Ignoring the article, whoever took that stock photo should be shot.
There is no way that anyone would have punched through anything with their fist in that position....
158 posts • joined 12 Apr 2010
Ignoring the article, whoever took that stock photo should be shot.
There is no way that anyone would have punched through anything with their fist in that position....
Given that this tool will likely created a reasonably-relevant Tweet which presumably would send me to a compromised page how the hell am I supposed to protect myself against this?
Harden your device - patch, control permissions, lock down apps, go via a proxy/firewall and have an up to date, working, AV.
Dont focus on the short URL threat otherwise you'll just as easily get pwnd by a flash based advert hosted by Yahoo on a legitimate website.
Short URLs are a PR gambit to talk about hacking threats - they arent significantly worse than clicking on any URL to a website you dont know, even sites you do know can have compromised pages.
Ok, I am finding it odd that I (without a facebook or instagram account) am sort of defending social media but:
still I have *never* seen a result which takes me to any of the social sites. Apparently that's how useful they are for my work.
There is more to learning than acting as a memory resource. Social media is a (on the whole) a transitory environment so the key is learning new things. As an example when a brand new problem occurs in System Centre, people will announce and talk about it on social media. This is learning. Then when people fix the problem it will migrate to blog posts (also social media but more old-fashioned now) and tech articles (often on blog engines anyway).
I have YET to see ANYONE on the job who is learning something job related from social media bullshit.
I suspect a lot of this is down to a combination of what your job is and who you follow on [social media platform of choice].
As an example, Twitter is a very good source of information security news around new exploits and what the impact of those exploits are. The key is to not follow social media luvvies but instead follow the people who know what they are talking about. These are global platforms with every type of person talking - you can choose to filter out the idiots, the vapid and the trolls.
I was trying to distinguish the people native to Gibraltar - much as the Welsh are native to Wales - from people living there from other Commonwealth countries like New Zealand.
Ok - thanks but I am still not sure I get the point or question here.
British Citizens can vote, so the 'natives' in Gibraltar can vote in the same way that the Welsh can. Even English people living in Wales get to vote (and they get to vote in Welsh Assembly Elections).
Commonwealth citizens in Gibraltar also get a vote - so presumably do the local Gibraltarians?
What is a local gibraltarian? Do you mean the British citizens born and living in Gibraltar or something else?
It isnt clear but Wikipedia helps: https://en.wikipedia.org/wiki/Bail#By_police_before_charge
"This is deemed to be a release on bail in accordance with sections 3, 3A, 5 and 5A of the Bail Act 1976."
Two factor is different from two step authentication.
If they want a user name & password then some form of memorable information, it is stil single factor authentication.
This is shocking news and my heart goes out to his close friends and family. I am truly saddned to read this and there is nothing I can really add to what everyone else here is saying.
This really is a crap year.
Ok, I am now leaning towards this being more a case of the forums managed here are just drowned in bot registrations.
A quick search for yagjecc826 (as an example) points to lots of password dumps with user names like:
Further checks associate these passwords / usernames with gmail accounts such as:
This strongly points towards the forums being swamped with bazillions of bot-users.
Are they system generated passwords issued to new users and then never changed (or the user accounts were simply fake and never used)?
Are they MD5 collisions?
Of course, to me the dream would be to just have the Windows 7's UI as a Desktop manager on top of a Linux distro and get AD ported to Linux and then we'd never have to see Windows on the server or desktop ever again.
This would just teach you to hate your Linux distro instead of Windows.
This adjustment is a rounding error.
I agree. While the shares are slightly down over a couple of days ago, on a larger timescale its not really noticable.
Using share price to gauge the long term value of a business decisions always seems a bit irrational to me.
Costello claims he didn't get the requests, but under Indiana law, as he didn't respond to the request within 30 days or attend a hearing on the matter, then the legal rule is that he admitted the liabilities and damages by default.
So, hang on. It is possible for a serial litigant to say he sent a request and then 30 days later the victim has legally admitted liabilities?
Do they understand the concept of proof of postage?
There's no two ways about it, personal liability is needed.
The problem here is NHS Chief Execs / "leadership" teams get bonuses and promotions by cutting costs. This means that lower quality staff are hired, training is curtailed and pressure is piled on the few competent workers who remain.
