* Posts by EnviableOne

275 posts • joined 28 Jan 2016

Page:

AI slurps, learns millions of passwords to work out which ones you may use next

EnviableOne
Bronze badge

Mr Schneier's scheme from 2014 still works

https://www.schneier.com/essays/archives/2014/02/choosing_a_secure_pa.html

0
0

Manchester plod still running 1,500 Windows XP machines

EnviableOne
Bronze badge

Re: RE: complex technical requirements

NHS are trying NHSbuntu is comming along slowly

0
0
EnviableOne
Bronze badge

Re: Inaccuracies from those who should know better

Not lacksy-daisy.

Under funded, under staffed and under regarded. we have 35 IT staff in an organisation of 4500 which is about 1:130. The average is around 1:20 or 1:10 in finance/Insurance.

We also get expected to do more than IT in most companies and have highly desirable data to protect.

If you want to critisize, try doing your job with no budget and 1/10th the staff and the world+dog trying to get in, along with all the consultancies that wont take we have no money for that as an answer

13
0

Equifax's disastrous Struts patching blunder: THOUSANDS of other orgs did it too

EnviableOne
Bronze badge

@Michael Habel - Except WannaCry didnt work on XP, at most it just BSOD the machine.

plus if you were patched up to date, and like any normal person blocked NetBIOS over TCP/IP at the boundary, as advised by MS to mitigate "BadTunnel" it couldnt infect you.

If you got to run XP, run it, but lock it down, proxy its connections and scan everything.

Black Duck have been trying to flog me their Open Source vulnerability scanner for ages. but i'm not suprised, how many coders do you know that have out of date versions of libries stored in their own repo that never get updated and they have been using for years!

5
0

Microsoft's AI is so good it steered Renault into bottom of the F1 league

EnviableOne
Bronze badge
Coffee/keyboard

Re: It's the singer, not the song

not anymore its not, and it hasnt been for a while.

Put Hamilton in a McLaren Honda and he'd be doing just as bad as Alonso

Put him in a Manor or Sauber, and he'd be lucky to hit the top10 in qualifying.

Going back in the day, you think Coulthard would have had any sort of career if he hadn't lucked into Senna's seat at williams? the last back marker to challenge was Hill in an arrows at hungary in 1997 and cars have come a long way since then.

its more important to put a newey aero pack and a performing power unit in the car. If you have those, Joleon Palmer could win races!

0
0

European Commission proposes more powers for EU's infosec agency

EnviableOne
Bronze badge

Crete

based on the distribution of European centres of excelence, Berlin or prague would probably be better, and their connections to the world internet are better too

Greece is also due to debt levels on the verge of being kkicked from the EU too

0
2

Grab your popcorn: The first annual Privacy Shield review is go

EnviableOne
Bronze badge

How?

[quote]also checks on government surveillance under the new US administration[/quote]

congress can't even get this info from their Inteligence agencies so how are the EU

2
0

Equifax UK admits: 400,000 Brits caught up in mega-breach

EnviableOne
Bronze badge

Dewey, Cheetham and Howe

time for the class action specialists I think

0
0

UK Data Protection Bill lands: Oh dear, security researchers – where's your exemption?

EnviableOne
Bronze badge

Is it just me...

Or should the offense be not Annonimising the data properly

not de-annonimising it after said offence?

1
0

Unloved Microsoft Edge is much improved – but will anyone use it?

EnviableOne
Bronze badge

Re: They won't come just cause you build it

I have an installer for Netscape 9 as one of our clients had an ancient system that wouldnt work on anything modern, its a bit on the retro side, but its prety good.

2
0
EnviableOne
Bronze badge

Re: Seen in the wild!

the EU are too busy persecuting Google and Facebook, and comming up with ways to stick it to the UK in Brexit negotiations

1
2

What is the cyber equivalent of 'use of force'? When do we send in the tanks?

