Tell someone?
They haven't done anything too obvious like actually telling their customers about this though...
I am a school governor - first my school heard of it was when I called them 5 minutes ago...
Martin
134 publicly visible posts • joined 22 Sep 2007
I work for a company that provides payment services to various customers, many of whom are household names...
When we deal with card data we have a very simple, delightfully inflexible rule. We do not store the full 16 digit card number, or the CCV in any sort of persistent medium. At all. Ever. Or, according the the MD, frankly else...
It's also not a place that stays static... They have been bombed before... David Nott, before this incident, has had his surgeons killed before...
As for the "What kind of power?" question, you're right of course. People are prepared to do this. Even supposedly religious people. We now need to see they are punished.
First of all, we're talking about an improvised, battlefield hospital. You're not going to find it in Hospitals Weekly, and I doubt the building's architect had the slightest clue what it would eventually end up being used for...
Dr. Nott has appeared as a guest on Radio 4's PM programme several times, offering testimony of what is going on out there... We're talking about a very brave guy who has put his balls on the line for people he doesn't know for several years. If there is such a thing as a genuine war hero, then this guy is about as close as you could get...
The real story here is not how the coordinates were obtained (and I agree this might not be how Dr. Nott thinks), but what kind of power would bomb its own injured civilians like this. We also need to look at who actually pulled the trigger - was it a Syrian jet, or a Russian one? Whichever was involved, it was a war crime and those involved should answer for their actions.
Ok - step one. Soldier has his weapons fitted / manufactured in such a manner as to send a bluetooth notification to an Android device every time a consumable resource (like a bullet) is used. This, assuming the android device knows the "initial stock", allows the Android device to:
1 / Periodically send inventory back to central server, allowing the back office boys to order a resupply as needed.
2 / Order it's own resupply once inventory reaches a certain level / if soldier requests it.
Android device connects by cell network (Army takes its own onto the battlefield) to command, and also to assigned drone. Provides location updates, allowing the drone to fly to soldier and follow an instruction like "drop it 1 meter south of my position".
Another nice advantage of this is that you can set your weapons to only fire when connected to your Android device - rendering the gun useless to Tommy Terrorist if he manages to prize it from your cold dead fingers. Just in case he does, the Android device has to receive authorisation from command every 2 or 3 days - shutting down if none received.
Those are just a few quick ideas...
If we believe your figures, that's 20% per MONTH.
Or 792% per year if you want the annual figure. Hardly a bargain - and that's just taking into account interest. Now you have to start thinking about late repayment fees, given that many people who hold these loans are on the absolute breadline and it is conceivable they can't afford the loan on the terms offered...
It is indeed a tragedy that the Fleet Air Arm, and indeed the wider navy, have gone to pieces just as we have lost Captain Eric "Winkle" Brown...
This is what happens when you dispose of men of his calibre and replace them with a heddy mix of civil servants and lawyers.
Winkle will be spinning in his grave...
https://madaxeman.wordpress.com/2014/11/14/a-life-less-ordinary/
I would like to know the maximum sentence he might face, and whether or not he might be allowed to serve it in the United Kingdom before agreeing with this extradition...
60 years or whatever, 4'000 miles away from his family doesn't sound like justice to me - and that should trouble us.
That's before we bring his condition into it...
I'm not sure I'm prepapred to take their assurances that payment information etc has not been compromised at face value. Auditing select queries are we now?
I'd like to see a statement that payment info, if retained at all, was encrypted by AES or equivalent, and some assurance that there key management was competent.
What actually happened? Sounds like an XSS attack from the article text.
Yes, it would be satisfying to leave knowing what was coming, and yes, technically this is the fault of management for not handling the exit process very well - had the same thing happen to me earlier in the year...
But here's the thing - I would have called / emailed them and said "You need to be aware of this...". True, my plans for revenge would be scuppered, but my former colleagues whom I presumably would have cared about would be able to continue to eat.
Anyone remember "Quest" - the BASIC game that was included with the Dragon32?
My mission to pop down and teach the Warlock a few things was made infinitely simpler when I discovered currency trading lol... You see, the game's internal currency was "gold coins", and lots of things could be bought and sold in the game - including, interestingly enough, gold coins...
Rather than correct this oversight and actually treat coins as currency as opposed to a tradeable inventory item, the developer decided not stop any naughtiness by checking that for blaggards like me who would offer to sell a gold coin for the princely sum of two gold coins - by writing a test that effectively looked for price_per_coin < 2.
