I used to live 1km from the ANPR that was situated on the "ring of steel" near Canary Wharf in London - or, more accurately - my bedroom window was right next to the point that the cop cars would catch up with the non-taxed, non-MOT'd cars after they had cruised through. At the beginning of the month it was about 2 a night that would be stopped as police cars operated a pincer movement around the Isle of Dogs
the slightly scary thing is that you can buy your own ANPR System off the shelf. (I know that geeks can easy create it themselves using motion and some OCR tools - but, imagine selling this to normal people!!
no, it was driveby MySQL vulnerability. using your terrible analogy, it's the equivalent of visiting each organisation across the world looking for a well known safe manufacturer that has a vulnerability in their locking system.
The peoplemarketing database had plain text admin passwords and plain text passwords for all of their users. Scanning through the passwords, they have the usual mix of first names, nouns and "peoplemarketing" (i.e. the name of the site). It's a fashion recruitment database so it's interesting to see the difference in user behaviour compared against a tech audience. This particular organisation has not tweeted or published the hack (do they know?). I was close to picking up the phone (I am local to them) but I'd probably be end up getting arrested before lunchtime. This nearly happened last time when I informed XileClothing.co.uk that I had come across a hack of their user tables.
There is a common denominator: all of the dumps are from MySQL. I haven't scanned some of the sites to check versions and check for known vulns against the versions - but given the distriubution of sites it looks like they've used a script-kiddie attack with potentially a bit of cleverness if it is an unknown vuln.
also - check out some of the hashed passwords. yep, you guessed it: unsalted md5 in a few cases.
they can't change their country any more than we can.
we're both fucked.
the brits are basically good people but they have totally lost control over their gov.
well, this has not gone unnoticed within the UK. The very fabric of the UK is at risk because the "Kingdom of Scotland" (one of the united kingdoms) has a growing independence movement; in fact, it has grown so much that Scotland's devolved parliament currently has a majority pro-independence government - something that the UK government had tried to avoid ever happening. The cracks are appearing and the approach that the UK government is taking does not sit well with some cultures within the UK. The Scottish Governament very quite pissed off when it was found that the UK Government allowed redention flights to refuel at Prestwick without telling anyone.
I just wish Wikileaks had more information about the oppresive anti-independence movement that the UK, it's broadcaster and other quasi-governmental organisations are inflicting on Scotland. e.g. the BBC in Scotland shows endless documentaries about why being British is good etc that are not shown anywhere else in the union. See this A to Z of the propaganda that is inflicted on the Scots...
I was once in a traffic queue on the M25 near the end of the runway when concorde took off. it really shook the car and the kids were screaming their heads off
here in the town where I live in Scotland - where a large proportion of the houses and apartments were built in 1850 to 1890 - there's a reasonably sized trade in custom windows because a lot of the measurements are different in the old buildings - there's not a right angle in our house. Luckily we don't have any round/convex/unusual shaped windows but many of the properties do. Because of this, the price of a custom window is not a lot more than buying off-the-shelf windows. I imagine because there are readily available skills and the actual material price is less than a manufactured PVC framed window.
my van (a Mazda Bongo) has a leisure battery (120Ah) that runs the electronics inside and has optional charging from the engine (if it is running - via Willington cable), solar panels (when out in the sticks) or through a campsite hookup electricity point common in EU campsites.
Whilst the solar panels only provide 26W or so at full sunlight; they do help extend the range of the leisure battery when camped out places. There's some new 80W panels that can bond to the roof (which is a rising roof in a Bongo) that I'm thinking of getting so I can run a better fridge. The nice thing about this is that if the leisure battery is drained; the engine will still start.
Whilst I do have an inverter for 240V, I try to use kit that supports 12V to save on transformer inefficiencies. Every Ah counts!
Exactly the same reasons why I have a Casio GW-2500BD-1AER:.
I've just started wearing my Casio OCW-650T again after 6 months of fishing around looking for my smartphone and continually being late for things; sounds like my casio is similar to yours; it looks like a normal watch but also has the geeky solar panel and it syncs with european radio clocks.
My bank uses a token that require me to insert my debit card into the token, enter my PIN and type in resulting code to log in. For transferring money I need to insert my card, enter PIN, enter code from the screen into token and then type in code from token.
Never heard of a proper bank requiring just a password.