EnviableOne
Bronze badge

Geneva convention of the internet

USA used to be in a position to dictate internet policy, until they handed the IANA contract over to ICANN

sounds like a job for the UN

0
0

Chrome to label FTP sites insecure

EnviableOne
Bronze badge

if FTP is insecure

So should we be using SFTP FTPS? or SCP or even HTTPS get

*let debate ensue

0
0

UK Home Office finds £20m to throw at Oracle cloudy ERP

EnviableOne
Bronze badge

not the biggest

the NHS ESR system runs on Oracle and thats a lot larger than the home office

0
0

Another day, another drone upstart skips the consumer market

EnviableOne
Bronze badge

could get a pretty good video by gaffering a phone to it

0
0

Crypto-busters reverse nearly 320 MEELLION hashed passwords

EnviableOne
Bronze badge

@Dom

Firstly no one put upper limits on the number of charachters, just lower ones

Secondly length trumps complexitly significantly:

8 all ascii printable (95^8)

10 upper and lowercase letters (52^10) is stronger cyryptographically than

if its just leters with no case pref all you need is 12 (26^12)

if you want to get silly, and digits only you only need 16 to hit the same complexity

Thirdly, re hashing a hash, is exactly what hashes do. but collisions wont happen more frequently as you need to do the same work to the plaintext to get the cryptext

Fourthly and fifthly, ideally salt should be the full key space combined, so the combination of user specific and global should be that size. Using any pre known value is risky as the attacker may find this, the recommended method is random salts, (but you need to erify your entropy source)

0
0

US government: We can jail you indefinitely for not decrypting your data

EnviableOne
Bronze badge

A=XB if A and B are know trnsform X is easy to derive.

for a given crypt-text(B) any plain-text(A) of the same size can be created, but generating the correct transform(X),

its not a case of cracking the encryption, its a case of fixing the facts.

Here is the HDD, if i do this to this file, it becomes this file.

3
3

WannaCrypt NHS victim Lanarkshire infected by malware again

EnviableOne
Bronze badge

Search NHSbuntu, they are working on it

1
0

GTFO of there! Security researchers turn against HTTP public key pinning

EnviableOne
Bronze badge

Re: Trust

isnt that just CAA which is already implemented in DNS

0
0

So you're planning on outsourcing some enterprise security

EnviableOne
Bronze badge

Outsourcing is the best way to fill an imediate, infrequent or highly specialised need, insourcing is the best way to fill an ongoing operational need.

If its key to your business, the more control the better, so out-soucing, cloud sourcing or other ways of trying to make it someone else's problem, will always come back and bite you in the ass when something goes wrong

0
0

DMARC anti-phishing standard adoption is lagging even in big firms

EnviableOne
Bronze badge

Re: BANKS really you send transaction records and dont protect ?

but they havent worked out you can hack SS7 to redirect SMS and still leave this as their 2FA setting which is more worrying than not using DMARC

2
0

Seriously, friends. You suck at driving. Get a computer behind the wheel to save your life

EnviableOne
Bronze badge

thats where gaze and alertness monitoring come in and shock you if your not paying attention.

0
0

British broadband is confusing and speeds are crap, says survey

EnviableOne
Bronze badge

The one thing people fail to realise is 90% of the time, changing the provider will not make a blind bit of difference as the issue it the PoS infrastructure that openreach fails to maintain or train engineers to service (They have been offically short of engineers for at least 5 years.)

the only other option to most is Virgin, if you have the fibre, depending on which constituent company installed it, but still some areas are on Openreach cables. Or a smaller fibre provider, but that usually entails a larger upfront cost.

If BT had rolled out a fibre network in the 90s like everyone else, instead of patching with Alu Alloy cos its good enough for phone calls, we would have much better performance.

7
5

NotPetya ransomware attack cost us $300m – shipping giant Maersk

EnviableOne
Bronze badge

Re: Easy to mitigate

None of this owuld have heleped,

what they should have done is use a decent piece of accounting software not the swiss cheese Ukranian one they did.

1
2

Brit firms warned over hidden costs of wiping data squeaky clean before privacy rules hit

EnviableOne
Bronze badge

Standard For Data Sanitisation

NIST 800-88r1 or ISO/IEC 27040 work

I hope this is not just FUD put out by blancco to selll more of there erasure licences, but it sounds like it.

1
0

Ancient IETF 'teapot' gag preserved for posterity as a standard

EnviableOne
Bronze badge

Has anyone implemented RFC 2324 or 7168

I know some mad scandinavians managed IP over avian carriers, but has anyone actually tried HTCPCP or HTCPCP-TEA

0
0

Dark web doesn't exist, says Tor's Dingledine. And folks use network for privacy, not crime

EnviableOne
Bronze badge

Re: "We don't know much about their abilities however..."

