* Posts by Anonymous Dutch Coward

406 publicly visible posts • joined 19 Jul 2011

Page:

Northern Ireland website leaves front door open, spills users' data

Anonymous Dutch Coward
Mushroom

No evidence

"no evidence" that the information has been accessed.... of course. They probably don't do any logging, central log storage, or security monitoring. See no evil, hear no evil etc.

Space Commanders rebel as Elite:Dangerous kills offline mode

Anonymous Dutch Coward

Re: Standard mistake to make

Well, if the server is open sourced presumably anybody can take the source code and run it locally... At first maybe only by geeks but maybe somebody will write an installer etc

VXers Shellshocking embedded BusyBox boxen

Anonymous Dutch Coward

Re: boxen???

Yes, I think poeple still use the word...

'Open source just means big companies can steal your code.' O RLY?

Anonymous Dutch Coward
Pint

Verity - where art thou?

"And lo! did many infuriated commentards gather, and repeatedly did they thump the downvote button. Yea, verily unto the Rage of the Internets did the mob's inflamed passions overspill at the Heretic who Sullied the Sacred Name of Open Source."

Argh, Verity, is that you? Or are you being channeled through the Reg sales^H^H^H editorial team?

When can we expect another of your heavenly missives? Verily, we are thirsting*) in the desert of Stoblessness (+ a lot of wailing, gnashing of teeth & tearing out of hair...)

*) Yeah, even unto beer and other beverages do we thirst!

BOFH: An UNHOLY MATCH forged amid the sweet smell of bullsh*t

Anonymous Dutch Coward

Re: Highly unlikely

Caught? Beware, I hear vision-induced terminal accidents are quite common this time of year...

Anonymous Dutch Coward
Thumb Up

Re: What's a female BOFH?

Seems about right: my words.exe (aging but useful Latin dictionary):

=>operatrix

rix SUFFIX

-ess, -or; -er; indicates the doer; one who performs action of verb (act.ess);

operatrix N 3 1 NOM S F

operatrix N 3 1 NOM S F

operatrix N 3 1 VOC S F

operatrix N 3 1 VOC S F

opero, operare, operavi, operatus V (1st) [EXXDX] Later lesser

work; operate (math.);

operor, operari, operatus sum V (1st) DEP [XXXBX]

labor, toil, work; perform (religious service), attend, serve; devote oneself;

Are dangers lurking on your workers' operating systems?

Anonymous Dutch Coward

Re: TL;DR

Exactly.

Q: "Did anybody who understands technology at even the most basic level know this would be the case in advance?"

A: "Yes."

Q: "Do security issues like this actually matter for PHBs?"

A: "No - not as long as they can be swept under the rug/explained as Somebody Else's Problem"

BOFH: SOOO... You want to sell us some antivirus software?

Anonymous Dutch Coward
Devil

Re: Why do you use AV, unless you are compelled?

Compelled? Now I have this image of The Exorcist where the priest tries to exorcise a computer virus... and fails...

Anonymous Dutch Coward

Beer

@Trygve Henriksen: agreed with the beer & you Norwegians (well your government) seem even more insane about levying taxes and duties on alcohol than us Dutch. My condolences.

Anonymous Dutch Coward

@Peter2

Re 4: you could have a look at SumatraPDF. Have you used it personnally for some years; quite happy about it.

Security products: Best of breed or create your own monster?

Anonymous Dutch Coward

Fluffy article?

Not that individual points are invalid or not well made, but this discussion can be held for any kind of stack: web applications, traditional client applications, anything that is part of a process etc.

It's just that I suspect the security solutions are too fragmented/immature that anything but a single vendor/coordinated vendor solution is likely to involve a humongous amount of duck tape/custom programming that may not be worth the investment etc.

Home Depot: Someone's WEAK-ASS password SECURITY led to breach

Anonymous Dutch Coward

@Glenn 6

Yes, that. The company giving third parties access also have a responsibility to vet these third parties/make sure they abide by security policies, monitor for security intrusions and actually are responsible (versus their own clients) for everything that is done once logged in with that account.

But it makes nicer spin if you just repeat "third party" as if it wasn't their own shoddy IT security... it's just that it's not ONLY their own shoddy IT security.

ROGUE SAIL BOAT blocks SPACE STATION PODULE blastoff

Anonymous Dutch Coward

Re: Hmm...

He can always ask Larry. I hear he's not so busy anymore ;)

Shellshock over SMTP attacks mean you can now ignore your email

Anonymous Dutch Coward

HELO bashthis.evilhacker.com

FTDI yanks chip-bricking driver from Windows Update, vows to fight on

Anonymous Dutch Coward

Re: Should just

Well, if there's no stolen IP involved in the chip itself - good for them. However, faking FTDI logos etc is still trademark infringement. Of course, fairly tough for a driver to detect...

Agreed with your argument about damaging other people's hardware being bad etc.

Anonymous Dutch Coward
Mushroom

Engaging? Prevent? Doublespeak lives!