In this environment, breaches are inevitable.
However, when the happen, the PUBLIC as a whole takes the hit, not the people directly. The fine comes out the NHS operating budget while the management continue to get their bonuses.
"When you run a corporate IT infrastructure, the chances are you run Active Directory underpinning a predominantly Windows-based array of servers, desktops and laptops."
I'll fade that bet ... Not a snowball's chance in hell, in fact.
If you took that bet, you'd probably lose as all he says is the "chances are" - not that you "are." This means your experience of a different environment isnt enough to falsify his statement.
The reality, for better or worse, is that the majority of corporate environments will use Active Directory to manage a server farm where most devices have a little windows logo.
We're quite prepared to pay above the normal market rate if we find someone good - but they seem to be very thin on the ground.
If you are paying above market rate and still not getting applicants, then the probability is that there is something else about your company putting applicants off. If this wasnt the case, you'd be poaching skilled workers from other employers.
From what I've seen, the claim that IT skills in [area] are lacking are a bit misleading as the salaries and contractor rates being offered for [most skill areas] are around the same levels as they were in 2008 (allowing for inflation at best).
Using "Cybersecurity" as an example - because this is the big one trumpted as missing skilled workers. In 2009 a good cybersecurity professional would command a salary of £55 - 65k or a contract day rate of around £600pd. CLAS consultants (whatever your opinion of them) were on more - often hitting £800pd.
Fast forward to the end of 2015 and the salary is around £60 - 70k with contractors on around £500pd. CLAS consultants have it worse, having dropped to the prole rates of £400 for a while, they are back around £550ish.
Hardly an example of market forces reacting to a skill shortage.
Skill shortage appears to be short hand for "we dont want to pay very much for this skill so intend to offshore it for pennies and dont really care about the quality of the work."
@Lee D: I would love to know where you work so I could submit some tenders ;-)
Even if the pay isnt great, it seems like the hiring standards and work expectations are low enough for it to be profitable.
"It's a consequence of seeing anyone who does the work as an expense to be outsourced to the cheapest bidder rather than the core of the operation and as a possibility for the next generation of managers. "
I wish I could upvote you more than once for that alone.
Hack VMware, score US$75K. Hack Flash, get much less
To be fair, if you pop Flash in both MS Edge and OSX Safari you get $25k more than escaping the VM.
To be fair, I watched it an thought it looked like Nigel as well............
That's why there are rural communities with no mains gas, or with cess pits.
In my case it is no mains gas, septic tank waste disposal but close enough to the big lights to get 40mpbs broadband dirt cheap.
The problem is exactly as you have described - the obligation to supply may be there but the service providers just set a rate that keeps it out of reach.
On a serious note, why not?
If the attack was fundamentally an SQLi, then yes - it is pretty easy for a 15 year old to manage that (metasploit + YouTube tutorials + Computer + broadband = pwnage).
The reality is that most times a company gets popped, despite all the claims about how sophisticated the attacks are, it really boils down to a bored kid with a good imagination and access to a computer. Nothing more, nothing less.
I have to agree - this is EXACTLY what data protection laws are for.
Only if you mean "personal data" rather than "data."
If you ignore this distinction, then things are going wrong.
I am glad you understood that sentence. It seemed to me that a crucial word or two were missing.
The military doesn't have a pay scale to afford experienced people, who could be making upwards of $100k per year, rather than the pittance that the US pays service members.
So rather than pay its soldiers well, the decision was made to outsource to a more expensive provider?
I've always thought WAFs were little more than a nice front end for Mod Security and it seems that Amazon have just come up with a way to monetise it while simultaneously undercutting most WAF providers.
Get a 2-3TB sata or usb 3.0 disc, and backup all your data there daily.
A reasonable idea as long as A) this is enough and B) you have the time and patience to do this.
A 1TB back up would take around an hour to complete each day and this doesnt include the time required to test the validity etc. If you are a business which pretty much runs on emails, purchase orders and contracts this will probably be enough (especially if you only backup diffs) but if you need to back up any types of content then you might discover 3 TB is insufficient pretty quickly.
I agree it needs to be off-line as if the device is connected at the time the ransomware is running, you can say bye bye to all the backed up data as well.
Clearly, there aren't decent ones in the area.
