Re: Wouldnt
Wouldn't the practical solution to this be putting POS systems on an isolated network of their own with no net access?
Don't POS systems require net access to carry out card verification etc?
4259 publicly visible posts • joined 19 May 2010
I think they should prohibit the consumption of alchohol, it presents a far greater risk to "a broad spectrum of individual and public health impacts and societal harms".
They could make it an amendment of the Constitution, for greater impact, perhaps.
What do you mean "they tried that already"?
The problem has got so bad that I'm typing this while driving the number 38 bus through Piccadilly Circus.
Unless you're eating a sandwich and drinking coffee out of a thermos mug at the same time as driving the bus and texting, you're not doing it right...
The more I read about the Misco outage the more I wonder just what "Datacentre" means in their case.
Picture a standard bit-barn - usually a prefab building the size of a soccer field:
you walk in the front door , and (if it's any decent bit-barn) you have to go through various physical security checks.
Having passed them, you go through the security gate / airlock into the data-floor, which may be divided into separate halls, or for our purposes is just a single massive area.
Off in the distance, in the middle of an otherwise bare floor, stands a single 42U rack, and as we get closer, we can see that it's partially populated.
Close up, we see a firewall, a switch, a few ethernet cables and a 2U server with "Web1" written across the lid in marker pen, under the dust. On the floor of the rack is a box of floppies, marked "backup".
That's it ladies and gents, there's Misco's robust e-commerce front-end...
:)
“Moving forward we’ll be moving our infrastructure to a cloud platform so we have continuity of service and are not relying on a back-up fail over failing”.
Typical management knee-jerk reaction. What they should do is look at what they spent on DR (clearly very little) and then work out a revised plan which actually works.
If they want to transfer it all to public cloud offerings, fair enough, but it won't magically give them "continuity of service" unless they put the work in.
They still need the same sort of planning - "cloud" is not magically robust, if you lose a server, and don't have any form of DR, then you're stuffed, no matter where it's hosted.
Train them in-house! Just like big companies used to do.
Umm, TFA says:
"To meet the growing global demand for cybersecurity services and address the skills shortage in the sector, BT expects to take-on and train 170 graduates and apprentices, as part of its 900 recruitment intake in the next 12 months," said the company.
Laser powered spaceflight has been mooted, and even demonstrated experimentally, but the idea that they can aim the laser accurately enough through the atmosphere to propel something the size of a postage stamp is surely piling on more complexity than they needed to?
It would of course also be quite useful as a ground based weapon...
Johnson County eh?
You couldn't make it up...
Johnson: [Noticing Dr. Evil's spaceship on radar] Colonel, you better have a look at this radar.
Colonel: What is it, son?
Johnson: I don't know, sir, but it looks like a giant--
Jet Pilot: Dick.
Dick: Yeah?
Jet Pilot: Take a look out of starboard.
Dick: Oh my God, it looks like a huge--
Bird-Watching Woman: Pecker.
Bird-Watching Man: [raising binoculars] Ooh, Where?
Bird-Watching Woman: Wait, that's not a woodpecker, it looks like someone's--
Army Sergeant: Privates! We have reports of an unidentified flying object. It has a long, smooth shaft, complete with--
Baseball Umpire: Two balls.
[looking up from game]
Baseball Umpire: What is that. It looks just like an enormous--
Chinese Teacher: Wang, pay attention!
Wang: I was distracted by that giant flying--
Musician: Willie.
Willie Nelson: Yeah?
Musician: What's that?
Willie Nelson: [squints] Well, that looks like a giant--
Colonel: Johnson?!
Johnson: Yes, sir?
Colonel: Get on the horn to British Intelligence and let them know about this.
I love this bit:
A spokesman from Intelliagg explained: “The dark web is renowned for illicit and illegal trade, unmonitored and anonymous. Not any more. We have successfully penetrated into the darkest parts using specialist software and our expertise.
Yeah, so they know how to use a TOR browser and a port scanner... whoop-de-doo...
It depends what you call the "dark web".
Do they just mean .onion sites, or do they include sites that don't have a DNS lookup, or which serve on non-standard ports?
There must be thousands, if not millions of the latter.
Lots of companies, ours included, have web sites and services accessible on the internet which are for company use, and don't appear in DNS or use standard ports, or only accept connections from certain IP ranges. Are these all counted as the dark web?
