Re: With a password of...
You forgot the dictionary word check, and minimum of 16 characters:
6434 posts • joined 10 Jun 2009
You forgot the dictionary word check, and minimum of 16 characters:
If it took you that long, you really need to have your BS detector fixed.
My sensors started going off at the quote from the devs at the end of the third paragraph. The claxons were at maximum with the very next sentence.
Obviously that should have been:
should NOT keep instead of should keep.
4) Training staff not to do dumb things and, more importantly, if they do make a mistake or suspect something odd is happening to get it dealt with immediately and not pretend it never happened.
This is possibly the most important and most difficult thing to accomplish. It's been a while now, but I still recall one receptionist we had. No matter how much we emphasized that she should keep her password on a piece of paper under her keyboard, that was always where you'd find it. "But there's nothing valuable that I have access to" was always her response. She was a nice lady, otherwise very competent at her job, set in her ways, and nearing retirement.
Of course for the rest of us, the insanity of the interactions of security policies forces us to do similar things. Having 15 passwords of varying lengths, different rule sets, and different intervals for changing them pretty much guarantees one of your users will have a sheet of paper with all their passwords written down.
The security team within your IT department cannot standalone...
In all of the places I've worked, the reason the security team stands alone is because they choose to. I understand the reason: they're like sort of like internal investigators for the police, they have to suspect everybody. Still, that doesn't build the teamwork you need for the emergency response. This assumes of course that your security team is actually competent and not merely looking at 6 month old logs then issuing demands like the threat is current.
That CSC feels the need to create such a memo suggests the company knows this incident has the potential to damage its reputation, starting today as the case returns to Australian courts in a few hours, as of the time of writing.
Ignoring for the moment that they are CSC and taking into account only the size of the company and the nature of the accusations, I don't get that feeling at all. Reading the statements carefully, I get the feeling that these are the sorts of statements you get when lawyers are running the world. Even in a much, much smaller company where we were the plainant, the lawyers repeatedly made these sorts of statements. To the point that since we were an all volunteer organization, we told people if it made them more comfortable to answer: "We have been instructed to tell you that all statements regarding this issue must come from our communications staff." If you don't engage in this sort of behavior, a bad statement from someone who knows none of the actual details could:
- provide the actual perpetrators with a get out of jail free card
- result in massive stock price losses which in turn result in shareholder lawsuits
- drag people with no knowledge of actual events into the middle of the lawsuits and counter-suits that will inevitably be filed.
That was contracted out to some outfit located in India, who in turn subcontracted to some Arabs in Germany for the actual installation.
You take the white one with no dust protection for the hand. I want the gray one with the dust protection jacket. You can have the rounded corners, I want the hexagon shape. Oh, and I want the spiffy yellow paint too.
No, for any mission critical machine, you test it the morning of, and probably even the hour before the critical event.
Besides which, there's more to this story. At home I run what is now an ancient quad core PC with Windows 7. It NEVER takes 17 minutes to install updates. Even when there are 12 of them pending. And that's on the shutdown side, not the Configuring after the Shutdown side. I've never seen that take more than 7 minutes, including a reboot in the middle of the Configuring process.
Haven't you ever watched The Mentalist? There's an episode where he fakes being a horse whisperer by claiming Win, Place, and Show at a track race. He did it by buying a ticket for each horse in each position, for the entire race.
Spook agencies do the same thing. They got at least two teams writing contradicting reports/recommendations. Then they just pull the needed report when asked.
Only from your perspective. They need the land line information to gather data on those dangerous TEA Party people now that they can't deny them tax exempt status. Haven't you heard? Those people are more dangerous than any sword wielding jihadist!
Yeah, that's the problem with a windfall of raw resources. You may still need more cash than you've got to fully exploit it. (Which was kind of his point about the way the auction went.) Hopefully it all works out for them. We need more competition in this field.
Sure they have. The hack might not be happening on their servers, but it is their data stream. I'd expect any agency NOT controlled by a government assisting the hackers to take actions to mitigate it even the problem is happening on someone else's routers. With dog + world switching to https, that seems like the logical first step for them to take.