Apparently not and not just for that howler either.
It seems that a number of small businesses have saved $300 on a NAS and $300 on a bit of tech advice to run their backups..... then are whining that their tightfisted approach to what appears to be a business critical system has cost them $1000.
Shocking approach to IT.
There are quite a few things confusing about this, but then we have to keep in mind that this is KPMG survey so they are skewing it in their own interests.
1) Permanent jobs are not really as much of an indicator of seasonal issues as contractor / temp roles:
That's the finding of a new survey, which revealed that according to a seasonally adjusted index measuring permanent vacancies in the IT sector, demand to fill permanent staffer jobs in the IT market had risen to 64.4 per cent in the dog days of August, up from 62.8 per cent a month earlier.
Permanent roles are long term commitment so if this is true, it isnt really seasonal. Its companies deciding they need more employees for something and will continue to need them for a long time.
2) Contractor jobs are an indicator of seasonal trends:
Meanwhile, demand from Blighty companies to hire temporary techies fell to 58.7 per cent from 59.1 per cent in July.
So in August there was less of a need for a temporary work force to fill gaps.
Seems the headline is a bit assbackwards.
There is a point 3 though.
3) This data is likely to be meaningless. In all likelihood, KPMG searched round the job boards and simply counted the adverts. This means that when (like my current role) it is advertised by 12 different agencies - all with slightly different details - it counts as 12 jobs rather than 1. It also means that some non-existent jobs (posted by unscrupulous or clueless recruiters or hiring companies) get counted when in reality there are none.
The easiest way to tell if demand has outstripped supply is to look at the average salaries and contract rates available. These are still, largely, in line with 2009 figures - and as other posters have said include shopping lists of skills for £35-40k a year.
All of this implies to me, at least, that there isnt enough of a skills shortage for anyone to actually care - it is just a shortage of skilled workers prepared to work for the salary they had when they were unskilled.
It is 2015. 2FA is now commonplace. Surely, admin for a car can be secured this way?
Hard to think how multi-factor authentication would help this sort of attack.
Unless/until appropriate and uncompromisable security protocols are in place.
Now, if you find such a beast, truly great riches will be yours. I am reasonably sure no such thing exists.
If only more CEOs fell on their sword so quickly (or gov't ministers).
The problem is that "falling on his sword" here actually means he will be able to avoid the massive financial pain from the inevitable law suits and other forms of legal action.
Basically he has been able to reap great profits, avoid paying for the security he promised users, scammed gullible men with fake female profiles and jumped ship in time to make it on the life raft.
While I hate the man, I do have to say he has good timing.
Minor issue but you need to add "place finger on finger print reader" to the phone step so it is 4 steps vs 5 (and if the fingerprint reader has fit, as mine is wont to do, then it adds a few more steps where you retry).
Also, if you have multiple cards you want to pay with, how do you select them in Apple Pay? Wouldnt that add an extra step making it the same?
However, on the whole, this is a solution to a non-existent problem for me, so I wont bother. I am sure lots of people think differently and may bother to install it.
The problem for the vendor is that they have to have technology to support the luddites and the trendy fanbois. I have been to a large number of shops who are unable (or unwilling) to support contactless payment of any sort making this a moot problem.
Apparently, Bhalla's never seen people use image manipulation software.
Also it indicates that there are many other stages to attack than just the photo session.
Bhalla says the image like other biometric forms will be converted to a format such that a person's photo is neither stored nor transmitted in its normal construction.
So the "verification" aspect isnt actually a photo comparison in the way human eyes would do it. It is likely that the process involves capturing some key data (ratio of distance between eyes and width of mouth or whatever voodoo they want here) and then hashing it to send back for a verification check.
Not only does it open the door for many more attacks on the mobile device and its transmission signal, but it also seems fraught with false negatives at the checkout point.
Sense - I see non here.
as the saying goes, if you owe the bank £100,000, they own you. If you owe the bank £100,000,000,000 you own the bank.
I think this is over-reaction vs over-reaction. You took offence at the AC's response to a single statement of your post when it wasnt really a criticism of you.
"Ideals aside, though, I don't see a practical problem with a non-databased plastic card scheme, that was not obligatory but offered benefits. Infact, I hold foreign ID which is more or less like this."