EDIT: JimC got in before me :)
Not sure why you are making such a big thing about this, various countries already require proof from companies before allowing them to register a domain.
Note that this is FOR COMPANIES, not for individuals.
I recently had reason to have to register a .fr domain for a company. The requirements for this were very strict indeed.
I don't recall there being a big story about France's domain registration policies?
Amazon seem to be going to great lengths with this drone delivery idea - but do they really not recognise what a stupid idea it is?
Apart from the lack of range of the drones, they are going to be shot at, or hijacked, or otherwise interfered with.
And if that isn't the case, how do they deliver to anyone who doesn't live in an idealised American home with a white picket fence and front yard?
Let's see a drone delivering to an apartment block in the middle of a city!
obligated is a perfectly valid word (cromulent, even!), not made up as you claim.
Its use in the sentence you fail to quote is correct.
The board is also obligated to explain its reasoning if it does reject that advice
Obligated and obliged both mean "to be morally required to do something", however in normal use obligated is used where the subject has no choice in the matter, whereas obliged is more like being indebted to someone.
Brussels, with its airport now becoming famous for not doing even basic security checks.
What? Which security checks would you expect to see, and where?
At check-in? At the front door? At the unloading point? In the car park?
It doesn't matter where you start the security, you will always have a point before it which is vulnerable.
They should be concentrating on dealing more effectively with the data they already have, not trying to add to it.
The haystack is big enough already, they need more people with magnets to sift through and find the needles.
And then, they need to use that information appropriately, not keep it secret. Once again, it appears, the security services were aware of at least one of the Brussels attackers, but they didn't release that information to the people that mattered.
I wonder whether (whatever the actual outcome) the FBI will triumphantly announce their finding of (unspecified) incriminating data on the phone, just to justify their law suit.
I really can't see them going "ah, well actually there wasn't anything worth having on there, sorry to have bothered you..."
What we need is production databases that require 2FA or 2 user auth to run DELETE and DROP commands :p
Or possibly Sysadmins who stop and check, and then check again, before deleting anything, ever.
My thought is that he restored a duff backup over the top of the live database, instead of creating a copy.
Current versions of Windows, even the workstation versions have SMB enabled by default
I'm not sure that's true of anything after Vista, to the best of my knowledge the Windows firewall blocks SMB traffic, and the "File and Printer Sharing" and "Network Discovery" services are disabled by default.
I remember my school had the RM 480Zs, although I had left by then, but my younger brother got to play with them.
The school my Dad taught at, in Sheffield, got Sharp MZ80A's though, I remember him bringing one home to "test"... ahem... as he was the member of staff responsible for AV resources - which included computers, in those days.
@boltar
"Do you really want to see physical searches before you are allowed on a train? "
What, like the ones you get at airports and Eurostar? That doesn't seem to have affected their popularity.
You really are barking, aren't you.
There are at least 100 times the number of people who would require searching for normal train or tube services, compared to airport departures or Eurostar.
As a commuter, would you be prepared to spend an extra 2 hours EVERY day queueing for a security search on your way to work, and on your way home?
The delays and congestion would simply not be manageable, and would also offer a prime target for a suicide bomber...
I'm not a fan of increased generic mass surveillance but to be honest I could accept increased levels of physical searches on or near transportation hubs if it meant less chance of being killed.
I suggest you think very carefully indeed before making statements like that.
Do you really want to see physical searches before you are allowed on a train? Can you imagine the chaos at rush hour if that were implemented? Or the same at the entrance to bus stations and airports?
And whilst you're at it, what about physical searches before you're allowed into a shopping centre, or cinema complex?
Unless you make every country a complete police state, where public gatherings are not allowed, and access to every method of transport is strictly controlled, you will never stop this sort of incident from happening.
And if you do put such draconian measures in place, then the terrorists have won, all the way.
UK government explains "This could be avoided if you let us track every single thing you say or do" in 3 ... 2 ... 1 ...
Joking apart, watching the coverage of these incidents on the BBC I heard one TV anchor ask "If the security services were on high alert, how could this happen".
Sadly, this seems to be something which a lot of people think: that miraculously the police and security services can prevent this sort of attack.
This is simply never going to be the case, despite ever increasing security theatre, you cannot stop a determined person from walking into a public building and either leaving a bomb or committing suicide.
My condolences to all in Belgium.