Oh it's worse than that. If you actually KNOW anything about the subject being litigated, you pretty much can't get on the jury. So MEs and EEs wouldn't be able to sit on the jury. A bunch of actors? No problem. But even their tech crews would be suspect.
I much prefer the EE Doc Smith solution in Skylark*:
"We're going faster than the speed of light!" says the scientist superhero.
"Doesn't that violate Einstein's Law of Relativity?" asks the plucky sidekick who is there just to ask such questions.
"Yes, but it's happening so Einstein was wrong. I'll figure it out later." answers the scientist.
*Some liberties may have been taken in transcribing the dialogue of this interaction.
Well, it's difficult to tell really.
_---- things --- difficult -------- you ---- heavy redacting -- --- documents -- ----- your ----- reporter -- trying -- write - story. _--------- when ------- the ----- might ---- interfere ---- his ---- at --- Pub.
I'm pretty sure that while the lawsuit was ineffective from the standpoint of helping Netscape's survival, it was effective in setting them up for more scrutiny and yet more lawsuits, which eventually led to some services and software being kind a sort a competitive. Linux may rule server land, and Apple may rule phone and tablet land, but MS still rules the desktop, and that still includes Office even if it is a version no longer supported by MS.
Yeah, I'd like some of that to change. I think LibreOffice is a decent product and could replace most of the MS suite (except Outlook). But the fact remains that it hasn't.
I'd rather they stick with their motto than some of that sickening fawning I've seen lately.
Then again, I'm of the opinion that it's Cook's money and it nobody should give a damn what he does with it (so long as it isn't illegal).
Bollocks. If you're a government agency there are all kinds of requirements for all kinds of updates and tracking. They KNOW the number of licenses you're running on these agreements. They just don't want to pay for it. I've been in organizations using some form of MS licensing for ages. They make it easy to install whatever you need at the time you need it. BUT at the end of the year you have to true up and pay the piper. One private company I worked for went to the trouble of getting an Adobe Enterprise license (no easy task). At which point the number 2 guy in the org started treating it the same way we did MS Enterprise licenses, which is actually a big no-no. Not sure if they ever got caught.
Go ahead and show me an OSS mail platform that can do everything Exchange does and as well
Yep, even Google, who in theory ought to be able to afford to pay better and more programmers than MS don't have a product that works nearly as well. Not that that stopped our big cheese from moving our agency to GMail. While there are small problems everywhere, the most glaring weakness is in calendar visibility and the free/busy scheduling tools.
Missed that bit. Probably because I decided she was one before I read that far. And I'm not even British.
With that moniker, I'd expect you'd want him to loose the dogs.
To further illustrate some of the problems even if you assume the impossible perfect distribution system, I was reading a part of a Bob Hope biography a while back. The author noted his somewhat troubled childhood which was the result of his father hitting the bottle too hard from time to time. Then came the kicker: his dad didn't hit the bottle when they were having hard times, it was when he was hitting the good times. When he'd fall back on hard times, he'd sober up, move, and work himself into a new good job. At which point he'd hit the bottle again.
Sometimes us humans are an ornery lot.
I myself install Firefox and Opera, at one point I also had Chrome. IE is usually my last choice, but if I had only Firefox and Chrome installed, Chrome would be my secondary browser in deference to FF. That's actually one of the reasons I uninstalled Chrome. It kept showing up in Secunia as unpatched because I pretty much only ran it to update it.
Yes, except the PSI tool itself is supposed to patch vulnerabilities. Yet I find that when I explicitly open the panel, not only does it list the XML hole for which MS Update shows no applicable patch, (and the Secunia supplied link is to a worthless MS page because I still can't find the applicable patch), it also frequently lists a number of programs as "waiting" or "pending" or some other such. As I leave the PC on most of the day and shut it down each night, none of those should be pending (I'm away from the PC for the better part of 12 hours a day).
I still find the tool useful, but I'm not so sure about the validity of their statistics. One other note. I have Cygwin installed because I keep meaning to use it to learn a bit more *nix. I've never seen it, or any of its components show up on the Secunia patch list. On the occasion that I remember to start the process, I do patch it. But it could be 3 or even 6 months between updates. So the failure to show needed updates certainly raises questions.