They dont monitor their own citizens because that is "wrong"

They do however monitor each other's citizens and share that infomation.

2
0

Should you stay awake at night worrying about hackers on the grid?

EnviableOne
Bronze badge

Ok so there are so many moving parts to the grid its nigh on imposible to take it down without making so much noise the authorities get wind. If you look at the uk disaster recovery plan for black start, ie total grid failure, the most likley cause is combined severe weather events. Also the grid would be down a maximum of 5 days, but industry say this is worst case and 3 is more likley. Plus statisticaly the squirrels!

0
0

It took DEF CON hackers minutes to pwn these US voting machines

EnviableOne
Bronze badge

They would have used up to date machines, but the manufacturers were too scared ro let them. So DEFCON had to make do with eBay finds

7
1

Dark web souk AlphaBay shuts for good after police raids

EnviableOne
Bronze badge
Joke

What happend to BetaBay?

I'm sure after alpha should come beta, then gamma, but what do i know, its all greek to me

1
0

Brit military scolded for being too selfish with sexy high-end tech

EnviableOne
Bronze badge

The US are just as bad contracts wise, its just they build enough to keep more players in the game.

The UK's status as a global power is largley now un-deserved and a relic of former glories, it all started with the Washington naval treat, that meant the RN could no longer maintain its 3 fleets (Home Mediterranean, and the Far East) so it cold no longer project the force required to maintain its colonies.

And as it lost the colonies, it had less and less to maintain power for, and now we are a nation of clerks sitting on a rocky island somewhere off europe with two aircraft carriers and no aircraft

0
0

Civil rights warriors file US lawsuit: Let us see Five Eyes agreement

EnviableOne
Bronze badge

Re: Lord Denning once told me; Everyone answers to the Law

read the FOI act 2001, GCHQ are not above the law, they are exempted from it.

See part II section 23 subsection 3

1
0

Sysadmin bloodied by icicle that overheated airport data centre

EnviableOne
Bronze badge

Re: Frozen winter shit.

The key is to make sure the last line of the JD is "and any other reasonable request"

0
0

Why, Robot? Understanding AI ethics

EnviableOne
Bronze badge

Re: The problem with academic exercises in ethics

the problem is that you do not know that you have to hit one of them, but the AI does.

You will blindly hold on to the fact, if i break hard enough and swerve i will not hit anyone, whereas the AI knows it applies x amount of presure it will stop in distance Y, which means it will hit object A with force z or if it makes correction S it will hit object B with force z and based on probabilities hitting object A or B will reult in death.

now it has to make the least bad option, so it has to asign values to object A and B to decide whether it should take option 1 - do nothing hit object A, Option 2 Make adjustment S and hit object B, Option 3, make adjustment T and hit object C, or make adjustment U and Kill the occupant.

0
0

Blighty's Department for Culture, Media & Sport gets 'digital' rebrand

EnviableOne
Bronze badge

Re: Data protection?

see https://www.gov.uk/government/organisations/information-commissioner-s-office

ICO is an executive non-departmental public body, sponsored by the Department for Digital, Culture, Media & Sport.

1
0
EnviableOne
Bronze badge

Re: Thank God it' now Digital...

give it 10 years and it will become the Dept. of Cyber, Culture, Media & Sport

1
0

UK.gov tips £400m into digital investment pot

EnviableOne
Bronze badge

Someone needs to ad DUPs to the units table

0
0

Privacy, consent laws under 'unprecedented strain'. We need a data-watcher watcher

EnviableOne
Bronze badge

Brexit strikes again

This sounds like the EU Article 29 Working party....

0
0

Virus (cough, cough, Petya) goes postal at FedEx, shares halted

EnviableOne
Bronze badge
Boffin

Re: What's in a name?

In the orgional Goldeneye, "Petya" is the admin mode MFT encryption bit, "Mischa" is the user mode ransomware together with mimikatz they make "Goldeneye"

as from the film the two satelites "Petya" and "Mischa" make the Goldeneye weapon

The notPetya, uses mostly Petya code (Modified) for the admin mode bit, and the goldeneye execution/enumerator bit, tacks on a Multi headed Worm Spreader (WMI/PSExec/ETERNALBLUE) depending on privilege and a Whole new usermode ransomware.

