* Posts by Walter Bishop

1366 posts • joined 16 Jan 2016

Page:

Did you hear? There's a critical security hole that lets web pages hijack computers. Of course it's Adobe Flash's fault

Walter Bishop
Silver badge
Terminator

Type confusion and with-scope pointer caught exception

TLDR; There’s a bug in Adobe Flash. The interpreter code of the Action Script Virtual Machine (AVM) does not reset a with-scope pointer when an exception is caught, leading later to a type confusion bug, and eventually to a remote code execution.”

4
0

TalkTalk hackhack duoduo thrownthrown in the coolercooler: 'Talented' pair sentenced for ransacking ISP

Walter Bishop
Silver badge
FAIL

Individuals of extraordinary talent?

Using a well known SQL injection bug and getting caught isn't the sign of extraordinary talent.

4
0

Ethernet patent inventor given permission to question validity of his own patent

Walter Bishop
Silver badge
Joke

Method and apparatus for making toast

I hereby claim a patent on the fermented extract of wheat and yeast that has undergone a chemical alteration called the Maillard reaction through the application of infrared radiation in the 700 nm to 1 mm region of the electromagnetic spectrum.

0
1

Another Meltdown, Spectre security scare: Data-leaking holes riddle Intel, AMD, Arm chips

Walter Bishop
Silver badge
Terminator

Re: Speed vs. Security

> My reaction to all of this is I want my computer to be fast and will secure it at the edge.

'Secure at the edge' would give a false sense of security as once it's breached they have full reign over your computer. Better to have multiple encrypted data path within the computer and processes that are designed to function in a compromised environment. The innovators are really going to have to massively improve their game to defend against networked computer attacks into the future.

11
4

CISA's Palace: Congress backs new cybersecurity nerve-center for cyber-America's cyber-future

Walter Bishop
Silver badge
Alien

Re: funding ?

Is that you man-from-mars ?

0
0

Windows 10 Pro goes Home as Microsoft fires up downgrade server

Walter Bishop
Silver badge

Re: Just go Linux

> LXDE, is light and fast.

Who down voted this, go on explain yourself.

2
1
Walter Bishop
Silver badge

Re: el kabong

> .. Are we all supposed to ignore this and not point out the obvious to spare your feelings?

Nine down votes, how dare you criticize MICROS~1

1
0

Hackers seed StatCounter with nasty JavaScript in elaborate Bitcoin cyber-heist caper

Walter Bishop
Silver badge
Terminator

StatCounter platform modified by hackers.

How did the miscreants get access to the StatCounter platform. This is a clear illustration of the security implications of linking to some third party site that you have no control over.

8
0

ICO poised to fine Leave campaign and Arron Banks’ insurance biz £135,000

Walter Bishop
Silver badge
Childcatcher

ICO and the Leave campaign.

I would be more interested in the source of whoever is pushing to discredit the Brexit vote.

a) Discredit Brexit vote (and those who promoted it)

b) Sabotage the Brexit negotiations with Brussels.

c) Call for a second vote.

d) Simples.

10
17

Solid state of fear: Euro boffins bust open SSD, Bitlocker encryption (it's really, really dumb)

Walter Bishop
Silver badge
Big Brother

Fundamental flaws in SSDs encryption.

I would suspect this is more than an unintentional flaw, more likely Samsung implemented a secure encryption system and then handed it over to the spooks for review, who helpfully made some alterations, like not actually using the password to generate the key.

5
7

Cyber-crooks think small biz is easy prey. Here's a simple checklist to avoid becoming an easy victim

Walter Bishop
Silver badge
Mushroom

Re: Umm...

Two down votes, how dare you criticize MICROS~1

1
7
Walter Bishop
Silver badge
Linux

The cybersecurity challenge for SMBs

The cybersecurity challenge for SMBs is to find a computer that can't be compromised by opening an email or clicking on a weblink.

3
1

'Privacy is a human right': Big cheese Sat-Nad lays out Microsoft's stall at Future Decoded

Walter Bishop
Silver badge
Big Brother

Microsoft efforts in privacy

“Taking a page from Apple's playbook, Nadella was keen to highlight the efforts made by the Microsoft in privacy.”