Was the deal corrupt?
But, as you say in line 2, this is pretty much how most agencies work even when not corrupt.
And, it at least marks the FTC as responsive to some elected branch of government. I find "independent" agencies abhorrent to our Constitution. ALL agencies should be directly accountable to at least ONE elected branch of government. The accountability of elected representatives these days may be tenuous at best, but it's still 100 times stronger than the accountability of an unelected agency.
I wouldn't try that now. You'll wind up with Sussexgate.
As we revealed earlier today...
And therein lies the real heart of many of our political problems these days. Instead of having responsible people in the press, or even just people who bite the hand that feeds them, we have political agents posing as journalists trying to advance their unpublicized political agendas. If some fact relevant to public understanding of an issue is found, if it doesn't advance that specific agenda, we hear NOTHING about it.
Google's cozy relationship with the current administration was there for anyone in the news media to see LONG before they even BECAME the current administration. Google's big men all publicly BRAGGED about how they leveraged their special search sauce to put the current regime in office. But never a word about it. Until YESTERDAY.
The FCC has control of the broadcast spectrum. ISP =/= broadcast. So the first part of your desperate attempt to impose your will without regard to law fails before we get to the nuanced details.
The FCC has no right to regulate interstate trade. The State of Tenessee has enacted a law regulating intrastate trade, which is fully within its purview and has been constructed so as to encourage interstate trade.
What you're missing here is that with regard to the US, Tennessee is to the UK as UK is to the EU, that is, it has significant legal rights as sovereign. In this particular case, the power to regulate interstate trade has been delegated from the sovereign states to ONLY the Congress. The FCC =/= Congress, therefore it's rule is unconstitutional.
On a philosophical basis only:
IF the Chattanooga voters wanted it, and were willing to cover all the costs regardless of the outcome, you might have a point.
HOWEVER, the integration of state and federal money transfers has completely annihilated any chance of that ever happening. Therefore the people of Tennessee have the right to circumscribe what the voters of Chattanooga can do with their money.
On a Constitutional basis, Tennessee is correct and the FCC is wrong. If we had a non-politicized court system, SCOTUS would slap down the FCC so hard it would make El Reg commentard heads explode.
When you start with the wrong assumption, you cannot arrive at a correct conclusion. The FCC does not have the authority to regulate interstate commerce. Period. End of discussion.
No, the pertinent argument here, the one Tennessee will make in court, is that the FCC =/= Congress and therefore has no authority to override the State.
The Big 0? Yeah, he does. Cruz, not so much. He may employ speech writers to snazz up the main speech, but when he fields questions, that's all him. He didn't get to be successful by not knowing what he thinks about issues.
Yeah, I saw him speak about 10 years ago. Knew he was an up and comer.
Nope. They can't actually do that. The economy either needs the 9,000 jobs, in which case they'll migrate even if they aren't with RS or SGLP, or they have to go in which case SGLP can't save them.
Hookers and blow might get you sex, but not a kid. And it's more about the kid than the sex. It's just that given how short the sex is relative to how long it takes to raise a kid, the sex has to be REALLY REALLY great.
Not quite. It is necessary that it being an enduring position. Because every time we've tried to step back from it, you louts have f*cked it up. After you've f*cked it up, we've had to come in with OUR military and clean up YOUR mess at the cost of hundreds of thousands dead with twice or treble that number wounded.
You want us to back off? Prove you're up to the job. Frankly, we don't WANT the job. But nobody else seems capable of doing it.
You shouldn't lie like that. Conservatives everywhere would expect, and in this particular case applaud the Israeli's for taking the alleged action. The Big 0 has made it clear that he will not facilitate the Constitutionally mandated oversight of treaties. So Congress needs to avail itself of whatever means it can to obtain the appropriate information.
Oh, please, please please let the damn fool take your advice.