"Our engineering team is engaging with FTDI to prevent these problems"

1. Would that be engaging as in engaging in hand-to-hand combat with cutlasses to avoid future problems.... terminally?

2. What problems are these exactly? AFAIU, the driver did what it was supposed to do: disable illegal ripoffs of FTDI chips. Not that I particularly like that idea, but the amount of corporate doublespeak in this short statement is astronomical...

How about if Microsoft stipulate "thou shalt not fry other people's hardware using a driver" as a rule for driver submissions?

Ubuntu's shiny 10th birthday Unicorn: An upgrade fantasy

Anonymous Dutch Coward

Re: The best thing about Ubuntu is...

The best thing about Ubuntu is Debian :)

... though I wonder whether it will survive systemd...

Happy 2nd birthday, Windows 8 and Surface: Anatomy of a disaster

Anonymous Dutch Coward
Coat

Re: Snatching defeat from the jaws of victory...

What people want is obviously not the same as what they say they want.

Even for men.

Yes, that's my coat, with the gender stereotype badge...

Microsoft promises Windows 10 will mean two-factor auth for all

Anonymous Dutch Coward

Re: 2-Factor Authentication?

Where in the article does it say smartphones would be the only 2 factor authentication method supported?

Anonymous Dutch Coward
Pint

Re: What?

@Khaptain: great insight... and I see visions of a certain Rome-headquartered[1] organisation complete with political infighting etc.

ROFLMAO right now...

[1] But of course only physically in the city of Rome - tax wise and legally there's a quite different situation...

FedEx helps deliver THOUSANDS of spam messages DIRECT to its Blighty customers

Anonymous Dutch Coward
Thumb Up

Subtitle

Haven't even read article, but kudos for that subtitle!

How much is Microsoft earning from its Android taxes again?

Anonymous Dutch Coward
Coffee/keyboard

Re: Microsoft scrapping WP royalties

"Cloudbile" - great term for their "strategy": feeling nauseous already ;)

Linux systemd dev says open source is 'SICK', kernel community 'awful'

Anonymous Dutch Coward

Re: Bias

@Craigness: if I could have upvoted you multiple times, I would have. Spot on.

Chinese researchers develop fuzzy search algorithm for encrypted cloud data

Anonymous Dutch Coward
Coat

Re: ?

Yes, the article seems a bit ehrm... fuzzy on that aspect...

Apple, Google mobe encryption good news... for TERRORISTS – EU top cop

Anonymous Dutch Coward
Black Helicopters

Re: Knowing the difference

Agreed. And ditto but even more so for politicians.

Hong Kong protest puts mesh nets to the test in state censorship smash

Anonymous Dutch Coward
Black Helicopters

Freedom fighters versus paedophiles

Encryption by Hong Kong student protesting = good (see article)

Encryption by US citizens going about their lawful business = bad (US Govt; see earlier article)

No contradiction here, no none at all...

And yes, I know the company behind Firechat <> US Govt but still, US Navy did sponsor Tor whose goals include overseas dissidents communicating encrypted (given recent revalations: ...but who knows with what NSA backdoor).

Cynical? Me? Nah.

Scrapping the Human Rights Act: What about privacy and freedom of expression?

Anonymous Dutch Coward

Re: At first they came for the Paedophiles

Could be. The point is still valid.

Shellshock: 'Larger scale attack' on its way, warn securo-bods

Anonymous Dutch Coward

Re: The problem is...

I appreciate your sentiments but...

If you were running that infrastructure, why would you allow access to those routers and embedded systems in the first place? Using things like management VLANs, VPN, SSH and doubtlessly more modern stuff I haven't kept up with?

Ok, critical web server with CGI+bash vulnerability I can understand...

Bruges Booze tubes to pump LOVELY BEER underneath city

Anonymous Dutch Coward

Re: Ieper

D'accord. C'est enervant.

Brocade's Vyatta gets OpenDaylight controller

Anonymous Dutch Coward

Re: Vyatta and open source

Don't know. Jumped ship for my home setup to another platform...

But yes, the web page/commit log etc does look nice...

Anonymous Dutch Coward
Mushroom

Vyatta and open source

"Where the value comes from is to have the community develop the project – that's what leads what to community, collaboration and innovation"

Given the way Vyatta/Brocade killed any community involvement, basically yanked open source Vyatta, didn't accept patches etc, I'm choosing to insert hearty sarcastic laughter rather than the alternative wailing and gnashing of teeth.

Pull the other one, it's got bells on.

Patch Bash NOW: 'Shellshock' bug blasts OS X, Linux systems wide open

Anonymous Dutch Coward
Linux

Re: Busybox

Yes, they often do. Once again security researchers shout very loudly "biggest hole since whenever"... while reality is a bit more nuanced.

Seems to me that crying wolf all the time is hardly a worthwile strategy to pursue (but of course it is commercially almost imperative given the competition between various security outfits).

Given all that there are probably still routers etc that do run bash... but definitely not all of them.

Anonymous Dutch Coward

Re: Wow, just wow

Well, talking about the network management layer separation: there is a reason for defense in depth. Of course it doesn't eliminate the problem, but mitigates it.

Agreed with the remarks re the web server privileges...

