132 posts • joined 16 Jun 2009
It really would take more than "one malicious teenager" to do this. The level of complexity in Stuxnet is truly awe inspiring.
Maybe learn to read?
The key word is "can", if a 1000:1 outsider comes in and you have all your money on it you will be better off than if you had invested in any low risk investment.
Of course you may loose everything but that is the definition of high risk
Re: Expect google to be hacked next...
Like Operation Aurora you mean? BIYF
Re: Who says crime doesn't pay?
What crime did he commit?
"Now this isn’t necessarily true of every role, and it’s certainly not the case in the big name consultancies. "
It bloody was when you were there!
while doing most of their business
That is exactly what they are doing. Buying and selling beans and building a brand are the most important elements of Starbucks business. They are the elements that incur the biggest risk. The location they perform those tasks are where they pay the tax.
Just because people fail to grasp how a business does business does not mean a company is somehow gaming the system.
Re: Would raising personal taxation work?
But they can move to the most favourable juristiction in the EU. If there were not corporation tax in the UK then this would incentivise them to move to the UK, as that would offer a better return.
Re: Thanks Tim!
But that negates the agility of a small company to adjust to local trends and so out-compete a multinaitonal.
HP and Apple and Microsoft and Google were once all small companies competing with giants such as Rand, IBM and DEC. Mediocre is mediocre.
Of course not
The UK doesn't do these things no. We let the US and their Extreme Rendition partners do it for us.
There is no benefit to being a CISSP unless you are actively looking for an infosec job where the recruitment is being managed by someone with little or no knowelge of infosec.
Re: Blowout != puncture
To puncture is to make a hole in something. The size does not matter. A blowout is a type of puncture.
Somone think of the broadcast domain!
If you collapse these layers you end up with a massive broadcast domain and so you will be smashing your access to core links with ARP packets and the like. A really bad use of those links.
This article is just terrible. Has the guy who wrote it every seen cat 5 cable?
Someone explain why a rise in wireless access increases the number of ports needed?
Multiple wireless devices connect to an access point that covers an area and only uses a single port. Wireless actually reduces the number of ports.
Re: Congratulations! - You're in the final of Cyber Security Challenge
Well they got caught so they cant be that good!
Re: On a slightly different tack
Why would you? The folks doing the guarding would then have to be transported to and from the grounds at a time when public transport is being stretched to the limits, there is no parking at the grounds and you have not been able to hire a coach in London during Olympic fortnight for the last 4 years. Hiring around the East End is the only option, which means you are fishing from a very shallow pool.
For anyone who thinks giving a Russian guy with very low morals when it comes to allocation of funds their username, password and potentially payment info!
Re: The curious thing about all this..
Although thinking about it if I honestly make a false representation I am free. So if I say "I don't think this is true but if it was would you lower the price" I am not committing fraud. So if I make my Libor return and "say we know this is not the correct figure but it is close because by its very nature it is a flawed calculation" is that still fraud.
Re: The curious thing about all this..
Well technically they could have done. But they had to do when they agreed the deal. Caveat Emptor surely?
Why choose to base my deal on something that relies on the honesty and integrity of those who may have a vested interest in manipulating it. It is not right if they do then manipulate it but I can hardly claim that I have no choice in doing the deal.
Re: The curious thing about all this..
I stand corrected
Re: The curious thing about all this..
Isn't the analogy more like when you went to buy a car you said to the sales guy that a competitor was doing it cheaper and so convinced them to drop their sales price a bit. The fact that nobody had offered it to you cheaper is besides the point. It is not fraudulent to say that someone else is doing a better deal than they are.
My employer network has just under 5k people Yammering. We are pretty good a self policing to make sure nothing too sensitive is posted.
I have had clients who wanted to block it and another who has excess of 10k users.
I don't think either have opted to pay for the enhanced features so really not sure that the Freemium model works well enough to validate a $1bn price tag.
Yes because films like "The Accused" are equally objectifying, is it just because of the media that message must be puerile?
If the game is marketed towards adults then I don't see why it should not have a grown up theme like abuse and how that may affect someone's decision making and the horrific effects these events can have. I am sure Cheryl Araujo would be thrilled that her terrible experiences were made into a critically acclaimed and moving film to pander to dateless 15 year olds.
Until I have heard that there is a complete version I will refrain from commenting in such a "someone thing of the children" type way. Even if I fear you may be sadly right in the end.
Re: DNS Flux
You do know that it is possible to use a registrar that is outside your local vicinity right? Also that there are things like credit card fraud so the person of record on the 1000s of domains may not actually be the perpetrator?
It is one of the reasons that RIPA and Patriot act are pretty much useless in this regard.
Pretty simple you programmatically create more almost random strings as domain names and automatically register them as your bot farm switches between them.
You register these domains under false names with less than stellar domain registries and keep the records pointing at a number of servers you have already compromised and can retrieve your information from at leisure. You access them through a string of other proxies and a tor network and hey presto you can go about these things relatively undetected. Especially if some of the hosts are in jurisdictions that don't play nice with western governments when they are investigating.
See here for what other internet randoms say about it: http://en.wikipedia.org/wiki/Fast_flux
Re: Steps required to prevent "cyber attacks"
Soooooo. How do you suggest we monitor or manage these important things? Dedicated Leased Lines?
