Re: Something in the water?
Not unique to the UK, but unhappily frequent anywhere near a Govt pork barrel.
It does lead you to wonder if outright bribes like in certain other parts of the world are ironically more honest.
3884 publicly visible posts • joined 22 Jun 2009
Im still unclear on why he needed to keep ANY data other than a couple of screenshots.
Using the leaked creds once is technically unauthorised access even if just checking they work. Using them to exfiltrate data (which is what appears to have happened) goes way beyond the pale regardless of how well intentioned he might have been.
I do think from a technie point of view the company over-reacted but that just human nature and security "researchers" should be aware and prepared for this.
FWIW I think the guy went from White Hat to Grey Hat when he stopped confining his work to disclosing the hole, and instead appears to have appropriated the data as "evidence" either to avoid the company covering it up, or for academic curiosity. It wasnt his job to investigate the extent of the breach.
Regardless of how egregious the hole discovered making moral judgements about a companies response or potential response is out of the scope of White Hattery and emotionally and corporately naive. You shouldn't be doing this activity for anything more your own satisfaction, and should not be expecting anything more than a grudging acknowledgement and cover up, and if such a thing occurs - unless that breaks a local disclosure law - you dont get to judge.
Indeed. It almost sounded like the medical types were at risk at applying the same standards to the software as to the hardware which might be overkill in a read only application like this.
Get the hardware right (and safe and certified!) and the software will come along behind it. I'm guessing there would be plenty of people willing to spend an hour a day retraining the ML if it lets them communicate well for the rest of the day if they knew the implant is safe.
Thats a rather naive and blanket statement.
On prem is fractionally safer if done well in your own wholly owned DC or Cupboard (are you checking the minimum wage cleaners access?) - but how many companies actually do that? Let alone a Public requirement contracted out to the lowest bidder or an MP's bestie.
However by default a lot more effort has gone into making the the Cloud DC's and their services secure by design, and they are unlikely to be addressable to a random Googler.
With a State actor all bets are off anyway - I would go out on a limb and say they are equally at risk as the compromise is probably at the network/infratstructure/factory level.
You need to be clearer on where to direct your ire. Which is on the current Government who are failing to enact a series of recommendations to clean up Private Prosecutions made by the relevant Parliamentary Committee 6 months ago. I encourage you to Google for it - makes good reading.
I think you are misunderstanding the role of the judge in the proceedings. The question you should be asking is how the PO was able to deny/bury material that should have been available to the defence team.
I suspect but don’t know that a number of cases did not proceed when a savvy defense solicitor or barrister was involved and it was dependent on luck of the draw and financial resources for the SPO’s involved.
Complete fail.
Manufacturing beats breeding & training.
Once you come up with a way of mechanising something you can scale up kit as quickly as you can get the raw materials and equipment to make it.
Breeding & training a new sniffer dog takes over a year and if similar to guide dogs has a high washout rate.
Unless you are suggesting mass scale puppy farms and industrialised training? That would go down well with the public.
Its one of the reasons we are driving cars rather than still riding horses. That and the vast quantities of poop. Which come to think of it is an issue with this idea too.:D
Headline grabbing cobblers.
My academic attention whore alarm is going off.
The same can be said for any broadband service, which is why they have lots of ways of dealing with it, most of which will be applicable to Starlink.
I would also note that the solution for Starlink is to throw more birds in the air and on a per user basis it’s probably cheaper than digging holes in the ground.
Thats a naive statement. Its possible to get quiet co-operation for these sort of activities if the approach is right. It happens all the time in corporate environments.
This was lazy unethical behaviour - I suspect because they couldn't be bothered to get co-operation or were frightened of being told no.
Hmm.
Given that SpaceX is also throwing up entire satellite constellations in volumes few others can match, I think this is a score-draw at best.
I'm no rocket scientist but if a couple of Starlink birds collide I reckon we are right royally f*cked.
Since when have GCHQ been good at anything other than electronic eavesdropping or lobbying for encryption backdoors? Its a disingenuous statement from a former member of an organisation who has contributed to the problem by hoarding and not reporting zero days and the like. The intelligence agencies are a large part of the problem.
Banning coverage or payouts is a dumb suggestion. Its no surprise to see technocrats trying to avoid the problem (partially of the industries own making) and ignore fundamental human and business realities that are much much harder to fix.
If this starts hurting insurances companies bottom lines then they will start taking action - such as setting minimum standards for coverage - but that wont address the core of the problem.
Its predicated on the false assumption that people buy the insurance rather than fix their legacy software and hardware estates, and its also predicated that IT is the fundamental reason a business exists rather than a useful tool like accounting or sales people.
There will always ransomware vulnerabilities just as there will always be fire risk in a physical premises. Suggesting that tackling a consequence rather than the multiple causes (human nature, Government behaviour, Vendor software development practises, designed in obsolesce etc etc) is just lazy and clickbait-ish.
Not entirely sure what your point is. They got a substantial payrise post year 2, maybe not as much as they might have got on the open market, going from the one sample we know about, but they only had to stick it out for a few more months to get off the debt scott free.