Hence this needs a new name, and all the others are wrong Hence notPetya (because its just not)

1
0

What? What? Which? Former broadband minister Ed Vaizey dismisses report

EnviableOne
Bronze badge

Re: FTTP?

It would have been cheaper if BT started it in the 90s! They had the best telecoms network in the world in 1978 and sat on their laurels for 20 yrs, by which time, half the world had overtaken them, a random amount of the network (which bits they don't know) had been replaced by Aluminium alloy, and some lines couldn't even support 250kbps.

1
0

Cisco and McAfee decide users just can't be trusted not to click on dodgy attachments

EnviableOne
Bronze badge

McAfee by Cisco

Is it just me, or is it a distinct posibility the intel orphan McAfee gets swallowed in Switchzilla's attempt to pivot to a Software company

0
0

Microsoft admits to disabling third-party antivirus code if Win 10 doesn't like it

EnviableOne
Bronze badge

Mac is no solution their " it’s been built from the ground up with privacy and security in mind." slogan is a misnomer, it is just a PC with a different OS, that is now numerous enough for people to bother spending time writing or adapting viruses for it.

I have considered the idea of switching the org to Kubuntu Desktop and CentOS/RHEL servers

1
0

Anthem to shell out $115m in largest-ever data theft settlement

EnviableOne
Bronze badge
Boffin

ah but thats the rub, they didnt admit fault

its a no fault settlement, so if your not party to the Class action, you have to go through the whole process again...

0
0

Apple, LG, Huawei, ZTE, HTC accused of pilfering 'find my phone' tech

EnviableOne
Bronze badge

Android Mfrs quote Shaggy

Ok so the android manufactures just say "wasn't Me" and point at google.

After all they didn't write the software

0
0

Tory-commissioned call centres 'might have bent data protection laws'

EnviableOne
Bronze badge

Re: Hmmm

90 % of the time its principle 7: "Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data"

in otherwords, they are confirming identity before unlawfully disclosing it to the wrong person.

2
0

UCL ransomware attack traced to malvertising campaign

EnviableOne
Bronze badge
Coat

Re: Not North Korea?

You sure its not Fancy Bear either?

mines the one with "if in doubt, blame the russians" on the back

0
0

Worried about election hacking? There's a technology fix – Helios

EnviableOne
Bronze badge
Boffin

Low turnouts and 2 party systems go hand in hand as a large part of the electorate dont like any of the options presented. and if the ruling party has control of the districting, you get guys called gerry making salamanders and headphones on the map so the opposition supporters waste more votes ....

then you end up with a party in power that less than 10% of the elegable population actually voted for.

if you are going to go to compulsory voting, it has to be acompanied by a change to the voting system and an re-balnacing of the status quo.

the only option is to bring in more proportional voting, I have a method that i think will work for a two house system, it uses single member Instant-runoff voting (IRV) districts for the lower house with direct representation, and simple party list Proportion Representation (PR) for the upper house. So you get to chose the representative you want for local issues, and the party you agree with for wider ones.

districting should be handled by non-partisan independant authorities on a geographic basis taking into account only numbers of elegable voters, not demographics, to ensure equal representation.

If you're gong for a seperate head of state, IRV is not bad, this way most people will end up with someone they can stand.

0
0

It's 2017, and UPnP is helping black-hats run banking malware

EnviableOne
Bronze badge

As an ex XBOX support monkey,

that list is a bit on the long side, you will get away with TCP/UDP 3074 and TCP 88.

500 and 4500 are IPSEC over UDP NAT-T (VPN)

3544 is IPv6 over v4 Teredo tunneling

80 is web traffic

53 is DNS

88 is kerberos (authentication)

3074 is the only XBOX specific port the rest you would be using anyway, just by browsing the web

0
0

It's fluffy bottom line time at Adobe. That's a good thing, if you were wondering

EnviableOne
Bronze badge

just imagine

If they could get rid of the devs writing all those flash patches how much more money theyd be making....

0
1

Numbers war: How Bayesian vs frequentist statistics influence AI

EnviableOne
Bronze badge
Meh

Statistics acan mean whatever you want them to, if you select the right test, right sample size and right sample.

So does it really matter which camp you live in?

1
1

Page:

Forums

Biting the hand that feeds IT © 1998–2017