Mr Schneier's scheme from 2014 still works
275 posts • joined 28 Jan 2016
Mr Schneier's scheme from 2014 still works
NHS are trying NHSbuntu is comming along slowly
Under funded, under staffed and under regarded. we have 35 IT staff in an organisation of 4500 which is about 1:130. The average is around 1:20 or 1:10 in finance/Insurance.
We also get expected to do more than IT in most companies and have highly desirable data to protect.
If you want to critisize, try doing your job with no budget and 1/10th the staff and the world+dog trying to get in, along with all the consultancies that wont take we have no money for that as an answer
@Michael Habel - Except WannaCry didnt work on XP, at most it just BSOD the machine.
plus if you were patched up to date, and like any normal person blocked NetBIOS over TCP/IP at the boundary, as advised by MS to mitigate "BadTunnel" it couldnt infect you.
If you got to run XP, run it, but lock it down, proxy its connections and scan everything.
Black Duck have been trying to flog me their Open Source vulnerability scanner for ages. but i'm not suprised, how many coders do you know that have out of date versions of libries stored in their own repo that never get updated and they have been using for years!
not anymore its not, and it hasnt been for a while.
Put Hamilton in a McLaren Honda and he'd be doing just as bad as Alonso
Put him in a Manor or Sauber, and he'd be lucky to hit the top10 in qualifying.
Going back in the day, you think Coulthard would have had any sort of career if he hadn't lucked into Senna's seat at williams? the last back marker to challenge was Hill in an arrows at hungary in 1997 and cars have come a long way since then.
its more important to put a newey aero pack and a performing power unit in the car. If you have those, Joleon Palmer could win races!
based on the distribution of European centres of excelence, Berlin or prague would probably be better, and their connections to the world internet are better too
Greece is also due to debt levels on the verge of being kkicked from the EU too
[quote]also checks on government surveillance under the new US administration[/quote]
congress can't even get this info from their Inteligence agencies so how are the EU
time for the class action specialists I think
Or should the offense be not Annonimising the data properly
not de-annonimising it after said offence?
I have an installer for Netscape 9 as one of our clients had an ancient system that wouldnt work on anything modern, its a bit on the retro side, but its prety good.
the EU are too busy persecuting Google and Facebook, and comming up with ways to stick it to the UK in Brexit negotiations
USA used to be in a position to dictate internet policy, until they handed the IANA contract over to ICANN
sounds like a job for the UN
So should we be using SFTP FTPS? or SCP or even HTTPS get
*let debate ensue
the NHS ESR system runs on Oracle and thats a lot larger than the home office
could get a pretty good video by gaffering a phone to it
Firstly no one put upper limits on the number of charachters, just lower ones
Secondly length trumps complexitly significantly:
8 all ascii printable (95^8)
10 upper and lowercase letters (52^10) is stronger cyryptographically than
if its just leters with no case pref all you need is 12 (26^12)
if you want to get silly, and digits only you only need 16 to hit the same complexity
Thirdly, re hashing a hash, is exactly what hashes do. but collisions wont happen more frequently as you need to do the same work to the plaintext to get the cryptext
Fourthly and fifthly, ideally salt should be the full key space combined, so the combination of user specific and global should be that size. Using any pre known value is risky as the attacker may find this, the recommended method is random salts, (but you need to erify your entropy source)
A=XB if A and B are know trnsform X is easy to derive.
for a given crypt-text(B) any plain-text(A) of the same size can be created, but generating the correct transform(X),
its not a case of cracking the encryption, its a case of fixing the facts.
Here is the HDD, if i do this to this file, it becomes this file.
Search NHSbuntu, they are working on it
isnt that just CAA which is already implemented in DNS
Outsourcing is the best way to fill an imediate, infrequent or highly specialised need, insourcing is the best way to fill an ongoing operational need.
If its key to your business, the more control the better, so out-soucing, cloud sourcing or other ways of trying to make it someone else's problem, will always come back and bite you in the ass when something goes wrong
but they havent worked out you can hack SS7 to redirect SMS and still leave this as their 2FA setting which is more worrying than not using DMARC
thats where gaze and alertness monitoring come in and shock you if your not paying attention.
The one thing people fail to realise is 90% of the time, changing the provider will not make a blind bit of difference as the issue it the PoS infrastructure that openreach fails to maintain or train engineers to service (They have been offically short of engineers for at least 5 years.)
the only other option to most is Virgin, if you have the fibre, depending on which constituent company installed it, but still some areas are on Openreach cables. Or a smaller fibre provider, but that usually entails a larger upfront cost.
If BT had rolled out a fibre network in the 90s like everyone else, instead of patching with Alu Alloy cos its good enough for phone calls, we would have much better performance.
None of this owuld have heleped,
what they should have done is use a decent piece of accounting software not the swiss cheese Ukranian one they did.
NIST 800-88r1 or ISO/IEC 27040 work
I hope this is not just FUD put out by blancco to selll more of there erasure licences, but it sounds like it.
I know some mad scandinavians managed IP over avian carriers, but has anyone actually tried HTCPCP or HTCPCP-TEA
They dont monitor their own citizens because that is "wrong"
They do however monitor each other's citizens and share that infomation.
