114 posts • joined 20 Sep 2010
More evidence you need a defence-in-depth approach to malware today
Governments and criminal organisations are writing malware which is used "sensibly" and thus signature-based antivirus (even supplemented with cloud "knowledge" is being bypassed. Behaviour is the key but the world is becoming more mobile and thus our assets are rarely on our network.
Which is annoying and hard to defend against.
Also I'm becoming unsure if detective controls are sufficient for this type of problem. A network appliance monitoring callbacks will only detect callbacks which pass though it.
To defend against this type of threat, you have to design your entire network to be more resilient against the threat. Is now the time for BYOD to hit the endpoint and we harden the heck out of virtual desktops and applications?
On the bright side, I have lots of work and few budgetary issues as I know my C-level management are now very concerned about IT security and what it means for us as a threat.
So have a smiley, people, in a strange way....!
I'm so happy
My Miles and More has a 5-number PIN foisted upon me. It surely must be more secure than my HH points right now.....
Re: missing the point
I think you're missing the point.
Cross platform without local installation is what MS is offering.
The chance to surf wherever you want no matter what local rights you have on your PC, no matter your skill level and no chance to get hit by a drive-by. I've been thinking about doing this for our users - creating an airgap for the browser. Malware immediately becomes less dangerous.
And I'm a Chrome user.
It's like a house with a burglar alarm
A computer with EMET is going to be harder to attack, just like the house.
Which one would you choose if you were a burglar? (cue the people saying the one with the alarm because there must be something worth stealing :D)
Have a beer everyone, it's Friday :)
This article's about the minority
1. Men can be pigs
2. Not all men are pigs
I'm in IT and don't make lewd comments to anyone. Should I be offended by this article?
Doing encryption right
Well the perps did do encryption right and it's only the fact that they needed infrastructure that they did not manage themselves that this "reverse" engineering can take place. Like all security, it's only as secure as the weakest link.
And so there are 500'000 private keys "available". I bet only a fraction are used....many people have probably formatted, given up or simply moved on.
Ransomware will continue and will become even more sophisticated. Easy money for the bad guys will ensure that.
The Internet of Things is here!
I would have been crying with laughter if I was him. Actually, maybe that's why he got the stern talking to from the manager.....for disturbing his neighbours each time he was moved :D
It's also probably on the NSA list....we should ask Ed....
Kicking and Screaming
That's how the industry needs to be dragged into the 21st century.
Let's look back in time a little.....where DVDs were once released in certain geographical regions even before a movie might hit the theatres elsewhere in the world. Result: region-free DVD players and lots of personally-imported DVDs. It took a few years but finally, it's more of a global playing field.
The Game of Thrones problem is also a good example. Everyone wants it but it's released in a specific place on a specific network...so gets pirated something rotten.
Today's society doesn't want to wait for what they want. If you don't provide people with that, they're now empowered to get what they want right now. So the industry needs to change and meet the expectations and demands of the consumer. And this sort of activity is helping with that shift.
What confuses me is why this bloke is doing this - is he running a "piratebay proxy" (don't Google such things, it may lead to theft!! :D)
Beer. As in free. All beer should also be free....email me some :D
This is what you get when consumer/simple devices meet the Internet
I only have one port open to the Internet on mine....OpenVPN. Even then, you cannot use the admin account for anything on that system and the other services running on it are kept to a minimum (even though they're only available to my Class D network).
But Joe Average finds that too hard and click-click-click too easy. Heck, the NAS will also try to open the ports on the route to provide access directly to the device.
It's like NoScript - the experts are protected but everyone else is SOL....! Synology is not alone here....make something easy for people who can't do something and it'll eventually go wrong.
Sick to an old version.....
2008 seemed like a good year.....
Re: All those steps required?
XP still has around 500 million users. I would expect a good proportion of those would likely fall victim to something like this.
If anyone remembers the joke .exe many years ago which would throw up a dialog box telling you to "Click OK to Continue" - and said box would dart around the screen avoiding your mouse pointer. That for me sums up many people using technology.
Paris - because I'm sure she'd do the same if I tried to *click* on her :D
Re: Well...if one doesn't USE Windows Defender...
We did a comparison of SCEP against our paid AV this year and the conclusion in abstract mention SCEP and a barge pole.
It was inferior in every aspect IIRC.
Re: 99% of all mobile exploits are on Android
Yes, 99% of not a lot is not a lot.
It'll be very interesting, however, to see what happens in the next 2 years.