This is evidence you both agree. The crucial bit is that it is voluntary/not-obligatory.
This was the fail of the UK ID card scheme. For it to work, it had to be obligatory for all UK citizens to spend money because they are citizens. As described, it would have created an offence of not-carrying the ID card just to make sure there was no doubt about how obligatory it was.
Not sure what the context of Matt Ridley's quote is so there might be some extra data missing but:
Yet not a single bird or mammal that we know of has gone extinct in a tropical rainforest.
Isn't true unless he means within a very specific time frame, which is disingenuous. It also ignores the huge number of endangered species there are within rainforests.
...because I always thought that the fake reviews were the most fun to read.
Some still will be. Amazon isnt really getting rid of fake reviews, it is getting rid of "unhelpful" ones. There are some out there with genuinely hilarious fake reviews which have been marked helpful dozens of times. These will stay.
If Amazon really wants to overhaul, it should limit the reviews to "verified buyers" only - this will reduce the overall number but cut out the marketing shills who post gushing reviews of tat and the angry people who seem to object to things they "bought elsewhere."
I have to question anyone touting the party line that the DPRK was actually responsible for the Sony "hack".
Same here. I am a big fan of Bruce (cant spell his surname though) and I count myself as one of the "followers" who regularly read his blog and buy his books.
However, I am at a loss as to what changed his mind on the Sony hack, other than the fact that the company he now works for (Resilient Systems, once called Co3) does a good line in incident response and the fear of Nasty Norks is better for business than "shit happens and on the interwebz a shit can be a big one."
I hope this isnt true though.....
Sadly, nothing in Sanger's NYT article was new, novel or really worth changing your mind over.
Out of curiousity, what EAL 7 operating systems are there? I cant find any on the common criteria
@dogged - I wish I could upvote you more than once.
"widespread dispersion of LSD and MDMA?"
The will either cause cancer or cure it depending on the random Daily Mail headline generator.
Surely unless this is an account which needs remote access, the broadcast of the PW isnt a problem? If someone breaks in to sit a machine and log in, they've got other security failures to worry about.
And as others have pointed out, the fact it seems to be a shared / generic password means its kind of pointless. So the news here should be "idiots designed IT system" not users posted password.
Unauthorized access to a private URL is prosecutable no matter what you describe it as. Hacking or guessing the URL does not make it legal.
How do you define a private URL? Is that one which is published on the public web but you dont want people to access yet? Or is it something else?
How do you define authorised access to a public website? Is there something I have to sign up to so that I can visit webpages, or just some webpages - and then only after I've visited can I find out?
Other than that, what?
The cause is corruption and graft (and occasionally good old-fashioned incompetence).
I was always brought up with "graft" meaning working hard..... I actually had to google to learn it also meant corruption.
This left me genuinely surprised so thanks for opening my eyes a touch.
"The Met is currently in the process of outsourcing its number of IT staff from 800 down to 100."
Hmmm..... I cant see how this will cause any problems at all...........
" Presumably a regional CT team rather than a specific Lancashire one." - not in the 80s. The regionalisation of the teams came later than that and while GMP may have seconded officers, it was still very much down to force teams until at least the mid 90s, by which time the PIRA threat on the mainland had all but gone.
The price of that ASUS EeeBook X205 is good, I agree.
However, "much better product" is far from the truth. It is painful to use and Win 8.1 crushes the device. You think you have a real laptop but you actually have something so underpowered it makes you want to cry.
If it wasnt for the fact it doesnt perform as well as a Chromebook for "everyday computing tasks", it would be an excellent purchase.
Just to check - cos these are tablets so not directly comparable with a chromebook. I've tried a LINX 7" and it isnt worth £79:
Can you find a windows laptop style device which runs as well as a chromebook (check out the time from power on to doing stuff) for about the same price as a chromebook?
The reason I ask is that the Chromebook replaced all the laptops and desktops in my family as it is significantly easier to use for the tasks people wanted to do - writing emails, letters, websurfing - than the more powerful devices and the form factor is more suitable for this sort of thing than the tablets. (Which remain as the main content "consumption" devices for things like YouTube and Minecraft).
No one in my family - and none of my work colleagues - particularly like the tablet interface for messages much longer than a tweet, so I dont think they would enjoy writing documents on a 7" screen.