Hacker publishes tech support phone scammer slammer

Anonymous Dutch Coward

Tens of millions of users

Used by tens of millions of users? Really? Or do you mean tens of millions of victims - which sounds also quite large but who knows!?!?

Microsoft to patch ASP.NET mess even if you don't

Anonymous Dutch Coward
Coat

MS changing your server behinder your back?

"How exactly do you envisage MS changing the behaviour on your server if you don't install the update?"

Easy. They'll use the NSA/FSB/Chinese State Security backdoor of course...

IT jargon is absolutely REAMED with sexual double-entendres

Anonymous Dutch Coward

Re: Once upon a time

And the stiffy is apparently still up (oops) and about: I gather it now denotes a USB stick... which probably leads to a lot of possible innuendo I'm not capable of due to caffeine deprivation...

Google recommends pronounceable passwords

Anonymous Dutch Coward

Re: VMS had this in the early 80s

Sensible folks, the Danes.

Weekend reads: Perfidia, Fatherland and The Incredible Unlikeliness of Being

Anonymous Dutch Coward
Coat

I'll pass

Sorry Mark, you lost me last week when you started going on about what music to play with a certain novel.

Those problems are insignificant and childish compared to my problem: do I get my posse of nubile, scantily clad, beautiful girls of the female persuasion to pop green or red grapes into my mouth?

I'll skim the article hoping you do address this searing problem... but I'm not hopeful.

4th Century GOBLET could REVIVE CORPSE of holographic storage

Anonymous Dutch Coward
Joke

Re: Romans: people who knew what's what

Hah - what have the romans ever done for us

SCNR...

Jimbo tells Wikipedians: You CAN'T vote to disable 'key software features'

Anonymous Dutch Coward
Mushroom

@Hans 1: Re: salaried employees

I'm afraid it's not only your Spanish that isn't good.

All well and good that you prefer to use the best tool for the job but if you cannot convince your boss of the need perhaps it's a good idea to

1. go looking for a less toxic environment to work in or

2. see if your own communication skills are lacking

Regards,

yet another random internet user with an opinion

Anonymous Dutch Coward

Re: salaried employees

Yes, but the article is not about paid engineers using the tools but unpaid volunteers that provide (apparently the bulk of the) encyclopaedia content.

Microsoft: Azure isn't ready for biz-critical apps … yet

Anonymous Dutch Coward
Coat

Re: I don't understand

Perhaps ask those guys in Munich about advice for moving to a different OS ;)

Anonymous Dutch Coward

Re: Just contingency planning @Steve Channell

"Satisfying auditors... primitive technology...what they understand"

ROFLMAO. I'd guess about 90% wouldn't understand even a command prompt if you threw it at them. The rest will grasp that cloud is just a different name for a familiar concept.

Perhaps you mean that Business Critical is essential for the business and MS cannot afford to screw up for their OWN sakes (not regulators, auditors etc)... in which case Mark does have a point.

US 911 service needs emergency upgrade and some basic security against scumbags

Anonymous Dutch Coward
Coat

Change emergency number...

I knew what that link was going to be before I clicked on it.... What does that make me, I wonder...

Why hackers won't be able to hijack your next flight - the facts

Anonymous Dutch Coward

Collision avoidance system

The suggestion in the article that pilots may ignore the collision avoidance system blaring sounds like a potentially suicidal thing to do and I really have doubts that is the case.

Why not execute (say - I don't know the exact procedures) a diving turn to the right just to be sure?

Apart from that: nice to hear something fairly optimistic coming out of Defcon...

UK.gov eyes up virtual currencies, fingers red tape dispenser

Anonymous Dutch Coward
Thumb Up

Awesome headline

Wasn't interested enough to read the article (new development in world+government=red tape (always)) but wanted to congratulate the author/editor on the wonderful headline.

Thanks.

Microsoft's Euro cloud darkens: US FEDS can dig into foreign servers

Anonymous Dutch Coward

Paying tax<>control

Yes, but paying tax is not the same as being independent - your parent company may own you and you poor Irish subsidiary may be making massive *cough* profits due to trading with said parent company and then proceed to say pay a lower tax rate than the parent company would.

Or something.

But your US parent company still owns you=>has control. (Though I agree popcorn may be in short supply if Irish judges/privacy commissioners get involved for the opposite view)

Only '3% of web servers in top corps' fully fixed after Heartbleed snafu

Anonymous Dutch Coward
Flame

Strange comment

"Mopping up after an incident isn't as simple as it used to be," ...bla... "You can't just stick a patch on and call it done."

Well, it depends on the issue and the patch, doesn't it? A current patch for a buffer overflow would be very simple to apply and forget, as usual. Otherwise I'd like that guy to tell me what exactly changed in the environment that would cause his comment to be true...

Does this guy happen to sell custom vulnerability mitigation stuff/consultancy services or something?

14 antivirus apps found to have security problems

Anonymous Dutch Coward
Flame

@Lost all faith: notifying vendors

Indeed. Or should that part read as:

"The largest vendors weren't notified as we couldn't be bothered making the effort and had to get the PDF out of the door with the minimum amount of costs and time in order to get the most bang for our PR buck"

Page: