Re: Um… Why?
No need to pull out perfectly good ones.
Not as much fun though...
3265 posts • joined 19 May 2010
We also got the advisory on Friday, did the firmware upgrade with no dramas on all our affected routers. My understanding is that the routers were only vulnerable to this exploit if you allowed the external management interface, which by default is disabled, or SSL VPN connections, which again are off by default.
Almost as if there had been a sustained campaign to discredit him by those his organisation exposed isn't it?
Frankly, there doesn't need to be any sort of organised campaign to discredit him, he's doing very well by himself.
I don't recall that he's paid back the poor shmucks who stood bail for him, for instance?
There's no way that vanilla FTP should be exposed to the T'internet anymore, but we use it quite extensively inside our network, as it forms an effective barrier against ransomware and cryptoware - particularly recent variants which traverse SMB connections - so for instance the only access to our backup storage is by FTP, we've turned off NFS and CIFS.
It is still the quickest method of file transfer with the least overhead of any protocol.
You still have the right to retain the details of the sale and the customer details for a set period .
Wrong, you have no rights to any customer details, just purchase time, date and amount.
If you destroyed all records of sale and customer details, how would you handle warranties, returns, recalls etc.
Erm, in exactly the same way as bricks-and-mortar shops do. Unless the purchaser gives you their details for a warranty claim, you have no records except of a sale for an amount on a day and time, no personal info at all.
I presume (wrongly?) that keeping details of a sale/customer remains legal, provided the data is kept safe.
You presume correctly that you're wrong... :)
For a one-off purchase, there is no legal reason to keep details of the customer, and the old practice of requiring that someone set up an account before being able to buy something will no longer be tenable.
Does entering into a contract to develop a website for someone mean they have given you explicit agreement to remember who they are? And to send them invoices in the future for renewal?
If you have an ongoing contract to supply both a website and future updates, then keeping the customer details on file is fine, but you mustn't use that information for any other purpose.
If you'd read my comment three pages back, you would see that the standard Windows edit box does indeed handle Unix-like line endings correctly, but Notepad is NOT a wrapper for that control, and was developed prior to the standard WinAPI controls.
Which makes it even more unbelievable that Microsoft haven't re-written Notepad to be a wrapper for the standard edit control before now.
Yes, and when you use the standard multi-line edit box, the product is called "wordpad". That's what wordpad is: a wrapper around the standard multi-line edit box.
No it isn't, Wordpad is a wrapper around the RichEdit control, which allows rtf formatting and so on. That's a very different beast to the basic multi-line edit box.
And notepad? The backward-compatible utility for Win3.11 users.
What nonsense, Notepad was present in the Windows 1.0 release, in fact it pre-existed Windows, as it started life as a DOS program with mouse support.
I've never quite understood why Notepad has this problem with line endings.
To the best of my recollection, the standard multiline edit box in the WinAPI has always dealt with Unix-like line endings correctly, so whatever they did in Notepad can't have used that control.
I'm sure I remember knocking up a rough-and-ready text editor in Visual C++ back in the nineties, using the standard Edit control, in order to edit conf files without destroying their formatting.
The problem, Pester said, is that the middleware systems were unable to deal with the number of customers that wanted to access the banks systems
And he's trying to use this as an excuse? "Please sir, it wasn't me, the computer did it"
Can he not see that determining the expected load and planning for adequate resources to deal with that load are what his job is supposed to be?
It's like he's claiming that suddenly there were twice the number of customers from what they expected.
It's not like setting up a normal publicly accessible website, where planning for expected visitor numbers is always a bit of a gamble.
In this case, there are a finite number of account holders, so working out the expected load should be easy, even if, because of the downtime, more of their customers were trying to log in to see what had happened to their money...
Turn the BOFH stories into a suitable PDF, add a topical cover picture with the title artfully added via your graphical editor of choice, and send it off to a Print-on-demand shop.
Really!! After reading all the BOFH stories over the years, you really want to risk doing Simon out of his rights as author?
they then didn't bother to do any of the required paperwork
There was NO requirement to do anything, they were Commonwealth citizens. There was no further paperwork to fill out. The landing cards (now destroyed) were all that was required, at the time.
Why don't you go and learn about it, instead of coming out with ill-informed bollocks.
I once saw the aftermath of dropping a full "F" size Medical Oxygen cylinder (4 foot tall and 8 inch diameter).
The valve neck snapped, and it departed through the side of an ambulance, went through two brick walls, and disappeared into the woods at the side of the ambulance station. We never did find it...
Biting the hand that feeds IT © 1998–2019