I am happy with my Nexus 5 but I must say the fact that updates to Android come via Google to OEMs and then get customised by service providers does not help here. iOS at least has a consistent approach to updates (until your still-working device gets orphaned).
What's clear though is that Java sucks monkey balls.
I can only see the lawyers getting money here
This will go on for years.....and even lawyer fees are not going to be the same as the settlement amount.
Funny that Apple folded with the RC4 SSL stuff but goes at this like a rabid Jack Russell terrier.....it's not principle then, right?
Thunderbirds are Go?
I'd say that's modelled on Thunderbird 2. Gerry Anderson would be chuffed!!
ChromeCast + iPlayer + a service to appear in the UK = saviour?
But TB stuff was quality and will be missed :(
Raise a beer to TB, goodbye guys......
What if the 90% let go are the honest ones?
Instead of 1% of the 100% being dodgy, you end up with 100% being dodgy.
Anyone knows security is achieved by educating, motivating and caring for the admins and layering the security to deter, prevent and detect theft. Simply removing 90% of the risk does not eliminate 90% of the risk.
At 16, he can drive......
Child endangerment? But at 16, he's legal to drive? And vote. And die for his country.
But Bulgarian Airbags are forbidden?
Switzerland seems slow....
I get a good 60Mbps from my alleged 100Mbps cable connection. Heck, the main cable provider will give you 2000/200kbps Internet for "free".
I do 500Gb+ traffic per month with no caps. No or little slowdown at any time.
That costs me about £50 - Internet, TV and a phone connection (which I don't use).
I'm having a personal struggle to not upgrade to a 150Mbps package. I have no reason to need it but it's only right to go for the max, right?! :-D
Why do we need to do this?
Seriously, if there is even an ounce of truth, there are some sick, sad people out there. There is nothing more I could suggest.
This is why we went Good
Apple has done some good things with OTA iOS updates but you're still (as posted earlier) confined to running an OS with weaknesses baked into them.
In a way, at least you can guarantee that an iOS device has the same flaws as all of the other ones. Apart from, that is, the ones no longer getting updates.
Your personal data is mostly your problem, we're protecting corporate data in a way we're happy with. And I guess now we'll have to strike off the chance for someone to use an iPhone 3GS as it's orphaned from this week on....
Relax, have a beer. It isn't going to get any better. You're always relying on someone else.
And I'm surprised that this article hasn't managed to get the trolls out, it seems that might have been part of the motivation in writing it....
Shit, your scheme has been blown away.
I also remember the hate for XP and the Teletubbies references. Still, the love came and stayed ;-)
Has WinRT been released...!?
Blimey, suing over something that does not exist yet, excellent.
Anyone touched this crap outside a devkit?
Re: WINKIPEDIA ADS
I'd say the you've been infected. It began the same time you found yourself posting in CAPS :-o
I'd say he is important to what Google brings to Social.
The question is will it be Digg 1.0 or Digg 4.0? I know Kevin was more hands-off towards the end of his time with Digg and mi.lk was well-received but who knows what the future holds.
I spend more time on G+ but would consider short-selling some FB stock....
It's laptops all the way for me
Yes, sometimes there is some compromise to make - but let's look at what I've had recently....
Personal: Dell M1330 XPS - nice design, form factor and only had the mobo replaced once under warranty.....! Copper mod in place, 4 years old and still running. Couple that my HP Touchpad running ICS and I'm good to go anywhere............I do have a pair of Dell Mini 9s that I don't use anymore....!
Work: Lenovo x220. At last Lenovo are delivering top quality again - I'd been through some T61/x61 paths to where I am now and I love the thing - I'd almost get one to replace my XPS but there is something on the horizon.....
Coming soon.....Lenovo IdeaPad Yoga. I just like what it can do - I want to go from 5 hours battery life on the x220 to 10 or more.
Whatever the drawbacks, I want to compute where I want. Cables optional. With 18 hours of commuting every week, I could not be without the x220 for work and the Touchpad for relaxing on the way home.
A beer for the throwback article. I do remember touching a Compaq Portable PC once: http://www.classiccmp.org/dunfield/pc/h/cppc.jpg
why limit territories
I had to friggin' sideload. FFS Google, just flip the switch all the way on....
Dear Media Industry - meet 21st Century
Honestly, I can remember the early days of DVD when I bought a region-free DVD and, over about 6 years, bought 800 DVDs.