Ok so there are so many moving parts to the grid its nigh on imposible to take it down without making so much noise the authorities get wind. If you look at the uk disaster recovery plan for black start, ie total grid failure, the most likley cause is combined severe weather events. Also the grid would be down a maximum of 5 days, but industry say this is worst case and 3 is more likley. Plus statisticaly the squirrels!
They would have used up to date machines, but the manufacturers were too scared ro let them. So DEFCON had to make do with eBay finds
I'm sure after alpha should come beta, then gamma, but what do i know, its all greek to me
The US are just as bad contracts wise, its just they build enough to keep more players in the game.
The UK's status as a global power is largley now un-deserved and a relic of former glories, it all started with the Washington naval treat, that meant the RN could no longer maintain its 3 fleets (Home Mediterranean, and the Far East) so it cold no longer project the force required to maintain its colonies.
And as it lost the colonies, it had less and less to maintain power for, and now we are a nation of clerks sitting on a rocky island somewhere off europe with two aircraft carriers and no aircraft
read the FOI act 2001, GCHQ are not above the law, they are exempted from it.
See part II section 23 subsection 3
The key is to make sure the last line of the JD is "and any other reasonable request"
the problem is that you do not know that you have to hit one of them, but the AI does.
You will blindly hold on to the fact, if i break hard enough and swerve i will not hit anyone, whereas the AI knows it applies x amount of presure it will stop in distance Y, which means it will hit object A with force z or if it makes correction S it will hit object B with force z and based on probabilities hitting object A or B will reult in death.
now it has to make the least bad option, so it has to asign values to object A and B to decide whether it should take option 1 - do nothing hit object A, Option 2 Make adjustment S and hit object B, Option 3, make adjustment T and hit object C, or make adjustment U and Kill the occupant.
ICO is an executive non-departmental public body, sponsored by the Department for Digital, Culture, Media & Sport.
give it 10 years and it will become the Dept. of Cyber, Culture, Media & Sport
Someone needs to ad DUPs to the units table
This sounds like the EU Article 29 Working party....
In the orgional Goldeneye, "Petya" is the admin mode MFT encryption bit, "Mischa" is the user mode ransomware together with mimikatz they make "Goldeneye"
as from the film the two satelites "Petya" and "Mischa" make the Goldeneye weapon
The notPetya, uses mostly Petya code (Modified) for the admin mode bit, and the goldeneye execution/enumerator bit, tacks on a Multi headed Worm Spreader (WMI/PSExec/ETERNALBLUE) depending on privilege and a Whole new usermode ransomware.
Hence this needs a new name, and all the others are wrong Hence notPetya (because its just not)
It would have been cheaper if BT started it in the 90s! They had the best telecoms network in the world in 1978 and sat on their laurels for 20 yrs, by which time, half the world had overtaken them, a random amount of the network (which bits they don't know) had been replaced by Aluminium alloy, and some lines couldn't even support 250kbps.
Is it just me, or is it a distinct posibility the intel orphan McAfee gets swallowed in Switchzilla's attempt to pivot to a Software company
Mac is no solution their " it’s been built from the ground up with privacy and security in mind." slogan is a misnomer, it is just a PC with a different OS, that is now numerous enough for people to bother spending time writing or adapting viruses for it.
I have considered the idea of switching the org to Kubuntu Desktop and CentOS/RHEL servers
ah but thats the rub, they didnt admit fault
its a no fault settlement, so if your not party to the Class action, you have to go through the whole process again...
Ok so the android manufactures just say "wasn't Me" and point at google.
After all they didn't write the software
90 % of the time its principle 7: "Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data"
in otherwords, they are confirming identity before unlawfully disclosing it to the wrong person.
You sure its not Fancy Bear either?
mines the one with "if in doubt, blame the russians" on the back
Low turnouts and 2 party systems go hand in hand as a large part of the electorate dont like any of the options presented. and if the ruling party has control of the districting, you get guys called gerry making salamanders and headphones on the map so the opposition supporters waste more votes ....
then you end up with a party in power that less than 10% of the elegable population actually voted for.
if you are going to go to compulsory voting, it has to be acompanied by a change to the voting system and an re-balnacing of the status quo.
the only option is to bring in more proportional voting, I have a method that i think will work for a two house system, it uses single member Instant-runoff voting (IRV) districts for the lower house with direct representation, and simple party list Proportion Representation (PR) for the upper house. So you get to chose the representative you want for local issues, and the party you agree with for wider ones.
districting should be handled by non-partisan independant authorities on a geographic basis taking into account only numbers of elegable voters, not demographics, to ensure equal representation.
If you're gong for a seperate head of state, IRV is not bad, this way most people will end up with someone they can stand.
As an ex XBOX support monkey,
that list is a bit on the long side, you will get away with TCP/UDP 3074 and TCP 88.
500 and 4500 are IPSEC over UDP NAT-T (VPN)
3544 is IPv6 over v4 Teredo tunneling
80 is web traffic
53 is DNS
88 is kerberos (authentication)
3074 is the only XBOX specific port the rest you would be using anyway, just by browsing the web
If they could get rid of the devs writing all those flash patches how much more money theyd be making....
Statistics acan mean whatever you want them to, if you select the right test, right sample size and right sample.
So does it really matter which camp you live in?
Biting the hand that feeds IT © 1998–2017