Microsoft regularly shared data of India bank customers with US intelligence agencies, claims report

4
0

Cisco firewalls under attack – and there's no patch: Too many SIPs and they drown in data

Walter Bishop
Silver badge
Mushroom

Miscreants actively exploiting a SIP vulnerability

A security device itself vulnerable to attack. I would have though a company with an annual revenue of US$49.3 billion would have picked this up in the development and testing phase. Cisco does actually have a department charged with such a vital task?

2
0

This revolution will not be televised – but it will be sanctioned: Googlers walk out over 'sex pest' executive scandals

Walter Bishop
Silver badge

Re: Which is worse?

> I guess its a generational thing and the I'm offended snowflakes are at it again.

Shoosh, you'll upset the snowflakes ..

9
8
Walter Bishop
Silver badge
Facepalm

Googlers walk out over 'sex pest' executive scandals

The SJWarriors eventually turn on their own. Where's the furry, the 'expansive ornate building' and the 'yellow-scaled wingless dragonkin' ref

11
19

BT: We're stocking warehouses with kit ahead of Brexit to avoid shortages

Walter Bishop
Silver badge
Facepalm

Stockpiling in case of no trade deal

BT has got Brexit licked, it told the stock market today – the former state telco said it has modelled for the worst outcome and is stockpiling products in case the UK exits with no trade deal in place and supply chains falter.”

Explain, why would a supplier refuse to sell goods to a customer post-exit or is they yet another scare story to promote a second vote?

1
4

GitHub lost a network link for 43 seconds, went TITSUP for a day

Walter Bishop
Silver badge
Facepalm

Why did GitHub take a day to resync

To improve performance at scale .. We use Orchestrator to manage our MySQL cluster topologies and handle automated failover.”

Demonstrating the potential instability introduced by excessive complexicity in a system. There's a name for this that escapes me at this time.

15
2

50 ways to leave your lover, but four to sniff browser history

Walter Bishop
Silver badge
Linux

A whiff of the websites you've visited

"History sniffing" promises .. a whiff of the websites you've visited .. Google Chrome, Mozilla Firefox, Microsoft Edge and Internet Explorer, and Brave are all affected to some extent

Do these browser exploits work the same on non-Microsoft operating systems. I would explicidly mention them by name only I risk getting downvoted by the snowflakes.

4
35

Peter Thiel's Palantir reportedly eyeing up $41bn IPO

Walter Bishop
Silver badge
Big Brother

Palantir: more security less invasions of privacy

“The technological solution I would like is where .. we have more security with fewer invasions of privacy .. what I would define as actual innovation in a space” Peter Thiel

Palantir or more correctly Palantíri: a crystal ball giving the possessor the ability to observe events both in the present or distant past, as depicted by Saruman in Lord of the Rings.

0
0

Find these, er, appealing? UK.gov takes red pen to spy court rules, asks for Parliament's OK

Walter Bishop
Silver badge
Big Brother

Quis custodiet ipsos custodes?

Didn't the spooks actually request powers to monitor the people supposed to be monitoring them. I don't think the IPT will make much of a difference as the spooks will just ignore it. The spooks have effectively been given carte blanche to engage in criminal activity and immunity from prosecution ref. The politicians can't control them as the spooks have possession evidence of various indiscretions. There's evidence that even the House of Commons is bugged with IMSI catcher (stingray devices) placed about the vicinity, purely to protect the honorable members from the protestors.

3
0

RIP Paul Allen: Microsoft cofounder billionaire dies at 65 after facing third bout with cancer

Walter Bishop
Silver badge
Linux

Allen's biggest contribution was deal-making?

Allen's biggest contribution to early Microsoft was deal-making rather than code.”

That would be news to the rest of us, Allen wrote a 6502 simulator written in Macro 10 Assembler that was subsequently used to write BASIC, he did also write the bootstrap loader, you would agree not a trivial task and Monte Davidoff did the floating point routines. ref ref

A successful treatment for non-Hodgkin's lymphoma led to Allen resigning from Microsoft in 1983 .. His departure from day-to-day activities at Microsoft wasn't without some rancor: Gates had tried to buy Allen's shares at a low price in 1983.”