They got a career jump start thanks to employer A, and Employer A doesn't appear to have put them into serfdom to do it. They may not like it but it appears the judge also thought the company had been pretty even handed.
I suspect they jumped ship before realising how much they would be clobbered then attempted a tribunal as a way of getting back.
My sympathy for these 2 guys is limited tbh.
Presumably the complainants could have documented this lack of quality prior to the Tribunal. Either they didn't or the Judge wasn't convinced.
Not sure I have much sympathy for them tbh. It was well documented in their initial contracts and they knew what they were getting into, especially as they only had to stick it out another year to get the debt written off. I definitely have no sympathy for the guy who got a £10+ payrise upon leaving.
@Jake. I dont think Occam's Razor says what you think it says. The simplest explanation, with plenty of "prior art" to back it up, is that Stallman is/was has some douchebag opinions towards women - particularly young ones. It takes very little to assume that attitude bleeds over into actions.
Deloitte didn't assure HP of anything specifically, other than assuring *the world* the books of Autonomy had passed their yearly IFRS audit. A bad audit doesn't necessarily follow that a valuation for an acquisition was wrong.
HP hired KMPG to do due diligence on the acquisition of Autonomy, then their CEO failed to read the preliminary report (the CFO appears to have been fired for reading it and advising against the acquisition), then failed to wait for KPMG to complete their due diligence before signing on the dotted line with Autonomy.
The rest of your supposition seems plausible though. With one extra - if HP were hurt so badly by Deloitte's alleged dodgy auditing - why did they settle for $45m?
0. Anyone who was anyone knew HP overpaid. If you look at the comments section of the Reg stories at the time they are either OMFG or PMSL about HP.
1. Funnily enough the UK Fraud authorities declined to prosecute in this this case which suggests that a) at worst there wasn't enough evidence to prove fraud or b) at best everything was above board.
2. Auditors - see above. Plus the value of the deals highlighted is some tiny fraction of Autonomy revenues at the time. From memory it was essentially immaterial in a financial sense, a couple of % of sales but nothing that was justified
3. GAAP <> IFRS. HPE appear to have had very little understanding of the differences.
4. The due diligence wasn't even completed AND the preliminary report never read. HPE had literally no idea wether they were buying a Tesla or a Model T.
Anyone of these points alone puts HPE on dodgy ground, all 4 would make me very surprised if they succeed.
Also some nuance for the USians. This is a civil case - where judgement is made on the balance of probabilities of something alleged being true, the burden of proof is lower than a criminal trial. If this goes against HPE, Lynch will have a mega strong argument against extradition, as it begins to look like Uncle Sam the bully again.
What happens when the reviewing process starts getting gamed? Either by Bots or by some faction who manages to pile a load of reviewers in under the radar.
A sticky plaster at best....
This is all the result of the friction of sharing communication being reduced to near zero. Our social and intellectual models haven't evolved to cope yet. Metaphorically we are still at the point of pointing and grunting on the plains of Africa as far as our ability to handle electronic communications is concerned.
You mean getting your pal in London to raise unsubstantiated allegations under parliamentary privilege, knowing full well that the Scottish MSP's dont have that same advantage (which is what all the redactions were about) - because the Scottish Parliament doesn't have that privilege, thus they are at risk of Contempt of Court, unlike Westminster.
A fact all the opposition MSP's on the committee and Salmond knew, but were careful not to acknowledge in public so as to stir the waters.
Sturgeon's a leading politician who probably didn't get to where she is by keeping her hands clean but at least she appears to have kept them to herself, unlike Salmond.
The rest of them dont give a damn about the women involved being abused again, as long as they have a stick to beat the SNP with prior to an election that could lead to an SNP majority, which would lead to all the laughably called unionist parties reaping the Brexit whirlwind in the finest piece of political karma the rUK has seen for a century. I for one will be bringing the popcorn.
In short - go away troll.
Once ousted I would seriously recommend they use some of the money saved from their enormous salaries to fund a forensic accountant to go over the books with a fine tooth comb.
Whats the betting if they haven't already there are massive golden parachutes built into the CEO's contracts?
Its also seems possible that the board has failed in its duty to hold the management to account. There should be an investigation and a recommendation that those doing so are barred from holding board positions again.
Did you actually mean to say the opaque and propreitary SQL needed by DBA's to tune the system has been hidden away behind the scenes, or did you really mean to say access to SQL in general has been hidden? If so it might have been helpful to be more clear whats replaced it, because from reading the article I dont have a clue.
Eeerr did it ever occur to you that trying to do a job with the big boss man changing every 5 minutes because they've groped the help or because the strategy (tactics) change to another "sure fire vote winner" might be a little more tricky than working in your average corporate?
Whilst Im sure the ability of people in the Civil service has a similar range from time-servers to super bright diligent people, they have many many more rules than the average corporate, and likely a bunch of tossers as CxO equivalents that make the private sector paragons of virtue.
The real problem is that the UK is a super tanker and changing course is the work of years and not amenable to politicians whims and fancies. Plus the fact that some of the problems they have to solve are NP hard.