What would be the point of CEOs falling on government ministers?
1751 posts • joined 26 Nov 2009
As I was reading the article, I thought a word just 'fell out' and was eminently suitable - but not pwnie. I was thinking "shame" as a result of this quote from the piece:
"there's no collective noun for vulnerabilities, for shame"
Given that most vulnerabilities are a result of what should be facepalm moments for the people who let it slip in, a shame of vulnerabilities works for me.
Hmmm... saying that, a facepalm of vulnerabilities... :)
Well spotted - and another facepalm, this time for myself, for not noticing Distribution instead of Delivery!
"A CDN (sometimes called a Content Distribution Network)"
Wow, something that is abbreviated is sometimes called what the abbreviation stands for!
Re: Website Down Too
So I've just discovered - trying to log in on the business banking site to pay a supplier, but it's taking ages to get anywhere, and I can't be sat here all day waiting. I'll just have to try again later. :/
"AAAAAAAAARGH! GOOGLE ARE ALL OVER ME!"
Re: Some exclusive features
"Plus, it will have some other feature that nobody can explain why it is there, and that will span rampant speculation for weeks. In two years, that feature will be either dismissed or become the next Apple gold mine."
You forgot to mention that feature will be hailed at the launch event as something new and magical* that Apple have invented, even though it's been around on other devices for some time.
* I was going to add that it'll be "beautiful" - but marketing morons from every big tech company are calling their shit beautiful these days. Gah!
"I'm telling everyone that anything labelled "IoT" is the devil incarnate."
That's pretty much what I've been trying to do.
Unfortunately, though, I get the distinct impression that every time I tell someone something like that, they walk away thinking I'm a paranoid nutjob who probably has his walls lined with tinfoil.
Re: Domain names
I'm happy to say I haven't seen one of those in a very long time.
However, there is a similar type that I do get - unofficial trademark registry non-invoices (i.e. like the domain ones, really a "request for payment" carefully crafted to look like an invoice so the less careful recipients might pay up). Slightly more pricey than the old domain ones.
That $67/hour will result in your details being removed...
... from their copy of the database.
Re: CAN you REALLY turn off those features?
"I think someone needs to set up a Windows 10 machine, turn off those settings and then analyse every packet sent, to identify it's content, purpose and destination."
According to Ars Technica (final paragraph):
"Finally, it's worth pointing out that these are just the visible config flags; without some packet-level analysis, it's hard to say exactly what data is being sent back to Microsoft, and by which service. As one commenter pointed out, even after they disabled Cortana and turned off a bunch of privacy-related settings, the search box still seemed to be sending keystroke data back to Microsoft."
Re: The things people buy...
"It's probably incurable unfortunately"
I was thinking of connected Christmas Tree decorations. The Internet of Tinsel.
I get what you're saying. What I'm questioning is the validity of your suggestion that because Jobsy put down Flash 'Fandroids' somehow like it.
Speaking as an Android user who has a very strong dislike for Apple (the sort of person you are probably talking about) your suggestion sounds like complete nonsense.
And that's probably because it is nonsense.
What "prolonged the inevitable" (the ditching of Flash) has nothing to do with Android users, and everything to do with big names stupidly insisting on its use, such as the Beeb for iPlayer.
"Fandroids suddenly became pro Flash because "the enemy of my enemy..." which in some way prolonged the inevitable..."
Say what now?
Which therefore leads to the obvious question: Why the hell aren't these sites verifying addresses? It's not difficult to do, and not doing it in this day and age is demonstrating a level of twattery that goes way beyond just being twats and into the realms of being twats*10twat.
"Ashley Madison does not require users to verify their email addressees"
If that's so then I hope they don't bother sending anything to the addresses of people signing up - because signing up with someone else's address would be an obvious way to be an annoying bastard.
And assuming they don't, if the address is neither verified nor used, why do they ask for it in the first place?
"Beam me up, Cornelius"
"Given the number of issues we have with be police departments, I'd like the body came to be like other webcams where anyone can pull up a browser and see what officer joe is doing today."
Well, subject to a few limitations, yes. It would need to be off (or inaccessible to the public) in certain situations - for example, you wouldn't want this sort of conversation happening in Mr Bad Guy's house:
Fred: 'ere, Bob, y'know that copper what was pestering us the other day?