Actually Allen left after overhearing Gates and Ballmer discussing how to get his shares back before he died.

"They were bemoaning my recent lack of production and discussing how they might dilute my Microsoft equity by issuing options to themselves and other shareholders," ref

6
0

Shortages, price rises, recession: Tech industry preps for hard Brexit

Walter Bishop
Silver badge
IT Angle

Tech industry preps for hard Brexit?

These Brexit scare stories are a pretext to soften us up for a second vote, which will not necessarly work out in a remain vote. I fail to see the logic in blaming Brexit for any reduction in future trade between UK and the rest of the planet. Will the people of the kingdom stop wanting to buy goods, will other countries stop wanting to sell us stuff? Price hikes are a product of the global trade in currencies, something the control of which the nation-states gave up to the trans-national financial sector a long time ago. As someone once put it, Goldman Sachs rules the world.

2
12

It is 2018 and the NHS is still counting the cost of WannaCry. Carry the 2, + aftermath... um... £92m

Walter Bishop
Silver badge
Linux

NHS upgrades antiquated IT systems to Windows 10?

The WannaCry attack back in 2017 cost the NHS £92m

Why not pass the costs back onto the software provider?

the attack made the NHS finally bite the bullet and upgrade its antiquated IT systems. A three-year, £150m deal was signed with Microsoft to update systems to Windows 10

That sentence fails the logic test.

with staff gleefully downloading malware and opening phishing emails, according to the report, it sounds as though some training would not go amiss either.’

Blame the staff for the crapware :]

By 2021, more than £250m is expected to be spent on top of the Windows cash”.

A Linux solution running off a read-only device with a hardware dongle for authentication would provide the solution for a fraction of the cost.

7
5

Microsoft deletes deleterious file deletion bug from Windows 10 October 2018 Update

Walter Bishop
Silver badge
Linux

Known Folder Redirection

The bug, Cable wrote, affected people who had used a feature called Known Folder Redirection, a tool for folks who have filled their hard drive and wanted new files destined for their Desktop, Documents, Pictures, Videos, Camera Roll, and other such default directories to be stored on another device, such as in D:\user. You can keep saving files into the usual Downloads folder, for instance, and it's actually saved on another drive with free space, in other words.

Linux has had this innovation for ages, you can mount an external partition to /home at boot or link the home directories into external partition/directories using something like: mount --bind /external/Music /home/user/Music. Now saving to 'Music' saves to the external partition. I find no known logic in deleting file in your home directory as part of an update.

3
0

SpaceX touches down in California as Voyager 2 spies interstellar space

Walter Bishop
Silver badge

Link to video of launch

SAOCOM 1A Mission 31:58

2
0

Intel's commitment to making its stuff secure is called into question

Walter Bishop
Silver badge
Mushroom

Re: Speed

I'm not going to pay data-center staff to go around swapping jumpers on hundreds of servers .. That goes double if we want to do the firmware update in the middle of the night when load is low.”

In that case you're happy to dispense with security. Besides if the firmware update fails you're left with a brick.

6
2
Walter Bishop
Silver badge
Big Brother

How to validate the Security and Management Engine

Intel recently consolidated CSME updates ..This makes it simpler for them to validate and apply fixes and make them available to end users.

Why not release the source code to the CSME which I understand is written in MINIX.

2
0

The fur is not gonna fly: Uncle Sam charges seven Russians with Fancy Bear hack sprees

Walter Bishop
Silver badge

Re: Correction here

> Russia was responsible for paying trolls to post comments and memes on facebook ..

I believe everything I read on Facebook :|

0
0
Walter Bishop
Silver badge

Re: Same guys?

That they would go around together in a hire car loaded with exactly the kind of equipment that a TV script writer would give glamorous international spies.”

You have to remember that this is mostly aimed at the kind of people who think that “Jack Bauer” is a real super-agent.

1
2

SAP bug beatdowns, Apple gets nasty with Mac repairs, Struts woe, and more from infosec

Walter Bishop
Silver badge
Facepalm

Russian bot deluge, swatting

Thought the Russian bot deluge that erupted prior to the 2016 election had come and gone .. This is particularly depressing as, with a crucial round of mid-term elections just a few weeks away.”