(this is probably a CAP (chip authentication program) 2FA solution) - I was a designer of a CAP 2FA solution for a large uk bank that was commissioned about 4 years ago. The customer uses an EMV card (a debit card in this case) to create a one time code that can be entered into the online system whilst performing a transaction. The CAP standard actually had three operations identify, respond and sign and any CAP reader can be used with any EMV card. (not a lot of people realise this)
identify just responded with a one time code, respond is short for challenge/respond that asked the user for some numerical input (perhaps an account number to which a payment is being made) and sign asked for a numerical input and a value. These are entered into the disconnected, battery operated reader to generate the code. Despite what the clever chappies at cambridge suggest, the latter two had not been successfully breached (that is, up until I left a few years ago). The system cost double digit millions of GBP to put in. I imagine that the pay back on that investment was about 12 months through reduced fraud.
the really clever part about it is that the code that the user enters back into the system contains other data in it that keeps the bank up to date with the card data. so if your card has had a brute force attack then it's likely that it will fail. All the banks I know of used the CAP standard a little differently. there's one that uses a one-time code (identify) with no user input into the card reader - I'd never trust that model - because there's a simple MITM attack possible not unlike our german dude in TFA that used a list of one time codes.
At the time, I had heard that one of the scratch-card one-time code systems somewhere in europe had been targeted by criminals and totally compromised - but I've never heard it in the media. I wonder if this was it?
The current "find" on the Lancashire coast (in England) but it is thought that the gas shale will will extend much further (it just hasn't been properly found yet) to Northern Ireland. Only the northern part of the Irish Sea is in (what might become) Scottish waters.
Central Scotland has had oil shale mining in the 1800's near Broxburn on the outskirts of Edinburgh. If you have been in the area, you can see huge bings at the end of Edinburgh airport's runway and by the M9 motorway - this was from the old mining activity.
google "Extra-Regio Territories" - it's pretty frightening how the Scottish people have been misled by various Westminster parliaments about the value of the north sea. (presumable in an effort to prevent Scotland from becoming politically independent from the UK)
it's quite a news story here in Scotland because it looks like Scotland is to at long last get.scot after a long campaign -- unfortunately, when the treaty of the union of the parliaments between the kingdom of England and the kingdom of Scotland (this is what UK actually means) was produced in 1706, they forgot to add a clause in the articles of union about internet TLD rights for the country. I wonder why.
UK isn't really a country you see; it's just an agreement to unify the political structure of two kingdoms and work as one. It's an artefact that could well change when Scotland goes to the vote to decide whether to remove that union and operate as a self-governed country, or operate as a more devolved parliament with greater powers than currently (not unlike a state in the USA), or indeed stay as-is.
funnily enough,. the nerds here in Scotland weren't too happy about getting.sco and have requested.scot instead!
the requirement in the FA solutionised into some sort of airborn system. The actual requirement seems to be to get up to date pictures of various conditions up in the mountains from multiple locations without the need to travel there. My solution would be to setup a load of automated cameras at key locations and get them to send you a picture at intervals.
I use cheapo chinese imported eBay "Little Acorn" cameras on my mountain bike trails. They are attached to trees and some of them have a SIM card in them so they can text/email me a photo either when their sensors trigger movement or if I program a schedule into them. I think the poster mentioned he was in France, so there should be mobile data coverage in the hills. They are reasonably high res (most are 12MP) and they run on AA batteries that last for 3 months or so. You can get battery extension packs that could last until "next summer" and then hike around and change the batteries twice a year. My cameras survived a couple of bad storms last winter and apart from a few strange pictures when ice froze onto the lens; all went well. I use bike chain locks on mine to lock them to trees etc.
they are cheap, at GBP £100 (E130ish) or so each - you could get 20 of them for the cheapest RC airplane solution and you don't need to worry about crashing an autonomous drone into a schoolbus etc.
The biggest problem is that LED (CREE etc) based streetlights have not yet been ratified by the EU and so cannot be used on public highways in the UK. If they do become ratified then there will be huge power savings. In China, they have whole motorways lit up using this technology. Not only do they burn less power, but the lantern lifetime is much longer than the standard sodium units that have a warranty lifespan of 3 to 5 years.
One of the problems about dimming lanterns is that the lamp post spacing is all based around the lamps at a certain luminenscence and so dimming may create dark zones, or over bright zones. So some careful analysis will be needed about how the lamps dim and whether they dim uniformly or not.