Many in the early days were played on my DVD player before they were finished in the movie theatres where I live. Over the years, this improved as I am sure the studios sat up and noticed that regional sales were higher in certain regions (which would ironically also charge less than local markets). I think releases on DVD and BD are actually quite close together now so there is no need to have region-free any more.
The refusal to move to a 21st century model and deliver content quickly and cheaply to people in a manner in which they want to consume it. We are the decision makers, not them. We are saving them money in the long run with fewer factories needed, fewer delivery trucks, fewer overheads......as long as they embrace it not try to fight it. #occupyhollywood
Two more things:
1. If you treat the world as segmented and make your consumer feel 2nd rate, they will use the globalisation of the Internet against you. So.......stop.
2. If piracy gets J-Lo off my TV screen due to those Fiat ads, I'm off to TPB to download everything she's every mad and encourage you to do so too.
I think you've answered my question
which is "Will this lot be bust before 2013 hence the reason for the rush?"
seems a rather large NO.
When will everyone realise that the casual "pirate" is the one this is aimed at - because the other pirates have been doing well since Betamax. Heck, I've only ever seen ET on Betamax pirate tape and would never want to watch it again and destroy that experience!
She looks pretty good for 40
I wonder if she'd fancy a 42-year-old toyboy ;-)
Animals would behave better
How is it that there are more and more incidents like this which feature supposedly intelligent people?
I can be an idiot but you'd never see me do anything like this, drunk or not. The most action you'd see from me during a flight where I was drunk would be to offload fluid in the toilet.
Maybe it's just that I know how to behave and can handle my sherry.
My personal viewpoint is that this should not reflect on RIM no matter what. These people don't need managing or telling how to behave (or they shouldn't) so how can we hold the falling messaging manufacturer responsible? The people are. Period.
Still too expensive
HP Touchpads had to be priced at least 30% cheaper to shift.
But my goodness, it's a milestone that the Playbook could become useful!!
What it fails to state is this
The Swiss market would gladly pay for a modern, flexible system of distribution. It's a multi-cultural society with 3 (4) main languages across the country and many, many foreigners (I'm one of them).
If those providing content moved to a modern distribution system matching what the consumer wants (not what the cable and other companies want) then the 33% would largely begin paying for what they consume. We're talking about getting the latest Dexter episode on the same day around the globe - for something like 99 cents per episode.
I've effectively replaced my DVR with downloaded shows. I'd be happy to not have to download them but stream them and pay as I consume. But, alas, I'm somewhere in the 3rd tier of consumer bands and frankly this means waiting (not acceptable in today's age) and paying lots for one or two things. Hell, I want to build my own channel - it's what I was doing for years with Sky.
I actually rarely watch live TV now. Kids' shows, mainly (no, not for me) and football. And I'm fairly typical of my expat friends and colleagues.
This does not mean that the Swiss law system supports a perceived "theft" but rather tolerates it if the offender is not making money from doing so. If I started burning out DVDs of things I downloaded and sold them, their stance would change. It's not the lawless society some think (looking at posts) nor is it a haven for evil dictators and their billions. For example, September 12th 2001 saw the whole bin Laden family no longer able to bank with Swiss banks - before then, they were fine.....until you're proven guilty of a crime, you're considered innocent.....does that happen anymore in the UK?
I see your point
but let's face it, DVDs were a quality hop from VHS yet, with the speed that the world is changing, are dead. BluRay? Yes, I have 8 discs.
I live in Switzerland and would buy Dexter from last night if they would sell it to me. Nope, not possible - but I am empowered and go get it.
These media firms need to recognise and react - just like the music industry has. Give me what I want when I want it and don't treat me like a 3rd world consumer. Because I am not and I will resolve my own problem.
Plus I'll play what I want on what I want. DRM is bollocks.
Thanks for listening :) And sorry but you need to find a new business because it's not just piracy killing it - it's pricing and distribution models too.
I'm sure someone would have found an anti-trust angle if they had
But, then again, it might be coming with an appstore in Windows 8.....
can't the make it Kinect-friendly?
Double word score if it can get my gestures when using Lotus Notes and IE too!
This should be compulsory for all stories
Do you need international Playmobile variations to support your "collection"? Let me know, I'll email you some :)
This would be like the TSA for the Internet
Bad guys don't play to our rules. So here's what'll happen:
1. The majority of Internet users will be penalised
2. The bad guys will continue to get away with their crimes
3. If it becomes reality, trade in such "IDs" will be great. Stolen or just sold by the "owner"
4. Let's face it, the web of trust in something "simple" like TLS is crumbling. If we can't make HTTPS work perfectly, how in buggary are we going to get hundreds of jurisdictions to mandate the uptake of such a scheme? How would it be protected from abuse?