Had that test been price_per_coin <= 1, the Warlock would have remained a happy man. Sadly, I rather got into the habit of selling coins for 1.9999999999 gold coins - building up quite a little nest egg for myself in the space of five minutes, allowing me to purchase a rather impressive militia to wonder down to warlock central to explain what's what - usually in one very decisive battle...
Happy times - and an example I still use to this today to illustrate decent validation to junior developers...
I on the other hand will continue to be rather concerned with this development...
Parliament explicitly voted against the use of our forces in Syria, and it's happened anyway (let's not forget we've also had RAF crews flying sorties on secondment to other powers).
Few people, myself included, will cry for the loss of a couple of Jihad obsessed idiots, but the fact remains that the government might well have acted illegally. We urgently need a statement from the Attorney General stating on what legal basis this mission relied...
"We expect most remaining government devices using Windows XP will be able to mitigate [b]any[/b] risks,"
Am I the only person who is really, REALLY suspicious of the word "Any" in there? It's almost as though we have some administrative managerial drone spouting forth without actually doing the research to understand what those risks might be - thereby elevating his/her confidence to the point where they might even speak of "THE risks"...
For heavens sake, you're responsible for holding masses of masses of our most sensitive information, and you are subject to the DPA. Running a maintained operating system on your kit really should not be that much of an ask...
Will the government compensate us when we all get powned by this one?
If these drones are being remotely operated, doesn't that provide next season's bad guy (tm) with a lovely new vector of attack?
Step 1 : Jam communications between drones and fleet.
Step 2 : Fly very slowly over forces of freedom, chortling as you go...
In fact, where are these drones being piloted from? Surely these facilities will become high priority targets, and when they do, might they not find their whole bricks and mortal, stuck in the ground nature to be a bit of a drag?
I don't like the way all this is going... I don't want to needlessly endanger pilots any more than the next guy, but sometimes there is so substitute for having a thinking, feeling lump of meat in the front seat. So is it needless?
What troubles me most in all this is that there is no accountability for the officers who have misused RIPA for tracking journalistic sources. Naughty boys and girls of course as goes without saying, but noone's taken any action to suggest that misusing the law will have consequences (and it won't) - so there is no deterrence.
When people start losing jobs, other people will start listening...
I would like to know why they also didn't go after the phone company, and come to that the electricity supplier, on exactly the same grounds... They are certainly equally "complicit" - ie not at all.
It comes down to a simple question really - should we round up the gunsmiths, knife makers and inflatable banana manuafacturers (it could be done...) and charge them with all the murders involving their produce?
No?
Because if not, the guy is plainly bloody innocent.
I seem to remember Tesco being covered on El Reg a year or two back. I also remember several people at the time objecting to their clearly storing passwords in clear text, as opposed to salted hash.
In short then, it's not like they were not warned...
I'm not certain about this, but I think they got shirty with the guy who originally exposed them as well.
So then - people who don't know how to code (the "lead teachers") are going to be given a day's training, and then left to train other people who don't know how to code (the "grunt" teachers), who will in turn be training another group of people who don't know how to code, most of which don't want to code (the kids), to code.
Yeah - right. Someone ring the emergency services, coz there's one hell of a car crash just around the next bend...
Just tweeted the below to @bparkceo...
You know what? If you find yourself running a charitable trust, one charged with preserving the memory of a remarkable group of people who secured your freedoms, and you describe yourself as the “Chief Executive Officer”, you’re doing it wrong.
If you preside over a regime where, when I call to establish the facts BEFORE complaining to the National Heritage Fund, I’m told “There is a statement on the website and that is all I can say…”, you’re doing it wrong. If you don’t recognise the irony of having this regime in a place so instrumental in preserving your own liberty to think and speak as you feel, you’re doing it wrong.
If you really do consider yourself unaccountable to the public, you’re doing it wrong.
If you think it’s acceptable to receive money from the Heritage Fund, and then even consider erecting fencing to prevent people visiting Colossus, even if it is hosted by another body, you’re doing it wrong.
If you’re prepared to squander the most precious resource you have - namely the elderly volunteers who have both a knowledge and enthusiasm for the place of which you can only dream, you’re doing it VERY wrong.
If you’re really are doing things THAT wrong, then its time to consider stepping aside in favour of someone who knows how to do it right - and I can point you toward a few elderly volunteer types who would be one hell of a first guess.
... then allow me to enlighten you...
