690 posts • joined 28 Jan 2016
to be fair both the major parties bareley qualify, as the only reasonfor all this brexit mess was trying to hold the Conservative Party together.
and this lot didnt win, in fact at the last GE no-body won, and Teresa had to make a deal with the uber right wing from NI just to get anything done.
Diane Abbot is a numpty, but so are most of the MPs, there are few exceptions, we need more MPs with some work/life experience outside of politics, but in this country its hard to get into in later life.
The political system in terms of FPP is broken, it leads to a two party system, and both of them are broken, on both sides of the pond.
Re: In other countries
In the UK the corruption is
in large part down to the postal voting system. Non-existant
politics needs more Ron Wydens
If anything vaguley sensible and tech related comes off the hill, you can be sure Mr Wyden wil be involved.
Taxes, Havens and Loopholes
Ok so the tax is a good idea, but the reason that the tax needs to be deployed at all is the UK overseas territories acting as tax havens.
Jersey, Cayman Isles, Bermuda, Gibralter, British Virgin Islands, Anguilla
the rest of them are former Empire nations or micro-nations
Amazon wont get hit
if you look at there accounts, they only made 2% on turnover, google, zuck, Tim and SatNad's lot made nearer 25% on turnover
Opposite land USA
"The Media Institute" "Free Speech America Gala"
are about as acurate as
USA Freedom Act
Foreign Inteligence Surveilance Act
The Protect America Act
Tax Cuts and Jobs Act
Agile and Govenrment
Two words that anyone with any life experience know dont deserve to be in the same sentence
uk.gov dont know what they want from one day to the next, so in order to do your job properly you need to get a propper SoW chiseled in stone or preferably written in blood.
especially when your in the office in slough, and the server is in telecity, and you dont have inteligent hands.....
oooh just had an idea
Crane Ransomware - payup or we drop this load of steel on your head
We asked 100 people to name a backdoored router. You said 'EE's 4GEE HH70'. Our survey says... Top answer!
no longer EE
its not EE its a BT subsidury
Par for the course, BT will sit on their asses until forced to do something
Arline Safty not Privacy
the whole industry is rife with bad security
just look at the SABRE and Amadeus
SQLite creator crucified after code of conduct warns devs to love God, and not kill, commit adultery, steal, curse...
CoC is a PITA
Codes are a right PITA
SQLlite is too Religious, CC is to SJW, Linux is too short (Be excelent to each other)
I'd go with a modified version of Matthew 22 37 and 39
You Shall value stability and security of $project with all your heart soul and mind
You Shall do nothing to others you wouldn't want them to do to you.
Re: Privacy » Location Services » Off ?
Ahh, but the folks in curpertino collect where you have been too, its just kept on your iThinghy (for know anyway)
DoH and DoT cover the confidentiality
DNSSEC covers the Authentication/Non-repudiation
their system is great, just talk to Bank of Bangladesh, some russian ones, chileans, and others that got robbed over swift in the last year ...
There are problems either way ...
The reason SMC wont sue is "The burden of proof is always on the plaintiff" and it is intensley hard to prove a negative as they have said.
Its hard to see the conclusions either way as there is no evidence presented either way.
But an absence of evidence is not evidence of absence
so its basically Bloomberg and its anonymous sources vs SMC, Apple, Amazon and the TLAs
the question is who do you trust more, and who should you trust.
with a story of this magnitude, Bloomberg will have done enough to ensure their Liability is covered, SMC need this to go away fast, so their rep can recover.
IRT the previous quotes about Saudi, its not cash that menas people wont care, its the largest oil reserves in the world ... From vlad&Co its their Natural Gas, and the iranians have a good 3rd on the Oil reserves especially with sanctions, reducuing their output.
Re: Internet Explorer, ...., Internet Explorer
and Edge was supposed to be a ground up new browser, its amazing how many bugs are in both it and ie
Re: Quis auditdiet ipsos Auditores?