Adobe removed their AIR packages from their repo's even though leaving the old v2.6 AIR was still relevant and useful for a lot of users. One could easily view this as being somewhat vindictive against Linux users because it couldn't have costed them anything just to leave the old version sitting in the repo. I imagine that they will also remove flash from their adobe yum repo making any installation potentially too difficult for many users and makes it harder **even if you want to use an old version of an OS**. They did leave a 32bit binary installtion but that fails in so many ways with complex dependencies.
e.g. I've had to use an old version of Fedora in a virtualbox just to use Balsamiq (the funky wireframe screen builder tool). I spoke to the people at balsamiq telling them about this dependency and they basically said that Adobe won't listen to them (I guess they are too small - but a bit stupid to deliver their product on someone elses platform that they have no control over)
at the UK Life Assurer I work at, there is a prediction originating from actuaries (not medics!) that the first british woman to live to 120 has just retired (at 60 years old). Actuaries spend all their time working with this data in order to price annuities and are pretty good at it.
The difficult political statement is that this anecdoral women, working for 38 to 40 years, has to fund 60 years of retirement (+ care etc). i.e. the current retirement ages are just too young; especially the gold plated final year salary pensions offered to government staff over the last 30 years (although, these are not generally available now).
I tried it yesterday (before o2 removed it) from my mobile phone and it showed a http header with 4478****** which is my number. Clearly there is some sort of transparent proxying going on - one has to wonder what else they are using that proxy for? The cat is out the bag that they are actively proxying port 80 traffic. However, no doubt they'll get no more than a slap on the wrist from the ICO for this breach.
even my parking ticket at the multi-storey carpark at EDI (Edinburgh Airport) issued by the barrier had my number plate printed on it -- for anti fraud, or for marketing - or 'other' purposes?
BMX will lock the wheels when performing tricks (in mid air) - it makes the bike a lot less sluggish to manoeuvre. Mountain bike freeriders/dh'ers will leave the wheels running (usually subconsciously) to help keep the bike pointing in roughly the right direction. [try doing a long fast jump with the wheels locked and it definitely loosens everything up - usually ending in a big crash!] -- can't find any internet citations - except that I do it myself.
Slashdot Mirror
I used to live 1km from the ANPR that was situated on the "ring of steel" near Canary Wharf in London - or, more accurately - my bedroom window was right next to the point that the cop cars would catch up with the non-taxed, non-MOT'd cars after they had cruised through. At the beginning of the month it was about 2 a night that would be stopped as police cars operated a pincer movement around the Isle of Dogs
the slightly scary thing is that you can buy your own ANPR System off the shelf. (I know that geeks can easy create it themselves using motion and some OCR tools - but, imagine selling this to normal people!!
no, it was driveby MySQL vulnerability. using your terrible analogy, it's the equivalent of visiting each organisation across the world looking for a well known safe manufacturer that has a vulnerability in their locking system.
The peoplemarketing database had plain text admin passwords and plain text passwords for all of their users. Scanning through the passwords, they have the usual mix of first names, nouns and "peoplemarketing" (i.e. the name of the site). It's a fashion recruitment database so it's interesting to see the difference in user behaviour compared against a tech audience. This particular organisation has not tweeted or published the hack (do they know?). I was close to picking up the phone (I am local to them) but I'd probably be end up getting arrested before lunchtime. This nearly happened last time when I informed XileClothing.co.uk that I had come across a hack of their user tables.
There is a common denominator: all of the dumps are from MySQL. I haven't scanned some of the sites to check versions and check for known vulns against the versions - but given the distriubution of sites it looks like they've used a script-kiddie attack with potentially a bit of cleverness if it is an unknown vuln.
also - check out some of the hashed passwords. yep, you guessed it: unsalted md5 in a few cases.
oh, CHILL THE FARK OUT.
they can't change their country any more than we can.
we're both fucked.
the brits are basically good people but they have totally lost control over their gov.
well, this has not gone unnoticed within the UK. The very fabric of the UK is at risk because the "Kingdom of Scotland" (one of the united kingdoms) has a growing independence movement; in fact, it has grown so much that Scotland's devolved parliament currently has a majority pro-independence government - something that the UK government had tried to avoid ever happening. The cracks are appearing and the approach that the UK government is taking does not sit well with some cultures within the UK. The Scottish Governament very quite pissed off when it was found that the UK Government allowed redention flights to refuel at Prestwick without telling anyone.
I just wish Wikileaks had more information about the oppresive anti-independence movement that the UK, it's broadcaster and other quasi-governmental organisations are inflicting on Scotland. e.g. the BBC in Scotland shows endless documentaries about why being British is good etc that are not shown anywhere else in the union. See this A to Z of the propaganda that is inflicted on the Scots...
midday and 6 o'clock!
