Is there anything going on this weekend, sir? When I took a shower, spies in space were watching me.
I know this because I just figured out the weak link in my home defense: it is the boiler. My neighbors just need to lock their front door and they will feel safe. Me, I'm in danger every time I turn on the hot water tap.
Maybe I'd better explain it. It all started with the office shredder.
Many years ago, Ms. D bought a small electric document shredder that can be purchased from a stationery store. It solves the problem of dealing with direct marketing letters that often appeared in emails in the past. We don’t want to throw them into the waste paper recycling bin unopened, because direct mail is highly personalized in terms of name, address, promotional code, customer number, etc. What if a naughty person browses through my spam in the recycling center and finds all this potentially profitable data?
My paranoia about garbage sorting began early in my career. Ha ha ha ha. (Sorry, calling my work life "professional" always makes me laugh.)
In the first year of my first real job, working at the current IDG Communications, the publisher of the computer world and one or two others, the legendary founder and head of the organization Pat McGovern, came to our distant The London outposts promote our new magazines, gather troops, and usually try to find out why we are still not profitable. Once Pat talks to each employee individually—this is how Pat does: no group presentations, no presentations—our general manager officially takes him out for lunch.
They have been away for a long time, even for business lunches, or even the 1980s with double-breasted and shoulder pads. When our MD finally returned when the rest of us left the office, he was awake but exhausted. "He went through the trash can!" he reported.
We were stunned. Our trash can? Back out? Did he see the mouse? We have a lot of things, and they are also big bastards.
"No, it's not our trash can. Theirs."
It turned out that Pat insisted on driving around London after dinner to see where other computer magazine publishers are located in the city. After stopping outside the office building of our main competitor (called VNU at the time), Pat jumped out of the car and ran along the alley next to the building. Our MD found him in the back of the office, and he was rummaging through the cabinet, looking for evidence of guilt about something or other things.
"That's right." He tore the lining of another trash can and found piles of wide dot matrix printouts, all zigzags with horizontal green stripes and complete perforated sprocket holes. VNU's internal financial reports are also kept intact on these printouts. It is indeed a bingo game.
So you see, I am not overly cautious. It's just that when I took out the trash the night before the collection day, I didn't want to see Zuckerberg rummaged in my paper recycling bin, and Pichai sifted orange peels and coffee grains in the composter.
Breaking in through the front door is outdated. Smart people find their way through your weakest link, and you will be naively left unattended. Our file shredder should close that particular back door.
In the early days of owning a paper shredder, one thing that Ms. D and you really disagree with is what else should be input into it. She felt that anything showing our postal address should be shredded. Obviously, this should include handwritten envelopes containing birthday cards for friends and family.
You are paranoid, I told her. Our address is not a secret. The postman knew where we lived from the beginning. Our neighbors also know it. A passerby walking a dog on the street may randomly look up and notice our house; then they will know our address. Countless monkeys with typewriters may erase the lines...
Just as you are free from crime, let your indulgence set me free.
Mrs. D calmly explained the "puzzle recognition" to me for the first time, and I became as paranoid as her in a timely manner. We abandoned the cheap wide shredders and switched to shredders that cut documents into thinner strips. Then, over the years, we have repeatedly upgraded: from crosscutting to super crosscutting, and then to extreme crosscutting. We are currently editing an absolutely bloody rampage.
It is always the smallest thing, seemingly unimportant information to complete the puzzle. Or, the most innocent data may be the master key to your personal data. You just need to see how to use harmless things like website icons to persuade you to pry away your own data and make you feel uneasy.
The fragility of all this also impressed me deeply. It turns out that the US diplomat whose iPhone was hacked by NSO Group software was not disappointed by hardware or poor personal security measures. They could have avoided the whole problem by using phone numbers that start with +1.
So I can easily understand that Kamala Harris is reluctant to use Bluetooth headsets. Bluetooth encryption is very easy to crack, and for the one-meter cable, those top-secret conversations may not be worth leaking. Me, I have been using Bluetooth earbuds, but I don't care if anyone wants to deaf by listening to certain industrial metals.
= "Bingo" moments of malicious actors. Oops, I need a cold shower.
After collecting 1 billion pieces of meaningless puzzle data, I selectively fed the data back to IKEA. The flat packaging giant no longer tried to sell me squeaky furniture, but started to give me a bit ridiculously Send a quote for installing photovoltaic panels on my roof. In a moment of weakness, I gave in and sought an offer.
When I got that sentence, I discovered two things. First of all, I found that it only takes nine years to regain the return on investment: I can save one euro on the bill for nine full years.
Secondly, I realized that you can recognize my house from space.
Of course, everyone can see their home in the satellite view of Google Maps. But the quotation process requires me to identify mine and track the roof area. How do I recognize my own roof in a row of identical townhouses?
Ah, I forgot. There is an old-fashioned solar panel on my roof; a kind of heating water in a boiler when the sun is shining. None of my neighbors have these. You can see my roof a mile away. In fact, about 1,000 miles upward.
Conspiracy theorists and even the mayor here believe that real-time usage data collected by their Linky smart meters will inform electricity providers when they are at home and when they are out. Well, thanks to the spy in the sky, the shapeshifter snatched another piece of the puzzle.
The West Sussex County Council is facing a two-year delay in the implementation of a £7.5 million Oracle ERP project that was provided as a model for the company's competitive position with SAP.