I know, I know
I'm one of the people telling them No (or at least what they can and can't do).
It's not a big issue
Honestly, it's a consumer device with ease of use first and security some way behind. It's a single user environment so security is never going to be that hot.
The Touchpad issue, in short
You can't charge iPad prices for something that's not an iPad. It is the brand and class leader. Does it do pretty much the same thing? Yes for my use-case - videos, read files and news, surf. Hey, it was $149! I got 4 for the price of one iPad :-)
I like webOS a lot bar the fact that nobody will permit me to buy apps as I'm not in an officially-supplied territory. There's always Preware and some other sources to help, though.
My message to HP is this: spec it right, price it right (i.e. below iPad) and monetise elsewhere too. Mobile usage is going to soar, are you going to miss the boat? Win8 might help you too as you'll not be last to the party anymore with your OS (not that I think webOS is bad at all).
Congratulations to raising awareness
I never knew about this site. So a heartfelt THANK YOU to those wanting to block it.
Am I alone? Doubt it! Oh and there are lots of tunnelling sites on the Internet, ctunnel, vtunnel....and that's beyond what seems to be happening elsewhere.
Fail and move to China?
It's a double-edged sword
If an IP address is personally-identifiable data then getting it to prosecute someone should be difficult (i.e. it must be protected).
If an IP address is not considered personally-identifiable data then it cannot, should not and must not be used to try and identify a person.
Sounds like a win-win to me. I'm off to reboot my cable modem (aka turn it off for a few hours and cross my fingers :D)
I'm so happy
I switched to Samsung for my consumer durables.
A Legend in his Lifetime - and more
Steve was annoying, aloof and obnoxious. He was also clever, charming and revolutionary.
If you take that last word, "revolutionary", we have to say he's repeatedly been that. From the early days forming Apple with Woz to today, he's been an influencer and he's changed the way we computer many times over.
He has been so driven that he threatens the dumbest computer component we all use today - the keyboard. Bravo.
For what it's worth, I have a couple of Apple products but, maybe due to the success of the Apple consumer products, I avoid them. But that's me trying to be an individual and not one of the sheeple (not saying that's wrong, by the way).
We would not be where we are today without Steve. He's been THE influencer of our generation.
I have, in my mind's eye, an image of Steve somewhere....sitting with his iPhone5 thanking the Lord for not having to suffer AT&T coverage anymore...!
RIP, Steve, I raise a beer to you; you will _never_ be forgotten.
If it was MS doing this....
......would the outcome be different?
By default, cookies should not never be supplied to third party sites.
What's the impact of the call to Facebook to get the "Like" button? Surely that makes the Facebook cookie(s - as there are lots of them) first-party. And all bets are off.
A nice way around 3rd party policy, I'd say.
And a user who is not logged in but has the convenient cookies and does not have to type in their password.........they're easily-tracked by the unique identifier as this must exist because......they were once logged in successfully.
I'd err on the side of not trusting the dev. Thank goodness the odd time I use FB is on my Touchpad.
This patent bullshit is bullshit
Rule 1. If you make a patent, you must make the product that uses the thing you patented.
Rule 2. People can have the same idea at the same or different times. Just because you patented having a shit in 1920 doesn't mean I have to pay to go potty in 2011.
Patents are going to kill developments. They simply should not be permitted to be sold without the product being still produced by the purchaser.
Lodsys and the rest of you patent mungers - GFY. I mean......in-app purchases are like the wheel - my 2-year-old could invent the wheel :-p
I should also come clean and admit that I used 3 Facebook profiles last month. None of which are mine.
I tried 4 different ROMs in my first two weeks of Androidness - do each count?
Also, I fully expect RIM to move to a software solution within 6-12 months. If not, they will marginalise themselves.....and there is no security with a corporate-connected single-user device that is not a BlackBerry right now.
Climb aboard or perish, I say.
- Product round-up Coming clean: Ten cordless vacuum cleaners
- Product round-up Too 4K-ing expensive? Five full HD laptops for work and play
- 'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
- Review We have a winner! Fresh Linux Mint 17.1 – hands down the best
- Worstall @ the Weekend BIG FAT Lies: Porky Pies about obesity