I was once in a traffic queue on the M25 near the end of the runway when concorde took off. it really shook the car and the kids were screaming their heads off
here in the town where I live in Scotland - where a large proportion of the houses and apartments were built in 1850 to 1890 - there's a reasonably sized trade in custom windows because a lot of the measurements are different in the old buildings - there's not a right angle in our house. Luckily we don't have any round/convex/unusual shaped windows but many of the properties do. Because of this, the price of a custom window is not a lot more than buying off-the-shelf windows. I imagine because there are readily available skills and the actual material price is less than a manufactured PVC framed window.
my van (a Mazda Bongo) has a leisure battery (120Ah) that runs the electronics inside and has optional charging from the engine (if it is running - via Willington cable), solar panels (when out in the sticks) or through a campsite hookup electricity point common in EU campsites.
Whilst the solar panels only provide 26W or so at full sunlight; they do help extend the range of the leisure battery when camped out places. There's some new 80W panels that can bond to the roof (which is a rising roof in a Bongo) that I'm thinking of getting so I can run a better fridge. The nice thing about this is that if the leisure battery is drained; the engine will still start.
Whilst I do have an inverter for 240V, I try to use kit that supports 12V to save on transformer inefficiencies. Every Ah counts!
own up, who used the password slashdot - 0000003627a75d6c96a3d965247584a78779bc3d
Is it you cowboy neal?
the password "slashdot" 0000003627a75d6c96a3d965247584a78779bc3d has been used
Exactly the same reasons why I have a Casio GW-2500BD-1AER:.
I've just started wearing my Casio OCW-650T again after 6 months of fishing around looking for my smartphone and continually being late for things; sounds like my casio is similar to yours; it looks like a normal watch but also has the geeky solar panel and it syncs with european radio clocks.
My bank uses a token that require me to insert my debit card into the token, enter my PIN and type in resulting code to log in. For transferring money I need to insert my card, enter PIN, enter code from the screen into token and then type in code from token.
Never heard of a proper bank requiring just a password.
(this is probably a CAP (chip authentication program) 2FA solution) - I was a designer of a CAP 2FA solution for a large uk bank that was commissioned about 4 years ago. The customer uses an EMV card (a debit card in this case) to create a one time code that can be entered into the online system whilst performing a transaction. The CAP standard actually had three operations identify, respond and sign and any CAP reader can be used with any EMV card. (not a lot of people realise this)
identify just responded with a one time code, respond is short for challenge/respond that asked the user for some numerical input (perhaps an account number to which a payment is being made) and sign asked for a numerical input and a value. These are entered into the disconnected, battery operated reader to generate the code. Despite what the clever chappies at cambridge suggest, the latter two had not been successfully breached (that is, up until I left a few years ago). The system cost double digit millions of GBP to put in. I imagine that the pay back on that investment was about 12 months through reduced fraud.
the really clever part about it is that the code that the user enters back into the system contains other data in it that keeps the bank up to date with the card data. so if your card has had a brute force attack then it's likely that it will fail. All the banks I know of used the CAP standard a little differently. there's one that uses a one-time code (identify) with no user input into the card reader - I'd never trust that model - because there's a simple MITM attack possible not unlike our german dude in TFA that used a list of one time codes.
At the time, I had heard that one of the scratch-card one-time code systems somewhere in europe had been targeted by criminals and totally compromised - but I've never heard it in the media. I wonder if this was it?
The current "find" on the Lancashire coast (in England) but it is thought that the gas shale will will extend much further (it just hasn't been properly found yet) to Northern Ireland. Only the northern part of the Irish Sea is in (what might become) Scottish waters.
Central Scotland has had oil shale mining in the 1800's near Broxburn on the outskirts of Edinburgh. If you have been in the area, you can see huge bings at the end of Edinburgh airport's runway and by the M9 motorway - this was from the old mining activity.
the sad truth is that the former UK will no longer be able to afford a military either.
google "Extra-Regio Territories" - it's pretty frightening how the Scottish people have been misled by various Westminster parliaments about the value of the north sea. (presumable in an effort to prevent Scotland from becoming politically independent from the UK)
it's quite a news story here in Scotland because it looks like Scotland is to at long last get .scot after a long campaign -- unfortunately, when the treaty of the union of the parliaments between the kingdom of England and the kingdom of Scotland (this is what UK actually means) was produced in 1706, they forgot to add a clause in the articles of union about internet TLD rights for the country. I wonder why.