The British public authority, which controls net expenditures of £625 million, plans to replace its 20-year-old SAP ERP system with a new solution based on Oracle Fusion software as a service. According to the 2019 Board of Directors Report [PDF], they plan to put the new system into use by April 2021.
However, another board report [PDF] in May last year stated that the system will be put into use at the end of 2021, when the committee's contract to support German supplier software expires.
According to the Freedom of Information response, the IT failure of the serious incident that caused the delay in the dispatch of ambulances served by the NHS in southern England was attributed to a network failure after routine maintenance.
During the November power outage, the Southeast Coast Ambulance Service (Secamb) urged people to “consider an alternative to 999” while prioritizing patients based on the severity of symptoms.
According to reports from the BBC at the time, the technical incident hindered the dispatch of ambulances.
Apple has updated the operating systems of Mac, iPhone, iPad, Watch and TV Box, and corrected dozens of security issues in the process.
As of this writing, complete details of Apple errors are not available, but many of them sound worthy of quick fixes.
For example, CVE-2021-30986 means that a device running macOS Monterey "may be passively tracked by its Bluetooth MAC address." this is not good.
Infosys and Wipro's technology executives were refused to completely withdraw the instructions of the Securities and Exchange Commission of India (SEBI) due to insider trading allegations.
The Confirmation Order [PDF] relates to an interim order in September 2021 that prohibits Ramit Chaudhari and Keyur Maniar from entering the securities market and seizes 2.62 crore rupees (350,000 USD).
These actions were taken after the two were investigated for insider trading in Infosys stock.
The register can finally reveal the answer to everyone’s question: Who will win the hypothetical battle between Santa Claus and Linus Torvalds?
The winner is...Santa Claus! We made this decision based on the general status of Torvalds' kernel posts this week, who rated the development process of Linux kernel version 5.16 as "quite normal."
"This rc5 may be a bit bigger than usual, but it didn't break any records," Torvalds wrote. "I blame those who tried to finish their work before the holidays, and/or just random time effects."
US President Joe Biden issued an executive order aimed at modernizing government services, especially online services.
The executive order on transforming the federal customer experience and service delivery to rebuild trust in the government argues that improperly designed government services impose a "time tax" on citizens and often disrupt jobs.
Therefore, the order states that the federal government’s service delivery “should be fundamentally determined by customers through human-centered design methods, empirical customer research, an understanding of behavioral science and user testing, especially the understanding of digital services, and other participation mechanisms. Sound driven. ."
Analysis of a critical security vulnerability in Log4j disclosed last week once again calls for rethinking the development, payment and maintenance of open source software, rather than the long-term problem that has really disappeared.
The Log4j vulnerability is an unauthenticated remote code execution vulnerability (CVE-2021-44228) in Apache's open source Java-based Log4j log library (CVE-2021-44228). Because the vulnerability is not difficult to exploit, the software is widely used, and is deeply buried, it is particularly serious and impactful. Profound. In many programs.
The annoyance of a few project maintainers failing to find errors prompted developer Volkan Yazici to express indignation at everyone criticizing the unpaid volunteer work of the maintainers without providing any financial support or contributing code fixes.
The Economic Policy Institute (EPI) published an analysis report accusing the Indian service company HCL of systematically paying wages to American skilled immigrant workers holding H-1B visas.
HCL insists that it abides by Uncle Sam's rules and has done nothing wrong.
In a report released last week, Daniel Costa, head of immigration law and policy research at the American think tank, and Ron Sheila, research assistant, analyzed the HCL PowerPoint presentation [PDF] filed in the United States of America case. Ralph Billington, Michael Aceves and Sharon Dorman v. HCL Technologies LTD. And HCL America, Inc.
Criminals immediately used the widespread Log4j vulnerability to damage the system. Waves of real-time exploitation attempts were mainly focused on-at present-turning infected devices into botnet drones that mine cryptocurrency.
Check Point said this morning that it sees about 100 exploit attempts every minute, as explained in further detail in a blog post.
Apache Log4j is an open source log library written in Java, used in many software packages and online systems around the world. There was news last week that Alibaba security engineer Chen Zhaojun discovered and privately disclosed a trivial remote code execution vulnerability (CVE-2021-44228) in Log4j 2.x (especially 2.14.1 and earlier) on November 24. ) Details.
On Friday night, a strong storm hit an Amazon warehouse in Edwardsville, Illinois, killing six people and killing dozens more in nearby Arkansas, Missouri, Kentucky and Tennessee.
Police in Edwardsville have confirmed that 6 people died in the EF-3 tornado.
"The Edwardsville Fire Department is still working to remove debris from the scene and is working with Amazon representatives to restore the property to their control," Edwardsville Police Chief Michael Philback said in a statement. Point out that everyone working on the site is included.
Amazon released some additional information about the US-East-1 outage last week, showing that when the Internet giant’s own monitoring tools were attacked, its employees had to choose their own way through log files.
Amazon doesn't seem to want to disclose too many technical details about its internal systems. This is somewhat understandable; it is quite possible that some experts will be frightened, others will search for clues to future attacks, and the rest of the world will neither understand nor care. Either way, it may discourage some existing or potential customers.
The Register-Independent news and opinions from the technical community. Partially released
Hand biting IT © 1998–2021