipass

Walter Bishop Silver badge

Re: Somebody had to...

Haaarrh :]

Multipass

Lawyers' secure email network goes down, firm says it'll take 2 weeks to restore

Walter Bishop Silver badge
Big Brother

Criminal Justice Secure eMail messages themselves are neither signed nor encrypted

Secure eMail | Technical Overview: CJSM Version 2.x (Information for IT Teams):

‘The overall CJSM programme is being managed by Criminal Justice IT (CJIT). CJSM does not provide “secure email” in the sense in which that phrase is normally used. The messages themselves are neither signed nor encrypted.’

“In fact, they cannot be signed or encrypted. Modifications made to the message in transit across CJSM mean that the message digests (think of these as checksums or fingerprints of the original message) used to calculate the original keys would not match those of the message received. Signature verification would fail, and decryption of the message would be impossible. This behaviour is understood and it is by design.”

US midterms barely over when Russians came knocking on our servers (again), Democrats claim

Walter Bishop Silver badge
Mushroom

One hundred and eleven mentions of Wikileaks in that document

WikiLeaks And Russian Intelligence discuss a plan to use stolen DNC documents to disrupt The Democratic National Conventionref

Nonsense, my analysis of this and other works of fiction, such as Russia stole the election through FACEBOOK adverts, is that the neocon faction in Washington concocted this in order to explain away how Trump won the election and also as part of it's long term campaign to discredit Wikileaks.

While the lawsuit does not claim that President Trump or his campaign team knew about either hacking attempt, it references the Trump campaign's and the president's repeated denials of links with Russian intelligence figures.”

Yea, Trump is a Russian mole being controlled from the Kremlin cause he's being blackmailed by Putin using the golden-shower video. The same video Putin carelessly passed onto a Christopher Steele of the MI6 :]

Or else what we're witnessing is a palace coup being staged by the deep-state and carried on in full view and with the help of some useful idiots in the media.

EDGAR Wrong: Ukrainians hacked SEC, stole docs for inside trading, says Uncle Sam

Walter Bishop Silver badge

Congress Guts STOCK Act

@Aodhhan: “About 2 years ago. The US Congress passed a law saying they could no longer do this or other things often considered 'insider trading'. They made a big thing about it--and praised themselves for it. Then six months later they very VERY quietly removed the law so they could once again do this.”

Congress Guts STOCK Act

Walter Bishop Silver badge
Mushroom

A series of sophisticated and relentless cyber-attacks?

I recall reading somewhere that: EDGAR used to post the doc to the server and then post the URL at a later date. The hack consisted of guessing the next number in a sequence of predictable URLs. Given the thirty minute window the traders had to act, this would imply they didn't have access to the back-end.

The DevOps Salary Report is in, and is great news for American men

Walter Bishop Silver badge
Facepalm

An Analysis of Reasons for the Disparity in Wages Between Men and Women

“During the past three decades, women have made notable gains in the workplace and in pay equity, including increased labor force participation, substantial gains in educational attainment, employment growth in higher paying occupations, and significant gains in real earnings .. despite these gains the raw wage gap continues to be used in misleading ways to advance public policy agendas without fully explaining the reasons behind the gap. The purpose of this report is to identify the reasons that explain the wage gap in order to more fully inform policymakers and the public” ..

“A greater percentage of women than men tend to work part-time. Part-time work tends to pay less than full-time work.”

“A greater percentage of women than men tend to leave the labor force for child birth, child care and elder care ..”

‘Women, especially working mothers, tend to value “family friendly” workplace policies more than men.’

“.. women may value non-wage benefits more than men do, and as a result prefer to take a greater portion of their compensation in the form of health insurance and other fringe benefits”. ref

No more Windows build strings for you: BuildFeed has turned off the lights

Walter Bishop Silver badge
Boffin

Microsoft did place pressure on BuildFeed

@viscount: “Can someone decode this article because I don't get it. What would MS do to force a site with a list of build numbers to close? What are "internal pressures"? It makes no sense.

BuildFeed posts information on using Microsoft Windows build strings. It seems that BuildFeed posted a Windows build-string referencing ‘rs_shell_foldables’, in the process accidentally leaking the information that Microsoft is working on a Windows version that will run on foldable devices. Shortly after BuildFeed was shut-down. BuildFeed has stated that this has nothing to do with pressure coming from Microsoft. “Were Microsoft not placing any pressure on BuildFeed, I doubt there'd be an issue”. It would be relevant to know exactly the nature of this pressure, who it is coming from and the motivation for such pressure. Was it in retaliation for leaking “s_shell_foldables”.

Biting the hand that feeds IT © 1998–2019