UK isn't really a country you see; it's just an agreement to unify the political structure of two kingdoms and work as one. It's an artefact that could well change when Scotland goes to the vote to decide whether to remove that union and operate as a self-governed country, or operate as a more devolved parliament with greater powers than currently (not unlike a state in the USA), or indeed stay as-is.
funnily enough,. the nerds here in Scotland weren't too happy about getting .sco and have requested .scot instead!
the requirement in the FA solutionised into some sort of airborn system. The actual requirement seems to be to get up to date pictures of various conditions up in the mountains from multiple locations without the need to travel there. My solution would be to setup a load of automated cameras at key locations and get them to send you a picture at intervals.
I use cheapo chinese imported eBay "Little Acorn" cameras on my mountain bike trails. They are attached to trees and some of them have a SIM card in them so they can text/email me a photo either when their sensors trigger movement or if I program a schedule into them. I think the poster mentioned he was in France, so there should be mobile data coverage in the hills. They are reasonably high res (most are 12MP) and they run on AA batteries that last for 3 months or so. You can get battery extension packs that could last until "next summer" and then hike around and change the batteries twice a year. My cameras survived a couple of bad storms last winter and apart from a few strange pictures when ice froze onto the lens; all went well. I use bike chain locks on mine to lock them to trees etc.
they are cheap, at GBP £100 (E130ish) or so each - you could get 20 of them for the cheapest RC airplane solution and you don't need to worry about crashing an autonomous drone into a schoolbus etc.
It'd be ironic if they destroyed the wall, instead of finding a Da Vinci masterpiece, found a dead cat.
The biggest problem is that LED (CREE etc) based streetlights have not yet been ratified by the EU and so cannot be used on public highways in the UK. If they do become ratified then there will be huge power savings. In China, they have whole motorways lit up using this technology. Not only do they burn less power, but the lantern lifetime is much longer than the standard sodium units that have a warranty lifespan of 3 to 5 years.
One of the problems about dimming lanterns is that the lamp post spacing is all based around the lamps at a certain luminenscence and so dimming may create dark zones, or over bright zones. So some careful analysis will be needed about how the lamps dim and whether they dim uniformly or not.
Adobe removed their AIR packages from their repo's even though leaving the old v2.6 AIR was still relevant and useful for a lot of users. One could easily view this as being somewhat vindictive against Linux users because it couldn't have costed them anything just to leave the old version sitting in the repo. I imagine that they will also remove flash from their adobe yum repo making any installation potentially too difficult for many users and makes it harder **even if you want to use an old version of an OS**. They did leave a 32bit binary installtion but that fails in so many ways with complex dependencies.
e.g. I've had to use an old version of Fedora in a virtualbox just to use Balsamiq (the funky wireframe screen builder tool). I spoke to the people at balsamiq telling them about this dependency and they basically said that Adobe won't listen to them (I guess they are too small - but a bit stupid to deliver their product on someone elses platform that they have no control over)
at the UK Life Assurer I work at, there is a prediction originating from actuaries (not medics!) that the first british woman to live to 120 has just retired (at 60 years old). Actuaries spend all their time working with this data in order to price annuities and are pretty good at it.
The difficult political statement is that this anecdoral women, working for 38 to 40 years, has to fund 60 years of retirement (+ care etc). i.e. the current retirement ages are just too young; especially the gold plated final year salary pensions offered to government staff over the last 30 years (although, these are not generally available now).
I tried it yesterday (before o2 removed it) from my mobile phone and it showed a http header with 4478****** which is my number. Clearly there is some sort of transparent proxying going on - one has to wonder what else they are using that proxy for? The cat is out the bag that they are actively proxying port 80 traffic. However, no doubt they'll get no more than a slap on the wrist from the ICO for this breach.
even my parking ticket at the multi-storey carpark at EDI (Edinburgh Airport) issued by the barrier had my number plate printed on it -- for anti fraud, or for marketing - or 'other' purposes?
to prove the parent posters assertion - just try riding a bike with a negative rake.
BMX will lock the wheels when performing tricks (in mid air) - it makes the bike a lot less sluggish to manoeuvre. Mountain bike freeriders/dh'ers will leave the wheels running (usually subconsciously) to help keep the bike pointing in roughly the right direction. [try doing a long fast jump with the wheels locked and it definitely loosens everything up - usually ending in a big crash!] -- can't find any internet citations - except that I do it myself.
citations for the chappie who called BS. These are quite isolated communities and so when the comms went down it caused chaos.
1. BBC, Jamming suspended
2: The Scotsman, mentions telecoms + internet problems
sorry, haven't found anything remotely tech from the comms companies.