Bob: Yeah, PC Plod. What about 'im? 'e 'ad nuffink on us.
Fred: 'e might of 'ad more 'n we thought.
Bob: Whydya say that?
Fred: I've just logged on to 'is bodycam.
Fred: 'im and a bunch of other coppers are standing just around the corner...
Re: Please remove the link...
"But have you ever tried to do that for query sets containing millions of exclusions - on a search engine that gets millions hits a minute?"
That would be the wrong way to do it. I don't run a mafuckinghoosive search engine, but if I did, I would:
(a) De-index search results from the name at the point the request is made, and
(b) Establish the reason for the de-indexing request, and add that filter into my spidering/indexing algorithm - so that any new pages mentioning the reason don't get linked to the affected party's name in the first place. (This would be much cheaper than filtering at the point of a query).
It's still flawed - particularly from the 'forgotten' information still getting out. If at some point in the future someone wants to write about Blobbo Boggins and his inflatable friend and have the results indexed, they'll just devise a new way to describe the inflatable friend - but it should mitigate the problem you point out.
Re: Do Lamborghini use the same system?
When reading that, an item in the 'related content' caught my eye.
Re: Well, it could have been worse....
Note: I'm deliberately ignoring the part about it being named for sweets ;)
"If I can learn what they do, maybe I can better make people around me understand that THEY SHOULD STOP CLICKING ON BLOODY EVERYTHING."
Good luck with that.
89.4% of people get that made up statistic wrong.
Pardon his French.
"The popularity of ad blockers may really force the ad industry’s hand to change how they go about advertising."
The more likely outcome is that they'll look for a way to get around the ad blockers - and make their adverts even more obtrusive to boot. (Or see Big John's comment at the top for an alternative hypothetical road ahead.)
"I've been getting keyboard marks on my face from the bad habit media has of publishing a cartoon instead of the photo whenever astronomers discover something. As if the photo and an artists impression were in any way equivalent."
What amuses me in this case is that the artist clearly concluded that because the planet is like Jupiter, it would have a red spot.
That is indeed more realistic - but as well as on the product, it should probably be prominently displayed wherever it is sold, including (especially?) through third parties.
Re: Optional @VinceH @Anonymous Coward
Since you were replying to me...
"Too bad you were too cheap to move to Windows 7 or later."
Just for the record, while I do have a machine running XP (for a specific purpose) my main computer - the one on which I am typing this - is running 8.1
"Just HAVE to get your gratuitous digs in on Microsoft,"
Yes, yes I do.
"that company that pretty much launched the careers of the majority of IT people today and to whom you owe most of your income to."
No, no I don't.
"In other words, vendors can't simply abandon users either at the end of the warranty, or at some arbitrary end-of-life date. If a security vulnerability emerges (and the vendor still exists), it should be patched."
That sounds sensible - but, noting that Microsoft is a member of the group, we should consider what the 'T' stands for in IoT.
A computer is a thing - even one running XP.
A spoon-shaped phone
That's a brilliant idea.
Where's the Kickstarter page so I can sign up?
It's a bond - provided they do as they've been told, it would eventually be returned to them and, as such, is not a cost.
Re: Hope, both.
Dagnammit! Those two AC posts are confusing and are going to make my head explode!
"Google has also been tied to the development of facial-recognition tools, an issue that was brought to light by privacy-conscious users when the Chocolate Factory began dabbling in augmented reality back in 2013."
Really? Nobody noticed Picassa's facial recognition feature before then?
"Given its history, particularly when it comes to intercepting the supply chain of routers to plant backdoors, it might be tempting to think that the NSA wants to backdoor IoT devices too. But it's hardly worth the effort on kit that is wide open and insecure in the first place."
John, you aren't being cynical enough.
The NSA's thinking is that at some point, there's a chance that end users will finally wake up and smell the coffee and start insisting that these things be properly secured* - so they're doing this to get in early and ensure that if these things are to be made secure, it's using something in which they've already paid for back doors.
* Granted, it's a slim chance, because most of the general public are more interested in the new shiny being convenient, which decent security can be a hindrance to. However, a slim chance - even an anorexic one - is still a chance.