So what you are saying is that the American people took more notice of random tweets rather than the conventional media such as CNN. Seriously though, I accidentally switched it on the other day and if this is what passes for ‘news’ no wonder they've moved to Twitter News©.

The Seattle police are trying out a new program that would let people create profiles that would flag their residences and places of business as possible targets for "swatting" crimes.’

How about the SWAT teams not move in with all guns ablazing or stop responding to anonymous phone calls?

11
0

On the seventh anniversary of Steve Jobs' death, we give you 7 times he served humanity and acted as an example to others

Walter Bishop
Silver badge
Facepalm

It's not April 1st, is it?

> Look up "hagiography" in the dictionary and this article will be the definition.

I guess the satire was a little too obscure for some people. I thought it was very funny and very on the mark.

133
1

Dutch cheesed off with Russians, expel four suspects over chemical weapons Wi-Fi spying

Walter Bishop
Silver badge
Facepalm

Russian Intelligence agency codenamed Sandworm

"The deported men were apparently working for the Russian military intelligence agency GRU, more specifically a group codenamed Sandworm, which attempted to remotely hack the OPCW and the UK government's top-secret research laboratory Porton Down after having a pop at the Brits' Foreign Office computer network in March. UK authorities assisted in the Dutch cops' investigation."

a. You mean 'UK authorities' fed them this crock?

b. What moron at Porton Down connects their internal network to the Internet?

c. How did your sources come by the codename of this hacking group?

8
19

UK pins 'reckless campaign of cyber attacks' on Russian military intelligence

Walter Bishop
Silver badge
Big Brother

Attack of the cybercommies

"This comes in the wake of long-standing concerns that Russia was breaking international norms in cyberspace"

The five-eyes have the largest spying apparatus on the planet and expend most effort in spying on their own people. Yea I know the NSA doesn't spy on americans, it outsources that to GCHQ. And yet we're supposed to be worried about Kremlin hackers. How did NCSC come by this information. Did the head of GRU give an interview to Russia today. I don't think so. I would assume the FSB is a little more efficient at keeping secrets. Do you think these commie hacker stories are designed to distract from this:

‘Five Eyes’ Nations Quietly Demand Government Access to Encrypted Data

2
0

Decoding the Chinese Super Micro super spy-chip super-scandal: What do we know – and who is telling the truth?

Walter Bishop
Silver badge
Big Brother

Chinese agents slip spy chips into Super Micro servers

Wouldn't it be simpler to activate the Intel ME backdoor, the backdoor that the end user can't disable except for the NSA? The backdoor that Intel forgot to lock-down with a password. Remember Trusted Computing doesn't mean you can trust your computer what it really means is the spooks can be trusted to have a backdoor into it.

38
1

MIMEsweeper maker loses UK High Court patent fight over 15-year-old bulletin board post

Walter Bishop
Silver badge
Windows

Re: Utter shite

"I wrote a Perl script in about 2003 (I think) to scan email for viruses."

>> Careful with admissions like that... you might get sued.

I've patented all the words in that sentence and katrinab shall be hearing from my legal people.

5
0
Walter Bishop
Silver badge
Terminator

Resisting the spread of unwanted code and data

Email content scanners normally dismantle, parse and regenerate emails before dropping them into recipients' mailboxes, occasionally deleting attachments or body text if something malicious is detected

None of which would be necessary if the geniuses could come up with an OS that isn't compromised by reading an email msg.

3
0

'Desperate' North Korea turns to bank hacking sprees to rake in much-needed dosh

Walter Bishop
Silver badge
Facepalm

Re: Interesting...

@Version 1.0: "how would you fund that kind of development with their economy if you didn't have a lot of money pouring in under the table?"

Through the use of plain old fashioned fraud rather than having to hire on script kiddies. Your best bet is to target the UN or NGOs. Or in this part of the world, facilitate money laundering for the drug cartels. Did you know it isn't a legal requirement for the major financial institutions to report large movements of currency through their books. This as a results of a law passed some time back in the middle of the 'war on drugs'.