The issue is that this engineer now has credentials for accessing thousands of customer's email accounts. If the customer has been lazy (and most will be), he probably also has access to theiR facebook / twitter accounts as well...
There is no excuse for holding passwords in clear text - even back at base - nevermind on a remote worker's laptop.
Not an expert on this, but it seems to me that in order to have any credibility, the identity of the auditors must be known. On the other hand, once they are identified, the NSA / other such body can get at them and threaten all types of nastiness unless they get the result they want...
Seems to me then that we should be trying to keep the auditors identity a secret until the very moment the report is published...
"It’s a bit counter-productive to trap me here, because what else can I do but work?"
Erm - how about throwing it all in, and going back to Sweden to face your accusers?
If you're innocent, great - best wishes clearing your name. If you're not, face the consequences.
In either event, grow up.
(I actually think he'd be somewhat safer from extradition to the US in Sweden than he is in the UK...)
First of all, I am not sure (someone more learned than I might like to comment) that RIPA can be invoked in an Airport Transit area. It's important to remember that he wasn't, technically, stood in the United Kingdom.
Again though, we come back the "compentence" point. If they knew what they were doing, MIranda should not have had knowledge of the decryption keys. Surely even RIPA cannot be used to punish him for failing to disclose information to which he has never had access?
Additionally were I in their shoes, I would almost certainly have used a hidden partition, with something pleasingly innocent on the exposed partitiion to keep the boys in blue happy...
I think the only thing we do know here are that there are a lot of things we don't...
Am I really the only techie here who can see this?
From what we've been told, the "data" was encrypted - and given Mr. Snowden's involvement in all this, together with the fact we are dealing with a journalist who specialises in security stories, one or two questions really do demand answers...
1/ The UK Government are claiming, in court, to know the content - to have read it and understood it. It follows from this that they have the clear data. Surely we are not being led to believe they have cracked the encryption in 5 days?
2/ Miranda has apparently given passwords to the computer and to his social media accounts. From what I have read, he hasn't divulged any decryption keys.
3/ If Snowden / Greenwald know what they are doing (and we have to assume they do...), far from revealing decryption keys, Miranda shouldn't even know them. He should, for all intents and purposes, merely be moving a lump of plastic and silicone from country A to county B. There are good reasons, as I'm sure he know appreciates, for Miranda to know nothing at all about the security measures taken...
4/ *If* they don't have the data, and to be honest I rather suspect they don't, then the government are lying - to a court. Given the number of illegal acts Snowden has already exposed, it's sadly no longer difficult to imagine that our security services / government would have a problem with doing this...
Like I say - there's more going on here than meets the eye...
There's a Facebook post doing the rounds amongst techies in the United Kingdom that compares the sentance Chelsea has received to the far more lenient sentences that have been given out to other members of the military for the killing of non-combatants - even harvesting body parts in one case It's enough to make anyone with a brain stop and think.
As for the gender reassignment thing - I'll go with her views on how she wishes to be addressed. She acted to try to start a debate on the actions of US Forces, and that debate is needed. The US is no longer the land of the Free by any stretch of the imagination. Nor is it the bogeyma - but things have happened that need to be challenged, or at the very least considered carefully... For my money, I respect her enough for what she has done that I'll call her whatever the hell she likes.
Having actually met Stephen Fry (during TwitterJokeTrial) I can assure you that he's not merely a pontificating buffoon speaking as an expert on what he doesn't understand - he's also a decent chap with decent values.
OK - so he carps on about some things in IT of which he has a rudimentary understanding... That's how half of my colleagues - hell, even me from time to time - make their living.
As for the Reg being vicious - no Stephen, it normally isn't... I learn more about happenings in IT from El Reg than I do from almost any other source...
The point you're all missing here is this:
The council was disposing of it's equipment, and failed to notice that hard drives etc were not making it as far as their approved disposal agent.
Since said agent would doubtless raise concerns if machines started turning up missing such useful components, it seems to me unlikely the agent was receiving the machines in question. This leads us to "whole machines were likely not making it to the disposal agents, and nobody noticed".
This chap might have been a well intentioned (if naive and poorly informed) chap, diligently wiping material etc before selling devices on. But what if he wasn't?
Data Protection For Dummies to the IT Dept I feel...
I suspect the reason for this is to avoid having to implement one central webservice, which in light of the number of requests it would receive would either need to be ran on beefy iron, or would become one central point of failure.
The current approach allows the register to simply give the data to the call centre chaps every 30 days, and the call centres can then use their own systems to check it.