IIRC the data was removed from morrisions and uploaded from a personal machine.
IMHO, Morrisons should be liable for not taking due care of the payroll data of its employees.
Auditors should be able to see and verify, but not in any terms remove PII.
If this was under GDPR, regs there would be no case as Both would be liable.
FFS it looks like a pocket calculator
so much for the design, it even has the wedge on the back so you can see the screen when its on the desk
Google may not know whos data or what exactly was accessed, but tehy will damn sure know if anyone used that feature of their API cos $$$$
Magecart - not one group
This code is everywhere
its not just one codeset being exploited its a whole load.
The IOCs on this are never ending
Hey You Wireless vendors!
Where are those WPA3 devices you promised the first time ....
where does 6 come from?
what about WiGig(802.11ad) or Super Wi-Fi(802.11af) or dot11 ah or aj
Re: "there isn’t a lot in it"
local group policy editor is your friend, go mine locked down and configured to not allow most stuff.
Re: Be careful what you wish for
80/20 is FTTC Infintiy 2 rate, so you are not actually getting anything better than a fibre enabled copper line.
in the mean time, the bt site says: "You can get speeds up to 256k with our Broadband Unlimited, and you can get BT TV."
even when you need 2Mbps for BT TV
please stop showing off, untill 100% of the uk has 2Mbps, let alone the 10mbps USO they are proposing, I'm sending BT to coventry.
thats not the worst of it
the whole CNP system is ripe for this sort of attack
no transaction rate limiting, no same origin tracking
specific detail failiure messages .... (wrong card no, wrong cvv, wrong expiry)
The Oldest, cheapest and the best
Re: Total game changer!
just like you get 50% of your prison sentence for good behaviour .....
Ok so this is a new idea, physical security has always been part of Information security, now were in a digital world how is this any different?
So they basically added more sources to a siem and invented a new search taxonomy, exactly what all new SIEM vendors do
Re: Stupidity or cunning?
like the people he was going to appoint which are just air
November 23, 2016
We have many people for every job. I mean no matter what the job is, we have many incredible people. I think, [...] The quality of the people is very good. ... We’re trying very hard to get the best people. Not necessarily people that will be the most politically correct people, because that hasn’t been working. So we have really experts in the field. Some are known and some are not known, but they’re known within their field as being the best. That’s very important to me.
yet still over half of the presidential appointments are lying empty
Sunny Cali goes ballistic, this ransomware is atrocious. Even our IT bill will be something quite ferocious
Super Cali Go ballistic Celtic are atrocious
San Diego port encrypted, IT is Atrocious
Re: "Check one two"
this is only used by those idiots that think they know what they are doing
the one two transition checks the low range, you need to do the two for the hard t and the two three transition to check the high range too, so the "check 1,2" brigade are as clueless as the author!
Re: Oh no.
K-annonymity to the rescue
and the only data being collected is email X has been in breach Y (and Z and A ...)
Re: Classified and commercially sensitive documents?
However the Microsoft Cloud environment has an equivalency decision from the EU, unlike google and post-brexit britain.....
No one got fired for buying Cisco
but noone ever saved money by doing it either. Just another reason not to buy from Switchzilla.
Their kit comes with all sorts of bells and whistles that you dont need, and probably a hardcoded root password (or two) with an auful GUI, if thats how you want to manage it.
Personally, i'd go with one of the other vendors out there, which give you the bell and whistle you need and do what you need at half the price.
Barclays outage is an annomoly, RBS OTOH is situation normal, their system fall over in a light breeze. I worked for a firm that was invited to tender on their new systems, we walked away as it needed re-built from the ground up and they wouldnt pay for it.
Virus screener goes down, Intel patches more chips, Pegasus government spying code spreads across globe
Re: Some of the countries
Nah, between NSA and GCHQ, they will have their own one.
Hmm AT&T first in the world?