2
1

Microsoft: OK, we have no phones, but look how much we love Android

Walter Bishop
Silver badge
Terminator

Microsoft Android ®

While it's dispiriting for Microsoft fans to see the company working so hard on Android, Google's OS has almost 90 per cent of the world smartphone market. Microsoft may respond: you just have to preach where the sinners are.”

Why doesn't Microsoft just charge the hardware makers a tax on every handset sold?

3
2

Resident evil: Inside a UEFI rootkit used to spy on govts, made by you-know-who (hi, Russia)

Walter Bishop
Silver badge
Big Brother

Re: "While it is hard to modify a system’s UEFI image,

> You are allowed to communicate the facts that people are not allowed to know. This isn't the BBC after all.

If he did then the Internet would conk out halfway through due to 'technical difficulties'.

0
0

Holy smokes! US watchdog sues Elon Musk after he makes hash of $420 Tesla tweet

Walter Bishop
Silver badge
Mushroom

Re: Who was continually shorting Tesla stock?

> In case you don't understand... there is nothing illegal or improper in shorting stock.

There's shorting and then there's shorting. What about if you executed a short trade and then secretly got all you financier friends to sell thereby tanking the stock and massively increase the return on your short position and doing the same over a period of time causing damage to investor confidence. A bonus would be if someone bankrupted Tesla and then bought it back at auction-off prices. They could dump any current Tesla debt at the same time. Do you know of any major financial institution that engages in such a strategy?

0
1
Walter Bishop
Silver badge
IT Angle

Who was continually shorting Tesla stock?

Tesla and SpaceX supremo Elon Musk has been accused of fraud by America's financial watchdog – after he mused on Twitter about taking his automaker private.”

This in retaliation for those investors who were continually shorting the stock. Why isn't the SEC going after them?

0
0

100,000 home routers recruited to spread Brazilian hacking scam

Walter Bishop
Silver badge
Linux

One hundred thousand Brazilian home routers hacked

The attackers were trying to get control of the target machines either by guessing the web admin password, or through a vulnerable DNS configuration CGI script (dnscfg.cgi).”

The infection vector being an email phishing attack followed by a script repeatedly calling dnscfg.cgi using default passwords else the script prompts the user for the router admin password. On that unmentionable Desktop Operating System

1
0

Sunny Cali goes ballistic, this ransomware is atrocious. Even our IT bill will be something quite ferocious

Walter Bishop
Silver badge
Mushroom

Highly sophisticated cybersecurity threat

@EJ ... "highly sophisticated cybersecurity threat"... sounds much better than "some plonk clicked on a link/attachment that they shouldn't have".

And nary a mention of WINDO~1

1
0

Open-source software supply chain vulns have doubled in 12 months

Walter Bishop
Silver badge

Re: Software supply chain attacks?

"I want to know how something can shrink by more than 100%, but there you go."

I can't refute that but I'm going to down-vote you anyway :]

0
1
Walter Bishop
Silver badge
Linux

Software supply chain attacks?

“The time required for hackers to exploit a newly disclosed open source vulnerability has shrunk 400% in the last decade.”

How can the exploit time fluctuate if the Source Code has been in the public domain all the time?

1
2

Google actually listens to users, hands back cookies and rethinks Chrome auto sign-in

Walter Bishop
Silver badge
Linux

Re: Iridium enhance privacy browser

Given the 2 thumbs up & 1 thumb down, do the down voter minding explaining the reason for the down vote?

2
0
Walter Bishop
Silver badge
Linux

Iridium enhance privacy browser

Iridium Browser is based on the Chromium code base. All modifications enhance the privacy of the user and make sure the most secure technologies are used.” link

5
1

Linux kernel's 'seat warmer' drops 4.19-rc5 with – wow – little drama

Walter Bishop
Silver badge
Facepalm

Torvalds' code of conduct?

Examples of behavior that contributes to creating a positive environment include: Using welcoming and inclusive language

The only kind of ‘inclusive language’ I want to see is better Source Code language, otherwise "SHUT THE FUCK UP" :]

8
0

Page:

Forums

Biting the hand that feeds IT © 1998–2018