* Posts by EnviableOne

1188 posts • joined 28 Jan 2016


Zoom continues its catch-up security sprint with new training, bug bounty tweaks and promise of crypto playbook

EnviableOne Silver badge

yes but it doesnt do what they said

they said it was end to end encrypted, it is not.

MS have never to my kbnowledge made such a bold claim that has proved to be false.

they have told some intresting ones on when new things will be released,

and on the featuures they might have, but nothing as egregious.

We really doing this again? Rumour has it that Apple is nearly finished developing augmented-reality glasses

EnviableOne Silver badge

Re: Pricing

thats cheap for my lenses, but i'm nigh on blind without them ....

EnviableOne Silver badge

Re: I really doubt they'd call it "Apple Glass"


has to bee

US senators call for more transparency over $12bn TSMC fab plant investment

EnviableOne Silver badge

Re: Remember the last "triumph"

Then Apple decided to go to Samsung for their screens

Rogue ADT tech spied on hundreds of customers in their homes via CCTV – including me, says teen girl

EnviableOne Silver badge

time for a backronym

ADT = Any Dodgy Technician

EnviableOne Silver badge

Re: "ADT failed to monitor consumers’ accounts"

This is why there is a legal definition of due dilligence

they dont have to make it impossible, they just have to make it unfeasably difficult or easily spotted and terminated.

the least the system could do is check a new email address is on other accounts, check admin access by geo-location and or use behaviour analytics on access. It needs no human intervention and cost are resonable comapred to the cost of running the system

Project Reunion: Microsoft's attempt to tear down all those barriers it's built for Windows developers over the years

EnviableOne Silver badge

Obligatory platform proliferation XKCD


You know this Land of the Free thing, yeah? Well then, why allow the FBI to trawl through America's browsing history without a warrant?

EnviableOne Silver badge

Re: Make the ballot targetted

Till the USPS runns oput of cash and falls over

Beer rating app reveals homes and identities of spies and military bods, warns Bellingcat

EnviableOne Silver badge

Re: Same for most social media style apps

Passing info to Spanish Carjackers, North London Burglary Rings et. all, based on the content of the photo and estimate of net worth....

Imperial College London signs £5m campus sponsorship, 5G deal with Chinese comms bogeyman Huawei

EnviableOne Silver badge

Huawei Issues

there is a lot of conjecture and a lot of opinion being thrown around about them, but no-one has given any hard (or even soft) evidence of any wrongdoing

HCSEC say their coding is shody, so its imposible to tell the difference between malice and stupidity

given the credit PRC are getting from everyone, sureley they arent going to interfere with the one brand that bears a unique attachment to them.

TL;DR put up or shut up where is the evidence.

EnviableOne Silver badge

Re: Am I being over cynical?

but the scale of the failiure since it reached our shores is entireley the the fault of UK.gov

yes the chinese didnt contain it, but still, UK.gov suposedly had a pandemic response plan and still it was SNAFU

Taiwan dont trusk the PRC at all, and they still managed to keep their 23.8 million (1/3 rd UK) very much protected with just 440 cases and 7 deaths, theri values are democratic and their population density is twice that of the uk.

they quarentined at the border, they tracked and traced and they tested where needed.

Equifax finally coughs up the money for its 2017 monster hack… to the banks for having to cancel your cards

EnviableOne Silver badge

Credit reference Agencies

The Facebook and Google of the 20th century

Same data lust, just not the digital scope....

BTW how much have Equifax registered as profit since....

Attorney General: We didn't need Apple to crack terrorist's iPhones – tho we still want iGiant to do it in future

EnviableOne Silver badge


won't work on the new ones, but probably would on these....

EnviableOne Silver badge

Re: China sends its thanks

so all iThings then....

Latest NHS IT revolution is failing to learn lessons from the last £10bn car crash

EnviableOne Silver badge

Re: a target to go "paperless" by 2018 has not been achieved.

no the NHS have an even more inventive way of hitting targets, Paperless by 2018, became paperless by the end of the decade, then paperless2020, then paperless2022,now "electronic core services" by 2024

if you wont hit the target, move it....

Vint Cerf suggests GDPR could hurt coronavirus vaccine development

EnviableOne Silver badge

Re: "GDPR is there to prevent your data being used without your consent"

GDPR is not the problem, its being used as an excuse

Donald Trump extends ban on Huawei, ZTE telecoms kit in US companies to May 2021

EnviableOne Silver badge

If china wanted to inject surveilence equipment into the US network, surely it would have the sense to put it in the devices that aren't badged produce in china, but instead boldly exclaim "Assembled in the USA" but are full of parts manufactored in the Middle Kingdom

There's Norway you're going to believe this: Government investment fund conned out of $10m in cyber-attack

EnviableOne Silver badge

Re: "an advanced data breach"

as with all things it comes down to people process and technology.

In this case, they abused the technology to get the people to go round the process.....