"Philae didn't land as it was meant to: instead of spiking itself to the comet, the lander bounced and ended up in a spot where it wasn't able to charge its batteries from solar panels.
However, the German Aerospace Center's Manuela Braun has told Agence France-Presse that if Philae landed where it was intended, it would have been cooked back in March or April."
Are we sure the lander wasn't struck by lightning and has become self aware as a result? If so, that landing might have been a deliberate act of self preservation. We should try sending it a message asking if its name is Johnny Five.
"Tinder creates experiences. We create connections that otherwise never would have been made. 8 billion of them to date, in fact."
8 billion connections, compared to around 7 billion people on the planet, nowhere near all of whom are using Tinder (a bloody huge amount of them being kids)
These numbers strongly suggest casual hook-ups and/or affairs - unless Tinder is trying to become a Facebook-alike, where people can 'connect' and stay connected in the Tinderverse without actually getting together.
AAMOI, I wonder what the actual number of active users are - that'll be an interesting comparison with the 8 billion connections.
Unless, of course, the user base isn't just Earth-bound. See icon.
Re: Isnt this?
No - the triffids should be already here, being farmed.
This is where we all go blind and the triffids are able to take advantage.
That might be what's happening - it's just that the shutdown process is a very long one.
I blame Sony.
Re: Ray Bradbury called it...
That'll be because it's one of The Martian Chronicles.
"Does this mean that anyone who makes domains from two or more words, such as "theregister", are likely to suddenly find their domains being blocked?"
No. Darren may not have explained the process in any great detail - but he didn't suggest multiple words; I think you've inferred that from the use of dictionaries etc. It's worth clicking through to the Cisco article and reading that for more detail - and examples of the type of domain names picked up.
Re: The cynic yahoo bashing gets old
Yahoo provide mailing lists. Unfortunately, I subscribe to a couple. I used to subscribe to those (and other) mailing lists using my primary email address - but I've recently switched to a separate POP3 account for mailing lists.
Before making that change, the messages I received from the Yahoo-hosted lists were plain text. Now they're HTML. There doesn't appear to be a way to switch to plain text without having a Yahoo account.
I did have a Yahoo account once - and must have changed the message format way back when. However, I closed the account because Yahoo kept sending occasional marketing emails despite all my preferences saying no. So I don't want to set up another.
So Yahoo are annoying - and deserve a bashing AFAIC.
(And the owners of those mailing lists deserve a good kicking for using Yahoo.)
"The researchers point out that this is a very serious mistake by citing research predicting that fingerprint scanners will exist in about half of all phones sold in 2019."
That doesn't mean that fingerprints will be used in about half of all phones sold in 2019.
I have no intention of ever willingly using a fingerprint scanner in a phone (or anywhere else) for security purposes - not least because if biometric data is used it should be for identification purposes, not security.
Re: detecting fake laughter
"For typed ones, it's just arrogance attempting their truthfulness."
Not only that, but how are they identifying actual expressions of laughter (truthful indications or otherwise) versus ones typed by numpties who seem to think they have to follow every sentence with one?
"I'm off now, I'll chat with you later lol"
"so the chief accounting officer shipped 46million USD out on the basis of an email?"
It's better than that - judging by the use of plurals, it was a number of smaller amounts adding up to 46 million USD.
In other words, the thieves got away with it once, for however much, then thought "Bingo! Let's go for another chunk..." - repeat until $total = 46 million, at which point someone finally thought "Hang on a mo..."
"Your NAS system is fine until someone walks off with the NAS or burns the house down."
I know the person to whom you replied suggested logging into the NAS to see the pictures - but the NAS can be used as a starting point.
The camera drops the pictures onto your NAS, then a piece of software under your control which is monitoring the NAS for new images could upload them to somewhere of YOUR choosing, under YOUR control, and/or email you a notification to say there are new pictures. (This of course means you are responsible for your own security).
In this scenario, neither the camera nor the NAS (and therefore the firmware supplied with them) go anywhere near the internet and - in particular - the camera manufacturer doesn't benefit from that slice of your monthly income (with the future option of changing the protocols and making that camera obsolete, in order to get the occasional larger slice when you are forced to upgrade). And the images still end up offsite.
Everyone wins. Except the camera manufacturer. And the burglar.