Such action is about the ONLY thing I can think of that would actually get those lazy bastages off their incompetent butts and impeach, convict, and remove the SoB the way they should have after Fast and Furious, or the IRS scandal, or his incitement to riot in Ferguson, or Benghazi.
Actually, there is no violation of the law for handling classified documents, even if you assume the reports from the liars in the WH are true.
If you assume Israel was spying on the US negotiations, Israel developed the information on their own. No violation of handling the documents. Since Israel controls the classification and disclosure of their intel, it was not illegal for them to reveal the information to anyone they choose, including John Boehner. Assuming Boehner saw the Israeli documents, since they weren't US documents, he didn't mishandle US documents. That's before we get to any sitting legislator being exempt from the law. No, really they are: They shall in all Cases, except Treason, Felony and Breach of the Peace, be privileged from Arrest during their Attendance at the Session of their respective Houses... Yes, there is an exception for felonies, but the courts have held that as the ability of the President to press such charges interferes with the legislative process, all such charges must go through the a committee designated in the appropriate chamber. Given the overview authority Congress has on the Executive Branch, any charges that receiving such documents is tantamount to Treason wouldn't get very far in court.
I wouldn't even say it's "one rule for the US Government as far as The Big 0 is concerned. It's one rule for HIS appointees and a different set for everybody else, especially elected Republicans.
Sorry, I come from the land of Kings. MY opinion always counts.
There are multiple reports that BOTH women had FB posts in which they bragged about the encounters. Until they met each other and changed their stories, at which point they pulled their FB posts. To me that says:
1. Assange had consensual sex with both women.
2. The women enjoyed the sex and initially thought it empowered their feminism.
3. The women later met and talked. At which point they changed their minds about it.
4. They took down their previous FB posts about the encounters.
5. They filed charges.
I don't care what country you live in, you MUST to have a reasonable chance of KNOWING whether or not what you were about to do was legal. Whether or not it was legal CANNOT depend on how someone feels about something weeks or months after the event.
If it were a normal sex assault case, yes. But it isn't normal. This is about TWO high profile feminazis in Sweden taking down a Designate Male Predator.
He's not wrong to fear conviction in Sweden. He is wrong to blame the whole thing on the US. But hey, it worked the first time. And the second. So why not stick with a proven plan?
Depends on the jurisdiction. In fact the whole mess around Clinton came about precisely because of Statue of limitations. Hearsay was printed in a national publication. Paula Jones decided she was defamed. She couldn't sue the publication because of oddities in the US law and the fact that they were quoting someone. She couldn't sue Clinton because the statue of limitations had run out on that part. So instead her lawyers attempted the sexual harassment charge because that one didn't have a statue of limitations.
As a wise man once noted, "The problem with common sense is that it isn't."
so it's not like he can now claim Sweden is this terrifying banana republic, just lining up to export him to Gitmo.
Except, that's exactly what he's been claiming for the last four years.
I don't think his paranoia is entirely unwarranted. I do expect that when he goes to Sweden they're going to convict a non-guilty man of a crime he didn't commit. But none of that has anything to do with whether or not he gets extradited to the US, which is where he continues to successfully redirect the story.
No, because there's probable cause to investigate a crime.
There's nothing in this article that suggests Uber were storing their secret sauce on GitHub (or even that one of their coders* used GitHub), only that part of their secret sauce which is identifiable as secret has been found in a public area of GitHub.
*Because yes, as insane as it sounds I am aware of a coder working on a project downloading a piece of hacking software to install on his local PC because the IT staff protected parts of the network. Yes, he was summarily fired when it was discovered. No he wasn't prosecuted because there were enough f*ckups on the part of the IT staff that he would have been able to mount a defense (how did he get the rights to install the software in the first place?) Given this, I have no trouble imaging a developer using unauthorized resources to perform his work.
If you're car was stolen there, yes, with the caveat that it has to be between the time you parked your car in the lot and the time you noticed it was stolen. The area is public, they've recorded something in that area, and the recordings are material evidence in the commission of a crime.
But the browser is a critical part of the OS! They have the court papers to prove it!
Because even now they can't afford to admit they perjured themselves in the Netscape case.