Uncle Sam courting Intel, TSMC to build advanced chip fabs on home soil – report

EnviableOne Silver badge

Re: Aren't the Intel fabs mainly in the US already?

well they need something from somewhere, they can't get anything below their 14nm process to work, TSMC are running 10,7 and gearing up on 5nm

Fancy some post-weekend reading? How's this for a potboiler: The source code for UK, Australia's coronavirus contact-tracing apps

EnviableOne Silver badge

Re: Privacy Concerns?

the issue is not the app itself, its the size of the data set that will be stored centrally. with a data set that size de-annoymisation is a simple task, and you can track and identify anyone and who they contact.

that data set will become a huge target and the security on it will probably be sub par.

on top of that the algorithms and data structures in the central system will be a minefield for privacy and probably violate DPA2018.

Mama mia! Nintendo in need of a plumber after leak sprays N64, GameCube, Wii code

EnviableOne Silver badge


Come on guys MD5, really!

even salted on my weak ass cracking rig i can rainbow it in a couple of days

American tech goliaths decide innovation is the answer to Chinese 5G dominance, not bans, national security theater

EnviableOne Silver badge

Who makes the Silicon?

And where pray tell will these new companies get the chips to power these newly interoperable devices?

the economically viable market of the middle kingdom?

if Xi and co wanted to spy on everyone, why on earth would they put the compromised tech inside systems with MADE IN CHINA slapped on the side and not hide it in any of the devices with other more palletable flags on the front, but Chino-fabricated innards...

Australian contact-tracing app sent no data to contact-tracers for at least ten days after hurried launch

EnviableOne Silver badge

Re: Ah it's nice to see Agile at work

TBF the intent of Agile, and the way it has been implemented in most places are two very different things.

Transport biz Toll Group suffers second ransomware infection in just three months

EnviableOne Silver badge

fool me twice.....

someone needs to start lookinginto their security practice, and if it happens again, someone needs to really start looking at their people .....

India acknowledges, but brushes aside, features-not-bugs in Aarogya Setu virus contact-tracing app

EnviableOne Silver badge

First of Many

I can see almost every app used for this purpose being challenged, not least the monstrosity perpetrated by NHSX

Does a .com suffix make a trademark? The US Supreme Court will decide as Booking marks its legal spot

EnviableOne Silver badge

Re: Actually seems reasonble

Saville Row Suit Co.

Definatley trading off the reputaion of Saville Row, London, however based in Saville Row, Dublin

We beg, implore and beseech thee. Stop reusing the same damn password everywhere

EnviableOne Silver badge

Re: If you don't ..

no human intervention, it just needs the cracking lists to be set-up correctly

run correct-horse through unix-ninja's leetspeak rule and you will get all of them out.

EnviableOne Silver badge

Re: In other news....

just DONT used federated authentication, you are not protecting anything.

Google share data with the site, and vice versa, they both have enough info, you dont need to give them more.

same goes for amazon, facebook et. al

OK, so you've air-gapped that PC. Cut the speakers. Covered the LEDs. Disconnected the monitor. Now, about the data-leaking power supply unit...

EnviableOne Silver badge

was going to say, exertanlly rectified DC power solves the issue.

UK COVID-19 contact-tracing app data may be kept for 'research' after crisis ends, MPs told

EnviableOne Silver badge

Re: UK+ USA's spiking again

comparing raw numbers is wrong

70k in the us is small 7 in the holy see is large

the nyumbers that matter are test positive rate, R (not R0) and per population numbers, this is slightly better for comparison, but still, other factors come into play, and SARS-CoV-2 is new and we dont know the long term effects, immune response, or much about it yet

They have narrowed down R0 between 1.4 and 3.9, with at 2.24, this is the base reproductive rate of the virus.

Each state them puts in place its controls and restrictions that limit the infecable population available to the virus to determine R, so to decrease the spread of the virus, you are looking at needing at least 55% of the population unable to transmit, bringing your R to below 1.

EnviableOne Silver badge

Re: UK+ USA's spiking again

probably enough to tip the scales and dump trump in 2020

EnviableOne Silver badge

Re: Gov't not deleting the data.

Tracking in January wouldnt have helped,

In order for track and trace to work, you need to have Mass testing to work out who has it.

Testing capacity is still nowhere near what it needs to be and the positive rate (positives/tests) is consequently still high, as the people being tested are more likley to have it.

the improvements seen with yesterdays figures, only hide the fact that they counted tests that didnt have results yet

EnviableOne Silver badge

unfortunaley, the RIPA allows sharing of this data with the Maritime Management Organisation, but not the DHSC or NHS

EnviableOne Silver badge

Re: Corrona App - Whats the rest of the story ?

they are sending the TSSI in the contact packet, and recording the RSSI on the recieve end.

if you know what the sending and reciving devices are, with both of those you can work out the distance.

its not exact science, environmental variables, but its better than trying to work out Time of flight.

theres a lot of work gone on into the idea recently, and signal loss is a pretty reliable measure of distance.