Ooredoo, a large mobile network operator in Qatar, launched the first commercial 5G network in the world as of May 2018 in 3.5 GHz band
Content Security Policy
Sureley a CSP would stop this code sliding into their websites?
HTTPS is just not enough
Scott Helme give great advice on this, and even set-up securityheaders.com to check it (along withother websec) and run a service to handle your CSP reports (report-uri.com) (assisted by Troy Hunt)
Quite fankly if your running any sort of secure site and it doesnt Get an A on SSLLabs and an A on Security Headers, your not doing it right
Obv a crab
In the RAF they say a landings ok, if the pilot can get up and walk away,
but in the Fleet Air Arm the chances are grim if the landings piss poor and the pilot cant swim
Re: "I thought the 777 was ETOPS 180?"
A321neo is more economical per seat mile and doesnt need the extra tanks on the westbound now.
i'm prety sure the 320neo could make the trip and is a lot more economical than the 737-9ER
the MAx9 doesnt have the range and the MAX 10 isnt fast enough.
I am fully aware of risk based security, but if as you said this was seen as so small a risk it could be accepted, then their risk manager needs shot as well, cos they let this happen.
As others have said if its core to your system, it should be maintained, and from the details comming out, Equifax was a hive of poor oversight, poor practice and poor security, if this system is core to their monitoring, it should have been reporting on expiring certificates, and someone should have had the job of making sure something was done about it.
I am not saying I'm perfect, but i am pretty sure i know where the holes are and have multiple layers on the important stuff.
I'd like to know
How does a cerificate being expired prevent a security tool from working,
and if this is the case, why wasn't it picked up?
or do their IT team have Alert Fatigue? seeing as all these unpatched uncertificated services will be flinging alerts at them
Re: The Cloud...
Nah I have my own accronym
OPT - Other people's Tin
Linux kernel's Torvalds: 'I am truly sorry' for my 'unprofessional' rants, I need a break to get help
I think you'll find they added some letters
would be the current vernacular, providing they haven't added alphabet since, personally I thought the + was a greedy catch all, but someone wanted the I and A too
Linus has always rulled with an iron fist and to be fair, the critisism is usually waranted, and some on the reciving end have even admitted, bit harsh, but i deserved it.
Oh and since when has linus been bothered with security? He has reserved special places in hell for it on several ocasions.
His two priorities are clean code, that runs, no BS, no fluf.
you think finance IT is under funded, come work in healthcare
we got 1/10th the staff and 1/100th the budget
RE: @cronus Spooknotes speak volumes
As for the Spectre and Meltdown CPU vulnerabilities – which affects a range of CPU architectures, from Intel'x x64 to Arm's Cortex-A families – Ampere's Taylor told us this:
Patches have been installed. As with other Arm-based processors, there are vulnerabilities. For eMAG and all future generations, architectural changes were made and will be made now to address the Arm fix for Spectre and Meltdown.
Wait for deal to be announced
hold referendum with three options:
1.Take deal and GO!
2.Stuff deal and stay!
3.Stuff deal and GO!
the current deal we have with the EU is the best anyone has, if we leave we will have to follow the whole process to come back.
No Disputes with members - That means Gibralter with spain and the Irleland problem need to be sorted before we get back in
Must Join the Euro - try getting that one passed
No Rebate - saves us a good chunk of what we put in
Fix the Surveilence regieme - They hate the 5 EYES and have some other issues too
the problem with comparing US to EU
most EU nations had a former publicy owned telephone company that ran cables to everywhere and has at least one with a Global service obligation. Unfortunatley for them tother side of the pond, this is not the case, and it all comes down to economics, and based on most models, 80% coverage of the US is about economical, the other 20% is going to be costly.
in the Uk this comes down to 95% (due to the size and landsacpe) so the government are (barley) funding the last 5% along with co-ops and collectives, who are paying the national networks for connectivity on a group rate.