Re: Turning off servers at 6:30?
I have never understood this attitude. If I want to respond to emails when I am not at work why shouldn't I? I feel like working 20 hours a day who are you to tell me not to?
I would rather be measured on results than the time I work to deliver them. The fact that my employer allows me to work in a way that suits me rather than shoehorning everything into 8hrs from 9-5 means in my mind they are doing something very right.
If others want to work less hard, take holidays and relax that is fine, but they will be left in my wake as I produce more so they had better not complain about that as well. Why should I drop to the lowest common denominator's level of productivity?
Re: Huge attack!
"However, more scary in either case would be that UK2 have links to the Internet through people who don't remove spoofed addresses." That is the Internet isn't it?
How would you know that an address was spoofed? As long as it was not RGC1918 or from an unassigned block it could be legitimate.
Re: Why have rules - we still get Enron, Bank implosions, and more
Utter, utter Bollocks. All SOx is saying firms should do is understand what their business is and have some assurance that the figures they present to the market are accurate.
What has cost a load of money is idiots like you massively inflating the requirements and so allowing charlatans to make a massive amount of money on the FUD surrounding it.
Re: texting while driving
You could but then your glasses would not be syncing up with your car to plot the most advertising efficient I mean fuel efficient way of getting to where you want to go.
Name one form of renewable power generation that, with current technology, can be built and used locally to the point where it can exclude the need for non-renewables?
Also the source of the report is "based on first-hand evidence collected during paid external forensic investigations conducted by Verizon from 2004 to 2011". Companies who think a phone company are best placed to help with a breach are also most likely to be the low hanging fruit a bunch of opportunists like Annonymous would go for.
You cannot correctly extrapolate from this data set to the conclusions without massive assumptions.
I'M ON THE TRAIN... NO IT'S SH1T!
Re: What bollox
No there are two sources. I looked something up on wikipedia and cut and paste it so did my mate. We then checked our aswers against each other and only if they matched do we submit them.
Re: PR Fail
The exact analogy that occured to me.
Re: Re: Is SCADA particularly difficult?
The problem is there is no barrier to entry to becoming an expert on sewage systems, power generation or one of many other SCADA scenarios other than intelligence and motivation to learn. If you are planning on launching a proper nation state vs nation state military action you normally have these both in spades.
The assertion that we only therefore have to care about malicious insiders should be suffix with a coda of “or anyone else able and willing to gain a similar level of knowledge”. Which suddenly increases the threat actors from a few people per site to well funded intelligence agencies with an appetite to launch these types of attack.
So the threat of damage in a cyber war is low apart from the threat of those capable of actually starting a cyber war.
How do you know you have no Trojans?
Is that not the point of a Trojan that you don't know it is there until it is too late? Perhaps you have never connected it to a network or used any sort of disk, is the Mac still in its box?
Re: The rules of hierarchy
you say all that like it is a bad thing
Re: Typical example
You have a better chance doing it with the right COTS stuff properly configured and well managed than you do starting out and doing it all through home brew kit.
If however you mean deploying stuff because it has a shiney brochure and the salesman told me it would make me sure you are probably correct; it will never work.
So what makes you think that when they change it the intruders' software does not just send out the new password?
Not using 2FA for sensitive stuff fail I'll grant you.
A firewall really does not mitigates these threats. If a user's PC is attempting to pass traffic out from the network through the firewall they will nearly always allow the traffic through. I suggest you google Spearphising and rethink your assertion.
Because nothing says long term business like a bricks and mortar electronics retailer?
Simple fact is very few ever actually became a success. That is the nature of start-up business I am afraid.
So how does this whole computing malarkey work if there is no storage involved? Totallly cashless computing at every step of the way, that may take more than 3 months to bash out!
Unless you are more important than I think why on earth would professional hackers interested in IP and commercially sensitive data attack your home PC?
how do you get to 615,000 staff? Perhaps you did not look up from your Daily Mail long enough to read the article properly.
Not saying HMRC is anything less that a shower of absolute toss that could not be replaced by a trained team of monkeys but at least get the maths right when ranting.
The satellites just happened to be there? Not at all caused as part of an experiment going disastrously wrong then.
I was hoping for a stern man in a stove-pipe hat and monocle examining the last government's projects and deciding that they all should be transported.
Unless of course the launch of the cruise missile is broadcast live on CNN then they are observed by at least three people.
The point is of coursehat if people bricked themselves over Tomahawk launches as they do over ICBMs they may well pay more attention to them, for some reason ICBMs seem to capture the imagination more.
Have you ever watched Jeopardy? The point is that Alex gives you the answer and you have to give him the question.
The point is the answer to the question "what is Chicago?" is not "Its largest airport was named for a World War II hero; its second largest, for a World War II battle"
If the jeopardy question was "A city whose largest airport was named for a World War II hero; its second largest, for a World War II battle" then the question might be "What is Chicago?".
- Game Theory The agony and ecstasy of SteamOS: WHERE ARE MY GAMES?
- Intel's Raspberry Pi rival Galileo can now run Windows
- Hello, police, El Reg here. Are we a bunch of terrorists now?
- Microsoft and HTC are M8s again: New One mobe sports WinPhone
- Worstall on Wednesday Wall Street woes: Oh noes, tech titans aren't using bankers