EnviableOne Silver badge

but they consider themselves data Scienists

even though the rest of us consider them less than useless

EnviableOne Silver badge

Re: Well that's great confidence from GCHQ

not NHS IT, this is App Upcock's little un needed and un wanted digital quango "NHS X", what the X satnds for nobody knows.

the ICO havent signed it off, NHS Digital (the real NHS IT) won't approve it for their app store, not sure i'd approve it for install on our devices, seems not to be secure by design and default.

Comms giant Telefonica confirms O2 in talks to merge with Virgin Media

EnviableOne Silver badge


Telefonica have been looking to offload O2 for years, and Liberty look to be a good fit, it would give them a proper quad threat package with their own physical network, that would compete with BT/EE/Plusnet and increase their subscriber count while decreasing the cost base for existing VM mobile customers.

Beardy only has about a 2% stake in VM, just so liberty can continue to use the name.

the three deal was struck down as it would have left only 3 MNOs instead of 4, nothing to do with the MVNO market. to be fair the BT aquisition of EE was a far greater threat to competition.

Singapore to require smartphone check-ins at all businesses and will log visitors' national identity numbers

EnviableOne Silver badge

anyone showing a fake version of said ID card, barley distinguishable from the real thing or gaining access via an exploit in the virtulisation platform,

or considering it's "Cloud" anyone obtaining a warrant under legislation in the cloud provider's country of origin, and recieiving said information from the "Cloud" provider.

Academics demand answers from NHS over potential data timebomb ticking inside new UK contact-tracing app

EnviableOne Silver badge

Re: Guys, what’s all the fuss about.

Together People Please lets not allow this to happem

Everyone Matters Including System providers

both as bad as each other

to be fair, with the IPA they dont need an app to do tracing, well government dont, for some reason the NHS got missed off the list of agencies that can get a streeam of your telephone meta-data, but the Marine Management Organisationare on there....

Three things in life are certain: Death, taxes, and cloud-based IoT gear bricked by vendors. Looking at you, Belkin

EnviableOne Silver badge

[I'll] never ever buy Belkin again

The question is Why did you buy it in the first place?

They have always been inferior products at vastly inflated prices.

EnviableOne Silver badge

Re: Consumer rights act 2015

not so, the product sold included the means to manage that product, which they are discontinuing.

Though the device still functions, you now have no means to control that function or benefit from it.

Which now means the product is not fit for the purpose for which it was sold.

Hence covered by the Law

Outages batter UK's Virgin Media into wee hours as broadband failures spike 77% globally

EnviableOne Silver badge

zero outages in the UK

yeah riight tell that to people having issues in Azure UK cos teams was hogging the resources

Wakey-wakey! A quarter of IT pros only get 3-4 hours' kip – and you won't believe what's being touted as the 'solution'

EnviableOne Silver badge

Re: What is 'the cloud'?

Gave up calling it "the Cloud" years ago, got a TLA for it now

O ther

P eople's

T in

its not an amorphos blob in the ether, its trusting someone else not to have fat fingers...

We're going on a vuln hunt. We're going catch a big one: Researchers find Windows bugs dominate – but fixes are fast

EnviableOne Silver badge

Re: Howabout a breakdown of OS vs Browser bugs maybe?

the problem with winders is IE/Edge are baked in and hard to get rid of, so if they got bugs, your windows got bugs, at least they get fixed though.

UK snubs Apple-Google coronavirus app API, insists on British control of data, promises to protect privacy

EnviableOne Silver badge

Re: Fear not people...

Relax App Hancock is in charge, it wont work

EnviableOne Silver badge

We are expecting everypme to get tested who might posibly have it.

in order for the whole system to work, people need to be tested, even if they dont think they have it, and tested more than once, seeing as the current test only tells you if you had it at the point of testing.

the testing regieme needs to be geared up substantially, and the issuing of a declaration token with a result is trivial.

EnviableOne Silver badge

but i joined the National data opt-out, so they can't use my data for research (yet another field added to the big database in the AWS CLOUD)

EnviableOne Silver badge
Black Helicopters

Re: Correction

i refer you to the bulk interception warrant granted under the security services exception to GCHQ previously.

They already know where you are....

EnviableOne Silver badge

Re: Correction

if this is going to be used for contact tracing and case linkage, you're gonna need to have atleast 28 days of data to ensure the 14 days of history from an encounter with someone within the last 14 days, thats if you expect testing to be on the spot, currently we are looking at 48-72 hrs for a result after the terst, so your gonna need 31 days of encounters....

pile this with the range of bluetooth and the number of bluetooth enabled devices in the avarage built up area (not under lockdown) and this is going to eat storage

EnviableOne Silver badge

Re: Stupid Decisions

the unique ability for civil servants to scope creep a contract so it never gets delivered will never cease to amaze me....



Biting the hand that feeds IT © 1998–2020